It feels like it’s been a year, I’ve been to the burn, packed all my belongings into a storage unit and moved to San Fransisco, but just last month in September, I went to my first Defcon. And it was amazing. So I wrote up the experience. If you’re a noob and considering going, or if you’re a seasoned hacker veteran, take a look. Hopefully it’s as fun to read as it was to go.
Without further ado
– Kyle
Wow.
Defcon 26 was a wild ride through the hardcore hacker halls of the people I’d always vaguely known on the internet but never had a face to go with the name. Now I feel jacked into the dark places of the internet where some amazingly talented and nice and funny people reside. I’m super pumped and excited.
Contents:
- Preamble: Why I ended up at Defcon
- So I said to me, let’s do it, Defcon
- Part I: Journey to Defcon
- Part II: Defcon 101 (Thursday)
- Part III- Real Defcon 101
- Part IV – Crazy Night One
- Part V – Ciphers and Penthouse Pool Parties
- Part VI – Sandstorm & The Challenge Party
- Part VII – Pinball Wizard
- Epilogue – The Journey Home
Preamble: Why I ended up at Defcon
Me (left) my dad (middle) and my brother (right) on the USS Abraham Lincoln (CVN 72). He took CS classes at night while serving in the Navy and got his Masters in CS from Oregon State when I was young. I’ve been using computers since DOS days as a kid. My earliest memories are watching my dad on our orange phosphor screen monitor trying to find all the errors in his code while fighting a useless compiler. I did not know what a compiler was, but I knew it drove him crazy.
I distinctly remember pulling the orange dragon book from the bookcase as a kid, and dreaming of making the war factories in the game Dune 2 able to drive around ( apparently this was a good idea and was featured in the Terran buildings in Starcraft ). I asked my dad to do this but he said he was too busy with work, so I asked for the machine that would let me do it for Christmas ( I thought computers were programmed with a special machine at the time ><), he said it was too expensive (to be fair I was 6, so this was probably true)
As a kid, I tried to teach myself Pascal (and failed), and took as much computer science as I could in high school (just basics of java) but it was always terribly difficult ( I would later discover unix like environments are much easier to code in than windows, and teach you the basics faster as you have to drive a terminal to do anything). I felt unprepared to go into computer science in college and based on how hard it was for my dad, figured I should go after something more enjoyable. I had no idea how much fun coding is when you’ve got friends doing it as well and you have good teachers to help unstick you.
Fast forward about 8 years (yeah it’s been a while since college) and along the way I’d picked up some python (environmental control chamber for Elarm, FEA postprocessing for SpaceX), visual basic (Lift system design at SpaceX and Tube Design at Hyperloop, mostly spreadsheet backends), labview (CHARLI and Raphael at RoMeLa), bash (lighting system and remote webcam monitoring at elarm), and taught myself enough C (small embedded blinky projects) to get by. You can’t be a mechanical engineer without programming. From excel sheet automation, to Gcode, to data logging, processing laser tracker data, to parsing scanner data that’s ill formatted, and debugging network issues, even CAD databases, if you’re really serious about your craft you learn to do the stuff that’s on the fringes.
And now that I’m taking a break from the startup world, I’m taking a chance to explore something new, a ship, passing in the night, that I never quite boarded but always watched keenly from afar. The world of hacking.
I’d read all the stuff about hackers on 4chan when I was a kid, and kept up with tech news via slashdot, reddit and twitter for years. I always hung out with the weird kids, and even went to a hackerspace first thing when I came to LA (crashspace) where I’m now on the board and keep up the facility. I was a bit of a connoisseur of memes back in the day.
I’ve always had a talent for finding flaws, and fixing them. Whether it’s welds on a steel tube or misplaced holes in a bracket, I’ve always loved pouring over a surface to find a crack or looking at a mechanism to find an issue. Going back and making the thing whole again, gives it new life and makes your effort a part of it. Hacking felt like that.
It was especially fun to think of all the ways you could steal stuff from a store or break through a security camera system, or try to find hidden things on a website or computer. I like people that think like that, who don’t love corporate norms and want to live on the edges, doing whatever weird stuff is fun. It figures I go to burning man.
So I said to me, let’s do it, Defcon.
I’ll start off by saying, I got very lucky on my first try.
About 3 years ago (or maybe it was 2) I picked up a large grumpy cat for crashspace’s front room from Pinguino’s birthday party (Ninjapenguin). This was all thanks to a tip off from my friend Alex L. and the need of a truck which I had.
I didn’t know Ninjapenguin was an all night electronic music party, or my friend Matt P. would be there, or that my favorite DJ, Ninjula would be spinning, or that it would be at Ari’s bar the other door (who I barely knew at the time via another friend Clive and my first burning man). I just knew they needed a truck and we needed a cat.
I ended up staying till the end of the party at 2am, flashing lights, lasers, fog machines and unreasonably hard music kept us raging, then Pinguino and her crew loaded Grumpy Cat in my truck, and I drove her home. We talked for the 40 minute drive about photography and engineering and technical stuff, and became fast friends. Over the years we’d run into each other a bunch of times and I got to know Dave, her S.O. and Craig and Eliot, basically her whole crew via other events like hacker drinkup and Ninjapenguin, Spec.LA, etc.
