ACM - Computers in Entertainment

DEF CON 22: A newbie’s point of view

By Balázs Zoltán

Because I live in Hungary, I don't have many opprotunities to visit DEF CON. The easiest way to go there is to do a cool research project, submit it to DEF CON, hope it gets accepted, and hope my boss pays my expenses. After reading some do's and don'ts about DEF CON, I decided not to bring my work laptop to the conference, instead I erased an old laptop and did a fresh new install on it. Because the number of WiFi Pineapples in a square-foot was more than anywhere in the world, I think it was a good idea to leave all of my data at home. Although I did not use the free open WiFi (compared to lot of other people), but still, who knows. During the first day someone even tried to connect to my Bluetooth!

My research was about hacking hardened, high-security systems. In my presentation I talked about bypassing packet filter hardware firewalls (the tool has been released, it is called hwfwbypass), application white lists, and secure remote desktops. Thanks to the shenanigans, the presentation was smooth and fun. 

When I go to conferences, I usually spend 10 percent of my time watching presentations. The remaining 90 percent is spent with meeting new people, having conversations with good old friends, or playing some hacker games. Although the number of people attending DEF CON was above what I could imagine, it was still possible to have small chats with a lot of people. Usually people working in IT or especially hackers are thought to be the type who don't have good social skills, don't have many friends, and are not good initiating new connections (except TCP based ones). But at hacker events like DEF CON, the opposite is true. People are open to discuss interesting things and ideas, and new connections are made every second. It is like a world created by hackers, for hackers. And I love it! Every small detail of the conference,—like the cool lights in the chill out room, the wall of sheep, the music in the CTF room—adds something to the whole event. What I really liked is that a lot of people brought their children to the conference, and there were events especially for DEF CON kids.

During the conference, I had conversations about bypassing web application firewalls, bypassing AV, global environmental problems, magic card tricks, vulnerabilities in home automation systems, how hard is to learn the Hungarian language, why do people in the casinos look like zombies, etc. When you are at the event, you wish you had 10 clones of yourself, to do and try everything. And when the conference ends, although you go home with a bunch of new laptop stickers, you feel the emptiness, which can only be fulfilled by meeting people like yourself. 

 


About the Author

Balázs Zoltán is CTO at MRG Effitas / Effitas Group in Hungary—an independent Internet security research organization focusing on providing cutting edge efficacy assessment and assurance services, collation, analysis and supply of malware samples to vendors and the latest news concerning new threats and other information in the field of IT security. Find him on Twitter, @zh4ck.