Ragab0t's Blog

I went to DEF CON for the first time and it was awesome!

Luis Diego Raga's photo
Luis Diego Raga
·

6 min read

TLDR; It was awesome. See Also: My Takeaways ;)

Alright, after many years of planning to go to DEF CON I finally got to go for the first time and it was an amazing experience. So while I know there are many many posts and blogs about this but I wanted to share my experience too. Who knows it might be helpful for another first-timer in the future.

I arrived on Tuesday night to Vegas, it was not only my first time going to DEF CON but also my first time in Vegas, so it was an interesting experience. Some friends from Costa Rica and I stayed at the Rio Hotel. The hotel was nice, we didn't get to see the pool or any other amenities, but the price was fair compared to other hotels in the area. Now, the biggest downside was that we had to Uber all the time, and while the hotel was technically within walking distance of the Ceasar's Forum, walking in the dry heat of Vegas isn't that fun (especially if you are like me, who starts sweating 2.3 seconds after I start any physical activity). So all our potential savings were spent taking Ubers back and forth (and probably even more).

We used Wednesday to meet with some friends, take a look around, and visit some of the major Hotels like the Bellagio, Ceasars, Paris, etc. do some grocery shopping and get things ready for the con. We also attempted to attend a BlackHat party hosted by our company, but thanks to our costarican logic, we got there one hour late and they were already at max capacity, so we couldn't get in. In Costa Rica you never show up to a party on time, you always show up an hour or two later (e.g. if the party starts at 7 pm, 8:30-9 pm is the perfect time to arrive). Apparently, this is not only a costarican thing, but a Hispanic thing, if you don't believe me Google "when you arrive to a Hispanic party on time" and you'll see plenty of TikToks about this. Anyways, since we couldn't make it to the party, we headed out to TopGolf and had an amazing time there, especially since none of us had ever touched a golf club in our lives. 100% recommended.

Thursday morning we headed out to the con (Finally YAY!). Thanks to a friend who had two tickets I managed to get hold of an online registration ticket, I walked in by 9 am and there was zero line for the pre-registered attendees. The cash-only line was around 1hr long based on what other people told me. From there I went to the merch line, long story short I was in line for three hours, by 1 hour and 40 minutes I was ready to give up but I felt like I was so close that I decided not to. I ended up buying 3 shirts, 2 glass shots, and a couple of extra shirts for friends that hadn't arrived yet. Next year, I might skip the merch line or have one of my friends get me a t-shirt in return.

T-3 Hours

That day was mostly merch line and a couple of talks at the main tracks, one of which was a DEF CON 101 Panel. That was very insightful. One of the things they talked about was about "making the con your own con". That struck me as I was used to going to conferences but in a more corporate environment, where you are expected to be at talks every single minute and God forbids you to miss a talk or spent your time doing something "unproductive".

As a Web App Pentester, with plans to also start doing some network pentests soon, my original plan was to spend most of my time at the Red Team and AppSec Villages, but that evening my plan changed drastically. After watching the DEF CON 101 talk, I decided that I was gonna try to spend most of my time doing things I didn't have access to back at home. Namely things like the Lockpicking, Physical Security and Social Engineering Villages.

I also came up with my own 3-2-1 rule (if you've been to DEF CON you know what the 3-2-1 rule means). I wanted to at least do 3 different things every day, it could be a talk, workshop, activity or contest, plan my day in chunks of 2 hours, and make at least 1 new friend every day.

And that's how Days 2 and 3 of the conference went. I spent a good couple of hours watching the Social Engineering masters doing their thing at the SE Village contest(one of my favorite things), I spent some time at the Lockpicking Village learning how to pick different types of locks, then moved on to the Physical Security Village and learned how to open doors and bypass security controls(also one of my favorites so far) and then I spent some time at the BioHacking Village learning about security and hacking of medical devices (also one of my favorites... question if everything becomes your favorite are they even called favorites anymore ? Food for thought...).

For the one activity I had signed up for at the Red Team Village, I ended up playing CTF. I thought I had signed up for an OSINT workshop but it ended up being an OSINT CTF instead. It was fun. I also happened to meet people that I admire while I was there, so even though there was no workshop for me, it was totally worth it.

On that same topic, and I know everyone talks about it, but the networking component of the con played an important role to me. The technical stuff you can probably learn at home by yourself but when it comes to meeting people and making new connections nothing beats the "in real life" mode. I came home feeling really satisfied about all the people I met and the friends I made (and for those wondering, yes I did manage to make at least one new friend per day ;) )

Finally, at the end of my last day I stopped by the Vendor area and got myself some cool stuff (I then ordered even more cool stuff from some vendors after I got home)

Sunday Morning my flight was scheduled to leave at 6 am, and while I wanted to stay for more fun activities, it was time to go. My feet were sore like never before from the 20K+ steps I had put in every day that week. Even though I'm in good shape and I wore what I thought were comfortable shoes, they turned out to be not so comfortable after a few hours of walking.

Fifteen hours later I made it home (yes, 15, with an exciting 6-hour layover) and after spending some time with my family, I was ready to book my flights and hotels for DEF CON 32. I just needed to wait for the dates to be announced (Update: The dates have been announced already Aug 8th - Aug 11th, 2024 :) )

My takeaways

  • Staying close to the conference might end up being cheaper since you won't have to use Uber that much.

  • If you are not a fan of waiting in line, get the online tickets and skip the merch line.

  • If you plan to go to a party, be there early :)

  • Step out of your comfort zone, try new stuff, and do things you'd never done before and that you can't easily do at home.

  • Plan your day in chunks of two hours. With all the walking, the lines, the talking and everything that's going on you will end up frustrated if you try to stick to a one-hour per-activity schedule.

  • Wear super extra comfortable shoes, gym shoes I would say.

  • Meet people, don't be afraid to introduce yourself.

Alright, that's it for now. Until next time :)

defconhackingdefcon31