HYBRID HACKER SUMMER CAMP 2021 GUIDE — Part Eight: SIGS, EVENTS AND PARTIES
Welcome to the DCG 201 guide to Hybrid Hacker Summer Camp! This is part of a series where we are going to cover all the various hacker conventions and shenanigans in August. As more blog posts are uploaded, you will be able to jump through the guide via these links:
HYBRID HACKER SUMMER CAMP — Part One: Surviving Physical + Virtual Vegas
HYBRID HACKER SUMMER CAMP — Part Two: BSides Las Vegas
HYBRID HACKER SUMMER CAMP — Part Three: Ring Zer0
HYBRID HACKER SUMMER CAMP — Part Four: Black Hat USA
HYBRID HACKER SUMMER CAMP — Part Five: FuzzCON
HYBRID HACKER SUMMER CAMP — Part Six: DEFCON 29
HYBRID HACKER SUMMER CAMP — Part Seven: USENIX
HYBRID HACKER SUMMER CAMP — Part Eight: SIGS, EVENTS AND PARTIES
EMERGENCY INFO & HACKER ETIQUETTE AKA HOW NOT TO BE AN ASS
Normally we would put this under the Party section of this guide but we at DCG 201 have made an executive decision to put this right on top due to it’s upmost importance.
Hacker Summer Camp at it’s core are a series of social events for anti-social people. Getting out their and mingling with old friends while making new ones is a core part of the experience at BSides LV, Black Hat USA and DEFCON. And while we like to think of the best of people, putting over 20,000 people in the same place will cause some bad actors to have the dumb. Here are a few tips and resources to survive the trip:
— IT IS ALWAYS OK TO TELL SOMEONE “NO” AND IF THEY PERSIST TO TELL THEM TO FUCK OFF! Never be shy to do this. The ability to refuse something because of your choice is not only you right as a human being but also a core part of the Hacker Ethos that we feel has sadly eroded over time. Just because everybody is drinking, doing drugs and blowing each other to bad music around a pool does not mean you have to. No is always an answer and if you encounter any trouble contact DEFCON GOONFLEET SECURITY or if it’s even more severe, CALL NEVADA AUTHORITIES!
— If you see someone getting harassed verbally, mentally or physical, DON’T BE A WALLFLOWER, HELP. This is how we breed Dark Sims when people sit around and do nothing while horrible people get away with things. Even simply butting into a conversation will help a person in need. If you feel like you can’t do anything yourself, contact DEFCON GOONFLEET SECURITY or NEVADA AUTHORITIES to intervene. You also want to stay around to be a witness to document the incident. The more we look out of each other, the better of a community we will become.
— Remember those burner phones and that circle of trust? These events and parties is where it will come in handy. NEVER GO TO ANY PARTY OR EVENT ALONE. Always have a buddy looking out for you and vice versa. The more eyeballs, ears and hands the safer you and everyone else will be.
— Please TAKE FREQUENT BREAKS and RE-HYDRATE between intense physical activity at events and parties. Remember even at night, Nevada is very hot and alcohol and other chemicals will dehydrate you.
— If you are going to drink PLEASE EAT FOOD AND DRINK WATER BETWEEN DRINKS. We often talk about how much booze is downed before, during and after these activities but not only do you NOT have to participate but PACING your drinking and eating food while drinking water between said drinks will help reduce your risk of alcohol poisoning and hangover. Also, KNOW YOUR BODY LIMITS. Just because the new groupie you met can drink alcohol shots of 197 Proof (*cough*CoFounderSidepocketAlcholic*cough*) does not mean you have to. Stay with what you know and what you are comfortable with.
— Lastly about drinking and food, NEVER LEAVE YOUR DRINKS AND FOOD ALONE IN PUBLIC. Again, as much as we like to see the good in people, roofies and date rape can and will happen at major public events. If you left a beer out for instance for even 30 seconds without holding it or looking at it, get a new one and trash the old one. If you feel like you are in the process of being roofied, contact your CIRCLE OF TRUST and NEVADA AUTHORITIES. Here is also an excellent guide about Date Rape drugs and how nobody of no gender is safe:
Emergency Numbers:
Fire / Police / Ambulance : 911
Poison Control : (702) 732–4989
Rape Crisis Center Hot Line : (702) 366–1640
Mental Health Crisis Unit : (702) 486–8020
HelpLine Numbers:
Gamblers Anonymous : (702) 385–7732
Alcoholics Anonymous : (702) 598–1888
Domestic Crisis Shelter : (702) 646–4981
Juvenile Court Services Abuse and Neglect Hot Line : (702) 399–0081
Youth Runaway Shelter : (702) 385–3330
Government Numbers:
Internal Revenue Service : (800) 829–1040
Department of Motor Vehicles : (702) 486–4368
Clark County District Attorney : (702) 455–4204
Federal Bureau of Investigation (FBI) : (702) 385–1281
Bureau of Alcohol, Tobacco and Firearms : (702) 388–6584
Health & Social Numbers:
American Red Cross : (702) 248–2770
Alzheimer’s Association Southern Nevada Chapter : (702) 248–2770
American Heart Association : (702) 367–1366
American Cancer Society : (702) 798–6877
American Lung Association : (702) 431–6333
United Way : (702) 455–4291
Senior Protective Services : (702) 455–4291
Clark County Social Services : (702) 455–4270
Salvation Army : (702) 649–8240
Transportation Numbers:
Traffic Hotline : 511
Amtrak Railroad : (702) 386–6896
McCarran International Airport : (702) 261–5211
Las Vegas Public Bus Transportation : (702) CAT-RIDE
Miscellaneous Numbers:
Information Assistance : 411
Information and Referral HELP of Southern Nevada : (702) 369–4357
Time / Weather : (702) 248–4800
Friends of Bill W at DEFCON 29
For all those Friends of Bill W. looking for a meeting, or just a quiet moment to regroup from the Vegas of it all, we have you covered. There are meetings throughout DEF CON — 3:00 PM & 8:00 PM EST Thursday through Sunday. The location is at the Bally’s Pool Cabana.
CONTESTS
Check out Hack-A-Sat 2 in Aerospace Village (IN PERSON)
TALK
The Antenny Board Design and Fabrication Saga: Sweat and Tears Along the Supply Chain /// AUG 6 /// virtual and in person
TALK
Hack-A-Sat 2: The Good, The Bad and the Cyber-Secure /// AUG 6 /// virtual and in person
WORKSHOP
Hack-A-Sat2 Satellite Platform /// AUG 6 & 7 /// virtual and in person
WORKSHOP
Nyansat v2 /// AUG 6 & 7 /// virtual and in person
WORKSHOP
Understanding Space in the Cyber Domain /// *3 online sessions: AUG 6, 7, 8 /// virtual only
VIEW FULL SCHEDULE
aerospacevillage.org/events/upcoming-events/def-con-29
https://www.hackerjeopardy.org
Hacker Jeopardy, DEF CON’s longest running show, is baaaack! Three teams of three will compete in this hilarious parody game, with additional points awarded for beer consumed. Anything can happen on stage (we even had a marriage proposal!) — you just gotta be there (our sponsors give away AWESOME swag.) Adult-themed, this show is not for minors and emotionally sensitive persons. We’re offended if you’re not offended. Be there. Aloha!
