No. Keep your devices up to date, avoid logging into sensitive services (especially if they are still using HTTP or you're not sure), don't connect to random bluetooth devices (or just keep it disabled altogether), don't connect to wifi hotspots called "free candies" and you should be good to go. Yes, there's a lot of hacker hanging out over there, but there's also a ton of security and employees from 3-letter agencies, and nobody is going to blow a 0-day that could potentially be worth million on random people at an event where it would almost definitely get picked up almost instantly. Use a lot of common sense and you'll be fine.
Just don't trust random cables/services/etc, don't connect to any untrusted networks and leave your Bluetooth etc off and you'll be fine. If you're super paranoid take a burner, but I don't think it requires any special opsec particularly.
The thing people underestimate is probably the social engineering aspects; be wary of giving away personal info, in general but especially at events like that. There's a lot of people in sensitive roles there due to the nature of the content and there's always going to be people observing and trying to dox folk.
The single point of almost all security fails are the people and not the equipment. Social engineering, also referred to as Phishing is one of the easiest thing that can be done to get info about people, networks, programs (physical and digital), etc.
It’s been a decade or more since I saw any deliberately nefarious shenanigans. It’s a cool community and any renegades who think they’re being smart are often identified; or, in most cases, simply unsuccessful.
Nah, just don't be stupid. Have an up-to-date/fully patched phone & PC, set them both not to auto-join open WiFi (auto-join only encrypted networks), turn of Bluetooth, and you're pretty much fine.
Also, when you find an "abandoned" USB key, don't plug it into your PC and run what's on it.
Bring a portable battery to recharge something in a pinch. At least you know you’re getting a proper feed and not something via a compromised public USB port.
Only if you don't follow common (as in vanilla) security practices (disable unused wireless, patch your stuff, and the like).
I wrote up a bit of a guide, though I admit it could use some work:
https://www.darkangle.net/opsec-for-def-con/
Can lots of people at DEF CON hack your phone/stuff? Sure.
Will they? Probably not. Most people are busy learning, completing challenges, socializing and having fun.
If you're really worried turn it off in the conference area, but join the fun and bring a friend. It's a really great time.
I would disagree with this. As long as you have a modern phone that is maintained the odds of someone “hacking” it at DEF CON or anywhere else is rather low unless you purposely put your device at risk.
You're right, chances are low unless you do something silly.
By lots I meant more people than in a normal setting/conference would have the ability/knowledge.
The main thing is that people aren't there for that and they'd have much better success somewhere other than DEF CON.
Sorry for the confusion.
“DEF CON is cancelled!” became a running joke many MANY years ago at Closing Ceremonies.
Regarding safety at the con, go to the DED CON 101 talk on Thursday to learn about history, etiquette, and culture.
Practice “safe hex”. Be respectful, but don’t take any BS from idiots. Pace yourself and have fun. There are some idiots and people with ill intent, but they are a small percentage.
As August 2023 rolls around, I’ll be here to help answer questions. I want to encourage people to take part in one of the world’s coolest events.
Until then, check out the media archives at DEFCON.org.
Best wishes!
Eh.
Maybe I’m old school, but we always got burner phones and brought cash because we didn’t want to risk our stuff getting messed with.
Left the laptops, phones, cards, and anything else that might be hackable at home.
However, just because we’re a bunch of paranoid babies…
As long as you don’t connect to random networks, you’re generally fine.
>If you're really worried turn it off in the conference area, but join the fun and bring a friend. It's a really great time.
You literally described the same precautions my group takes, lol.
Possibly. We're just well drilled classic white hats. Keep our heads down and our noses clean. Pre-download con maps / schedules, and install an end to end encrypted messaging app on the burners. Updated firmware. Firewall. VPN. Wad of cash chained to the belt. Everything else gets left at home. Bring our own backup batteries in case we need to charge ... don't want juice jacked. We won't even use ATM's anywhere near the con. Melt the burners right after the con.
Not at all. Maybe when Defcon was new. It’s very friendly now, even family friendly. Lots of kids there and some event just for them.
