Las Vegas – Stack Stubs

Def Con 27

31st Aug 2019 stackstubsLeave a comment

This is the third and final part of my series on my trip to Hacker Summer Camp 2019 in Las Vegas. Follow the links to read about my thoughts on the Strip and my time at Black Hat USA.

Where to start…? Def Con 27 was amazing – perhaps even a life-changing experience. The annual hacker conference-come-party took all of the cool things I normally only find in weird places on the internet and brought them together in the real world in a selection of themed rooms spread throughout four Las Vegas hotels. There was so much going on that it was hard to choose what to do. I ended up spending roughly half my time exploring and the other half listening to talks, either in the villages or on DCTV in my hotel room.

On the exploration side, my favourite places were the Blue Team Village (mainly because it was full of “my people” and the most closely related to my work) and the Packet Hacking Village. The latter is home to the famous Wall of Sheep, which displays the usernames and passwords of less security-conscious attendees plucked from the airwaves, and though I didn’t have a laptop with me to get too technical, spending time observing and thinking about the possibilities has inspired me to brush up on my networking knowledge.

You’ll have to make do with my programme and badge, as photos of attendees are frowned upon

On the talks side, some of the most interesting sessions involved evading increasingly popular endpoint detection and response tools (either with some sneaky dynamically loaded code on Linux or with some cleverly crafted UEFI variables) and repurposing existing malware for other uses (which increases the chance your attack will be attributed to its nation state developers if discovered). And the Social Engineering village hosted some nice non-technical talks on subjects like OSINT and impostor syndrome, too.

Add to all of this the social element of Def Con, including arcade parties, hacker Jeopardy, and #BadgeLife – see my Instagram account to check out my small haul – and you have a memorable weekend that’s given me the energy for my next few months of coding and experimentation. I said before that I can’t really see myself returning to Las Vegas in future, but if I ever do, it’ll definitely be to go back to Def Con.

Black Hat USA 2019

24th Aug 2019 stackstubsLeave a comment

The trip now feels like a lifetime ago, but I’m currently midway through a series of posts about my time at Hacker Summer Camp 2019 in Las Vegas. See my last entry for my thoughts on the Strip.

By the middle of the week I’d explored most of the casinos and shopping centres on the Strip, and it was time to head to its southern extremity to attend Black Hat USA at the Mandalay Bay. This was the more corporate of the two events I was in Vegas to attend, and while there were some fairly interesting talks (the more technical of which were given again later on at Defcon), the conference element was a fairly standard affair.

The real action was on the vendor floor, which spanned a massive, hangar-like space divided up into a grid. Every security company you could think of was there, from the big players like Trend Micro and CrowdStrike to fledgling start-ups I’d never heard of before. I’ll admit that stepping into the room for the first time, with all the jargon being thrown around and salespeople wanting to scan my badge from all sides, was a bit intimidating.

The Black Hat USA vendor floor, where Carbon Black even had its own Mortal Kombat parody arcade game

After taking some time to acclimatise, however, I had a much better time. I spoke to a few companies about products and services relevant to my work, got some hands-on time with some solutions I was curious about, and gathered so much swag that I almost couldn’t fit it all in my suitcase for the flight home. Granted, much of it was ill-fitting t-shirts that I’ll only ever wear to bed, but I also got a signed copy of Penetration Testing by Georgia Wiedman, which was a much more useful and valuable item than I was expecting to find.

Black Hat also gave me my first taste of the social side of Hacker Summer Camp. I went to a couple of vendor events in the evenings, and while I maybe didn’t chat to as many people as I’d hoped to, I had a few free drinks, saw some cool stuff (the best was probably Demisto’s gin and jazz event), and got to hang out with my colleagues and do a little gambling on the way home. By the end, I was ready for Defcon to kick things up a notch…

This is post two of three on my recent trip to Las Vegas. Stay tuned next week for the thrilling conclusion, which will cover my time at the Defcon hacking conference.

Las Vegas, Nevada, USA

17th Aug 201917th Aug 2019 stackstubsLeave a comment

I’m home, I’ve shaken the jetlag, and I finally feel like I’ve recovered from the sensory overload that is Las Vegas. So as promised, here’s the first of three posts about my experiences in the USA…

Las Vegas is a lot. Too much, probably. You want desert but your main course is about twice as big as the ones at home so you have no space left. You want to go to bed, but the walk back to your hotel takes you through three different casinos. And even once you reach your resort, you have to navigate your way through endless clusters of slot machines with their blinking lights and happy jingles to reach your room. Simply put, the place is exhausting, and after a week I couldn’t wait to get away and back to my own space.

At its best, Vegas is a unique experience. Where else am I going to have a cocktail served to me by a robot or spend a night wandering between casinos, gambling a little at each? Somewhere in the middle, Vegas is a sweltering, impassable sea of tourists not unlike the parts of London I deliberately avoid. And at its worst, Vegas feels almost sinister – never more so than when you notice the small details and tactics that help the place to maintain its Disneyland-like facade and convince people to part with their cash.

A view of the Strip (no post-edits here – it really is that bright)

On balance, I’m glad I had the opportunity to visit Las Vegas. It’s certainly somewhere to say that you’ve been, and I picked up a few stories that I’m sure I’ll tell anyone who’s interested for a few years to come. But unless I decide to go back to Defcon (more on that in a future post), I think it’s definitely a one-time thing. I’m not sure I could take another week dodging the crowds and having my attention pulled in all directions 24/7.

Don’t worry, though, Americans – I’ll be back. I know the Strip isn’t representative of your country, and even then, one of the positives I can take from my time in Nevada is that all the locals I spoke to were very polite and friendly. But perhaps the biggest positive from my trip is that I managed to achieve something that few people do in Sin City: I walked away from the Las Vegas casinos’ slot machines with a $10 profit in my pocket.

This is post one of three on my recent trip to Las Vegas. The next one will cover the Black Hat USA conference, and the final entry will be on the hacker get-together Defcon.

Hacker Summer Camp 2019

3rd Aug 2019 stackstubsLeave a comment

It’s time for something a bit different on my fledgling little blog, as soon I’ll be heading out to Las Vegas for Black Hat USA 2019 and Defcon 27 – two events that together have become known as Hacker Summer Camp. I’m super excited – I’ve never been to an event with anywhere near so many hackers and cyber security people in one place!

The venue is set to be just as interesting as the conferences. The two events will occupy no fewer than four hotels spanning the length of the Strip, giving me plenty of opportunity to explore Vegas between talks and meetings. I’ve never even been to the United States before, so I feel like I have a lot to see (feel free to leave tips in the comments).

Probably the Vegas equivalent of a stock image of the London Eye or Parliament, but YOLO

To cover Hacker Summer Camp, I’m planning on writing three blog posts: one on my general impressions of Las Vegas, one on the corporate-focused Black Hat USA, and one on the hacking Wild West that is Defcon. I imagine there’ll be a lot to squeeze in, so they might be slightly longer than usual, and they may go up while I’m in the States or when I get back, depending on free time and the level of connectivity I have out there.

I realise there’s also a possibility that you’re reading this after I handed you a card at one of the events. If so, welcome! Please go ahead and subscribe to the blog, leave a comment below to say hello, and follow me on Instagram and Twitter if you have them. I’d love to build a little network to discuss cyber security and share cool techy stuff!