Defcon 25.

Aug 01, 2017

Well, I'm finally back from Defcon 25 and writing up my notes while in the throes of con drop before too much of the experience fades from memory.  Suffice it to say that I have opinions about last weekend, which I will attempt to write as concisely as I can.  I don't like being negative about things because my experience is my own, and I much prefer that people have their own experiences and make up their own minds about things.  However, I would be lying if I painted a rosy picture of my attendence of the largest hacker convention on the planet this year.  I did not have a good time, I was not the only one, I learned just about nothing new, and it left me with very few fun (or even good) tales to regale people with.  It also felt like the weekend flew by - three days came and went before I knew it, which is both a little disorienting and not actually a bad thing when looking at the thirty thousand foot view.

After a protracted period of getting ready, most of which involved fighting with trying to get my designated burner phone reactivated after sitting for a year in the box I was finally ready to hit the road.  You can, in fact, purchase functional SIM cards for just about any cellular provider from eBay and buy a pre-paid plan.  Upon arriving in Las Vegas and accepting the 106 degree punch in the face, I hailed a shuttle to my hotel and climbed aboard.  This year, Vlad found us lodgings within easy walking distance of Caesar's Palace, where Defcon had moved to this year.  I hauled my kit upstairs, ordered a pizza, and plopped myself down to read and relax for the first time in a couple of days.

I'd love to tell you how much fun I had at Defcon and give you detailed write-ups of all the talks I went to (taken from copious handwritten notes, of course), but I didn't make it to a single talk, and was able to visit only one village (the Biohacking Village) twice.  Mind you, this was after waiting in line for roughly two hours and not getting into the talks I'd originally come to see.  Not that the talks I wound up seeing weren't interesting, they were, but they weren't what I was trying to attend.  In addition, the Biohacking Village (that I know of) and other village rooms (that I only heard about and thus cannot confirm firsthand) have made a practice of flushing the room (throwing everybody out) to prevent camping, so as to keep the lines moving and thus making sure that most everybody in line gets into something.  The lines for just about every talk I saw were around the corner, sometimes two corners, and most of the way down the hallways.  I didn't bother trying to get into the talks in the main tracks.  Unsurprisingly, go ahead and laugh, I kept getting lost in the labyrinthine hallways of Caesar's Palace.  Possibly much to your surprise, many people who actually have a sense of direction kept getting lost there, too.  Some of the maps posted on the corners and at the infobooths gave incorrect directions to various locations.  Many of the Goons I spoke to didn't know where things were, either.  I don't blame them for it at all; a few admitted to me that they had no idea where anything was, either, so I don't feel alone in my frustration.  I can't speak to how well organized Defcon was this year because I'm not in a position to know what was going on.  What I do know is that Caesar's Palace is very difficult to navigate, and if I'd known how hard it would be I would have gone up a couple of days early specifically to sneak around and learn where everything was ahead of time.

'twas the week before DefCon.

Jul 16, 2017

UPDATE - 20170902 - Typos, finding emergency exits.

So, after many years I've decided that it's my turn to write a first-timer's guide to Defcon.  There are many like it, so I'll try to be as frank as I can about the topic.  I'm going to try to write for people who've never been to Defcon before (but may have been to other hacker cons).  I'm not going to lie or joke around (which some of the guides tend to do) and give as much personal advice as I can.  I'm also going to try to not sound like your parents, because nobody likes to read stuff like that.

It's been said that it is a common thing for people to write about their OPSEC protocols for Defcon that they don't use any other time, with the implication that they aren't serious about their security or privacy any other time and are sitting ducks any other time.  I would politely like to point out that not everybody has the same threat model: Defcon has one of the most hostile network environments on the planet, one which is not often found anywhere else.  It is erroneous to assume that people who only talk about how they prepare for Defcon do not take the same kinds of precautions at any other time.  What those people do may not be your business or anyone else's at any other time.

To that end, here are some of the security protocols that I use at Defcon, and happen to use at other times while I'm traveling, as well as some friendly advice to folks new to Defcon.