Hacker Summer Camp on System Overlord

Returning to Hacker Summer Camp

david@systemoverlord.com (David Tomaschik) — Wed, 20 Jul 2022 00:00:00 +0000

It’s that time of year again – Hacker Summer Camp. (Hacker Summer Camp is the ~weeklong period where several of the largest hacker/information security conferences take place in Las Vegas, NV, including DEF CON and Black Hat USA.) This will be the 3rd year in a row where it takes place under the spectre of a worldwide pandemic, and the first one to be fully in-person again. BSidesLV has returned to in-person, DEF CON is in-person only, Black Hat will be in full swing, and Ringzer0 will be offerring in-person trainings. It’s almost enough to forget there’s still an ongoing pandemic.

I did attend last year’s hybrid DEF CON in person, and I’ve been around a few times, so I wanted to share a few tidbits, especially for first timers. Hopefully it’s useful to some of you.

Hacker Summer Camp 2019: The DEF CON Data Duplication Village

david@systemoverlord.com (David Tomaschik) — Thu, 05 Sep 2019 00:00:00 +0000

One last post from Summer Camp this year (it’s been a busy month!) – this one about the “Data Duplication Village” at DEF CON. In addition to talks, the Data Duplication Village offers an opportunity to get your hands on the highest quality hacker bits – that is, copies of somewhere between 15 and 18TB of data spread across 3 6TB hard drives.

I’d been curious about the DDV for a couple of years, but never participated before. I decided to change that when I saw 6TB Ironwolf NAS drives on sale a few weeks before DEF CON. I wasn’t quite sure what to expect, as the description provided by the DDV is a little bit sparse:

Hacker Summer Camp 2019: CTFs for Fun & Profit

david@systemoverlord.com (David Tomaschik) — Mon, 19 Aug 2019 00:00:00 +0000

Okay, I’m back from Summer Camp and have caught up (slightly) on life. I had the privilege of giving a talk at BSidesLV entitled “CTFs for Fun and Profit: Playing Games to Build Your Skills.” I wanted to post a quick link to my slides and talk about the IoT CTF I had the chance to play.

I played in the IoT Village CTF at DEF CON, which was interesting because it uses real-world devices with real-world vulnerabilities instead of the typical made-up challenges in a CTF. On the other hand, I’m a little disappointed that it seems pretty similar (maybe even the same) year-to-year, not providing much variety or new learning experiences if you’ve played before.

Hacker Summer Camp 2019: What I'm Bringing & Protecting Yourself

david@systemoverlord.com (David Tomaschik) — Sat, 27 Jul 2019 00:00:00 +0000

I’ve begun to think about what I’ll take to Hacker Summer Camp this year, and I thought I’d share some of it as part of my Hacker Summer Camp blog post series. I hope it will be useful to veterans, but particularly to first timers who might have no idea what to expect – as that’s how I felt my first time.

Since it’s gotten so close, I’ll also talk about what steps you should take to protect yourself.

Hacker Summer Camp 2019 Preview

david@systemoverlord.com (David Tomaschik) — Thu, 02 May 2019 00:00:00 +0000

Every year, I try to distill some of the changes, events, and information surrounding the big week of computer security conferences in Las Vegas. This week, including Black Hat, BSides Las Vegas, and DEF CON, is what some refer to as “Hacker Summer Camp” and is likely the largest gathering of computer security professionals and hackers each year.

Hacker Summer Camp 2018: Wrap-Up

david@systemoverlord.com (David Tomaschik) — Sat, 25 Aug 2018 00:00:00 +0000

I meant to write this post much closer to the end of Hacker Summer Camp, but to be honest, I’ve been completely swamped with getting back into the thick of things. However, I kept feeling like things were “unfinished”, so I thought I’d throw together at least a few thoughts from this year.

BSides Las Vegas

I can’t say much about BSides as a whole this year, as I spent the entire time Gold Teaming for Pros vs Joes CTF. (Gold Team is responsible for running the game infrastructure, scoreboard, etc.) It was a great experience to be on Gold Team, but I do miss having a team to support and educate. Overall, the CTF went fairly well, but there were a few bumps that I hope we can avoid next year.

