HACKER SUMMER CAMP 2018 GUIDE — Part One: Surviving Vegas

Take The Ticket…Hack The Ride!

Greetings ladies and packets and welcome to our Hacker Summer Camp Guide for 2018! We had a fantastic response last year where we made a similar guide as a presentation for our DEFCON 201 Meet Up before DEFCON 25 and we wanted to provide a similar comprehensive guide for 2018.

However, due to that our next DEFCON 201 Meet Up will be AFTER Hacker Summer Camp, we decided on making a multi-part blog on our Medium portal for people to have easy access and can print out to bring with them where ever they want to. We also have divided it to diffrent parts so when these links are live click them to jump to the other parts of the guide:

HACKER SUMMER CAMP 2018 GUIDE — Part Two: BSides Las Vegas 2018
HACKER SUMMER CAMP 2018 GUIDE— Part Three: Black Hat USA 2018
HACKER SUMMER CAMP 2018 GUIDE — Part Four: DEFCON 26
HACKER SUMMER CAMP 2018 Guide — Part Five: SIGS, EVENTS AND PARTIES

So first off lets answer the qustion…what the f%@k is “Hacker Summer Camp”?

The Three Major Events (Plus A Photobomb from TiaraCon now known as The Diana Inititive)

The term “Hacker Summer Camp” is a nickname for the crazy time in the summer where three computer security conventions: BSides Las Vegas, Black Hat USA 2018 and DEFCON 26 take place during the entire week. Due to the literal overlap of activities, locations, speakers and organizations the term was coined to summarize the entire week. This year, Hacker Summer Camp will take place from August 7th thorugh August 12th in 2018.

But before you drink all the booze and hack all the things…you have to get there…and before you get there, you need to have a plan.

Typical Insides of a Hacker’s Suitcase
WHAT TO PACK FOR YOUR TRIP?

Here are a few items that you should pack for your trip:

— Hygine Products: Travel Toothbrush, Toothpaste, Deoderant, Lotion, Hair Products, ect.

— Approprite Nevada Summer Clothing: We will deal with this in the next section.

— Hacker Tools: Burner Laptop, Burner Phone, Multi-Tool, Hacking Wears and Tools, Lockpicks, Microcontrollers, Portable Sewing Kit (serioius), ect.

— Business Cards: You will be doing a ton of networking at any of these events so make sure you have something to give to people to remember you by (and note, diseases don’t count!)

— Reuseable Water Bottles: Vegas gets super hot, in August it can peak at 107 Degrees F so you should make sure you have water on you AT ALL TIMES!

— Cash: Leave your credit cards in your RFID Wallet, make sure you set a budget for yourself and before the trip take that ammount out of cash for you. Not only is cash easier to use in a pinch but you can make sure you bank account is safe too! We also recommend to not use Cryptocurrency at the convention but if you must make new accounts, transfer your coins there and make a Crypto-Paper Wallet to bring with you (and guard it with your life) instead of using an app on a device.

— Medication: Bring a First Aid Kit or something containing Band Aid, Headache Medicine, Earplugs, Swabs, ect. Also, any medication you need to surivive normally would be a good idea to take with you. Also, condoms. Because Vegas…

— Entertianment: Break out that Nintendo Switch, Smartphone game, Downloaded Movies and even more useful, a book.

— Con Guide: Before your trip, you should look at the con scheduel online, copy and paste all the things you want to see plus the date and time of each acitivity into a document/spreadsheet. Then, print out two copies and carry them with you. Most conventions can give you a guide but in case they run out, you loose it or don’t have it on you having a personalized planner will help in this.

— Notebook: Again, you will be doing a lot of networking and you also might get insperation while interacting at the convention. Bring a small notebook and pen (graph paper FTW) to jot down ideas, phone numbers, IP Addresses, still art sketches or whatever floats your fancy to document.

DO NOT BRING:

— A Bad State Of Mind: You are here to learn new things, network, relax and have fun!

