HACKER SUMMER CAMP 2023 GUIDES — Part One: Surviving Las Vegas & Virtually Anywhere

DCG 201
59 min readJul 7, 2023

Welcome to the DCG 201 Guides for Hacker Summer Camp 2023! This is part of a series where we are going to cover all the various hacker conventions and shenanigans both In-Person & Digital! This year in 2023 somehow bigger than it was in 2022 and thus we will have a total of 15 guides spanning 3 Months of Hacker Insanity!

As more blog posts are uploaded, you will be able to jump through the guide via these links:

HACKER SUMMER CAMP 2023 — Part One: Surviving Las Vegas & Virtually Anywhere

HACKER SUMMER CAMP 2023 — Part Two: Capture The Flags & Hackathons

HACKER SUMMER CAMP 2023 — Part Three: SummerC0n

HACKER SUMMER CAMP 2023 — Part Four: Zero Gravity by RingZero

HACKER SUMMER CAMP 2023 — Part Five: The Diana Initiative

HACKER SUMMER CAMP 2023 — Part Six: BSides Las Vegas

HACKER SUMMER CAMP 2023 — Part Seven: Black Hat USA

HACKER SUMMER CAMP 2023 — Part Eight: SquadCon by Black Girls Hack



HACKER SUMMER CAMP 2023 — Part Eleven: Chaos Computer Camp

HACKER SUMMER CAMP 2023 — Part Twelve: Wikimania 2023

HACKER SUMMER CAMP 2023 — Part Thirteen: HackCon XI

HACKER SUMMER CAMP 2023 — Part Fourteen: Blue Team Con

HACKER SUMMER CAMP 2023 — Part Fifteen: Hack Red Con


So first off lets answer the question…what the f%@k is “Hacker Summer Camp”!?

The term “Hacker Summer Camp” is a nickname for the crazy time in the summer where three computer security conventions: BSides Las Vegas, Black Hat USA and DEF CON take place during the entire week. Due to the literal overlap of activities, locations, speakers and organizations the term was coined to summarize the entire week.

Last year, we thought that was the largest our guides will ever get. We were hoping we could just rest on our laurels in 2023 and just do one big copypasta job. Fortunately for you all, and unfortunately for us, hackers are insane. So we some how TRIPLED the amount of guides this year, including some much needed updates to some of our main stays this year.

Compounding this is that due to various…back end developments *gigity* many of the events, especially the main ones, are coming in with information about their conventions more closer to their con date than normal. We as always will stay vigilant and update the guides to the best of our ability as things change, crap out and new shenanigans are added. All guides are LIVE Documents until the that convention ends so make sure to check back here often even during the convention itself for more & updated info!

Also about the nature of our guides expecially this guide in particular. Our survival guides are just that, a guide. We have to cover a WIDE VARIETY of user cases, threat models and personal prefrences. Meaning that (expecially the tech sections) you DON’T HAVE TO DO EVERY SINGLE THING IN THESE GUIDES! What you need to do is figure out what you are trying to accomplish in attending these conventions and if you are new or have any questions about said subjects we have text, videos and links so you can do research and preperations on them. In fact, if we had to recommend something, skim through the tech sections and focus on the How To Pack, How To Dress and About Las Vegas sections. These guides are worthless if you have an NSA-proof machine but die melting in the sun.

If you have time, check out anything you have skipped because it might give you ideas and perspectives you never though of before.

The lastthing that has changed this year is the sanitation strategy. Despite not being in the middle of a pandemic, both COVID-19 and Monkeypox are still around (and the whatever “Woke Mind Virus” that Elon Musk can’t stop yammering about on his failed bird site) so each gathering will have it’s own policies.

Here are the known ones so far (list to be completed soon):

If you are attending and have the option to participate virtually



During these uncertain times, DCG 201 is providing some tools for the Community to connect and stay healthy. Keep checking back, as we will be regularly updating the information below and providing opportunities to engage with your fellow InfoSec professionals.


  • Connect — have frequent meetings, arrange one to ones, talk to someone instead of sending an email, connect with Community Groups (SEE BELOW)
  • Be active — sports teams, go for lunchtime walks, organize fitness competitions
  • Help others — awareness days, education, good deed feed
  • Take notice — look out for how your colleagues are feeling or acting, visit a new place for lunch
  • Keep learning — share product knowledge, tune into previous Hacker Summer Camp presentations, play online games in our guides & check out the latest #VirtualVegas info on the DCG 201 Twitter


  • Walk away from your desk and have a stretch
  • Have a quick burst of exercise
  • Do some breathing exercises (slow deep breaths)
  • Listen to relaxing music on your headphones at your desk
  • Have some ‘me’ time to recuperate your thoughts
  • Make an effort to attend social events after work
  • Call a friend when you have a few spare minutes
  • Have your lunch break with other colleagues
  • Monitor your well being with an app

Feeling lonely or overwhelmed and not sure what resources are available — check out this list of resources from Mental Health Hackers.


CSA — Join CSA’s global community Circle that facilitates resources and security discussions.

ISC2 — A platform from ISC2 to share your cybersecurity knowledge and experience with other pros.

WSC — Gain access to educational tools, study groups, workshops and networking opportunities, as well as special discounts on respected training, certifications and education programs.

WISP — Their mission is to advance, advocate for, and increase the participation of women in the Privacy and Information Security fields.



Recommended Apps


Guides you through mindfulness mediation, which can help reduce stress and worry.

