304 North Cardinal St.
Dorchester Center, MA 02124
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
304 North Cardinal St.
Dorchester Center, MA 02124
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
While I know this may not be the preferred spelling, I want to repurpose ALL of my old DEFCON convention posts, so here we go!
I’ve been to the DEFCON Las Vegas hacking convention for three years now, and I wanted to share my experiences. During those years, I’ve managed to win a DEFCON black badge TWICE and ended up +$645 in the casinos.
If you are bringing your personal device(s) to DEF CON, then I HIGHLY recommend you protect yourself as best as possible.
While the DEFCON convention network has been secured over the years, it never hurts to have a VPN.
Don’t forget, there are hackers also on the Starbucks/hotel/etc. WiFi along with you.
Personally, I use NordVPN, and even have a NordVPN and OpenPYN setup for always-on Linux VPN.
Plus, I’m a NordVPN affiliate, so if you register using the button below, then it helps me out a bunch!
While Vegas isn’t for everyone, if you have the opportunity, I highly recommend giving DEF CON, Black Hat, and BSidesLV a chance.
It’s also SUPER awesome to see people in person that you only get to talk to online.
While I could easily fill post upon post about various talks, topics, contests, and people, I will try to keep it down to one (reasonably sized) post.
This was my first trip to Vegas ever, and it was an eye-opener. I have never been to anywhere in the world quite like it.
Between the people, the buildings, and all there is to do, it is a unique place.
Vegas was a bit too hot for my liking, and being “just a dry heat” didn’t make it better.
I was finally able to gamble in a casino as well and ended up $315 or so on the week. These winnings were from craps alone, and mostly thanks to secure_sean.
Going to the DEFCON convention (and BSides) for the first time was an amazing experience.
Seeing (and meeting) the people and places that I’ve only read about was pretty awesome, albeit overwhelming at times.
The sheer number of interesting conversations and talks alone was enough for me to think of hundreds of new side projects/ideas, which is awesome.
I also met some awesome people (including a 17-year-old reverse engineering wizard) through CTFs or just general conversations. Additionally, we grabbed a few drinks and sushi with MalwareTech, which was pretty awesome (super friendly guy).
Even if you don’t go to any talks (to quote Grifter, “No talks, not even one!”), the people and the environment alone are reason enough to head to DEF CON at least once.
I signed up for the Raspberry Pi and Kali workshop ($290 for all the toys), which was pretty enjoyable.
As Dallas mentioned at the beginning, Thursdays at DefCon do not go anywhere near to plan.
That said, while it took a while to set up, and while there were some hiccups, I had a good bit to take away from the course.
I got to refresh myself on circuits (which I haven’t done in a while) and get some ideas for some projects. In the kit were resistors, LEDs, sensors, a breadboard, and more, which should be more than enough for now.
Plus finally having a Raspberry Pi and Ardunio means I can finally start trying some of the IoT/small hacking projects that I’ve seen and thought about doing.
The second half of the class was even more interesting and relevant to me.
Sean (0hm) walked us through the ARM distro he put together for Kali that included all the relevant tools we might need for wireless or small penetration testing engagements.
Additionally, he brought up the SCR (and the boosted Alfa) we had in our kits, and what sort of things we might be able to sniff and decrypt (including GSM).
I came away from this talk with a lot of toys, and even more ideas (though I can always use more) for what to use them for.
Instead of going over every talk that I attended or wanted to attend, I’ll just go a bit more in-depth on two more important talks. Below them, I’ll list
Six Degrees of Domain Admin – Using Graph Theory to Accelerate Red Team Operations (Bloodhound)
Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
CTFs are where I spent most of my time this week, and ended up with plenty to show for it.
I ended up 3rd in EndGame’s programming and security quiz, but the 1st place guy blew everyone out of the water (415 points to my 140).
At BSides, we ended up tied for 9th with two other teams in their MicroCTF, which was a great start to the week CTF-wise.
Once we got to DefCon, we entered the OpenCTF. OpenCTF was harder than a lot of the CTFs that I’ve done in the past but still enjoyable. In the end, we ended up tied for 7th (with 2 other teams)! This was an awesome feeling considering the number of teams with quality people that were competing. A big part of our success was the 17-year-old wizard who joined our team after we started, as well as my last second (they held shutting it down for a few seconds while I used their connections to submit a flag) solving of a crypto challenge.
