(Making Sense of the Wonder and the Chaos )
DEF CON can be overwhelming, with a tremendous variety of talks, activities, and
parties from which to choose. In order to help you make sense of the con, and get the most out of it, I’ve put together this brief guide. It’ll be helpful for those of you attending DEF CON for the first time, but perhaps even experienced attendees will get something from this guide.
Updated July 22: Added Social Engineering Village link
TL;DR: Three key tips
- Do a little homework
- Visit the official DEF CON site https://www.defcon.org/html/defcon-26/dc-26-index.html to plan how you want to spend your time
- Stay hydrated
- Bring a water bottle and keep refilling it
- Talk to people (and be respectful!)
- Make new friends while standing in the (many) lines. There are some incredibly intelligent and interesting people at DEF CON (in addition to yourself, naturally)
DEF CON has so many dimensions to it, that any summary will necessarily fall short of encompassing its full scope. Nevertheless, we’ll attempt it here.
There are several main “tracks” (I use this term loosely) within DEF CON, more or less broken down as follows:
- Contests and Events
- Capture the Flag
- Demo Labs
These are intense, hands-on technical sessions – each running 4-6 hours – held throughout the con. These are free for conference attendees, but they fill up VERY quickly – typically just a few minutes after registration opens.
In many ways, these are the heart of DEF CON – an enormous number of presentations on topics that span technology, security, research, society, politics, and economics. These include large keynote presentations as well as smaller sessions.
Read through the list, make note of which ones you want to attend – and arrive early. There will be (long) lines to get in, and some sessions will be full!
Social Engineering Village Details: https://www.social-engineer.org/sevillage-def-con/
(includes schedule, and will hold the SE CTF scoreboard during the con)
One of the most amazing aspects of DEF CON is the huge spectrum of educational and hands-on activities. These are organized by topic area, or as DEF CON calls them, “villages”. Each village is located in a certain area of the convention center, easily found on the maps. This year’s DEF CON features more than 20 villages, including:
- Car Hacking
- Voting Machine Hacking
- Social Engineering
- Packet Hacking
- Blue Team Village
- ICS Village
These villages have different setups – some of them – especially the more technical ones, tend to be very hands-on (bring your computer). Some are a series of lectures & discussions – for example Biohacking, and Ethics – with a detailed scheduled listed on the DEF CON village site.
I recommend visiting as many of these as you can, at least to get a sense for what’s going on in each. There’s a remarkable variety of topics, and some incredibly intelligent and passionate people working at each. Go, talk to them, and learn something!
Contests and Events
DEF CON provides a huge array of Contests (and a few non-competitive Events) to choose from.
Events include an early morning bike ride, hacker karaoke, laser shooting, and a Mohawk hairstyling station (fundraising for the EFF).
But hackers are naturally competitive, and as such DEF CON offers an incredible variety of contests. Many of these are highly technical, while others stress different skills – such as Hacker Jeopardy, Hacker Spelling Bee, Scavenger Hunt, Drunk Hacker History, and the legendary Beard and Mustache Competition.
Most of the technical contests provide serious (but fun) challenges which require considerable skill, but also typically demand a considerable time commitment during DEF CON. I won’t attempt to enumerate the technical contests here – take a look for yourself at the link above.
Capture the Flag
Capture the Flag (CTF) is a highly overloaded term at DEF CON. Used generically, it refers to any of a number of the contests listed above, which are structured around obtaining (capturing) information. For example, The Social Engineer CTF (one of my personal favorites to observe) tasks contestants with obtaining information about a target organization.
But “the” CTF contest at DEF CON – referred to as simply “CTF” – is arguably the most prestigious hacking contest on the planet, one which requires teams to earn a spot through a series of qualifying rounds throughout the year.
These are technical demo stations dedicated to researchers and hackers who have something new and interesting to demonstrate. These are highly technical, but even if they’re beyond your depth, I encourage you to stop by to talk to the motivated and intelligent people behind these tools.
Updated with DEF CON 26 link: https://www.defcon.org/html/defcon-26/dc-26-vendors.html
The vendor room – notoriously crowded – features selected purveyors of books, tools, and hacking paraphernalia. It’s definitely worth a visit to see what’s new and interesting, and to chat with the EFF folks.
There are many parties at DEF CON. Have fun but please don’t overdo it!
Follow @defconparties on Twitter for the latest.
No DEF CON overview would be complete without discussing the badges.
First – the official DEF CON badges are the ones that get you entry to the conference, and for which you pay $280 cash. You’ll be required to wear these throughout the conference,. These are not your normal conference badges — these have no identifying information or barcodes on them, and you’re not “scanned” by vendors.
There are several different varieties of official badges – including Human, Press, Speaker, Vendor, Goon, and the rare Black Badge . Goons are the volunteers who help run DEF CON (treat them nicely, and talk to them – most of them are experienced infosec practitioners). Most of us will be attending DEF CON as Humans (sorry!). Most years the badges are electronic (and hackable), and there’s a rich history of tinkering with them.
In addition to the official badges, there is also a fun subculture called badgelife, comprised of people who make electronic badges for fun, or to support specific organizations ( e.g. QueerCon ). Some of these are available via Kickstarter, for direct purchase, or only onsite. Here is the semi-official list in GoogleDocs.
I might have mentioned once or twice that DEF CON is crowded! The food service in the conference center can be unreliable in quality and availability (I’m being diplomatic here), and the hotel restaurants can have very long waits (Caesar’s Smashburger 50-person line, I’m talking to you!).
Bring some snacks (and water) with you, and you’ll have a lot more flexibility in terms of eating schedules. And share to make new friends!
DEF CON: The (Scheduling) App:
Some Final Thoughts
- Be patient (it’s crowded), be inquisitive (there’s a ton to learn), and be respectful of the presenters and attendees (please)
- Plan your con – write down your top activities (especially those that are time-constrained, such as the speakers) but don’t overplan it. Some of your best and most memorable DEF CON experiences will be serendipitous
- Security – Turn off Bluetooth and Wi-Fi on your devices, lest you end up on the Wall of Sheep. The conference does offer Wi-Fi (see here) which might very well be secure. Personally, I will not be using it. Bring a phone power pack and avoid plugging your phone into any public charging cables
- Be respectful of people! Read the official Code of Conduct here. Relevant quote: insulting or harassing other participants is unacceptable. It’s also bad karma, people.
Most of all – have fun! DEF CON is an incredible experience – one that we’re lucky to be able to participate in – so make the most of it.
- Official DEF CON Site https://www.defcon.org/html/defcon-26/dc-26-index.html
- Official DEF CON 26 FAQ: https://www.defcon.org/html/defcon-26/dc-26-faq.html
- DEF CON: The Documentary: Official documentary made at DEF CON 20: https://www.youtube.com/watch?v=3ctQOmjQyYg
DEF CON Fiction:
And if you’re interested in some short DEF CON fiction, check out my story:
Tone DEF: a DEF CON Love Story (in which a DEF CON N00b, Max, tries to be more extroverted while attending a Skytalks session. Hilarity and drama ensue!)
DEF CON is a complex beast, and I can’t hope to give you a complete picture here. But do let me know what’s missing (or incorrect), and I’ll work to improve this.
See you at DC26 in just a few weeks!