Earlier this year I left the startup I was working at (Arrivo) because I didn’t agree with their vision for transportation (maglev), and though I think Hyperloop is a promising concept at its core, none of the current companies working the problem are focused enough on the guideway to really make a difference (save the boring co., props to Elon for constantly being so right). So now I’m thinking about what I want to do for the future, and most of the problems are big enough that software is a huge help. I’ve got a couple small robotics related software projects, and have setup a website here or there (like this one or swarf.io) especially for the odd practical joke (like hyperloopjuan.com, which is currently down) and I love the hacker ethos, break shit, make shit, do it fast, do it for the right reasons, information deserves to be free.
I didn’t know how Defcon worked, so I talked to some folks at Crashspace. Jay J. mentioned he had a room in a nearby hotel and would be down to split it. This was a huge opportunity for me, and Jay was very helpful in explaining how to prepare for the con ( for instance, that it was $240 cash to get a badge, and that was your ticket to the show ). I also reached out to Pinguino as I knew she’d mentioned she had been to Defcon. What I never asked and didn’t know was just how long Pinguino had been going to Defcon.
August rolled around and I packed up my truck to head for the con. I ferried some boxes up for one of Pinguino’s friends Tprophet (at the time I had no idea what they were). I made the long familiar drive to Vegas, that I had done so many times for work at Hyperloop.
It was really hot out, over 100 degrees for the trip. I brought soldering stuff and a scope in case any fancy electronic badges needed fixing or some scope analysis, as I’d heard there was a fair amount of hardware hacking to do at the con. I dropped the boxes to Tprophet at a small hotel just off the strip. He mentioned his room had backed up with sewage and so it was a bit of a walk from where we were to the new one, so I wished him well and he went on his way with the boxes, mentioning they were for a challenge he was running and I should give it a shot (I didn’t know the name of the challenge though, so unfortunately I never tried it, but found out it was called Telechallenge later, and it sounded awesome).
I pulled up to Bally’s around 6 in the evening on Wednesday. When I got to the hotel room I asked Jay if it was safe to turn on my phone. He said we were in Ballys so I probably wouldn’t get hacked, and I should at least install a VPN and keep off the wifi if I wanted to be vaguely safe. I picked up the VPN he recommended (which seemed reasonable, and worked well) privateinternetaccess. I grabbed dinner with Jay at Ceasar’s food court (kung pao chicken yum) and then went with him so he could get his badge for Queercon (a LGBTQ sub group of Defcon). Queercon had some amazing electronic badges and a pre-party that night for VIPs and folks that ordered the electronic badges. Unfortunately I didn’t have an electronic badge and couldn’t get in. Here’s where the fun starts. the QR codes for Jay’s badge order got fudged in the mailmerge (he had a bunch of the same code, and had ordered 1 electronic and a few non electronic badges for friends), so we got to go into their ops hotel room and watch while they tried to sort through what had happened in their database. About an hour of this and they decided they knew he paid for badges, and despite not being able to fix their point of sale system, they gave him the badge, and gave me a VIP badge for waiting around. This got both of us into the party. (yay for social engineering :D)
I was impressed, they’d managed to set up a two story suite overlooking most of Vegas in Ceasars, just for Defcon, and had a crazy laser projector and sound system (the laser controller had a square 30″ touchscreen, and was intense). Also, it was open bar, which was pretty nifty. Most of the folks at Queercon were super friendly and we hung out while they tinkered with their electronic badges (they had a puzzle, and could wirelessly hook up to each other). Jay took some polaroids (as he’s known for :D) and later in the night the party started to get a bit crazy. I wanted to get to the rest of Defcon in the morning, get our badges in linecon and we both had some talks in mind, so around 2 we split for Bally’s (it was still very hot outside). Got to bed around 3:30. Right before bed, we heard there were over 100 people camping in line for badges. Linecon underway, Defcon was tomorrow. Full of excitement and expectations in a strange bed, I could barely sleep.
Part II: Defcon 101 (Thursday)
The next day (Thursday) we woke up at the crack of 8 am, and shuffled over to Ceasars in the sweltering heat, crossing the two pedestrian bridges that span the strip and flamingo st.
We both commented in amazement that no air conditioned tunnels had been built between the casinos, and I mentioned the loose subsoil combined with caliche, a natural concrete material dispersed in intermittent shelves at varying depth below the Nevada Desert, would likely make horizontal tunneling difficult, as hang time in the loose areas would be abysmal and drilling through caliche layers would be extremely difficult and happen unexpectedly. In much the same way machining intermittent cutting is much harder on equipment than consistent tool loading. But if there’s a tunneling engineer out there who knows more than me about this, I’d love to better understand the geotechnical conditions under Vegas and how they relate to tunneling there.
