Greetings reader! We are here to discuss this year’s DEF CON experience. If you are unfamiliar with what DEF CON is, DEF CON is one of the world’s most renowned hacker conventions held annually in Las Vegas, Nevada. Established in 1993, DEF CON provides a platform for hackers, security professionals, researchers, and enthusiasts to gather and discuss various aspects of computer security, technology, and hacking. The convention focuses on a wide range of topics, including but not limited to network security, cryptography, exploit development, privacy concerns, social engineering, and the latest advancements in hacking techniques. DEF CON features a variety of activities such as talks, workshops, competitions, and interactive challenges that allow attendees to learn, share knowledge, and test their skills in a controlled environment.
The growth of DEFCON
This is our 4th consecutive DEF CON attendance, and Izzny and I have seen the growth of new arrivals even over the span since DEF CON 27. We’re so happy to see how more and more seem to gravitate towards this incredible culture. There does seem to be a transition taking place worth bringing up. At one point, getting into the conference required cash only at the door, and very strict rules around press and taking your own pictures and videos. This was for your privacy. Now that social media has become a norm, we noticed much more documenting activity taking place around the con. For those of you long-time goers, have you noticed the same? If so, do you view this as an issue, or is it acceptable these days?
Reuniting from DEFCON 30
No matter what DEF CON you attend, it’s pretty much impossible to go the whole weekend without having at least one great random connection, even if further details are not exchanged. Between DEF CON 30 and 31, I was able to keep in touch with a few peers that I now consider good friends.
Kevin Mitnick stickers
Years ago, as I began exploring for my place in cyber, I learned of Kevin Mitnick and his incredible stories. As I continued my journey, I would hear more and more of others meeting Kevin at a book signing, or random run-ins at conferences, etc. I was confident that one day I would be able to show my appreciation to Kevin in person. Suddenly, on July 16th, 2023, Kevin Mitnick passed away due to pancreatic cancer. In his honor, the following stickers were created and passed around at this year’s DEF CON.
Stickers
Speaking of stickers, we home made a large number of various stickers around our Hexxed BitHeadz community as well. We were able to successfully exhaust all copies, maybe you saw some around! Take look below 🙂
Now, let’s get into the days of DEF CON!
Thursday
Pre-registration line vs previous years (LineCon)
This was the first year we tried out the pre-registration method and essentially skipping the initial linecon experience. We were able to quickly get our badges and move on to DEF CON extremely fast. This did rob us of the usual linecon experience and meeting new people, but my feet were well happy about our decision. Also, we seemed to have been able to secure a plastic badge with this method, there was an issue with the badges where many were unable to receive the same badge. The DEF CON staff did address this, and assured the attendees would be able to trade up the badges once available.
Merch line
Every DEF CON we have attended has been a similar experience for merch. Waiting in line for at least 90+ minutes, getting our desired merchandise, and heading out. This year, we admittedly showed up to the merchandise area a bit later than before, stood in line for two hours, and with an obvious 60+ minutes still ahead of us, we broke rank and left when a Goon announced they are starting to run out of product. DEF CON 31 is the first DEF CON we did not buy any official merchandise.
Chillout room
We hit the chillout room early in our day, SomaFM always providing some fantastic chill tunes. Here, we began dumping out some stickers around on the tables. I would slip around to different tables, grab a refreshment, and lurk back to see how our stickers were doing. It was entertaining to see our stickers get picked up, analyzed, then either kept or placed back down, left for someone else to snag. Overall, I would call it a huge success over the whole weekend, we are going to do this again next year, and already have ideas on how to make the stickers better. In fact, because of the stickers, we drew in a few interesting characters, and had some great chats, even throughout the whole weekend. You know who you are!
YTcracker show
Definitely one of my favorite parts of the day, we were heading in some random direction, I see an announcement on Discord saying YTCracker was about to play. I immediately announced this to my group, did an about face and tracked the area down. The show was great, everyone was jamming so hard, at one point the volume was forced to be turned down, as it was interfering with a talk across the hall. I say give this guy a proper stage.
