Avatar

My first DEFCON was DEFCON Three, held at the Tropicana Hotel in Las Vegas.  The computer security conference scene was much, much smaller back then, but DEFCON had already become THE security conference of the year. Since that time I’ve continued to regularly attend DEFCON, and over the years I have collected some very fond memories of summer computer security conventions past.  I remember vividly when the Cult of the Dead Cow celebrated their release of Back Orifice.  I recall battling the Las Vegas heat in the large, “air-conditioned” tents at the Alexis Park Hotel.  I remember when the NBC Dateline journalist was outed at DEFCON after planning to surreptitiously record attendees confessing to hacking crimes.  I remember seeing the authorities hauling away a fake Automated Teller Machine (ATM) that had been installed in the Riviera.  Fun times…

defcon

This year I set out for my speaking engagement at DEFCON 21 eagerly anticipating all the interesting people I would meet and all the fun parties I would attend as part of having a speaker badge and being on the “inside”.  I was not disappointed.  As a speaker I was able to gain VIP entrance to the Electronic Frontier Foundation’s (EFF) fundraiser, the “Summit” party hosted by Vegas 2.0 crew.  Arriving early turned out to be a good thing.  Eventually there were enough people at the party that the line for drinks snaked around the tables and throughout the entire venue.  I did get a chance to speak with several terriffic people, including Dan Crowley (@dan_crowley) and Jen Savage (@savagejen), whose presentation on hacking network controlled consumer devices was terrific.  All totaled, the word on Twitter is that the EFF raised over $100,000 at the DEFCON conference this year!

Every year I always look forward to presentations from my favorite security researchers.  Being a successful security researcher is of course not the same thing as being a successful presenter, but occasionally you run into rare instances where security researchers also make fantastic presenters.  For example, I thoroughly enjoyed watching Charlie Miller (@0xcharlie) and Chris Valesek (@nudehaberdasher) give a presentation on hacking automotive networks and control systems.  Some of the videos they showed of their exploits were hilarious, and quite frightening when you stop to actually imagine the real-world possibilities of just such an attack.

Robert Stucke also had a great talk, “DNS May be Hazardous to Your Health.”  I really enjoyed his presentation, and not only because he included several slides on bitsquatting, which also happened to be the subject of my talk at DEFCON this year.  Robert’s recommendations for monitoring DNS and searching for anomalies were spot on.

Regarding my own presentation, I was scheduled to speak opposite Mudge (@dotMudge).  I would have liked to attend his talk given the recent revelations involving  domestic NSA spying and given Mudge’s own work for the government.  Thank you to all the people who bravely decided to come see my presentation instead of his.  Not being a new speaker at DEFCON, I also missed out on the “Noob Shots” –shots of alcohol given to first-time presenters in the middle of their presentation by the DEFCON Goons.  I can only hope that next year there may be something for DEFCON veterans.



Authors

Jaeson Schultz

Technical Leader

Cisco Talos Security Intelligence & Research