tssci security

DefCon 15 wrap-up, shoutouts, plugs, etc.

Sorry for being late to the game on this one, you've probably already read several personal accounts and all the stories and headlines that originated from Las Vegas last weekend. For those interested, below is my experience at my first DefCon ever, and my first time to Las Vegas. I've been to ShmooCon earlier this year in March, and had an absolute blast. DefCon however, is huge. It's insane. It's wild. No time for sleep.

On Thursday morning, I made sure my proxies that I planned on using that weekend worked, so I can check my email securely. Went to the airport around 1:30, my flight departed from Hartford, CT at 3:31pm to Pittsburgh, PA. Ugh! We boarded the 5pm connecting flight some 45 minutes late. The flight itself was four hours, babies crying, I'm getting restless, and I can't concentrate enough to read a book or fall asleep. It sucked, I thought I was going insane. I arrived in Las Vegas at around 10:45pm, and waited until 11:30 at the baggage claim for the bags to come out. Ridiculous... I should really invest in one of those carry-on luggage every one else uses.

I get to the Riviera at about 11:45, checked in and got a room at the North Tower. This tower is nice and close to everything (registration desk, taxi, *the bar*, pool, convention?). I would recommend staying in that tower if you're going to be at the Riv. After dropping off my bags in my room, I went to go walk around and had no idea what to do. I called up a couple friends, who just went out to eat not long before. I had no clue how to get to the restaurant they went to, it's been a real long day, and so I just went back to my room and ordered room service. Whatever you do, don't get the pizza. It sucks.


Friday morning I am up bright and early to get a good spot in the registration line. I was hanging around at 7am and the line really started forming around 7:30. I hop in, and was about the fifth person.. woohoo! Met Joe Barr from Linux.com, some dude from eBay, and a couple other people. It was fun talking with you guys, about all kinds of shit. It was way too early in the morning to think about though. I get my badge before 8am, and look down the hall and see a huge line.. good move getting up early. First talk is at 10:30, so I had some time to kill. I walk around, bump into Martin McKeay, Cutaway, Perry Carpenter, James Costello and a couple others from the Security Catalyst Community (I'm sorry I don't remember everyone's name). I also found out the night before one of my past co-workers was in town for DefCon, so I went to go meet her and her husband and see what talks they'd be going to. We pretty much chatted the rest of the morning and then split up to attend the first talks of the day.

I headed for Joe Grand's "Making the DefCon Badge." The DefCon badge this year is amazing, and I wanted to hear more about it. Before Joe presented, Dark Tangent made everyone aware of the possibility an undercover reporter from Dateline NBC would be around trying to get hackers to reveal crimes they committed on hidden camera. Unbelievable! Before the talks even started, she's been outted. Haha, I wonder who tipped them off. o_O Anyways, the badge this year is programmable and can display scrolling text at various speeds and even has persistence of vision capability. Joe left out some [planned] components like an accelerometer and wireless transceiver due to time and big brother paranoia... :P He's holding a contest until DC16 to see who can come up with the best badge hacks. I've already got some ideas floating around involving the wireless transceiver.... >;

After Joe Grand's talk, I ended up just walking around and running into more people. If you didn't realize by now, these conferences are huge social-networking events. I caught up with Mubix, Scott Roberts, Mouse, LoST, and some of my classmates from UAT. Adam Muntner who organizes Phoenix OWASP was also in town who I grabbed lunch with in the afternoon. I went to the Mexican place over in the food court, which had pretty good burritos and quesadillas. Nothing like the Chipotle at ShmooCon, but it was very good. Walking back to drop off Adam's bags, we ran into Martin McKeay again and with him Larry Pesce of PaulDotCom Security Weekly. Larry, you forgot to plug my site!! :P If you ever run into any of the guys from PaulDotCom, make sure you get a "Hack Naked" sticker. :P

I wanted to see Bruce Potter talk about the "Dirty Secrets of the Security Industry," but I was still confused as to where each track was located and by the time I got to the right room, the goons were sending the overflow crowd out. Shitty. Oh well, when do the videos get uploaded?

I went with Scott and saw H.D. Moore and Valsmith do their DefCon presentation on Tactical Exploitation. This was the talk where Ms. Madigan was identified among the crowd by DT. People above were screaming "Burn the witch, burn the witch," which was hilarious. She just got up and ran out of the room... It all happened pretty quickly. HD gave a great talk and presented some cool tools. I kinda wondered why both of them had to present? It made the talk slower as they switched spots in front of the mic every couple slides. When all was over and everyone made their way towards the door, it felt like a huge slow moving crowd of molasses flowing out of the room. I tried to get to DT's talk on CiscoGate asap.

