zvelo Spent the Week with over 20,000 Hackers at DEF CON 24


zvelo Spent the Week with over 20,000 Hackers at DEF CON 24 — Here’s What We Saw

DEF CON is one of the largest, (if not the largest), hacker conferences in the world. Held over four days every August in Las Vegas, DEF CON is now in it’s 24th year and is bigger, better — and scarier — than ever. Our Senior Malicious Detection Researcher, Eric Watkins, participated again this year and provided a great multi-blog brief; giving us a glimpse into the very real, and scary, threat vectors coming out of the hacker world today.


DEF CON 24: Day 1…aka: “LineCon”

Standing in line to get badges. Believe it or not, this is an actual event when you consider how many people must attend in order to get into the content, competition and events. In previous years this took several hours and as a result people were in line as early as 4AM. We slept in a bit to compensate for our late night 3AM arrival into Las Vegas so by the time we arrived at “LineCon” the line was “only” a few rooms long and moved quickly. After waiting in line for less than a half hour we were able to buy our badges. DEFCON badges themselves are something of an event. It is considered a challenge to reverse engineer the design and the functionality is intentionally obfuscated. Here is a picture of the DEFCON 24 badge, goon (goons are con volunteers) challenge coin and lanyard:

DEFCON 24 Badge

Breaking this down for you, the badge has a working Intel processor in the center, eight working buttons at the top and headers for serial input under the battery at the bottom. The Konami code could be entered on the keypad to cause the lights to change their blinking pattern. The lanyard itself contained serial information, which when combined with other lanyards allowed a sequence to be decoded. There are a few writeups of the details contained on the badge for the challenge. You can check them out here:



Day 1 at DEFCON is always interesting because most of the larger meeting halls are used for “LineCon” which causes the Thursday talks to be held in smaller capacity meeting rooms. As a result, the lines to get into Thursday’s talks are horrible and even though we got in line very early we were turned away from almost all of the events we tried to attend. Thankfully, the talks are broadcast over the hotel TV system for people who are staying in the hotel. We were able to retire to our rooms and watch the afternoon talks in the comfort of our hotel suite.


Blue Hydra

The first talk I attended was about Blue Hydra https://github.com/pwnieexpress/blue_hydra . This tool is the next generation of several Bluetooth tools that I have been using, so this was a great talk to start off with.


Some stats claim that up to 89% of security professionals have no visibility into Bluetooth devices.


The speaker and author of the Blue Hydra tool mentioned several of the preexisting tools I’d been testing so I knew he was legit when he mentioned several of the shortfalls I have encountered using these tools. These previous works were good, but not fully integrated and missing some needed details and I’m very much looking forward to testing the actual Blue Hydra code. With the onslaught of IoT devices, our ability to learn all we can about BlueTooth enabled endpoints is going to be key in the fight to enumerate all the items connected to any given environment.

hello_my_name_is_rectangular_sticker-rffb9cb6d7b7c4eea920b923f0b8f1961_v9wxo_8byvr_324Hello. My Name is…

The next most important talk to attend is the general introduction to the convention. The speaker introduced the events of the upcoming week and went over some ground rules. One thing that was really stressed is the need to get off the main speaking track and actually get involved with the people of DEFCON themselves. This is a concept we fully embrace as I’m pretty well acquainted with the DC719 group out of Colorado Springs. Once this DC101 talk was completed, I caught up with the DC719 group at a networking event to map out our plans as a group for the rest of the con.


Here’s a look at the OpenCTF and Village areas:

CTF Village Areas


The Day 1 Big Take-away:


Big Winner:

Blue Hydra was the single best technology advance I saw on Thursday. This update in BlueTooth scanning technology will jumpstart our ability to see BlueTooth low energy (BTLE) devices that are active in a given space. Prior scanning engines were fragmented and their reporting details were spotty at best. Blue Hydra takes all these techniques and combines them into a single easy to use interface while adding new functionality that wasn’t pre-existing. This new tool will quickly become a goto program in the toolbox of any physical security auditor or bluetooth developer.


Big Loser(s):

People who ended up on The Wall of Sheep on Day 1. The Wall of Sheep is an interactive demonstration of what can happen when network usersWoSlogo let their guard down. Hackers passively observe the traffic on a network, looking for evidence of users logging into email, web sites, or other network services without the protection of encryption. Those found get put on the “Wall of Sheep” as a good-natured reminder that a malicious person could do the same thing… with far less friendly consequences. More importantly, they strive to educate the “sheep” they catch, and anyone else who wants to learn, how to use free, easy-to-use tools to prevent leaks in the future.


Next week: Witchcraft, Unicorns and Leeches, Oh My!


About the Author

Eric Watkins is our Senior Malicious Detection Researcher and he brings 20+ years of combined information security and IT experience to zvelo. When not haunting DEF CON, Eric leverages his deep knowledge in Information Security by utilizing an extensive background in research, engineering and IT security architecture. Additionally, his unique perspective in penetration testing and IT security audit experience to validate website threat vectors will further enhance zvelo’s malicious detection services.