DefCon32


[ Update: This was originally written for people based in the UK who are part of the same hacking/cyber groups/communities as me, however it’s now started to be linked in lots of places, and not all the info my be relevant to people outside that initial target group ]

[ Update 2 – a few tweaks now the venue has changed to the LVCC ]

So, recently I’ve found myself having the same conversation when I mention I go to DefCon. It starts with people saying “Oh, I’d love to go, but I’m not sure I want to go on my own”.

It normally turns out that it’s not people being scared of actually spending time alone, but just a lack of confidence in knowing all the requisite where/when/how things and want to have a buddy or group, for the comfort of collective wisdom.

So, whilst I don’t want to be a group organiser, travel planner or tour guide, I am more than happy to share my knowledge as somebody who travels to DefCon on their own and help others to give them the confidence that this is something they can do, and should they need it, there are people to help.

I’ve created a channel on the BSides Leeds Discord here and this page will become a living document FAQ.

Stuff you probably needs to know exist

When is it?

DefCon 32 is 8-11th August.

However …….

Thursday is mostly LineCon (getting your entry badge) and a few things start to open, just very little happens.

Sunday is far less busy than Friday & Saturday and by lunch time a lot of people are heading for the airport.

Also, DefCon is part of a series of events unofficially known as “Hacker Summer Camp” which includes BlackHat LV (2024 site not live yet), BSides LV, The Diana Initiative, QueerCon and a whole lot more, and they all overlap. So you may want to fly out earlier to do more, especially if you want to fit in the tourist stuff too. Personally I have limited time and I’ve done all the touristy stuff before, so I land Wednesday Evening and return Sunday Afternoon.

There are limited flights from the UK and the last 2 years the Wednesday LHR Virgin and BA flights to LV, about 1/3 of the flight seem to be hackers. However in 2024 Manchester is starting doing LV flights again which offers more options.

Where Should I stay?

I’ve done LV a lot, so have zero desire to do the touristy stuff and that impacts my decision a LOT. I normally stay in The Linq because it’s the closest hotel to the con floor. And the con is MASSIVE, you’ll will end up walking many miles each day, so the idea of adding extra walking to that, which is outside in the baking Vegas sun, is something I’d prefer to avoid. So I love being able to go from my room to the convention centre without leaving the airconditioned indoor shade. However, your milage may vary. Public transport is really good in LV, but even staying a couple of hotels away can make it a massive time sink just to nip back to your room.

Oh and DefCon attendees can get cheap room rates at several Caesar’s owned hotels on the strip.

Important Update : For ‘reasons’ Caesars Group cancelled DefCon’s multi-year booking with only a few months notice. The good news is it’s now in the Las Vegas Conference Centre, which is much bigger, so the queues are likely smaller) but it means the Linq isn’t as optimal as it was previously. However as it’s only one monorail stop away and still the party hub of the strip, we’re all still staying there, this year at least

So, how much is this going to cost?

Lets be honest, Las Vegas isn’t cheap. There are things you can do to limit the expense, but it’s a transatlantic flight to a city designed from the ground up to extract every last penny from you. Flights last year were around £1000, hotel around £200 per night, conference ticket is now around £370 and beers in the hotel bars can be $10 a pop!

Is it true tickets are cash-only and not pre-bookable?

That certainly USED to be true, not (as people suspect) because of a high incidence of fraud, but it’s a privacy thing. DT doesn’t want law enforcement (or anyone) getting the attendee list, so not recording the data is the the best way to not be forced to turn it over

However, it’s changed in recent years. Not only can BlackHat attendees purchase a badge before the event, there are now general online pre-sales that take cards (they stop about a month before the event though)

However, they don’t save you queuing, you still have to queue with everyone else to collect your badge, so all it really saves yous is carrying around almost £400 in cash. Additional: If you have a disability that makes queueing uncomfortable, let a Goon know and they generally find a way to expedite things

So, what almost everyone does is ‘linecon’ aka simply queuing up for you tickets. Linecon starts around 3am on Thursday and the queue starts moving around 7am. Now you don’t HAVE to be there that early and queue for hours, DefCon has never sold out, what has happened a couple of time when there have been supply issue is the fancy con badges (and 32 should be a super fancy electronic badge) run out and you end up with a paper badge instead, but this has only happened twice in a decade.

So why do people queue for hours? Well, line con is an experience, it’s a social gathering. People bring stuff to share (be that booze, board games or cool hacking projects), it’s a great place to meet people

But it IS optional. If you turn up mid morning you’ll likely have a 10 minute queue and also certainly still get a fancy electronic badge

I heard a lot about queues, how bad is it?

Last year had some of the worst queues I’ve seen there, but most are for the merch area (most hit this immediately after getting a ticket) and the stuff here DOES sell out quickly, and the vendor area, and whilst this stuff sells out quickly too, 90% can be bought online, so I’ve never quite figured queuing for 45 mins to look at stuff I could buy online.

Some popular talks have queues to get in and can get full, but you can see all the talks online later (or watch them live in your hotel room if you’re in one of the Caesars hotels) so why queue?

