Defcon / BSides Preparation Guide
Updated for 2015
I added some new info and I want to link to this great guide by JK-47 that covers a lot of things I forgot to talk about relating to meeting new folks and having fun at these cons! Basically be open to new ideas, don't be an ass, don't be an elitist; you are not Mr. Robot. Talk to people every day, and go do something new and exciting that you haven't done before! Ask questions, and learn something new.
Intro
I am writing this since this year I have some new friends who are coming out to Defcon / BSides and I thought I would put up a guide to going to one of these cons. This is by no means the single list to prevent getting pwned. Its just some tips and a good starting point.
Black Hat / BSides / Defcon are computer security conferences that happen back to back over one week in Las Vegas. BSides / Defcon in particular are great cons to check out for anyone interested in security, hacking, technology, or electronics. There are talks aimed at all skill levels from beginners to really advanced. There are lots of hands on “villages” to learn new things such as the hardware hacking village, lock picking village, tamper evident village, and more. Also there are tons of fun parties and shows to network at, meet new people, or just talk and learn something new.
Bsides Schedule: http://www.bsideslv.org/schedule/
DC Schedule: https://www.defcon.org/html/defcon-23/dc-23-schedule.html
Defcon Parties Calander
Mental Security
When attending DefCon consider yourself in a hostile information environment. Its a fun con, but remember to be careful about what you talk about. Don’t tell anyone your birthday, first highschool, mothers maiden name, etc. People can be good a social engineering your account recovery info out of you, especially if you have had a few drinks at a party.
Don’t talk about anything your boss or IT security person wouldn’t want you talking about.
If I do meet someone who is cool and I want to get in touch, I bring personal cards with me that just have my twitter handle to hand out. That way people can contact you after the con.
Physical Security
Always keep an eye on your laptop and bag. Don’t leave them unattended.
Use ATMs at the hotel at your own risk. Bring some cash. Keep track of your wallet.
Computer & Phone Security
First off make sure before the con to backup your laptop and phone. Assume they could either be physically stolen, or that the data could be compromised or deleted.
Next make sure to install all the latest OS and Phone / App updates. Make sure everything is patched. Turn off any apps that sync data over a network automatically. Turn off Bluetooth / NFC and leave them off. Keep wifi off. USE A VPN at all times! Private Internet Access rocks.
Install a firewall on your devices and block all incoming ports. Disable UPnP. Turn off Bluetooth.
Make sure your browser is patched and up to date. Install plugins like No-Script / HTTPS everywhere / KB SSL Enforcer. Disable any other plugins you don’t need or use.
Disable bluetooth / NFC on your phone and laptop!
Disable auto connect to WiFi hotspots. In fact keep WiFi off unless you absolutely need it. The open DC Wi-Fi network is a warzone. Do not connect to it unless you know what you are doing. The encrypted WiFi can be used if you are brave :)
Turn off all sharing / shared folders on your devices.
Use a phone screen lock code and bios / firmware / boot password on your laptop.
Use a VPN on your computer and phone. I like Private Internet Access which is a paid service. If you don’t have a VPN provider you can use a SSH Proxy to tunnel out of a linux box you have access to (http://www.linuxjournal.com/content/use-ssh-create-http-proxy).
Use the excellent TextSecure / Signal on your phone and have your friends use it as well.
Secure online accounts before you get to DC. Anything you may access at the con make sure you have a good password set. Enable 2-factor authentication if you can. Make sure you are browsing with SSL / HTTPS enabled.
Have a webcam on your laptop? Put a piece of tape over it.
Here is a good guide to securing a Mac. Im still looking for a concise pc guide.
Mac Hardening Guide: http://www.macworld.com/article/2048160/how-the-nsa-snoop-proofs-its-macs.html
Android Hardening Guide: https://wikis.utexas.edu/display/ISO/Google+Android+Hardening+Checklist
iOS Hardening: https://wikis.utexas.edu/display/ISO/Apple+iOS+Hardening+Checklist
PC Hardening Guide:
Finally consider using a bootable linux distro while at the con. Below are some recommended distros and tools to make a bootable usb drive.