What is HackFortress
HackFortress is a unique CTF that smashes together the first person shooter Team Fortress 2 with a jeopardy
style CTF. Two teams play at a time, gamers battling each other in TF2 while hackers are busy solving puzzles
in categories like web app security, network security, social engineering, reverse engineering, lock picking and
some unique challenges completely unrelated to hacking. Teams are made up of 6 TF2 players and 4 hackers,
teams are permitted one runner to help communication between gamers and hackers.
What is HYBRID MODE
Due to the continuing biological nightmare that is covid-19 HackFortress has entered HYBRID MODE.
Its still the same blend of Team Fortress 2, hacking, and shenanigans that you know and we assume
love, but now with more cloud.
How is this different than SAFE MODE
SAFE MODE was completely online, during HYBRID MODE we will be onsite, megaphone in hand,
searching for the ultimate team of hackers and gamers. Players will be able to compete either onsite
or remote.
How will HYBRID MODE work
In order to allow all players to compete, we’re keeping all of our infrastructure in the cloud, remote players
will be able to access the game server and puzzles over the internet, onsite players will be able to use
the official HackFortress wifi to get internet access. Due to virus related concerns gaming will function a little
differently this year. WE WILL NOT BE PROVIDING LAPTOPS, YOU MUST BRING A LAPTOP WITH TF2
ALREADY INSTALLED.
How many teams will there be
We’re starting with 4 teams, depending on how many people sign up we’ll add more as needed
What do I need to play
Hackers:
Laptop with wifi
Lockpicks (not required but someone on the team should have them)
Headset (not required but makes communication easier)
Gamers:
Laptop with wifi and TF2 already installed (its a free game)
Whatever mouse and keyboard you want to bring for gaming
Headset
How do I register
Fill out this google form https://forms.gle/F8PAXEtFwgaJ9dN66
- When: Two nights! Friday August 9th & Saturday August 10th 2019- 8pm — 2am
- Where: Concorde C at Paris
- Who: You, the DEFCON attendee. Can’t sing? Who cares! Get up there anyway!
- Songs: Over 150,000 available! Use the search above to find what you’re looking for!
Website: https://hackerkaraoke.org/
RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $40 to $4000 worth of equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all! The key is to read the clues, determine the goal of each challenge, and have fun learning.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question — ASK! We may or may not answer, at our discretion.
FOR THE NEW FOLKS
Our virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it isn’t required.
Read the presentations at: https://rfhackers.com/resources
Check out the resources at: http://sdr.ninja/training-events/sdr-wctf/
THE GAME
To score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is worth *positive* points. Some flags will be worth more points the earlier they are submitted, and others will be negative. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.
To play our game at DEF CON join SSID: RFCTF_Contestant with password: Try_Pentoo
Getting started guide: https://github.com/rfhs/rfhs-wiki/wiki
Helpful files (in-brief, wordlist, resources) can be found on the game web server at http://172.16.100.1 or https://github.com/rfhs/wctf-files
Support tickets may be opened at https://github.com/rfhs/wctf-support/issues
TL;DR
Twitter: @rf_ctf and @rfhackers
Discord: https://discordapp.com/invite/JjPQhKy
Websites http://rfhackers.com and http://sdr.ninja — play with us
Github: https://github.com/rfhs
https://twitter.com/CryptoVillage
https://goldbug.cryptovillage.org/
Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon — and questioning how deep the layers of cryptography go.
The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all — and drop by for some kids’ puzzles too!
PELCGBTENCUL VF UNEQ
The rest…
AutoDriving CTF Contest (HYBRID)
Contest | Location: Event Center floor at Bally’s
Contest | Time: Aug. 05 1800 — Aug. 06 1800
Safety is the №1 priority for autonomous driving. This contest encourages efforts to exploit and defend autonomous driving vehicles by all means, including but not limited to the following: robust physical adversarial attacks and defenses in the form of camouflage stickers, road graffiti; sensor spoofing/hijacking; and multi-sensor fusion manipulations. We can reveal unforeseeable threats to autonomous driving safety through a deep understanding of the attack surfaces and encourage practical solutions to address such threats.
More Info: https://autodrivingctf.org/
DEF CON Forums: https://forum.defcon.org/node/237292
Twitter: @autodrivingctf
Demo videos at YouTube channel: https://www.youtube.com/channel/UCPP...wk-464KIzr8xKw
Beverage Cooling Contraption Contest (IN PERSON)
Its a disaster! My ultra cold freezer is broken and my beverage is now room temperature! Everything’s going to be ruined unless we can find some way to cool this stuff down and distribute it to the masses. Are you up to the challenge?
Bring a contraption and compete in the unlimited category or build one at the contest and compete in the hacked category. Whatever floats your jetsam. Win fabulous prizes that I’ve found “lying around” in places.
Friday 10am — 2PM
BIC Village Capture The Flag (Powered by Socks CTF) (HYBRID)
https://www.blacksincyberconf.com/ctf
Starts — August 6, 2021 12:00
Ends — August 8, 2021 06:00
The BIC Village Capture The Flag Event is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. The gamified and challenge oriented sections of the event will not only challenge one’s mind in problem solving and critical thinking but also charge one with the mission of identifying and learning about historical facts and figures that they not otherwise be exposed to.
Capture The Packet (IN PERSON)
https://www.capturethepacket.com
https://twitter.com/capturetp
https://twitter.com/wallofsheep
The time for those of hardened mettle is drawing near; are you prepared to battle? Compete in the world’s most challenging cyber defense competition, based on the Aries Security Cyber Range. In order to triumph over your competitors, contestants must be well rounded like the samurai. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth.
This year those brave enough to enter the labyrinth will witness never before seen terrors, and only the best prepared and battle hardened will manage to escape the crucible. Follow us on Twitter or Facebook to get notifications for dates and times when your team will compete, as well as what prizes will be awarded.
Car Hacking Village CTF (HYBRID)
Starts — August 6, 2021 10:00
Ends — August 6, 2021 23:55
https://www.carhackingvillage.com/
https://twitter.com/CarHackVillage/
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE’s and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
CMD+CTRL Cyber Range CTF (VIRTUAL)
Friday: 1000 to 1600 PDT (GMT -7), Saturday: 1000 to 1600 PDT (GMT -7)
Calling all dev, engineers, hax0rs, and ppl named Steve!
For almost two decades, Security Innovation (SI) has helped some of the world’s largest organizations to defend their software applications and sensitive data from cyber-threats and attacks. Not only is SI a leading consultant to many of the most well-known organizations, we also develop products to assess and train these organizations on how to build more secure applications.
The latest CMD+CTRL Cyber Range from Security Innovation — InfiniCrate — is an ultra-realistic cloud storage repository that is built on Amazon Web Services (AWS).
This Range is inspired by real-world environments and vulnerabilities our Security Engineers have discovered in the wild. Exploit CI/CD pipelines, high-jack Lambda functions, see how far your can escalate your privileges through AWS access controls.
Join us this Friday (8/6) or Saturday (8/7) for this invite-only CTF by signing up with the registration form below. We will be running two events during DEF CON for the first 500 players who sign up.
