DEFCON 17 in Review

So, I just got back from DEFCON 17 in Las Vegas, NV. This year was probably the most impressive turnout I've seen in my 3 years of going to DEFCON. The hacker conference lasted from Thursday until Sunday.

The first thing to do Thursday is to get your badge. Bright and early in the morning you need to march over to the Riviera to pick up the shiny/blinky/hackable badge that happens to be one of the best parts of DEFCON. I got there a little late so I waited about 25 minutes in line to get my badge. Normally and traditionally, the 'Goons' of DEFCON run out of badges and are forced to give out temporaries. This year was no exception, the only difference is this year, they didn't even have real badges to give away in the beginning! So once I had retrieved my temporary badge, I headed our for a little, only to come back 4 hours later to pick up my real badge. But hey, at least I got one, not everyone was so lucky. Information on this year's badge can be found here.

This year DEFCON also added Thursday tracks for 'newbie' talks which entailed some things such as the basics of lockpicking, hardware hacking and surviving at DEFCON/other security conferences. Obviously the latter talk is necessary because if you don't know what you're doing, there's a chance you're going to get owned. I only really caught the end of the hardware hacking talk, then slowly made my way around the rest of the con doing some typical exploring. Other things happening Thursday included the Toxic BBQ off hotel grounds and some parties, including the Offensive Security party, which I attended and met some great people.

Friday morning after my friends and I dragged ourselves out of bed, we went to grab some breakfast at the Denny's which is normally over-run by DEFCON goers, then headed over to the Riv for some more talks. I attended a talk about Binary Obfuscation which was pretty high level but very informative. It was a 'Turbo Talk' which was an extra track added for this DEFCON that was about 30 minutes VS the typical one hour. Some other talks for that day included the JBIG2 Vulnerability talk and a very informative talk about the DEFCON Capture the Flag game, which in my opinion, is one of the toughest CTF challenges I have ever seen. Custom programming and reverse engineering homebrew operating systems in assembly is only just the tip of the iceberg on this one. Then we moved on to a World of Warcraft hacking talk where basically two very smart programmers came up with a way to create a bot that can basically play the game for you, and besides the fact it's a bot, does not subvert or break any rules of the API given in the game. They did demos all weekend and also raffled some old WoW characters off in the process.

At this point, we had noticed that the hallways seemed awfully crowded. DEFCON had a lot more attendees this year. Goons were yelling, people were getting trampled, and chaos was starting to ensue. Luckily, the goons are intimidating and got things in order. Still, a going trend at DEFCON 17 were complaints about not enough space, and waiting in very long lines just to see a talk. The #DEFCON Twitter feed up on the wall showed lots of distaste for how it was setup. Maybe DEFCON organizers will need to come up with some new ideas for crowd control next year? DEFCON is blowing up at a rapid pace. The rest of Friday consisted of some exploring of the SkyBoxes(Hardware Hack Village/Lockpicking/Wifi Village), the vendor area, and some needed rest/relaxation.
Saturday was a good day for talks at DEFCON. There was an entire track based on Metasploit and the various modules and plugins for it. Some groundbreaking, others a review. I also caught a talk about the Middler and a surprise WarVOX talk by HD Moore outside of the Metasploit talks. I ended up leaving the con a little early that day to check out some more parties and meet some people.

Sunday was good wrap up. There were numerous talks that seemingly involved hacking your life... ie. sleep hacking, motion sickness hacking, and social networking hacks. And although it was a bit early, a very good advanced SQL Injection talk.

Sunday of course, was also the day I had to say Goodbye to Vegas and head back to Ohio to share my findings with my coworkers, and potentially make them jealous.
Just another good year at the world's largest hacker convention...

Per usual as well, DEFCON made some big news. There was a fake ATM places in the Riviera that implemented a card stripper, some bungee jumping off of the roof, some scared federal agents after DEFCON seemingly stole their RFID credentials and the usual 'big news' hacks... which this year included a way to break SSL, hacking the iPhone via text message and how to hack the FAA!

See you all next year!