SANS Penetration Testing

Getting the Most Out of DEF CON: Some Tips for First Timers

by Ed Skoudis

Are ya going to DEF CON? Thousands of hackers, infosec pros, security researchers, curious newbies, reporters, and countless others will. I've had the honor of attending the world's biggest hacker conference for 13 of the past 14 years (I missed in 2011 because my wife needed big-time surgery? she's doing great now, thankfully!). I thoroughly enjoy the conference and bring my whole team there each year. I have always been amazed at its ability to attract first-timers to the conference. During the closing ceremony, The Dark Tangent, DEF CON's venerable founder and fearless leader, asks for a show of hands: Raise your hand if this is your first DEF CON. On my completely unscientific guestimate of the number of hands raised among the several thousand people in the ginormous room, about 30 to 40% are brand new to the DEF CON experience.

This year, two of my closest friends will be embarking on their first trip to the ultimate hacker mecca, and we've been chatting about it for the past several weeks. I've written up a couple of tips below for them, and I thought others might find them interesting as well. Please note that I'm neither an organizer nor in the leadership of DEF CON. I'm just a little hacker, a happy DEF CON attendee, wanting to share some tips that I've found useful over the years.

Tickets: You don't register or pay in advance for DEF CON tickets. Just show up and pay cash for them at the door. The lines get kinda long, so bring some water and a snack, as well as a friend, to help pass the time while waiting.

Badges: DEF CON typically has amazing badges chock full of electrical gadgetry and ciphers, but they often run out of the super cool ones early, leaving paper or cardboard badges for everyone else. If you want one of the best badges, get in line early on Thursday. The most common kind of badge is the "human" badge, which is for general attendees. Other badges include speaker, goon, press, and the much coveted uber black badge for top conference leaders and winners of the most prestigious contests.

Hotel: The conference is an all-encompassing experience which may tie up 14 to 20 hours a day of your time. Don't spend a lot of money on a hotel, because you won't be there much. You can find cheap hotels within walking distance for Thursday night and Sunday night, likely in the $49/night or less range. Friday and Saturday get more expensive, as tourists flock to Vegas, but if you hunt around and sweet talk some hotel reservation lines, you may be able to find something in the $59 to $109 range. Early in my career, I'd share a room with two or three other attendees to split the costs, getting our average per night room rate to about $30 or so. It was great fun, and quite affordable.

When to Get There? The con runs from Thursday to Sunday. A lot of the activities get underway on Friday, so many people show up then. But, I recommend making sure you get there on Thursday. There are some amazing vendor parties on Thursday night for people staying over from the Black Hat conference to attend DEF CON. Plus, there's a much better chance you'll get a cool badge if you are there on Thursday.

When to Go Home? Around 5:30 PM on Sunday, the conference quickly becomes a ghost town. I am always filled with sadness as the conference winds down and disappears. You could leave Sunday night, just like almost everyone else. But, I started a little ritual about 8 years ago that helps assuage my post-con blues. I go out for a nice meal with a bunch of my closest friends, and then fly back on Monday morning. You may want to try something similar.

Goons: The folks who do crowd control at DEF CON are known as Goons. They are all volunteers and work diligently to make the conference flow. The Goons may sometimes sound gruff or pushy, but treat them well, respect them, and do what they say. I know that one of the themes of DEF CON is questioning authority, but the Goons really have the conference goers' best interests in mind. Be good to them, and they'll be good to you.

Sleep: Don't plan on getting much sleep at the conference. Sleep in advance. Sleep afterward. Many of us get 4 hours or less per day of sleep during conference time. Priest (the head goon at DEF CON) said to me years ago at the conference, "Sleep? You'll have plenty of time to sleep when you're DEAD!" Whenever I grow weary at DEF CON, I can actually hear Priest's voice in my head saying that, which helps get me going again,for more DEF CON learning, fun, and mayhem.

