This year, my colleague Jens and I were given the opportunity to visit Defcon 20 (https://www.defcon.org/html/defcon-20/dc-20-index.html) in Las Vegas. It was my first time visiting the US, so I was obviously very excited about it!
We started off around noon on Wednesday, and after having a transfer at Heathrow, London, we arrived to Las Vegas at 7 PM on the same Wednesday (due to Las Vegas being 9 hours earlier compared to Sweden).
Inside the terminal, the AC made it seem almost chilly at times, but once you went out to the taxi queue, you were greeted by a 45 degrees heat wave. The first thing that came to mind when going towards the hotel was how extremely big everything was, even compared to cities such as Shanghai. Once checked in at the hotel, I quickly drifted off to sleep as I had forced myself to stay awake on the plane in order to avoid as much jet lag as possible.
Thursday morning, around 40 degrees outside at 8 AM when we made our way to the convention. Felt quite lucky in the cab when I saw actually walking the trek towards the convention in the blistering heat. When we arrived, we noticed that the queue started outside, not so good. The queue moved forward though, so we assumed we’d be able to pay the entrence fee once we got roof over our heads. Bad assumption. Once inside, the queue went on for about 2,5 hours more, and that’s when we were there 30 minutes prior to the desks opening. Lesson learned for next time.
Once we had paid the entrance fee, we were given the badges for the 20th Defcon, and they were mighty impressive. Rather than having a normal badge (which is never the case for Defcon, but still), you were given a badge containing a multi-core processor, IR transmitter, LEDs, usb-mini port, PS2/VGA ports that can be soldered on and open source software that contained a good variety of competitions for those who wanted to play around with cryptos. Certain badges could also ”infect” other badges, making the LEDs blink differently if you came in contact with them.
The amount of text you could write about these badges are probably enough to fill a book, but I suggest you check out the following resources for more information about the badges:
Next in line was getting some food, and there was a nice ”chill out zone” where you could buy hot and cold food, drinks, breakfast and other vital things for your every day life.
Having refuled, we decided to get some swag to bring home. This turned out to be another 2 hour long queue to the single only shop they had for official merchendise. Eventually I ended up getting two t-shirts as a memory.
Later on we got into the first conference, which was the starting ceremony where everyone was welcomed to the 20th Defcon!
Since it was the registration day, we managed to get out earlier than usual, and used the time for a trip to the Grand Canyon, which has been one of my most wanted locations to see for quite a while. Due to the large time contraints, we had to take a helicopter ride, which in itself was quite an adventure!
Once back, we decided to do some sightseeing in the area next to the hotel.
First ”real” day of the conference! I started off with some talks about the badge and the history of Defcon to get some further ideas about how things had progressed. I found it very interesting and that it had a lot of ”unofficial information” about how things had been, even though I have wanted to go to Defcon for a long time and read a lot about it throughout the years. There was also the talk with General Keith B. Alexander (US Cybercom director and NSA Director) which proved well interesting to hear, as he talked about how important it is to secure the country as a whole from outside attacks. The talk after that was called ”Owning One to Rule Them All”, where the talker went through Microsoft SCCM and how it was possible to compromise it and make it send a payload decided by you to all clients that’s connected to it (which means by adding your trojan or whatever you’d be able to very quickly infect an entire network of computers).
Also, as you walked around, you noticed more and more competitions around the place. On the floor, there were multiple puzzles and crypto challanges, and others could be found on posters etc.
During the evening we went out to have another look at the surrounding area, and ended up eating at a place, called Johnny Rockets, that had amazing burgers. We also went to check out the opening ceremony of the Olympics!
Today was a mix of talks concerning the future of the net and what limitations should or should not be in place, how government agencies operate, and how attacks on our infrastructure are being done. The more ”practical” talks were regarding botnets and how they are being operated through webpages or irc servers, and various ways of how DDoS are being done on companies and how it can be mitigated.
Today I also walked around a bit on the other parts of the convention! For example, I visited the CTF area where teams are competing against each other for securing their own servers in order to prevent other teams to compromise their running services, but they are also supposed to take over other teams servers in order to gain points. There was also the wall of sheep area, where traffic that had been sniffed on the network (non-SSL-traffic) were posted on a a big screen for shame and for others to see.
The vendor area on the other hand was a place of business where people gathered up to buy and sell various merchandise, ranging from t-shirts to satellite transmitters. It was also a book signing area with people such as Bruce Schneider, and an area where you could view things as actual Enigma machines.
There was also the hardware hacking area, an area where you could learn how to create robots, learn how to solder, learn how to make your badge do things it couldn’t when you got it, and a lot of other things.
Afterwards we went out for some sightseeing and visited the Venitian as well as Treasure Island!
Sunday was the last day of the conference, and it contained a variety of talks ranging from new generation port scanners, metasploit examples, how easily certain Huawei routers can be hacked, and Kevin Poulsen talking about his previous experience as well as his book. It was also the closing ceremony with all the contestants getting their prices, with some getting the all-mighty black badge that gives you a life-time free entrence fee to Defcon.
As we hadn’t have time to eat much other than sandwiches or the quick burrito, we decided to hit the buffet at the Bellagio for our last conference evening. The queue took quite a while to process, but it was well worth it with a lot of really great food. Also took a quick stroll down the south of the strip.
Monday was the last day in Las Vegas, as we were supposed to leave for Stockholm again at 8.45 PM. For once, we decided to take a long morning rather than getting up at 7.30 AM, so we met up at 11.00 for checking out and having something to eat. Once that had been sorted, we decided to take a stroll down through all the Casinos south of Bally’s to see what each of them offered. We ended up visiting each one, and also went into the Aquarium of Mandalyn Bay to see some sharks. Once at the airport, we found out that the plane was 3 hours delayed. That in turn, meant we missed our connecting flight in Heathrow which meant we got home after 00:00, which kind of made the next work day feel ”so so” considering the time difference etc. All in all I’d definitely rate this convention the best one I’ve been at! Some of the talks were not very interesting at all, while some were very very good. The two I liked the most were: ”Black Ops” and ”How to Hack All the Transport Networks of a Country”.
You can find the full schedule here: https://www.defcon.org/html/defcon-20/dc-20-schedule.html
The main thing I feel I gained though was ”getting back to basics” rather than being so emerged in the commercial aspect of the IT industry. The experience gave me a lot of reminders about why I started loving computers in the first place!