Hack The Box Goes to DEFCON 29

Hey everyone, TreyCraf7 here. I just wanted to take a few minutes to tell everyone about my experience at DEFCON 29. This was my first chance to get out to “hacker summer camp” and wanted to share my thoughts with you all. So here we go!

 

Registration Protocols, a.k.a Linecon

Like the start of any other DEFCON or hacker conference in general, it all starts with “linecon.” In years past, it’s my understanding that the registration portion for DEFCON often took hours to get through. I thought it would be even worse this year since we had to take the COVID screening check into account. I was surprised when the whole process took me less than 30 minutes. I had planned to spend my morning in line, so it was nice to gain some of the day back to explore and go check out Blackhat (more on that in a minute). 

Many people had concerns with how vaccination status validation would go. And to be honest, so did I. Traveling with my medical data and showing it to someone I don't know seemed a bit sketchy to me. But it turned out to be a breeze. The conference had a third party brought in to perform the validation. All that happened was when it was your turn, you showed an ID and your COVID vaccination proof to one of the workers. They checked that you were indeed yourself, that the name on your ID matched the vaccine card, and if all was good, they gave you a wristband as proof you had been validated. Nothing was recorded, no pictures or copies kept, just a quick visual check.

Once through the first check, it was on to the next line to acquire my human badge. This process was much quicker. The goons did an awesome job directing traffic and getting people through the process. If you pre-registered, all you had to do was show your ticket, and you were handed a badge. For anyone who didn't make the registration deadline, they were selling tickets and badges at the event. With this being a hybrid event, there were still plenty of badges for anyone who showed up.

One would think that with this being a hacker conference, many would go against authority, rebel, and refuse to follow the rules. When it came to COVID protocols, this wasn't the case. While confined indoors or in close proximity to others (as in “linecon”), I was surprised to see most everyone remained masked up and was respectful of the rules. Thus helping everyone to enjoy the event.

DEFCON added a nice little bonus for anyone who attended in person this year, in the form of a business pass to BlackHat as well! All anyone who attended in-person had to do was show their DEFCON confirmation to register for the pass. This saved you $250.00 and gave you a chance to wander around and check out the BlackHat Arsenal and Business hall. (There was no talk or workshop attendance however.) 

 

The badge

Now that we have talked about all the admin stuff (boooorrring), let’s move on to the awesome badge provided by MK Factor. I was and still am extremely excited about this badge. At first glance it just looks like a macro keyboard, but in reality, it’s much more than that. This badge brought everyone together and helped to embrace the new normal. You could use it as a mini keypad to control hotkeys for your PC or Discord, play games on it, and share the signal with those around you. Like everything else with DEFCON, there is always another layer to what you see. It was not only a badge, but a puzzle you could solve. I won’t spoil the fun for those who are still doing it, but the more of these you can bring together, the deeper down the rabbit hole you can fall. 

Villages

For every budding and experienced hacker or security enthusiast, there was a village for you. With this being a hybrid conference, some of the villages were open to participation from anyone in person and virtually, or virtually only. For in person events, the villages spanned across Bally's and Paris, occupying many of the ballrooms. In person villages included everything from aerospace research to voting machine hacking, and anything in between. 

What was really cool to see was the popup villages that often took place in the hallways and open spaces in the ballrooms. I spent most of my time in the hardware hacking village and the aerospace villages. That’s where I watched people mess with satellites, improve paper airplane designs, and I improved my soldering skills, and created some cool little badges for my sons. 

One of my personal highlights of attending offline was the HAM radio village. During the event they proctored exams for the HAM radio licenses. That’s where I earned my HAM radio technician’s license. It was a great experience, and they were true professionals promoting their craft. 

Talks

DEFCON took the hybrid concept in stride, and in doing so, they ensured everyone had something to look forward to when it came to talks. The organizers periodically released talks on their YouTube channels for those attending virtually. Many awesome talks were hosted live. For those who wanted to chill out a bit, some of them were streamed directly to our hotel rooms. 

There were so many talks spanned across the whole event, that it's almost impossible to catch them all. You can find them over on the DEFCON YouTube channel. I recommend checking out this talk to start: 

This one is  on red teaming in macOS environments: 

 

Summary

Overall, my first DEFCON was an awesome experience where I met a ton of amazing people, learned some new skills, and got to see our community reunite in person. We spent a little while together, and we enjoyed each other’s company. All while doing what we love. I can't wait for the big 3-0 next year, and to see what TheDarkTangent and his crew come up with. Thank you to all the goons, village workers, volunteers, speakers, and professionals who helped put this event on and ensure it was awesome!

Links

DEFCON site: https://defcon.org/index.html

DEFCON YouTube: https://www.youtube.com/user/DEFCONConference

Badge Creators: https://mkfactor.com/