The final, and most important, CTF that we participated in this year was the IoT Village SOHOpelessly Broken CTF.
We ended up winning this CTF by 3000 points at the end, which was a great feeling.
To build on the excitement (and stress) of not only winning the CTF, but we also found out that we were receiving DefCon Black Badges as well! This would be a wild feeling for anyone, let alone someone attending their first DefCon.
We got to go on stage during the closing ceremonies with the team that ran the competition. They announced the 3rd, 2nd, and 1st place finishers, as well as our award.
My teammate even got to give a brief speech about the contest and inspire even more people to join the next year (as long as we win again of course).
This was an amazingly exciting and frightening moment that I’ll probably never forget for the rest of my InfoSec career.
All in all, I’m even more excited about my career and side projects. I want to go to DefCon every year that I can from now on.
Plus, you know when Rapid7 takes a screenshot of your snap from their party that you’ve made it big.
The DEF CON Black Badge that Clayton Dorsey and myself won arrived last month, so I can finally blog about it!
If you did not know, we won a black badge from the SoHopelessly Broken CTF at DEF CON 24.
This contest was, and still is, sponsored by ISE.
It is a great competition, and we had a ton of fun competing in it.
By the end of the conference, we found out that we would be receiving a black badge for our victory!
Finally, on Sunday, Clayton, myself, and Sean went on stage during the closing ceremonies.
It was crazy being up there, especially with that many people watching.
That said, we gave a short speech, talked about the competition, and received our award.
We only got to see one of the demo badges that day, as we had to wait for DEF CON to ship out the rest.
That said, a few months later, it arrived in the mail!
On the back of the badge were DT and Lost’s names.
Additionally, on the other side, shout-outs to DEF CON 24, Tknofile, and JonnyMac.
Finally, at the very bottom, were some badge puzzles.
The first puzzle looked hex-encoded, with a different dictionary, but I couldn’t get anything useful out of it.
The second puzzle looked like simple binary code. Unfortunately, even brute-forcing all binary strings of that length gave me nothing. I also thought that it might be out-of-order, based on the fact that Lost (1507) was slightly out-of-order as well.
If you have any hints, or solutions for these puzzles, then please let me know!
This is also a working badge, so here is a quick video of it in action!
This was designed by special effects artist Rick Galinson along with 1o57, so it was an awesome one.
While I wish I could have shared this sooner, it was still an incredible honor.
I love the badge, and it is super convenient only having to share it between two people.
That said, in the meantime, I was on yet another black-badge winning team! Team “What does the Fox Say?” won the Wireless CTF at DEF CON 25.
We (well, one of us per year) now get free entry for life and get to keep that awesome badge.
Other than that, we’re also enshrined on the DEF CON black badge winners page!
Just like last year, I could fill multiple posts with everything that went on this year. That said, I’ll try to keep the content as limited as possible.
While Vegas is still the same, it was still nice being back.
Another hot year, but I didn’t expect anything less from Vegas in the summer.
My wallet ended up down $410 this year, but I’ll just blame secure_sean for not doing as well as he did last year.
I ended up switching hotels twice this year, which was probably a mistake. I was at Caesar’s for DEF CON itself, but Bally’s for everything else. Staying at the same hotel as the DEFCON convention is super convenient, but switching twice can be a hassle.
Another year where I got to either meet or catch up with some great people.
EverSec found their more remote team members this year, including Tom from last year!
I grabbed lunch with Lee this year along with a bunch of other PowerShell people (DBo, Carlos, etc.).
It was also really nice being able to meet some more of my co-workers in person. We had an impromptu team meeting at an Irish pub this year, and that was a ton of fun.
This year I made it to a few more talks (sorry Grifter) at both cons, but I’ll go more in-depth on those below.
If you think that the name of this workshop is a mouthful, that was just the beginning.
The first half of this course was a deluge of Windows Internals. While pretty overwhelming, there were some useful nuggets I got even in sections I didn’t understand. I don’t know how EVERY part of this was relevant to the title/core content, but that could also be from inexperience. That said, maybe picking up a Win Internals book is in my near future…
Once we got past the first half, we delved into the actual malware development. This course wasn’t about building ransomware or anything particularly malicious, but that isn’t to say that someone couldn’t.
