skip to main content

DEF CON Hacking Conference

Home

Link roundup image

Welcome to the DC Groups Blog!

Look here for guest bloggers - one of those bloggers can be you! Submit a contribution to this page. Contributions will be moderated, Submit blogs looking for commentary, introductions to certain fields of InfoSec or hacking that others may find interesting. The only limits are your imagination and word count. See DCG University to submit more technical content.






@aprilwright

Link roundup image

How To Determine Your New DEF CON Group's Number

August 25, 2018 by April Wright

One of the most frequently asked questions and concerns for new DCGs is in regards to naming of their group.

We HIGHLY RECOMMEND that you do not: buy domain names, register social media handles, or create branding until your group is listed on the website.

This recommendation extends past receiving the email from us stating that a request has been made to add your group to the website. The "request to be added" email is NOT final confirmation of establishment of your group. Only being on the website is confirmation.

This post is intended to help new group leaders avoid spending time, effort, and/or money on branding that may need to be changed later.

HERE'S WHY YOU SHOULD WAIT TO BRAND YOUR GROUP

As new groups form, we have to evaluate the naming convention of the group for accuracy and fit within the numbering and naming system rules.

It is not fun for us to have to tell a new group leader (who has already registered a Twitter account, bought a domain name, and designed a logo) that the name they assumed they would have e.g. DC111 is really going to be DC112345! It unfortunately happens all the time, and can cause disappointment, so we want to prevent that.

We do not want you to go through any unnecessary work or spend any money on domain names only to have to change them!

In addition, sometimes the Signaler who answers the dcgroups emails will ask for the group to be added to the site, send you a notification as such, and a secondary check by the larger team will determine that the name needs to be changed.

It is therefore advisable to wait until your group is *officially listed on the site* before doing anything that may cost money or confuse your community.

We can make changes to your listing after you're officially an organized DEF CON Group, but you cannot get your money back from a domain name you purchased that is no longer appropriate!

DEF CON GROUPS: NUMBERING CONVENTIONS

Many groups want to choose their own name. We get lots of requests for DC0101010101 or DC042...

The reality is that group names are based on telephone dialing codes, as dialed from the USA. This is to make sure group names are unique. If we have two DC123 groups, and one is in the USA and one is in Antarctica, that would be very confusing.

The International Telecommunication Union (ITU) has established a comprehensive numbering plan, designated E.164, for uniform interoperability of the networks of its member state or regional administrations. It is an open numbering plan, however, imposing a maximum length of 15 digits to telephone numbers. The standard defines a country calling code (country code) for each state or region which is prefixed to each national numbering plan telephone number for international destination routing. You can read more about this here: https://en.wikipedia.org/wiki/Telephone_numbering_plan

The general rules for dialing internationally are:

For calls to most countries, this means: 011 + country code + phone number

For calls to countries within the North American Numbering Plan, this means: 1 + area code + 7 digit local number, same as dialing a US state to state call

So, if I dial 1-312-555-5555 to reach Chicago Illinois USA, the Chicago DC # would be DC312.North America uses non-overlapping area codes, so if I were to dial Edmonton, Canada from the US, I would dial 1-780-555-5555. 780 does not exist as an area code within the US. Since there is no 780 area code within the USA, 780 is unique. Edmonton would be DC780. There is no other DC780 other than Edmonton.

The confusion really starts with international groups outside North America. This is because of Country Codes and sometimes City Codes being required in addition to area codes.

Let's look at an example. 816 is an area code used to dial Missouri, USA. 81 is ALSO the international code to dial Japan and 6 is the local area or city code to dial Osaka (i.e. 816). Therefore, by preceding Osaka's 816 dialing code with the international dialing prefix 11, we get DC11816. This makes it clear that it is the Osaka group, and not a Missouri group.

If you want, you can search here - Choose "United States" as the source, enter your country, scroll down to find your city, and you can then figure out your dialing code (this is what we do) https://countrycode.org/japan

DEF CON GROUPS: NAMING CONVENTIONS FOR ADDITIONAL GROUPS IN THE SAME AREA

For a variety of reasons, a second group within a city/country may be desired by local hackers.

If you want to start a group in Shanghai, and there is another group in Beijing, or if you want to start a group in Brugges (113250) and there is already a group in Brussels (11322), you do not have a problem. They are geographically diverse, and have different dialing codes.