Andrew Johnson

Teaches relaxation and coping skills in various situations, including an app to guide you through relaxation exercises that you can do in a coffee break.


The Wellness Recovery Action Plan is a self-designed prevention and wellness process that anyone can use to make their life the way they want it to be.


Relax Melodies

A popular free relaxation sound and music app to help you fall asleep or just to switch off. Mix and match nature sounds with music, lay back and listen.


Teaches a deep breathing technique useful in fighting anxiety and stress. A simple interface uses biofeedback to monitor your breathing.


M3 is a confidential screen that reveals an overview of your potential risk of anxiety, depression, bipolar disorder or PTSD and prevention strategies.






Oh and uh…


A reminder what outside looks like…we think…

If you do attend in person here are some other non-Plague related things you might want to know:


Here are a few items that you should pack for your trip:

— Hygiene Products: Travel Toothbrush, Toothpaste, Deodorant, Lotion, Hair Products, ect.

— Appropriate Nevada Summer Clothing: We will deal with this in the next section.

— Hacker Tools: Burner Laptop, Burner Phone, Multi-Tool, Hacking Wears and Tools, Lock-picks, Micro-controllers, Portable Sewing Kit (serious), ect.

— Business Cards: You will be doing a ton of networking at any of these events so make sure you have something to give to people to remember you by (and note, diseases don’t count!)

— Reusable Water Bottles: Vegas gets super hot, in August it can peak at 107 Degrees F so you should make sure you have water on you AT ALL TIMES!

— Cash: Leave your credit cards in your RFID Wallet, make sure you set a budget for yourself and before the trip take that amount out of cash for you. Not only is cash easier to use in a pinch but you can make sure you bank account is safe too! We also recommend to not use Cryptocurrency at the convention but if you must make new accounts, transfer your coins there and make a Crypto-Paper Wallet to bring with you (and guard it with your life) instead of using an app on a device.

— Medication: Bring a First Aid Kit or something containing Band Aid, Headache Medicine, Earplugs, Swabs, ect. Also, any medication you need to survive normally would be a good idea to take with you. Also, condoms. Because Vegas…

— Entertainment: Break out that Nintendo Switch, Smartphone game, Downloaded Movies and even more useful, a book.

— Con Guide: Before your trip, you should look at the con schedule online, copy and paste all the things you want to see plus the date and time of each activity into a document/spreadsheet. Then, print out two copies and carry them with you. Most conventions can give you a guide but in case they run out, you loose it or don’t have it on you having a personalized planner will help in this.

— Notebook: Again, you will be doing a lot of networking and you also might get inspiration while interacting at the convention. Bring a small notebook and pen (graph paper FTW) to jot down ideas, phone numbers, IP Addresses, still art sketches or whatever floats your fancy to document.


— A Bad State Of Mind: You are here to learn new things, network, relax and have fun!




PortaPow USB Data Blocker


SNNplapla 2 Pack 13.8In Faraday Bag



ESPRO P1 French Press Coffee Maker & Water Bottle





$$$ FINANCES $$$

Pre-Paid Physical Cards

SecureSpend VISA Prepaid Card: https://www.securespend.com/

Payment Masking Services

There are a number of services which provide “virtual debit cards” which you can use with online merchants without revealing your actual banking or billing information in most cases. It’s important to note that these financial services are not anonymous and are subject to “Know Your Customer” (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and not for making a purchase completely anonymously.

Gift Card Marketplaces

These services allow you to purchase gift cards for a variety of merchants online with cryptocurrency. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000–10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).


“Secure Centralized Exchange: https://www.kraken.com/


Ever seen the film Fear & Loathing in Las Vegas?

Ironically the main character of Raoul Duke’s (based off of Hunter S. Thompson) odd fashion choices is a good overall idea for how to dress in Vegas:

This might look strange but remember, Nevada is VERY HOT even in August. Again, temperatures can peak at 107 Degrees F so you will want to dress for such brutal desert weather, especially in contrast to the super air-conditioned interiors of Vegas buildings.


We originally recommended this in our previous guide in the NYC section because normally NYC rains a ton in the summer and Vegas is dry AF. However, last year the script flipped due to a little thing you may have heard of called Global Warming.

For a reminder on why you should bring an umbrella to Vegas now:


Gimaix 7 Colours LED Light Blade Runner Style Umbrella (Black-adult): https://www.amazon.com/exec/obidos/ASIN/B014GHMRBW/20140003-20

XXLMIJP 8 Rib Light Up Blade Runner Style Changing Color LED Umbrella with Flashlight Transparent: https://www.amazon.com/exec/obidos/ASIN/B07T1SW5W1/20140003-20

Holographic Umbrella: https://www.amazon.com/Hipsterkid-Holographic-Umbrella-White/dp/B079ZB85BS/

Umbrella With Built In Fan: https://www.amazon.com/exec/obidos/ASIN/B092HGJJ3Q/20140003-20

UV Reflective Umbrella: https://www.amazon.com/Suck-UK-SK-UMBRELLAREF1-Reflective/dp/B00EOTBCEG/


— Loose and Airy Clothing: Don’t bring anything tight fitting. The optimal ideal are loose T-Shirts/Blouses with Shorts/Skirts/Kilts. Something that hangs and that air will flow through. Try to put two or three finger through the sleeves or hug points while wearing it, if you can’t fit them or it’s snug, then it’s not loose enough!

