My Experiences at DEF CON

I went to DEF CON 30 this year, and it was awesome! I had so much fun meeting up with some teammates from IrisSec, attending my teammate’s talk, going to villages, doing challenges, learning new things, picking up merch, and so much more, and of course doing Las Vegas things like going to an art exhibit and eating at awesome restaurants. Let me tell you all about it!

My First DEF CON

DEF CON 30 was my first DEF CON. Although I had originally intended on going to DEF CON a few years prior, I missed out on DEF CON 28 and 29 due to COVID. I’d been planning on going for a long time, and I definitely think I’m going to become a DEF CON regular from here on out. I traveled with my friend ΙΜ and my partner ΑΣ by a combination of both car and plane, and we stayed at the Planet Hollywood Hotel for a total of 4 nights.

We brought burner phones and burner laptops for use at and around the main event. DEF CON weekend is probably the most dangerous weekend in Las Vegas, and although 100% of the people you’ll meet at DEF CON are amazing, kind, and good-hearted folks, it’s the people you don’t see – who are sniffing the air and running exploits – that you want to protect yourself against. It’s not a place where you want to do online banking while you’re waiting in line. Try to use cash instead of card. Don’t type in any passwords that aren’t burners. If you absolutely need to be online, route your traffic through a secure proxy via an encrypted channel. Be prepared. Be paranoid.

Not only should you bring burner devices and watch your OPSEC, but remember to bring your hacking equipment too. You’re going to be at the largest hacking convention in the world – remember to have fun! I brought my network hacking equipment as well as my Flipper Zero, and I’m glad I did. I preloaded my OS with all the hacking tools and libraries I usually use, and they really came in clutch when I sat down to do challenges.

Thursday

The first day of the con for us was Thursday. We left town in the morning and a mutual friend of ours drove us an hour out to the airport, where we caught a rather short flight to Las Vegas. We checked in early at the hotel and got settled. We went to Caesar’s Forum, which admittedly was a bit difficult to find, and got our badges. The badges this year were pretty awesome, and I’ll be making another blog post in the near future about them.

Thursday at DEF CON is pretty calm. Most of the villages are still setting up, so there’s not much to do at the con except get merch if that’s your kind of thing. According to some of my teammates who were at “linecon,” the line was massive and lasted multiple hours. My party arrived mid-day and there was no line but there were still plenty of badges to go around. My opinion: arrive later, skip linecon.

My party linked up with my awesome teammates Yoko Zoko and grey. Yoko helps run IrisSec with me and he’s a really great and helpful guy to have around, and grey is definitely one of the nicest and most pleasant people I’ve ever had the pleasure of meeting. ΙΜ and ΑΣ also really liked my teammates, and we hung out for a bit before going to Guy Fieri’s restaurant for lunch.

Grey, ΙΜ, ΑΣ, and I went to Area15, which could be described as an interesting… mall? Grey and I got some sodas and ΑΣ got some gifts for our friends back at home, and our group checked out some of the “exhibitions” and activities they have at Area15.

We decided against going to a DEF CON party that would be happening, and instead parted that night as ΑΣ wanted to go swimming. The weather that night was interesting; there was dry lightning and luckily we made it back to our hotel before it began to severely rain. Las Vegas flooded that night and the casino in our hotel building flooded as well.

Planet Hollywood only allows Internet access for a maximum of two devices and additional devices would require paying extra fees. They check this using your device’s MAC address. There’s a very simple hack for this, although it requires an additional network card: connect to the network using a device such as a laptop on one interface, and then use the other interface to broadcast an available network that the rest of your devices can connect to. You’re essentially turning your laptop into a wireless access point.

Alternatively if you’re feeling particularly nefarious, you can simply hijack someone else’s Internet access by sniffing traffic and their associated MAC addresses on the air, inferring which ones must be authenticated, and then MAC spoofing. If you capture traffic during the daytime, return to your hotel at night, and get a list of MAC addresses of devices using the network during the day, then just use one of their MAC addresses. Their device is probably offline and the owner is asleep or out partying anyways.

I also noticed that Planet Hollywood Hotel’s physical access control systems for rooms are based on magnetic stripe cards, which leaves them susceptible to magspoofing attacks. Don’t go breaking into other people’s rooms, but it might be fun to try magspoofing to access your own room if you ever stay there.

