My First DEF CON



I went to DEF CON 23 this year. It was my first time to DEF CON and to Las Vegas. I paid on my own dime and it was not a company sponsored trip. I am sharing my personal experiences, opinions, and reflection on my first DEF CON. Others who will attend their first DEF CON might find some useful tips.

I went by myself, and I arrived a night early and left a night after. Coming in early was nice, but I do not think the extra night at the end was worth it. Most people left right after closing ceremony. There was time to fly home the same night after the ceremony.

There is way too much con to see it all. I split my time pretty evenly between talks and the villages where I learned a lot from other people. I did not catch any sky talks which are supposed to be shorter. There are no recording of those so I am a little sorry I did not go to at least one.

Most of the things I learned though came from finding people with the same interest and having conversations. Just talking will reveal new things you did not know before. Sometimes it is just one little tool that makes your life much easier. I found the best thing to do is take advantage of any idle time where you are not talking to anyone and use it to start talking. Standing in a long line and not talking to the people next to you is a wasted opportunity to learn something useful.

I picked my first lock which was fun and interesting. I had only read about how to do it before. Like everything else though, reading about it does not compare to real experience. I did that at the warl0ck gamez contest, which was a combination of physical security as well as computer challenges. It turns out that contest was worth a black uber badge. Something to keep in mind for the future.

There was no electronic badge this year, that is every other year, but I brought my Arduinos and Raspberry Pi anyway. I never ended up using them though. There was a hardware hacking village but never got around to it. I flashed an Android tablet and used it as a burner without doing anything sensitive on it. I also brought a laptop with my Debian setup.

There was a secure wifi network and an open one. The open one is fair game. I spent some time at the wall of sheep and I even got a t-shirt for putting some folks on the wall. There were tables set up around the wall with ethernet ports. You got a raw tap from the open wifi and you could turn in any username and password you found that was not already on the wall. I saw a CNN reporter asking permission to film the wall along with everyone there and almost everyone said no. The next day, there was another guy trying to film a documentary asking the same thing, and everyone said no again. I wonder how their documentaries turned out.

I actually got a lot of questions about what I was doing at the wall of sheep. I did not mind answering, and it was actually nice to know people were not afraid to admit they were a beginner and ask questions. Some people though just wanted to sit over your shoulder and ask questions about everything and that was just too intrusive. One random guy got right behind me and started taking a video of me and my screen with the flash on and that, well, pissed me off.

Most of the people I saw used Wireshark in Kali and just punched in a filter here and there, poking around by hand. There was one fellow nabbing people using RSA software that had a nice interface. I did not catch the actual name of the software, but it looked non-free and that did not interest me.

I wrote a handful of little programs to do exactly what I wanted, which is why most people were curious. They wanted to know what program I was using. I will turn some of my programs in to libpcap tutorials (C, Python, and Go) so everyone can learn how it works. You do not need to write custom programs to do it though. All you really need to do to find credentials is tcpdump and grep. If you were tapped in to the wall, you could actually simplify the search for IMAP credentials down to this.

tcpdump | grep LOGIN

Like simplifying a complex algebra problem, I think there is something clean about that little command. Granted, that is not the best way to do it, and there are other variables you can(should) add to fine tune, it is good for demonstrating to a beginner. If someone had no experience with it, I would start there, explain what is going on, and expand. That command encapsulates the idea of harvesting credentials on a network.

I learned a lot by asking other people questions while I was there. One program I learned about is called driftnet. It is a great program, but the source code is not the prettiest I have ever seen. It has never seen version 1 and the changelog was last updated in 2002. It also has many bugs and crashes at times. With some love, it could be so much more.

There were three people I got to meet and shake hands with that I respect. First was Adrian Crenshaw the Iron Geek. He runs which is ugly as sin but is good to follow for videos. He has also talked at cons and helped start DerbyCon.

The second person I met was Brian Krebs. His site is Krebs on Security. His face is right on the banner of his website so he was really easy to recognize. I told him I liked his work on the ATM skimmers and he told me to keep my eyes open for some new skimming stuff he had coming from Mexico. It looks like one of those articles landed today.

The last person was Richard Thieme. He is over 70 years old now and has spoken at 20 DEF CONs. I sat in the front row and bought his used books right off of him. I like all his talks and find them inspiring and intriguing. He also has a very interesting history. After the talk he was swarmed by people who wanted to ask more questions or get him to sign books.

Some other interesting talks I went to were about looping a security camera feeds like in the heist movies, hacking unaltered cars remotely, and UPnP hacking.

I heard the badge line was horrible in the past so I got up early. I waited 2 hours in line, but it went quickly because of all the chatting in the line. After they cleared the initial line of early risers, people were telling me they only had to wait 10 minutes for a badge. I am not sure if they ever ran out.

In the basement of the Bally's/Paris there was a Subway, Sbarro, and a Johnny Rocket's Burger place. Those were probably the cheapest places to eat at about $10-15 for a meal. Bring money for stuff at vendor booths. T-shirts typically $25. There are lots of cool gadgets and electronics, including burner laptops for $70 at Unix Surplus table. Some things are significantly overpriced and you can find them online, so keep that in mind before dropping too much cash.

There were parties at the hotel and offsite. There was booze and music. No surprises there. I went to a Friday concert at the top of the hotel and a Saturday party on the bottom level in the pool. I basically spent the whole time within the Bally's and Paris hotel, which was really convenient. The talks even streamed up to the TVs in the bedrooms, so you could catch the early talks with a hangover in bed, and flip between two talks at once without having to wait in line to switch rooms.

Socializing and learning from others is what it is all about. Take advantage of the other conners. Make friends. Keep in contact with people that have the same interests. Do not be afraid to ask questions.

Oh, and it looks like TSA went through my bag, but I can not say that I am surprised.