We walked through the maze that is Ceasar’s and ascended the long escalators to the convention floor, and were quickly shoveled into the registration area by funnel of bollards and Goons, Defcon’s red shirted hacker staff. Upon entering the huge registration room, we each waited for about one person in line in front of us (there were probably 15 parallel lines). Pulled our wads of cash out of our wallets, watched each bill was counted, handed plastic bags with our Defcon Badges, then summarily kicked back to the conference area. The whole ordeal lasted probably 5 minutes. The bags contained in addition to an electronic badge and batteries: a nice sticker pack, a really cool and amazingly illustrated comic book that contained the events, talks, groups, parties, and how to get on the wifi without getting hacked ( I just didn’t, but who knows if the LTE in the area was compromised…) and a CD that I’m hesitant to put into anything with logic, but I assume is music.
I downloaded the hackertracker app (over the vpn which was a bit slow), and we found our first talk to go to. It was in the flamingo hotel, so we walked over another bridge, up a single escalator, and walked about the entire length of the hotel to enter the track 3 conference room. It was cavernous, and probably spanned 300×100 ft with seating for over a thousand. There were multiple screens across the room (for those in the back) and a live video feed was playing on them. We watched a talk about bios rootkit hacking, which mentioned some tools and some command fu to make it easier to exploit the bios to reach arbitrary memory and start installing rootkits below where most of the security programs look, down in the drivers and directly on the hardware. It was part of the hacker 101 track. I figured it would be a bit more basic (I got lost quite a few times), but if I went back and looked at the presentation it was solid enough that I think I could at least attempt to replicate some of the stuff the speaker was doing, and he explained it pretty well.
We popped out and grabbed lunch, then made it back for the Hacker 101 panel. We caught the tail end of a talk about the hackertracker app, where the people working on it described improvements from last year.
Next up was the Hacker 101 panel. This was pretty great, and covered the basics of Defcon, by some pretty experienced hackers. I learned we’re all noobs, to not be a jerk, and about 3-2-1 or, 3 hours of sleep, 2 meals a day, 1 shower a day (minimum). I also learned that everything presentation wise is hosted on a media server, and most of the talks get posted to youtube by the end of the year, so don’t worry if you miss something the first time. There are also some talks (called airtalks) that aren’t recorded, and you’re not supposed to have phones on in (so bring a notebook :D). The panel leader reminded us noobs not to heckle the speakers, at which point the panel began to heckle the leader. This continued for 10 minutes, and the audience later participated. At the end of the panel they gave about 30 hackers their handles. I considered raising my hand to get one, but realized I’ve been going by risknc on the internet forever, and it’s a pretty ok handle.
Robotics Invention System Kyle N. Cothern, or, the lego kit I wanted for Christmas when we got AOL in the house, and my initials).
By this time it was around 5pm, and I’d found out that Pinguino, Dave and crew had arrived, and boozephone was starting up. Check out Beerocracy for more info on Boozephone happenings.
I had found out about boozephone a couple weeks earlier and was excited about helping out. boozephone is a service a few hackers run to deliver booze to other hackers (for free) if they call a number on the boozephone card. Cards are distributed to cool conference attendees when dropping booze to cardholders. A bunch of operators and a dispatch run the service, and many hackers donate to the boozphone cooler backpack.
In the chat, they’d mentioned that they were headed to ceasar’s to get started. I wandered back over from the flamingo, but couldn’t find them, and the text chat had stagnated. I was getting hungry and was a bit bummed that I couldn’t find anybody, so I went over to the food court and grabbed some asada fries for dinner (yum). On the way back to the front, I saw pink hair going up the escalator and guessed it was Pinguino. As I ran over and jumped on the escalator, Dave’s shiny bald head came into view; with two factor back of head auth it was the right pink hair (there are a ton of pink haired hackers at Defcon). I continued up to registration where Dave and Pinguino picked up badges, mingled with the staff, then we rolled to a room upstairs to plan for the night.
This room was where I got set straight:
So, it turns out the speakers the day before had failed to mention exactly what Defcon was, or maybe, more likely, they had alluded to it without outright saying it: Defcon isn’t about hacking, it’s about hackers meeting each other.
(suffice to say, big parts of it are also about hacking, but there’s only so much you can do in 4 days. The contests seem to be about doing as much as possible in 4 days :P).
And what better way to meet each other than a party.
When we got to 1446, it seems like any other hotel room ( though fancy, and a bit bigger with a couch: it is Ceasar’s palace after all). But the people inside that room (and the ones that met us there) made it very interesting. 4 Items and one concept really stuck with me for the rest of the con from that room.
First, another hacker showed up with a Hack for Satan Badge that was totally rad.
Second, I was handed a black card with ornate silver embossed iconography: an olive branch wreath and the roman numerals XXII on one side, and nonsensical text about neutrinos and robert wolf on the other, that had letters missing and replaced with dots. This was the Challenge Badge
Third, an HTC phone with the model Ninjatel under the glass on the bottom.
And Fourth, a member of Pinguino’s crew arrived late with a bottle of rank moonshine covered in fur with a real hoof at the bottom (henceforth we will refer to this as “hoof badge” and the contents ” hoof juice”)
After some chatting intros, getting loaned a battery for my giant LED badge by Stan (another first time Defcon noob), checking out and talking about these items. I asked everyone what talks they wanted to see most. This is where I learned the concept of Defcon.