What Happens When You Are Not Wearing Proper Attire for Las Vegas
HOW TO DRESS TO NOT MELT IN NEVADA’S CLIMATE:

Ever seen the flim Fear & Loathing in Las Vegas?

Ironically the main character of Raoul Duke’s (based off of Hunter S. Thompson) odd fashion choices is a good overall idea for how to dress in Vegas:

Your Typical Patriotic American Hired Geek for Hacker Summer Camp

This might look strange but remember, Nevada is VERY HOT even in August. Again, temperatures can peak at 107 Degrees F so you will want to dress for such brutal desert weather, especially in contrast to the super air-conditoned interiors of Vegas buildings.

Here are some tips:

— Loose and Airy Cloathing: Don’t bring anything tight fitting. The optimal ideal are loose T-Shirts/Blouses with Shorts/Skirts/Kilts. Something that hangs and that air will flow through. Try to put two or three finger through the sleeves or hug points while wearing it, if you can’t fit them or it’s snug, then it’s not loose enough!

— Storage: Make sure your pants ideally have cargo pockets or bring a Purse of Backpack that has Zippers or Secure Snaps, NOT MAGNETS (how do they work?) Reason being that although uncommon, pick-pocketing does exist in Vegas and this will be the most resilient to their attempts.

— Cover Your Head: Even if you don’t normally wear a hat, please go out an get one. It can be any kind as long as it can loosely and comfortably cover your entire scalp. Remember, your scalp is the most sensitive 0day on your body where heat can escape easily and most of your blood vessels are exposed the pounding sun near your brain. You can also optionally wear a visor to block out the sun.

— Shades: They are not just there to make you a 1337 H@X0R like Neo or Trinity, Vegas is not only hot but BRIGHT and you will want to protect your eyes from the harsh sunlight at all times. Plus the harder it is for the camera’s with AI’s to figure out who you are on Facebook the better.

— High FPS Sunscreen and Lip Balm: Again, Vegas is HOT and BRIGHT so those harmful UV rays will damage your skin. Get yourself a good sun screen, we recommend something at 50 SPF and NOTHING OVER IT (the value over 50 SPF is negligible and Sunscreen from the USA protects less from UVA rays than UVB rays). In addition, wear a comparable lip balm to lock in moisture and protect your lips from the elements, moisturize and lotion every night and try to stay in cool areas or shade and NOT outside for long periods of time. If you don’t have a clue on what to shop for, here is a great list of sunscreen options: https://www.cosmopolitan.com/style-beauty/beauty/advice/g3973/best-new-sunscreens/

— Anti-Swamp Ass Undies: It’s going to be hot out which means you will form Niagara Falls with the sweat running into your butcrack and your genitals will feel like they came from a horror movie. DO NOT WEAR COTTON UNDERWEAR! Not only will it chafe and cause skin reactions but it’s absorption will make it feel like you are wearing a diaper that’s also a waterbed. Instead look for nylon boxers/panties and look for specifically designed ones for heat flow and anti-perspertent. A good brand is Ex Officio which you can find BOXERS HERE and PANTIES HERE.

— Comfortable Shoes: You will be doing a lot of walking. Repeat: A LOT OF WALKING! And we know how awesome those Armani Suides or Vajazzled Stilettos are with your executive playboy look (you can reuse them later, see below) but they will kill your feet after 30 minutes never mind 16+ hours of going up and down elevators, across vendor halls, between workshops or talks and never mind the dance floor! Make sure to wear the most comfortable worn in shoes you can, ideally sneakers. You can always change into something else later in the day, in fact, having a pair of slippers for your hotel room would be a great idea. BONUS: Wear a pedometer or set one up on your smart device, check it every night or on the flight back from the con and you will be SHOCKED how much you walk. Here is data on how much our Co-Founder Sidepocket walked during the Circle of HOPE hacker convention in New York City for comparison:

…and remember, Hacker Summer Camp is 30x the size of The Circle of HOPE!

Finally, we have three specialty outfits we recommend to bring in additon to your normal con look.

