Presentation to expose other members of the BlueBolt team to DEFCON, the culture, and what to expect. It's a reflection of what I learned from my first exposure to the event and is HIGHLY Anecdotal.
useful for participating or leading future security audits. • Figure out skills for presenting so that the information that I have can be communicated back to other members of the office. • Find gaps in my current understanding of infosec. • Network with other groups in Infosec • Figure out scenarios for testing, ctf, and red and blue teams.
– Lost • Goons : Staff that work for DEFCON • Casino : Security that work for the Hotel / Casino. • 3-2-1 Rule : 3 hours of sleep, 2 meals, and 1 shower per day. • CTF : Capture the Flag, activity of using various skills to capture or recover data as a competition.
(including White, Gray, and BlackHat) this year it was estimated as 17k hackers. • DEFCON is a cash culture • There are no real names at DEFCON • Paranoia... There really is a spy(hacker) behind every tree.
android phones 6:1 – Everyone hates iPhone – Most android phones – Android phones mostly attached to SDRs • People – Male to Female ratio seems close to 60/40 – Heavy emphasis on edge groups: LGBT, AA, Deaf
/ Board Badges – “Fancy” Badges (this year) • [Insert Audio] • The Badge is a competition that is solved has to be solved as a group, winning could mean scoring an uber badge.
– OPEN – SECURE (?!?!?!?) • DONT CONNECT TO THE DEFCON WIFI • IT IS BEING ACTIVELY HACKED • USING PRACTICES TO KEEP YOU SAFE WILL GET YOU KICKED • THERE ARE 0 DAY ATTACKS THAT ARE LAUNCHED ON BOTH • I TOTALLY CONNECTED TO THE WIFI
& Privacy Village • ICS Village • IoT Village • Lockpick Village • Social Engineering Village • Tamper Evident Village • Wireless Village • Packet Hacking Village
• 9:30 a.m. - I got registered, this year the badge was a “fancy” badge. • Day 0 only had two tracks DEFCON 101, and Track 4. • Introduction to SDR and the Wireless Village • DEFCON 101 : The Panel (Must See for Attendees) • Beyond the Scan: the value proposition of vulnerability assessment • CRASH! • DEFCON Movie Night
– Wassenaar – Uber Badges • Crypto Village – Peerio • CTF • Crypto Village Challenge • Hacker Jeopardy Qualifiers • Chellam – a Wi-Fi IDS/Firewall for Windows (Defeating Pineapples) • LTE Recon and Tracking with RTLS-DR (Good) • I Will Kill You (Hacking issues with Birth and Death) (Scary) • Net Ripper: Smart Traffic Sniffing for Penetration Testers (Technical) • Hooked Browser Meshed Networks with WebRTC and BEEF
– I'm not going to go too far in-depth, because I want to present this material separately • Crypto Village: Antisocial Networking (meh) • Hacking Quantum Cryptography (Good, sciencey) • Abusing XSLT for Practical Attacks (Skip – unless you don't know about IEEE Float) • Let's Encrypt – Minting Free Certificates to the Encrypt the Entire Web (EFF) • NSA Playset
• Lockpick Village • IoT Village. • Hijacking Arbitrary .NET Application Control Flow (we have a problem) • RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID • Closing Ceremony
years better just by exposure to all of these technologies. • DEFCON is really geared at teams. • A LOT about tech and security • I’ve already registered for next year.