Attacker Community DEF CON 26 Badge

david@systemoverlord.com (David Tomaschik) — Thu, 02 Aug 2018 00:00:00 +0000

I’ve spent an unhealthy amount of time over the past 6 months or so participating in the craze that is #badgelife. This year, I built badges for my Security Research Group/CTF Team: Attacker Community. (Because community is important when you’re attacking things.) Like last year, all of my badges were designed, assembled, and programmed by me. There are 24 badges this year, each featuring 8 characters of 14-segment display goodness and bluetooth connectivity. I may not be one of the big names in #badgelife, but if you just make some badges for your friends, there’s a lot less pressure in case something comes up.

Hacker Summer Camp 2018: Cyberwar?

david@systemoverlord.com (David Tomaschik) — Thu, 19 Jul 2018 00:00:00 +0000

I actually thought I was done with the pre-con portion of my Hacker Summer Camp blog post series, but it turns out that people wanted to know more about “the most dangerous network in the world”. Specifically, I got questions about how to protect yourself in this hostile environment, like whether people should bring a burner device, how to avoid getting hacked, what to do after the con, etc.

The Network

So, is it “the most dangerous network in the world”? Well, there’s probably some truth to that in the sense that in terms of density of threats, it’s likely fairly high. In terms of sheer volume of threats, the open internet is obviously going to be a leader.

Hacker Summer Camp 2018: Last Minute Tips

david@systemoverlord.com (David Tomaschik) — Sun, 15 Jul 2018 00:00:00 +0000

This is an update to my planning guide as we get closer to Hacker Summer Camp. (We’re down to about 3 weeks now!)

Planning Your Time

Schedules and details for events have begun to be released. For example, we have:

BSides Las Vegas Schedule
DEF CON 26 Speaker List (No schedule yet!)
DEF CON 26 Villages
DEF CON 26 Demo Labs

It’s time to take a look at the lists of events and times and start making your “must do” list. Resist the temptation to try to plan every minute – first, you won’t be able to stick to it, and secondly, you’ll feel like it doesn’t leave you time for spur of the moment events. There will be conversations you want to have, people you want to meet, or unscheduled activities you want to check out.

Hacker Summer Camp 2018: Prep Guide

david@systemoverlord.com (David Tomaschik) — Sat, 26 May 2018 00:00:00 +0000

For those unfamiliar with the term, Hacker Summer Camp is the combination of DEF CON, Black Hat USA, and BSides Las Vegas that takes place in the hot Las Vegas sun every summer, along with all the associated parties and side events. It’s the largest gathering of hackers, information security professionals and enthusiasts, and has been growing for 25 years. In this post, I’ll present my views on how to get the most out of your 2018 trip to the desert, along with tips & points from some of my friends.

Hacker Summer Camp 2017: Lessons Learned

david@systemoverlord.com (David Tomaschik) — Mon, 07 Aug 2017 00:00:00 +0000

In addition to taking stock of how things went at Hacker Summer Camp, I think it’s important to examine the lessons learned from the event. Some of these lessons will be introspective and reflect on myself and my career, but I think it’s important to share these to encourage others to also reflect on what they want and where they’re going.

Introspections

It’s still incredibly important to me to be doing hands-on technical work. I do a lot of other things, and they may have significant impact, but I can’t imagine taking a purely leadership/organizational role. I wouldn’t be happy, and unhappy people are not productive people. Finding vulnerabilities, doing technical research, building tools, are all areas that make me excited to be in this field and to continue to be in this field.

Hacker Summer Camp 2017: DEF CON

david@systemoverlord.com (David Tomaschik) — Sat, 05 Aug 2017 00:00:00 +0000

DEF CON, of course, is the main event of Hacker Summer Camp for me. It’s the largest gathering of hackers in the world, and it’s the only opportunity I get to see some of the people I know in the industry. It’s also the most hands-on of all of the conferences I’ve ever attended, and the people running the villages clearly know their stuff and are super passionate about their area. Nowhere do I see so much raw talent and excitement for the hacker spirit as at DEF CON.

Hacker Summer Camp 2017: Pros vs Joes CTF

david@systemoverlord.com (David Tomaschik) — Mon, 31 Jul 2017 00:00:00 +0000

I’ve returned from this year’s edition of Hacker Summer Camp, and while I’m completely and utterly exhausted, I wanted to get my thoughts about this year’s events out before I completely forget what happened.

