This year I was able to attend DEF CON 25, my first DEF CON and first big security conference. I learned plenty and met a lot of people, but there was a lot that I would change for next time.
How can I do it better?
Below is a partially curated list of things I want to prepare for or do better next year. I saw a tweet long ago to make this kind of list after you are done with the con and everything is fresh on your mind, so you can refer to it later. I'm open to suggestions, I'm still a noob.
I had a room in Caesars thanks to Rainmaker, so I split some of my time between the actual con and watching talks on TV in the room. Thing is, sitting in the room is kind of lame. It's nice to get away, but it should be used as a place to catch your breath or as a backup for full talks. So next year I want to plan lunch and dinner breaks in the room lining up with talks I want to see. That way I can get a break and eat at the same time.
I used a very small day bag exclusively. This bag was great, as it could store my Anker battery, water bottle, vodka bottle, and small things like cables and tissues/eye drops.
I wish I had more space in hindsight, though. I had to pick between bringing things all the time. I didn't really participate in Ham con because I didn't have space for my radio usually. I had to leave the Switch, though I wanted to play some local multiplayer Splatoon or Mario Kart at times. Sometimes the water bottle wouldn't fit, and that was a mistake. Didn't even take the DEF CON book, which would have been useful some times. I would have rather carried a bigger bag that I could bring everything in. For parties at night I could switch to the small bag with essentials.
In general, I would have carried a heavier bag but spent more time at the con instead of shuffling back and forth to the room to get whatever I needed next.
Speaking of food, the food situation at Caesars is a pain. There are several expensive restaurants and a slightly less expensive food court. The food court is about a quarter mile walk through the casino and crowds from the hotel room we were in. Add to that the wait in line (good luck getting Smashburger at noon), and you need to budget at least an hour for lunch, even just one slice of pizza. Finding food out on the strip requires an even longer walk in the heat, and is about the same price anyways. Also, honestly, I was burning enough calories during the day that most nights I went to bed with an empty wallet and an empty stomach. It's not Weight Watchers CON.
I'd like to find a way to prepare food in the room. At least lunches, if not dinners. I will have to check out Deviant Ollam's talks on this. Maybe this simply means shipping a bunch of Soylent to the hotel before I get there. I might pick up a disposable cooler and fill it with ice from the ice machine as a makeshift fridge and put perishables in there.
Bring enough water to drown a horse and keep it in the hotel room. I'm a little baby and don't like to drink straight tap water. Always carry water in the backpack. I drank so much water and was still thirsty most of the time.
I'm a cheap drunk. I was checking a bag already, so I tossed in 2 fifths of Vodka. These were small enough I could pack them in my day bag for the whole day. I can't really drink vodka neat in a crowded, cramped environment like DEF CON though. I would get a large cup from a restaurant during lunch, then during the day drop by the small bars in the hallways and get a Pepsi for $5 and get a free refill of ice in the cup. I'd walk away, then pour in some vodka bit by bit until it tasted about right.
This worked pretty well (I got drunk I guess) with a few problems. I was using cheap paper disposable cups from the restaurant for the whole day, and those things did not last well. Towards the end they would be melting. I also had to carry them in my hand non stop. Next year I want to pick a Nalgene or other container that can hold the whole drink + ice + vodka. I'd like for it to have a built in straw to provide a little spill protection (I may have accidentally kicked over my drink in Track 4). A carabiner would be nice for when it's empty, or just to clip on my pants when I need an extra hand.
I also had problems with consistent alcohol intake. I like to be a little buzzed as it makes me more outgoing and sociable, maybe even a little goofy to make people loosen up. When you're just pouring vodka straight from the bottle into a cup while inebriated, it's hard to keep it consistent. Friday night I had a blast at the concert, but got too drunk and was hungover Saturday causing me to miss some stuff. I need some kind of way to keep a consistent buzz. Honestly the best solution is probably going to be bringing some kind of jigger, or using a container that has 50 ml gradations on it so I can measure how much I pour.