Pinguino says [paraphrasing here it’s been a few days]: “We’re not here for the talks, if we wanted to see those we could watch them on youtube, how many talks have you seen? (to everyone in the room)” the answers rang back like the heckling from the talk earlier that day “oh I’ve been going for 10 years and I think I’ve been to 1” and “does going to heckle a friend count?, I think 3” some of the people in the room were goons (long time attendees that had been inducted as staff) and even they had only been to a few. And they were all proud of this fact. Lower numbers were considered better, like golf.
That’s when I realized: hackers are meeting all the time online, so talks are kind of an outdated mode of interaction to just transfer information about hacking, if you want to share something, you just send a file or jump in an IRC chat, seed something on bitorrent or throw it on github. What you can’t do with high fidelity online is meet random people and hang out / socialize with them over drinks, or easily share feelings, emotion, dance, and gain trust. All the things that are fun to do in person is what Defcon is about.
I also realized that almost everyone in the room had been going to Defcon for 10-20 years and knew just about everybody. And that I had fallen in with a completely badass crew without even really knowing it. This was rad. I didn’t appreciate how rad it was at this point.
Somewhere around here is when I remembered that Pinguino had mentioned a challenge she’d put out to find a secret message on a BBS she’d recently setup. So I opened a newly installed telnet client on my phone (called ftelnet) and navigated over to undercurrents.io, After some beautiful artwork and a registration page, I was in. I navigated around till I found the message, and told Pinguino the secret word. At which point she handed me a sticker pack she’d made a bunch of for people that found the code. I was stoked! In the room was Rich, the guy who’d setup the backend of the BBS and was maintaining it. It is a very slick BBS, and mad props to him for putting it together. After that we hand out a few Boozephone cards to the folks in the room and head to the first party.
This is where Defcon got AWESOME!
Erin (the hacker that brought hoofbadge) after a convo about the glorious bidets of Defcon, disappeared into the night, not to be seen until my last party of Defcon. But he left the moonshine, which soon became my first new badge. #badgelife we gathered the boozephone and headed for the lobby. Off to the Nobu Party.
When we get to the casino level and the doors open, none other than Samy is waiting at the bottom in the Lobby. He was actually headed to the room we were hanging out in so we absorb him into our group and head to the Nobu party. There’s a big line at the elevators (it’s a separate tower in the hotel) and there’s a front desk for the set of them (seems like the entrance is a bit private), but somehow we just walk past the line and are waved through (I’m not sure if this is because of Pinguino’s broken foot or someone knowing someone, I later find out that we used the excuse of going to another friend’s room who was staying in the tower to get in the elevator, then just knocked on the door to get in the party). We head up. We’re not quite sure what floor its on, but we push on. We come to a suite at the end of the hall next to the elevators and knock. There’s loud music coming from the other side. We knock again. Someone peeks out, asks who we are, takes a good look at the group, then lets us in.
Inside we’re on a porch overlooking a large two story room, adorned with vaguely Japanese artwork and architecture. Large couches and a pool table covered with cloth and being used as a buffet for edamame, sushi, and shishito peppers can be seen from above. A sweeping window makes up the back wall of the room in front of us, it’s mostly covered by curtains, but the middle is open and you can see all the way across the ceasar’s complex to the strip. We’ve arrived at the Atradies Partners Party (which, consequently, I didn’t find out the name of until we were wander downstairs and saw a large banner. We navigated the spiral staircase at the far end of the porch and grabbed drinks at the open bar. A group of about 40 people were already at the party, and various attendees were already in the 5 or 6 rooms attached to the suite, chatting about life, work, and the first day at the con. I had a long conversation with Samy about startup life, his Defcon experiences, what I should check out (he recommended the hardware hacking village) and ate some really bomb shishito peppers. Pinguino introduced me to a few people and we chatted about Defcons past and how parties work in general. Nobody really knows who the Atradies partners are (correction from Pinguino, Rich does), but they’re rad people for throwing the party. We have a couple more drinks and then leave around 1am.
Everyone’s pretty hungry and someone mentions momofuku, but we realize it’s closed as we leave, and decide on hash house a gogo over in the flamingo
We run into a couple hackers from Austin Texas and Canada on the way over to waffles, and I find that more than just a couple of the group are Canadians 😛 Surprisingly, me and Pinguino are the only ones to order maple syrup chicken and waffles. We chat about living in weird cities, how hot it is in Vegas, and flipside / the burn. After getting my food, I eat about half (it was huge). Pinguino explains the gear I muled up was for Tprophet’s challenge. It’s real late and there aren’t any more parties tonight. I get back to hotel around 4am.
Part V – Ciphers and Penthouse Pool Parties
I wake up around 11am with a moderate hangover. I text the boozephone group to see where we’re at, and see a message from Dave that they’re heading to circle bar to start ops and checkout Defcon.
