I've wanted to go to Defcon since I first heard about it many years ago. I was always intimidated from a lack of confidence in pursuing knowledge in the information technology world to go. I removed this confidence barrier in my mind and have been learning about the IT world for a year and a half. Now I finally felt ready to go participate in my first Defcon.
Preparation.
Preparing for Defcon involved a tremendous amount of googling since I have no family or friends who have been before (or are into tech like this). Many blogs about DefCon suggested being as paranoid as possible about security. This includes removing saved WIFI networks, turning off Bluetooth, not bringing any credit/debit cards (or use RFID blocking case), and wiping everything afterwards. I followed this advice at first and left my cards behind and only brought cash. This worked fine until I encountered situations where I needed a card to pay for things like parking. If it's your first time going to Defcon I recommend doing the same. Updating your devices, turning off airdrop on your phone, turn off Bluetooth, and never connecting to the Defcon open Wi-Fi then you should be fine. If you do use a laptop for a good number of activities, you can wipe it afterwards just for the peace of mind. Having your devices with the latest updates means that they will be protected from known exploits. There are exploits known as 0-days that could be used against the latest updates but the risk of one being used against you is little to none unless you are a very high value target. If a 0-day was used against me I would be extremely flattered at first…………and then immediately overwhelmed with panic.
If you want an extensive list of what to bring depending on what activity you want to do checkout this list- 2018 What Tech Should I Bring To DEFCON? – Holon Network . Now for the 5 things I learned from my first Defcon.
#5- You don't need any prior knowledge to experience Defcon but you do need it to participate in some activities.
After attending DefCon I noticed that it does cater to all types of people. One can go with no knowledge of technology, hacking, or programming. You can definitely go experience it and see what this world is like and there are activities that anyone can participate in like lockpicking (which was virtual this year). Someone without experience can walk up to any of the villages too. Like walking up to the Car hacking village and saying "I don't know about tech, but how does someone hack into a car?" The rep would be more than happy to give you an "explain like I'm 5" of how someone hacks into a car and might even demonstrate it if they have time. So, if you're thinking of getting into cyber security or just want to see what real hacking is definitely go to DefCon. On the other hand, if you do want to participate, I do recommend gaining some knowledge prior and bringing a laptop with a basic tool setup like Kali Linux or Windows with the Kali Linux subsystem.
#4- Double down on workshop prerequisites.
Going off of number 5 I think if you are going to take a workshop you should learn the basic tools and methodology that will be used prior to attending. I attended four, four-hour workshops over the weekend and saw how it was for participants with differing levels of experience. For example, I attended a Bug Bounty Workshop and a Zero to Hero Website Security workshop. Both workshops I sat next to a website developer who was very knowledgeable about building websites and how they work, but when the presentation got to how to exploit web apps, they got frustrated. This is because the instructors moved at a pretty quick pace and infer you have a decent grasp already. If you are going to attend a workshop don't just follow the prerequisites that are listed, actually put some time in to get an understanding of what you'll actually be learning prior to going. If you want to expose yourself to something new just bring a notebook and just watch with an open mind. I've never done reverse engineering before but attended a class to get an idea about it. The hands-on techniques of the class went over my head but I was able to relate the theory to Forensics when we learned about that at my college.
#3- Bring a hotspot.
This is a quick tip for anyone going. Bring something you can use to setup your own hotspot, especially for the workshops. All of the workshops depended on participants downloading content during the class and would lead to either a crawling connection speed or none at all. This would be frustrating sometimes because the instructor has to continue with the presentation leading to you just watching. Have something you can use as a hotspot so if the Wi-Fi goes down you can at least keep participating. 2 out of the 4 workshops I did, some participants walked out due to not being able to connect.
#2- Don't be scared to be a noob.
Some of my best experiences came from me walking up to a village and saying "I've never done this before, can I participate?" The representatives at all the villages are very welcoming to newcomers coming up to them and gaining hands on experience. One of my most favorite parts was walking up to the wall of sheep where you can sniff network traffic from the DefCon open WIFI. The village rep set me up and gave me a quick 101 of what to do and I played around analyzing the network traffic and had a ton of fun. A few minutes before the wall of sheep closed up for the day, I even caught two sets of credentials. This is something I learned later on at DefCon and at the next one I attend; my plan is to go up to more villages and ask if a noob can participate. Note that some villages may have an ongoing contest or participants already, if so then ask if there will be a time you can comeback.
#1- You get out what you put in.
Putting it all together DefCon is an experience that is determined by what you make of it. The in-person event was smaller due to covid and there was still so much to take in. Everyone's DefCon experience can be totally different depending on what you want to do. You can go for the parties, villages, contests, workshops, or just explore around. Above all else I recommend to try to make friends with the person next to you. Whether I was just standing in line or need help with something, everyone at DefCon was incredibly friendly. You don't need to be an 31173 h4ck32 or a genius to attend DefCon, you just need to have curiosity and a friendly attitude.