But yes, it’s busy, very busy, but it is fairly easy to find chill spaces. Personally I spend a lot of time in the Chillout Room (live DJs and people sat in tables of 10, sharing ideas , chatting and sharing stickers (or just hiding in the shadows). I also hide at the 3535 bar in the Linq hotel a lot

Update: We’re hoping the move to the much bigger LVCC means smaller queues this year … maybe

What are the ‘must do’ things?

Wrong question. Over planning will ruin it for you. There is far too much to do, if you try and fit it all in you’ll be disappointed. The only way to survive DefCon is be fluid. Expect the things that sounded awesome to be a let down, but the things you randomly stumble across to be cool beyond belief. Even plans for meeting people are hard, 90% of my WhatsApp messages during DefCon are failed attempts to meet up with people.

Just go with the flow and let DefCon happen to you! Don’t worry about missing stuff, accept you will miss stuff

Is the tech as hostile as I’m told? Do I need burner devices?

Hell no. The ‘open’ network at DefCon is intentionally a toxic hell hole, but they also provide one of the most secure secure public networks on the planet. I’m always more than comfortable using that. I’m not massively worried using the local 5g and free hotel wifi either.

Is it all mad shenanigans?

Hell no. The DefCon goons take security and safety VERY seriously, they will toss your ass for being a dick. And pray it’s the DefCon goons that find you first as casino security really don’t mess about, nor local law enforcement. Hacks are ace, but keep them responsible

There are mad parties, right?

Oh yeah! From the official free ones in the conference venues, to the ones put on by the villages, to ones put on by vendors, to ones put on by special interest groups to very secret ones. There are a lot of parties!

The lovely folks are DefCon Parties keep a tracker, but there are loads more to gatecrash by asking the right people! The 2024 list will likely start to fill out a couple of weeks before the event, but for tasters, here’s the 2023 list.

Stickers

Hackers love stickers and stickers are great ways of meeting new people, stickers and unofficial sticker swaps are everywhere! Be one of the really cool kids and get a batch of your own made up!

New for DefCon31 was the sticker wall, which started Thursday as a massive blank canvas saying “Sticker Me” and by the end of Sunday was this 147Mb monstrosity



BadgeLife

See this, cool hobby but damned expensive once you’re hooked.

So you always get a cool badge (more or less) alternate years your entry badge in a cool electronic badge (normally including many puzzles and toys), but why have one badge when you can have hundreds. There are now hundreds of people building, trading is selling their own badges at DefCon. Collecting them is cool, but can quickly consume your time and money!

A sample of DefCon 27 badges from https://hackaday.com/2019/09/19/pictorial-guide-to-the-unofficial-electronic-badges-of-def-con-27/

Is DefCon cancelled?

Yes*

* OK, no, it’s not. The origin of this meme is many years ago somebody saying “DefCon is cancelled, but the real hackers will turn up anyway” but has now just degenerated into a tradition of any mention of DefCon getting a response of “DefCon is cancelled“. It got even less funny in 2021 when the in-person event WAS finally cancelled due to covid.

Update: well, 2024 it’s ‘uncancelled’ as Caesar’s no longer wanted to honour the multi-year booking, however instead of being cancelled, instead it’s moved to the LVCC

Are the any gotchas for 1st timers?

ALWAYS follow the 3-2-1 rule. Min 3hrs sleep per day, Min 2 meals per day, Min 1 shower per day. Time is an illusion in Vegas, it’s very easy to forget self-care and end up a broken (and smelly) mess by Sunday.

If you’ve never done Vegas before, the entire place is designed to suck money (and time) from you without noticing. It gets expensive quickly.

Weed is legal in Vegas, selling it to tourist is much more complicated, the big shiney dispensaries on the strip are selling stuff with 0 THC. If smoking is your thing, get advice from the local hackers.

Vegas caters for every vice, but most of them are still illegal and you risk arrest and/or extortion. Remember the rule above, Vegas is all about sucking your wallet dry any way it can.

It’s hot …. really hot …. hotter than you can imagine. Indoors is air conditioned, outdoors will fry you. Take plenty of water onboard if you’re walking around.

Scam artists are common, free CD and club entry from street touts will see you muscled into a sizable tip for them.

Are you organising a Brits meetup?

Quite possibly, but it won’t be “organised” it’ll just be “we’re meeting at the 3535 Bar in Linq at this time, everyone welcome“.

Shall we meet up for food?

Trying to organise a group for food is a nightmare logistically somewhere so busy. Personally I mostly eat alone in fast food places as it’s 100 times easier!

Any tips on expensing this?

Not really, with all the talks being on YouTube soon after the event, don’t say “it’s for the talks”, besides the real uniqueness of DefCon is the networking and the villages. If your role has a security-related niche element, you probably won’t find anywhere better to find people working in similar areas. If it’s more general then you won’t find anywhere better for off-the-wall cutting-edge ideas to look into.

One thing to be aware of, compies tend to need recipets to claim expenses, DefCon tickets cash sales are intentionally not recorded, so reciepts are not given. However, they do make a generic official looking “print at home” receipt available onlne (here’s the example from DefCon 30 ).

Ok, I’m in (possibly), but have more questions and/or need more help, what next?

Well, we’ve now opened a channel on the DC151/BSides Leeds discord (where this first started). https://discord.gg/EnVkXJYV