BUSINESS OUTFIT — This does not have to be a full suit, just a loose polo or button down shirt and some business slacks with nice comfy business shoes for the men and a light designer dress with open toed shoes for the ladies will do. There are a lot of jobs and professional information security events around, so make sure you do research into what type of event you are attending and if it’s more corporate you have a look that matches.

SWIMWEAR OUTFIT — Either a swimsuit or water resistant clothing with NO electronics so you can hang out near the pool at your hotel and at parties.

PARTY OUTFIT — This is where your creativity can go wild and wear that crazy LED light up bondage gear with wings or that fur-suit you have buried in your closet. Since you only be dragging this out at night time during parties and gatherings, you can comfortably be in this get up while not killing your body out there, just make sure to take breaks to rest and stay hydrated even at night!

HOW TO FORTIFY YOUR DEVICES TO NOT GET HACKED

So here is a conundrum.

You are here to attend a hacker and information security convention. This involves tech. You are a tech person. You want to bring your tech.

BUT.

Again, it’s a hacker and information security convention. There will be so much shenanigans, traps, pitfalls and malicious activity that you don’t want to end up as part of someones security research paper.

So obviously, we are not going to tell you to leave your tech at home. How boring would a hacker convention be without technology? (Answer: It would be the RSA Conference.)

Instead, here are a few tips that will help your tech survive the experience. Remember, these are not uber 1337 hacker proof ninja skills, everything and anything can be exploited and hacked. However, these tips will help out during the journey to make sure your head is more focused on the connections and learnings and not in the debugger or data recovery process:

DO NOT BRING YOUR PERSONAL AND/OR WORK MACHINES TO THE CONVENTION!!! We can’t stress this enough, if you bring the machines you use (laptop, tablet, smartphone, servers, microcontrollers) to any of the conventions you are putting all your work and personal data at risk, even if you do back ups. Furthermore, you risk taking an compromised machine of unknown origin back to your work network or personal network which can be further damaged and 0wned.

Instead, use Burner Equipment:

See Co-founder GI_Jack’s Guide on Burner Equipment:

— Reguardless of what desktop operating system (Recommended: NinjaOS, Qubes OS, Tails OS, Kali Linux) or programs you use make sure that before you go to the con you update them to their latest versions. Most exploits are found in earlier versions of code, thus the older your digital devices and their software are, the more of the attack surface will be available to malicious hackers.

— Charge your equipment with either Power Only USB Wires (how to covert an existing USB Cable into Power Only) or use USB Condoms. This is to ensure when you plug into something to charge you are only using power and not transmitting any data. Use backup battery chargers and replacement batteries for equipment whenever possible in leu of charging via outlets. DO NOT use one of those Device Charging Kiosks where you leave your device in a glass cabinet as you charge, they have been known to be spoofed to steal your data.

— Try to obtain and use pre-paid hotspots if possible on a 4G line to make calls and use cell data. In addition to encrypting your phone, make sure you configure your phone to connect to your pre-paid hotspot and not cell towers. During Hacker Summer Camp, cybercriminals are known to set up fake cell phone towers (HACKADAY guide to how to spot fake cell towers) for your devices to connect to and make it spit information you do not want them to know…

These screenshots show a scan for Cell Phone Towers before Defcon (left) and during (right). Notice the fakes? Images: Geoffrey Vaughan

— Use a VPN (and if you need to Tor or i2p) configured to FULL TUNNEL, including DNS look up. We also recommend in using the AES Algorithm to traffic data you want to send and networks you want to connect to. Beware when connecting to the con’s WIFI, while the NOCs (Network Operation Centers) of each con do a fantastic job to try to create things safe, their will be open warfare by bad hombres all over these networks and the wifi provided by the hotel will be worse. If you have to connect, try to get a wired connection if possible so you don’t also open youself up to general wifi and bluetooth attacks. Also, if you go on the web make sure you have your VPN on in Privacy Browser Mode and you have a good Ad Blocker (Recommended: uBlock Origin), the full suit of EFF protection plug-ins (HTTPS Everywhere and Privacy Badger), a CryptoMiner Blocker (Recommended: NoCoin) and an anti-scripting plug-in (Recommended: NoScript).

