BlackHat/DEFCON, Part 1: Travel Advice

I recently returned from a trip to Vegas to attend BlackHatUSA 2017 and DEF CON 25. While writing my travel blog I realized that I had a lot of stories, and a lot of travel advice. After working on it a little I decided it would be most useful to post the advice and stories separately. This post will contain all my advice for navigating your first DEF CON adventure. I will share stories in future posts. I am going to jump straight in because I have a lot to share here.

Packing

  • Never check bags if you can avoid it. Prevents loss, theft, or mishandling. If you check bags, keep all your valuables on you.
  • Pack light; leave room for treasure. If you plan on collecting lots of treasure then pack an ultralight duffel in your carry-on. They pack small, you can check it on the trip home.
  • Personal item should be a cross-body bag or backpack. Put your electronics and valuables in it.
  • Carry-on item should be a frameless soft-bodied item. It’ll hold toiletries and clothes; all your valuables are in your personal item.
  • Smaller airlines have tighter carry-on requirements and hard-shell and rolling luggage can be refused. You can squish soft-bodied luggage to fit.
  • Check out other people’s conference packing lists. They will give you an idea of what you should bring with you.

Laundry services in Vegas are scarce. You can get away with packing less if you know how to do laundry in the sink – something someone was kind enough to teach me. You just need a large enough sink and your shampoo.
  1. Half-fill sink with water. Put a couple drops of shampoo in the water.
  2. Swish clothes in soapy sink-water.
  3. Rinse clothes.
  4. Repeat steps 2 and 3.
  5. Wring clothes out as best you can.
  6. Roll up the clothes in a hotel towel. Stomp towel. This will soak up additional moisture.
  7. Hang to dry.

Cotton is comfortable because it is soft and wicks moisture, but it holds moisture and becomes odorous. Cotton clothes take forever to dry, even in well-ventilated areas. Synthetic fibers don’t absorb moisture as well but dry quickly and are less prone to stinking. If you intend on doing your laundry, pack a clothesline made of medical rubber that ends with hooks or carabiners. Braided rubber grips clothes without pins, and suction cups will fail. Once you get the routine down, laundry is super quick and you can pack lighter.

Often overlooked fact: Odor is caused by bacteria, which thrives in moist environments. Even if you shower and scrub every day, if people are complaining about B.O., it’s probably your clothes. Laundry is important.

Air Travel

  • Print your boarding passes. Unless you travel with a battery pack and can ensure your phone is always available don't risk electronic boarding passes.
  • The most surprising thing I learned about air travel is that American security is totally cool with you having lockpicks in your carry-on. Canadian security not so much, but they are nice about it. If you bring intrusion tools pack them all in checked baggage. If asked about your lockpicks, refer to lockpicking as lock-sport and always have practice locks on you.
  • Airport security has shifted focus substantially towards getting people through as quickly as possible. Shoes on, belt on. Sometimes stuff goes through x-ray sans bin.
  • RFID-blocking wallets will set off the metal detector. Even if the agents say it won’t.
  • Customs is all electronic now. Stop at a terminal, follow the prompts, give your receipt to the person at the exit. Quick, quick. 
  • If you drink lots of water like I do, you will have to dump your water into a garbage bin at every security checkpoint. This goes for all beverages.
  • If you’re travelling from Canada, you will likely go through TSA pre-clearance which is just US customs/border but before you take off rather than land. No special rules/precautions.

Conferences, Part 1: Planning

  • Never, ever, do BlackHatUSA on your own dime.
  • Book everything as far ahead in advance as possible. DEF CON 26 will be on August 9th to the 12th, 2018. Hotels charge for the first night when you make your reservation but everything else gets charged when you check-in. Booking ahead is always cheaper.
  • Do not do mobile check-in if any member of your party is under the age of 21. It will cause headaches. Just check-in at the desk.
  • If you have mobility or anxiety issues, book at Ceasers – and if you can manage it try to get in on the floors that have a direct elevator to the conference areas. This will make your life substantially easier.
    • If you have mobility issues, this lets you skip the casino floor the mess everyone else goes through to get up to the conference area. Take some time on Thursday to find the elevators.
    • If you have anxiety issues, booking at the Ceasers in any tower gives you a quick and free way to get away from the conference to your own space to recharge.
  • Most people’s first year at DEF CON is spent learning how DEF CON works and where to spend their time. Don’t get discouraged because you feel you didn’t get enough from your first year.
  • The villages at DEF CON are closed on Thursday for set-up, and close early on Sunday to pack up. As such the crowds are very thin on these days so lines are shorter. Take Thursday to wander around with a DEF CON map in hand and figure out where stuff is. 