I wander Defcon for a minute and find the crew at circle bar (Dave, Pinguino, Long and Craig) we hang for a bit while Pinguino catches up with some old friends. I offer everyone a drink from Hoofbadge, but not many takers. I hear a rumor that hotel staff are confiscating soldering irons in ceasers but it sounds a bit weird and isolated, so I think nothing of it. Pinguino and Dave need to go take care of some stuff offsite, so me and Craig take over boozephone.
We head up the escalators to the conference floor, and keep going all the way to the top. We wander the unending mazelike halls till we find the vendor area, all the while goons shout STAY TO THE RIGHT, KEEP THE CENTER CLEAR! We run into Redbeard (a goon and rad person in general), who says hi and chats for a while with Craig. We also run into another friend who happens to not have a Defcon badge. Someone gives him a hack for satan badge (as a disguise until he has time to swing back to reg.) Me and Craig party shuffle through the vendor area, checking out the rad 80’s style Defcon and hack shirts, pondering new EFF memberships, (you should get one!) and checking out the wifi pineapples. I later hear the proxmark is where it’s at, but there’s all sorts of tools available for hacking RFID / NFC, Wifi, Bluetooth, physical locks, you name it.
On the way back to meet Pinguino and Dave at reg, we run into some thirsty hackers on the escalators. We give them the Beerocracy spiel about filling out forms in triplicate and getting their booze consumption licenses, at which point I give them our card and Craig breaks out a couple cold ones, they walk off happy campers. We also drop some beers to off duty goons, and give a friend in registration a redbull. (I think it was either cstone or woz, I can’t remember).
We ping Pinguino and Dave, who are back from their errands. First we’ll head to the Cosmopolitan to meet up with the Toorcon / Toorcamp folks, then we’re going to go to the moth party ( which I later found out was the white ops or rift recon party ). We make our way on foot from Ceasar’s to the Cosmopolitan, a reddish haze envelops the sky, it’s very hot and the sun is setting. A light breeze from the west fills the air with the harsh smell of burning wood, drifting through Vegas from the California wildfires.
We find the chandelier bar via a glass elevator, floor 1.5, and walk the perimeter looking for the hackers. We’re far enough away from the main con now that most people are in normal clothes, but we spot some black shirts with white text and know we’re in the right place. It’s a bit early for the party, so me and Craig sit down and break into boozephone for a couple bud lights. (the bar drinks are $17 and we’re cheap). We talk to some folks from Toorcon for a few minutes but they leave. We’re not sure where the rest of the party is, and the drinks are so expensive that we consider bouncing. Right about when we’re going to leave, Pinguino, Dave, and Long show up, along with the rest of the party. I go to order one drink ( I feel kinda bad sitting in a bar with outside drinks :P), and the hostess tells me it’s all covered.
Party on.
Samy shows up in a green tracksuit, and tons of people are suddenly there. Drinks start flowing, and boy are they strange. One comes with a bottle that says drink me and a flower that says eat me (after Alice and wonderland), it’s fancy and great. Another drink tastes kind of like a sweet coconut curry and has fried basil in it. I have a short conversation with Samy and another hacker about current events and various hackers getting arrested over the course of time. Samy actually got banned from computers for a while. I ask Samy what’s up with the tracksuit, and his explanation is, last year, at this same party, in this same bar, he saw someone from Toorcon with a yellow tracksuit, and thought it was so good that he had to have one, so he tracked down the person that made the tracksuit and got them to make him one ( it was another attendee of toorcon).
Dave hands me the best Bahn Mi sandwich I’ve had in years, and explains he has a system for choosing the best Bahn Mi,
It’s gotta be
- less than 5 dollars
- wrapped in parchment with
- a rubber band before he’ll even consider it.
Pinguino lays out the plan for the evening. We then take to putting tiny messages in bottles to hide around the con and let people find. They lead to a cool BBS that Pinguino and Rich (one of the guys from the first room party) setup prior to Defcon, and if you find the message there, you have to go find Rich or Pinguino, and give them the password, you get sweet free stickers with art from the site that’s signed, and a boozephone card! The party starts to wrap up as we finish bottling the messages. I stick a couple in the bottles from the Alice in wonderland drinks, and the hostess doesn’t notice when she buses the table. I hope some dishwasher found that BBS.
There are about 8 in our crew now ( Stan and a couple others joined us at the Toorcon Party). We shuffle out the back door of the cosmo to find a lift to the palms (which is off strip) and just miss a party bus. The attendant tells us to jump in taxi’s , but there’s an hour wait. So we find a hummer stretch limo. We bust out the hoof juice and limo journey is on. It’s way too big and everyone is sprawled out laying on the seats. The ride is fast, and one of the people in the limo with us puts it on a company card (yay for that). I get a loaner battery pack for my giant LED badge (it died at the Toorcon Party) and the group heads up the elevators to the party.
We get to the door, knock, and a security guy pops out to ask us for our invites. I guess there was a challenge affiliated with the party, but we all just pulled out the moth cards we were given at various points in the previous days. There are about 4 cards and 8 of us (I actually had one from a guy I met at circle bar with hoofjuice the night before). The doorman shurgs and lets the whole group in (yay).
