DEF CON 30 Hacking Conference Recap
Kevin's takeaways from Vegas
I've been to my share of conferences over my 28 years in IT. Some for fun, plenty for work. Ohio LinuxFest, PAX east, and Comdex are a few I've visited in years past, and more recently the slew of ConnectWise conferences, DattoCon, NerdioCon, XChange, and plenty of small gatherings and meetups.
Not a single one of them comes close to what I just experienced at DEF CON 30.
First off, DEF CON is held annually in Las Vegas, one of my all-time favorite cities to visit. The food, the shows, the lights, and the eye candy are just unparalleled (Hong Kong does come in close second though). It really is a city that never sleeps, if you get bored of something just walk a bit along the strip and you are guaranteed to find something else awesome. extraordinary is just around the corner, you never know what you will find. DEF CON fits so well with that culture, it just feels like a natural extension of Vegas.
What I saw and experienced at DEF CON was just unbelievable. People there are hacking satellites. Yes, the ones above your head. They are hacking biomedical devices. I saw a whole stack of voting machines torn apart so people could figure out how they work and how to hack them. The cool thing about all that? Rounding up, they were doing that stuff because they could, and most of the time, it was in the name of helping their fellow human beings. Why would you hack a voting machine for any other reason than to skew votes? Well, that's exactly why you do. You find the vulnerability and report it so a truly malicious entity can't. Once it's reported, it's up to the manufacturer to confirm the vulnerability and patch it. It really does work like that, and I sat there and talked and interacted with these people for 4 days.
In the biohacking village, attendees were raising points of why a COVID test machine didn't store its data encrypted on the local storage. Those devices could potentially store PHI and if a malicious entity got their hands on that data, you have what is usually referred to as a "bad day".
So, what did I take home? I absolutely sat down and saw detailed tutorials on how to break into things like Microsoft Teams (for the love of whatever deity you worship enable MFA), and I saw how exactly a safe locking mechanism works and how to reverse engineer them. But that level of detail is usually needed for my day to day, my takeaway was something more valuable: I learned what I didn't even know existed. Taking that step back at the details is invaluable, how I look at something and ask the questions of what else can I do to help myself and my clients. I walk away with more proverbial ammo in the utility belt of concepts and ideas that I can use to protect information and people. As I engage with people, I'll tell the stories of what happened and how we can work together to make things safe and secure.
But I can't say too much, after all, what happens in Vegas stays in Vegas!