Conferences

DEF CON 32

17 Aug 2024

I finally attended my first (in-person) DEF CON! After attending virtually a few years ago, I was very excited to check out Las Vegas as an adult and meet like-minded security enthusiasts and professionals in real life. I’m grateful that I had the chance to experience such a fun and insightful weekend with my wonderful colleagues over at Duolingo! 🦉💚

Thursday, August 8th

I flew out very early in the morning, which was a pretty fun experience because:

1. I got to fly on the same flight as some of my coworkers and
2. I got to play “spot the DEF CON attendees” in the airport (there were many!)

The rest of the day was fairly uneventful as we checked into our hotel and then went to the convention center to pick up our badges. It was nice to not have to wait since we went fairly late in the day, but the downside is that we were too late to stand in the merch line (which, to my understanding, was incredibly long for most of the day).

Dead & Company had a residency at the Sphere all summer, so we got to see some related art

We got to do a brief bit of sightseeing before heading back to the hotel to rest up for the next day’s shenanigans.

Friday, August 9th

Friday was a whole lot of fun! First things first, the food in Vegas is no joke and I definitely felt pretty spoiled having come from NYC. We started off the day with some dougnuts, then rolled into the Las Vegas Convention Center (LVCC) to see the opening keynote given by Dark Tangent. After that, we dispersed into the center.

I’d say most of this day was focused on learning the lay of the land and dipping into various villages. Given that DEF CON was at a new venue this year, this seemed like a pretty common itinerary for most folks. For those who are unfamiliar, DEF CON has a huge variety of things to do. This includes things like talks, CTFs, network events, spontaneous activities, meetups, etc. There are so many layers of references and events being organized that it’s impossible to keep up with all of it. The name of the game at DEF CON is definitely doing enough breadth to find the things you want to spend more depth in. The closest form of organization you might find are the aforementioned “villages” that are essentially groups organized around a specific topic (e.g. hardware hacking).

I met up with some friends who also attended, along with my coworkers, to check out some of the villages after doing a few rounds of the floor. Our first stop was the biohacking village, where we got to check out a ton of interesting medical equipment. I even had the chance to try (and fail) hacking some of the machines :)

I learned how to do an ultrasound on myself!

After that, we wandered around the con floor and checked out a ton of other villages. There was a surprising amount of content to take in, but eventually it was time to get lunch (which ended up being quite busy). After that, we went to the lockpicking village, socialized with a number of folks while taking a crack at various locks, and then split off for a bit. During this time, my manager and I stumbled upon a random flyer on a table that had a short little web vulnerability challenge. After solving it, we went to the vendor which created the challenge, Intigriti, and got a coin which led us to a new challenge (discussed later).

After a long day at the conference, we got dinner and retired to our hotel rooms. A successful day two!

Saturday, August 10th

We began the day wrapping up the challenge coin. There was an option to create a writeup to try and win a Flipper Zero, which I saved as a task later in the day. My team and I went to a number of talks in the morning and had the chance to check out a handful of villages in more detail (like AppSec, IoT, etc.).

I finally got to see Tanya Janca give a talk IRL

During a brief break, I wrote up our solution to the challenge coin; we had a lot of fun putting it together! We then worked on a CTF being ran by the cloud security village for the rest of the day.

Towards the end of the day, I got the fortunate news that I was selected as one of the writeup winners and won a Flipper Zero at an event ran by Intigriti later that evening (and took a picture with them)!

Sunday, August 11th

Sunday was a pretty simple day overall! There were some events happening at the physical convention center, but I was pretty tired and had to get ready for my upcoming flight. I spent the time talking to some of my new and existing connections, as well as checking out some of the materials for the conference that were available online. The team and I met up for a final farewell brunch before going on our flight and heading back home. ✈

Oh crème brulée waffle, how I miss thee...

Concluding Thoughts

DEF CON was a whole lot of fun, and by far the most fun part was meeting so many people. In particular, I’m not often in a space where the default is security enthusiasm. I definitely anticipate going back to DEF CON, and other conferences, in the not-so-distant future!