Linux Distros:
Kali Linux - http://www.kali.org/ — New “successor” to backtrack. Lots of tools for advanced users
Backtrack Linux - http://www.backtrack-linux.org/ — The old standby for penetration testing. Also for advanced users.
Ubuntu - http://www.ubuntu.com/ — The standard everyday Linux OS.
Linux Mint - http://www.linuxmint.com/ — Ubuntu base with some extra features. Nice OS for all users.
Elementary OS - http://elementaryos.org/ — Beautiful Linux OS. Simple design, great to check out.
How to make a Mac bootable USB linux distro:
http://www.makeuseof.com/tag/how-to-boot-a-linux-live-usb-stick-on-your-mac/
http://sevenbits.github.io/Mac-Linux-USB-Loader/
Make a bootable USB linux distro for your pc:
http://www.makeuseof.com/tag/install-linux-with-ease-using-unetbootin/
What to bring
* Cash -- Defcon is $230 cash only at the door. BSides is free first come fist serve, or if you rent a room there you get 2 badges.
* Notebook / Pen — Sometimes i like to take notes at talks the old fashioned way. Also good to take quick notes if you are working on a challenge / project.
* USB / Phone Chargers / Battery pack — Do not, **DO NOT** plug your phone into any usb cable at the con / airport to charge off of. This is how you get pwned. Bring your own.
* Batteries for your devices.
* Misc Cables / USB drive. Don’t pickup or use any usb drives you find at the con. Bring your own and if anyone else uses it, consider it compromised.
* Soldering Iron / Arduino / Misc electrical projects? — Are you a hardware guy? Bring something to work on to the Hardware hacking village!
* Good comfortable backpack
* Comfortable shoes
* Snacks
* Waterbottle and or Flask
* Asprin
* Multi Vitamins
* Sunscreen
Finally remember to have fun! Talk to people, meet new friends, try and learn something new every day!
I added some new info and I want to link to this great guide by JK-47 that covers a lot of things I forgot to talk about relating to meeting new folks and having fun at these cons! Basically be open to new ideas, don't be an ass, don't be an elitist; you are not Mr. Robot. Talk to people every day, and go do something new and exciting that you haven't done before! Ask questions, and learn something new.
Intro
I am writing this since this year I have some new friends who are coming out to Defcon / BSides and I thought I would put up a guide to going to one of these cons. This is by no means the single list to prevent getting pwned. Its just some tips and a good starting point.
Black Hat / BSides / Defcon are computer security conferences that happen back to back over one week in Las Vegas. BSides / Defcon in particular are great cons to check out for anyone interested in security, hacking, technology, or electronics. There are talks aimed at all skill levels from beginners to really advanced. There are lots of hands on “villages” to learn new things such as the hardware hacking village, lock picking village, tamper evident village, and more. Also there are tons of fun parties and shows to network at, meet new people, or just talk and learn something new.
Bsides Schedule: http://www.bsideslv.org/schedule/
DC Schedule: https://www.defcon.org/html/defcon-23/dc-23-schedule.html
Defcon Parties Calander
Mental Security
When attending DefCon consider yourself in a hostile information environment. Its a fun con, but remember to be careful about what you talk about. Don’t tell anyone your birthday, first highschool, mothers maiden name, etc. People can be good a social engineering your account recovery info out of you, especially if you have had a few drinks at a party.
Don’t talk about anything your boss or IT security person wouldn’t want you talking about.
If I do meet someone who is cool and I want to get in touch, I bring personal cards with me that just have my twitter handle to hand out. That way people can contact you after the con.
Physical Security
Always keep an eye on your laptop and bag. Don’t leave them unattended.
Use ATMs at the hotel at your own risk. Bring some cash. Keep track of your wallet.
Computer & Phone Security
First off make sure before the con to backup your laptop and phone. Assume they could either be physically stolen, or that the data could be compromised or deleted.