Register here: https://forms.gle/7BoVXN1MCxUpdMXj6
More info: defcon.cmdnctrl.net / securityinnovation.com
Discord: https://discord.com/channels/7082082...43642388807800
#ce-cmd-ctrl-cyberrange
Coindroids (HYBRID)
Starts — August 6, 2021
Ends — August 8, 2021
https://www.coindroids.com/login
Battle your way to the top of the leader board by attacking rival droids and completing hidden challenges.
New to cryptocurrencies and blockchains? No DEFCOIN to play with? Not a problem! Just come visit us and we can help get you started.
Crack Me If You Can (VIRTUAL)
https://contest.korelogic.com/
https://twitter.com/crackmeifyoucan
Oh no! Your site has been breached! A million of your users’ password hashes have been leaked. It’s a good thing that you salted those password hashes. But now, you need to know what your risk is. You need to crack your own users’ password hashes. So that you can inform the users that their data is at risk. But, you are in an arms race with the “bad guys”. So, you better hurry. You only have 48 hours to complete this effort.
Darknet-NG (VIRTUAL)
https://darknet-ng.network/
https://twitter.com/DCDarknet
The DarkNet is the belief that a community can provide a safe place to learn, teach, grow, build, and create everything needed to live independently.
Most importantly, it’s the idea of bringing together a community worth protecting.The vision was magnetic and has drawn in those willing to help build such a community.
Players take on the role of agents enlisted by our “daemon” chatbot to combat technological threats by learning and applying various skills within the game
Skills include hardware hacking, cryptography, ciphers, RFID cloning, social engineering, and much more.
Built with open-source software & open hardware, we encourage agents to work together and help each other.
Which days and times will your C&E operate PST?:
Friday 09:00 to 16:00
Saturday 09:00 to 17:00
Sunday 09:00 to 00:00
DEF CON’s Next Top Threat Model (HYBRID)
(Formerly Threat Modeling Challenge from DC27)
https://forms.gle/YpkTNZkZ6tyBm1ri6
Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.
As part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model
Hack the Plan[e]t (VIRTUAL)
https://twitter.com/ICS_Village
Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.
Howdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home — made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.
In the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie — operational oil and natural gas pipeline, etc.).
Virtual H@ck3r Runway (VIRTUAL)
For our Third (3rd) year and second virtual year, H@ck3r Runway is bringing together hacker trend setters. We’re looking forward to what you make, light, and geek out fashionable. Selected judges will decide on the categories and the people, as usual, will select the People’s Choice winner.
SIGNUP START: July 1, 2021
SIGNUP DEADLINE: August 7, 2021
There are new, well combined categories. The Miscellaneous and Nerd wearable were combined to make a new Aesthetics and More category. Since we’re in a hybrid situation and people really enjoyed the COVID wearable, it will be making a comeback. Awards will be handed out in 4 categories and voters will select a final People’s Choice winner:
- Digital wearable — LED, electronic, non-interactive
- Smart wear — interactive, temperature sensing, mood changing, card skimmers, etc
- Aesthetics and More — 3d printed, geeky wear, passive design, obfuscation, lock picks, shims, cosplay
- Covid-19 wearable (replacing Live) — did you bling out your mask and/or shield
Winners will be selected based on, but no limited to:
- Uniqueness
- Trendy
- Practical
- Couture
- Creativity
- Relevance
- Originality
- Presentation
- Mastery
ENTER HERE
Stay up to date with changes by following @hack3runway on Twitter or visiting our Landing page. Don’t have an entry? You can still participate. Voting link will be posted later.
Hospital Under Siege (HYBRID)
Adversaries have gained a foothold in your local hospital and are increasing their control over clinical systems and medical devices. Soon they make it clear they’re not after patient records or financial information, but are out to disrupt care delivery and put patients’ lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary, and — above all — protect patient lives.
Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.
Map of the Digital Lands (IN PERSON)
This is a contest where contestants can showcase their network engineering skills by drawing network maps based on given scenarios in a limited amount of time using only pen and paper.
Judges will determine winners based on feasibility, practicality, readability, whether or not the key components were included and clearly identified, and the likelihood of hackers being able to take over the proposed network. Prizes will be awarded for the best of each scenario which will all have increasing difficulties.
OpenSOC Blue Team CTF (VIRTUAL)
https://forms.gle/cTiqXqFmooRBFgto9
OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that closely resembles a real enterprise network. This virtual environment is a scaled down version of what you would find in an enterprise network, including: workstations, servers, firewalls, email, web browsing, user activity, etc. Simulated users are browsing the Internet, downloading files, watching videos, and accessing LAN resources. This creates a high fidelity training environment for unleashing real-world attacks and testing a responder’s ability to filter out the noise and find malicious activity on the network.
This isn’t just another CTF. We’ve built this platform to train real-world responders to handle real-world situations.
What’s even better? 100% of the security tools demonstrated on OpenSOC are FREE and OPEN SOURCE! These projects include ELK, Arkime, osquesry, Suricata, pfsense, Snort, and Thinkst Canary, bringing it all together in an awesome way.
The Challenge:
- Given an initial IOC’s (indicator of compromise (or pivot point)), identify attacks that are being carried out against and within the enterprise environment.
- Trace the attackers throughout the kill chain, submitting key IOCs and observables to the scoreboard as you reveal their tactics.
- Reverse engineer any artifacts connected to hostile activities.
- Perform forensics analysis on PCAPs (Packet Captures), memory images, etc.
- Win awesome prizes, learn new skills, and get experience with some of the best OPEN SOURCE tools for SecOps!
Pirate Hat Pageant (HYBRID)
In a sea of black hats, white hats, and grey hats, we choose Pirate. A challenge that is equal parts maker tech and cosplay. A swashbuckling test of prowess with sewing machines and soldering irons. A cocked-hat with Arduino controlled LEDs? A broadbrimmed WiFi repeater? Hack The Sea Village wants to see what you can create, so show up with your saltiest headgear.
Well, there were already pirate flags everywhere so we figured it just makes sense. This is a contest about self-expression and creativity that puts all maker skills on an equal playing field. We admit we are heavily influenced by nostalgia for the DerbyCon Derby hat contests. The contest will be judged by a guest panel from Hack The Sea Village with HTS swag and other prizes.
Red Alert ICS CTF (VIRTUAL)
Red Alert ICS CTF is based on ICS test bed (simulation) so all participants can hack actual devices in ICS/SCADA environment.
We create a virtual SCADA environment in order for participants to penetrate several layers of security to gain points, and eventually gain control of the SCADA system.
Red Team CTF (VIRTUAL)
https://threatsims.com/redteam-2021.html
Once again this year’s DEF CON Red Team Village CTF will be hosted by Threat Simulations! We have another amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This year’s theme is supply chain attack, finalists will be immersed in a realistic scenario that offers a deep dive into studying, attacking, and leveraging a vulnerable software supply chain to gain access to a private corporate network.
The target is interested in hiring a skilled red team for an upcoming engagement scheduled for 7 August 2021. The goal of this full scope engagement is to see if teams can access the ‘crown jewels’ and best of all, NO REPORT REQUIRED! Unfortunately, with so many skilled applicants in the marketplace, the offensive security personnel will need to be vetted during a qualification period. Only the top teams will advance to the immersive scenario.
