The DEF CON 30 experience

Aug 26, 2022
Written by Davinsi Labs

Author: Thimo D.

In a continuous effort to increase my levels of knowledge and skill, I attended DEF CON 30 in Las Vegas. This was my first time at DEF CON, and I do hope to go again in the future.

My journey started on Thursday morning. Since I had purchased my ticket online, I didn’t have to experience LineCon. The queue was reasonable, and I soon had my badge in hand.

Def Con Reception Moment

The scale of DEF CON is something I’ve never experienced before. The size of the multiple venues was astonishing, and I quickly learned that you need to factor in the walking time between the different locations. At first it was hard to find my way, but luckily there were plenty of Goons (staff) available to ask for directions.

Thimo at DEF CON 30

In the afternoon I followed the "House of Heap Exploitation" workshop, which was a hands-on experience regarding heap exploitation of glibc Malloc.

Friday the conference really started. Hard decisions on which talks to see had to be made.

In the morning I opted for three DEF CON official talks. Starting with "Computer Hacks in the Russia-Ukraine war". Kenneth Geers presented an information packed summary on the cyberwar that is waged by both sides of the conflict.

Next up and on a more humorous note; "OopsSec - The bad, the worst and the ugly of APT's operations" by Tomer Bar. Scores were given based on the severity and stupidity of APT's operational blunders.

During lunchbreak I headed over to the Social Engineering village, which introduced a new segment, where volunteers from the audience could try their hand at cold-calling. Each contestant was given 5 minutes to achieve several objectives such as retrieving information about the Wi-Fi network credentials, and the target's physical security measures.

DEF CON official talks

After the lunch break Thijs Alkemade presented his research. Using process injection he managed to break out of the sandbox, as well as elevate permissions and achieve SIP bypass. The vulnerability lies in the saved-state feature that allows it to reopen your open apps and documents after a reboot. By modifying this saved-state data, a deserialisation attack is possible.

To end the day, I learned about bypassing and (ab)using elevator controls in the Physical Security Village. Several interesting scenarios were presented where a red-teamer could use special elevator controls to gain access to restricted floors, or even escape from security.

Bypassing and (ab)using elevator controls in the Physical Security Village

Besides talks there were also plenty of villages.

The car hacking village gives everyone an opportunity to experiment with real hardware, which otherwise might not be readily available.

car hacking village

The Defense Digital Service branch of the military was also present, and they brought gadgets!

Defense Digital Service branch of the military

Saturday started off with a panel about right to repair, featuring Louis Rossmann. They are fighting the concerning trend where consumers are no longer able or even allowed to repair their own devices. For example: the iPhone faceID will no longer work after a third-party replaces the phone screen. Due to the phone checking if the screen’s serial number is “authorized”.

Next up is Andrew Logan's talk "Tracking Military Ghost Helicopters". Andrew built a system to track and automatically identify helicopters over the DC area. Where people can submit pictures via Twitter, which are then automatically processed to determine the type of helicopter.

Rae Baker in the Industrial Control Systems village explained how some ships attempt to evade authorities when performing illegal actions, by forging or jamming the signals of their AIS (Automatic Identification System) beacon. Even though Rae was not there in person, the talk was still captivating.

The final talk by Arik gave me some insight in the workings of retail-stock scalping bots. A well-thought-out system designed to minimize latency and beat competing bots to purchase freshly restocked products.

This concluded Defcon 30 for me. All in all, a tremendous experience!

Share this news