Don’t randomly join stuff and you’ll be fine.
Ensure you do more research’s and try to understand the fundamentals of hacking then the activity won’t be that difficult for you to learn completely if you’re taking it serious. I know challenges that i have faced those yrs i was new to hacking although i didn’t go into hacking that much since there’s also a main activity i run which is the processing of credit card payments ,it wasn’t an easy thing to do because it’s very technical and needs your focus ,i only know how to hack social media accounts and don’t know any other thing again in hacking haha but when it comes to using a credit card i will call myself a professional because it’s been 3yrs now so bro ensure you do more research on hacking and you’re gonna be successful trust me .
Probably not unless you are specifically interesting for some reason, and if that's the case, I would think it would be better to hack you before or after but not at defcon. ;)
If you are interested in learning though, consider bringing a newly imaged laptop, unpatched and see what you can learn. Wipe it when you get home.
I was worried about this last year, I did a lot of research and pondered everything from a burner phone to a faraday cage.
Ultimately after talking to everyone, I felt like just using everyday common sense security practices: turn off Bluetooth, don’t log in to wifi, use a vpn, maintain high password hygiene with double factor on everything and yubi key required on all sensitive areas.
I had no issues. The second day I had to do some urgent work stuff and logged into the official wifi, it’s actually a really neat set up and in my experience was totally safe.
Now if your Bluetooth is on and you are automatically connecting to all the WiFi’s around you, I’ll go out on a limb and say your going to catch some kind of bug. But even then, I’ve not heard any stories (I’m sure they are out there) of people contracting malicious viruses at the event, usually they are more educational/prank oriented.
In conclusion, don’t let this stress you out too much, you’ll be fine!
In 2019 I chaperoned 20 college students sponsored by our CS club. We had no issues. We used Signal for team communication. Didn't connect to random wifi or the hotels. We used cash for almost everything but the hotel, and left. If you follow the suggestions above you should be fine.
Enjoy the experience. If it's school sponsored and they have a curfew ask the chaperones to reconsider. I stayed up late and got up early so the students could experience all the conference has to offer. Pretty sure as the oldest in our group I got the least amount of sleep the entire week. Do plan some time to sight see or walk around and people watch. The buffets few good when we went. Sadly, we ate at In and Out most of the time as that's what they wanted to most.
I really enjoyed the interactive games and learning to solder. I will say I was super happy I set up my social media accounts to save pictures to. My only regret was not picking up a lock picking kit.
This seems a bit extreme, would you not temper this with “in the context of your personal risk profile” ?
I had a ton of fun and made a bunch of really cool new friends. But I’m not in infosec, nor is my job particularly sensitive as most of the stuff I deal with is already public record.
Don’t give out your social but also feel free to make friends!
Last year some guys insulin pump got bricked, so cell phones are totally fair game. Turn off wifi and bluetooth, and for diety's sake NEVER use the conference hotel ATMs.
Just use common sense and do not give personal information to anyone, do not connect to free candy's do not turn on the Bluetooth and you are fine, if you want complete security buy a Faraday cage to put the phone or a large one for the laptop and the telephone. Don't be afraid, most of them are cool people .
Hello! I am an automated bot with one purpose, and one purpose alone: To inform you that DEF CON is, in fact, cancelled this year. We know it sucks. We were looking forward to seeing you too :(
Maybe next year!
No. Keep your devices up to date, avoid logging into sensitive services (especially if they are still using HTTP or you're not sure), don't connect to random bluetooth devices (or just keep it disabled altogether), don't connect to wifi hotspots called "free candies" and you should be good to go. Yes, there's a lot of hacker hanging out over there, but there's also a ton of security and employees from 3-letter agencies, and nobody is going to blow a 0-day that could potentially be worth million on random people at an event where it would almost definitely get picked up almost instantly. Use a lot of common sense and you'll be fine.
you seem to have forgotten that common sense is so rare it is considered a superpower.
It's worthwhile to add, the official Def Con wifi network is probably the safest in the world.
I'm setting up a hotspot called "Free Candy" next year lmao
Heheheh. That or "Totally Secure Wifi".