Qualifiers Round: 5 Aug 2021 16:00 UTC (09:00 PDT) -> 6 Aug 2021 16:00 UTC (09:00 PDT)
Finals Recon Round: 6 Aug 2021 16:00 UTC -> 7 Aug 2021 16:00 UTC
Finals Round: 7 Aug 2021 16:00 UTC -> 8 Aug 2021 16:00 UTC
Salty Sensor (HYBRID)
https://sensors.hackthesea.org
https://oceanbuilders.com/incubator/
Oceans cover 75% of the blue marble we call home. Monitoring environmental conditions in the ocean’s ecosystems is vital but difficult task. Until now, deploying sensors was an expensive proposition, limiting research to projects run by universities and a handful of well funded NGO’s. We challenge hackers and makers to use your skills and creativity to help design new, cheaper, open-source hardware and software floating or diving sensor buoys to democratize marine environmental research. We will kick-off with tech talks by experienced sensor builders and oceanographers. Teams with winning designs will have the opportunity to visit the OceanBuilders Blue Frontier incubator off the coast of Panama and see their design deployed to monitor the coastal ecosystem.
This contest presents a technically demanding challenge for creating new open-source hardware and software design concepts and draws on a broad variety of skills from across the hacker community, and supports a worthy cause. A new career and lifestyle on the “blue frontier”, where a hacker approach to solving problems is a must, may be the life adventure some DEF CON attendees didn’t know they were looking for.
DEF CON Scavenger Hunt (HYBRID)
As Las Vegas emerges from the pandemic, so too does DEF CON’s longest consecutive running competition!
This year, the DEF CON Scavenger Hunt will be broadcasting from our bunker to the DEF CON Discord server as well as coming to you live on-site, for those that are willing and able to travel to Las Vegas. To even the playing field between those remote and in-person, we continue to limit the game to single players only.
The game will begin at 10:00AM Friday morning and end at noon on Sunday. The top three teams will receive prizes, glory, and most importantly bragging rights. The DEF CON Scavenger Hunt table can be found in the contest area. Do you have what it takes to be the ultimate scavenger? Mask up, strap on, and don your hazmat suit to find out!
If you like to watch, tune in for the live stream on our website.
Maritime Hacking CTF (HYBRID)
Fathom5’s Maritime-Industrial CTF event allows competitors to gain hands-on experience hacking real maritime hardware in a controlled environment using Fathom5’s Grace maritime cybersecurity testbed. Grace is an accessible, realistic configuration of maritime systems where competitors complete challenges in a simulated afloat environment, with real ICS components and fieldbus protocols. The Grace testbed replicates a series of different maritime-industrial environments, including navigation, fire main, and hydraulic steering systems. The testbed makes both physical and simulated components available to competitors in order to replicate performance of maritime systems at lifelike scale. The CTF challenges scale from novice to expert-level on both IT and OT fronts such that competitors can gain experience on either side of the system. This CTF event has been deployed at DEF CON 27 (Aug 2019) as part of the Hack the Sea Village v1.0, at HACKtheMACHINE-NYC (Sept 2019), at Gray Hat 2020 (find date), and most recently at HACKtheMACHINE- Virtual in March 2021. This CTF can support approximately 20 teams of 3–5 individuals concurrently and typically takes 14 hours for skilled teams to navigate the challenges. The number of teams, size of teams, and depth of challenges can be adjusted to fit within host event timelines.
Fathom5 seeks to build a community of practice around understanding and securing Industrial Control Systems (ICS), specifically in environments such as Seaports and bluewater Vessels that heretofore were considered secure by virtue of their physical components “disconnected” nature. Industry-wide trends toward digitization have resulted in these operational technology (OT) systems no longer being disconnected. Cyberattacks in the maritime sector have already been shown to have devastating consequences, with the 2017 Maersk outbreak being just the most widely known example. The most recent event with the ‘Ever Given’ in the Suez shows how fragile the global maritime transportation sector can be to disruptions. Unfortunately, the skillset required to understand and mitigate cyber risk in multi-layered systems-of-systems architectures that span OT & IT systems is incredibly rare, both in the maritime industry and in the cybersecurity community writ large. Fathom5 is on the forefront of steering critical industries towards secure digitization and has developed representative Seaport and bluewater Vessel systems specifically to spotlight the cybersecurity risks the maritime industry faces. We are bringing more and more advanced systems to DEF CON each year so as to challenge the hacker community to turn their time and interest towards securing our cyberphysical reality. This CTF is done as part of the Hack the Sea Village.
DEFCON 29 + Secure Coding Tournament (HYBRID)
When: August 6th, 10:00AM PT — August 8th, 3:00PM PT
Secure Code Warrior brings you a defensive security-based tournament from a developer’s perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure.
You can find the tournament step-by-step guide here: https://youtu.be/o8XhKK_eOOs
The tournament is run virtually so you can join through your laptop from the most convenient location and time. It should take only a few hours, drop-in as you see fit during the duration of the event to complete all the challenges and win prizes!
Instructions for playing:
1) Register for the Secure Code Warrior platform here: https://discover.securecodewarrior.com/DEFCON29.html
2) Check your email for the confirmation and access the unique link to create your profile.
3) Once logged in: click “Tournaments”
4) Join the DC29 Secure Coding Tournament
The Secure Code Warrior platform will be open before and after the tournament, so feel free to practice in the “Training” tab.
Monitor the live leaderboard to see how you’re performing!
If you have any questions, please let us know through the Discord channel or by replying to any of the tournament emails!
SOHOpelessly Broken CTF (HYBRID)
In this 3 time DEF CON Black Badge CTF hosted in IoT Village, players compete against one another by exploiting off-the-shelf IoT devices. These 25+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.
This CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on iot, but for the more competitive players this CTF has challenging exploits that only the most experienced teams will be able to execute. In the last 6 years this CTF has had thousands of players at over a hundred events and it all started when it debuted at DEF CON 22. This CTF pulls no punches, the goal is to hack! This contest doesn’t feature any fake or simulated challenges. All the devices are real and have real vulns in them.
TeleChallenge (VIRTUAL)
Grab your land lines, tune up your dialtone, and join us for a battle of wits and skill inside the Beltway. Become part of the military-industrial complex to defend America (and your company’s bottom line) from enemy forces. And watch that first step. It’s a doozie!
Telephony is an increasingly critical area of information security which is poorly understood. We hope to bring more security awareness to this technology area through the TeleChallenge.
DEFCON MUD + CTF (VIRTUAL)
Hi Folks, the DEFCON MUD has gone virtual, with that in mind I’d like to post some contest information.
The contest is simple, connect to the MUD at coremud.org on port 4000, or using https://www.mudlet.org/ connect to CoreMUD. The game can also be accessed on grapevine at https://grapevine.haus/games/core/play
A ctf board has been setup at https://ctfd.mog.ninja and has some of the challenges. Not all of the challenges are loaded on the CTF board right now, more will be added over the summer.
