June 20, 2018 by
Good Blackhat/Defcon/BSides Las Vegas Advice
This was originally posted on blogger here.
Every year new people come to Las Vegas for the triumvirate of conferences, Blackhat, Defcon, and BSidesLV, better known as hacker summer camp. If you've never been, it can be an intimidating experience. To help those who might be interested in some suggestions, I've compiled the list below from my own experience (starting with Defcon 13).- Think about what you want to get out of it. BH and DC are BIG. You can easily spend the entire time just wondering. You'll learn a lot about the conferences, but not necessarily security. Plan half a day to walk around and just see things, but have a better plan after that. Pick a few talks to go to (and wait in line for). Pick a village to sit in all day (I'm partial to BSidesLV Ground Truth as I help run it). Schedule to meet people (something I do a lot).
- Thursday is a down day. The schedule says there's stuff going on, but not a lot. DON'T plan to wonder on Thursday. Nothing will be ready. Plan to do something on the schedule. Meet up with people. Volunteer. Visit the Grand Canyon. But don't just assume you'll have stuff to do.
- Wear shorts. Most people will be in black t-shirts. You don't have to. a t-shirt, polo, or even short sleeve button-down is fine. Just don't do slacks and long sleeves. it's HOT.
- Wear comfy shoes but don't stress over it. Whats comfortable at home will be comfortable there. I wear a pair of dock shoes (sparreys).
- Don't rent a car unless you'll be driving out away from las vegas (to the grand canyon or such). Instead get a week ticket for the Deuce (double decker bus on the strip)
- Don't worry about your electronics. I can't find documentation of a single breach related to a compromise at BH/DC. The BH/DC noc operators have been doing it longer than those trying stuff and are generally safe. Still, patch all your stuff before going and try to use a VPN for all communication including mobile. (There will be lots of fake cell towers though the police have been cracking down on it a bit I think.)
- I prefer to get a microwave and get some food, especially breakfast food, to eat in my hotel room. Food tends to be a huge portion of the cost of going and eating a bagel and some fruit and yogurt in your room for breakfast can help keep you grounded.
- Speaking of being grounded, Las Vegas is a city of haves and have nots. You'll be living the good life, pampered by vendors, etc. Consider giving to those who don't have by volunteering at or donating to the Las Vegas Rescue Mission (https://vegasrescue.org/) or such.
- Speaking of parties, go to one, but most are going to be either loud, over-crowded, and obnoxious or hard to get into and pretentious. (There are a very few that facilitate socializing like the bsides las vegas pool party.) Better though to go to bed early and try and have breakfast with new people each day. I generally follow groucho marx's rule for parties.
- Go to some talks. Lots of people put a lot of work in to talk about lots of things. And not just the big showie talks. Those tend to be spectacle. Instead find lesser known people talking about their passion. And plan to get in, talks have waiting lines that can be LONG. Especially at defcon.
- And see a show or two. Go to the day-of discount booth and get tickets to some big show (Every casino has one) but also to the little lounge shows (Burlesque, Hypnotist, Comedy, etc). Ask the hotel what smaller shows they have and what others are around.
- don't bother gambling. Your time around many of the best security professionals in the world is limited. Don't waste it on throwing your money away. You can do that any time.
- Don't plan to go back to your hotel room. Put everything you need for the day in a bag and go (water, snacks, clothes, batteries, etc). That includes electronics, extra power, water, and clothes if changing for the evening, (whether an extra t-shirt to replace your sweaty one or your slacks for a nice evening out). It can take you an hour to get back to your hotel and back out again and you don't want to waste that.
- Take one set of nice clothes (business casual, maybe a tie and jacket, in case you want to go somewhere nice one night. Make SURE to bring close-toed shoes. Some nice restaurants will refuse you in sandals. (goes for women too).
- Bring extra power. The wireless environment is FLOODED. it will DRAIN all your devices. I can drain the battery in every device I bring 2-3 times a day. USB batteries are a MUST and if you don't need the wifi on on your device, just leave it off.
- Read this blog: How to Converse Better in Infosec and this one: How to Handle Being Questioned on asking & receiving questions.
- Bring a big, boxy suitcase so if you find cool stuff you can bring it back. (I've flown servers back before.)
- Remember that blocks in Las Vegas are about a mile. Don't look at google maps and think "it's only one block".
- If you see someone you recognize in infosec (a speaker you look up to, a company CEO, etc), walk up and say "Hi. I'm <your name>. I love your work. I'm curious about what you're interested in these days." If they excuse themselves, that's fine. They may be in between things. (I've heard of people taking an hour or more to get from the hotel lobby to their room because they meet so many people that know them along the way.) If they mumble something, that's ok. After talks particularly speakers are worn out mentally. If they tell you off, that's ok. Some people are jerks. But none of those things cost you anything and the potential for a good conversation is HUGE.
- If you see someone you _don't_ recognize, say "Hi. I'm <your name>. What brings you here?" Again, they could not talk to you for any number of reasons, but I have met all sorts of super interesting people just being willing to meet with whoever is willing to meet with me.
- Lots of people like badges. Some are super cool. I'll be honest, all my old badges, electronic or not, are hanging in my closet taking up room I need for other things. If you want a fancy defcon badge, get a badge early as they tend to run out and then hand out paper. If I get a fancy badge and they run out, I tend to trade it to someone whose there for the first time who doesn't have one. I've got enough badges and your first defcon badge is special.
- The minimum rule is 1 shower, 2 meals, and 3 hours of sleep. Personally, I get a full nights sleep, I eat all my meals, and of course shower and use deodorant.
I'm sure there's much more I'm forgetting. I'll update it if I think of anything else.
Also, you can search twitter for #gooddefconadice (or #baddefconadvice) but take it with a grain of salt.
1 comments captured from original post on Blogger
Unknown said on 2018-06-20
Nice write up, spoken like a true veteran.