The DJ for this party is Keith and a second DJ James Ford who takes over while Keith runs around the party most awesomely as his own hype man. Keith is one of Dave and Pinguino’s friends, he’s wearing a great pornhub t-shirt. The crew had made hats and shirts with the lyrics to the song “Fast Cars ” a song that Keith used to play alot and now is annoyed by, they all go in the back room and put them on, and filter out onto the dance floor. Keith doesn’t notice for an hour or so… Everyone is dancing, and we’re way high up in the Palms with sweeping views of the strip. There’s a pool on the porch. (yeah… pretty wild) and the whole back wall of the room is glass. An open bar in the kitchen is backed by a huge dining table covered in pizza’s from costco.
I have a long conversation with a radiation safety expert on the porch, talking about Xray inspection sources, Yucca Mountain, and my friend’s fuser in his garage. It’s a stunning view outside. When he leaves for the night I head back in.
Keith notices the shirts and freaks out, he totally loves it, everyone laughs and he blasts Fast Cars. Here’s Pinguino’s recounting of the moment: “So the troll worked like this: we printed each line of the song onto a different shirt. and then tried not to bring attention to it. He immediately saw “boom” on Crackerjack’s hat and knew what it was, and walked over to (Craig?) and totally didn’t notice Craig’s shirt cuz it was covered in badges. Eventually he noticed and thought it was a super rad joke”
Redbeard and Holly are now at the party, and the challenge party tomorrow night comes up in conversation with Stan and Redbeard.
I’m a total noob, and so I assume the ciphers are so hard that I’d never have a shot, and have been holding onto my badge for a couple days now without trying it. Stan mentions he spent a few hours trying to solve it with a friend and is totally stuck. Holly mentions she solved it with google (damn spiffy) and is on stage 3 already but stuck, so we pull in Almus who explains google wasn’t the answer for the first stage, and to just pay attention to what’s between the dots. I explain my theory that it’s the char count between the dots translating to some alphabet. (this is a WAG), and Almus hints I might be onto something (I’ll take it).
So I break out a laptop.
For the next two hours I transcribe the text and try different ways of counting the letters between the dots. I notice a pattern, and get the first riddle solved. I head back to the dance floor and dance for a minute, implement a rad new badge that will be prominent at Defcon next year (secret) and keep partying.
I head out onto the porch and meet a guy who’s way into cellphones and hacking them. Somehow we got on the topic of my background and I explain hyperloops and spacexes ( This always goes on for a while, but people like the stories and keep asking questions, so I oblige, not often do you get to hear what happened at big rad companies in the early days ). I head back in cause I don’t see any of the crew.
Keith has retired to the pool and the music is just running itself. Pinguino is tired and the crew is ready to roll. Craig makes an epic blockchain necklace from unused wristbands scattered on the pooltable. I grab an uber and Craig piles in with me to go to Ceasars and troll OG circlebar at now, 4 am. Pinguino and Dave jump into an uber pool with Long and head for the flamingo. Comically their uber pool is shared with a guy from san diego with an attitude and a prostitute, and he doesn’t seem to get that she’s a prostitute, she gets upset and leaves him, he is befuddled and exits the uber pool not understanding what just happened.
Our uber rolls up to the front of Ceasars, we head in and run into MrBot, who does some magic before our eyes, making a giant challenge coin disappear! I meet DD and John, a hacker and a goon who are also hanging in the lobby. Craig wanders off somewhere and a random attendee approaches john, shakes his hand, and says thanks so much for making Defcon a reality. John realizes they’ve mistaken him for Dark Tangent (the founder of Defcon) and is reviled. Me and DD poke fun at him for a bit, we all share a laugh, and he heads off for sleep. I hang back with DD and we discuss penetration testing and security process at microsoft back in the late 90’s early 2000’s for a bit. It sounds like quite a well developed process.
DD owns a business doing security testing with various clients, I mention I was thinking of starting a business and he explains to me it’s a terrible idea. This is a trope that persists across all tech, I’ve noticed over the years. He’s probably right. At some point I concede and head back to my hotel.
I wander outside, at 7am. The sun is up. I’m baked as I walk over to Bally’s. Tomorrow’s festivities include the <redacted> party among other things and I’m excited to check out what they’re up to. If I can just wake up.
Part VI – Sandstorm & The Challenge Party
I’m groggy as hell and it’s 11am. My phone alarm is ringing like none other. I jump out of bed and hit it hard. I’m up* Today is the big day, the culmination of all the Defcon experience to date. I get the boozephone crew message that they’re headed to <redacted> where Pinguino’s going to give a talk on ASCII art, and then we’re going to hear about Rich’s Taint.
On the way to meet everyone to go to <redacted> I run into Craig. Dave sends out a message that boozephone is low on beer. At this point, I’m starving, and decide more of that sweet sweet Bahn Mi would be good, and I could pick up beers at the same time. I tell Craig I’ll meet him at <redacted> and jump into an Uber.