However, some cities and countries only have one dialing code, e.g. Luxembourg is 11352. If a second Luxembourg group were created, the first / original group that was formed would remain DC11352, and the secondary group would be DC11352-A, any third group would be called DC11352-B, et al. Sure, three DEF CON groups in Luxembourg may seem silly, but it's just an example :)

Sometimes a group already exists within a single city, for example, Chicago DC312. Chicago is a large city, and there are also student groups on-campus vs public groups.

In this case, if there is a secondary area code, that can be used. For example, Chicago has an area code of 312 and another area code of 773. Group leaders can apply as DC773 when there is already a DC312, or they can choose to be DC312-A, as the dialing codes overlap.

SUMMARY AND CLOSING

We admire your go-getter attitude in that you want to have the website and social media accounts ready to go when you apply to be a group, but doing so is not always in your best interest.

If you are an international group, we recommend waiting to register or purchase anything with the name of your group until your group name is confirmed by us.

Remember: You can send us an update request at any time to keep your info current, add social media, links, etc. We love to hear about what you're working on and keeping the site updated with fresh content from the groups.

Please DO NOT HESITATE to contact us with any questions - we are here to help!!!

@v3rtig0

Link roundup image

Russr Interviews DCG Ambassador Jayson Street!

December 8, 2015 by Russr (v3rtig0)

I would dare say that everyone in the hacker world has a reason for being here. Some of us backed into this world, starting with the technology when it (and we) were still young. Others have grown up in a world that already had high speed Internet, and computers that didn’t need add on cards for decent graphics and audio (anyone remember the Sound Blaster?).

But there’s one individual in our scene that has made a name for himself, less for his technical knowledge, and more for his ability to make people uncomfortable and/or making them smile. And though he can often be a divisive topic to many hackers, there’s no ignoring the indelible impression he’s made in hackerdom. His name is Jayson E. Street, one of our world’s biggest hacker cheerleaders, and one of the current faces for the DEF CON Groups. In this interview, I hope to learn more about the hacker that hides behind those obnoxious minion yellow onesie pajamas.

Hey Jayson. How are you?

Doing great though a little nervous ;-)

So, let’s start with the obvious, and get it out of the way, early. What’s up with all the awkward hug encounters? I mean, what’s your motivation?

My infamous “Awkward Hugs” originated in 2011 when a great friend and fellow hacker was going through a tough time due to a medical issue, and had to cancel her trip to DEF CON. I started the hugs in her honor, to let her know her friends at the conference were thinking of and missing her. I gave out my hugs of which there were three varieties: regular, ambush and awkward at Black Hat and posted them on Twitter for her. Everybody enjoyed (ok tolerated) them but most importantly she loved them so it was a great success! Fast forward to BSides Dallas later that year, another friend and colleague was facing cancer treatments and couldn’t attend. Awkward hugs (everyone’s favorite variety) were given out during the show on her behalf. It was there I discovered that they really helped to break the ice, tear down social barriers, spark new conversations and friendships, lighten the tone, and most important, spread happiness. I love seeing people who may not have approached me come up and ask for an Awkward Hug! Even better is when they stay around to talk have a conversation! So after BSidesDFW it just really took off from there. And the rest is history!

I understand you really want to make some of the great minds in the hacker world accessible to a larger audience, but many hackers aren’t known for their extroverted or “huggy” nature. Don’t you think you might actually be alienating those folks, and making it even more difficult for them to feel at home in the hacker world?

It’s true that we hackers aren’t known as “huggers” – but since I started Awkward Hugs, I’ve found that these simple gestures have played a role in connecting people in this community. And let’s be clear – though I’ve become known as the “Awkward Hugger,” I respect boundaries and would never give out hugs unsolicited to people who don’t know me or who prefer not to participate: there is always mutual consent. My fellow conference attendees are totally in control, not the other way around. If someone wants to hug, we hug. If that person doesn’t want to publish the picture of said hug, they don’t (I usually take photos with the other person’s phone to give them the choice). There are GREAT Hackers out there who have always been approachable! You have Adam Laurie taking the time to talk to some weird noob at DEF CON 13 (I’m not sure I’d still be around if it wasn’t for him taking the time to talk to and encourage me). Look at Egyp7 chilling out with anyone who would like to play a nice game of chess. Look at HD, FX, DT, Raven, v3rtig0, Kaminsky and so many others who always seem to have time to talk to anybody who says hi. So you don’t have to give out hugs (Awkward or otherwise) to be approachable. I really hate talking about my personal self, I prefer to hide behind my mask of silliness. I must admit I do get anxious when I’m around a lot of people. I help cope with it by being “Jayson the Awkward Hugger” doesn’t really make much sense to me so I don’t expect anyone else to understand it. I love meeting new people and more importantly helping others so I do it that way. I challenge everyone to be more approachable to new conversations and others. I expect them to do it whichever way that works for them though! There is no wrong way!