— A cool idea that is not required for your desktop OS, you can also run a firewall on your laptop via a VM (Virtual Machine) that will isolate your trusted host. Do note that while this in a more advance technique and is difficult to set up and for red team to hack, there are hackers that know how to manipulate hypervisors to break this method. Remember, when you are at a popular open convention, trying to connect to anything is a risk!

TSA: Giving You The Reach Around And Middle Finger Since 2001
HOW TO FLY AND NOT GET MOLESTED BY THE TSA

This should hopefully be the worst part of your trip, getting there. Some will try to drive there (like our Co-Founder GI Jack because he is not right in the head and from New Jersey to boot) and others will take more unorthodox means of getting there. Most of you, are most likely to fly there via an airline. Besides some general knowledge of airline tips, here are some additional tips that are unique to going to Hacker Summer Camp.

— Make sure to pre-charge all your devices you are going to use and bring before the flight. This sounds like a no-brainer but while many airlines do have power plugs many still don’t (especially on the plane) and they also might be fully occupied by your other travelers. Make sure all your devices are powered and ready to go so once you get off the plane you can hack right when your feet touch the ground!

GET TO YOUR FLIGHT ON TIME! Again, a no-brainer but an important one. Airlines are very fickle about times, and you should show up at least a half an hour before your flight if not earlier. It can be difficult to reschedule your flight and often later times are many hour later delaying everything. Now if your flight is delayed, raise hell-erm-don’t hack the airport (we don’t support that idea) just complain to customer service and the airline until you get what you need.

DO NOT BRING WEAPONS, DRUGS, EXPLOSIVES OR ANY OTHER SCARY LOOKING THING ON A PLANE!!! In addition, try not to code or do network ops while in flight. We have heard too many stories of friends trying to remote tunnel into their network while flying only to be thrown in a room with blue gloves groping them because the airline staff thought they were ISIS hacking into the Pentagon.

— Here is are two tips to secure your luggage. First, DO NOT USE TSA APPROVED KEYS AND LOCKS. Get your own locks, you can reach out to your local TOOOL Chapter or contact them online and they will give you advice on what to do. Here is a talk by Nite0wl, JohnnyXmas and DarkSim on why TSA locks are a bad idea (HINT: Nite0wl dropped a 0day on the “safe” skies travel locks). Second, if you are an American who legally owns a FIREARM, you can use that firearm to store other valuables you don’t want to get lost. You can find more info on that via clicking this link for an amazing talk by Deviant Ollam on the subject of flying with firearms.

NOTE: Unlock your luggage before you check it on a plane. The TSA will simply cut the lock off your bag. Pack your lock in your bag, and then relock it when you get out of the airport.

— Make sure you have all your essential items that are valuable to you and/or you are going to frequently use on your carry on (and make sure they meet carry on standards). Sadly, luggage loss by airlines is a thing and we have known people who have lost thousands of dollars in equipment and clothes via their onboard stored luggage disappearing.

— This is also where those portable entertainment items will come in handy. Suggestions include your latest and favorite 2600 Magazine, the book Turing’s Cathedral by George Dyson, Mr. Robot Season 3 (look out for our Co-Founder Sidepocket’s cameo in the Hacker Space scene of Episode One) any Nintendo Switch video game or the DEFCON 26 Soundtrack (and please wear headphones!)

Hacker Humor Provided by XKCD
CHECKING INTO YOUR HOTEL ROOM AND LEARNING LAS VEGAS

So, you have finally arrived in Vegas at the hotel you have booked. You are not done yet! Here are some more tips once you got your room keycard and have opened the door:

— Secure all the stuff in your room. Pre-Pack and organise what you are going to take with you to the con on different days, put the things away that will never leave the room and lock down physically or digitally anything you want others to have no or limited access to.

