Hacker Summer Camp 2019

SheHacksPurple
Aug 15, 2019 · 8 min read

Last week I attended what is affectionately known as #HackerSummerCamp, a combination of several events that happen in Las Vegas, USA, during the same week. There are several events, but the main ones you are likely to hear about are Black Hat, Def Con, B-Sides Las Vegas and the Diana Initiative.

This blog post will detail preparing for the event, what happened, cool people I met, and a few things that I learned along the way.

But before any of that I need to tell you: I won the Cybersecurity Woman Of The Year Award for “Hacker of the Year”. To say that I’m honoured is an understatement.

I won the Cybersecurity Woman Of The Year award for “Hacker of the Year”.

Okay, now that the bragging is over, let’s talk about safety and preparation for attending such an event. This was my 3rd hacker summer camp, and ever since I got malware in the first 11 minutes of my first workshop, the first time I attended Def Con, I have been very, very cautious. Although most of the people that attend this series of events have good intentions, (unfortunately) this does not describe everyone. Here are the steps I take to ensure my devices come home in one piece/are restored when I return.

  • Do not connect to any wifi with a device that you love. Bring a burner phone or laptop if you must connect.
  • Make a backup of your laptop, then ghost it, attend Hacker Summer Camp, then ghost it again when you get home, then restore from disk. This helped a lot when I had gotten “the gift of malware” in 2016.
  • Turn off your blue tooth and wifi. Ensure they won’t turn themselves back on or do any scans.
  • Use cellular, it’s safer.
  • Ensure that YOU are safe at all times. Do not go to a party alone or with people you don’t know. Don’t accept drinks from strangers. Don’t go back to someone’s hotel room unless you feel safe to do so. Exercise all the caution and then some more. Even if you have met someone before, be careful; you are the most valuable thing you have.
  • Register for parties in advance to make sure you get a ticket.
  • Buy tickets to conferences in advance to make sure you get in.
  • If you go to Def Con prepare to wait in line for at least 50% of the time. Seriously. If you are an extravert like me this can be fun, but if you are an introvert be prepared.
  • If you can network and make friends in advance it’s a good idea to do so. Attending in a group is always safer and usually more fun as well.
  • If something happens, TELL SOMEONE. If a person has done something obviously inappropriate to you, they will (sadly) likely do it to more people if you let them get away with it. Please report. For DEFCON there’s a hotline. And the people working there are super awesome and kind. They will help, regardless of the situation, you’re in, regardless of the persons involved. You can even report anonymously over the hotline. Again: please report.
  • If you have to do live demos I suggest recording them (I KNOW! Then they are not live). That’s what I did and guess what? My laptop is fine!

EVENTS!

Now let’s talk about all of the different events I had the opportunity to attend. This was a jam-packed week of exciting things, many happening at the same time, and choosing was tough.

First I met up with my new friend Jeny Teheran, who accompanied me to the Cybersecurity Woman Of The Year Awards.

Vandana Verma, Jeny Teheran, myself and Chloe Messdaghi

Jeny was a total blast, she let me drag her all over before the ceremony. My good friend Vandana Verma joined us at our table for dinner, and Chloé Messdaghi of WoSEC SFO was cheering louder for me than anyone else. SO MANY amazing women were there, I could not possibly name them all. One of the people presenting the awards was Ann Johnson of Microsoft, who gave me a hug after I won! I can now put “Hug from Ann” on my performance review this year. ;)

The next day was theoretically a day off, however, I spent the day meeting up with many of my friends that I only see at events, which meant brunch with Miriam Wiesner, Sarah Young, Lidia Guiliano and Vandana Verma.

Yours truly, Miriam Wiesner, Sarah Young, Lidia Guiliano and Vandana Verma.

That day I also received my Microsoft Trading Cards. Each employee had trading cards made, instead of business cards, sort of in the style of a baseball card. Silly facts and a photo meant all of us spent some serious time trading with each other. Here’s mine.

My out of focus trading card. I still have some!

In the evening I spoke at #Codenomicon, an event by Synopsis. There I was on a panel with Chenxi Wang, Julie Tsai and Meera Rao. We all seemed to agree that DevSecOps was good, but everyone had different ideas on how to achieve the best and most secure end state.

