DEFCON 32 - Very ENGAGING

Another year in ~hell~ Vegas

We were back under one roof this year, which was such a nice change. For 30 and 31 I spent more time walking between talks/buildings than I did actually in the conference, to the point that I missed most if not all of the talks I wanted to see at 31. Not this year!

Relevant to work, this year also saw the debut of the Bug Bounty village. While this is kind of a weird fit for DEFCON, it was great to see since it directly aligned with the work that I had been doing over the previous two years and was of course an educational experience.

Highlights

The main point of trips to DEFCON for me is always going to be people. While it’s always wonderful to be able to connect with colleagues and friends, the move to being under one roof also meant that “hallway con” was back to a larger extent. I met, and had wonderful conversations, wth dozens of folks over the few days I was there which just isn’t something that reliably happened in years past since everyone was always rushing to go from place to place. I also had a chance to meet up with several peers and leaders from across the Bug Bounty industry and make some new friendships and partnerships there. Shoutouts to the Intigriti crew and Lupin 👋

While there were also an abundance of excellent talks this year, across many villages and main stages, the standout for me was Mixæl Laufer’s talk about making medication at home. While I don’t condone the suggestions in this talk, or the work of Four Thieves Vinegar Collective, the information presented here is incredibly thought provoking and the work they’re doing is deeply important given the hellscape that is the healthcare industry in many parts of the world right now. Even if you’ve got no interest in cybersecurity or the other content of DEFCON, this type of information absolutely exemplifies what DEFCON and hacker culture are all about. Watch it.

Yes, I got the plague again

Both myself and my partner, once again, got COVID at DEFCON. It was pretty mild this year compared to years past, with both of us only really being down for an afternoon, but this seems to be a recurring trend when you get 30,000 people from all different parts of the world into rooms together.

Was it worth getting sick and possibly taking years off my life again? I really don’t know. It’s always such a fun event and so valuable to me as a person that I think it’s time (in every sense) well spent.

No, I didn’t get hacked

Yet again, the concerns of “ZOMG BRING BURNER DEVICES” are overblown. No one is going to burn a 0-day at DEFCON, and in many respects it’s the worst place you could burn it as it’s the place you’re most likely to have it noticed. Just make sure your devices are fully up to date and that you only use the official WiFi.

A note about doing presentations

I also had the good luck to be selected to do a talk again this year, hosting a panel as part of the Bug Bounty village. The panel was a great success and we had a lot of fun organizing it, but if you ever have an opportunity to co-host a panel interview you should probably pass. It’s incredibly awkward given the limited amount of involvement a moderator has. While I deeply appreciate the opportunity to have been a part of the organization and presentation of the panel, the lesson is learned.