Depiction from B-Sides & DEF CON 32
This year’s B-Sides and DEF CON 32 were my first time ever going to the States and a hacking convention as large as DEF CON. Located in the Las Vegas Convention Center in the scorching heat of 45 degrees Celsius, I was about to experience the biggest hacking convention on the planet. Shout-out to the most awesome employer for giving me the opportunity of a lifetime and sponsoring me this trip!
Day 0 – Las Vegas
Flying in at Harry Reid airport, seeing the canyons, the black glass pyramid The Luxor and The Sphere in the background made it real, I was in Las Vegas! After getting settled in at the hotel on the Strip, @vegar and me decided we wanted to experience new things, things we cannot experience at home. After marveling at Caesar’s Palace’s exterior and interior like most have seen on tv, the grand casino and indoor shopping world. We called Battlefield Vegas to pick us up with a Humvee and take us to their range to get a taste of the well beloved 2nd Amendment, which was the experience of a lifetime. Las Vegas is fun, the people are friendly and when the sun sets its true beauty comes out with all its flashy lights and lobbies filled with casinos.
Day 1 B-Sides
After enriching ourselves with a typical American breakfast, we made our way to The Tuscany to enter B-Sides. A smaller venue which touches up on independent cyber security research without the interference of vendors. Going to conventions also means networking: engaging with other people, their talks, meeting old friends, previous coworkers, previous professors from university. I was surprised to find my old professor @Fabricio_Bortoluzzi was here to give a talk on “Insights on using a Cloud Telescope to observe internet-wide botnet propagation activity”. We finally caught up 2 years after my graduation and discussed his research as well. Most talks are recorded so why would we go all the way to Las Vegas and attend in person? Community, Q&A’s, networking, things that happen outside of a camera recording provide so much value it is worth traveling to the other side of the planet to listen to a cyber security researcher present their research and discuss it.
Day 2 B-sides
After running into the famous YouTube Security Researcher @John_Hammond, we tried ourselves at the lockpicking table where a plethora of locks and lockpicks were available to test our physical penetration testing skills. Sticker culture is real, and a lot of people are willing to trade to fancy up their hacking equipment. Apart from in depth cyber security research, there are also talks about how to get into cyber security. Breaking into the field of cyber security is a daunting task but luckily there is lot of help for those who are brave enough. Celebration and encouragement of diversity in cyber security was great to see. We ended our last day at B-sides with attending a talk from @John-André Bjørkhaug “All your badge are belong to me”, which showed the weaknesses in RFID badges, readers and backend systems.
DEFCON 32
The scale of this event can be daunting for a first timer, we did not register for any workshops beforehand since we had no idea what to expect. After entering the Las Vegas Convention Center, we joined the line to get our badge, which was a piece of hardware containing a yet unreleased Raspberry Pi RP2350 processor. The badge contained a game as well where you could virtually walk around Defcon with a few quests. The badge is open source so you may hack it as you please as part of badge culture. It didn’t take @Vegar long to find the source code online and hack the firmware on it to add a menu selection and new features for the LED’s.
Defcon is larger in scale and besides official Defcon talks which run simultaneously, it also has “villages” dedicated to a certain aspect of cyber security like bug bounty village, @red_team_village, car hacking village, hardware hacking village, @appsec_village and many more. These villages provide workshops, creator talks, Capture The Flag events and above all: free delicious coffee(!). There is a special room called War Stories where different talks from hackers who have been in this field since the dawn of time will talk about their adventures.
Some people might advise you to skip all the talks and get hands-on with workshops and events, but we decided nonetheless, to dedicate our first day to official DefCon talks and get our way around the ~75.000 square meters event. One important aspect of Defcon is that no matter what your skill level or interest is, there is something for you to do there. If you are a n00b and want to learn about hardware hacking, go to the hardware hacking village and ask the volunteers there how to start, they will help you get going.
Got no Hak5 pineapple? Lockpicking set? Wi-Fi sniffer? Want it? Defcon has you covered since you can buy hacking equipment here as well. There is a vendor area, and you can meet your favorite TCM/ Black Hills Security/ TryHackMe and HackTheBox people to have a chat and get your sticker stash filled up.
@chris_dale was present on the Red Team Village CTF to help support his teams and after taking 5th place we were invited by the one and only @barret Darnell of the Red Team Village to get a tour of the grounds and Red Team Village itself, which has no open area to go into, only workshops which require registration. We got a tiny look behind the scenes and a lot of background information on Defcon and the popular Red Team Village, which was an absolute privilege.
Every day at Defcon was a new experience with not only talks and workshops, but also meeting new people. Like B-Sides, Defcon’s magic comes alive by interacting with other people, partaking in the community and joining in on discussions. It made me realize what I was missing out about working in cyber security, tapping into communities and partaking in CTF’s to enrich my knowledge and become a better operator. Even if you are going alone to Defcon they have a “lonely hacker” ground where you can low key join other people who go alone to socialize. If you are overwhelmed by the intensity of 30.000 people, there are also chill rooms where you can recharge your (social) batteries. Every evening at Defcon ends with kickass parties with different themes so one evening we’d see the cyberpunk subculture and the next we’d see pirates.
To summarize this trip, I would advise anyone interested in cyber security to at least experience Defcon once in their lifetime, it is worth the trip and standing in line for. Engage with other people and find new interests, whether n00b or pr0.