This is the 2.0 version of my previous Defcon Prep Guide. Every year more people ask me about attending Defcon for the first time. Many are intimidated or not sure if they should attend. I hope to address their concerns and sway them toward checking out Defcon.
Should I Attend: This is probably the first and most frequent question I get about Defcon. There is a lot of lore and hype around Defcon much of which is earned and deserved, but you don't have to be a 1137 black hat hacker to go to Defcon. Defcon has something for everyone, and I mean everyone. Defcon is usually broke up into 4 tracks that are loosely themed and diverse. So diverse you can generally find talks that interest you in any of the tracks. Check out this link to Defcon 24's schedule to get an idea of what the talks are about.
But the talks are just a small portion of a much bigger convention. As a first time attendee, I would recommend spending most of your time in the different villages, and competition areas. These are smaller convention within the convention where people who are interested in anything from Ham radios, to social engineering, to car hacking can spend the entire day hanging out with people who share their interests. Here is a link to Defcon 24's Village Talks.
It may seem overwhelming but just find something that interests you and don't try to do everything. Oh ya and drink some beer, there will be a lot of it.
Should I Attend: This is probably the first and most frequent question I get about Defcon. There is a lot of lore and hype around Defcon much of which is earned and deserved, but you don't have to be a 1137 black hat hacker to go to Defcon. Defcon has something for everyone, and I mean everyone. Defcon is usually broke up into 4 tracks that are loosely themed and diverse. So diverse you can generally find talks that interest you in any of the tracks. Check out this link to Defcon 24's schedule to get an idea of what the talks are about.
But the talks are just a small portion of a much bigger convention. As a first time attendee, I would recommend spending most of your time in the different villages, and competition areas. These are smaller convention within the convention where people who are interested in anything from Ham radios, to social engineering, to car hacking can spend the entire day hanging out with people who share their interests. Here is a link to Defcon 24's Village Talks.
It may seem overwhelming but just find something that interests you and don't try to do everything. Oh ya and drink some beer, there will be a lot of it.
When is Defcon: Its normally held towards the end of July or beginning of August. It's a good idea to get there a day early, usually Thursday, to buy SWAG and get your badge because it gets super busy the day of.
ProTip: You will want to go down Thursday morning or stay up parting Wednesday night to get your badge. People start lining up around 4:00am for the Convention passes.
ProTip: You will want to go down Thursday morning or stay up parting Wednesday night to get your badge. People start lining up around 4:00am for the Convention passes.
How Much is Defcon: The registration fee goes up a little every year, and they will post the fee as we get closer to the Con. Most everything at Defcon is cash only including the ticket, and for the love of god don't use an ATM any where near the convention.
- Registration: $230 to $250 (just a guess)
- Hotel: Defcon room rates differ depending when you book, but Defcon usually negotiates a good price.
Where to Stay: Staying at the hosting hotel is a must. It's nice to just head up to your room between talks, and attending the late night festivities are a breeze since you only have stumble to the elevators. Reserve your rooms early for Defcon, the hosting hotel sells out quickly.
Added bonus; If you stay at hosting hotels Defcon will stream the talks and schedules to the hotel rooms. This is not always guaranteed especially when they move to a new venue, but they usually work it out.
What to Bring: A few essentials I bring to Vegas.
- Snacks because eating at the CON can get kinda pricey, plus a lot people save the money for drinking.
- Buy a cheap throw away cooler for refreshments and ICE in the room.
- A laptop "AT YOUR OWN RISK" If you bring your laptop do not bring it to the Con, leave it in your room and even then disable your wifi, bluetooth, and do not use the hotel Internet. Defcon's network, including the hotels, have been deemed the most hostile network in the world. Even the cellular network is hostile and usually sucks anyway, "Thanks Ninja Tel". That being said, if you have a fresh wiped laptop and you want to partake in the festivities bring it just don't use it for anything other then hacking, and reformat when you get home.
- Cell Phone, if you have an old school flip phone bring it. If you bring your smart phone make sure to turn off the radios, i.e. wifi, bluetooth, etc. Nothing is safe.
- Aspirin for obvious reasons
- Your finest hacker tees, there kinda a big thing, and a comfortable pair of shoes. You will be standing in some lines, imagine a Disneyland for hackers...