— Storage: Make sure your pants ideally have cargo pockets or bring a Purse of Backpack that has Zippers or Secure Snaps, NOT MAGNETS (how do they work?) Reason being that although uncommon, pick-pocketing does exist in Vegas and this will be the most resilient to their attempts.

— Cover Your Head: Even if you don’t normally wear a hat, please go out an get one. It can be any kind as long as it can loosely and comfortably cover your entire scalp. Remember, your scalp is the most sensitive 0day on your body where heat can escape easily and most of your blood vessels are exposed the pounding sun near your brain. You can also optionally wear a visor to block out the sun.

— Shades: They are not just there to make you a 1337 H@X0R like Neo or Trinity, Vegas is not only hot but BRIGHT and you will want to protect your eyes from the harsh sunlight at all times. Plus the harder it is for the camera’s with AI’s to figure out who you are on Facebook the better.

— High FPS Sunscreen and Lip Balm: Again, Vegas is HOT and BRIGHT so those harmful UV rays will damage your skin. Get yourself a good sun screen, we recommend something at 50 SPF and NOTHING OVER IT (the value over 50 SPF is negligible and Sunscreen from the USA protects less from UVA rays than UVB rays). In addition, wear a comparable lip balm to lock in moisture and protect your lips from the elements, moisturize and lotion every night and try to stay in cool areas or shade and NOT outside for long periods of time. If you don’t have a clue on what to shop for, here is a great list of sunscreen options:

21 Best Sunscreens: https://www.cosmopolitan.com/style-beauty/beauty/advice/g3973/best-new-sunscreens/

— Anti-Swamp Ass Undies: It’s going to be hot out which means you will form Niagara Falls with the sweat running into your but crack and your genitals will feel like they came from a horror movie. DO NOT WEAR COTTON UNDERWEAR! Not only will it chafe and cause skin reactions but it’s absorption will make it feel like you are wearing a diaper that’s also a waterbed. Instead look for nylon boxers/panties and look for specifically designed ones for heat flow and antiperspirant. A good brand is Ex Officio which you can find BOXERS HERE and PANTIES HERE

— Comfortable Shoes: You will be doing a lot of walking. Repeat: A LOT OF WALKING! And we know how awesome those Armani Suides or Vajazzled Stilettos are with your executive playboy look (you can reuse them later, see below) but they will kill your feet after 30 minutes never mind 16+ hours of going up and down elevators, across vendor halls, between workshops or talks and never mind the dance floor! Make sure to wear the most comfortable worn in shoes you can, ideally sneakers. You can always change into something else later in the day, in fact, having a pair of slippers for your hotel room would be a great idea.

BONUS: Wear a pedometer or set one up on your smart device, check it every night or on the flight back from the con and you will be SHOCKED how much you walk. Here is data on how much our Co-Founder Sidepocket walked during the Circle of HOPE hacker convention in New York City for comparison:

…and remember, Hacker Summer Camp 2023 is 30x the size of The Circle of HOPE!

Finally, we have three specialty outfits we recommend to bring in addition to your normal con look.

BUSINESS OUTFIT — This does not have to be a full suit, just a loose polo or button down shirt and some business slacks with nice comfy business shoes for masc looks and a light designer dress with open toed shoes for examples of a fem look. There are a lot of jobs and professional information security events around, so make sure you do research into what type of event you are attending and if it’s more corporate you have a look that matches.

SWIMWEAR OUTFIT — Either a swimsuit or water resistant clothing with NO electronics so you can hang out near the pool at your hotel and at parties.

PARTY OUTFIT — This is where your creativity can go wild and wear that crazy LED light up bondage gear with wings or that fur-suit you have buried in your closet. Since you only be dragging this out at night time during parties and gatherings, you can comfortably be in this get up while not killing your body out there, just make sure to take breaks to rest and stay hydrated even at night!


EFF Store: https://supporters.eff.org/shop/apparel


So here is a conundrum.

You are here to attend a hacker and information security convention. This involves tech. You are a tech person. You want to bring your tech.


Again, it’s a hacker and information security convention. There will be so much shenanigans, traps, pitfalls and malicious activity that you don’t want to end up as part of someones security research paper.

So obviously, we are not going to tell you to leave your tech at home. How boring would a hacker convention be without technology? (Answer: It would be the RSA Conference.)

Instead, here are a few tips that will help your tech survive the experience. Remember, these are not uber 1337 hacker proof ninja skills, everything and anything can be exploited and hacked. However, these tips will help out during the journey to make sure your head is more focused on the connections and learning and not in the debugger or data recovery process:

DO NOT BRING YOUR PERSONAL AND/OR WORK MACHINES TO THE CONVENTION!!! We can’t stress this enough, if you bring the machines you use (laptop, tablet, smartphone, servers, micro-controllers) to any of the conventions you are putting all your work and personal data at risk, even if you do back ups. Furthermore, you risk taking an compromised machine of unknown origin back to your work network or personal network which can be further damaged and 0wned.

Instead, use Burner Equipment.

When purchasing a burner device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.

Avoid buying phones from mobile network operators. These often have a locked bootloader and do not support OEM unlocking. These phone variants will prevent you from installing any kind of alternative Android distribution.

Be very careful about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there’s a possibility of IMEI blacklisting. There is also a risk involved with you being associated with the activity of the previous owner.

A few more tips regarding Android devices and operating system compatibility:

  • Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
  • Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper Verified Boot support and firmware updates. These devices also have no way for you to check whether they’ve been tampered with.
  • In short, if a device or Android distribution is not listed here, there is probably a good reason, so check our discussions page.


