Rules to Live By
1. Do not use the ATM's at or in the close vicinity of the Riveria
2. Secure cellphones as best as possible
a. Do not connect it the wireless network
b. Bluetooth and other non-essential communications mechanisms should be off
c. Not physically visible during the conference
d. Store phones in a secure location where it will not fall out and possibly fall into the possession of someone else. In fact do this for any personal item of value.
3. Do not use any credentials on websites without encryption throughout the entire conference (see sidejacking)
a. Dynamic port forward all your traffic through a properly configured SSH tunnel
b. Use a VPN tunnel for all traffic
4. Do not take unauthorized DefCon pictures in the contest area or in the CTF area
5. Do not give away valuable information (utilize constant vigilance)
6. Do not attach a work machine or a machine with valuable information to the DefCon network
7. Do not accept “Free” devices to attach to a machine (e.g. a free USB key from another attendee)
8. Do not antagonize anyone with a “Goon” or higher-level attendee badge
9. Shower. Seriously, please shower. I've said it once, I'll say it again, poor hygene does not make anyone a better hacker.
10 In fact please read and adhere to the do's and don'ts of personal presentation at conferences written by Shyama Rose, who is a well-known, knowledgeable, intelligent security professional who also happens to be quite good looking e.g. the dream girl of many of the non-showering types.
Navigating the Wall-of-Sheep
The Wall-of-Sheep is a team at DefCon who is authorized to connect to the DefCon network core router spanning port. This means that the Wall-of-Sheep is able to view all of the DefCon network traffic. Typically this team leverages a Sourcefire IDS as well as various utilities to monitor the DefCon network and publicly display the usernames and portions of passwords of anyone silly enough not encrypt their traffic. Put sim ply, it sucks to be put on Wall-of-Sheep, it's really embarrassing, you don't want to be a sheep.
That said the Wall-of-Sheep can be a great learning opportunity as well. The Wall-of-Sheep team allows attendees to plug into the spanning port and monitor as well. In order to participate in the Wall-of-Sheep simply sit down at a Wall-of-Sheep table and ask for a connection. Be sure to sit on the outside of of the circle of tables as the Wall-of-Sheep team wishes to maintain a barrier between unknown attendees and their equipment.
Once attached to the DefCon network spanning port, begin sniffing traffic for usernames and passwords. If you find a username/password, write it down on a piece of paper and deliver it to the person who is manually entering them into the displayed Wall-of-Sheep scrolling site.
Useful Utilities for the Wall-of-Sheep
Wireshark – Wireshark can be a useful too for sniffing packets on the Wall-of-Sheep, however, be warned the DefCon network will most likely overwhelm your machine.
Dsniff – Dsniff is an excellent tool for capturing usernames and passwords. Simply run Dsniff by typing “dsniff.” It should take it from there.
Tcpdump – Tcpdump is a great tool for capturing traffic that most are familiar with. However, because of the large volume of DefCon traffic be sure to leverage tcpdump switches to reduce the notice.
Ettercap – Ettercap is another great tool for sniffing traffic (and poisoning switches). Simply run Ettercap with the proper switches and it will begin listing usernames/passwords as they cross the wire
NetWitness Investigator – Awesome full-packet capture utility that will sort captured traffic. Unfortunately the free version will only process 1 GB of data at a time. This means that a user has roughly one minute of traffic on the DefCon network.
Snort – Easy full-packet capture and useful IDS rules to run it by
Etherape – Graphical representation of traffic, won't tell you much but it will show you how much traffic is passing
CAIN (Note some Web Content Filters block oxid.it as a malware site)– If you feel so inclined to use windows, CAIN is a pretty good sniffing tool
Know the Groups
303 Group – Hackers from Denver, Colorado. There are usually a lot of these guys.
Pauldotcom – Group of security podcasters from PaulDotCom.com good group, great podcast.
Shmoo Group – Awesome group, used to put out a lot of useful utilities, today they are less active outside of ShmooCon, which is awesome.
Hackers For Charity – Johnny Long's not-for-profit charity group. These guys will be everywhere, some of them will be identifiable by shirts that say, “I hack charities.” (hackersforcharity.org)
IRC People – These people are usually identifiable by the fact that still introduce themselves with a handle
Church of the Wifi – A bunch of Wifi hackers
Hacker Pimps - A hacker and research group. Also coordinate DC905 and Jacksonville 2600
Wall-of-Sheep – People sniffing packets and stealing passwords to display to the rest of DefCon
EFF – Lawyers who often times take up hacker type cases
OWASP/OWASC – Open Web Application Security Project/Open Web Application Security Consortium folks. These folks from (OWASP.org and OWASC.org respectively) are knowledge leaders in web application security. These guys tend to be bigger at BlackHat but a lot of them will still be around at DefCon.
Navigating the Conference Venue
Notice on the map that the halls are small. These halls, with 10,000 people in them get frustrating with how cluttered they get. Keep in mind that there are doors you can get into and out of by walking outside at the foyer and directly in front of speaker track rooms 1-4 (Royale Pavilion). Thus, if you should find yourself in the Grande Ballroom area and needing to get to Royale Pavilion during so-called rush hour (time in between tracks), go outdoors, it's so much faster!
Talk Picks
The following are my picks for talks, please don't take this as the only option, but if I had a guess I'd think these ones would be pretty good.
Thursday
Exploitable Assumptions Workshop
Friday
10:00 Keynote or Welcome and Making the Def Con 18 Badge (go to welcome if you've never been)
11:00 Cloud Computing, a Weapon of Mass Destruction
12:00 How Unique is Your Browser
13:00 How Hackers Won the Zombie Apocalypse
14:00 Toss up between Lord of the Bing and Web Application Fingerprinting with Static Files
15:00 Exploiting Internet Surveillance System by Decius
16:00 Exploiting WebSphere Application Server's JSP Engine
19:00 Black Ops of Fundamental Defense: Web Edition (Kaminsky pushing new product)
20:00 Live Fire Exercise: Baltic Cyber Shield 2010
Saturday
14:00 Fun with VxWorks (SkyTalk so it's upstairs in SkyBox 206)
15:00 My Life as a Spyware Developer
17:00 Shacking DOCSIS for Fun and Profit
18:00 The Chinese Cyber Army (which is canceled unfortunately so meh)
19:00 You're Stealing It Wrong 30 Years of Inter-Pirate Battles (Jason Scott = Good speaker)
22:00 Hacker Jeopardy
Sunday
10:00 Browser Based Defense
11:00 Why Security People Suck (SkyTalk so it's upstairs SkyBox 206)
13:00 Build Your Own SOC for Little or No Money
15:00 Open Source Framework for Advanced Intrusion Detection Solutions
Events and Parties
Thursday
DefCON Fundraiser at Riviera Penthouse ($40)
Toxic BBQ
Microsoft at Vanity
Core Security at Sushi Rohku
Saturday
Hacker Pimps