They designed the workshop to bring up a topic, and show a small demo built around that topic. That said, I’ll have to do some work on my own combining a few of these demos into an actual Red Team C2 project.
The most interesting demo modules were toxicserpent and puppetstrings. Toxicserpent was the closest to a fully-fledged malware, with the ability to log all network traffic, poison, and port knock C2. Puppet Strings is an awesome method for hitching a free ride to Ring 0 with signed drivers.
You can find code and slides from the workshop in zerosum’s Github repository.
I made it to a few talks at both conferences this year, so here’s a quick list of each of them.
Of course, CTFs are where I spent most of my con time this week, and it was another banner year.
I only ended up in 13th in the Amazon MicroCTF this year, which was a little disappointing. That said, I was solo until the 11th hour, and was very close to solving a challenge that would have gotten me 7th.
There was no DEF CON 25 OpenCTF this year, which was a mixed blessing. I would have loved to compete and do even better this year, but not having it gave me time for other competitions and relaxing.
While EverSec competed in the IoT CTF this year, I was a minor member of the team at best. This year Tom and Dave led the team, who did a great job of representing. We ended up in 6th place I believe, so kudos to those guys.
The final, and most important, CTF that I competed in this year was the Wireless CTF.
This was my first time trying to compete in this CTF at any con, and I had a blast. The fox hunts in particular were pretty fun, and a new experience for me.
I had the honor of competing with Eric and several co-workers/friends on the team “What does the fox say?”
We ended up killing it and wound up in first by over double the score.
Though this was my first time competing, I was still able to contribute with flags on some of the lower hanging WEP/WPA access points. Additionally, I helped a little, but learned a lot more, on a few of the SDR challenges.
This is something that I’d like to continue doing at various cons, but I have a little work to do. First, I need to upgrade the gear that I have. The 5GHz spectrum was out of my reach, and the organizers mentioned that they also plan on adding 60GHz in the future. Additionally, my SDR skills are mediocre at best still. Other than that, I need a more portable solution for fox-hunting (walking around with my laptop was a hassle).
Other than that, I learned that a tasty Belgian beer from unclebeer is worth 150 points.
As a team, we got a ton of swag from the organizers for winning.
Once we divvied it all out, I managed to take home a LAN Turtle 3G (gave Eric my old Lan Turtle), the challenge coin, the No Starch shirt, and an ESP8266. Even better, our work pitched in $500 for each employee on the winning team!
More importantly than that, we also found out that we won a DEFCON Black Badge this year as well! We drew names for this, and steveo ended up winning. Try as he might, he wasn’t able to get Eric to accept it instead.
The badge this year was a solid gold ($1300 worth according to DT) medallion with the DEFCON convention logo on it.
This was a wild feeling, and I loved being back up on that stage for the second year in a row. If I’m being completely honest though, it was a lot less nerve-wracking with the Buffalo Trace (thanks Steve!) in me and my experience doing it last year.
We got to go on stage during the closing ceremonies with the team that ran the competition. They announced the 3rd, 2nd, and 1st place finishers, as well as our award. I apologize for the finger in some of the photos…blame unclebeer.
Eric got to give a brief speech about the contest and inspire even more people to join the next year.
Unfortunately for our team, it was also announced that Eric would be banned from competing in the future, as he’s won three years in a row. That said, it was also followed up with the great announcement that Eric would be sitting on the other side of the table next year! While I was hoping to get another year of learning from Eric, I’m looking forward to the challenges that he’ll bring next year.
At this point, I’ve won 2 black badges in 2 DEFCON conventions, and now I want to win them in even more competitions! This was another exciting moment, and I’ll never forget it for the rest of my career.
Plus, we got to take some fun pictures afterward.
(The off-stage photographer took these, and I’ve been unable to find them so far).
Other than that, if you ask nicely, I might be able to upload a video of Eric practicing for the shock collar shootout.
Another year in Vegas and another 100 tabs in my TODO folder to show for it.
As hot and expensive as Vegas is, I know that I’m not one of those people who says, “I’m not going next year.”
