How to Survive DEF CON 24 for First-Timers

By Mack Staples (@c0ldbr3w) & Debra Farber (@privacyguru)

DEF CON 24 IS ALMOST HERE!

It’s that time again: security conference season! It’s a magical time of year that security practitioners have prepared for over many months. It’s a crazy, high-tech whirlwind of hacking, partying, presentations, and catching up with old friends. It’s fun, stressful, and fascinating. You will, however, need to prepare so that you don’t end up on the Wall of Sheep (yes, that’s a thing). Here’s what you need to know, and do, to get ready for DEF CON 24. By the way, you’ll want to read this before you hop on your flight; taking care of these items will be a lot easier when you’re at home, on a stable and fast Internet connection. 

Before we dive into the lists, be aware that the theme this year is “Artificial Intelligence”. Expect to see a talks, workshops, challenges, and swag that center around robots, neural interfaces, machine learning, and adaptive code. It’s going to be cool, and maybe a little scary. Don’t worry, we probably won’t create Skynet at DEF CON… probably. Okay, to be fair, if Skynet is going to spontaneously occur, it would probably be at DEF CON. 

PREPARING FOR DEF CON 24

Before you board the plane or load into your car for this whirlwind of awesome, there are some preparations you should make. Following the advice below will help ensure that you’re as secure as possible at DEF CON, and that no one is playing around in your computer or phone without your permission. While you work through this list, keep in mind that it’s not exhaustive and if you think of anything you might need or need to do that’s not specifically mentioned, just do it, you’ll be glad you did.

Tech

1. Update everything before coming to Las Vegas, including laptop operating systems (OS), virtual machines (VM), installed apps, and phones.
2. Disable unnecessary services, install and update antivirus, and turn on your firewall.
3. If you have a jailbroken or rooted device, change the default credentials or you will be sad.
4. Bring cables for everything you might need.
5. Bring extra cables.
6. Bring an ethernet adapter if your computer doesn’t have one.
7. You may or may not be safe on the hotel wifi / ethernet. Be careful and think.
8. Always use a condom! That is, don’t plug your phone into an untrusted power station without using something like SyncStop (formerly USB Condom) to prevent data theft. 

Some Tips

1. Bring a bunch of cash. Cash is king at DEF CON. Even the badges must be paid for in cash. 
2. Trust only the casino floor ATMs, not others.
3. Turn off bluetooth and wifi on all devices.
4. You can trust the cell phone network’s service.
5. Always use encryption - HTTPS, VPN, etc and never bypass certificate warnings.
6. Do consider bringing your kids to learn at DEF CON 24. Check out R00tz Asylum (@r00tzasylum)

Registration & Badges

1. Badges cost $240 at the registration booth (cash only).
2. Everyone will get a badge, but you might have to wait in line for awhile.
3. Badges come in a variety of colors, and each color means something.
4. Red badges belong to the volunteers running (AKA "Goons") the event.
5. Black badges are prizes awarded for previous DEF CON competitions, where winners earn a black “lifetime” badge.
6. The badges often have secrets....

Keep in Mind

1. It’s okay to be a little anxious if you're new or if you are overwhelmed at how much there is to do.
2. Just be yourself.
3. Don’t claim to be able to do, say you have done, or pretend to know about, more than you actually do. Many intelligent and technically-savvy people attend. Admit if you don’t know something.
4. Learning is strongly encouraged by the whole community, so please do ask questions.
5. This is an inclusive conference, so treat all others with respect.
6. Register for vendor parties around DEF CON in advance. See the @defconparties Party Calendar.

TIPS FOR HAVING A GREAT TIME AT DEF CON 24

The DEF CON experience really is what you make of it, so planning is critical to having a good time. Pre-register for parties and contests, and figure out in advance what presentations you want to attend. When planning your parties, you’ll also learn a bit about what clothing to bring with you. You may need a variety. Sure, stuff can be purchased in Vegas, but you’ll discover that once you make it to your hotel and the conference starts rolling that the last thing you want to do is go to a clothing store.

What People Usually Wear

1. Casual attire and comfortable shoes.
2. Everything from T-shirts and jeans to kilts with combat boots to a collared shirt and slacks to casual dresses and a hat. Wear what you want.
3. Some flare. We've seen interesting hats, cat ears, buttons, dyed hair, etc.
4. Shirts from previous DEF CON conferences. 
5. Hacker culture themed gear (probably a lot of A.I. themes this year).
6. Artistic facial hair, mohawks, and hair dyed to match every color of the rainbow.
7. Lots of buttons and patches.
8. Some people choose to dress up a bit more for dinners at some of the hotels' fancier restaurants, but it's not a requirement. 
9. Party-wear: Take a look at the calendar and plan ahead. There good be a Black and White Ball, 80's party, etc. 

