Duolingo has once again given me the opportunity to attend DEF CON in Las Vegas! Whereas my objective last year was to see as much of the conference as possible, this year I wanted to focus on a specific village and spend time with my fellow cybersecurity professionals.

Wednesday, August 6th

My DEF CON 33 trip surprisingly began in Seattle rather than my home state of New York. Prior to my Las Vegas escapade, I visited some friends in the Emerald City. The flight over was easy; the adjustment from beautiful Seattle summer weather to the scorching Las Vegas heat was not.

Fortunately, much of the time spent in Vegas is indoors. I always marvel at how many steps I can get in just by traversing connected casinos. In any case, this first day of my trip was before DEF CON’s first official (registration) day. Since Black Hat and BSides were just wrapping up, though, it was the perfect time to attend events that overlapped all conferences.

Image
I found brain rot plushies in real life.

Most of the evening was spent settling in, which included my favorite activity of roaming the hotel I stayed at. After getting some dinner and gawking at some truly “oh wow this is really Las Vegas” shops, such as a stand with an extensive selection of internet “brain rot” keychain accessories, my coworkers and I attended some independently run hacker events in the evening.

Thursday, August 7th

DEF CON registration is always a refreshing experience. While I am not a Linecon participant, as I usually pre-register and don’t want to wait in line for merch, I enjoy the initial vibes of showing up to the convention center and collecting my badge and other conference materials.

This year’s badge was the first DEF CON badge I received that did not contain a major hardware component. Instead, it was a set of transparent acrylic plastic ellipses of different shades (red, blue, yellow) pinned together with a screw at the top. The effect was such that one could fan out some combination of these plastics and see the world through that resulting color’s lens. The organizers took advantage of this by creating various graphics around the conference that presented different images depending on the color combination you view them through. Overall, it was a very cool effect and a unique spin on the usual kind of DEF CON badge!

Image
I forgot to take a picture of minus5, so this is from Travel with Style.

Once we got our badges, my coworkers and I did a quick pit stop at the hotel before attending a Semgrep hosted event at minus5 Ice Bar. We got a chance to meet some folks over at Semgrep, which I found particularly exciting as someone who follows at least a few people who work there. After a few hours, we left and spent the rest of the evening doing some team bonding events.

Friday, August 8th

The first official day of DEF CON kicked off strong. After doing a quick tour of the premises, I met up with a friend and started working on a CTF hosted by the Embedded Systems Village. A few of my coworkers joined us, and this easily became the technical focus of the conference for me.

The Embedded Systems Village CTF was easily the closest thing to real hacking I’ve done in a capture the flag context. Instead of selecting a problem and solving it in isolation, the format of the CTF required us to connect to the village’s WiFi network with the assertion that some set of devices are also connected (with the assist that they’re on a specific subnet, though that mostly just helped in discovery).

After running an nmap scan, one can get a list of devices and high-level information about what ports are open. The objective varies depending on the device, but the core objective is usually to get a reverse shell and either finding a flag or proving access to the village volunteers. While the starting point for each device was through a scan instead of the CTF website, once a device is discovered it’s fairly straightforward to find additional context (if present) on the site.

Image
A snippet of my initial nmap scan.

There were many kinds of devices (switches, routers, webcams, etc.), but most of them were pretty outdated. As a result, there were slews of CVEs to exploit. This first day we mostly focused on figuring out which IP addresses mapped to what devices. After that, we made a list of CVEs and vulnerabilities that we were going to try exploiting, then proceeded to divide and conquer. Given the number of breaks we took to check out the conference, including a trip to buy matching T-shirts, we made only a bit of progress in the CTF.

Saturday, August 9th

Saturday was the day we chose to lock into the CTF. Barring some breaks for food throughout the day to hit “local delicacies”, such as In-N-Out, we largely focused on hacking. I tried to make things even more exciting by bringing in some truly exquisite doughnuts from the hotel I was staying at.

Doughnuts
Las Vegas has a truly elite concentration of food.

Frankly, the day went by pretty quickly and most of the details were lost in finding out things like how earlier versions of the Control4 HC300 had a vulnerability where anyone could SSH as root with a default password of t0talc0ntr0l4!. My main takeaway from the day was the interplay between traditional CTF and hacking techniques with the assist of LLMs. I’m not an expert in embedded systems by any means, but the information discovery afforded by even high-level LLM prompting was unlike anything I’ve done prior to the generative AI era.

In the end, we ended up ranking around the top 10 out of the 100 or so teams that registered for the CTF–not a victory, but not bad at all especially considering the team’s relatively limited background in this kind of hacking.

Sunday, August 10th

We left pretty early on Sunday, so most of the day was spent traveling. Thankfully, I took the next day off from work so I had another day to recover and readjust to the east coast.

Concluding Thoughts

Just like it was last year, DEF CON was a lot of fun and taught me some new skills. Also, as I continue working in cybersecurity, I meet more people whom I get the chance to sync up with at conferences like DEF CON. I remain excited for what next year has in store!