Getting the Most Out of DEF CON (by Ed Skoudis)

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • the_hutchthe_hutch Banned Posts: 827
    Good read, thanks!!! The biggest thing that I want from an employer when I separate from the military in October, is a company that will send me to conventions like DEFCON, BLACKHAT, etc...

    My strategy for looking for jobs was to go to DEFCON's website and send resumes to all of their top sponsors, lol.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    A few things Ed didn't mention about Defcon:

    Swag: There is lots of stuff to buy in the vendor room. Computer books, old computer equipment, Tee shirts, electronic gadgets, and really decent first-timer's lockpick sets for $20. Lots of other things too.

    Parking: Lots of free parking in back of the Rio. If there's no room in the parking structure, the Rio also has plenty of parking lots in the Las Vegas sun, so bring sunshades for your car. Park next to the HACKBUS if you can.

    Food: Don't eat at the over-priced hotel restaurants, where just a hamburger, fries, and drink will cost you US$13 (yes, at the Burger King in the Rio's casino). Ask where the inexpensive, all-you-can-eat buffets are and stuff yourself for one good meal a day. The lunchtime buffet at the Gold Coast (next to the Rio) is a great example.

    Alcohol: Available in the Defcon lounge and is highly encouraged (by the alcohol vendors).

    The Parties: ARE LOUD!! I've only ever been to three Defcon parties; hotel security was called to disband each of them. In afterthought, the Bourbon was excellent.

    The badge line: There was a time when I could roll into Las Vegas at 8AM on the Thursday of Defcon, get in the badge line, and have my badge around my neck in about 15-20 minutes. These days are no more. At 8AM Thursday of Defcon 20 there must have been 5000 people in line ahead of me (no kidding) and it took nearly 2.5 hours to fork over my $200 cash. Aren't hackers suppose to be late sleepers?

    Walking to the Strip: Forget about it. When Defcon was at the Riviera, you could walk through the casino and right on to the Las Vegas Strip and then to anywhere you wanted. To get to the strip from the Rio you will need to take your car, a bus or taxi, or be prepared to walk a long way on very busy Flamingo Road.

    Females: There are more human females at Defcon now than there ever have been. That being said, the male-to-female ratio is still extremely high, so your chances of hooking up with something that has both two X chromsomes and doesn't want to see cash up front is very slim. Bring your own female and be the envy of every I-live-in-my-parent's-basement dweller at the con. This is especially true if you are female. (Cosplay is not discouraged.)

    And yes, don't miss the closing ceremony, but also don't miss the Meet the Feds panel. Lots of info and humor from people that work at the NSA, CIA, FBI, DHS, NASA, US Cyber Command, etc. You can view presentations from past Defcons on YouTube or at the Defcon Media Archives Portal. Bring your resume and become a Fed!
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Also beware of the attendants who don't maintain a hygiene status that people generally take for granted. Pay attention to the Wall of Sheep to ensure you or your device doesn't end up on it (unless that's what you're going for). Go in with an open mind and return home with an overflowing amount of caffeinated knowledge.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    And more...

    The Crowds: The crush of people in the Rio will be unbelievable and unbearable at times--especially from Friday afternoon through Saturday night. There will be around 12,000+ in attendance, and it all seems like they show up at the same time. Make sure that you leave from your current talk early to (slowly) push your way to your next talk before there's no seating left.

    The Lines: There are line everywhere and for everything, not just for getting your badge. For the popular talks, the lines start forming an hour or two before the talk begins. This means you will miss seeing some talks you want to see to get into the talks you really want to see because you need to stand in line for them. icon_mad.gif

    Being Sneaky: Sometime people will try to beat the lines by attending a talk prior to the talk they really want to see, and just staying in their seat (or grabbing a better one) after the talk ends. However, the "Goons" may try to empty the previous audience from a room before the next talk's audience (who has been standing line for 1-2 hours) enters. This room clearing has always resulted in a negative response from the Defcon attendees, so I hope we don't see it again.