We have seen a lot of discussion about the usecase of burner equipment. Many saying that, at best, it’s outdated advice and at worse, is incredibly stupid stories hackers tell n00bs to scare people.

While we agree with many of the points, we want to be realistic about your potentinal threat model at Black Hat & DEFCON. Our fear is that by telling everyone “Oh you don’t need burners” that the oposite effect will happen and people won’t do any base security at all and thus get hacked.

So here is the quick rappid-fire Q&A about buners, security, networks, ect:

  • Will Some Black Hat Evil fSociety Group Hax My Stuff: Very unlikely unless they like to get arrested.
  • Will the INSERT THREE LETTER GOV AGENCY be Snooping My Stuff: Probibly but they’ve been doing that across the US so any base protection you do will be more than enough to thrwart them.
  • What is my Actual Threat Model for Device Security: Students and/or Security Research groups using attendees as subjects in their research, hence the phrase “You don’t want to be the subject of a DEF CON Panel.” This has been less so now than 5 years ago but still a realistic posibility.
  • Is the Black Hat/DEF CON Network Safe: The network is now policed by a ton of top shelf White Hats and ex-Black Hats manned by OG DEF CON Allum Grifter. They do a fantastic job every year so your safety is how you feel about it but you should have zero issues connecting.
  • What if I don’t feel safe on the network: Just changing your DNS and then running your web traffic through a VPN or Tor will just be fine, see our recommendations below. Also, our recommended Browsers with configs listed below will be great too.
  • Do I Absolutly Need A Burner: No, you most likely don’t. However, if you can do one and your threat model seems greater and/or you want to feel more secure, we have our guides bellow on how to do it.
  • What if I can’t/don’t have a Burner: Just follow the DNS, VPN/TOR, EXIF and APP guides below and you’ll be fine.
  • What’s my Realistic Use Case for a Burner Phone/Number: Over zealous cops. Phone is stolen. Creeps that won’t leave you alone give them an burner number and if you don’ t have one give them 248–434–5508. If any of these three things happen to you, contact staff/authorities ASAP and if police are causing problems be quite and request a lawer.
  • Do I really need to only bring Cash at Black Hat/DEF CON: Most physical cards and Tap-To-Pay have great security options plus fallout back ups to reimburse your stolen money (and generate a new card) if it’s compromised. Cash App/Venmo/ApplePay in particular have the ability to digitally generate new cards vitually. Having a mix of cash, card and tap (maybe cryptocurrency too) is recomended to versitile your options and if you are nervious about cards, our FINANCE section above has great advice.
  • What if I don’t have a Buner Laptop: You can burn a secure OS that we recommend bellow on a USB and live boot it on your machine of choice. You can also run it as a VM (Virtual Machine) on your machine which the hypervisor (expecialy if it’s Xen) will give max protection. Just don’t use your other apps and you will be fine.
  • Please, before you go, log into to your accounts you want to use beforehand and avoid signing in/logging out during the conventions.
  • Burner or Not, make sure your device is turned off or in airplane mode when it’s not in use.
  • This advice is not only useful for hacker cons but public convetnions and day-to-day life in general
  • And finally, this advice on the convetions networks are only for DEF CON/BlackHat. We can’t speak for other conventions like BSides, Blue Team Village, CCC, ect. but we are sure they are great too, just contact them or visit their websites to find out more.


EXIF is short for Exchangeable Image File, a format that is a standard for storing interchange information in digital photography image files using JPEG compression. This includes GPS information so you can easily see where the images were taken. If someone who knows about EXIF data can find it, they can find out where you took the photo, compromising your privacy.

Here are programs that can remove them:


Google Pixel

Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google’s custom Titan security chips acting as the Secure Element.

Google Pixel devices are known to have good security and properly support Verified Boot, even when installing custom operating systems.

Beginning with the Pixel 6 and 6 Pro, Pixel devices receive a minimum of 5 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2–4 years competing OEMs typically offer.

Secure Elements like the Titan M2 are more limited than the processor’s Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running “trusted” programs. Phones without a Secure Element have to use the TEE for all of those functions, resulting in a larger attack surface.

Google Pixel phones use a TEE OS called Trusty which is open-source, unlike many other phones.

Official Store: https://store.google.com/category/phones

Swappa: https://swappa.com/buy/unlocked/google

Blackmarket: https://www.backmarket.com/en-us/l/unlocked-google-pixel/d6fd4ff1-392b-4174-9ee7-32485e10b9a5







Strict FOSS Only Storefront: https://accrescent.app/


















OpenSUSE Tumbleweed: https://get.opensuse.org/tumbleweed/

Team SilverBlue: https://silverblue.fedoraproject.org/




Apple iMac machines run a POSIX compliant UNIX variant, and the hardware is essentially the same as what you would find in a high-end PC. This means that most hacking tools run on the Mac operating system. A properly set up Apple machine can do quite a bit of heavy lifting.

Objective-See Security Tools: https://objective-see.org/tools.html

Safari Recommended Configuration

These options can be found in

SettingsSafariPrivacy and Security.


  • Enable Prevent Cross-Site Tracking

This enables WebKit’s Intelligent Tracking Protection. The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.


Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you’re visiting. It can also display a weekly report to show which trackers have been blocked over time.

Privacy Report is accessible via the Page Settings menu.