Rules:
1) all players competing in the CTF must name their character with DEFCON in the name, example: defconsteve
2) All defcon players will have a harder time on the game, several legacy restrictions have been added
3) All defcon players must follow the rules on CoreMUD, https://coremud.org/wiki/doku.php?id...es:defcon_29&s[]=defcon
4) Players must collect flags for completing quests and other achievements. The flags for the CTF will be displayed in the flag room, flags must be entered on the CTFd site
5) the flag room can be accessed from 0,0,0 by going 3 north, 1 west and then down twice
6) Its listed in core’s rules, but no multiplaying, the only exception is if you already have a legal core player, then you may make one extra defcon player
7) no writeups of cores quests are to be published on the internet, with the exception of the area known as the funhouse
8) unlike last year in game bugs are not to be exploited, instead they are to be reported, there will likely be flags for reported bugs
9) building an area with core’s in game builder tools also will result in flags being issued
10) the DEFCON Code of conduct applies
11) There will be additional flags issued within 1 week of defcon, past quest completions will count towards issued flags
12) in the event of a tie, the top 5 players files will be analyzed to determine a winner
13) Do not try and win the CTF by rooting the box, rooting the box will result in disqualification from this and future MUD CTF’s.
DEFCON Is almost upon us. The event itself officially starts Thursday August 5th at 0800 Pacific Daylight Time. The results will be tallied and reported into the contest leads at 1100 AM to Noon on Sunday August the 8th.
The funhouse will remain open after the results are tallied.
We are planning multiple events on Thursday, Friday, and Saturday which will all be worth points:
- Worms in a mine
- Laser Core
- Fire Station
- Funhouse Clown Hunt
We will also be unlocking a number of quests, follow evilmog on twitter or watch us in the defcon discord as we will be announcing them on both of those platforms. There will also be random live streams where we may or may not drop flags.
For further information connect to coremud.org port 4000 and type “help defcon”, you can connect via any mud client, although Mudlet is preferred.
Also I’d like to remind people that the grand prize is a Defcon 30 ticket. Also if you are way behind in the flag count, do not worry we will have multiple secondary prizes and methods of gaining flags.
CoreMUD Forums: https://coremud.org/forum/viewtopic....p=10051#p10051
CoreMUD Wiki for DECON: https://coremud.org/wiki/doku.php?id...icies:defcon
Schemaverse (VIRTUAL)
The Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you’re ready, head out and conquer the map from other DEF CON rivals.
Why DEF CON? Each player can use their preferred tools, their own skillset, and their own point of view, to battle for supremacy in the Schemaverse. Just like DEF CON, the Schemaverse is all about how much you want to put into it. How will you or your contest &/or event, contribute a new perspective to the content at DEF CON? Wow this is a tough one. We’re a ten year old contest. It’s hard to stay fresh but we certainly stay weird, difficult, and entertaining.
Tin Foil Hat Contest (HYBRID)
http://www.psychoholics.org/tfh
Was the government trying to figure out what you were really up to during quarantine? Alien mind control rays have you down? Fear not, for we here at the Tin Foil Hat contest have your back. Come find us in the contest area, and we’ll have you build a tin foil hat which is guaranteed to provide top quality protection for your noggin. How you ask? SCIENCE!
Show us your skills by building a tin foil hat to shield your subversive thoughts. (Bonus points if you integrate a face-mask to block those pesky viruses)
There are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the “Substance” award for that category. We all know that hacker culture is all about looking good, though, so a single winner will be selected from each category for “Style”.
This contest has always been about including as many folks as possible in a fun and non-intimidating competition. There are no special skills/knowledge/tools/materials needed, and anyone can give it a try. (We even provide the foil). Over the years we’ve heard time and time again how happy people are to be able to participate; and we love bringing these good times to DEF CON every year.
OSINT Search Party CTF (VIRTUAL)
https://www.tracelabs.org/
https://twitter.com/TraceLabs
https://tracelabs.org/slack
Want to do #OSINTForGood? Put your OSINT skills to test and compete in the Trace Labs OSINT Search Party CTF where you crowdsource OSINT on real missing persons to help solve their cases!
The Trace Labs OSINT Search Party CTF will have several missing persons cases to work on where you will submit “flags” based on pieces of real information that law enforcement looks for in a missing person investigation!
All flags submitted are treated as “new intelligence” and are validated by a panel of judges who will assign points based on the type of OSINT reported. No prior experience in OSINT or CTFs is required! If you can Google, you can succeed in this event!
Registration for this CTF will take place via our Eventbrite site: https://tracelabs.eventbrite.com
Solo teams or teams of up to 4 participants are allowed.
We have a fantastic collection of prizes for the top winning teams. These will be announced on the Eventbrite site closer to event time.
This is a fantastic opportunity to get into the OSINT community, learn intelligence gathering and to become do #OSINTForGood!
Get your team together and join us in our Slack group to get started here: https://tracelabs.org/slack
Saturday August 7th
09:00 — Briefing (all times in Pacific)
10:00 — CTF Starts
16:00 — CTF Ends
17:00 — CTF Award Ceremony — Prizes for winning teams and contests
SPECIAL INTERESTS GROUPS
No matter which convention you go to, you can always find a place to call home. Due to the many diverse activities, interests and people that make them up there have been multiple faction groups that mingle among the hacker crowds. We have listed out highlights for these demographics as they represent a safe haven and a environment to learn their craft. Weather you want to do a deep dive into something out of your technological comfort zone or you want to meet like-minded people in these fields here is our list of special organizations you should check out!
DEFCON 29 SIG HIGHLIGHTS
QUEERCON (HYBRID)
Discord: https://discord.com/invite/jeG6Bh5
For those who have chosen to be on-site, the QueerCon community has organized in-person mixers at DEFCON 29 (outdoors for COVID-19 safety). 4:00 PM — 6:00 PM PST @ Bally’s Pool Deck on Thursday, Friday & Saturday.
Attendees at the In-Person Mixers will need DEFCON badge and wear masks. Cash bar nearby and some cabanas. It’s a big space with several pools. Look for the signs and colors. No pool party or suite this year, just the 3 Mixers. Hopefully in the near future!
Unfortunately there will be no official QueerCon badge this year, but previous badges will still interact. A number of logistical and pandemic-related issues prevented it this year, but the Badge Team is already thinking what we can do for next year!
EFF at DEF CON 29
August 5, 2021–9:30am PDT to August 8, 2021–5:00pm PDT
Paris and Bally’s Hotel and Casinos, Las Vegas, NV + Virtual
EFF is excited to be a part of another DEF CON! This year’s DEF CON will be a hybrid model, with a limited in-person event and online portion as well. EFF will be in the DEF CON Discord chatting with members and answering any questions you might have about your digital rights! Be sure to come chat with us and look out for any EFF talks and contests during this year’s DEF CON.
Join the Cause
EFF won’t have a booth in-person this year, but you can still become a member or renew your membership today! More info to come soon about our latest limited-edition DEF CON shirt. We can’t wait to show it off.
EFF Talks
Privacy Without Monopoly: Paternalism Works Well, But Fails Badly
Cory Doctorow
Virtual Only Presentation | Date and time coming soon…
Governments around the world (US, UK, EU) are planning to force interoperability on the biggest tech platforms. Companies like Facebook say that this is a privacy disaster because it would hurt their ability to keep us safe from privacy invasions. Yeah, I know. But even if you DO think Facebook has our best interests at heart, monopoly is a deeply stupid way protect privacy. I will present “Privacy Without Monopoly,” a major EFF white paper I co-authored with Bennett Cyphers, which sets out a framework for understanding how privacy and interop aren’t just compatible — they rely on one another!
