• About
  • Archive
  • Contact
  • basefarm.com
Basefarm Blog
  • Big Data blog
  • Cloud blog
  • Security blog
  • DevOps blog
  • Menu

What we learned from DEF CON 26

By Hans-Petter Fjeld and Abel De Kat Angelino, Information Security Engineers at Basefarm

Cyber security is increasingly important to companies. We went to DEF CON to see what the hackers were doing.

DEF CON is one of the oldest and largest hacker conventions in the world. Held annually in Las Vegas, Nevada, it is the place to meet security professionals, researchers, government employees, students and every kind of hacker. Here are a few things we took away from DEF CON 26.

1) Why attend DEF CON?

We are a member of many cyber security organizations and attend many such events, but DEF CON has a pure focus on security. Many commerce-driven security events want to sell solutions, while at DEF CON it is all about real-world security and how things are hacked. They have everything you can think of, ranging from cryptographic attacks to hacking cars.

2) What trends were everyone talking about?

Connected devices and the internet of everything was a big topic. Bicycle locks, pacemakers, traffic lights, police body cameras, industrial control systems and voting machines are all connected and vulnerable. Even old technology is at risk: one good example was how someone targeted a fax machine and was able to get into the corporate network.

The attackers keep getting better, and they are currently attacking architectural issues deeper in the core of computers than many specialists have ever experienced, such as speculative execution, BGP internet routing, and SS7 mobile phone routing.

Another hot topic was the people behind the machines. Social engineering remains a major risk.

3) What did we enjoy the most?

We attended many presentations and workshops which could help us broaden our horizons and think about security in different ways. Hacking devices was fascinating, but we focused a lot on application vulnerabilities. It was a good experience to really think about what is going on in the background and what information you are sending when you use an application.

Another interesting topic was ethics. When you work in computer security you get to know flaws. Both the disclosure and the non-disclosure of these might directly impact the health and wellbeing of other people and sadly it is sometimes not obvious how to handle these situations.

4) How can you learn more?

DEF CON has an interesting book list and VulnHub has a list of resources. Look up local hacker spaces. Some are more Maker-oriented than others, but you should be able to find a productive environment with knowledgeable people. Talking to like-minded people and broadening your mental horizon is important. Naked Security publishes the latest information. The Basefarm blog from our SIRT is also a good way to see what is happening and what we are doing.

5) Do you want recommendations on attending DEF CON?

The DEF CON FAQ provides a lot of helpful information, and we also recommend you read their rules of behavior. You can spend the entire time behind a computer, but you will probably get more out of the event by going out and talking to people. You can watch the presentations on video later. Take lots of notes so you don’t forget anything. If you work in information security DEF CON is definitely something you should experience at least once.

Hans-Petter Fjeld and Abel De Kat Angelino, Information Security Engineers at Basefarm

Read more about our work with security here

Contact us for more information

Data Thinking: A guide to success in the digital age

How to become a sovereign data enterprise – step by step.
Download the white paper here!

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on Pinterest
  • Share on Linkedin
  • Share by Mail

Recent Posts

  • Centreon IT monitoring software and Russian Sandworm hackers
  • Microsoft Windows Multiple Security Updates Affecting TCP/IP | CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
  • Don’t get caught in the cold with ransomware
  • CVE-2021-3156 | Heap-Based Buffer Overflow in Sudo
  • SolarWinds Supply Chain Attack to Compromise Victims With SUNBURST Backdoor
Subscribe via RSS

Recent Comments

  • kuncham on Oracle fixes vulnerabilities
  • Oracle Appications on Oracle Patch Update April 2013
  • Anudeep on How to install Logstash on Windows Server 2012 with Kibana in IIS.
  • Kumar on How to install Logstash on Windows Server 2012 with Kibana in IIS.
  • Øyvind Dyrnes on December 2 – Regularly download security updates and “patches”

Archive

  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012
  • 2011
© Copyright - Basefarm Security Blog
  • Facebook
  • Twitter
  • Instagram
  • Mail
Security is Not a One-Person Job An app in a day
Scroll to top