Defcon 32 - First time at Hacker Summer Camp

TLDR;

Day 0 – Bsides LV and Skytalks

To kick things off, I had a 4-hour flight to Las Vegas with spirit airlines. I wasn’t really expecting the flight to be packed, but it was full of people ready to gamble and enjoy a week in Vegas. Unfortunately, my femurs are literally too long to comfortably sit in the randomly assigned spirit airlines seats, Luckily, I received an aisle seat so I was able to stretch my leg every so often.

When the plane finally landed, I was pretty confused about where to get a taxi but eventually I found my way to the Tuscany. I was staying at the Rio hotel, but I still had some time to go before check-in and I planned to check out BSidesLV and see as many. Skytalks as possible. I was able to get two ‘tokens’, one for Jeff Man’s state of Information Security, and another for Ignacio Navarro’s Insert Coin: Arcade Hacking for fun.

I also bumped into Slankyton at Bsides and he gave me some really cute “Peg a Fed” stickers that I handed out during the weekend, and they were really fun. I think next time I’d like to try out the Pros vs Joes CTF, and maybe have some more chats with vendors. I spent a little bit of time picking some locks and talking to some people to warm up my rusty social skills. Skytalks was also a blast, During the first talk with Jeff Man, he asked the audience who was here in Vegas for Hacker Summer camp for the first time. I ended up doing a shot of some other foul liquid with the other noobs, and listened to this old curmudgeon teach me about fundamentals of permissions and access controls. I also realized during the talk we were not permitted to record the Skytalks sessions digitally, but we were allowed to take notes. I pulled out a notebook about halfway through Jeff Man’s session and started scribbling down topics to google later. Ignacio Navarro’s talk was incredibly entertaining, and I was able to get a front row seat this time. The tactics were pretty basic web application testing but the results were phenomenal and I really hope the arcade company remediates these issues.

After Skytalks I took a trip to the Costco where I grabbed some vitamin c gummies, a case of white claw, and a bunch of premade deli food. The fridge in my room was broken though, so I had to use the freezer set to low.

Day 1 – Thursday

I woke up reasonably early (I thought) to wait in line and get my badge, but the line was already pretty gnarly by the time I arrived. Apparently, this was the first year where the pre-paid line was longer than the cash line, but I was able to receive my badge pretty quickly despite the long line. I traded some stickers with Bucky and bounced around a beach ball. I tried to wait in the merch line as well and I got fairly close, but I had to leave right before getting into the room to make it to the Ham In a Day class taught by Dan Romanchik – KB6NU.

I arrived about half an hour late because I didn’t really understand the difference between uber pickup locations and taxis, but the timing didn’t matter much. The class was essentially a day long lecture going over every question in the 400ish question pool of potential technician exam questions. Dan spent some time explaining all the answers and we even got to look at some of the components he brought for show and ask some questions. I ran across the street during lunch for sushi in the desert. At first, I thought sushi in a place so far from the ocean was sketchy, but then I realized yellowtail weren’t native to Louisiana either so there’s really no need to get all weird about it. The sushi was great and for the second half of the class I commandeered a table to take notes better. The seats in the library were a test of endurance, but the class was really enlightening and I’m glad I took it.

After the class, I took a rideshare back to the convention center with another classmate, and I wandered around for a bit getting a lay of the land. The merch line had closed by the time I made it back, so it just wasn’t meant to be. I started to play with the badge a bit and I noticed some guy wearing all black with black sunglasses hanging out across the hall from me alone. I approached to give him a “Peg a Fed” sticker and he laughed then left. I never saw him again.

I found a QR code in the badge game that let me join the badge discord channels, where someone had already beaten the game and posted a 6-minute speedrun. I was getting tired of the venue because nothing was really open, so I took a bus back to the hotel and showered. Most of my meals this weekend were just me eating Costco deli food in my hotel room alone, which was great for saving money but existentially sad in the grand scheme of things. After showering and getting into bed, I got a text from Dll (from my local group) to come to the LINQ circle bar for drinks and a meetup. I had to take an uber over there, and by the time I got there my local group was nowhere to be seen. I ended up getting a 25$ vodka cranberry and chatting with a new friend Tom, a high-performance computing and linguistic enthusiast. The conversation was great, and after I found a daquiri I split with Tom and wandered around the casino. I’m not really into gambling but it’s really easy to see how mobile games like candy crush or clash of clans were inspired by the same cocomelon boomer art style so prevalent in Vegas gambling machines. I wasn’t really sure how to make it back to my hotel so I just sort of wandered around drunk for a while until I found a taxi to take me back to the Rio and I got some sleep.

Day 3 – Friday

I was determined to get my amateur Ham license, so I took the bus early to the convention center and found a comfortable little nook to jam practice exams for three hours. I met some more interesting folks who were also up to various shenanigans, and when I finally felt confident enough, I walked over to the ham village and tried to take the test. Turns out, I had to register with the FCC first so I procrastinated that for a bit to visit the vendor hall.

