DEFCON 2019

August 16, 2019 3 Comments

I am certainly no expert when it comes to DEFCON, I mean this was only my second year at the infamous #HackerSummerCamp. For those of you who don’t know, DEFCON is one of the largest hacker conferences in the United States. It is held in Vegas every August, and you’d think this time of year might scare people off - NOPE! This year was its 27th year, taking place between Planet Hollywood, Bally’s, and the Flamingo. Basically (and no offense) it’s a lot of really nerdy people (last I heard, roughly 30 thousand) hanging out for a while in Sin City. There are a couple other cyber conferences happening throughout the week - namely Black Hat (for the C level types), and BSides (good luck getting in to the one in Vegas). Basically, Black Hat is a little more tame and with more vendor babes, and BSides is more organic but really limited on tickets. Both are really great opportunities, I went to Black Hat last year and took a really great training on Active Defense for Red and Blue Teams.

So DEFCON… why go? Well, have you ever been to nerdy summer camp? The badges are made from circuit boards (!!), and change every year. I’ve yet to dive deep into the badges, so I am the last person you should talk to about them, but a lot of people make a really big deal about “tapping” their badges with other folks throughout the con. Depending on what you’re there for (speaker, vendor, village, black badge, goon, etc.) you get a different badge color. You have talks upon talks upon talks. Literally anything you could think of, you could find a talk on - side channel cryptanalysis, encryption, magic, social engineering, etc. There’s a book you get when you register that details a lot of stuff throughout the weekend, plus an app to download if you’re brave enough that contains all the official talks and events for the weekend. Plus there’s Twitter. I’m not personally a Twitter user, but I re-downloaded it for DEFCON, and might actually stick with it because there was a lot of really great information shared on that silly platform.

Let me touch on black badges really quick, because I think it’s a really cool idea. DEFCON hosts quite a few different contests and capture the flags - from Blue Team, to Red Team, to Social Engineering, you name it. If you win that contest, you get a black badge, which means you get into DEFCON free of charge for the rest of your life. It’s not about the money, but those bragging rights seem pretty darn cool.

Lol. Whitney won the Social Engineering CTF black badge last year (2018).

So what did I see and do? I got to site fairly early Thursday morning, but after the initial rush, and thankfully didn’t have to wait in line for my badge. I had already scoped out some of the villages and events, and I knew most things weren’t actually starting up until Friday morning other than the Social Engineering (SE) village. After some wandering through Planet Hollywood and Bally’s to start figuring out where everything was, I decided to head up to the SE Village to watch some of the capture the flag exercises. Most of these don’t allow photos or recordings, but basically it’s folks who have spent months doing open source intelligence gathering (OSINT), then get to sit in a soundproof little box and call their targets to see what kind of information they can get. One rule is that they aren’t allowed to actually talk to anyone during their research. From there, they had Robin Dreeke on, a former FBI behavioral specialist, and author of the Code of Trust to talk about relationship building and communication in regards to social engineering. This could be a whole separate article if anyone is interested. He stood around outside talking to people for a good hour and a half after his talk, I meant to ask him to grab a coffee at Hyperion, a Fredericksburg staple, but it totally slipped my mind. That’s what Twitter is for, right? One of his sage pieces of wisdom to remember is that all people want are “sex, drugs, rock and roll, chocolate, and non-judgmental validation”. From there, you’re set.

@rdreeke – “all people want are sex, drugs, rock and roll, chocolate, and non-judgmental validation.”

@rdreeke – “all people want are sex, drugs, rock and roll, chocolate, and non-judgmental validation.”

The rest of the time was spent exploring villages. Lock picking tables were full every time I tried, which just gives me motivation to sit and do lock picking while I’m watching movies (hah, like I actually have time to watch movies). Spent some time in the car hacking village, watched a Tesla get blown up, and got to do a stint in a Hellcat simulator. Let me just say, I wish I had a 5 car garage so I could set up a driving simulator like this one. That’s an awesome hacking job.

And how could I be a Rogue and not stop at the Rogue’s Village?! Saw some pick-pocketing techniques, and how to apply them with a social engineering mindset. They did a talk on verbal stenography, which is just as it sounds - talking in code. While interesting in theory, it’s nothing new, but now has a sexy new name for code.

This is Francesca. Good luck picking her pockets.

Next to Rogue’s village was the lock bypass village. How do you break into something without the typical lock picking tools we’ve become so accustomed to, or without the human element to simply let you in through the front door?

It really is summer camp for cyber kids. One of the biggest downsides with DEFCON is that’s there’s almost too much going on. A lot of people complain about the lines (it is kind of ridiculous), about the amount of people, about the sun in Vegas (in summer…), whatever. All valid. My complaint, and this isn’t actually a complaint, is there are just so many cool things to do. Want to learn how to solder and make your own badge? There’s a village for that. Drones? Yep. Cloud? Yep. They even have a separate track of talks called Skytalks which are no photos, no video, no nothing. All off the record from some of the top people in the field. Want a USB cable that charges a phone and pushes out an exploit while it's at it? Want tutorials from expert locksmiths on how to pick locks? Want to practice your red teaming skills? Want to learn how to hack a car? DEFCON quite literally has something for everyone, even if you’re not super techy.