My final note on this is the last thing I want to do is alienate people with my hugs. It comes down to this: giving hugs has helped me to put myself out there, meet new people and engage in new experiences. To hug or not to hug isn’t the question! The question is how you can reach out to others outside of and in your community. To help make things better and more secure for everyone!

If someone were to look at your social presence, and the activities you’re most known for, we wouldn’t see much related to technology or hacking. Since it’s still kind of a mystery to most, can you start by explaining what you do in your real life, work-wise?

As Pwnie Express’ Infosec Ranger, I serve as a key liaison between Red Teams and Blue Teams. That seems vague and it is. Though the best way to describe my function at Pwnie is to say I help create that outreach to the enterprise about the benefits of the defensive offerings that Pwnie provides. All the while letting the hackers know we are keeping on the cutting edge of Red Team technology! My other job is working on the Blue Team side. I started at that job over 12 years ago. Helping to create a defensible, adaptive and secure network infrastructure. Striving to mitigate as much risk as I can and helping the business units handle the risk left over. While I can’t share specifics about the work I do for them, I can say that I’ve really found my niche and am thrilled at the awesome projects I get to spearhead. I tackle all of my projects with a hacker mentality – for example, this is the structure I want to build, now how many ways can I find to break in to it?

What many people don’t know about me is that I started my career on the Blue Team side over 25 years ago in physical security and law enforcement – which was great… until I got tired of getting shot at. I got involved on the IT side and quickly became enamored with melding my two passions – computing and security – together. The reason why I don’t talk about my Blue Team perspectives and experiences is because, frankly, it’s not considered sexy by most. People attending hacker conferences primarily want to hear about breaking things – not fixing them. (This was told to me in 2006 after sharing a Blue Team related talk idea) Though that is slowly starting to change as Blue Team work becomes more intriguing I hope to see even more acceptance to one of the most underrated but technically challenging fields out there the art of effective defense!

Do you do much in the way of hacking, as a hobby, or side project?

I think of a hobby as something you do for fun and relaxation. So I’d consider 3D printing my hobby. For me, hacking goes far beyond “hobby status” – it’s a part of who I am. It’s how I view and analyze the world – both professionally and personally. That said, I’m always reading about and experimenting with new personal hacking projects to continuously hone my skills – for example, I’ve created an entire VMware network at home that I’m constantly tinkering with. I use that as my staging ground when new tools are announced or new vulnerabilities are discovered. I call my room in my house the ‘Lab’ because in all seriousness it is! I use it to study, to create, break and learn in!

Why don’t you ever speak about more technical topics?

I consider myself a “jack of all trades, master of none.” I have a high school GED. I never went to college. Some of my earliest memories were of being told I was no good and stupid. Most people told me if I lived long enough to grow up they expected me to end up in jail. So right from the get go I felt I had little worth or value to add from the more technical side. I feel so fortunate to have found the right path and to be embraced by this community. Because of this, I’ve had the opportunity to travel around the world, and have listened to, worked with and learned from so many brilliant, technically minded people. I prefer for them to speak on these topics. Because honestly I don’t think I have that much to offer except ideas and new ways at looking at things. I do feel I’m sorta good at always being able to look at a problem from multiple perspectives while also looking for the worst case scenario. I have helped quite a few people behind the scenes on the creation of tools, new research and refining new talks. I’ve never felt comfortable talking about that and asked them not to either. Mainly because I don’t think I could handle the scrutiny and the anxiety it would create by being judged harshly again. I’d rather act the part of the fool then represent myself as knowledgeable and be labeled one!

As you travel around the world, speaking at a variety of conferences, you’ve become a popular voice for the hacker world. More recently, you’ve been added to a small population of folks that have driven the DEF CON Group project. What are your personal goals, related to the evolution of the DCGs?

One of my greatest professional honors to-date was being selected as DEF CON Group’s Global Coordinator. My goal for this project is to continue to evolve and connect our global network of local groups into a powerful, global unified force. By breaking down siloes and banding together, we can make our global community better through education and collaboration. I look forward to the day when DEF CON Houston works side-by-side with DEF CON London and DEF CON Rio working with Beijing! The key is recognizing the big picture and doing truly meaningful and important work for the greater good. Not just in their local communities but wherever their efforts can help!