  • Disable Privacy Preserving Ad Measurement

Ad click measurement has traditionally used tracking technology that infringes on user privacy. Private Click Measurement is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.

The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it’s automatically disabled in Private Browsing to be an indicator for disabling the feature.


Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.

  • Select Private

Safari’s Private Browsing mode offers additional privacy protections. Private Browsing uses a new ephemeral session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari’s translation feature.

Do note that Private Browsing does not save cookies and website data, so it won’t be possible to remain signed into sites. This may be an inconvenience.


Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are not. Apple can decrypt and access them in accordance with their privacy policy.

You can enable E2EE for you Safari bookmarks and downloads by enabling Advanced Data Protection. Go to your Apple ID name → iCloud → Advanced Data Protection.

  • Turn On Advanced Data Protection

If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari’s default download location is set to locally on your device. This option can be found in





— Regardless of what desktop operating system or programs you use make sure that before you go to the con you update them to their latest versions. Most exploits are found in earlier versions of code, thus the older your digital devices and their software are, the more of the attack surface will be available to malicious hackers.

— Charge your equipment with either Power Only USB Wires (how to covert an existing USB Cable into Power Only) or use USB Condoms. This is to ensure when you plug into something to charge you are only using power and not transmitting any data. Use backup battery chargers and replacement batteries for equipment whenever possible in leu of charging via outlets. DO NOT use one of those Device Charging Kiosks where you leave your device in a glass cabinet as you charge, they have been known to be spoofed to steal your data.

— Try to obtain and use pre-paid hotspots if possible on a 4G line to make calls and use cell data. In addition to encrypting your phone, make sure you configure your phone to connect to your pre-paid hotspot and not cell towers. During Hacker Summer Camp, cyber criminals are known to set up fake cell phone towers (HACKADAY guide to how to spot fake cell towers) for your devices to connect to and make it spit information you do not want them to know…

These screenshots show a scan for Cell Phone Towers before Defcon (left) and during (right). Notice the fakes? Images: Geoffrey Vaughan

— Use Tor (or i2p or a VPN) configured to FULL TUNNEL, including DNS look up. We also recommend in using the AES Algorithm to traffic data you want to send and networks you want to connect to. Beware when connecting to the con’s WIFI, while the NOCs (Network Operation Centers) of each con do a fantastic job to try to create things safe, their will be open warfare by bad hombres all over these networks and the wifi provided by the hotel will be worse. If you have to connect, try to get a wired connection if possible so you don’t also open yourself up to general wifi and bluetooth attacks. Also, if you go on the web make sure you have your VPN on in Privacy Browser Mode.


Tor Routed Browsers:

Tor Switch For Firefox & Chrome: https://mybrowseraddon.com/tor-button.html

See Also:

i2p Browser: https://geti2p.net/en/download

Gecko Engine Browsers:

NOTE: We are linking to the Mozilla FTP for Firefox because Firefox includes a unique download token in downloads from Mozilla’s website and uses telemetry in Firefox to send the token.

Recommended Configuration

These options can be found in → Settings


  • Uncheck Provide search suggestions

Search suggestion features may not be available in your region.

Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider.

Privacy & Security


  • Select Strict Enhanced Tracking Protection

This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from all fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability.


Firefox Suggest is a feature similar to search suggestions which is only available in the US. We recommend disabling it for the same reason we recommend disabling search suggestions. If you don’t see these options under the Address Bar header, you do not have the new experience and can ignore these changes.

  • Uncheck Suggestions from the web
  • Uncheck Suggestions from sponsors


If you want to stay logged in to particular sites, you can allow exceptions in Cookies and Site DataManage Exceptions…

  • Check Delete cookies and site data when Firefox is closed

This protects you from persistent cookies, but does not protect you against cookies acquired during any one browsing session. When this is enabled, it becomes possible to easily cleanse your browser cookies by simply restarting Firefox. You can set exceptions on a per-site basis, if you wish to stay logged in to a particular site you visit often.


  • Uncheck Allow Firefox to send technical and interaction data to Mozilla
  • Uncheck Allow Firefox to install and run studies
  • Uncheck Allow Firefox to send backlogged crash reports on your behalf

Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.

Additionally, the Firefox Accounts service collects some technical data. If you use a Firefox Account you can opt-out:

  1. Open your profile settings on accounts.firefox.com
  2. Uncheck Data Collection and Use > Help improve Firefox Accounts


  • Select Enable HTTPS-Only Mode in all windows

This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.


Firefox Sync allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE.

See Also:

Chromium Based Browsers:

Recommended Configuration

These options can be found in → Settings.



Brave includes some anti-fingerprinting measures in its Shields feature. We suggest configuring these options globally across all pages that you visit.

Shields’ options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:

  • Select Prevent sites from fingerprinting me based on my language preferences
  • Select Aggressive under Trackers & ads blocking
  • Use default filter lists
  • (Optional) Select Block Scripts
  • Select Strict, may break sites under Block fingerprinting


  • Uncheck all social media components


  • Select Disable non-proxied UDP under WebRTC IP Handling Policy
  • Uncheck Use Google services for push messaging
  • Uncheck Allow privacy-preserving product analytics (P3A)
  • Uncheck Automatically send daily usage ping to Brave
  • Uncheck Automatically send diagnostic reports
  • Select Always use secure connections in the Security menu
  • Uncheck Private window with Tor
  • Sanitizing on Close
  • Select Clear cookies and site data when you close all windows in the Cookies and other site data menu
  • If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the Customized behaviors section.


