Defcon 20 Day 1 Review
This article will discuss about the talks and events that happened on Defcon day 1.
Venue: Rio Hotel and Casino
We reached Rio Hotel at around 8 am. We thought we did good on time until a nice gentleman came to us and said “It’s a 3 hour long line guys !”. We however got through the line in about 90 minutes, thanks to the nice staff at Defcon.
One you get through the registration process, you are offered a Defcon badge which is your entry pass to Defcon and a booklet that informs you about the whole Defcon schedule.
to Digital Forensics: Tools and Tactics
This talk by Ripshy and Jacob was mainly directed at people who wanted to get started with Infosec. Before the talk, the authors quickly distributed some Backtrack Live CD’s to the public. The talk started by an introduction to the Backtrack distro, telling about the little things like the user/pass for logging in to BT and getting started with network services in BT. The author then mentioned the top 5 tools used in Infosec which included Nmap, TCPDump, netcat, Ntop and Metasploit. The author then explained all the 5 top Infosec tools and their basic usage, by giving examples with screenshots, commands etc.
Cerebral Source Code
This was one of the best talks i have ever been to at Defcon. This talk by Siviak was mainly focussed on Social Engineering. The speaker starts by explaining how simple things like being nice to people can help you get the information you want. The speaker then tells that things like good books and courses for Social Engineering doesn’t exist. To be good at Social engineering, you have to go out and live the experience, and take a chance whenever possible. The key thing is to motivate people to give you the thing that you want. There is no such thing as an effective Social Engineering technique, it changes by time and even by weather. One of the funny incidents happened when someone from the audience asked “What is an effective technique to get traffic on your site by Social Networking ?” and the speaker replied “PORN.” One of the good questions asked were “What is a good Social Engineering technique to gain access to a security facility via Social Engineering ?”. The speaker Siviak replied by telling that we should always look like we know what we are doing, and that we are supposed to be in the place where we are. If some security guy fires a tough question at you, fire them back ! They don’t know how to react to such a situation. Don’t give their brains time to catch up. Humans are like computers, the more information you give them, the more they will be able to figure things out. We must change things quickly so their brains don’t catch up with what’s going on. If you want to perform Social engineering on a specific subject (person) and you don’t know what he/she has under her desk, how many kids he/she have etc, you are not trying hard enough. These things will help you build a common thread which could help you in obtaining more information from the subject. The talk ended with a last question when someone asked “Do we need to learn psychology in order to perform Social Engineering ?” and the speaker replied “No”. Overall the talk was very informative and the speaker was very funny so he kept the audience in a very good mood throughout.
DEF CON 101
This panel was taken by Pyro, Roamer, Lockheed, Alxrogan, Lost and FLipper who are responsible for organizing many of the events and maintaining the network at Defcon. The talk was mainly focussed on how you could maximize your Defcon experience. The main point told by the organizers was “You get as much out of Defcon as you put into it.” They talk about how we should just not attend Defcon talks, but meet and socialize with people. We could just go up to some people, but them a beer and you never know, that guy might just turn into your best friend. The defcon organizers tell about how they are looking forward to this weekend for the whole year, and all they want from us is just to listen to the Goons if they have some problem with you. Lockheed then comes up and talk about some of the challenges they face while setting up the Defcon network. The authors then tell us about the Defcon nightlife, some of the events that will be happening in the night, and asks us to attend these events too. The authors conclude by telling us that we should be careful while talking to the media and should ask for the power to edit the article because you never know what they might publish.
Screw the Planet, Hack the Job !
This talk by Roamer, Lockheed, Alxrogan who are part of the Defcon staff tells us how utilizing Defcon can help you find your dream job. One of the best parts of this talk was when someone asked “I know there are potential employers/employees at Defcon. Do you plan to have something like a job fair at Defcon ?” and one of the speakers replied “I know what you are talking about, we have people who want to hire at Defcon. But the moment we cross that line and it turns into a job fair, we have lost our credibility.”
HF Skiddies SUCK, don’t be one. Learn some basic Python.’
The speaker King TunA starts by speaking about some of the basic advantages of using Python by giving demos via videos (which weren’t possible to see as long as you are very close to the screen but are online on Youtube). The speaker explains how things which can take 200-300 lines of code in other languages could be done in Python in much lesser lines. Finally, the author ends the talk by giving a demo of an HTTP scraper.
Here’s a quick video of this year’s Defcon badge.
VIDEO GOES HERE
Well there is more to Defcon than just the talks. Its also about the Defco nightlife, meetups etc. There was this very good event called “the Summit” being held which was a fundraiser for the EFF. I went to the hackfest meetup in Flamigo though.
Well that’s it for Defcon day 1. I will be writing about Defcon day 2 and day 3 also. Please let me know if there is something specific about Defcon that you want me to write about. I leave you now with some pictures from the event.
This article was originally published on the resources page at Infosec Institute. For more information, please visit my author page.