Tech Trivia Contest
Join us for some tech trivia! EFF’s team of technology experts have crafted challenging trivia about fascinating, obscure, and trivial aspects of digital security, online rights, and internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will come in first place! All teams will win great EFF gear. Registration will be online soon!
Looking for Help?
As in past years, EFF staff attorneys will be here to support the community. If you have legal concerns regarding an upcoming talk or sensitive infosec research that you are conducting at any time, please email info@eff.org. Outline the basic issues and we will do our best to connect you with the resources you need.
Read more about EFF’s work defending, offering legal counsel, and publicly advocating for technologists on our Coders’ Rights Project page.
DEF CON VOTING VILLAGE
YouTube: https://youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg Twitch: https://twitch.tv/votingvillagedc
Full Schedule: https://docs.google.com/document/d/123a7PYCkxzR6U2eW0C_YjYNRXIXqSHBKebb4b830J1I/edit
DEF CON 29 Voting Village Speaker Track
Friday, August 6, 2021
10:00 AM PT // 1:00 PM ET
Logistical Information Broadcast (Discord, Youtube, Twitch)
—
10:30 AM PT // 1:30 PM ET
Hacking to Save Democracy: What Technologists Need to Know About Election Administration
Eddie Perez
11:00 AM PT // 2:00 PM ET
A Deep Dive on Vulnerability Disclosure for Election Systems
Tod Beardsley
11:30 AM PT // 2:30 PM ET
Wireless Odyssey or why is the federal government permitting devices with wireless networking capability in federally certified voting machines?
Susan Greenhalgh
12:00 PM PT // 3:00 PM ET
A Journalist’s Perspective on Fake News
Bob Sullivan
12:10 PM PT // 3:10 PM ET
Break
—
12:30 PM PT // 3:30 PM ET
Are Barcodes on Ballots Bad?
Kevin Skoglund
1:00 PM PT // 4:00 PM ET
Hack the Conspiracies
Barb Byrum
1:30 PM PT // 4:30 PM ET
Kickoff Remarks (recorded in-person in Las Vegas)
Harri Hursti
Saturday, August 7, 2021
10:00 AM PT // 1:00 PM ET
Keynote Remarks
Commissioner Thomas Hicks
10:30 AM PT // 1:30 PM ET
Secrets of Social Media PsyOps
BiaSciLab
11:00 AM PT // 2:00 PM ET
How to Weaponize RLAs to Discredit an Election
Carsten Schürmann
11:30 AM PT // 2:30 PM ET
High Turnout, Wide Margins
Brianna Lennon, Eric Fey
12:00 PM PT // 3:00 PM ET
Keeping Your Information Security Policy Up to Date
Sang-Oun Lee
12:30 PM PT // 3:30 PM ET
Social Media Security = Election Security
Sebastian Bay
1:00 PM PT // 4:00 PM ET
New Hampshire SB43 Forensic Audit
Harri Hursti
1:30 PM PT // 4:30 PM ET
Why Hacking Voters Is Easier Than Hacking Ballots
Maurice Turner
Want to tinker with locks and tools the likes of which you’ve only seen in movies featuring secret agents, daring heists, or covert entry teams?
Then come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.
The Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.
Experts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.
Scheduel: https://bit.ly/LPVSchedule2021
LOCK BYPASS VILLAGE
The Lock Bypass Village (LBV) is a security awareness initiative that makes appearances at security conferences and other educational functions. You can find some of the content we’ve created below.
Village Hours (All times are in PDT)
We will be availble for the following hours on the DEFCON Discord to chat and answer your questions related to Lock Bypass:
Friday, August 6th — Open 0900h-1900h
Saturday, August 7th — Open 0900h-1900h
Sunday, August 8th — Open 0900h-1700h
Content Schedule (All times are in PDT)
Join us on our Twitch at the times below where we’ll be showing the talks on a schedule followed by a 30 minute Q&A session afterwards. The moderator will be pulling questions from the Discord Channel: lbv-talks-text in the DEF CON Discord
Friday
0900–1000
1030–1130
1130–1200
1600–1730
Exploiting Retail Security with TikTok’s Hacker Community + Q&A
Saturday
1000–1030
1100–1200
Bypassing Retail Security Tags + Q&A
1200–1300
1300–1430
Introduction to Software Defined Radio; Electronic Warfare for $15 + Q&A
1430–1600
Sunday
1230–1300
1300–1430
DEFCON Furs — Furry Village
Masks and proof of full vaccination will be required to enter the Furry Village Suite.
DEFCON Furs Furry Village Location: Resort Tower, Bally’s Las Vegas (Suite number TBD)
DEFCON Furs 2021 Badge or Badge Blank needed for access to Furry Village Amenities
(DEFCON Furs 2021 Badge Blanks Available on site for $25 donation while supplies last)
A schedule of our Furry Village hours and other community events happening during DEF CON are listed on this page.
More details about our virtual event after DEF CON can be found here:
Once again DEFCON Furs will have our own “unofficial” village!
Located in the Resort Tower at Bally’s Las Vegas and open daily during the convention, the DEFCON Furs — Furry Village is our official outpost at DEF CON 29.
The village will be providing a low-key, relaxed environment for everyone to come work on other contests,
get away from the crowds between DEF CON talks or villages, or just relax and socialize with a drink from our hosted bar.
We will also be taking donations for swag in the Furry Village, and swag pickup will be available for those who donated before the con.
Events and Hours:
- Queercon Social @ DEF CON Pool Thurs Aug 5 | 04:00 PM — 06:00 PM Queercon Social — DEF CON Pool Party (DEF CON badge required) Come down to the Bally’s Pool for the afternoon Queercon Social.
Catch up with you fellow queer folk and allies in the InfoSec community, grab a drink from the bar and meet new people. Featured DJ: DJ Vulp. - Puppy Mosh @ Building Blocks (18+) Thurs Aug 5 | 08:00 PM — 12:00 AM DEFCON Pups and Sin City PAH are presenting a Puppy Mosh hosted by Building Blocks 18+ with valid ID and proof of full vaccination Come mosh with old friends and make some new ones in a spacious, air conditioned private space.
Amenities: private location, mosh area with gymnastics mats, no-host cash bar, music, and you!
More info: defconpups.org - DEFCON Furs Furry Village @ Furry Village (18+) Fri Aug 6 | 02:00 PM — 10:00 PM DEFCON Furs Furry Village Open 18+ with valid ID and proof of full vaccination
Bally’s Resort Tower Suite #### Hangout lounge, donation swag store, hosted bar, DEF CON challenge workspace. - DEFCON Furs Furry Village @ Furry Village (18+) Sat Aug 7 | 02:00 PM — 10:00 PM DEFCON Furs Furry Village Open 18+ with valid ID and proof of full vaccination
Bally’s Resort Tower Suite #### Hangout lounge, donation swag store, hosted bar, DEF CON challenge workspace. - DEFCON Furs Furry Village @ Furry Village (18+) Sun Aug 8 | 02:00 PM — 10:00 PM DEFCON Furs Furry Village Open 18+ with valid ID and proof of full vaccination
Bally’s Resort Tower Suite #### Hangout lounge, donation swag store, hosted bar, DEF CON challenge workspace.