Disable built-in extensions you do not use in Extensions

  • Uncheck Hangouts
  • Uncheck WebTorrent


Brave’s Web3 features can potentially add to your browser fingerprint and attack surface. Unless you use any of features, they should be disabled.

Set Default Ethereum wallet to Extensions (no fallback) Set Default Solana wallet to Extensions (no fallback) Set Method to resolve IPFS resources to Disabled


  • Uncheck Continue running apps when Brave is closed to disable background apps


Brave Sync allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.

Brave Rewards and Wallet

Brave Rewards lets you recieve Basic Attention Token (BAT) cryptocurrency for performing certain actions within Brave. It relies on a custodial account and KYC from a select number of providers. We do not recommend BAT as a private cryptocurrency, nor do we recommend using a custodial wallet, so we would discourage using this feature.

Brave Wallet operates locally on your computer, but does not support any private cryptocurrencies, so we would discourage using this feature as well.

See Also:














WARNING: Using a VPN will not keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.

If you are looking for anonymity, you should use the Tor Browser instead of a VPN. (SEE BELOW)

If you’re looking for added security, you should always ensure you’re connecting to websites using encrypted DNS and HTTPS. A VPN is not a replacement for good security practices.

If you’re looking for additional privacy from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved.





Encrypted DNS with third-party servers should only be used to get around basic DNS blocking when you can be sure there won’t be any consequences. Encrypted DNS will not help you hide any of your browsing activity.

Definitions Explained

DNS-over-TLS (DoT): A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.

DNS-over-HTTPS (DoH): Similar to DoT, but uses HTTPS instead, being indistinguishable from “normal” HTTPS traffic on port 443 and more difficult to block. DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server.

DNSCrypt: With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS.


Android 9 and above support DNS over TLS. The settings can be found in: SettingsNetwork & InternetPrivate DNS.

Apple Devices

The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via configuration profiles or through the DNS Settings API.

After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN’s DNS settings and not your system-wide settings.

Apple does not provide a native interface for creating encrypted DNS profiles. Secure DNS profile creator is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile’s origin and helps to ensure the integrity of the profiles. A green “Verified” label is given to signed configuration profiles. For more information on code signing, see About Code Signing. Signed profiles are offered by AdGuard, NextDNS, and Quad9.

About Linux:

systemd-resolved, which many Linux distributions use to do their DNS lookups, doesn't yet support DoH. If you want to use DoH, you'll need to install a proxy like dnscrypt-proxy and configure it to take all the DNS queries from your system resolver and forward them over HTTPS.

Recommended Providers

Encrypted DNS Proxies

TIP: A cool idea that is not required for your desktop OS, you can also run a firewall on your laptop via a VM (Virtual Machine) that will isolate your trusted host. Do note that while this in a more advance technique and is difficult to set up and for red team to hack, there are hackers that know how to manipulate hypervisors to break this method. Remember, when you are at a popular open convention, trying to connect to anything is a risk!


This should hopefully be the worst part of your trip, getting there. Some will try to drive there (like our Co-Founder GI Jack because he is not right in the head and from New Jersey to boot) and others will take more unorthodox means of getting there. Most of you, are most likely to fly there via an airline. Besides some general knowledge of airline tips, here are some additional tips that are unique to going to Hacker Summer Camp.

— Make sure to pre-charge all your devices you are going to use and bring before the flight. This sounds like a no-brainer but while many airlines do have power plugs many still don’t (especially on the plane) and they also might be fully occupied by your other travelers. Make sure all your devices are powered and ready to go so once you get off the plane you can hack right when your feet touch the ground!

GET TO YOUR FLIGHT ON TIME! Again, a no-brainer but an important one. Airlines are very fickle about times, and you should show up at least a half an hour before your flight if not earlier. It can be difficult to reschedule your flight and often later times are many hour later delaying everything. Now if your flight is delayed, raise hell-erm-don’t hack the airport (we don’t support that idea) just complain to customer service and the airline until you get what you need.

DO NOT BRING WEAPONS, DRUGS, EXPLOSIVES OR ANY OTHER SCARY LOOKING THING ON A PLANE!!! In addition, try not to code or do network ops while in flight. We have heard too many stories of friends trying to remote tunnel into their network while flying only to be thrown in a room with blue gloves groping them because the airline staff thought they were ISIS hacking into the Pentagon.

— Here is are two tips to secure your luggage. First, DO NOT USE TSA APPROVED KEYS AND LOCKS. Get your own locks, you can reach out to your local TOOOL Chapter or contact them online and they will give you advice on what to do. Here is a talk by Nite0wl, JohnnyXmas and DarkSim on why TSA locks are a bad idea (HINT: Nite0wl dropped a 0day on the “safe” skies travel locks). Second, if you are an American who legally owns a FIREARM, you can use that firearm to store other valuables you don’t want to get lost. You can find more info on that via clicking this link for an amazing talk by Deviant Ollam on the subject of flying with firearms.

NOTE: Unlock your luggage before you check it on a plane. The TSA will simply cut the lock off your bag. Pack your lock in your bag, and then relock it when you get out of the airport.

— Make sure you have all your essential items that are valuable to you and/or you are going to frequently use on your carry on (and make sure they meet carry on standards). Sadly, luggage loss by airlines is a thing and we have known people who have lost thousands of dollars in equipment and clothes via their onboard stored luggage disappearing.