Next make sure to install all the latest OS and Phone / App updates. Make sure everything is patched. Turn off any apps that sync data over a network automatically. Turn off Bluetooth / NFC and leave them off. Keep wifi off. USE A VPN at all times! Private Internet Access rocks.
Install a firewall on your devices and block all incoming ports. Disable UPnP. Turn off Bluetooth.
Make sure your browser is patched and up to date. Install plugins like No-Script / HTTPS everywhere / KB SSL Enforcer. Disable any other plugins you don’t need or use.
Disable bluetooth / NFC on your phone and laptop!
Disable auto connect to WiFi hotspots. In fact keep WiFi off unless you absolutely need it. The open DC Wi-Fi network is a warzone. Do not connect to it unless you know what you are doing. The encrypted WiFi can be used if you are brave :)
Turn off all sharing / shared folders on your devices.
Use a phone screen lock code and bios / firmware / boot password on your laptop.
Use a VPN on your computer and phone. I like Private Internet Access which is a paid service. If you don’t have a VPN provider you can use a SSH Proxy to tunnel out of a linux box you have access to (http://www.linuxjournal.com/content/use-ssh-create-http-proxy).
Use the excellent TextSecure / Signal on your phone and have your friends use it as well.
Secure online accounts before you get to DC. Anything you may access at the con make sure you have a good password set. Enable 2-factor authentication if you can. Make sure you are browsing with SSL / HTTPS enabled.
Have a webcam on your laptop? Put a piece of tape over it.
Here is a good guide to securing a Mac. Im still looking for a concise pc guide.
Mac Hardening Guide: http://www.macworld.com/article/2048160/how-the-nsa-snoop-proofs-its-macs.html
Android Hardening Guide: https://wikis.utexas.edu/display/ISO/Google+Android+Hardening+Checklist
iOS Hardening: https://wikis.utexas.edu/display/ISO/Apple+iOS+Hardening+Checklist
PC Hardening Guide:
Finally consider using a bootable linux distro while at the con. Below are some recommended distros and tools to make a bootable usb drive.
Linux Distros:
Kali Linux - http://www.kali.org/ — New “successor” to backtrack. Lots of tools for advanced users
Backtrack Linux - http://www.backtrack-linux.org/ — The old standby for penetration testing. Also for advanced users.
Ubuntu - http://www.ubuntu.com/ — The standard everyday Linux OS.
Linux Mint - http://www.linuxmint.com/ — Ubuntu base with some extra features. Nice OS for all users.
Elementary OS - http://elementaryos.org/ — Beautiful Linux OS. Simple design, great to check out.
How to make a Mac bootable USB linux distro:
http://www.makeuseof.com/tag/how-to-boot-a-linux-live-usb-stick-on-your-mac/
http://sevenbits.github.io/Mac-Linux-USB-Loader/
Make a bootable USB linux distro for your pc:
http://www.makeuseof.com/tag/install-linux-with-ease-using-unetbootin/
What to bring
* Cash -- Defcon is $230 cash only at the door. BSides is free first come fist serve, or if you rent a room there you get 2 badges.
* Notebook / Pen — Sometimes i like to take notes at talks the old fashioned way. Also good to take quick notes if you are working on a challenge / project.
* USB / Phone Chargers / Battery pack — Do not, **DO NOT** plug your phone into any usb cable at the con / airport to charge off of. This is how you get pwned. Bring your own.
* Batteries for your devices.
* Misc Cables / USB drive. Don’t pickup or use any usb drives you find at the con. Bring your own and if anyone else uses it, consider it compromised.
* Soldering Iron / Arduino / Misc electrical projects? — Are you a hardware guy? Bring something to work on to the Hardware hacking village!
* Good comfortable backpack
* Comfortable shoes
* Snacks
* Waterbottle and or Flask
* Asprin
* Multi Vitamins
* Sunscreen
Finally remember to have fun! Talk to people, meet new friends, try and learn something new every day!
Comments
Post a Comment