Friday

Friday was probably one of the best days of the convention. ΑΣ and I did a bunch of physical access stuff at the Physical Security Village and ΑΣ opened up every door there – some with novel solutions! We did a challenge to break out of handcuffs behind our backs in less than 30 seconds, and we both succeeded! I’m very proud of my 14 second time. For completing the challenge, we won free handcuff keys; I appreciate their humor. I taught some others who were impressed by my performance how to escape from handcuffs and it was a pleasant and wholesome set of interactions. That village was honestly so much fun and I truly think it deserves some more attention.

We also went to the Lockpicking Village where we attended a talk about lockpicking. I’ve done lockpicking before but I’m not particularly good at it by any means. We bought a lockpick set for her as well as a set of locks to pick, which would bring us practice, satisfaction, and joy for hours.

We went to the National Cyber League meetup and it was already quiet by the time that we got there; we unfortunately missed the party. It was cool to meet Toby, though. The only time I’d ever seen him was during a Zoom meeting after IrisSec won our second National Cyber League, and Apro and I went on a Zoom call with coaches from other teams to offer our advice on how to operate a successful team. We got some free stickers and shirts, and also had a conversation with a professor from CSU Chico.

We visited the Taco Bell in Vegas which was famous for their alcoholic Baja Blasts. We also got Fat Tuesday afterwards. Unfortunately, alcohol and I don’t mix too well, and I ended up not having that great of a time that night. They tasted delicious, but alcohol is just a hit or miss for me.

Saturday

Saturday was also a great day! We had class in the morning on Windows defense and evasion, although frankly, it was not that great of a class as it was a large classroom and the instructor didn’t have a microphone. We met up with Apro and grey that morning and had class together, and it was great meeting Apro in-person. We left class early.

ΑΣ and I went to the Packet Hacking Village where I did the Wall of Sheep – something that I’ve wanted to do for a long time! We got free shirts and I had some conversations with a few hackers there. I absolutely love the vibe in the Packet Hacking Village. If I could have spent my entire con holed up in there, I would have. We learned how to crimp Ethernet cables at a table there as well and ΑΣ is a natural at it!

One of our teammates, Minh (WhiteHoodHacker), had a talk at DEF CON in Track 2 about how he Rick Rolled his entire school district. We, of course, went to go support him. It was awesome meeting him and his colleagues from UIUC, especially YiFei and Ian. We stayed back a bit and had a conversation with Ian about the hacking scene and culture shifts and team dynamics and whatnot – very great guy to talk to. We also ran into one of our other teammates, Skyler, at the talk. Minh absolutely killed it! His talk was awesome and I’m glad we were able to get front-row seats to listen to him dominate the room!

Grey, ΙΜ, ΑΣ, and I all went to the Hardware Hacking and Soldering Villages where I taught them how to solder. ΑΣ is a natural at soldering and made some professional-looking solder joints, which impressed me as they were her first solder joints ever.

We went to the Hello Kitty Cafe, which was quite an experience. They had some really great drinks and ice cream there, and honestly I think it’s worth a visit just for the aesthetic and experience. It’s really a vibe! We were getting along so well with grey that we asked if he wanted to join us for our fancy dinner reservation that night at Sinatra’s. I’m glad that we get along, because it’s really great talking to him through our team and I’m glad that we finally got to meet in-person.

We had a fancy dinner at Sinatra’s, which we got all gussied up for. The service was amazing, the restaurant was beautiful, and the food was great. I absolutely think it was the fanciest restaurant I’ve ever been in. I do also think that we got particularly exceptional service because we were all dressed up.

Sunday and Monday

On Sunday, DEF CON wraps up. Most of the villages close early or are completely done, although there are a handful that continue going. We stopped by the ICS (Industrial Control Systems) Village and met some folks from the DDS who set up a miniature town with ICS to demonstrate security and vulnerabilities. We also dropped by a variety of other villages, like the Car Hacking Village and Voting Machine Hacking Village.

We went to Area15 and Omega Mart and had an awesome time, took some great photos, and had a lot of fun interacting with the Omega Mart art exhibit. I definitely had a lot of fun with my camera and got to practice a lot of photography on my partner.

We had some great ramen that night at a restaurant I can’t remember the name of. We spent the night packing, and then we caught our flight home the morning after. It took a few days to fully recover from the trip.

DEF CON 30

I think that this will go down as one of the best and most fun experiences I’ve ever had. I’m really glad that I went to DEF CON this year, and my only complaint is that it doesn’t last longer. There’s just so much to do at DEF CON that I want to do all of them, but that’d be physically impossible.

It’s also great to just do normal touristy stuff at Las Vegas. The city has a lot to offer. It is a bit expensive, though, so have a lot of cash ready and remember to treat yourself. Be safe and be paranoid, but have fun.

Happy hacking!