Defcon 33 Wrap-up#

I got home from Defcon 33 midnight a day ago, caught up on rest yesterday / teleworked, and finally today I am putting together my thoughts.

This year I took pretty detailed notes during the convention to track what I did and who I talked to as much as possible. I focused on socialization over actual talks and presentations, mainly because socialization and networking has been a weak area for me.

Big Picture#

This year was much like last year, although I think there were more first-years in attendance which is both nice to see and also an interesting data point in terms of what that means for overall conference turnover.

I met 39 people during the convention, counting anyone I spoke with for any length of time. A hand full of them I exchanged some form of contact info so we can keep in touch and possibly meet up again in future.

I won a trivia contest at the badge life village, although this was essentially a coin toss at the end I am still happy with it as I won a laser tag badge which I had regretted missing out on when I heard they sold out.

I also got on the leaderboard for the physical security village’s door bypass time trials which was very fun. For that one I was hanging out with a group who were all orbiting around the top three spots, and we had a good time discussing the contest and cheering each other on.

I was able to get into the social engineering village on the first day and listened to three groups’ attempts, but unfortunately between the three only the first one had much luck. This was still great though as last year I wasn’t even able to get in since it is such a popular event.

I attended a number of talks and presentations / demos but for the most part I was not focused on these. I also worked on the 5n4ck3y challenge but didn’t get far enough quickly enough to score any points. I am planning on continuing the work to hone my skill on that type of challenge so I can be more ready for next year.

Takeaway for next year#

I didn’t bring my laptop to the convention at all this year, partly because as a rule I was aiming on mobility and endurance rather than capability. Next year I need to add some time to have the laptop at the convention, either on the first or second days, to be able to enjoy the challenges and competitions and even CTFs if I am up for it.

I also stayed off strip like I did last year, which worked out as I had planned but the transportation costs where atleast double what I anticipated and this changes the calculus on getting a room on-strip. One of the big benefits budget-wise of the off-strip arrangement is that I can get a 1-bedroom suite with pull-out couch for the same-ish price as a regular hotel room on strip, so if I have a friend with me to take the couch and split the costs fairly somehow it still makes sense to go off-strip, but if I am by myself it makes less sense because the only savings is in breakfast since the off-strip location has a kitchen. This cost is negligible compared to the transportation increase so it doesn’t pan out.

If I’m on strip I can plan to be more flexible with what I take to the convention, if I am off-strip I want to make sure I can enjoy the pool party without worrying about my stuff so I’ll need to pack a small bag that day / those days to be able to fit in the small lockers they have. That’s a no-laptop day unless I can return to the room.

I also want to have something to give out to folks I meet. Even if it is a sticker it would be cool. I really want to make a badge but if I fall short of that then just a sticker is fine. Since I met 40 or so people this year, if I have about 100 of anything I can hand them out like candy and not run out.

On that same note I need to refine my handle. I haven’t used a handle in some time and the one I used to use I made too long ago.

Villages#

I spoke with folks at the badge life village and at the physical security village, @fire at physec is going to send out an invite for volunteers sometime in the next few weeks and I am considering applying to join them. I like the badge life village too, and the embedded village is very intesesting to me as well as the IOT village seemed like great places for me to volunteer if they need it. Understanding I can only really commit to one village I’ll have to pick one, and going based on my conversations thus far I’m thinking that will be physical security. It has some alignment with my profession and I can imagine ways that I could contribute already.

CTFs#

I definitely want to participate in a challenge next year, and given how much time and effort it takes I think I should pick one now and practice the skill areas that that CTF is focused on. Currently I’m anticipating attempting the snackey challenge next year and I’m going to work on this years as well as research any write-ups on previous years that may be available and see if I can even follow along on those to understand the thinking of the folks behind this challenge.

I’d love to do one of the fox hunts or other RF or packet challenges, and I may look into that as well, understanding I probably wont have time during the con to do both. I may be able to refine my tool set and skills enough to be prepared for both and then choose closer to the actual convention.

Follow through from last year#

I am re-reading my notes from leaving defcon 32 last year, and unsurprisingly I had some of the same thoughts then, although somewhat dissapointingly I didn’t follow through on much of that.

I think I did improve this year in terms of my planning and my prep, and definitely my socialization, but other areas were not much of an improvement despite the effort. The areas I didn’t improve on were doing CTFs and preparing for them, and taking a big laptop again.