I didn’t really come to defcon with a solid plan, the ham license was just something Zetta mentioned to me shortly before and I was able to get a seat in the class. I have never operated a radio transmitter before, so I thought it would be pertinent to get a baofeng or something. Nobody was really selling baofengs. I found the hack the box booth and received a cool lanyard though, as well as a TOR shirt and a bus pirate. I took some time to walk around the first-floor hall and villages and just take it all in. The TF2 hacking game looked like a lot of fun, but I didn’t have a team so I just spectated for a bit. There were so many interesting challenges that I felt completely unable to participate, so I just walked around checking stuff out. Jack Rhysider was doing a comic book signing so it was really neat to meet and talk with him a bit in person. I also played around at the tamper evident village and tried my hand at opening a security tag with aluminum foil. I failed but this was a good thing for me to go learn on my own and come back for.

Eventually I returned to the Ham village, applied for an FCC number, took another practice test, then took the actual test. I passed with a 29/35, and felt incredibly relieved. When I was taking the practice tests, I was scoring around a 30-33 so this was within the ranges and even though I just hadn’t seen some of the questions during practice, I narrowly succeeded and it felt pretty good. I decided to take the bus back to the Rio at this point and get ready for the Queercon party.

My defcon party preparations were pretty simple. I wouldn’t need a laptop or notebook for this, so I just dumped everything out and replaced the contents with a bunch of white claws. The party was awesome, and during it there were some really cool stickers for trade. Unfortunately, I had left my sticker book at the hotel so I just put some white claws on the table at the party as my contribution. This seemed like a good idea at the time, but later on a Goon mentioned that kids could have gotten ahold of my alcoholic seltzers and that I needed to be a bit more responsible. (there are some laws when you’re drinking claws). I remember my first dragon con at 19 and how a very kind woman was giving me shots of absinthe at the rocky horror picture show, and I felt cosmically justified in my haphazard trades for stickers. Handing out free alcohol is actually a great way to make friends though, so in the future I just gave them to people I thought were cool. The party was a lot of fun and mostly consisted of dancing and playing with balls.

The balls were bouncing around the crowd and we had to stop them from hitting the ground. Next year I think I’ll bring some more balls to play with at defcon, as the attendees were really into playing with balls. I had a long conversation with Phreaker during the gothcon show, where they showed me some of the medical device code they were working on, as well as some tips for tokenizing my Bencode parser (use delimiters and write the characters between them to a buffer). I also had a really nice conversation with CrossTangent (no relation to DT), and reviewed some custom MTG cards they were making for a cube.

The ride back to the hotel was fine, but I still felt somewhat lonely eating cold sandwiches on my bed. Turns out I missed what would have been a really cool dinner with a bunch of women at a sushi bar, but I doubled my resolve to not let the intrusively sad thoughts spoil the conference. In the morning, I would do more things, meet more people, and be more social. Sleep came easy.

Day 4 – Saturday

My first and immediate goal was to make it over to the embedded systems village and work on some of the hardware hacking labs. I was not early enough to snag a preconfigured village laptop, so I sat down and tried to do it on my laptop. I couldn’t really finish the lab because the village was trying to fix a bug in the container so the labs kept resetting. After about 2 hours or so I gave up and left to try my hand at another village.

Next I tried my hand at the Industrial Control Systems red alert ctf, and the first challenge seemed simple enough, we were given an encrypted file and a copy of the private and public AES-256 key to decrypt with. Conceptually I understood what needed to be done, but practically I wasn’t really sure how to decrypt AES with the private key. It probably has something to do with OpenSSL. I had done something similar with exfiltrating ssh keys for a CtF, but I just started googling “how do I decrypt .zip.enc AES with private key” to no avail. I found a few YouTube videos but it was difficult to watch them in the midst of the con. The table next to me was working as a big team, and I think I really need to level up my social skills and get into a team to tackle these challenges with.

Next up was a creator demo lab for the Drop-Pi software. The idea here is to defeat 802.1X authentication by placing the pi as a bridge between an already authenticated machine and the network switch. Then you re-write the mac address and ip tables of the pi to match the victim machine, and mask your reverse shell with SSL traffic to control a remote device on a target’s network. This was a really cool talk and I want to configure my pi to be a Dropbox now.

My next major goal for the weekend was to go to the packet hacking village and try to write something funny on the wall of sheep. I never really accomplished this goal but this village was my favorite of the weekend. The DJ beats happening in the background with the open tables to just hack away at the open wifi-network was a lot of fun, but my laptop did not have an ethernet port. I knew some of the vendors downstairs sold something similar to a usb-ethernet adapter, so I tried to acquire one and this led to my favorite little adventure.