— This is also where those portable entertainment items will come in handy. Suggestions include your latest and favorite 2600 Magazine, the book Turing’s Cathedral by George Dyson, Mr. Robot Season 3 (look out for our Co-Founder Sidepocket’s cameo in the Hacker Space scene of Episode One) any Nintendo Switch video game or the DEF CON 30 Main Stage & Village Talks and A New Hope 2022 Talks (and please wear headphones!)


So, you have finally arrived in Vegas or NYC at the hotel you have booked. You are not done yet! Here are some more tips once you got your room key card and have opened the door:

  • Secure all the stuff in your room. Pre-pack and organised what you are going to take with you to the con on different days, put the things away that will never leave the room and lock down physically or digitally anything you want others to have no or limited access to.
  • Load up your bluetooth war-driving, RF arrays, NFC sensors and other detectors to scan for bugs and spying devices in your room. Put all your devices not in use in Faraday cages and put stickers over any cameras and microphones on your devices. You can also bring with you (or buy there) from Bed Bath and Beyond a white noise generator installing it in a separate room on the far side of your abode to harbor electronics to prevent further spying. This can be a fun (and potentially dangerous) activity for you and your trusted contacts. Please do not destroy the fixtures and room you are in as a courtesy to the hotel. Who knows, you might even win Spot The Fed at DEF CON 30!
  • Also to make your room more secure, put towels and filler material in between the cracks of the door and windows to prevent outside in eavesdropping.
  • Reach out to your communication contacts with your burners. Develop before the con a system of trust among friends and colleagues that will be going with you to the con(s) or you will be running into so you have emergency contacts and safety nets for you and others in case of emergency.
  • Purchase Pre-Made Food or Create Your Own Food (Lunch and Snacks) before hand and pack them with you for each day of the convention. There is a reason it’s called Hacker Summer Camp, treat it like one! You will thank us when you are stranded in an area with no food and you need to eat or all the places around you are where a hamburger costs a new mortgage on your house! Again, make sure to bring multiple water bottles with you and reuse the bottles!
  • Put your room key card in it’s own Faraday Cage sleeve and keep it on your closest of persons AT ALL TIMES!

Guide on Copying your Hotel Room Key for Flipper Zero users

The keyword here is YOUR. Please do not copy anyone else’s room key that you do not have permission to!

These keycards are usually Mifare Classic 1k so these are the steps I took using the Unleashed firmware. If you don’t have any apps listed here, search them on github and google how to compile for your firmware.

  1. Scan your keycard with the NFC app.
  2. Start mfkey32 under Applications -> NFC -> mfkey32.
  3. Run “Nested attack” under Applications -> NFC -> Mifare Nested. May have to try several times. First time I got error PRNG not predictable. Second time it took a couple hours but worked.
  4. On your computer, install python and use pip to install the library FlipperNested.
  5. Connect your flipper to your computer and run FlipperNested in your computer terminal (python3 -m FlipperNested for me). If asked to select an option, choose number 3.
  6. Back on your flipper run “Check found keys” under Applications -> NFC -> Mifare Nested.
  7. Rescan your hotel keycard.
  8. ???
  9. Profit

This whole process may take some time (up to a few hours) so be patient!

Caesars Honeywell Thermostat Hack by Snubs

This disables the room occupancy sensor and lets you lower the min temp.

> Hold down “display” button

>Press “off”

>Then hit the “Up” arrow

>Then release “display” button

Edward Snowden DYI Tripwire Alert

You Will Need:

>Pack of Soy Sauce


>Rubber Band

>Plastic Tumbler (or a drinking glass)

  1. Fill the tumbler 1/2 way with water.
  2. Draw a symbol or letter on the napkin with the soy sauce and put it over the top of the tumbler.
  3. Secure the soy sauce packet with the rubber band.
  4. Place the tumbler behind the door when you leave (but don’t forget that it’s there!)

If someone enters your room, the glass will get knocked over and the symbol or letter on the napkin will become unreadable, tipping you off that someone entered into you room with out consent!

This presentation will show you how to set up customized travel “trip wires” that operate over 433 MHz and fit in a small toiletries case. With a Raspberry Pi, less than $20 worth of supplies, and an hour of spare time, you can configure 4 or 5 sensors that will alert you if your favorite things are moved, opened, or disturbed while you’re away from the room.

— Explore the hotel and spend a night walking around the immediate hotel area and the overall Las Vegas strip and/or NYC Campus if you can. Important things to map are shops, fast food places, bars, banks, security surveillance and other important points of interests. In fact, you can the day before print out a Google Map/Open Street Maps of the strip to keep on your persons (as well as a close up of the hotel and it’s surrounding area) and psychically map things out with marker and pen as you go. As a heads up, here is a list of resurant locations in Las Vegas and below is a picture map of every Walgreens on the strip:

A quick guide for supplies, make sure to make your own map of the Las Vegas Strip!


Monorail Station Hours

Monday: 7 am — 12 Midnight
Tuesday: 7 am — 2 am
Wednesday: 7 am — 2 am
Thursday: 7 am — 2 am
Friday: 7 am — 3 am
Saturday: 7 am — 3 am
Sunday: 7 am — 3 am

Save, Scan & Go with the Las Vegas Monorail!

The Las Vegas Monorail is excited to introduce Mobile Ticketing. Get to your destination even faster with our Scan & Go technology! No more fumbling with paper tickets, confirmations or redemption codes. Now riders can take advantage of our eTicket discounts as a thank you for helping us reduce paper use and landfill waste.