Useful Links:
- Defcon Website -
- Youtube Defcon Videos -
- Bio Hacking Village -
- Crypto & Privacy Village -
- IOT Village -
- Social Engineering Village -
- Wireless Village -
- Car Hacking Village -
- Lock Picking Village
Twitter to Follow:
- @defcon
- @DEFCON_NOC
- @wallofsheep
- @DC_HHV
- @toool
- @dcib
Hope to see you there, you can hit me up at @hackercult on twitter and the convention
So the congress and senate decided to look out for its constituents and protect the privacy of the people who put them in office. In the immortal words of Borat, "NOT"! The repealing of the FCC's Broadband Privacy Rules only benefits the internet providers. It actually provides a substantial revenue stream for big business, Comcast, Time Warner, ATT, .etc. that did not exist before. One of the analogies used to justify the vote was, "it evens the playing field", what they meant was because the Googles, Yahoos, and Facebooks, can use your information to deliver targeted ads why can't we (the ISPs) do it?
Well let's start with the reality. Today Google does deliver targeted ads from information they gather through browsing history, email, etc. For most this is a trade off for service. Google can provide the most popular free email client and web browser in the world because of the advertising they sell. When you sign up for Google or Yahoo, you are the product. That is a well understood concept, and most people are willing to trade their information for free services. This is where the level playing filled analogy breaks down. ISPs such as Comcast or Time Warner charge for their services, and in most cases a lot. Its true they have been monitoring your traffic, just ask anyone who has received a cease and desist letter after a torrent download. Now they can act on that information, they can start injecting adds into your web browsing, selling your non identifiable browsing data, and collecting everything you do online.
So what impact does that have ultimately on the users? In the short term for the average user maybe not a lot, but these are different times. We should trust our ISP to be responsible for our privacy, but with the collection of this data it makes them a rich target not only for hackers, but the government. Think about a world where the government in conjunction with the internet providers have identified every person using the internet. With their browsing data is able to conclude their illnesses, banking information, relatives, sexuality, hobbies - I challenge you to think about your life and what if any part you have never searched on the internet or uploaded to social media.
That is an extreme example, I hope, but very plausible. Our privacy and freedom of speech is a cornerstone of America and to just give it up to benefit- lets face it- horrible companies make more money seems like a stupid thing to do.
Check out these links if your interested:
EFF Electronic Frontier Foundation
ACLU American Civil Liberties Union
Bruce Schneier Schneier.com
cloudwards.net
Please check out the EFF's Surveillance Self-Defenense site. It has a ton of tools and information to help you understand and what to do about your online privacy. Of course it was original put together to aide individuals in repressive regimes, but maybe thats where we are at.
https://ssd.eff.org/en
If your a techy and do it your self kind of person, here is a link to Open VPN's AWS guide to deploying your own VPN server in AWS. If you want to give it a try AWS will give you free year and OpenVPN includes a free 3 device license with their OpnVPPN Access Server. It was really easy to set up and it will work with PC, Mac, IOS, and Android.
Open VPN Access Server on AWS
The Blue Bayou Gumbo Recipe
A friend of mine gave me a copy of Disneyland's The Blue Bayou Gumbo recipe. I have not yet tried to make this recipe, but I have eaten my fair share of Blue Bayou Gumbo and it is Delicious! I also included a scan of the original recipe at the bottom.
Ingredients:
1 cup Flour
1 cup Butter
Directions:
In a small pan, over medium heat, melt the butter and mix with flour.
Stir to remove lumps and cook, mixing constantly, for a few minutes until dark brown.
Cool at room temperature and set aside for later use.
Step 2: Meats
Ingredients:
1 oz Olive oil
1/2 cup Chicken chunks
1/4 cup Tasso ham
1/2 cup Andouille sausage, 1/4" portions
Directions:
In a saute pan, heat and sauce the chicken, ham, and sausage.
Set aside for later use.
Step 3: Vegetables and Spices
Ingredients:
1 oz Olive oil
1/4 Cup Celery, diced
1/4 Cup Green peppers, diced
1/4 Cup Onion, Chopped
3 tbsp Garlic, Chopped
1/8 tsp Bay leaves, ground
1/8 tsp Thyme leaves, dry
1/8 tsp Oregano, dry
1/4 tsp Onion powder
1 Gal Water
2 oz Chicken base
Directions:
In a 2 gallon sauce pan, heat the oil and lightly sauté the vegetables and herbs.