— Load up your bluetooth wardriving, RF arrays, NFC sensors and other detectors to scan for bugs and spying devices in your room. Put all your devices not in use in farday cages and put stickers over any cameras and microphones on your devices. You can also bring with you (or buy there) from Bed Bath and Beyond a white noise generator installing it in a separate room on the far side of your abode to harbor electronics to prevent further spying. This can be a fun (and potentially dangerous) activity for you and your trusted contacts. Please do not destroy the fixtures and room you are in as a courtesy to the hotel. Who knows, you might even win Spot The Fed!

— Also to make your room more secure, put towels and filler material in between the cracks of the door and windows to prevent outside in eavesdropping.

— Reach out to your communication contacts with your burners. Develop before the con a system of trust among friends and colleagues that will be going with you to the con(s) or you will be running into so you have emergency contacts and safety nets for you and others in case of emergency.

— Purchase Pre-Made Food or Create Your Own Food (Lunch and Snacks) before hand and pack them with you for each day of the convention. There is a reason it’s called Hacker Summer Camp, treat it like one! You will thank us when you are stranded in an area with no food and you need to eat or all the places around you are where a hamburger costs a new mortgage on your house! Again, make sure to bring multiple water bottles with you and reuse the bottles!

— Put your room keycard in it’s own Farday Cage sleeve and keep it on your closest of persons AT ALL TIMES!

— Here is a cool trick that Edward Snowden used to alert him if someone broke into his room:

You Will Need:

>Pack of Soy Sauce

>Napkin

>Rubber Band

>Plastic Tumbler (or a drinking glass)

  1. Fill the tumbler 1/2 way with water.
  2. Draw a symbol or letter on the napkin with the soy sauce and put it over the top of the tumbler.
  3. Secure the soy sauce packet with the rubber band.
  4. Place the tumbler behind the door when you leave (but don’t forget that it’s there!)

If someone enters your room, the glass will get knocked over and the symbol or letter on the napkin will become unreadable, tipping you off that someone entered into you room with out consent!

— Explore the hotel and spend a night walking around the immediate hotel area and the overall Las Vegas strip if you can. Important things to map are shops, fast food places, bars, banks, security surveillance and other important points of interests. In fact, you can the day before print out a Google Map/Open Street Maps of the strip to keep on your persons (as well as a close up of the hotel and it’s surrounding area) and psychically map things out with marker and pen as you go. As a heads up, here is a list of resurant locations in Las Vegas and below is a picture map of every Walgreens on the strip:

A quick guide for supplies, make sure to make your own map of the Las Vegas Strip!

— Plan out sights to see. Remember, you are in VEGAS BABY! You are here to have fun and for most of you this will be your only time of year to go. Stop and see the sights, go see a show like Pen & Teller, a Drag Show, the Bunny Ranch or explore the little know area of Vegas known as Freemont Street. Here are two great guides for all the possible sights and sounds of the tourist trap:

— Lastly but certainty not least, we must remind you that while you are any of the three conventions to PLEASE work with con security and staff and not AGAINST them, obey their Code of Conducts (DEFCON CoC, Black Hat CoC, BSidesLV CoC) and OBEY the 5–2–1 rule.

Thats:

>FIVE HOUR OF SLEEP (MINIMUM)

>TWO FULL MEALS WITH ACTUAL NUTRITION (MINIMUM)

>And please…for the love of everyone’s nasal glands…SHOWER EVERY DAY!!!!!

Listen to the Squirrel in the Video about How To Bathe to prevent Weapons of Ass Destruction!

If you have your own tips, tricks and advice for surviving Las Vegas, Nevada that we forgot to miss here, you can reach out to us on our social media or email us at INFO {at} DEFCON201 <dot> ORG

Enjoy your time in LAS VEGAS and remember,

What happens in Vegas

Appears on YouTube!

P.S. Cannibus is now LEGAL in the State of Nevada! Click here to read up on the laws.
CONTINUE TO :: HACKER SUMMER CAMP 2018 GUIDE — Part Two: BSides Las Vegas