DEF CON: The Ultimate Guide for First-Timers

Ginny Fahs
6 min readAug 20, 2019

--

It’s official: you’re headed to DEF CON. The world’s most mythologized underground hacking conference involves four chock-a-block days of presentations, contests, exhibits, and parties in the Las Vegas heat. While it’s impossible to soak in all DEF CON has to offer, this list is a place to start.

1. Prepare

Getting through the conference happy, hydrated, and digitally unscathed requires forethought. Before you go:

  • Read The Lost Policymaker’s Guide to get a sense of DEFCON’s storied community and culture.
  • Get a burner phone or secure your real one.
  • Download Signal for encrypted messaging.
  • Pack a water bottle, comfortable walking shoes, and enough layers to take on intense heat intense air conditioning.
  • Bring plenty of cash to cover your ticket, meals, swag, transportation, and other purchases (credit cards put you at risk for wireless identity theft, unless they’re in an RFID-blocking wallet).
Ready for DEF CON with my badge, guide, and sticker swag.

2. Hack your Badge

DEFCON badges are legendary. This year’s badge had LEDs that lit up when two badges tapped together, and changed behavior over time as it interacted with other badges. It could do even more tricks when plugged into a computer, but I didn’t take that security risk. Remember to pay for your badge in cash, and when you get it, play around and explore all that it can do.

3. Visit Villages

Villages are the forces behind DEF CON’s diverse programming — it’s astounding how many topics fit under the wide umbrella of security. This year there were 32 villages, many of which had own speaker series, competitions, exhibits, and programming. Most villages are independent non-profits with their own funding and leadership, and many need volunteers to pull off the exhibits. Highly recommend volunteering for meeting people and finding a small community at the huge conference.

4. See the Wall of Sheep

One lesson at DEF CON is just how exposed we are when we use public WiFi and Bluetooth networks without a VPN or other protections. Wall of Sheep is an exhibit by Packet Hacking Village that hits the point home. They project public WiFi activity on the wall: red represents the number of trackable devices requesting DNS lookups on DEF CON public WiFi, while blue is secure WiFi activity not being tracked. Username and password credentials, along with IP and other details, are then displayed for all to see. You’ve been warned — be smart when you use public networks!

Wall of Sheep at Packet Hacking Village, DEF CON 27.

5. Pick a Lock

DEF CON has an entire Lockpick Village, and it turns out that picking locks really isn’t rocket science. Lockpick Village has hooks, rakes, and turning tools on big community tables, as well as volunteers who teach you how to get started. Even though I’d never picked a lock before, I was able to break through four in less than 30 minutes (petrifying!). You can buy lock picking tools to bring home with you — but be careful, as these tools are not legal in all states.

As a total novice, I picked through these four locks in 30 minutes at Lockpick Village. We should all be scared.

6. Spot a Tin Foil Hat

Hacker lore decrees that tin foil hats are an excellent strategy for protecting against hacks (truth: they don’t actually protect you). As such, tin foil hats come out in full force as fashion accessories at DEF CON. Keep an eye out for elaborate ones, or bring foil to make your own — at which point, you will be one of the coolest cats at the conference.

7. Watch a Skytalk

Almost every village hosts its own series of talks, but Skytalks are singular in that they are entirely off the record. This is serious. And seeing one is an experience: Volunteers constantly shout at attendees waiting in line about the strict off-the-record policy and patrol aisles during talks to ensure phones aren’t out (if the phone comes out, they kick you out!). Off-the-record is sacred and rare in today’s share-a-thon culture, so the talks are more juicy than typical.

8. Experience a CTF

CTFs — or capture the flags — are contests that allow DEF CON attendees to flaunt their hacking skills in live competitions. I saw the CTF at Social Engineering Village, in which contestants competed to compromise real companies’ security by calling up employees on the front lines and persuading them to hand over sensitive information. Most villages host their own CTFs, as does DEF CON proper. Even if you’re not ready to compete yourself, you can learn a lot by watching.

Fun times at Biohacking Village. Yes, we’re next to a display of fake babies in a NICU.

9. Meet a WISP Scholar

Women in Security and Privacy (WISP) sponsors dozens of scholars to attend DEF CON every year — this year, they brought 92 women to the conference. These badass ladies are disrupting and advancing the industry in all sorts of ways. Keep an eye out and try to meet one — and if you’re a woman in security looking to go to DEF CON, apply for the WISP scholarship (June deadline) which will help cover your costs.

WISP scholars celebrate their time at DEF CON with at Saturday brunch.

10. Make a new friend at LINECON

Your time at DEF CON ~will~ require waiting in long lines — swag lines, food lines, lines for talks. Welcome to LINECON. With the right attitude, lines can be a defining part of the DEFCON experience, an opportunity to meet new people and learn about other corners of the security world. This year at LINECON I met Steve, a Colorado InfoSec professional with a beard longer than my hand, and Dave and Tyler, a father-son pair local to Las Vegas who had actually worked side-by-side with the speaker we were waiting to see. The friendliness and expertise of other attendees is a big part of what makes DEF CON (and LINECON) delightful. Don’t let the lines get you down; start a conversation instead.

11. Party like a hacker

Hackers know how to throw down. At the Arcade Party, I saw T-Rexes on the dance floor and got my very own temporary tattoo of a unicorn. There’s a party called Blanketfot-Con which is as epic as it sounds: a fiesta in a ginormous blanket fort. And I heard great things about Queer Con and karaoke. Best way to stay in the loop about DEF CON night life is @defconparties (and no, they are not cancelled).

Know anything else that should make this list? Drop me a line in the comments.

Thank you to everyone at WISP and Biohacking Village for opening the world of DEF CON to me.

--

--

Ginny Fahs

Tech Fellow @AspenPolicyHub & #MovingForward Executive Director. Ex- @UberEngineering .