Next add onion powder.
Then add the sautéed meats from step 2, water, and chicken base.
Bring to a boil.
Step 4: Gumbo
Ingredients:
1/4 Cup Tomatoes, diced
2 tbsp Green onion, diced
3 oz Okra, frozen
1/8 tsp Gumbo file (seasoning)
Directions:
Add the brown roux from step 1 to the 2 gallon sauce pan.
Add in small amounts mixing to prevent lumps.
Reduce the heat and cook for 5 minutes.
Add the tomatoes, green onions, okra, and Gumbo File.
1/4 Cup Celery, diced
1/4 Cup Green peppers, diced
1/4 Cup Onion, Chopped
3 tbsp Garlic, Chopped
1/8 tsp Bay leaves, ground
1/8 tsp Thyme leaves, dry
1/8 tsp Oregano, dry
1/4 tsp Onion powder
1 Gal Water
2 oz Chicken base
Directions:
In a 2 gallon sauce pan, heat the oil and lightly sauté the vegetables and herbs.
Next add onion powder.
Then add the sautéed meats from step 2, water, and chicken base.
Bring to a boil.
Step 4: Gumbo
Ingredients:
1/4 Cup Tomatoes, diced
2 tbsp Green onion, diced
3 oz Okra, frozen
1/8 tsp Gumbo file (seasoning)
Directions:
Add the brown roux from step 1 to the 2 gallon sauce pan.
Add in small amounts mixing to prevent lumps.
Reduce the heat and cook for 5 minutes.
Add the tomatoes, green onions, okra, and Gumbo File.
The Original Recipe
I am going to outline the first steps of cord cutting for my mother in-law. She is pretty tech savvy but does worry about stuff not working, so what we put in place better work. I will go over the service we are looking to replace and see how far we get. I will actively update this post with status and well see how it goes.
Currently she has a triple play package, VOIP phone, Internet, and Cable TV. She is currently using the ISP modem so right off the top getting rid of that will save $10.00 a month. Also she recently moved to a different area and wanted to keep her original phone number from the 80s. Unfortunately she was unable to transfer it so we hacked together a plan to port her original number to a pay as you go mobile phone. Then from her mobile phone port the number to google voice. I should do a blog post about it because it was quit an adventure.
First step testing the VOIP replacement:
The Device: I set up an OBI device to connect her google voice number and her telephone lines in her house. Here is the one I am going to get her. OBi200 1-Port VoIP Phone Adapter
Since we set up here google voice under her gmail account setting up the OBI is super straight forward. Also now she can use here original phone number again. Cost Savings: Yet to be seen she is under contract for the Triple Play, once that expires we will re negotiate with the ISP.
Outcome: Good so far, one issue we ran into was the phone not ringing. I think it is a setting in google voice to ring the google chat account I will let you know what the outcome is.
Next step will be replacing the Modem:
The Device: Currently she has the ISP rented modem with built in wireless. We disabled the built in wireless but it still advertises the ISP's SSID. The modem is also the digital to analog converter for her VOIP service. This is why we are testing to make sure the OBI is a viable solution before we return the rented ISP modem. We are going to buy a ARRIS SURFboard SB6183 DOCSIS 3.0 Cable Modem
. I think she will get even better throughput with the Arris modem then the ISP rented modem.Cost Savings: The modem is $80.00 and her modem rental fee is $10.00 a months so in 8 months her modem would be paid off, and once paid off she will be saving $120.00 a year.
Outcome: Yet to be seen.
The final and most difficult hurdle:
The Device: Cable television will be the most difficult replacement. My mother in-law is an avid TV watcher and DVR master, but she hates the offered DVR menu and management. So I am looking for a solution. I don't think services like Hulu, Sling, or direct TV are mature enough to replace cable tv. Netflix and Hulu are great but don't offer the shows she watches in a format she is used to. So for now we will wait and see. I might look into the Tivo and a cable card, this might give her a better management interface, but may not be cost effective.
Cost Savings: Tivo Bolt 1TB $300.00 one time cost. Monthly service is $12.50 a month if you buy is per year. From the cable provider you get a free cable card and a $2.50 credit every month. You could also drop the equipment rental and DVR fees yet to be seen how much those are.
Stay tuned for updates and more fun.