    Backpacks: Be prepared to be constantly bludgeoned by the backpacks worn by random, unwashed Defcon attendees while you are standing in lines and pushing your way through the crowds. Idiots... icon_mad.gificon_mad.gif

    Wearing Black: Black is the clothing color of choice among the community that attends Defcon. I find this surprising, as this is also a community that prides itself on being non-conformist. This is why I always wear bright, Hawaiian shirts to Defcon, to represent the true, hacking non-conformists--and to possibly be mistakenly-outed as a Fed. (It hasn't happened yet; it must be my beard.)
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    JDMurray wrote: »
    For the popular talks, the lines start forming an hour or two before the talk begins. This means you will miss seeing some talks you want to see to get into the talks you really want to see because you need to stand in line for them.

    This is why I booked a room at the Rio this year. For talks that I can't get into (or would rather not deal with the swarm of people), I'll just watch the closed-circuit feed ... assuming there are no audio/video problems. While not as exciting as being in the talk with other participants, it's nice to be able to actually see the talk.

    Another tidbit - there are lots of talks going on simultaneously and inevitably you'll have to choose between a few that you really want to check out. When you get your attendee badge and conference program, start picking out your schedule. At DEF CON, there's a very high chance that some talks will get re-shuffled at the last minute for whatever reason.

    Commit the layout / location of the various Rio convention center rooms to memory early on so you won't have to go on an adventure hunt after each talk to figure out where you need to go.

    http://www.smartervegas.com/images/resortmaps/237.jpg

    Be prepared for great topics that are occasionally presented by a speaker with bad presentation skills. Many extremely-smart, technically-inclined individuals aren't necessarily very good at public speaking.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • chrisonechrisone Senior Member Member Posts: 2,006 ■■■■■■■■■□
    Awesome! Thanks for the tips fellas! I plan on going this year! It will be my first :)
    Certs: CISSP, OSCP, CRTP, eCPPT, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), eLearnSecurity: WAPTv3 (in-progress), eLearnSecurity: IHRP (completed), BlackHills InfoSec: Breaching the Cloud
    Certs: VHL: Advanced+ (completed), OSCP (completed), SLAE32, OSCE, AZ-500 (in-progress), MS-500, eLearnSecurity: eWPT, eLearnSecurity: eCIR (in-progress)
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    Last year at Defcon 20, a documentary was being videoed on what Defcon is and how it came to be. (The director, Jason Scott, ran over my foot with his Segway in the vendor room. He said I was the second person that he's done that to. icon_lol.gif) The doc is due to be released free to the community after Defcon 21 and will probably be pre-screened there.

    DEFCON: The Documentary, Film Covers 20 Years of the World’s Largest Hacking Convention

    www.youtube.com/watch?v=DLtzkwug_m0
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Okay, that is pretty cool! Thanks for sharing, JD. I can't believe I'm finding out about this now..
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • JockVSJockJockVSJock Member Posts: 1,118
    I remember when I went to DefCon (2002-2004) at the Alexis Park. If you had to stand in line and couldn't get in or bear the Vegas summer heat, you could go back to the room and watch the presentation from the comfort of your room and drink a bunch of beer/Red Bull.

    I didn't think the Rio had this setup?

    docrice wrote: »
    This is why I booked a room at the Rio this year. For talks that I can't get into (or would rather not deal with the swarm of people), I'll just watch the closed-circuit feed ... assuming there are no audio/video problems. While not as exciting as being in the talk with other participants, it's nice to be able to actually see the talk.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • JockVSJockJockVSJock Member Posts: 1,118
    When it was held at Alexis Park, females were pretty rare. Most of the ones showing up, were groupies? Sounds hard to believe, however that was the case.