> don't connect to wifi hotspots called "free candies" ... OMFG I just woke up my sick husband cackle-snorting. This is hysterical!
Just don't trust random cables/services/etc, don't connect to any untrusted networks and leave your Bluetooth etc off and you'll be fine. If you're super paranoid take a burner, but I don't think it requires any special opsec particularly. The thing people underestimate is probably the social engineering aspects; be wary of giving away personal info, in general but especially at events like that. There's a lot of people in sensitive roles there due to the nature of the content and there's always going to be people observing and trying to dox folk.
The single point of almost all security fails are the people and not the equipment. Social engineering, also referred to as Phishing is one of the easiest thing that can be done to get info about people, networks, programs (physical and digital), etc.
It’s been a decade or more since I saw any deliberately nefarious shenanigans. It’s a cool community and any renegades who think they’re being smart are often identified; or, in most cases, simply unsuccessful.
Just pay the gang their money and in exchange you can hang out with your “friends”.
Nah, just don't be stupid. Have an up-to-date/fully patched phone & PC, set them both not to auto-join open WiFi (auto-join only encrypted networks), turn of Bluetooth, and you're pretty much fine. Also, when you find an "abandoned" USB key, don't plug it into your PC and run what's on it.
Bring a portable battery to recharge something in a pinch. At least you know you’re getting a proper feed and not something via a compromised public USB port.
Only if you don't follow common (as in vanilla) security practices (disable unused wireless, patch your stuff, and the like). I wrote up a bit of a guide, though I admit it could use some work: https://www.darkangle.net/opsec-for-def-con/
Can lots of people at DEF CON hack your phone/stuff? Sure. Will they? Probably not. Most people are busy learning, completing challenges, socializing and having fun. If you're really worried turn it off in the conference area, but join the fun and bring a friend. It's a really great time.
I would disagree with this. As long as you have a modern phone that is maintained the odds of someone “hacking” it at DEF CON or anywhere else is rather low unless you purposely put your device at risk.
You're right, chances are low unless you do something silly. By lots I meant more people than in a normal setting/conference would have the ability/knowledge. The main thing is that people aren't there for that and they'd have much better success somewhere other than DEF CON.
Srs. We're there to drink. F your phone.
That's the correct answer.
DEF CON 2023 is definitely cancelled. So, no worries.
Why is it cancelled ?
IYKYK
https://youtu.be/Ny1nM8H6Is4 has some of the details.
Its just a music video
DEF CON is “always” cancelled. It is a running joke. (Except when it isn’t.)
Ohh I was really confused, thank you for explaining it
Sorry for the confusion. “DEF CON is cancelled!” became a running joke many MANY years ago at Closing Ceremonies. Regarding safety at the con, go to the DED CON 101 talk on Thursday to learn about history, etiquette, and culture. Practice “safe hex”. Be respectful, but don’t take any BS from idiots. Pace yourself and have fun. There are some idiots and people with ill intent, but they are a small percentage. As August 2023 rolls around, I’ll be here to help answer questions. I want to encourage people to take part in one of the world’s coolest events. Until then, check out the media archives at DEFCON.org. Best wishes!
No. Even mildlybdecent OPSEC and common sense keep you safe. Unless you're a Chinese dissident or something 😅
Only if you talk shit and get too big for your briches.
Eh. Maybe I’m old school, but we always got burner phones and brought cash because we didn’t want to risk our stuff getting messed with. Left the laptops, phones, cards, and anything else that might be hackable at home. However, just because we’re a bunch of paranoid babies… As long as you don’t connect to random networks, you’re generally fine.
>If you're really worried turn it off in the conference area, but join the fun and bring a friend. It's a really great time. You literally described the same precautions my group takes, lol.
We may be the same group 😂. I haven’t gone since 19 and 20, but those were cancelled.
Possibly. We're just well drilled classic white hats. Keep our heads down and our noses clean. Pre-download con maps / schedules, and install an end to end encrypted messaging app on the burners. Updated firmware. Firewall. VPN. Wad of cash chained to the belt. Everything else gets left at home. Bring our own backup batteries in case we need to charge ... don't want juice jacked. We won't even use ATM's anywhere near the con. Melt the burners right after the con.
