DEFCON 2018 After Action Report

[looks at calendar] Well, this is only four months late. Been too busy having other adventures. Sorry about that.

TL;DR version: I enjoyed the hell out of smart people sharing problems and solutions that I am not directly responsible for doing something about. Somebody else’s problems are the best problems.

So, as I mentioned previously, I made the somewhat last minute decision to attend DEFCON 2018. There was enough draw in the form of friends I knew were attending and, more importantly, available vacation time allowed me to actually attend. I’ve wanted to go since I first heard of DEFCON long ago but there’s only so much time in the year for all the adventures I might want to have. However, in the company of the former BBotE Ambassador of Chicago, Bill Weiss, and current BBotE Ambassador of Prescott, Dan Nowak, Black Blood of the Earth has been in attendance at DEFCON every year since 2011. While other people may have brought single bottles with them, Bill & Dan showed up with entire cases to keep their teams and all comers full of pep. So, in a way, I’ve been present in spirit.

But this year, in addition to the two they brought, my Lovely Assistant and I came with a third case as our luggage. You see, BBotE would be providing a special extra something to the cocktail repetoire for a Rift Recon‘s party. If you attended, you know how much fun those caffeinated cocktails were at 12am. I regret that there aren’t many pictures from this trip, but there are rules of decorum to be followed.

I have been informed that most people attend DEFCON primarily for the parties and just watch the sessions on youtube later. I was told I committed a rookie error by actually attending talks. “BAH!” I say. If I’d done that, I wouldn’t have had the chance to finally meet Aaron “I Should Have BLUE TEAM Tattooed On My Knuckles” Brown, AKA TheTarquin, in person after years of snarking at each other online. Aaron does infosec for Amazon at an interesting level where he gives the hard squint to new corporate acquisitions to see if it safe to plug them into the mothership. But that’s not what he was presenting on. He was here to talk about how H and H convey very different information to human brains versus computers and how you can use that for fun with and defend against homograph attacks. While I was there in person, you can watch his talk online and I highly recommend you do. It’s led me to have a lot of interesting conversations with my own IT, EECS, vision science, and philosophy folks, each from their different points of view.

 

 

In addition to the main talks, there are effectively conventions within the convention at DEFCON for specific topics called Villages. I was a little disappointed that the laser cutting village never even set up as I was looking forward to being VERY EDUCATIONAL to people there with an impromptu laser/product safety audit. Rumor has it that the company that was going to set up the village either broke something irreparable in transit or irreplaceable parts were confiscated by customs. The Social Engineering Village runs a competition to see if contestant can manage to talk their way to access to selected personnel in organizations purely through the power of bullshit (NOTE: there are some restrictions on how you can bullshit, Thou Shalt Not Impersonate Authority, which is my favorite gambit right out the window).

Then there’s Skytalks. If I have one important piece of DEFCON advice to give it is this: figure out what one Skytalk you absolutely want to see, plan your entire day for it, because much like anything at Disney you will be spending a significant amount of time in line for it. Unlike Disney, the experience will be rewarding and you will walk out the other end of the ride having learned something very interesting indeed. Chatham House Rules apply for Skytalks, so no recording, no photographs, and no bullshit which suits my own residual Q clearance habits just fine. So, while I won’t discuss the content of the presentation I enjoyed, let me just direct you to Faithleaks. Let your journey begin from there.

More dear to my heart was this long and grim talk about the state of the scientific journals and the shitty discourse/politics they end up supporting by muddying the waters of what “scientific consensus” is.  Thankfully, it is a very funny presentation even if it feels a bit gallows humor at times as this team maps out the networks of sham journals, sham reviews, and even entire sham conferences, all driven by the publish or perish mentality. MORAL: if you make a data scientist cranky your organization will become their project.

 

 

And as threatened in this post, I did indeed act as a docent for an informal tour of the National Atomic Testing Museum. There was some trepidation from the folks at NATM at the idea of a couple dozen DEFCON attendees descending upon their museum. There have been Incidents™ in the years past related to DEFCON and Black Hat that the locals have a loooong memory for, but I promised that everyone would be on their best behavior. I am happy to say that we’re welcome to come back anytime. The fact that we may have broken a sales record in their gift shop could be a contributing factor.

While I don’t know if I’ll have the vacation time to go again in 2019, I can confidently say that I had fun and learned enough that it would be worth going again to take a vacation to someone else’s conference.