Do you have a long term plan or goal for the DCGs? Where would you like to see them, say, in 5 years?

In five years, I hope to see active DCG participation at the local community level – from giving school lectures to playing an active role in search and rescue efforts in the wake of natural disasters (i.e. responding with drone recovery and recon, 3D printing necessary supplies, etc.) I also want to see us as a recognized organization that is providing a positive impact around the world!

What’s the most surprising thing you’ve come to learn from your short time in the DCG world?

I’ve been blown away by the effort, innovation and progress of DCG groups around the globe. Almost every week there is a new group starting up or someone reaching out to find one near them. I’m continuously impressed and amazed at the talented, passionate people who make up this community. I feel more like the guy who gathers a room full of talented people together and then sits back and watches the magic happen! These leaps forward you’ve seen with the relaunch of the DCG has had very little to do with me and everything to do with the amazing team working day in and day out to make this a success! I’m so lucky to be a part of it.

Finally, what do you hope to have achieved, personally, in 10 years?

It’s sorta weird to say this but I’m really happy where I am today. I’ve been blessed more than I deserve or can ever repay. I hope that in 10 years I can look back content with what I’ve done to be where I’m at. I will always see myself as a flawed creation and always a half step away from being a complete failure. So my only true goal is to never stop working to become a better father, husband, hacker and human. Not just in 10 year time frame but for all the years I have left.

Thanks for the time, Jayson. I appreciate it, and I hope it gives readers a better idea of who you really are.

@v3rtig0

Link roundup image

The Birth of the DEF CON Groups

July 21, 2015 by Russr (v3rtig0)

The concept of the groups first came to life, right after DEF CON 10, in 2002. We had seen an increase in attendance numbers for the conference, a shift in the knowledge level of many attendees, and a decided lack of sources where attendees could go, after the con, to learn more. In fact, it was about this time that we saw our first strollers at the conference, which was a bit of a culture shock for many of us, as well. The hacker community was just starting to grow up.

As attendance grew at the conference, we saw a smaller contingent of attendees coming and sharing incredible work, and more attendees coming to learn these concepts from the hacking world. It was never a lack of interest by our attendees; it was a lack of knowledge. The old school hackers were still around, but they quickly became a tiny minority to the number of people we had at the conference. What could we do, as DEF CON, to encourage continued research, teaching, and learning, not just at the conference, but also around the globe? In essence, how do we encourage the growth of the next generation of hackers and researchers?

I approached DT with the concept of creating the DEF CON Groups in the fall of 2002, with the concepts of sponsoring the learning, hacking, and experimentation process, around the world. Initially, we were mostly concerned with using the brand of DEF CON to help these groups form. After several more extended conversations, DT and the rest of our planning team approved of the idea, and we began laying out the plans for introducing the concept at DC11.

The first groups were formed in 2003, with the first DCG being in Colorado Springs. I chose Colorado Springs because I’m here, and could use it as a test bed for the initial rollout of the groups. The remainder of those first 14 groups began in the July/August timeframe, right around DEF CON. Many of the original organizers or these groups were heavily involved in the conference, and believed in the idea of these groups. In fact, you can still find these groups as active components of the DCG world, and listed on the DEF CON website.

Giving birth to a new DCG isn’t all that difficult, actually. It normally only takes a few friends, with some ideas for learning and research. We realized in those early years that the real trick was keeping the group alive, and focused, once it was created. We’ve learned that ideas can be exchanged between groups, providing more fodder for learning and research. In some cases, multiple groups have worked together toward a common goal. In some cases, it works to have a benevolent dictator model, for running the group. This is normally someone that has a lot of time they’re interested in investing in the group. More commonly, though, we’ve found that a group is easier to manage, and can be more successful, if there is a team of trusted and like minded individuals, helping keep the group alive and growing.

It’s my personal hope that these groups will continue growing, researching, and creating. Anyone can start a group, in any city around the world. In larger cities, there have been cases where multiple groups are created, to help cover the geographical area. For me, the research and the learning is a vital part of being alive. Hackers thrive on learning more. Without that desire to learn and create, we cease to be hackers. The DCGs can provide a basis for these things, and the entire program evolves as new groups and new individuals bring forward their own ideas and creativity.

-Russr (v3rtig0)

I want to thank the people that helped create this program, because this was much bigger than any one hacker could create alone. Thank you to noid, Grifter, h3adrush, bree, madhat, syntax, magictao, RayTodd, Agent X, Major Malfunction, Irvine Underground, sn8kebyte, DT, and all the others I may have forgotten.