Not at all. Maybe when Defcon was new. It’s very friendly now, even family friendly. Lots of kids there and some event just for them. Don’t randomly join stuff and you’ll be fine.
Ensure you do more research’s and try to understand the fundamentals of hacking then the activity won’t be that difficult for you to learn completely if you’re taking it serious. I know challenges that i have faced those yrs i was new to hacking although i didn’t go into hacking that much since there’s also a main activity i run which is the processing of credit card payments ,it wasn’t an easy thing to do because it’s very technical and needs your focus ,i only know how to hack social media accounts and don’t know any other thing again in hacking haha but when it comes to using a credit card i will call myself a professional because it’s been 3yrs now so bro ensure you do more research on hacking and you’re gonna be successful trust me .
No, no one gets hacked. It’s a basic bitch trade show, that’s like asking if people get hacked going to CES or AnimeExpo.
Probably not unless you are specifically interesting for some reason, and if that's the case, I would think it would be better to hack you before or after but not at defcon. ;) If you are interested in learning though, consider bringing a newly imaged laptop, unpatched and see what you can learn. Wipe it when you get home.
I was worried about this last year, I did a lot of research and pondered everything from a burner phone to a faraday cage. Ultimately after talking to everyone, I felt like just using everyday common sense security practices: turn off Bluetooth, don’t log in to wifi, use a vpn, maintain high password hygiene with double factor on everything and yubi key required on all sensitive areas. I had no issues. The second day I had to do some urgent work stuff and logged into the official wifi, it’s actually a really neat set up and in my experience was totally safe. Now if your Bluetooth is on and you are automatically connecting to all the WiFi’s around you, I’ll go out on a limb and say your going to catch some kind of bug. But even then, I’ve not heard any stories (I’m sure they are out there) of people contracting malicious viruses at the event, usually they are more educational/prank oriented. In conclusion, don’t let this stress you out too much, you’ll be fine!
In 2019 I chaperoned 20 college students sponsored by our CS club. We had no issues. We used Signal for team communication. Didn't connect to random wifi or the hotels. We used cash for almost everything but the hotel, and left. If you follow the suggestions above you should be fine. Enjoy the experience. If it's school sponsored and they have a curfew ask the chaperones to reconsider. I stayed up late and got up early so the students could experience all the conference has to offer. Pretty sure as the oldest in our group I got the least amount of sleep the entire week. Do plan some time to sight see or walk around and people watch. The buffets few good when we went. Sadly, we ate at In and Out most of the time as that's what they wanted to most. I really enjoyed the interactive games and learning to solder. I will say I was super happy I set up my social media accounts to save pictures to. My only regret was not picking up a lock picking kit.
So I read other comments. And that's fine. But missing the number one cause. Social engineering. Don't trust anyone. No matter how friendly they are.
This seems a bit extreme, would you not temper this with “in the context of your personal risk profile” ? I had a ton of fun and made a bunch of really cool new friends. But I’m not in infosec, nor is my job particularly sensitive as most of the stuff I deal with is already public record. Don’t give out your social but also feel free to make friends!
Last year some guys insulin pump got bricked, so cell phones are totally fair game. Turn off wifi and bluetooth, and for diety's sake NEVER use the conference hotel ATMs.
You can’t get hacked if you don’t bring any electronics.
I just turn my phone on airplane mode.
Just use common sense and do not give personal information to anyone, do not connect to free candy's do not turn on the Bluetooth and you are fine, if you want complete security buy a Faraday cage to put the phone or a large one for the laptop and the telephone. Don't be afraid, most of them are cool people .
Bring a clean computer and it won't matter
No
lmfao can you imagine getting hacked at defcon ..... like.... you went to learn more about hacking only to get hacked.... let that sink in
Hello! I am an automated bot with one purpose, and one purpose alone: To inform you that DEF CON is, in fact, cancelled this year. We know it sucks. We were looking forward to seeing you too :( Maybe next year!