DEFCON 22 sort of fires up today, though the real action doesn’t begin until Friday.
I’m not in Vegas again this year, for boring (money) reasons. Frankly, I’m also feeling a little burnt out. I miss Vegas (well, mostly, I miss Lotus of Siam) but I’m not sure I really miss dealing with that many people crammed into that small a space. I’m also not so sure that what happens at the conference makes that much of a difference any more. It seems like, to borrow the words of another better writer, “Nothing works and nobody cares”.
Or maybe that’s the depression talking. And the fact that my current employer made all of the videos from last year’s DEFCON available internally within a week of the conference.
So. If I was at DEFCON, what would I be attending?
As I said earlier, Thursday is usually kind of slow. I suspect I’d go to the “Data Protection 101 – Successes, Fails, and Fixes” talk; it sounds kind of basic to me, but you never know what you might learn. “Practical Foxhunting 101” also intrigues me. I went transmitter hunting with a friend of mine many many years ago, and I maintain a somewhat more than academic interest in the subject.
“Paging SDR… Why should the NSA have all the fun?” sounds like fun. Basically, this appears to be “how to decode pager traffic with cheap hardware so you can pretend to be Lester Freamon for fun and profit”. On the other hand, this conflicts with “RF Penetration Testing, Your Air Stinks“, a how-to talk for radio frequency penetration testers. I suspect I’d go to this one, and grab the slides from the pager talk later.
I know SCADA and the cloud are hot topics, but I’m not sure I’d go to either “AWS for Hackers” or “Protecting SCADA From the Ground Up“, simply because neither topic interests me that much. Nothing personal, presenters; they just don’t turn my crank.
I like the idea behind “Anatomy of a Pentest; Poppin’ Boxes like a Pro” and would be more likely to hit that than “One Man Shop: Building an effective security program all by yourself“. If I was working in a small organization, though, I’d probably go to “One Man Shop” instead.
Neither “Standing Up an Effective Penetration Testing Team” nor “In the forest of knowledge with 1o57” interests me that much, so I’d take another break here.
I’m slightly more interested in “Reverse Engineering Mac Malware” than I am in the Honeynets talk. And “RFIDler: SDR.RFID.FTW” sounds exciting: “We have created a small, open source, cheap to build platform that allows any suitably powerful microprocessor access to the raw data created by the over-the-air conversation between tag and reader coil. The device can also act as a standalone ‘hacking’ platform for RFID manipulation/examination.”
This is shaping up to be longer than I expected, so I’m going to break it into two parts. I will try to get a second part up tonight and at least cover the Friday and Saturday talks I’m interested in, if not all the way through to Sunday.
The full schedule is here, if anyone wants to look at it and make requests. I welcome comments from presenters and other people who are at DEFCON. And I will be trying to monitor twitter feeds and posting presentation links as I find them.