It is August of 2020, and COVID-19 continues hitting us all over the world. So much that, even the DEFCON conference had to be cancelled (in its physical form) to protect everyone; hackers, presenters, and staff. That didn’t mean, however, that there couldn’t be a conference this year. So, the fine Defcon folks got to work, and took this year’s conference to the Virtual realm -a.k.a. Safe Mode-.
Aside the main conferences, there were multiple tracks (known as Villages) that you could take. These cover various topics regarding technology, social issues, even physical lockpicking. Here is a short list:
- Blockchain Village
- Cloud Village
- Crypto and Privacy Village
- Lock Bypassing (or Lock Picking) Village
- Recon(naissance) Village
- Red Team Village
- Voting Village (Voting Machine Hacking Village)
- Wireless Village
This is by no means comprehensive, and I highly encourage you to take a look at the actual list of all the Safe Mode Villages on their website.
The greatest thing about this year’s conference is, to us, that it was free for all who wanted to attend. All you really needed was a computer, smartphone or tablet; an Internet connection to stream the videos from their Youtube channel.
You probably saw the Email we sent regarding Defcon, where we recommended Jonathan Helmus’ talk on a Student Roadmap to Becoming a Pentester. I highly recommend it, as it does provide a great overview of what you can expect on your Pentesting journey.
There was also an almost 2-hour training session on OWASP Amass, which was given by its creator, Jeff Foley. What’s great about it is that you get the opportunity of learning from the original developer, which is very valuable to get a deep understanding of the tool.
Another talk worth looking into is The Bug Hunter’s Methodology by Jason Haddix, in which he discusses the mindset and methodology he uses when working on Bug Bounty programs.
If you’re interested in learning more about Physical Access, on the Lock Bypassing Village, Karen Ng gave a Bypass 101 talk, prividing the introductory foundation on how most locks work and how they can be bypassed by an attacker.
From here on, you can move on to Robert Graydon’s talk on how to make DIY Bypass tools. Given that most of us are working from home, this is vital knowledge, as you never know when someone might want to break into your house and potentially harm you and your family.
There was also a talk by John the Greek, titled Bobby Pins, More Effective than Lock Picks; on which he describes how he makes custom-made, DIY bobby pins that can be used for a particular lock.
Back on the Main track, there was a mind-blowing talk by James Pavur that discusses how he and other members of his research team at Oxford were able to effectively intercept satellite communications traffic, using relative cheap equipment, which adds up to ~$ 300 in cost. Here, he also presents an alternative that they’re working on to help users encrypt their network traffic, while maintaining good performance.
As always, keep note that, knowing how attackers work gives you the advantage of knowing how to effectively prevent any future attacks; regardless of them being digital or physical.