Notes from a first con

I went to defcon for the first time, and it was probably one of the best experiences of my life, if not the best. Here are some notes to self for the second time that might help another first-timer next time around.

Talks

I only went to one, and I probably won’t go to that many next time. Most talks are published, and while they’re the sorts of talks that grab 100% of my attention, I feel FOMO watching them versus doing things that I cannot do later.

Next time, I’ll try to attend BSides to get to some skytalks.

Villages

I visited some villages, and they were very interesting. My particular interests were blue teaming, red teaming, and packet hacking, but then again, everything at DEFCON is interesting.

Next time, I need to memorize the map. The hackertracker app, the brochure, and even the badge had a map of LVCC in them, but they still were not enough when someone messages “come to aisle 4” in reference to a giant 3 story building with 30-something-thousand people in it.

CTFs

Come prepared. I was not. I competed in the RTV CTF this year with some very smart people, and while we did not get a high rank, I still managed to solve a few challenges.

Bring a live “everything” Kali USB drive

You can do most things with some apps, but Kali’s “everything” version has things included. The DEFCON wifi was acting very strange and slow, and I couldn’t download a bunch of tools like Ghidra or sqlmap due to how slow the wifi was. Additionally, you can boot off of a live USB drive in QEMU, at least if you’re on Linux, so the host could be doing other things while you solve challenges in a VM.

Get a better charger

My charger/powerbank brick takes up more than half of the space of a power strip. It’s especially inconvenient when sitting at a table with several people.

Bring an ethernet cable

While some of the villages have their own (i.e. packet hacking) The contest area did not have any ethernet cables. It was not a necessity, but for better connectivity or connecting to particular routers it would’ve helped.

Download wikipedia

Again, the internet outage was a big issue. Most things I looked up (default ports, magic bytes, heapq implementation) took me to Wikipedia, so a simple local version of Wikipedia would’ve been very handy with something like kiwix.

Practice

I… don’t practice CTFs, and I think that was the major hurdle for me, personally. Practice makes permanent, and muscle memory or some sort of automated script would take care of low-hanging fruits so that I can focus on my favorite section instead (reverse engineering).

Coordinate

You know it’s a bad sign as the title at my day job is “IT Coordinator” and I still don’t know how to coordinate. 3 friends of mine participated in 3 different CTFs, and I wanted to do all 3. There’s no rule against doing multiple CTFs, but preparation and coordinating with them would’ve been nice.

Parties

There were way too many parties by DEFCON, by villages, or by other people I was invited to. Make sure to plan in advance instead of doing what I did, which was to go to a pool party last minute with jeans and a backpack.

So, a few tips would be to:

• Pack some shorts and swimsuit.
• Check whether you’d need to drive or just walk, and if driving, find parking nearby. I had to spend too much time finding cheap parking around the Vegas strip.
• Drink more. I drank a lot (Redbull, coffee, vodka, whiskey, beer, and a little bit of water on the side), but there’s always room for more.
• Talk to people. I spent most of my time with people I knew, and talked to a very few new people. The very few people that I met were some of the most interesting who, despite being humble and down-to-earth, were very smart and knowledgeable. If you’re going to a DEFCON party, talk to as many people as you can.

• Defcon
• Conference
• Cybersecurity
• Ctf