DEF CON 30: what we learned (and how it helps you)

In August, the CovertSwarm team attended DEF CON 30 in Las Vegas – the cyber industry’s premier hacker convention, and the the oldest and largest of its kind. Hosting everything from demos and workshops, to dedicated hubs (‘villages’) and even competitions, it provided lots of opportunities for us to explore, experiment and grow.

We spoke to Hive Members Martin, David, Jorge and Ian, plus Hive Leader, Doug, about how DEF CON 30 has benefited our Swarm – and how it can benefit your business, too.

It puts 30,000 experts in one room

DEF CON is an event in every ethical hacker’s calendar, from up-and-coming talent like students, to established academics and entrepreneurs. Conversations and networking happen in the most unlikely of places and between those who may not usually meet, as well as across all levels of technical expertise – giving us all the opportunity to share ideas, projects and experiences, and ask (and answer) questions.

“It’s all about the people – the conference itself is just the method that gets 30k+ geeks in the same place,” said Martin “There is as much to learn in the off-the-cuff conversations in the queues and at the bar than in the talks themselves.”

Doug agreed: “Speaking with other delegates around the con was very helpful in getting other people’s views and ideas for problems and hearing how they overcame these by discussing techniques or tactics. Often these conversations would go off into several additional areas with interesting thoughts coming off the back of them.”

For us, DEF CON is a chance to contribute to our industry and share our collective knowledge and insights, and it’s the one time we aren’t ‘covert’. Far from hiding in the shadows, we were out in full force in our unmissable branded orange tops. With ethical hackers rubbing shoulders with government bodies and policy makers, we can all see how our sectors overlap and what we can achieve by working together.

Ultimately, we all want to create safer assets, safer browsing and a safer internet – where data is kept out of the hands of bad actors.

Our not so ‘covert’ orange T-shirts

It makes our Swarm even more formidable

Our Swarm is made up of Hives – teams – of individuals that live and work all over the world. Being remote by nature, we don’t get to have conversations by the water cooler or in the dinner hall. But we’re still in constant contact with each other, and these kinds of events – attended by our whole team – better strengthen our bonds and help our Hives work even more closely together.

For David, team bonding was one of his highlights of the convention: “It was great spending time with members of the team in a different setting which helped bring us closer as a whole.”

DEF CON was also a chance for some of us to put faces to names for the very first time, reconnect with friends and colleagues in a casual space, and build team relationships in a more natural and relaxed way.

Jorge, had never been to DEF CON before. “As a first timer, the experience has allowed me to connect with people with broader experience than myself, which is simply a fantastic opportunity to borrow tips and tricks.” He added: “Everyone was incredibly happy to hang out and exchange ideas, or discuss future endeavours.”

It helps us continuously adapt our approaches

As cyber experts, we know the moment we slow down is the moment we stagnate. Bad actors will stop at nothing to ruthlessly exploit any holes they can find, and our challenge is to find them first. There was much to gain from participating in DEF CON’s many demos and games, from hands-on hacking simulations to technical training, discussion points and contests. Through competitions like the biohacking, car hacking and physical security villages, as well as Capture The Flag contests, we put our skills to the test and evolved as we went, relishing every moment of fierce competition.

David found DEF CON offered some great learning opportunities. “Being able to attend the various villages was an excellent way to improve my knowledge and experience in areas I’ve been looking to improve in. For example, having the opportunity to practise physical entry methods on new door types, while having someone there to provide knowledge and insight where needed.”

Coming an impressive 10th out of 200 in the IoT (Internet of Things) CTF challenge stoked our fire, playing into our day-to-day roles as ethical hackers, penetration testers and red teamers. And at DEF CON, spectating is a sport of its own, with lots to glean from watching how others approach, adapt to, and master a challenge. After all, the best of the best come here for the privilege of competing – and the chance to win the coveted Black Badge, which grants industry renown and lifetime entry to future conferences.

Participating in the contests is something Ian feels particularly proud of. “The CovertSwarm teams that got involved really proved that we have the skills to compete with anyone.”

It keeps us at the cutting-edge of cyber security

One of DEF CON’s greatest draws is the ability to gain real-world insight into new tools, threats and software as they emerge, and this year’s schedule covered areas like cloud environment penetration testing, machine learning, hardware hacking, emerging attack vectors and more.

So what did our first-timer, Jorge, think of the convention as a whole? “My perspective on cyber is far wider after the con. I have picked up some tricks and resources… and can [now] think of other areas of skills, because I was given the stage to explore them.”

It’s through events like DEF CON that we have the opportunity to further develop our interests and specialisms, keep ahead of what’s new in the industry, and gain insights into what’s coming next for cyber.

One of the many talks attended

Connect with the Swarm

DEF CON is just one way we expand our network, grow our Swarm and keep ahead of emerging technology and approaches. If cyber security is as important to you as it is to us, we want to hear from you, particularly:

• Brands and businesses: If you’re looking for training, advice or services like penetration testing, red teaming and cyber attack, get in touchand we’ll help you make your assets more secure.

• Ethical hackers: We want to nurture and support new talent in cyber security, as well as connect with experts who can strengthen our industry. Whether you want to bounce ideas around, get a better understanding of cyber or find others who think and work like you do, we can help. Catch up with all our news on our social media, discover lots to learn on our blog, or reach out to the team through our contact page.

• Cyber security talent: We’re hiring! From internships and graduate schemes to new team members, we’re keen to invest in the brightest minds and those who can demonstrate their expertise and talent. After all, there’s strength in numbers. For the latest opportunities, take a look at our careers page.

For further insights on DEF CON 30, listen to a very special episode of The CovertSwarm podcast, recorded live in Las Vegas.

In the meantime, we’re working hard to gather intel on the latest challenges to cyber security – and we’re glad to have you on our side.

Check back soon on our blog for new industry insights and how they could benefit your business.

K8s – Pod to Node Escape Techniques

In this article we are exploring the breakout of a pod, to gain access to a node. This is performed by attackers to elevate their privileges…

Rishikesh Bhide joins CovertSwarm as Head of Engineering

Rishikesh joins CovertSwarm to accelerate the organization’s engineering capabilities and product strategy as part of its rapid growth trajectory.

Louis Blackburn joins as Operations Director

Louis joins CovertSwarm from Lloyds Banking Group with an extensive background in red teaming, becoming the latest senior hire as part of the organization’s rapid expansion…