The Pros vs Joes CTF was, yet again, a high quality event despite the usual bumps and twists. This was the largest PvJ ever, with more than 80 people involved between Blue Pros, Blue Joes, Red Cell, Grey Cell, and Gold Cell. Each blue team had 11 players between the two Pros and 9 Joes, making them slightly larger than in years past. (Though I believe that’s a temporary “feature” of this year’s game.)

Hacker Summer Camp 2017: XXV Badge

david@systemoverlord.com (David Tomaschik) — Mon, 31 Jul 2017 00:00:00 +0000

In my post the Many Badges of DEF CON 25 I may have not-so-subtly hinted that there was something I was working on. While none of the ones I listed were created in response to the announcement that DEF CON had been forced to switch to “Plan B” with their badges, mine more or less was. Ever since I saw the Queercon badge in 2015, I’d had the idea to create my own electronic badge, but the announcement spurred me on to action.

Hacker Summer Camp 2017 Planning Guide

david@systemoverlord.com (David Tomaschik) — Tue, 18 Jul 2017 00:00:00 +0000

My hacker summer camp planning posts are among the most-viewed on my blog, and I was recently reminded I hadn’t done one for 2017 yet, despite it being just around the corner!

Though many tips will be similar, feel free to check out the two posts from last year as well:

If you don’t know, Hacker Summer Camp is a nickname for 3 information security conferences in one week in Las Vegas every July/August. This includes Black Hat, BSides Las Vegas, and DEF CON.

HSC Part 2: Pros versus Joes CTF

david@systemoverlord.com (David Tomaschik) — Wed, 10 Aug 2016 00:00:00 +0000

Continuing my Hacker Summer Camp Series, I’m going to talk about one of my Hacker Summer Camp traditions. That’s right, it’s the Pros versus Joes CTF at BSidesLV. I’ve written about my experiences and even a player’s guide before, but this was my first year as a Pro, captaining a blue team (The SYNdicate).

It’s important to me to start by congratulating all of the Joes – this is an intense two days, and your pushing through it is a feat in and of itself. In past years, we had players burn out early, but I’m proud to say that nearly all of the Joes (from every team) worked hard until the final scorched earth. Every one of the players on my team was outstanding and worked their ass off for this CTF, and it paid off, as The SYNdicate was declared the victors of the 2016 BSides LV Pros versus Joes.

HSC Part 3: DEF CON

david@systemoverlord.com (David Tomaschik) — Wed, 10 Aug 2016 00:00:00 +0000

This is the 3rd, and final, post in my Hacker Summer Camp 2016 series. Part 1 covered my class at Black Hat, and Part 2 the 2016 BSidesLV Pros versus Joes CTF. Now it’s time to talk about the capstone of the week: DEF CON.

DEF CON is the world’s largest (but not oldest) Hacker conference. This year was the biggest yet, with Dark Tangent stating that they produced 22,000 lanyards – and ran out of lanyards. That’s a lot of attendees. It covered both the Paris and Bally’s conference areas, and that still didn’t feel like enough.

HSC Part 1: Hardware Hacking with the Hardsploit Framework

david@systemoverlord.com (David Tomaschik) — Tue, 09 Aug 2016 00:00:00 +0000

Just returned from Hacker Summer Camp (Black Hat, BSides LV, DEF CON) and I’m exhausted. 10 days in Las Vegas is a lot of Las Vegas, even if you don’t spend a lot of time at the slot machines, table games, and shows.

My week started off with a training class at Black Hat: Hardware Hacking with the Hardsploit Framework taught by a couple of guys who clearly knew their hardware. I’ve previously taken Xipiter’s Software Exploitation via Hardware Exploitation, which helped with some of the basic concepts, but the two classes were definitely complimentary. SexViaHex predominantly focused on dumping firmware from embedded microcomputers (that is, they had a kernel, typically Linux, and were running applications on them) and analyzing them for exploitable software vulnerabilities (mostly memory corruption-esque issues). HH with Hardsploit, on the other hand, mostly focused on microcontroller-based embedded devices. This was much more a class of dumping flash to locate stored secrets, understanding the hardware of the device, and working from there.