Here’s How It Works:


Purchase discounted tickets online and receive an electronic ticket to the email address of your choice. Mobile Tickets can be purchased in advance on a desktop, tablet or mobile device. You can also purchase from any mobile device once you have arrived in Las Vegas.


Arrive at one of our seven stations and locate your ticket on your mobile device. Proceed to the Las Vegas Monorail fare gates and simply scan the QR code on your phone.

Electronic tickets may also be printed at home and scanned directly at the fare gates.


Proceed through the fare gates and board the next train headed in your chosen direction. Trains arrive every 4–8 minutes

Prefer a Paper Ticket?

Want to keep your ticket as a souvenir? Paper tickets are still available at our Ticketing Vending Machines or at one of our Customer Service Offices for regular, full-price purchases.

Please note that Ticket Vending Machines only offer the following ticket types:

  • Single Ride Ticket
  • Unlimited 24-Hour Pass
  • Unlimited Three-Day Pass

Additional Multi-Day ticket types can be purchased at a discount online or at full price at one of our Customer Service Offices, open 10 am-6 pm, daily.

Expiration of Mobile Tickets

Mobile tickets are valid for one year from their purchase date. The One-Ride Ticket loses its value after the ride has been taken.

Unlimited-Ride Passes are valid for unlimited rides for the period listed on the mobile ticket. This period begins the first time you use the ticket at a fare gate during operational hours and remains valid for the number of consecutive days, as listed on the ticket. Each “day” equals a 24-hour period.

Need Assistance at the Station?

Look for a Las Vegas Monorail employee and we can assist you. If no Monorail employee is available, please press the button on the emergency telephone located near the fare gates and wait for an operator to answer your call. We’re here to assist with any malfunction or in the case of an emergency.

Fare Types


One-Ride tickets are good for one person for one entry/ride.


Unlimited-ride passes are good for unlimited travel for one person for a consecutive period during operational hours.

Additional Questions?

Please visit our FAQ page for some of our most common questions, or visit our Contact page so we may assist you directly.




The Westin Las Vegas Hotel & Spa (160 E Flamingo Rd, Las Vegas, NV 89109)

Alexis Park Resort (375 E Harmon Ave, Las Vegas, NV 89169)

The Cromwell Las Vegas Hotel & Casino (3595 S Las Vegas Blvd, Las Vegas, NV 89109)

The Horsehoe Las Vegas (3645 S Las Vegas Blvd, Las Vegas, NV 89109)


The Lexi Las Vegas (1501 W Sahara Ave, Las Vegas, NV 89102)


Golden Gate Hotel & Casino (1 E Fremont St, Las Vegas, NV 89101)


LGBTQ+: https://www.travelgay.com/destination/gay-usa/gay-nevada/gay-las-vegas/


Fire / Police / Ambulance : 911

Poison Control : (702) 732–4989

Rape Crisis Center Hot Line : (702) 366–1640

Mental Health Crisis Unit : (702) 486–8020

HelpLine Numbers:

Gamblers Anonymous : (702) 385–7732

Alcoholics Anonymous : (702) 598–1888

Domestic Crisis Shelter : (702) 646–4981

Juvenile Court Services Abuse and Neglect Hot Line : (702) 399–0081

Youth Runaway Shelter : (702) 385–3330

Government Numbers:

Internal Revenue Service : (800) 829–1040

Department of Motor Vehicles : (702) 486–4368

Clark County District Attorney : (702) 455–4204

Federal Bureau of Investigation (FBI) : (702) 385–1281

Bureau of Alcohol, Tobacco and Firearms : (702) 388–6584

Health & Social Numbers:

American Red Cross : (702) 248–2770

Alzheimer’s Association Southern Nevada Chapter : (702) 248–2770

American Heart Association : (702) 367–1366

American Cancer Society : (702) 798–6877

American Lung Association : (702) 431–6333

United Way : (702) 455–4291

Senior Protective Services : (702) 455–4291

Clark County Social Services : (702) 455–4270

Salvation Army : (702) 649–8240

Transportation Numbers:

Traffic Hotline : 511

Amtrak Railroad : (702) 386–6896

McCarran International Airport : (702) 261–5211

Las Vegas Public Bus Transportation : (702) CAT-RIDE

Miscellaneous Numbers:

Information Assistance : 411

Information and Referral HELP of Southern Nevada : (702) 369–4357

Time / Weather : (702) 248–4800

— Lastly but certainty not least, we must remind you that while you are any of the three conventions to PLEASE work with con security and staff and not AGAINST them, obey their Code of Conducts (DEFCON CoC, Black Hat CoC, BSidesLV CoC) and OBEY the 5–2–1 rule.




>And please…for the love of everyone’s nasal glands…SHOWER EVERY DAY!!!!!

If you have your own tips, tricks and advice for surviving Las Vegas, Nevada or New York City that we forgot to miss here, you can reach out to us on our social media or email us at INFO {at} DEFCON201 <dot> ORG

Enjoy your time in LAS VEGAS and remember,

What happens in Vegas

Appears on YouTube!

P.S. Cannabis is LEGAL in the State of Nevada! Click here to read up on the laws! NOTE: CASINOS ARE RULED BY FEDERAL LAW SO NO SMOKING CBD AND/OR THC PRODUCTS INDOORS!

CONTINUE TO :: HACKER SUMMER CAMP 2023 — Part Two: Capture The Flags & Hackathons



DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org