Measuring contents only goes so far. You also need to measure time. Sometime before DEF CON 26 I intend to use my nice BACtrack breathalyzer see exactly how quickly I metabolize alcohol. Boozing for science. Then I can pick a target BAC, and time my intake of alcohol to match.
What, you don't drink to a target BAC to maximize social interaction?
Also, fucking Caesars only has Pepsi products throughout the entire building. Gonna bring some Coke, and I don't mean cocaine.
I met some cool people, but didn't make any lasting connections on Twitter or anything. Might be nice to make some personal business cards that have my name, handle, and Twitter. Not overly personal like website, company, phone number, but just enough that if someone is interested in keeping in touch on Twitter they could do so.
Might also make a "burner" business card for if I want to screen someone before giving them real contact info. Use the Burner app or Twilio to get a temp number. Don't use it for non-attribution, but more to prevent someone untrustworthy from getting your info, at least right away. I post most of it on my website anyways so it's not a big secret.
Bring the work business cards, because you might meet a customer! I did at the DC214 party and was not prepared, oh well.
Contests, Villages, Talks
Look up contests in advance and bring materials you might need. I wanted to do the Tin Foil Hat contest and had some great ideas, but I wasn't able to get away to a grocery store to get enough tin foil to make it.
Look up talks in advance and make a "must see" list. Try to coordinate it with lunch breaks, but don't be surprised if DEF CON TV doesn't work reliably until Saturday. (Really, Raspberry Pi's with Kodi and no remote control ability?)
It was hard to pick a village and so I didn't go to many of them. I probably just need to pick three and rotate between them. Also, there are a lot of cool talks in the villages I missed out on, some of which you can't stream and won't be recorded.
I would have liked to do the Data Duplication Village, but I didn't think to get a hard drive in advance.
I was surprised by how terrible the cell service was. I don't think it was jamming, I think the carriers were simply overwhelmed. The DEF CON WiFi was solid though, and Caesars has an open wifi that works well enough.
Obviously on both you should use a VPN. Caesars WiFi especially. This was problematic, as you don't want to use a public VPN with a terrible PSK. I also didn't want to use VPN on LTE, because it was already almost unusable. Yeah, I know it can be intercepted.
I'd like to get a very small router with these abilities:
- Connect to multiple WiFi with preference
- Defcon (802.1x), Caesars (open), travel hotspot on room ethernet (WPA2)
- Persistent VPN to an Algo VPN I will set up in a Las Vegas VPS host
- Block internet traffic if no VPN, with exceptions for Caesars captive portal
- Maybe cell signal backup?
- Broadcast a local WiFi that my phone, friend's phones, etc can all connect to
I already know how to do this with pfSense. The trouble will be integrating it into a small package that can fit in a backpack with decent battery life. I might look into small x86 single board computers that I can run pfSense on.
Also, have a backup plan. Make some Tasker profiles that will turn on VPN when connecting to WiFi, then turn off when on LTE. Turn off auto sync for as much as possible on LTE, and watch that VPN stays connected.
Also, I did not realize how well the Android profiles functionality works. Make a DEF CON profile that includes the essential apps (Twitter, email, etc). This can reduce the concern of background apps that might sync and not have strong MITM protections. This way the cell network is less of a concern.
That's a lot of writing. DEF CON is fun, but you need to approach it like a marathon with no support crew. To summarize:
After arriving in Vegas, get:
- A bunch of water (>4 gallon jugs)
- Diet Coke cans (Caesars only has Pepsi products)
- A disposable cooler
- Lots of food and snacks
- Hand sanitizer
- Antibacterial wipes (Phone, badge, bag, etc)
- Aluminum foil in bulk (Tin Foil Hat Contest)
Acquire well in advance:
- Work business cards with the usual info
- "Less info" business cards: name, handle, and Twitter
- "No info" business cards: first name and temp number
- Use Burner app or Twilio to get a temporary number
- Hard drive for Data Duplication Village
- Container or strategy for measuring alcohol
- WiFi magic kerjigger