It’s official: you’re headed to DEF CON. The world’s most mythologized underground hacking conference involves four chock-a-block days of presentations, contests, exhibits, and parties in the Las Vegas heat. While it’s impossible to soak in all DEF CON has to offer, this list is a place to start.
Getting through the conference happy, hydrated, and digitally unscathed requires forethought. Before you go:
- Read The Lost Policymaker’s Guide to get a sense of DEFCON’s storied community and culture.
- Get a burner phone or secure your real one.
- Download Signal for encrypted messaging.
- Pack a water bottle, comfortable walking shoes, and enough layers to take on intense heat intense air conditioning.
- Bring plenty of cash to cover your ticket, meals, swag, transportation, and other purchases (credit cards put you at risk for wireless identity theft, unless they’re in an RFID-blocking wallet).
2. Hack your Badge
DEFCON badges are legendary. This year’s badge had LEDs that lit up when two badges tapped together, and changed behavior over time as it interacted with other badges. It could do even more tricks when plugged into a computer, but I didn’t take that security risk. Remember to pay for your badge in cash, and when you get it, play around and explore all that it can do.
3. Visit Villages
Villages are the forces behind DEF CON’s diverse programming — it’s astounding how many topics fit under the wide umbrella of security. This year there were 32 villages, many of which had own speaker series, competitions, exhibits, and programming. Most villages are independent non-profits with their own funding and leadership, and many need volunteers to pull off the exhibits. Highly recommend volunteering for meeting people and finding a small community at the huge conference.
4. See the Wall of Sheep
One lesson at DEF CON is just how exposed we are when we use public WiFi and Bluetooth networks without a VPN or other protections. Wall of Sheep is an exhibit by Packet Hacking Village that hits the point home. They project public WiFi activity on the wall: red represents the number of trackable devices requesting DNS lookups on DEF CON public WiFi, while blue is secure WiFi activity not being tracked. Username and password credentials, along with IP and other details, are then displayed for all to see. You’ve been warned — be smart when you use public networks!
5. Pick a Lock
DEF CON has an entire Lockpick Village, and it turns out that picking locks really isn’t rocket science. Lockpick Village has hooks, rakes, and turning tools on big community tables, as well as volunteers who teach you how to get started. Even though I’d never picked a lock before, I was able to break through four in less than 30 minutes (petrifying!). You can buy lock picking tools to bring home with you — but be careful, as these tools are not legal in all states.
6. Spot a Tin Foil Hat
Hacker lore decrees that tin foil hats are an excellent strategy for protecting against hacks (truth: they don’t actually protect you). As such, tin foil hats come out in full force as fashion accessories at DEF CON. Keep an eye out for elaborate ones, or bring foil to make your own — at which point, you will be one of the coolest cats at the conference.
7. Watch a Skytalk
Almost every village hosts its own series of talks, but Skytalks are singular in that they are entirely off the record. This is serious. And seeing one is an experience: Volunteers constantly shout at attendees waiting in line about the strict off-the-record policy and patrol aisles during talks to ensure phones aren’t out (if the phone comes out, they kick you out!). Off-the-record is sacred and rare in today’s share-a-thon culture, so the talks are more juicy than typical.
8. Experience a CTF
CTFs — or capture the flags — are contests that allow DEF CON attendees to flaunt their hacking skills in live competitions. I saw the CTF at Social Engineering Village, in which contestants competed to compromise real companies’ security by calling up employees on the front lines and persuading them to hand over sensitive information. Most villages host their own CTFs, as does DEF CON proper. Even if you’re not ready to compete yourself, you can learn a lot by watching.
9. Meet a WISP Scholar
Women in Security and Privacy (WISP) sponsors dozens of scholars to attend DEF CON every year — this year, they brought 92 women to the conference. These badass ladies are disrupting and advancing the industry in all sorts of ways. Keep an eye out and try to meet one — and if you’re a woman in security looking to go to DEF CON, apply for the WISP scholarship (June deadline) which will help cover your costs.
10. Make a new friend at LINECON
Your time at DEF CON ~will~ require waiting in long lines — swag lines, food lines, lines for talks. Welcome to LINECON. With the right attitude, lines can be a defining part of the DEFCON experience, an opportunity to meet new people and learn about other corners of the security world. This year at LINECON I met Steve, a Colorado InfoSec professional with a beard longer than my hand, and Dave and Tyler, a father-son pair local to Las Vegas who had actually worked side-by-side with the speaker we were waiting to see. The friendliness and expertise of other attendees is a big part of what makes DEF CON (and LINECON) delightful. Don’t let the lines get you down; start a conversation instead.
11. Party like a hacker
Hackers know how to throw down. At the Arcade Party, I saw T-Rexes on the dance floor and got my very own temporary tattoo of a unicorn. There’s a party called Blanketfot-Con which is as epic as it sounds: a fiesta in a ginormous blanket fort. And I heard great things about Queer Con and karaoke. Best way to stay in the loop about DEF CON night life is @defconparties (and no, they are not cancelled).