Conferences, Part 2: Execution

  • Most important tip of all: Don’t push yourself. If you get anxious and can’t be on the conference floor for long periods, duck out and recharge. Under no circumstance should you force yourself to stay at the conference all day. You will exhaust yourself and ruin the experience if you do.
  • Never leave a good conversation to see a talk. Unless your employer sent you and you need to report on some talks to justify the expenses. Face-to-face networking is a huge deal, don’t pass up the opportunities.
  • Hotels partnered with DEF CON stream the talks to hotel TVs. Some people host small viewing parties for talks. If you are invited to one by people you know, you should go. It is good for networking and you can ask people about content you do not understand.
  • Bring business cards with basic contact information: name/alias, social media, business email. Asking for someone else’s contact information can make them uncomfortable. By offering your contact information instead you give them control of the next interaction.
  • If you are better known by your online handle than your real name, include your handle in your introduction. “Hi, I’m Amanda, @AwfulyPrideful on Twitter.”
  • Stay hydrated, bring snacks. You will have a better experience this way, I promise you. My personal choices are tap water (yuck, but free) and CLIF bars (trail food, keeps energy up sans meal). 
  • Taking pictures of the crowd is against DEF CON’s privacy policy. People are there to make memories, not evidence. Don’t be the asshole with the GoPro strapped to your stupid forehead.
  • Don’t interrogate people. If they’re dodging where they work or what they do, leave them be. Remember where you are, and remember that they don’t know you.
  • If you’re gossiping or telling stories, don’t name drop unnecessarily. People just don't appreciate it. You also seem more mysterious if you have secrets or "know someone."
  • #LINECON is real. Start lining up at least half an hour before a talk is scheduled to start. People in line in front and behind you are there for the same reason you are. You don’t have to lose networking time. This is one of the easiest ways to meet new people since you already have something to talk about.
  • #HALLCON is where it’s at. Go to a chill area and ask if a seat’s open at a table or unofficial-circle-of-people-on-the-floor. Listen to people’s conversations and ask some questions. Don’t intrude/eavesdrop on clearly personal conversations. You can enter a lot of conversations just by proximity.

Summary

Lots of stuff here. I covered how to organize yourself while packing, how to do your laundry, things to keep in mind regarding air travel, useful information for planning your time at DEF CON, and things to do and think about once DEF CON starts.

After getting out a lot of the advice here, I am rewriting much of the two blog posts I had planned. I can trim out a lot of the advice bits from those posts to condense my experience. I will talk about what DEF CON is like, and some of the stories I heard and things that I learned while on my trip.

Update (2018-01-12)

An updated version of this post is available on my new blog here. If you found this useful please consider tipping the author.

Comments

Post a Comment

Popular posts from this blog

InfosecN00bs, Part 1: Press Release

Image
UPDATE 2017-07-29 This post previously stated that @BretMattingly was a member of the leadership of @InfosecN00bs. Just before Defcon BretMattingly stepped away from @InfosecN00bs for unstated reasons. After this blog post was originally published, he took the concerns to @Hacksforsnacks_ and @K_5m00th, who did not want to return funds raised, issue a statement regarding the matter, or take any corrective actions. The fundraiser was done under @Bretmattingly's name because he was being set up to be the fall guy for when everything toppled over. Original Post The twitter account @InfosecN00bs  has posted an official statement regarding their failed crowdfunding campaign after a few people publicly questioned where the money was being used.  The @InfosecN00bs group is run by @Hacksforsnacks_ , @K_5m00th . Official Statement: Part 1 Official Statement: Part 2 To be perfectly clear: This is a press release statement playing damage control. @InfosecN00bs is a
Read more

Asus Chromebook C201

One of the many things that I paid attention to as I walked the halls of Defcon nearly a month ago was the devices people used for the capture-the-flag (CTF) events. During my first walk around the contest area I noticed many people sat against walls or such with macbooks. On later passes I started taking note of the devices that other people were using and a common one was the Asus C201 chromebook. Chromebooks are basically low-spec linux laptops designed around the use of Google Chrome. Though like many linux devices once you gain access to a terminal you often have free reign to alter the system and gain access to powerful command line tools. About a week and a half ago I picked up an Asus C201 for about $250 CAD. I will talk about what my typical use case is, what I wanted out of the C201, what my experience was, and a walk-through of how I set mine up to meet my use case. UPDATE:   Sarah Jamie Lewis wrote a thread on twitter adding her 2.5 years of experience to this s
Read more