Zombies
Stories of zombies originated in the African Caribbean spiritual belief system of Voodoo, which told of the people being controlled as laborers by a powerful wizard.

DefCon17.txt

Posted: August 25th, 2009 | Author: Matt | Filed under: Conferences, InfoSec, Travel | Tags: , , | No Comments »

How does one write a decent article about DefCon ? How do you truly convey the madness and all out chaos that is the weekend of DefCon to someone who likely hasn’t been ? I have NO idea. I’m going to attempt this, it’s probably going to fail miserably and you are going to think me mildly insane. I can, however, simplify this for you into one word.

GO!


Yes, it’s that good. If you are in any way interested in security or even networking (an not just the type with Cat5e cables) go. But I’m getting ahead of myself.

Prep

There are a number of differing opinions on the matter. Some people bring a vast array of hardware to play around with in the hardware hacking village, some people bring machines to attempt to spread malware and break into other peoples machines. Heck, some people even brought along a fake ATM machine to skim your banking details from you, but that’s beside the point. What it all boils down to at the end of the day is you are going to be connecting to what is considered to be THE most hostile computer network on the planet. End of story. This is drummed home by the dreaded Wall of Sheep. If you transmit ANYTHING over the DefCon network that isn’t encrypted, your credentials AND host you are connecting to are posted, in real time, to this “wall”. Not fun. That’s not to say someone isn’t going to be messing with your connection even if it is encrypted. Moxie had an awesome talk on how SSL is broken, check it out on the Blackhat Archives here. There were discussions on various forums and mailing lists as to what hardware to take and what precautions to use to ensure that you weren’t “pwned” along the way. I personally setup an EEPC 701 with a hardened copy of Linux and VPN software to connect out. Did I use this ? No. I ended up bringing along my trusty 13″ Macbook simply because I couldn’t afford to be disconnected from the Office 10000Km away. No, I did not connect to the DefCon network…In fact my machine stayed off for the duration of DefCon as there was simply far too much to do that didn’t require a working notebook. We will get to that.

Goons

Before going any further it’s worth mentioning the Goons. These are the guys and girls who attend DefCon and herd the many thousands of hackers around the conference. They have the most unenviable job out there. Not only do they miss all the talks and general shennanigans, but they have to ensure that we GET to see the talks and don’t end up killing ourselves by bungi jumping from the roof. I have no complaints about the Goons. They did an awesome job and while some could complain that they were a bunch of hard-asses, look at it from their perspective. I’d also be pretty gruff and terse if I had to deal with a crowd like that.

So, what’s going on ?

What goes on at DefCon besides the 5 rooms with various talks ? Well you have your choice of the following:

  • Hardware Hacking Village
  • Lock Pick Village
  • CTF Arena
  • Competition Floor / Food area
  • Vendor Area
  • Sky Boxes
  • Big Room with old hardware and Team Fortress 2 Arena
  • Chillout Lounge with DJ’s

So yeah, there’s ALOT to do. I checked out most of it. Got my hands dirty learning to pick locks. Played a little team fortress 2 against people I didn’t know. Attended the micro talks in the Sky boxes, bought “cool stuff” from the vendor area, checked out the teams competing in the Binjitsu CTF event, ate some really expensive food in the food area, took it easy to some great tunes in the chill out lounge and went to the Pauldotcom private party. Yes. I did. It was awesome. The PDC crew are a fantastic bunch. Had beers with Mick, spoke to John Strand about the course I was thinking about taking upon my return, got a t-shirt signed and generally had an awesome evening. The podcasters meetup was the same evening. It was surreal seeing all the guys I listen to on a weekly basis up close. Then getting to shake hands, swap business cards and have a cold beer with them once the recording stopped. Insane.

Talks, what talks ?!

Apparently they have talks at these conferences. Yes, I went to alot of them. But DefCon isn’t just about talks and learning things most people wouldn’t want to know in their life time. It’s about the parties and meeting people. And after 18h00 that’s exactly what happens. The doors open (or close) and there are any number of after hours “events” to go to. Being alone and not knowing anyone “in the loop” I didn’t do much. But hey, I hear there were some scary things going on around the Riviera that weekend :)

No, really, what talks ?

Yeah, the talks were all outstanding. The problem is (as I found out the hard way at Blackhat) there are so many great talks going on at the same time, it’s difficult to see everything. And believe me, you want to see everything.
Stand outs for me included:

But really, to go on and list all the great talks is just silly. There are so many great ones it’s so difficult to pick and choose.

What I found is that you would get 90% through the day and end up either meeting some random person (Johnny Long in my case) and spend the remainder talking “shop”. Someone said to me prior to heading over to Vegas that with the big conferences like Blackhat and DefCon you didn’t get to meet the speakers or anything like that. I don’t know if I lucked out but I spoke to so many of the guys I wanted to chat to. Hell, I even got two seconds with DT himself. I think he may have thought I was a little crazy because it was late on Sunday afternoon when I spoke to him and I may have been a little hopped up on energy drinks and fried chicken.

Wrapping up…

I  could ramble on about this for ages as for me it was the high light of the year. Both DefCon and Blackhat were so amazing, so much fun and at the same time, so humbling, I don’t think I could ever forget the experience in a hurry. To answer many peoples question to me upon returning: yes, go. Go if it’s the last thing you do. You will learn so much, be inspired by what you learn, by the people you meet and by what you get to do yourself. I for one will be doing everything in my power to get back there next year, hopefully with a couple of friends this time.