Chenxi Wang, Meera Rao, Julie Tsai and me.

The next day was Black Hat and I immediately headed to the Arsenal to finally meet a few people in person:

Mohammed Aldoub, he made an open-source tool called BARQ, we had never met in person before!
Microsoft’s own Miriam Wiesner presenting “EventList”

Then I went to see some Black Hat talks.

Ian Coldwater, Duffie Cooley: The Path Less Traveled: Abusing Kubernetes Defaults
Kelly Shortridge, Nicole Forsgren: Controlled Chaos: The Inevitable Marriage of DevOps & Security

Thursday night I went to the Cyberjutsu Awards,

My friend Vandana Verma won the Secure Coder category! I could not be more proud of or happy for her!

Hosted by Mari Galloway and MC’ed by Jules Okafor, Vanadan Verma receiving her well-deserved award!

I also got to meet SO MANY new amazing humans. You can see another write up here by Mansi Thakar.

More nominees!
Even more nominees and WINNERS!

Then I went to the Canadian Hacker Party, which has no photos, but did involve maple syrup, hockey sticks and a “screeching in ceremony”. I ended up being too tired and missed the Microsoft Appreciation Party, which was a disappointment for me. I’ll have to ensure I make it next year to I can get an “Enable MFA!” shirt that actually fits.

Friday was the Diana Initiative!

I presented on OWASP DevSlop (no surprise there) and did a realllllllly long demo but no one fell asleep so I think it was pretty good. :)

Obviously, I wore purple. ;)
Spending quality time with MSFTers at the Diversity Booth Sarah Young and Diana Kelley!
Dina Davis, of “Code Like a Girl”, live-tweeted my talk, which was very flattering. :-D

Then my friend Aaron Hnatiw and I went to the Hacker1 Live Hacking event to cause a ruckus’ as we had last year. It was pretty cool; I chatted with a lot of people about various angles of bug hunting and finally met Jocelyn Chan from WoSEC Sweden in person. I even got a very short visit with my friend Tiffany Long.

After that was the WoSEC Crashes Def Con Event! Which was part of Def Con’s Diversity Party and it was GREAT. It was organized by Chloé Messdaghi, Jon McCoy, and Zoe Braiterman.

AppSec Village at Def Con

Friday I was the opening keynote for the first-ever AppSec Village at Def Con! It was amazing, and I’m so happy that AppSec has finally found its place within Def Con. You can see my slides here: http://aka.ms/purpleslides

See my slides here: http://aka.ms/purpleslides

Then I spoke at the Cloud Security Village, which was also super fun! If you missed my talk at Def Con you can see it here when I did it at Microsoft Build with Teri Radichel. Of course, it’s even better with Teri. ❤

Amazing Humans That I Met

(note: many are missing, I didn’t get photos of everyone)

Jocelyn Chan, Sweden WoSEC Chapter Leader!
Larci Robertson, and Xena Olsen, WoSEC chapter leaders of Dallas and Chicago
Ian Coldwater, me, and Representatives from the #OWASP Mexico City Chapter!
I got to meet Ian Coldwater in person and they are even better than on the internet!

Conclusion

This was my best Hacker Summer Camp yet, and not only because I won an award, got to speak 4 times and received 100 hugs. I feel that the atmosphere has changed since the first one that I went to in 2016, for the better, and I don’t think that this is only because there were more women attending. I think that the organizers and many other groups (especially WISP and Diana Initiative) have worked really hard to create a safer and more-inclusive edition of this year’s Hacker Summer Camp. THANK YOU!

If you want to continue to develop your skills, check out WeHackPurple Academy’s NEW course, Application Security Foundations taught by yours truly! There is also a lot of awesome content to subscribe to for only 7$ a month!

And I have a mailing list, please subscribe, it’s free!


InfoSec Write-ups

A collection of write-ups from the best hackers in the…

SheHacksPurple

Written by

Tanya Janca’s Application Security Adventures

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

SheHacksPurple

Written by

Tanya Janca’s Application Security Adventures

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store