    Also when I was there in 2004, there was a random group of unaware British female tourists who were staying at the Alexis Park, and were unaware of what was happening there. Needless to say, alot of socially retarded geeks were just staring them down and making them very uncomfortable.
    JDMurray wrote: »

    Females: There are more human females at Defcon now than there ever have been. That being said, the male-to-female ratio is still extremely high, so your chances of hooking up with something that has both two X chromsomes and doesn't want to see cash up front is very slim. Bring your own female and be the envy of every I-live-in-my-parent's-basement dweller at the con. This is especially true if you are female. (Cosplay is not discouraged.)

    And yes, don't miss the closing ceremony, but also don't miss the Meet the Feds panel. Lots of info and humor from people that work at the NSA, CIA, FBI, DHS, NASA, US Cyber Command, etc. You can view presentations from past Defcons on YouTube or at the Defcon Media Archives Portal. Bring your resume and become a Fed!
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • JockVSJockJockVSJock Member Posts: 1,118
    What is the inside scoop on the Hacker Jeopardy?

    A few friends of mine tried to volunteer in advance to play and were told they were going to be picked for it. However at the last second, it got changed and some folks from the audience were 'randomly' called up and played.

    Later we learned that they were friends of Dark Tangent and I basically believe that those running DefCon basically pick their friends to play Hacker Jeopardy.

    Which leads me to my next point.

    Back in 2009, I had an idea for a social engineering presentation based on some interactions that I've done. I got an article published on a well known website and got a bunch of great feedback on it. A friend of mine had the idea to submit it as a DefCon talk, so I went ahead and submitted a MS Powerpoint version of it, well in advance.

    I waited and waited for a go/no go response and a few days before DefCon, I got an email saying it was rejected and there was no real reason as to why. I've sat thru a few presentations at DefCon that you could tell where prepared the night before their presentation. So I often wonder what is the criteria when it comes to picking talks for DefCon.

    Also, I've always had a hard time making professional connections there. I try to seek out other infosec professionals, however the only people that I seem to talk to are the ones that are really high/drunk.


    And finally, I need to invest in like a shortwave radio, because it seems when DefCon is in town, there are a ton of pirate radio stations that setup and blast techno music or Greatful Dead. Pretty cool.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • EngRobEngRob Member Posts: 247 ■■■□□□□□□□
    Thanks JD, got to check that movie out also. Hoping to get to my first one next year, although from what others have said i'm concerned I may stand out from a lack of bad hygiene....hmmmm
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    Oh, I'll fit right in with my lack of hygiene. Get ready, folks!

    Jking. I'm excited for this Defcon and seeing whoever shows up.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    I'm changing your handle to "Iristheskunk" right now...
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    At last, my handle has been changed! I can't wait to stand close to you at Defcon, JD
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    UPDATE:

    Use the Rio's side entrance on Valley View rather than the front entrance, which can become clogged in/outbound with taxis and confused tourists. The parking garage in the back seems to have plenty of parking if you get there early enough.

    The lunch buffet at the Gold Coast is now $9.72 in total. Stuff yourself for one good meal at noon and save the rest of your money for drinking starting after 5PM.

    I completely forgot that the girls serving drinks the in the Rio's casinos wear black, bikini/neglige outfits. *AHEM!* icon_eek.gif
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    If you go in through the front entrance and take the road to the right with the signs marked "convention center" instead of the main entrance, you can go ahead and bypass that traffic as well as park 50 feet from the conference doors (bypassing the whole walk through a Smokey casino)
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    Just realize that at the end of the day there will be a crush of car attempting to exit the parking lot through the front, and it's not a fun line to be caught in, so you might try the Valley View Blvd exit instead.
  • JockVSJockJockVSJock Member Posts: 1,118
    Found a guy who submitted a lot of great talks to DefCon over the years and they were rejected for whatever reason.

    So he submitted gag talk and it got accepted.

    The Art of Trolling

    DEFCON 19: The Art of Trolling (w speaker) - YouTube
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
Sign In or Register to comment.