PARTIES & EVENTS
You are in Vegas…it’s TIME TO PARTY! Starting out with it’s origins as a farewell party for a friend who didn’t show, Hacker Summer Camp has evolved into a myriad of event meet ups, fundraisers and dance offs that will overwhelm the newcomer. Below is a highlighted list of every event that stood out for us to attend. This does NOT contain the list of every single party, we recommend checking out this calendar for a complete listing of activities around the con:
MEET-UPS
WISP DEF CON Women’s Meet Up
Date: Thursday, August 5, 2021
Location: Bally’s Pool
Time: 6–8 PM
All are welcome to join, come say hi and hang out with your fellow women in security and privacy at DEF CON.
With questions about this informal hang out and meet up, please email: irene@wisp-net.org
Toxic BBQ
4:00 PM — 10:00 PM PST
Thursday, Aug 5
Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)
The humans of Vegas invite you to the 15th incarnation of this unofficial welcome party. Meet your internet friends AFK just like you did in the Before Time. Burgers and dogs are provided; you bring everything else (favorite meat, “meat”, sides, drinks, labor, rides, and donations). We’re taking extra precautions for food and people safety with masks, handwashing stations, and spreading us out
Grab flyers from an Info Booth after Linecon, and watch #ToxicBBQ on Twitter for the latest news.
Toxic BBQ connects DEF CON n00bs and vets in the Vegas sunshine. In past years, we’ve hosted over 400 with volunteer labor and donations. Help us get the word out. This will be the 15th cookout, and, after being cooped up, we can’t wait to make it the best we can while also being safe. There is no qualification other than helping out. And there is no obligation other than welcoming the next person in line.
We can’t wait to see you again.
The complete Toxic BBQ History and event building guide has been uploaded to the DC29 media server. If you’re curious about the history of our little event or you want to build a “sideshow” to a giant conference of your very own, give it a look see. A few copies will be available at the BBQ as well. Many thanks to everyone in the community that contributed their recollections, advice, and expertise. We can’t do any of this without your help.
For Reading: https://media.defcon.org/DEF%20CON%2...Continuous.pdf
For Double-sided Booklet Printing: https://media.defcon.org/DEF%20CON%2...-Printable.pdf
DEFCON 29 BADASS Meet Up
Fri. Aug. 6 1300–1500 PDT
Meet BADASS @ Virtual DEFCON
Presentation by Martin Sundhaug
Informal chat with the BADASS team Kate, Marleigh, Martin, Rachel
VETCON (HYBRID)
VETCON will be hosting multiple events (virtual and in-person) for DEF CON 29.
This year’s theme is “RECALLED to Action!” and as things begin to open back up and travel becomes a part of life again, what better charity to support than the USO.
If you’re not attending #vetcon in-person, make sure you order your swag and support our service members and their families. All proceeds during the month of August will be donated to USO:
Hacker Happy Hour at the Tuscany (255 E Flamingo Rd, Las Vegas, NV 89169)
Friday 7:00 PM EST!
Tell all your friends!
/r/DEFCON
Meetup on Wednesday & Friday at 7:00 PM PST,
Paris Bar at Paris Hotel & Casino
Do you participate in the DEF CON subreddit? This Meetup is for you! A gathering of the denizens of /r/DEF CON while at DEF CON to mingle and meet face to face. Newcomers and veterans alike are welcome to meet and greet while sharing the DEF CON experience.
Super Unofficial DEFCON Shoot
Where: 12801 US 95 South Boulder City, NV 89005 (same complex as 2 years ago, different range)
When: Wednesday August 4th 2021
On ranges 5 and 6 which are located at 35°57'34.8"N 114°55'20.8"W
https://progunvegas.com/contact/
Time 11–5pm
Q&A:
Q: What makes this “super” unofficial?
A: Past “unofficial defcon shoots” had many amenities like water, eyes, ears, tables, canopies, etc. This year has none of that, you get to stand on dirt under the desert sun and shoot your own guns/ammo. If you need ANYTHING, you have to bring it or buy it from Pro Gun (like a cooler of water, sunscreen, tables, etc).
Q: How much does it cost to show up?
A: Nothing, but only the range rental is covered. If you want to shoot someone else’s gun you should probably bring factory ammo or have money to buy their ammo and rent their gun. What that costs is up to each individual gun owner, or maybe they won’t rent at all, it is up to them. Ammo is particularly expensive right now, and most people fly their guns out which is not easy.
Q: I’ve never shot a gun before, can I come?
A: Yep. People are generally welcoming to new shooters, just make it clear that you need instruction when asking about renting from anyone.
Q: Can I rent machine guns from Pro Gun directly?
A: Probably, I suspect they’ll have a better selection but they might be more expensive.
Q: What amenities are on site?
A: Pro Gun has a clubhouse a few hundred feet away that has bathrooms, and they sell water/Gatorade/soda, light snacks, common ammo, and probably eyes and ears (but you should bring your own).
Q: What guns can I shoot?
A: Anything up to 50 BMG, including full auto.
Q: What targets can I shoot?
A: We can bring our own steel, or if you have target stands for paper targets. No trash/furniture/appliances.
Q: How do I get there?
A: Drive or take a cab/lyft/uber. It is 35 minutes away from the Paris Casino, so it isn’t that bad. Reach out to others on slack or reply to carpool.
Q: How do I sign up?
A: Send me a PM here, or on slack or twitter so I have an estimate of how many people are showing up. The two ranges we have fit around 30 people. If we get more than that we can cycle the shooters. Also the range next to us (range 4) is currently open if you want to rent that out yourself (for $200 from Pro Gun).
Q: What do I do when I show up?
A: Go into the club house, tell them you’re part of the “defcon group” and sign their waiver.
There isn’t a sub-forum for the shoot this year, so unless you are on slack you should probably reply to this thread for all discussion related to this event.
Summer Bring-A-Hack with Tindie & Hackaday!
It’s time for another Bring-A-Hack, Summer edition! Join us for lightning rounds of show and tell from the Tindie & Hackaday Community. Bring your latest hacker projects to show off!
DEF CON 29 is canceled (INSIDE JOKE) August 5th — 8th, so why not show off your badge creations at the Bring-A-Hack!
This Bring-A-Hack will be hosted on Crowdcast: Register and join the event here.
Registering for the event is only to view the event. We’ll pick projects for presentations at the beginning of the event, so if you’re interested in sharing a hack be sure to show up a few minutes early! Once you arrive please type in the chat, “I would like to present” and include your project name and what type of project it is. We will try to get to as many projects as possible during the event.
Date: Thursday, August 5th, 2021
Time: 1pm-2:30pm PDT (4pm EDT | 9pm GMT | 6am AEST)
So we can have time for everyone to share, talks will be limited to 5 minutes per project.
Quick Talking Point Guide:
- Who you are, and what inspired you to do this project?
- What were the materials/tools used, and how did you execute your project?
- Did you run into any issues/setbacks, and what do you plan to do next?
All Hackaday event participants must follow the Code of Conduct.