About 10 minutes later I pull up to the most amazing hole in the wall Bahn Mi spot I’ve been to: Dakao Sandwiches. It’s 110 degrees outside and I wander into the store. It’s a bit dilapidated and was probably built in the 70’s, two old men play chess on a table in the front window, and the AC struggles to keep it a cool 75 or so. I wait in line behind one customer, and order a smattering of pork, beef, chicken, and house special sandwiches (six in all), the total is 18 dollars (buy 5 get one free). I pay the man and wait at the only other table in the place. The guy before me picks up a pile of about 15 sandwiches and heads out.
I’m getting excited for this, thinking of the amazing half sandwich I’d had the day before. Perfect crunch outside and softness inside on the bread, just the right amount of cucumber, jalapeno, cilantro, meat, sauce, carrots and onions so you don’t have to mess with it, and about 24″ long. So good. A man walks in with what appears to be 8 beef sirloins cut extra thick straight from a grocery store and walks into the back. That’s some high quality, fresh meat. About 10 minutes later, my sandwiches are ready and my order is bagged. I walk out into the sweltering desert heat and hide in the shadow of the shopping center sign while my uber shows up. He takes me down the street to a liquor store where I buy a 24 case of bud light.
I escape with food and booze for the whole crew that would have cost easily over $100 on the strip for a cool $30.
I get back to Ceasar’s and head for the elevators, my detour put me out about 45 minutes. I’m the last to the <redacted> suite and Pinguino’s talk has already started. I knock on the door and a towering guy with long hair and a scruffy beard peers out at me through the crack in the door. I say, “I’m with Pingino and Dave, I’ve got beer for boozephone!” He seems unmoved by this, but then, lets me in anyways. I share the loot with everybody in the crew Load up Boozephone, and chill in a chair to eat my bahn mi.
This suite looks like it hasn’t changed a day since the 1970’s. It’s got brown chairs and the walls are a mauve color that screams classic Vegas. Everyone is very quiet and listens while Pinguino gives a hands on demo showing how to make amazing ASCII art. Dave, Long and one more person (may have been Stan) are chilling in 3 of the 4 chairs, I sit down in the fourth, and distribute the sandwiches, saving one for Pinguino and Craig. There’s an extra that I hand to the door guy and his face lights up (he’s happy). We chill eating sandwiches for a bit, Craig shows up and eats his. Dave says he’s heading out with boozephone as he’s got a couple calls. Craig and me intercept, cause we wanna go get some vendor swag and check out hardware hacking village. Dave tells us there’s another talk at <redacted> around 4, about Rich’s Taint. We head out. (we later find out, Rich never showed up)
This time, I carry the Boozephone cooler backpack. We wander over to the convention halls and go searching for the hardware hacking village. It’s way in the back. We ride a few escalators and distribute booze to thirsty hackers, and wander into the village.
First we check out a bomb diffusing challenge called the box. Over 400 people have failed so far with no successes. The current team has the box open and is faced with switches and wires to puzzle over. They die.
We move on to the next booth where MMCA and Charlie from Layer One have built a LED ball (called blinkyball) from multiple wedge shaped PCBs, they explain that it’s quite a marvel and is using some really great Panasonic Lipo Cells after I ask them about an old model that Matt P. had shown at Crashspace years before. It was mesmerizing.
We walk through aisles of hackers working on assembling badges and fixing others with soldering irons, and a couple tables where people display their sizable collections of badges from this year and years past. Entire folding tables are covered in badges. We exit the room and swing through the nearby drone hacking village, which is a couple novice pilots flying extremely small drones in a mesh easy-up tent. There are some good looking drones on a table, but after a few minutes we head back towards reg to find the wireless hacking village.
We wander about the wireless hacking village for a minute and check out the wall of sheep. Some people have already been pwn’d twice. It’s quite a show of antennas and they even set up a slick projection mapped DJ stand for the room. A lockpicking challenge went on in the corner, and after circling the room. We cleared out.
Next we wandered down the labyrinth halls of the Ceasar’s convention area towards the main contest room. A cavernous room with 6 or 7 sub areas opened up as we shuffled through the doors. Multiple CTF’s, a talk, a phone phreaking contest and a scavenger hunt were all going on simultaneously. A separate dark room for the really serious CTF was in the back, which we peered into, but wandered back out of quickly.
Across from the cruise lines telechallenge were the CTF guys we’d gotten a call from a couple hours ago and forgotten about. They saw the backpack and yelled at us, which constitutes a proper hailing of the boozephone. Craig set down the bag and I threw them each a cold one. They gave us some flyers for their contest, and we headed back to the flamingo to restock.
We ran into Pinguino and Dave in the Flamingo, handed off the boozephone, and popped into a mexican restaurant nearby to grab food. Mid dinner, someone set off the hotel’s fire alarm. A very loud klaxon and voice repeated over and over, telling us to chill out, but an emergency was happening. Eventually it turned off, but it solidly ruined the dinner conversation.
I headed back up to Dave’s room to chill prior to the night of partying, as going back to Balley’s was a bit far and the next thing was in the Flamingo. We filled up the Boozephone with beer and got a call to a room just down the hall (lucky). Turned out to be the lazerwolf crew, and we gave them some beers. They gave us a few large ish bottles of liquor in return, a positive transaction in boozephone terms. We headed out for Blanketfortcon and ran into the lazerwolf guys on their mobility scooters in the elevators (a true hack for the able bodied).
