Defcon 32 In My Eyes
It has been over a month since I attended Defcon 32. I have had time to process and reflect on my experience. I wanted to do this much sooner, but, didn't really have time to get around to it; specifically so I wouldn't forget anything. In my defense, I don't think I have forgotten much which is kind of a testiment to my experience.
But, What is it?
Well, what it isn't is Black Hat. It's funny, people tend to have a persception that Black Hat is the "big hacker conference" that happens every year. No, no, that is Defcon. Black Hat is the marketing event people go to prior to Defcon to get information on the different products out there to protect against the potential things you could learn at Defcon. Okay, that's not directly true, but it is painting a picture.
Black Hat is the marketing event. "Come buy this", "This is how our company can protect you against this" and "Come get some free swag" are all common phrases at Black Hat. "Did you figure out or badge?", "Did you check out that village?" and "DON'T FUCK IT UP!" are common phrases at Defcon. Defcon is the educational and dare I say, community or social event around cyber security.
So, tell us about it...
First, a commercial break for some of the other perks of going to Vegas for a conference.
The Community
This is literally the most inclusive community I have ever experience. Just to relate, I have play sports all my life, worked many different jobs, attended various pride events and even volunteered for a number of organizations. I repeat, this is the most inclusive community. It is both clique-y and cult-y in the most positive ways. There are tons of small groups within this larger entity targeting specific interests (the clique-y part) as well as a very distinct following, culture and - dare I say - way of life within the conference (that's the cult-y). It's incredible. All of this, while being completely mindful of the individuals attending the conference. IE. Privacy is a big factor and there is a level of respect to ask to take pictures/videos.
You can go there and approach anyone to start a conversation (at least from my experience). You will find parties and events just from interacting with people. There are traditions and even events that resonate through the years. There are even hacking "celebrities" (I saw Jack Rhysider from Darknet Diaries and John Hammond - Youtube) in attendance taking the roles of judges or hosting parties.
The Sessions
The number of sessions and topics feel endless. You could spend your entire conference experience in one village (a village it basically a topic based section IE. Social Engineering, Ham Radio, AppSec, etc.) if you really wanted to. I decided to just show up and pick things as I found them. This isn't necessarily the best approach, especially because of the limited room in certain sessions and "Linecon" (part of the cult-y piece!).
I was able to attend sessions on the following topics: - Social Engineering - where they do it live, it was super fun. - Introduction to Machine Learning in Quantum Computing - this was right over my head. - An AppSec session on a type of exploit in PDFs - boy, this is going to bother me that I can't remember the name of the exploit. - A hack-along type session on Prototype Pollution - that was great. - Sending temperature information over Ham radio signals - this was informative as I wanted to do a similar project using LoRa - Hacker Jeopardy - more of a must see event.
This doesn't include everything, like the activity stations, social pieces, parties or other type of events. I could have also done way more sessions, however, my focus was just soaking in everything to figure out if this is something I actually enjoy and how do I make the most out of it every year if I do!
The Badge
I honestly feel some people just go for the badges. This year's badge was quite a badge. It coincided with the Raspberry Pi launch of the 2050, intentionally. The badge itself was a custom built 2050 specifically for the conference. You should look up the specs yourself, but, in short, it had two modes, badge mode where you could customize your lights and look fairly unique if you chose and game mode. In game mode, you were literally playing a gameboy game of the conference, exploring, collecting QR codes and even using the game as a map. If was running a custom firmware with a gameboy emulator, so you could literally just play Pokemon instead if you wanted to. Yes, I saw someone do it and Yes, I started a conversation with "Is that Pokemon Yellow?"
Would I Do It Again?
The day we were leaving Vegas, I told my friend, this has become my annual educational conference. One month later, I still feel the exact same way. I have learnt things, had the opportunity to attend some fun parties (Vegas pool parties and Off Strip penthouse parties), made new friends and just have a great time doing what I enjoy. Knowing what I do now, I would plan some activities ahead. I would try and priortise getting to the store and a few of the hardware based sessions. I will also look ahead on the Hacker Tracker App and be more conscious of which are my "Must Do" sessions. I really wish I attended the Cruise Ship hacking simulation (yes, there were many CTFs like that). I still have so much to learn about the conference, events and histories. Things like the Illuminati party, Goons and Black Badges. I also want to get more involved with the community. So much to do, for one weekend of the year. Hope to see you at Defcon 33!