By Aaron, Reverse Engineer
Six minute read
Since the first time ever hearing of DEFCON, I have wanted to attend. I love working on all the crazy systems we come across here at AIS, and I always imagined DEFCON being an extension of this environment. A place were the latest technologies and security discussions took place.
After finally getting the privilege to attend DEFCON, which took place August 10 through 13 in Las Vegas, Nevada, my expectations were certainly surpassed. From learning from some incredibly talented individuals and teams to watching seas of hackers compete in a variety of Capture the Flags (CTFs), DEFCON was a truly amazing experience. It’s almost indescribable the variety of security fields and levels of technical skill encountered. If there’s a field of security you’d like to know more about, it’s nearly guaranteed there’s a group in attendance eager to share and learn.
The Overwhelming Atmosphere
Just stepping off the plane in Vegas is a sensory overload. Flashing machines, towering buildings, and massive pieces of artwork towering over the city. While overwhelming at times, it was an experience in itself. Present across several casino and conference buildings, DEFCON was in full force with a sea of people in flashing LED badges down every hallway. Following these streams, you’d find yourself at many of the famous DEFCON villages.
The vast array of villages was something to behold. If I wanted to physically hack on a car, such as a Tesla, there was a village for that. If I wanted to hack into a security system thermal IR camera, there was a village for that. If I wanted to pick locks, use AI in hacking, hack a satellite, learn about biohacking, or even where to start with monitoring police communications, there was a village for that.
On top of the vast diversity of topics covered at DEFCON, it would be an easy task to spend all of DEFCON in a single village. Each village was a treasure trove of knowledge in each niche of the industry, with relevant talks and seasoned professionals wherever you look. DEFCON was, in the best way, an overwhelming experience for security minded individuals.
The Mind-Blowing Talks
From outstanding technical skill demonstrated by Google Red Team engineers to hilarity surrounding social engineering skills, DEFCON certainly brings fantastic industry talks. It is a surreal experience being in a room with hundreds of listeners tuning into the same security talk as you in the growing industry of cyber security. Be it learning how some crazy mathematicians subverted multi-key cryptographic implementations to incredibly proficient security engineers identifying and deploying wireless exploits against smartphone cellular modems, DEFCON truly has amazing talks for everyone. It’s hard not to feel like a student again surrounded by such talented individuals presenting their latest findings.
Yet even with many of the very impressive technical talks, DEFCON hosts even more talks open to those beginning in security or simply looking for a means to share their latest hacking story in an entertaining fashion. From the social engineering vishing competition to reconnaissance presentations on public data streams, it is easy for one to find something they find both interesting and digestible.
Learning From the Pros
It’s nearly impossible not to feel humbled by the shear technical depth that many at DEFCON possess. That said, DEFCON was a truly welcoming experience. Every presenter and village participant I spoke to was quite happy to answer the questions I had. There was a sense of inclusion rarely felt in large gatherings like this, where everyone regardless of background was welcomed and encouraged to learn and share their insights. If you’re looking to learn more about a niche field of cybersecurity, or even break into new areas you’re completely unfamiliar with, DEFCON provides a hospitable environment to do so.
Capture The Flag (CTF) Challenges
While I knew CTFs were a large part of DEFCON, it was truly an experience to walk past hundreds of participants all hacking away at various CTFs. From hacking an actual satellite in orbit to wreaking havoc on a miniature city’s infrastructure, water works and all, there was hardly a dull moment. Most notably, many of these CTFs were quite inviting, with exceptional staff and various levels of skill encouraging all to participate.
Ethics and Responsibility
I asked ChatGPT what DEFCON was, and was happy to see this final paragraph:
“Started in 1993, DEFCON has grown into a significant event in the cybersecurity and hacker communities. It takes place in Las Vegas, Nevada, and attracts thousands of participants from around the world each year. While DEFCON provides a platform for education and networking, it’s important to note that the event also emphasizes responsible and ethical behavior in the realm of hacking and cybersecurity.”
Rarely is hacking portrayed as ethical and responsible in media, but DEFCON does an excellent job in highlighting the need for this. Every talk I attended began or covered their disclosure process and emphasized the importance of doing so. Better yet, there were full legal talks on how to properly disclose vulnerabilities, and villages dedicated to cybersecurity policy. It was comforting to see such a large space of the industry and community share our goal of creating a better and safer digital world.
Closing Remarks – Thank You AIS
My first DEFCON experience was everything I had hoped for and more. So many interesting topics and people, expanding my love for hacking both professionally and personally. While I may not have walked away with a coveted black badge, I did leave with a sense of community and means of further development. I hope that one day I may return to DEFCON, both as a participant and contributor to our industry.
Attending DEFCON has also given me a greater appreciation for my time at AIS. Many of the main stage talks and villages had a sense of familiarity due to the plethora of systems and technologies we come across in our day-to-day work. While it was certainly humbling learning the latest techniques and methods the best of the best employ, I was still able participate and actively apply what I learned here. It felt as though DEFCON was a seminar and industry engagement to extend my knowledge rather than build it. That is why I wish to say thanks to AIS and the SAE team I am happily apart of, for keeping us at the forefront of the cybersecurity industry.