At this point I noticed a bank of payphones in the lobby of the flamingo (weird right?). On mentioning this, the old school hackers of the gang clambered onto the phones and started dialing maintenance numbers to try to get the dialback number for the phone bank. They managed to get one of the phones to ring from their cell. We all had a good laugh and headed off to Blanket Fort Con.
After a bit of wandering the long halls of the flamingo, we end up at blanket fort con. But it hasn’t started yet. Pinguino knows the organizer so we pop in a bit ahead of time and help set everything up. We unpack a bunch of adult fort building toys, set up some games and a DJ table, and a big crowd of hackers young and old starts to filter in. Half the room is dark and the other half is lit up for optimal fort building. There’s a low lying bounce house and some Nintendo games.
Chaos ensues as tons of hackers build towers, tunnels, boats and houses, and start to cover them in linens carted in by the hotel at the last minute. Some structures were a bit questionable. One tower even pierced the drop ceiling. The forts were cozy on the inside and quite a hit.
Out in the hall, other parties weren’t faring as well, and a bar on the porch had to shut down as a high wind storm suddenly moved in. Hotel staff was being miserly about people bringing their own booze. I helped cart in the equipment as the bar staff was short manned and it was a real doozy of a storm. We all got inside and hotel staff barred anyone from exiting until the storm had passed. Good thing, as a ~12ft long section of square aluminium tube (probably part of the fascade of the casino) plummeted from far above and gouged a few inch scar in the carpeting on the porch. Glad we got inside. Someone played sandstorm on their portable boombox in the hallway.
It was getting later in the night and the blanketfort party was winding down, so we headed to the monero party. This was by far the most packing in rager partying of any night of Defcon so far. The elevator banks at the ground floor had a line streching out into the casino. We managed to snag an elevator pretty quickly, and then there was a line from the elevator to the suite upstairs. Good thing I was rolling with Pinguino’s crew, we got let straight in, past the line. In the same bouncer breath of “we cant let anyone else in cause fire code you have to wait till more people come out” the 8 of us got waved past the line. It was RAD inside. Jacuzzi tubs filled to the brim with ice and top shelf booze, monero swag floating around everywhere, and the suite was packed! We cruised behind the DJ and danced like crazy. It was a solid party. We got down till about 2am, and then headed to the last triumph of the night, the much anticipated:
The Challenge Party
Then we went to the challenge party, which was the best party of Defcon and it was:
— redacted —-
I walked back to my hotel in the morning 100 deg. heat and took note of the googly eyes all over the Ceasar’s show adverts. I’d done it. I’d Defconned. And I had a real headache.
The next day was super chill. We got a big lyft and rolled over to the pinball museum in the afternoon. The pinball museum has over 100 pinball machines that all work and range from modern marvels to classics. There’s also a ton of vintage coin op machines and games lining the halls. I put $20 into a change machine and played for hours. Someone made me a ninja networks challenge coin in one of the “make your own coin” machines. I was stoked!
We grabbed Pho thanh huong next, and slurped down some warm pho broth and regaled stories of Defcon olde (I mostly absorbed them) I got to hear about that time some people got caught on a roof, and various livestock shenanigans, the ninjatel crew was quite a force to be reckoned with in their heyday, and some of the early scavenger hunt shenanigans were wild.
We rode back to Caesars and met one last time at the Circle bar. I said my farewells and headed back to my room to pack up.
I packed my things and loaded up the truck. I was excited for life again, and back on the road. New experiences can come unexpectedly and how amazing Defcon was genuinely surprised me. I’ve been to conferences and traveled about, I’ve even been to vegas a ton of times, but I had no idea just how crazy amazing that weekend was going to be. Seeing lots of familiar faces and meeting new people that were both genuinely smart, interesting, and a joy to converse with was great. I drove the four hours back to LA giddy and at peace. This was a real joy. On the way back I did read a few tweets and blog posts about casino staff entering rooms unannounced and unsupervised confiscating electronics in the name of security. This was pretty disheartening, and the community response was rightly outrage. I’d probably avoid the main convention hotels in the future for this reason.
I learned a lot a Defcon in 2018. Friends are where it’s at, and getting out there to meet new people can be very rewarding. It’s also amazing to rekindle old friendships through extreme party adversity, fighting to keep the night alive and running from DJ to DJ is a great way to bond with people who you thought you were already good friends with. Defcon isn’t about learning how to hack (though you can do that) it’s more about building friend groups and trust between individuals via face to face. The internet is a great place for self driven learning, but not so great for making friends. Defcon has shown me once again, stepping outside of your comfort zone and tackling new problems is where the most ground will be won. And one huge thing is, don’t underestimate the friends you’ve already got. I had no idea going in just how seasoned the crew was that I’d reached out to for help, but they showed me a great time, and really made it a blast for a noob like me.
On that note:
Black shirt, white text.
Hack the Planet
- RISKNC out!
Also: A huge thanks to everyone who was super nice and friendly and helped a new guy out! I was floored by how fun and welcoming the whole community was for a bunch of sunglasses inside hacker types.