At some point, hunger kicked in as it occasionally does, we started out at the Yard House with some incredible food and even better drinks. From there we move from area to area interacting with fellow members of DEF CON attendees, staying out pretty late.
Friday
Social Engineering Village
This year’s DEF CON is the first time since DEF CON 27 we hung out around the Social Engineering Village for a while. I prefer to not go into detail as to what occurs in this area, I’ll simply state that it’s always fun to come see what’s going on here during DEF CON. A simple Google search for “DEF CON social engineering village” will put anyone in the right direction.
Red Team Village volunteering
I finally pulled the trigger and volunteered at DEF CON. I have been wanting to do this for a few years, and glad I finally did it this year. With my recent achievements with Penetration Testing certifications, I saw the Red Team Village as the perfect place for me to volunteer some of my DEF CON time. I was able to assist attendees in various ways, while catching some of the cool village activities from the sidelines. I feel that some of the best content I came across this DEF CON came from this experience.
In fact, it was here I brought out some of my Kevin Mitnick stickers, and someone appreciated my efforts so much I received this $100 Kevin Mitnick bill! Easily one of my most favorite DEF CON moments yet.
GothCon
We took a bit of a break after our hard volunteer work, rested, and enjoyed some fantastic food Las Vegas has to offer. We kicked around a few ideas on how to spend the rest of our evening, and finally concluded we would make our way to GothCon around 9pm. Apon arrival, we grab some drinks and a couple chairs at a table already occupied by a few individuals. I pass out a few stickers as a conversation opener here, and quickly enough, everyone at the table joins in conversation, discussing everything from the con to proper dance moves at GothCon (such as “picking apples from the tree”).
Saturday
Hunting and exploiting DLL Sideloads
Our first talk on Saturday consisted of DLL Sideloads. Admittedly, as the workshop started, it was very familiar to some of the content I learned through the OSCP course. However, it took a very interesting twist to my existing knowledge, and I was glued to the presentation for the rest of the allotted time. I am very excited to take this knowledge home and begin a lab exercise breaking down these steps. We here at Hexxed BitHeadz are very interested in diving into this topic further.
Randomly roaming around
After the workshop, we took some time to just wander around aimlessly, take in all the incredible aspects of DEF CON 31. While I will not list them here, you can get a pretty good idea of what it involved here:
https://forum.defcon.org/node/244771
Social engineering improv
We found our way back to the Social Engineering area, where we once again enjoyed the continued activities provided by the community.
VetCon
During the evening, we chose to take a look at the VetCon party, as I am a veteran, it only made sense. We ventured our way around the large room for about 10 – 15 minutes before Goons began directing everyone out of the room, and away for the Ceaser forums. It wasn’t just VetCon, the entire DEF CON population was herded away. No one knew exactly what was happening, but everybody complied, and moved out in a safe, calm fashion, later recognized by the DEF CON staff. Shout out to everyone involved in that situation and looking out for each other’s safety. We managed to move our party to 3535 in LINQs for the rest of the night.
Sunday
Exploring Linux memory manipulation for stealth and evasion
We kick off Sunday with a talk about stealth and evasion in Linux. This talk was very cool as it did a deep dive into interesting concepts. Slides available on DEF CON :
Linux memory manipulation presentation
Nofilter Priv esc platform
Our next talk revolved around privilege escalation in Windows. This is another fantastic top that we are looking forward to diving more into ourselves. Be sure to check out he presentation:
Closing remarks
So far, we have attended every closing remarks session since our DEF CON trips have started. I really enjoy attending the closing remarks because we get to peer into the DEF CON experience from the staff side of things. Just taking a guess here, but it can’t be easy hosting the largest hacker conference in the world. Of course, some hiccups are going to happen whether by human or machine. What is always impressive to me is the way DEF CON responds to these incidents. It’s clear that there is a standard to be a member of this fantastic community, if you are just attending, or even a goon.
Be sure to check out DEF CON 31 for all things available from this year’s conference!