Skip to content

Real Cyber Crime

ramblings of a cyber professional

  • Home
  • Skills
  • Notes
  • About
Menu

My first DEFCON

Posted on August 15, 2018August 15, 2018 by RealCyberCrime
Reading Time: 4 minutes

Although I certainly consider myself to be a cybersecurity professional, I’ve been too focused on the Digital Forensics & Incident Response (DFIR) side of cybersecurity to fully appreciate the hacking world. DEFCON is certainly a hacking conference and if you are expecting to next-level in forensics or malware analysis it’s probably not the best conference for you. I downloaded the iOS app early to review talks, but after seeing the conference book and android app (looking over someone else’s phone) I realized that MANY of the talks weren’t on the iOS version, so I wasn’t able to plan ahead like I wanted. Additionally, I was hoping to just walk into workshops and get hands-on, but I quickly saw that they were “full classes” so I wasn’t able to attend.

If you are open to being delighted by passionate people, interesting outfits, cutting edge exploits, and new research-findings it’s an amazing conference! The badge is awesome and the energy is contagious, I’m just completely overwhelmed by all the things you could learn here.

In full-disclosure this conference was 100% at my personal expense and was blended together with celebrating my wedding anniversary, so full DEFCON immersion wasn’t really possible or incentivized (haha). I definitely plan to attend again and dive in with my configured laptop to pull off the famously long hours (see 3-2-1 slides below) people invest in the challenges/workshops/etc.

To my enjoyment, this DEFCON featured the first-ever Blue Team Village, so hanging out in that area was great (minus the horrible lack of seating). I particularly enjoyed the “Cloud Security Myths” and the “Subversion and Espionage Directed against You (SAEDY)” talks as they were packed with content and helped me appreciate the nuances between cloud service providers (CSPs) and the scope of espionage in corporate environments.

Additionally, I really enjoyed the “For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems” talk with a clear takeaway that mag-stripe technology is completely deprecated and vulnerable, seeing the attacks in action really cranks up my paranoia around swipe-only transactions.  The speakers provided  live demonstrations of new vulnerabilities that allow you to MitM (Man in the Middle) transactions, send arbitrary code via Bluetooth and mobile application, and modify payment values for mag-stripe transactions.

I’m writing this post from my hotel room at Bally’s Las Vegas and still feel connected because they stream the talks to your hotel room (this was awesome)! I really enjoy that part, additionally I kept a pulse on various twitter and news feeds which focused on the election-related hacking and car hacking which I didn’t get to experience, but I know those were hot topics during DEFCON.

Watching talks from my hotel room!

In summary,  the $300 or so for DEFCON is totally worth it! My biggest regret is not signing up for workshops in-advance and lining-up early for my favorite talks, because the good talks are absolutely chaos (lines of 200 people), despite the goon’s (DEFCON support staff) best-effort to keep things moving smoothly.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Posted in analystsTagged cyber, cybersecurity conference, defcon 2018, defcon 26, defcon26, hacking

Post navigation

An Experiment in Cryptocurrency Investing: Here’s What Happened.
Turning 30 & my transition from technical to management roles.

Related Post

  • Insights into CompTIA’s new Cybersecurity Analyst+ certification
  • Techniques to start your career in cybersecurity
  • Where to look for suspicious computer activity?
  • Cyber Security Analyst’s “Hierarchy of Needs”
  • The T-Shaped Analyst

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Theme Design & Developed By OpenSumo