Parties: Some of the best attractions at DEF CON are the plentiful parties hosted by several different hacker groups. Some of the parties are open attendance, while others are invite only. I'll often go to three or four parties each night, just to make the rounds, see old friends, meet new people, and have fun. Make sure you take in some parties. Even if you aren't the partying type, these events are a great way to network and learn. I typically learn more during the parties than I do at the talks themselves. If you are the shy type, look around for other shy people just standing around at the party and engage in a conversation. "Is this your first DEF CON?" "Where are ya from?" "What was the coolest talk you saw today?" are decent conversation starters. Various groups post a list of DEF CON parties online, so make sure you check them out regularly, as they are frequently updated during the con itself. Simply searching for "DEF CON parties" and the year will get you a good list.

Talks: Try and attend at least a few talks on a variety of topics. Some of the most popular talks, though, are a mad house, with long lines, overflow crowds, and room size restrictions so some people are turned away. Early on in the con, pick a few must-go-to talks that you really want to see, but always have a backup alternative, just in case your first pick's room is maxed out.

Hardware Village: Stop by the hardware village at least once, check out all the electrical gizmos, and pick a lock. Don't know how to pick? No problem. There will be coaches there to help you, and it's super fun. In fact, it is surprisingly easy to pick most locks, and it's a great thrill to pop your first lock. You've gotta check it out.

On the Topic of Drinking: Vegas lies in the middle of a big honkin' desert. Daytime temps often surpass 107 degrees Fahrenheit. Even if you stay indoors, the air itself will vacuum water out of your body and your very soul. Drink lots of water, double or triple what you'd normally consume. And, if you plan on imbibing some alcohol while at the conference, have even more water, perhaps a glass in between each alcoholic beverage you enjoy. Otherwise, your colossal headache the next morning will prevent your full enjoyment of the con.

Chill: DEF CON is so full of different activities, it can be overwhelming. Make sure you get some down time to relax. There is typically a large breakout room for just hanging out and resting. Use it. If there's not enough stimulation in that room for you, take a stroll through the big Capture the Flag room and watch some of the crazy videos played on the big wall.

Con Network: DEF CON has a big wireless network that is free for anyone at the conference to use. That's the good news. But, I have had many friends and associates get hacked big-time while on this network, their systems laced with malware and other nasty stuff. I recommend staying off of the conference network entirely. In fact, I recommend disabling Wifi and Bluetooth on your laptops and mobile devices at the conference. I carry only a cell phone, which I use for text messaging friends to meet at the conference, and to review the conference agenda and party list, but NEVER via Wifi. Also, it's probably wise to avoid any ATMs for getting cash at the conference. In past years, cash machines have mysteriously appeared and later disappeared at the conference, likely there to dupe unsuspecting users into providing a mag stripe and a PIN.

The Closing Ceremony: At the end of DEF CON on Sunday, the whole DEF CON crew stages a multi-hour closing extravaganza. This event includes some great conference memories, applause for all the organizers of various events, and the announcement of winners for various contests held during the conference, including the awarding of the black badges. Although it is always too long, the closing ceremony is an excellent way to wind down the conference. I wouldn't miss the closing ceremony for the world.

Well, I hope those tips serve you well. Have fun at the con!

-Ed Skoudis.
SANS Fellow
SANS Penetration Testing Curriculum Lead

4 Comments

Posted June 28, 2013 at 3:50 PM | Permalink | Reply

Robin Wood

Didn't we have very expensive sushi and gate crash the wrong part in 2012?

Posted June 28, 2013 at 5:13 PM | Permalink | Reply

Ed Skoudis

I can neither confirm or deny either event.
That said, let's do both again this year, my friend!

Posted June 30, 2013 at 12:51 PM | Permalink | Reply

Sadir Vanderloot

Sushi does crash the wrong gates ! However I wish I was you with you guys. Keep cool Robin.

Posted July 23, 2014 at 1:43 PM | Permalink | Reply

Martin Fisher

All great suggestions. May I be so bold as to add one additional?
Please exercise the basic hygiene society expects of all of us. Shower (with soap) at least once every 24 hours. Use deodorant.
There are very things more repellant than Day Three Con Funk in a place like Vegas.

Post a Comment






Captcha


* Indicates a required field.