Managing Your Time

1. Find a way to organize your time that works for you.
2. Download the Hacker Tracker app (iOS and Android), created by @shortxstack and @sethlaw to keep track of what's going on at DEF CON.
3. Review the paper schedule that you receive at registration.
4. There are many presentations to chose from at the DEF CON Talks*, Skytalks & Villages.
5. Note that some vendors sponsor their own itinerary of presentations in the Bally's and Paris hotel suites.

    *The Talks are recorded and can usually be viewed later, so focus on the one- time activities.

Other Attendees & Speakers

1. Many choose to use aliases instead of their real names. Both are acceptable. Respect others' choices. Do you. 
2. Expect 15,000-20,000 attendees.
3. There really are world-class hackers here, as well as newbies, spies, and federal agents.
4. Don’t say anything to anyone unless you would be fine with it being on the Internet.
5. The people in red “GOON” shirts are respected volunteers who donate their time to manage the chaos. 

NOW THAT YOU'RE AT DEF CON 24

As previously mentioned, there is a lot that an attendee can do at DEF CON. One of the best things about the conference is that it really enables the learning of new topics and exploration of security fields to which you might not otherwise have been exposed. It also provides the opportunity to hone skills that you already have. DEF CON Sub-groups often have their own, unofficial get-togethers at DEF CON, and they’re very inviting. While you’re there, be sure to take a look both the Villages and the Vendor Area. Many of the Villages have hands-on activities accompanied by presentations. The Vendor Area has, as one might expect, vendors selling all sorts of hackery toys and tools. There’s also something special: one of the most unique aspects DEF CON relative to other conferences is that the community completely embraces and supports nonprofits. Amidst the other vendors, you’ll find EFF, Hackers for Charity, TOOOL, and Women in Security and Privacy. DEF CON remains one of the best times to donate and renew your memberships with nonprofits that you support.

Stuff To Do

1. Presentations: DEF CON Talks, SkyTalks, & Village presentations, etc.
2. Villages: IoT, Car Hacking, Lockpick, Social Engineering, etc
3. Challenges: Capture The Flag (CTF), forensics, crypto, etc.
4. Contests: Sheep Hunt, Lockpicking, Mystery Box, etc.

Available for Purchase in the Vendor Area

1. Buttons
2. Shirts
3. Books
4. Hacking tech
5. Lock pick sets
6. Music

Nonprofits At DEF CON 

1. Electronic Frontier Foundation (EFF) - defending your rights in the digital world.
2. Hackers for Charity - solving technology challenges for various non-profits and provide food, equipment, job training, and computer education to the world's poorest citizens.
3. The Open Organization of Lockpickers (TOOOL) - advancing the general public's knowledge about locks and lockpicking
4. Women in Security & Privacy (WISP) - promoting development, advancement, and inclusion of women in security and privacy.

Universities

1. Carnegie Mellon University (CMU)
2. University of Advancing Technology (UAT)

Meetups

1. Queercon
2. Lawyer Meet Up
3. DEAF Con

Parties

1. There are many and they are fun!
2. Plan ahead: register.
3. Some are invite only and it's who you know.
4. Check out DEF CON parties: They have curated a list of most parties available on this DEF CON Parties Calendar. Also follow @defconparties on Twitter and sign up for the DEF CON Parties Slack Channel.

STAY CONNECTED

By now, you’ve figured out that this is a tech conference, so it makes sense that we would use technology stay in touch. In particular, Twitter is used extensively — far more than any other social network. Again, the cell phone network is relatively safe for tweeting purposes as long as you think before you click (e.g., don’t bypass security warnings), and the cell data network can be used to quickly load tweets from these accounts. Refer to our other post: Follow These Twitter Feeds at DEF CON 24.

About Mack Staples: Mack has been hanging around the DEF CON scene for years now and may have learned the hard way about the tips mentioned. He’s a web and mobile hacker based out of San Francisco and leads a team of security experts at Zenefits. Follow him on Twitter: @c0ldbr3w

About Debra J. Farber: Debra has lead privacy and security initiatives for over a decade, though this will be her second appearance at DEF CON. She oversees privacy, payment security, and cybersecurity issues for Visa's Global Public Policy Department; co-founded Women in Security and Privacy (WISP); serves as a Faculty Member for IANS, and is Advisor to BigID. Debra also lives in San Francisco. Follow her on Twitter: @privacyguru