It’s been since Defcon 22 that I made it out to Vegas for the premiere hacker summer camp, but I finally got a chance to go out again, post-covid. (Spoiler: I’ve been covid-free since the outbreak, but brought it back with me from Defcon, assume-ably. I first showed symptoms 3 days after the con. Thankfully, vaccines and boosters make for a smoother ride.)
My goals this year were to not attend any main track talks, not wait in line for any talks, and to just relax and have some fun in whatever fashion that presented itself. I feel like I accomplished those goals just fine!
Rather than itemize or talk about a bunch of stuff that can be found in other places, here’s my list of Good and Bad things from my experience. Though, let’s be clear, this was overall a great time.
- 20,000+ people (I’m estimating) plus all the norms. So, my first Defcon was DC16 with about 8,000 folks, and then DC22 with about 22,000. And in those locations, you would walk around the casino area and probably 80%+ of the people present would be hackers. Right before the covid19 pandemic, Defcon was topping 30,000 attendees! That’s a huge mass of humanity! Now that Defcon is at Caesar’s Forum, this means the con sprawls across several Caesar’s properties. It also means as you wander the properties, there are also far more norms walking around, probably even about 50% of the people around at any given time. Personally, I’d rather be more surrounded by my people. Still, that’s a lotta people in small places, and it makes for some less than comfortable environs for an introvert who likes his space like myself. Thankfully, I know myself and my limits pretty well and can handle things just fine. And having more people means more con, so…the fact of having so many people together is both good and bad, but probably overall good.
- Still COVID. There’s still Covid around, which sucks. Thankfully wearing a mask the whole weekend is quite acceptable with this crowd. The problem is I don’t normally wear a mask for hours a day, and I realized I got pretty warm with one on all day. My body isn’t used to regulating down that heat with limiting mouth freedom! Between that and the dry air, it was pretty easy to start sweating.
- I was ill-prepared, tech-wise. I didn’t take much tech with me, basically a laptop. Turns out, I wanted to do contests! And get on the defcon wireless network! I sure could have used a portable monitor. More laptop resources. A better wifi adapter. Notes for next time, especially if I want to try more contests, which I do.
- Some villages were… I swung by almost all of the villages, and I got into several that were super fun and interesting (and packed). But some I didn’t get into at all due to busy talks taking up all the room capacity and creating lines outside. And some villages were literally just talks unless you pre-signed up for something. These latter villages left me super disappointed and made it feel like these are just alternate talk tracks and nothing else. App Sec, Cloud, and Red Team villages, to me, were simply not useful or accessible to me and I never got into any of them. And they were among my priority ones.
- I wasn’t prepared for the other events. Lots of Defcon content and contests start months in advance. The moment I commit to attending, I need to continually visit the site and forums and start getting an idea of what is available and what I’d like to do or check out.
- Food and Drink Prices. Oof, $12 beer bottles, $24 burgers, yikes. Thankfully there was an easily-found Walgreens just 3 minutes north of Harrah’s that was open 24/7 and provided essential fluids, snacks, and sandwiches to keep costs down. Close, fast, efficient.
- So many contests! It’s been since DC22 since I’ve attended, and the ability for Defcon to entertain and challenge 20,000+ people has matured a lot! I swung through the contest area several times, and each time I saw new things I missed previously. Even the villages had contests. I spent a day fighting up into the top 9 (of 220) of the Blue Team Village CTF, played and beat some demo game about Intelligence Operations and CTI, submitted threat model suggestions (which is something I’ve never formally done before), and poked at numerous puzzles and challenges. I probably would have spent far more time on the con floor doing these contests around like-minded folks if not for the covid spectre hovering about.
- Linecon + Merch. This is my second time staying up all night for Defcon registration. It’s now official, as Linecon! While we pre-registered already, my friend and I opted to still stay up all night and we were essentially first in line on the pre-reg side. We got in line at about 5pm, had our badges in hand at 7:05am the next morning, were among the first 30 in line for Merch, and hit up the vendor area shortly after. We were back in the room by 9am to upload loot and freshen up. While I’m not getting younger and the last time I stayed up all night was a previous Defcon, there are good points for this. First, there’s not a TON of things going on at Defcon on Thursday. Second, Linecon itself is fun and the people are excellent. (I also got my picture taken on the official Defcon stage as if I were giving a talk!) Third, you get full and first crack at merch and vendor gear and you get it out of the way before lines take hours and things sell out. This helps free up the rest of the con time for other things! (Or other lines to stand in!)
- Chillout room + SomaFM. Dude, I love SomaFM. I’ve been a listener since 2002. I love the chillout room at Defcon when you can get a reasonable seat and just do some contest shit or whatever. It’s still lots of people, but grab a drink or two and relax as you can! It’s just the perfect vibe.
- I was never lost! At the Riv or Rio I was constantly lost. I never really found myself lost in the Caesar’s properties. So, that’s cool!
- Villages with things to do. Hands on things at Lockpick and Physical Security villages were awesome. Even the Tampering village off to the side was informational!
- Movie night. I did movie night at DC16 and loved it, though it was pretty packed, but kinda skipped at DC22 in favor of parties/live music. But, this year I was spending time doing contests and had been sitting in the Chillout room. Then, when the live music started booming there, I took the vibe over to the movie night room and sat behind everyone else and continued doing hack stuff while also enjoying the movies. There was something about the vibe that just worked.
I have no idea how often I’ll get back to Defcon, but if I can do it ever year, I am not sure I’d mind. Flying was 0 hassle this year, and really everything with regards to logistics and costs were fine. If I do go back, there are some things I want to keep in mind.
- Pre-plan more, especially contests. Man, seeing those black badge contests get wrapped up was super invigorating. While I have no skills that would help in the main Capture the Flag, there are other events I have a chance at if I can do some pre-planning and research/practice. I’d like to start on time with next year’s Blue Team Village CTF, and I’d love to try out the Capture the Packet. This pre-planning also means making sure I have gear that helps provide for success. Beefier laptop and portable monitor and wifi adapter, for starters. SE and Lockpicking could be fun contests, too, but definitely research the forums!
- Scav Hunt. The scan hunt always looks super interesting, and if I continue to know more people and first-timers at the con (e.g. coworkers), I might push to make doing the Scav Hunt a priority. That said, knowing a native in Vegas would probably help!
- Linecon. I’ll definitely do Linecon again. This year I took is easy as I was super wary about whether I can handle lack of sleep at my age, but things went fine. However, I’d like to bring a game or two, and maybe some sort of chair.
- BSides. I have never done BSides LV, but for a couple extra days, that seems like a fine way to go to actually see some talks and do a bit more casual conversing.