Plus, Caesar’s was far more enjoyable than Paris/Bally’s last year, so that helped out a lot.
Other than that, I may try to submit a talk to DEF CON Beijing when DT finally officially announces it! I’ve never been to China, and I’d love to help him build the community over there.
I took my third trip to Vegas for Black Hat / DEF CON 26.
Since I was taking training at Black Hat this year, I ended up spending eleven total days (3 August – 14 August) in Vegas this year. That took a lot out of me, and I was a bit worn down by Friday at DEF CON. That said, the training was awesome, and I’m sure I’ll end up back in Vegas again.
I was a bit surprised that I didn’t get a TSA golden ticket in my bag this year. Not only did I have all of my gear with me, but I also packed some protein powder. I was hoping to keep up my diet as best I could, but that didn’t work out as well as I’d have hoped.
It was almost an even more awesome year, with Evo going on around the same time as Black Hat. Unfortunately, I was in class during the entirety of the tournament.
As always, it was hotter than I expected, or hotter than I’d ever want.
The tables were VERY kind to me this year, and I ended up +$500 in Blackjack and +$240 in Craps. That brings my three-year total to up $645 ($315 – $410 + $740)!
I also stayed at Caesar’s the entire time this year, so didn’t have to deal with last year’s fiasco of switching.
I got to catch up with a few people this year but missed out on a few others. That was alright, but I’m hoping to catch up with them again next year!
There were even more co-workers there this year, and we even went out for a round of Top Golf.
Since so many of us left at the same time, we also got to grab a “limo” on the way back to the casino.
The RTP SecBeers group planned a day trip out to the LV Distillery, which was tons of fun.
This was the first distillery in Nevada, and they’ve operated for a while.
They make everything from vodka and gin to various whiskeys, and even liqueurs. During our tasting, we got to try whatever we wanted, so I decided to taste the entire lineup!
In the end, I’m still a whiskey man though, so I had some extra tastes of those offerings.
Afterward, we went to the Hi-Scores Bar Arcade, which was also a lot of fun.
Another year in Vegas, and another year of delicious (albeit expensive) food.
Just like last year, we had a wonderful group dinner at Momofuku. And, like last year, we got the fried lobster and shrimp bowl of joy.
We also stopped at the Bacchanal Buffet again for one meal, which is always far too filling.
Finally, I got to try a sushi burrito this year. It was unique, especially considering I got a side of chips and queso.
This course was incredible, and I could easily write an entire blog post about it. I still might, but we’ll see…
I’ve never done any stealthy red teaming before, so that was a new experience for me. I’ve also never used Cobalt Strike before, but I was pretty enthralled with it by the end of the course.
Being actively “hunted” during the lab/CTF was incredibly valuable, as was the real-time feedback from the Cerberus IDS.
The class covered everything from infiltration to stealth, to AD abuse, infrastructure, defense mechanisms, and everything in between.
One of my biggest takeaways was thinking about my infrastructure, how to configure and protect it, and the willingness to burn it at a moment’s notice.
I also realized that I’ve never had visibility into my attacks before, especially having never been a blue team member.
This has gotten me set up more appropriate Windows lab environments, as well as multiple domains to practice those attacks.
I’ve also stood up my instance of HELK so that I can actively hunt myself when it is all said and done.
Even if I don’t write an entire post about this course, I’ve got plenty in the pipe after taking it.
Also, none of this mentions how awesome the instructors were. They were willing to help, many were experts in their own right, and they made a grueling 4-day course a ton of fun.
I think my only qualm about the course was how engaging the CTF was. There were times that I was more focused on the CTF than actually learning what they were trying to cover. That said, I came home with all the materials and solutions, so I can go over them at my leisure. It was worth it though, as we ended up tied for second when it was all said and done!
If you want to take this class, then I can HIGHLY recommend it.
After my training course, I had a little time to stop by the Black Hat vendor area. Having only heard tales and seen pictures before, this was a new experience.
While I wasn’t like my teammates attempting to get every piece of swag in the building, I did come home with a few bags, shirts, and trinkets.
My favorite piece of swag is probably this hat that I got. Infosec plus Marvel humor? I’m in.