The hak5 lan turtle was sold out downstairs, so I asked the booth if they had something similar. The guy at the booth handed me an unboxed Lan turtle and said I could have it, but that it was used. I knew that meant it probably already had a backdoor installed on it, but it was free if I could fix whatever was wrong with it. I hooked it up to my laptop and it connected quickly, but the default credentials did not work, so someone did already setup the remote connection and If I were to connect it to the internet it would almost certainly have someone sniffing my traffic.

I had to go to the hardware hacking village to borrow a tiny Phillips head screwdriver and pop the back open, and I then spent some time with Cody who helped me with a jumper wire for the flash reset. I ended up getting kicked out the hall because 6:00 had rolled around, so I finished my factory reset upstairs in the same little nook I used to study for the ham exams. I was going to use the day to get a mask for the masquerade ball, but since I had neglected that I thought I’d return to my hotel room and at least get the rest of the white claws. I made it back to the line just in time to be at the very end of it, but as I was chatting up some of the Huntsville rocket city hackers (shoutouts to @ByteTheIO and @Titav), starfox recognized me from a prior conversation and brought the three of us directly to the front. The Darknet Diaries masquerade ball was a lot of fun, I got to dance a bunch and tweet as Jack before the API kicked his account off. Threatlocker and CovertSwarm were handing out some really cool swag and I got to learn a little bit about some of their products. I also got an impermanent tattoo of an integrated circuit so that was pretty cool! Jack and the Darknet Diaries team threw a really fun party! Im really glad I got to meet them, the podcast made a huge impact on my life and I really wouldn’t have thought to attend defcon had I not started listening to it in the first place.

Day 5 – Sunday

I was determined to get back to the wall of sheep and start sniffing packets. I got to the convention center early and grabbed some iced coffee to wait in line at the packet hacking village. I had just cleaned up my dubious Lan turtle and settled in for the most packet hacking I could get done in the little time left of the conference. Unfortunately, the Lan turtle was still not cooperating fully with the internet connection, and after a valiant effort of troubleshooting, it didn’t look like it was in the cards. The village gave me a shirt and I resigned to just scanning open hosts on the network for any weird services or honeypots. Some guys next to me from HtB did manage to write something on the wall, and that was cool to see. I’m a little disappointed that I didn’t get to participate, but I learned some pretty good lessons for next year and I’ll have a bunch of time to practice my packet hacking skills.

Another really cool thing I learned was the new addition, the “Field” of sheep, was scanning for beacon frames released by the wifi devices of the attendees. Nobody did it at the con, but one of the village volunteers told me that if I was able to scan for the same beacon frames and unmask the ssid’s using a database like wigle or wifimap.io, it should be possible to unmask someone’s home wifi network based on that ssid and the lat/long coordinates of that ssid. That seems really interesting / creepy and I’m not sure why nobody thought to do that, but I’m going to work on developing some kind of service to pass in beacon packets and query those wardriving databases programmatically for next year.

After leaving the packet hacking village for the final time, I wandered around for a bit. I ended up meeting the Dark Tangent, as well as donating my extra sunblock to some very appreciative goons at the lost and found. Sensing the end, I navigated to track 1 and settled into the closing ceremonies talk. There was a “contest winners” talk before that, but it was a long and grueling affair that was not well prepared. Most of the contest winners were not present, and many of them were slated to go on next during the black badge awards at the actual closing ceremonies.

The end itself was also fairly grueling, but it was interesting as first-time attendee. I don’t think I’ll worry too much about attending the talk in my subsequent years, but I think it was a good time. I was surprised to learn after the talk that all the hackers were immediately evicted from the LVCC, so I was kind of unsure where to go. I had already checked out of my hotel at 8am, so I hopped on the Bsides bus to the Tuscany and just sort of bummed around in the lobby for a bit until I called a taxi to the airport.

The interesting mind worm of defcon has made its home in my brain, and I keep referring to lines or other such waiting areas as “x”-con. Line for starbucks? Linecon. Flight delayed by over an hour? AirportCon. I had also shipped my laundry home with FedEx at the convention center, so my backpack was just full of hacking stuff and defcon swag. The TSA elected not to rifle through my many wires and circuit boards (thankfully), but this was not the case with some of my new friends. I met @slofunk at the airport, and he was great company. We talked about our home network configurations, traded some stickers, and followed each other on twitter. There was also an incident where someone’s dog had peed on the floor, so I moved a trash can in front of the pile to stop people from stepping in it. Surprisingly, people were really interested in stepping and tracking the dog urine all over the Las Vegas airport, but the trash can put a stop to that.

Day 5.99999

My flight was delayed by over an hour, but I still thankfully made it home (eventually). I was not able to sleep on any of the flights due to having aisle seats, and I had to work at noon on Monday. arrived to work, sleep deprived and loopy, but still functional. Around 4:45 I fell asleep hard for about 5 hours, then woke up just to sleep another 8 hours before work the next day. Unfortunately, I seem to have contracted covid at the conference but I’m not really that surprised. I am not really much of a gambler, but I knew covid was a pretty likely probability given the size of the event and the mask policy (or lack-thereof).