DEFCON 31

I want to express my sincere gratitude to my company for generously sponsoring my participation in DEFCON 31. My experience at the event was truly remarkable, and right from the outset, I felt an immediate sense of belonging. The atmosphere was incredibly welcoming, catering to a diverse crowd of hackers, computer enthusiasts, and everyone in between. The rapid passage of time was astonishing, with each day encompassing an average of 11 miles of walking, leaving my legs progressively wearied.

If you have the opportunity, I wholeheartedly endorse attending DEFCON. Allow me to share some valuable insights for those considering future visits. First and foremost, I implore you to take the plunge and embark on this adventure. I assure you that you won't regret it. Admittedly, the lines can be lengthy, and effective planning is essential to make the most of your time. However, it's important to note that even with meticulous planning, there's simply not enough time to explore all that DEFCON has to offer.

As you prepare for the event, make sure to equip yourself with essentials such as water bottles, a Software Defined Radio, Raspberry Pi, Alfa card, laptop, and any other tools you may need for testing or seeking assistance. The various villages offer captivating Capture the Flag (CTF) challenges, spanning from packet analysis to deauthorization attacks on wireless networks. Immersing yourself in the CTFs can make time fly, so I recommend using the Hacker Tracker app to set reminders for seminars of interest.

Day 0 of DEFCON is often humorously dubbed "LINECON," characterized by extensive waits. To make the most of this time, consider carrying a video game or a book to help pass the hours, or engage in networking conversations with fellow attendees who share your cybersecurity interests. If possible, pre-register for your badge to avoid long lines, a step that some attendees seemed unaware of. Personally, badge collection took a mere 5 minutes, excluding a minor mix-up with the location.

After securing your badge, take the opportunity to familiarize yourself with the event layout. The DEFCON venues, including Caesar's Forum, the Flamingo, and LINQ, each house a range of villages. Mastering the navigation between these areas can significantly reduce your time spent in waiting lines.

Day 0 boasts an array of events, including the "Toxic BBQ," a delightful potluck that serves as an excellent platform for networking and exchanging insights with seasoned DEFCON veterans. The barbecue offers a variety of delectable options, from burgers and hotdogs to pulled pork and vegetarian dishes. Arriving early is advisable, as securing a table and engaging in meaningful conversations is highly sought after.

Now, let's delve into the seminars, classes, and CTFs that enriched my DEFCON experience. The first seminar I attended was delivered by Miana Ella Windall (X: @NiamhAstra) and was titled "Designing RFID Implants - How flipping the bird opens doors for me." Miana's engaging presentation unveiled the world of RFID implants, a form of biohacking where she holds an impressive array of 26 implants. Despite lacking an Electrical Engineering background, she expertly dissected RFID technology and terminology.

Miana's talk raised thought-provoking points, including the stigma attached to such implants. She drew parallels between them and medical implants, shedding light on societal attitudes. Notably, she outlined the challenges she encountered, from calculating resonate frequencies to implanting the devices. Her successful experiment involving an RFID-enabled door entry using a middle finger gesture garnered some well-deserved laughter.

Another seminar I attended, presented by Tracy Mosley (X: hackerpinup), provided an insightful journey through the evolution of cellular networks. Tracy adeptly highlighted vulnerabilities across different generations, including GSM, GPRS, UMTS, 4G, LTE, and 5G. Her talk shed light on threats like rogue BTS and IMSI catchers, emphasizing the importance of security in this dynamic landscape.

Patrick Wardle (X: patrickwardle) conducted a seminar titled "Demystifying (& Bypassing) macOS's Background Task Management (BTM)," unraveling the intricacies of macOS's BTM feature. Patrick's presentation elucidated BTM's mechanics and its potential exploitation by hackers. He introduced his software, "block block," which aids in identifying persistent daemons, ultimately influencing Apple to incorporate similar features.

Stok (X: stokfredrik) delivered an engaging seminar, "Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare." He masterfully explored how ANSI escape sequences can be exploited to manipulate log files, presenting innovative ideas for chaos creation in the realm of DEVOPS.

In addition to seminars, my time was divided between the RF village, which delved into wireless hacking, and the Red Team village, which focused on cybersecurity perspectives. I also explored other villages like blue team, physical security, and aerospace. While I couldn't partake in village CTFs due to time constraints, I gained valuable insights for future endeavors.

Within the Red Team village, I participated in OSINT and Common Network Internals CTFs. These challenges offered diverse tasks, from DNS lookups to HTML coding exploitation, effectively emphasizing the significance of information gathering in penetration testing. Furthermore, I engaged in a Linux-based activity targeting radio stations, highlighting the importance of reconnaissance, enumeration, and privilege escalation in network security.

To conclude, I strongly encourage those with the means and opportunity to attend DEFCON. It serves as an unparalleled platform for networking and insights into the cybersecurity landscape. Feel free to reach out to me on my social media platforms (X: @SasquatchHack, IG: @Sasquatchhacking) if you have any inquiries. I also intend to share my experiences through a forthcoming YouTube channel. Always remember, we are the unseen legends of the cyber realm.