Other than that, it was interesting interacting with the vendors. Even after telling them what I did, many of them gave me the same generic CISO spiel for their product. The most interesting were the ones that talked to me like a person and a penetration tester. I have to commend Bromium over the rest at this. I spent a while talking to one of their CTOs I believe, and it was engaging. We discussed how their product works, and what potential downsides it might have. He picked my brain about how I might try to avoid it (staying in memory), and he said that would probably work. I’d like to reach out to them for a demo and to perform some research after that conversation.
I also stopped by the Pluralsight booth, and they had a “Security for Hackers and Developers” quiz with a leaderboard. I decided to give it a spin, and ended up beating second place by 21 points! This was a pretty intense quiz, but heavy on the advanced exploit development side. If you’re interested, you can find it here.
They gave me a $100 Tapplock for my troubles, which was pretty awesome. Of course, it’s the one that already has a few vulnerabilities, so I’m not sure if I’ll find anything interesting.
Unfortunately, my reign atop the leaderboard didn’t last very long. As I was finishing up the quiz, Sean showed up behind me. We talked for a while, and I finally convinced him to take it as well.
He ended up beating my score by 4 points, and we stayed on top until the end of the conference (as far as I know).
It was all in good fun, and we got to explain to the vendors how we knew each other and what we did. Plus, we got a cute picture in front of our final scores!
I managed to catch a lot more talks this year than the last two combined. It was nice not having to wait for them on YouTube, and I do enjoy some DCTV + food/recharging in my room.
While I’m not going to go over every talk I saw like in earlier years, there are a few that I’d like to cover.
Finally, while this was at the DEF CON vendor area and not an actual talk, it is still worth including. While walking around, we spotted a beagle wandering around near the Hacker Warehouse table! This was awesome, as I have one of these at home myself.
I took another free workshop this year at the DEFCON convention, and this year it was about fuzzing.
While it isn’t up yet, you should eventually be able to find the slides on the media server.
This was a 4-hour AFL workshop taught by Jakub Botwicz and Wojciech Rauner from Samsung Poland. Unfortunately, this wasn’t enough time to do a proper deep dive into some of the topics, and the sections felt a little sporadic here and there.
That said, I did get a few ideas for make flies and targets to assess, so that was good. I would have liked a bit more manual processing, as the provided make files abstracted almost everything out. Additionally, some exploitation (or at least triage) would have been awesome, but I know we were severely time-limited.
I am looking forward to playing with AFL more, but the most interesting part was combining it with Qemu for black-box fuzzing.
Unlike the last two years, I did not spend a lot of time CTF-ing this year. After the grueling SpecterOps CTF, plus my time in Vegas already, I was a bit worn down by the time Thursday rolled around.
I started in the Wireless CTF room. That said, most of the 802.11 challenges weren’t working, so that was a little disheartening. Additionally, even with the bigger room, it was crazily crowded this year.
I was also invited by Tom/Dave/Joe to the OpenCTF room but was never able to make it.
Finally, Welcome Thrillhouse Group had a small team rolling in the IoT CTF, but I just helped them with ideas and suggestions from a distance. That said, Matt did post a few write-ups, so definitely check them out!
While I would have loved to go 3/3 for DEF CON black badges, I’m ok with the way this year went. There are pros and cons to spending the entire conference participating in CTFs. That said, I’m glad that I took a break from it all this year.
This was my third year in Vegas, so I’ve at least got a FEW fewer tabs to show for it.
I did have some great fun and food this year, even including my airport nachos before leaving.
That said, this was the first year that I thought about saying, “I’m not going next year.” I’ll probably still go, but I’m not sure if I can handle another 11-day trip next year.
Caesar’s is still a better venue, but it cannot handle the sheer number of people who show up. Next year should add another 80,000 sq ft., but we’ll see.
The only cons left on my docket for 2018 are DerbyCon and BSidesRDU, so it’s time for the closing stretch!
I’m sad that conflicts or global viruses prevented me from making it to any of the Vegas hacker conferences in 2019 or 2020.
That said, I might go in 2021 or 2022 depending on how things play out.
I’d still recommend giving DEF CON a shot, but don’t feel bad if you need to take a break or two in between.
Maybe next time, I’ll find a healthy balance between the CTFs and the other activities!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.