CiscoGate... sigh. What did we have there. I still don't like how it all went down. I think Blackhat has become too "corporatey," and ISS really did not do much to protect their employee. The whole thing was a mess, FBI, Cisco, ISS, lawyers, Dark Tangent, Mike Lynn all involved. Had Mike not quit ISS, he probably would have been better off, but I could see why he did. They didn't really have his back from the beginning.

That was the last talk of the day for me, and I just hung out with some of my friends from school who were competing in the LoST @ Con Mystery Challenge. Props to anyone who competed, LoST totally pwned everyone with that challenge. I tried to offer up some ideas and input, but I probably just slowed everyone down. LOL. I wasn't in the right state of mind for it, or maybe just too dumb? I remember seeing an IQ of 200+ as a requirement for the challenge. Some advice to future competitors, don't think too hard... the answer will usually be right in front of you. :P

I met up with Adam again and we ran into Sysmin from Hacker Pimps. Ended up talking with him for awhile on everything from work to web app security to Ruby vs Python vs Perl. lol. Got an invite to the Hacker Pimps party that evening but first, we had to get some dinner. By this time I was getting hungry again. Adam got a hold of Mike and Pete from our Phoenix OWASP group and we proceeded to make our way to a great Vietnamese restaurant up in Chinatown. I don't remember the name, but it was good stuff. It was my first time having Vietnamese, which in my opinion is much less greasier and more flavorful than Chinese food.

We came back to the Riviera, and went upstairs to room 207, Hacker Pimps skybox party. Man was that room poppin'. If you missed out, I'm sorry guys... you missed a great party. Maybe next year, thanks Hacker Pimps :)


Saturday morning, I started off my day by attending "Market for Malware" by University of North Carolina Charlotte professor, Thomas Holt. Maybe I was expecting more from this presentation, but I felt that nothing new was presented. If you want, check out The Underground Economy: Priceless in the the December 2006 issue of ;login:.

Agent X had a thought provoking talk on 22 things that kept him up at night. One of those was the Security Industrial Complex, which he warns we should watch out for. President Eisenhower warned of the advent of the military-industrial complex in his farewell address. Definitely check out his slides when they go up online.

At around 11:30, the first teams competing in the LoST @ Con Mystery challenge finished the competition. Keep an eye out on the LoST @ Con Mystery Challenge Defcon Sub-Forum over the next few days for more details, stats, results, etc. Team UAT got second place, and I'll be talking with a couple of my fellow classmates on the details and how they went about doing the challenge. Look for that in an upcoming blog post.

Later, I saw Dan Kaminsky's "Black Ops 2007: Design Reviewing The Web" and totally forgot about "Fighting Malware on Your Own" by Vitaliy Kamlyuk. Dan's talk was great as usual, I think this one being more practical/useful/informational to the everyday security guy. eWeek ChannelInsider has a good write-up on Kaminsky's talk and DNS Rebinding. I also had the chance to meet up with Dan and talk about his last ShmooCon presentation. Cool stuff, I learned a lot about linguistics in those 15 minutes.

Back at ShmooCon, I met Paul who actually went to my high school. I knew his sister, but since he was older I never talked with him. Kinda funny to think back now about it. He's been doing security as well for several years; it's a small world and you just might not know who you'll run into next. We went out to eat with his co-worker Joe at Nero's that night, in Caesar's Palace. Funny guy... I probably laughed more in those couple hours than I did all year. New York strip, cooked medium is perfect -- best steak I ever had. Thanks guys.

We walked on over to the Bellagio to watch the fountains go off, a magnificent sight. We stayed for two songs, arguing about what they play and hoping they'd play Metallica next. LOL. On our way to New York, NY, I probably had collected a 2" stack of hooker "baseball cards." Hilarious... they had men, women and children passing them out. WTF?

Got back to the Riviera around 11 or so and went up to one of the skybox's for another party. Hung out for a couple minutes and then took off. It was alright, but I was so tired from the night before. I was ready to crash for the night. On the way back to my room, I saw LoST, Acidica, Mouse, Deviant, and a bunch of others gathered around Michael J. Anderson, from Twin Peaks and who also plays Samson on the HBO series, Carnivàle. Didn't catch everything they were talking about, but he was pretty cool and it was unbelievable to actually see how short he was.

After that, I decided it was time to go to sleep; I had to be at the airport by 11am the next morning. I woke up Sunday and walked around until 10:30 meeting up with people for one more time before I left. DefCon was a lot of fun, I will be there again next year and will try to make it to Blackhat as well. I hope to see you all again next year, thanks for reading! :)

Posted by Marcin on Friday, August 10, 2007 in Conferences and People.

blog comments powered by Disqus
blog comments powered by Disqus