And while it’s not necessarily recommended (it is Vegas), if you have kids that are interested in this world, you can absolutely bring them. The Social Engineering village has contests just for kids and teenagers, which was really cool to see.

Oh yeah, and you can get cool little toys like this (check back later for more information).

If you know what you want, you can make DEFCON exactly what you want. My suggestion, and something I haven’t done myself in the past two years, is to just focus on one or two areas and dive deep into those. I spent too much time wandering around from village to village, and to be fair - that’s how my brain works. I just want to learn and do it all, but I’m sure there’s a better way to do it.

So there’s your thirty-thousand foot overview of DEFCON. I’m going to keep going back as long as work will let me, and maybe next time I’ll be able to play a little more instead of watching from the sidelines. Happy to answer any questions that might come up, I’m trying to be on Twitter more since it seems like that’s where the world still lives (what? I know) - @A11Ynb02

3 Responses

Michael Raymond

October 11, 2024

I want to share my experience about how I got My Wife Back. After three years of a broken marriage, My Wife left me with our two kids. We were constantly quarreling and struggling, which ultimately led to a serious breakup. My wife packed her things and moved away. Despite this, I was determined to reunite with her. But I was told by a reliable source, a very close co-worker, that Dr Kachi is a very dedicated, gifted and talented person, Then I met Dr. Kachi, a remarkable spell caster, who assured me that my wife would return within 24 hours after he prepared a love spell. I’m thrilled to say that Dr. Kachi kept his word! My Wife came back home, fell to her knees, and begged for my forgiveness. Today, our family is back together, and we are happy, healthy, and living together again. Dr. Kachi made my dreams come true by helping us reunite. If you need his assistance, divorce issues in your relationship you can contact him Text or Call at +1 (209) 893-8075, or visit his website at https://drkachispellcaster.wixsite.com/my-site Email him at drkachispellcast@gmail.com

MICHEAL HAZEMAN

June 17, 2024

IT WAS A LONG YEAR 2023 for us FIGHTING INTERNET FRAUDSTER to get beck your Stolen Fund.
It was a big massive success in helping you guys recover and retrieved your lost fund or Cryptocurrency back to you, for some of you that we couldnt help out we are sorry we couldnt, the issue was that they have been use to purchase goods or items in a renounce company that accept Crypto as a form of payment. In that case we can not Retrieved it from their.
HOW LONG DOES IT TAKE TO RECOVER A STOLEN BITCOIN FROM A SCAMMERS?
2024 We are back on it.
We promise to do better than our previous year, we give Solution to every problem concerning INTERNET and guide you right to a positive fund Recovery etc.

Easy answer. How long it takes your Cryptocurrency to be recovered depend on you.
The fact is that they are a lot of fake binary investment companies platforms, same a lot fake recovery companies and agents too.
CAUTION
1). Make sure you asked one or two questions concerning the service and how they render there recovery services

Contact our best Guru. COINSRECOVERYWORLDWIDE@GMAIL.COM

2) Do not give out your scammed details to any agent or hacker when you know you are not yet ready to recover your stolen fund, be on the safe side.

3) do not make any payment when you are not sure of the service. Have it in mind that no Recovery that is free cost, stop allowing yourself to get scammed again by this fake agent.

(4) We discovered that all what they are after is to get hold of your scammed detail, then bring them to us for possible recovery, because they can afford the service charge.

5) As long you are with your scamming details you can recovered your fund back anytime any day.
Contact our best Guru. COINSRECOVERYWORLDWIDE@GMAIL.COM
telegram -— crypcoinss

Kerron Terry

June 22, 2023

TRACE AND RECOVER YOUR LOST CRYPTO THROUGH ULTIMATE HACKER JERRY.

Learn more;Web www.ultimateshackjerry.com

Last year I stumbled across a cryptocurrency platform Advertisement online and I felt compelled to watch them since I had little knowledge of how profitable cryptocurrency is. I was immediately intrigued by it and decided to invest with the investment firm., on my first trial, I deposited $113,000 to the platform.My profit had accumulated so quickly after 48hrs that I became more interested and decided to add $215,100 to my initial investment.on attaining my profit target I requested for withdrawals. This company then began asking for more funds to activate my withdrawals.This made me suspicious, so I decided to consult a Crypto Expert. I came across Ultimate Hacker Jerry who advised me that I had been scammed but was also an Expert in Crypto Recovery Services. This expert Ultimate Hacker Jerry was able to recover all my Crypto a total of $328,100.I must recommend this erpert to any Scam victim that has been defrauded and have your Crypto recovered back by Ultimate Hacker Jerry.

CONTACT;Mail Ultimatehackerjerry@seznam. cz \
Whatsapp +1(520)282-7151.