2021 Defcon Bike Ride Vaxxed Edition
Starts — August 6, 2021 06:00
Ends — August 6, 2021 12:00
www.cycleoverride.org
https://twitter.com/Cycle_OverRide
TLDR: Ride a bicycle with us at Defcon — signup here!!! Email info at cycleoverride dot org if you have questions.
TLDR2: Bike shop will meet us at 6:30am to hand out rentals. You do not need to go there ahead of time.
It’s time for the Defcon 29 version of the Cycle Override Defcon bike ride!!!
The date of this years bike ride is Friday, AUGUST 6th, 2021 at 6am. This is Friday of Defcon. We will meet outside [Find a group to Uber/Taxi with] at 6:00am.
Registration is here. This is just so we can get a count and arrange comms leading up to the event. It will also give us your email so we can blast out any details needed pre ride, or at 5:25am on August 9th.
Here’s the deal — we have partnered again with McGhies Bike Shop in Las Vegas for our ride. Yes — they will throw your clipless pedals and seat posts on if you insist. They have 3 levels of road bikes: a ~$40 Cannondale Synapse, and a ~$100 Lance Armstrong starter kit road bike (think Madone.) There’s also a $125 level also.
Bike rental is first come first serve — there are about 18 $40 male road bikes and 10 female — after that it’s a hybrid or a $100 bike. You can always ship out your bike for about $100 each way on most airlines. We’ve had 50+ people before and they can usually get you what you want.
Here’s what YOU have to do:
You need to go here and reserve your ride. Rent your bike for the Las Vegas location. You will need to pay with a credit card. You should note anything special here and you should indicate you are reserving for the Defcon Bike Ride.
Here is what you should put in the comment box: (your own specs of course)
“Defcon Bike Ride
Size: 54 cm — will bring my own pedals
Need bike at 6am”
And for pick up:
Please select pickup at store — Las Vegas
Use this chart based on your height and inseam to figure out your size and fill the comment box out accordingly:
You alone are solely responsible for your bike reservation. McGhies is aware that we are running this event and will support us, but it’s on you to make sure you are all set with a bike.
THE ROUTE
NOTE: This ride may be at a higher altitude than you are used to. (2600–3800 ft)
OK — last piece the route — you can see the route here. This is the same route as last year (and the year before, and the year before that). Basically the route is slightly uphill out — and mostly downhill back. It’s looking like we’ll have a car heading up the back. There may be a bigger loop for those interested — we’ll let you know soon (basically taking the scenic loop around and catching up w/the group on your way back) — but it will likely be unofficial.
We are looking for sponsors so let us know if you are aware of anyone interested in throwing in some schwag or some cash to help support this ride. It will be used for hydration.
What do I do next?
Once you reserve your bike — all you have to do is wait for Defcon 29! Oh and keep riding!
Cheers!
The Cycle Override Team
PS if you have any questions — leave a comment so everyone can see the answer!
MUSIC PERFORMANCES
DCG 201 PARTY HIGHLIGHTS FOR HACKER SUMMER CAMP 2021
CloudFlare
Wednesday, August 4, 2021, 5:00–8:00 PM
Libertine Social, Mandalay Bay
You are invited to attend an intimate gathering with Cloudflare at Libertine Social Lounge on August 4th from 5:00 p.m. — 8:00 p.m. Hosted bar and hors d’oeuvres will be served.
https://www.cloudflare.com/lp/blackhatusa-2021/
Darktrace
Wednesday, August 4, 2021, 6:30–9:00 PM
Mastro’s Ocean Club
Our exclusive Black Hat Executive Dinner will take place on Wednesday August 4, 6:30pm — 9:00pm (PT) at Mastro’s Ocean Club, Las Vegas, and we’d love for you to attend.
Join security leaders, adopters of Self-Learning AI, and Darktrace Executives for an evening of peer-to-peer networking, and discussions around the next generation of cyber-threats — from machine-speed ransomware attacks to subtle supply chain takeovers.
We will also uncover how Self-Learning AI is used in the real world today to allow security teams to tackle emerging incidents, whenever and wherever they strike.
The event will commence with a cocktail and canapé reception at 6:30pm, followed by a four-course dinner.
Invicti
Wednesday, August 4, 2021, 4:00–6:00 PM
Franklin Lounge, Delano Hotel
The AppSec Happy Hour
If you know your XSS from your XXE, join Invicti and other application security experts from 4–6PM at Franklin Lounge on August 4th.
IronNet Cybersecurity
Wednesday, August 4, 2021, 5:00–7:00 PM
STRIPSTEAK, Mandalay Bay
Kick your Wednesday evening off right. Join IronNet for complimentary drinks and appetizers at the fabulous STRIPSTEAK in Mandalay Bay.
Securonix
Wednesday, August 4, 2021, 5:00–7:00 PM
Border Grill Mandalay Bay
Take a break from Black Hat, and join us at Border Grill inside Mandalay Bay! As you leave the conference for the day, swing by for some appetizers, margaritas, beers or other cool beverages; and come enjoy some laid-back networking with your cybersecurity peers. I hope to see you there!
ZeroFox
Wednesday, August 4, 2021, 8:00 PM
Skyfall Lounge, at Delano Hotel
LEVEL UP is back! Join ZeroFox and friends in our retro arcade featuring gaming’s greatest titles, 180-degree views of the strip, and Sin City’s swankiest cocktails.
DEF CON Pool Parties!
DEF CON has a pool at Bally’s just for us to use. We will have music, parties, and even private Cabanas that you can rent.
Here is the current schedule of what is going on:
THURSDAY: From 13:00 to 00:00
- 16:00–18:00 — QueerCon Social — Everyone is Welcome!
- 21:00–22:00 — Deep Therapy
- 22:00–23:00 — Tense Future
- 23:00–00:00 — FuzzyNop
FRIDAY: From 13:00 to 00:00
- 21:00–22:00 — Yesterday & Tomorrow
- 22:00–23:00 — Terrestrial Access Network
- 23:00–00:00 — Z3NPI
SATURDAY: From 13:00 to 00:00
- 21:00–22:00 — mattrix
- 22:00–23:00 — Icetre Normal
- 23:00–00:00 — Nina Lowe
Just…please take our advice at the beginning of the guide…you don’t want to end up as a pool2girl…
GOTHCON 2021
2021 we’re a hybrid event! This year, chaos reigns with #gothcon. Join us Friday on twitch with your favorite DJs, and if you’re IRL in Vegas, join us at Skyview 4 on Sat night for chill, low-key, meet-ups. BYOGoth Amazing poster by @wcyarbrough!
MONERO AFTER PARTY
When: Sat, August 7, 9pm — Sun, August 8, 3am
Where: 36.170046, -115.140529 (map)
Pre-party is encouraged!
- Cash Bar
- Free Play (NES Games)
- Bowling
- Coin-Op Old School Arcade Games
- Multiple DJs
Transportation included with ticket.
Tickets available at monerosound.com
MORE COMING SOON
Thank You For Reaching the End of the HYBRID HACKER SUMMER CAMP Guide by DCG 201! Enjoy your time and we hope all this information has been useful!
WARP BACK TO THE BEGINING: HYBRID HACKER SUMMER CAMP — Part One: Surviving Physical + Virtual Vegas
