DEFCON 33: My first experience
This will be a detailed writeup on my experience at my first Hacker summer camp.
The Pre-Game Panic
Soldering at 4 AM because apparently I hate sleep
A day before hacker summer camp I was that one friend - you know, the one frantically soldering at 4 AM, wondering why I thought building a cyberdeck day and night for a week before DEFCON was a good idea. I was supposed to get a good night’s sleep before the long drive to Vegas, but instead I found myself pulling an all-nighter with my father, muttering at cables and praying to the electronics gods that this thing would actually boot when I needed it in Vegas.
It was now 11 PM and I had just finished screwing in the last part for my cyberdeck. I didn’t even get to fully turn it on and see if everything worked. You ever have those projects that turn you into a literal caveman and you put off everything until you get it done? This project was one of those times. But it was so worth it.
After zero hours of sleep, I grabbed my friend and we made the drive to Vegas overnight. While I was questioning my life choices and wondering if my cyberdeck was just an expensive paperweight, my friend asked if there was enough space in the car for his luggage. I thought… of course, I mean it’s only us two - how much luggage can he possibly take for 7 days?
This guy then proceeds to bring in a HUGE suitcase along with 2 other small ones that practically took up the entire car space, especially with my cyberdeck in the back. Turns out he was also planning something ambitious - setting up a full cyber range in our Airbnb with Cisco switches and routers, Raspberry Pi’s, A monitor and more random gear. Because apparently we’re the type of people who turn Airbnbs into temporary data centers (at least for DEFCON).
One thing about me is that when I lock in hard for a project, I tend to go ghost mode. Prior to meeting up with my friend, he had absolutely no clue what my cyberdeck was or that I was even working on it. So when I showed him this beast in the room when we arrived, he said “What the f*ck…” and I stood there like a proud middle schooler demonstrating his cool science fair project.
But the real highlight was realizing that yes, my cyberdeck actually worked.
BSidesLV: The Warm-Up Act
BSidesLV was packed, and honestly, it was the perfect way to ease into hacker summer camp mode. Unfortunately when we got there it was very smoky due to winds pushing a fire nearby towards Vegas, and it wasn’t the best welcome experience, along with the 110-degree weather that I was prepared for.
The Skytalks were incredible - there’s something special about technical presentations happening on a small 17th floor with the Vegas skyline as your backdrop. Based on other people’s advice, we attended almost exclusively Skytalks for the first two days. One of my favorite speakers was Juan Manuel Tejada Triviño, founder of DarkEye Industries, who provides OSINT tools including “Have I Been Ransomed?” and “Breach House” (data breach monitoring services). Juan was a very cool, straight-up person which made me dig his presentation.
At one point during Q&A, he was being questioned about the ethical parts of his tool and how far back it keeps data, and whether it would be a big deal if someone hacked his tool and stole access to all that confidential information. His response was simply “bullsh*t” (about the being hacked part). I know this isn’t the right mindset to have (the “it won’t happen to me” attitude), but the way he said it made me confident in his work. I talked to him afterward during the lock picking village and he was a cool dude.
Other than that, the first day was just waiting in line for token drops for Skytalks, meeting people during those lines, and eventually riding the elevator many times to the 17th floor.
The trippy world of Meow Wolf's OmegaMart
On Tuesday we RSVP’d to attend Semgrep’s event at the OmegaMart in Area15. I didn’t even know what Meow Wolf or the Omega Mart was until I was there - my friend told me not to search it up or see any pictures until we were there because it was going to trip me out. And it sure did. Meow Wolf is an underground art collective that makes cool trippy installations, and Omega Mart is one of their exhibitions. It was a cool experience with a deep storyline and mission that I suggest others visit if they’re in Vegas.
Something really cool was that while we were tripping out over the storyline, Katie Paxton-Fear (also known as Insider PhD) recognized us and said hi. We had previously spoke to her at BSidesLV and it felt really good to know she remembered us. She’s a very outgoing and kind person. My friend, who absolutely loves her content, said “people say to never meet your heroes, but that’s wrong with Katie,” and I agree.
Coming from BSidesSF, which was amazing with its venue (each talk had their own theater with comfortable reclining cushioned seats and a big screen), Tuscany Suites felt like a decent place to host BSides LV, but it felt a bit compact and unorganized at some points. Also, some of the volunteers were getting annoying at times - some were reasonable and some weren’t.
The Pre-DEFCON SHOOT: Guns and Geeks
Look at this perfect target I made
Before DEFCON officially kicked off, I hit up the pre-DEFCON SHOOT at a local range. Not only was this my first time shooting a gun, but it was my first time even hearing a gunshot from up close. As we were driving to the range, my friend and I noticed that video games aren’t far off at all from how a real gun sounds in the open. Made me wonder if some games include raw recordings of firearms.
We ended up buying a booth and some cool guy decided to join us - this guy was absolutely stacked with guns. We got to shoot many of his firearms and it was an interesting experience for sure. One thing I noticed right off the bat is people are very friendly, and the fact that all of us were going to DEFCON just made it so easy to talk to people and bring it up as a conversation starter or slide in the “What cool projects have you been working on?” conversation.
Meeting people in that environment was fascinating - there’s something about shooting steel together before DEFCON that brings people together. And it sure did.
DEFCON: Chaos and Glory
LineCon: The Art of Productive Waiting
The first day was mainly LineCon and getting ready for DEFCON. The Hacker Tracker app proved to be valuable because I was able to plan my activities much easier - highly recommend downloading it. The venue was absolutely huge and the big screen as you enter the building really draws you in (especially me since I’m into that whole retro 80’s look with purple/neon).
We took about 4 hours just to get the official DEFCON swag, and I ended up getting a cool patch and a hat - totally worth it. What makes LineCon special isn’t the wait (the wait actually sucks), it’s about the people you meet during the wait. This makes it not only less painful but more entertaining, and time goes by faster. DEFCON lines are legendary, but they’ve gamified the waiting with beachball sniping (well, atleast I did lol. People hate to see me coming with a beachball). Standing in line became its own mini-game, and honestly, some of my best conversations happened while waiting.
We met several new people during the swag line and I actually got a lot of useful information and advice. It’s fun to just ask others what they’re working on or get to know people and their experience in the field. As expected, I saw a lot of big security content creators - too many to just name drop here.
Once LineCon finished, we were recommended to attend the Toxic BBQ. We arrived to the park pretty early while people were still setting up. Thankfully we were able to get some food before the huge crowd arrived. We met some cool people there and got conversations going. Eventually the number of people arriving was exponentially increasing by the minute, and soon the entire area was packed. It gave us a good opportunity to network and find out what other people were doing during hacker summer camp.
Lots of people
We kept a very open mind throughout the week and tried to get as much advice as possible from DEFCON veterans. It was fun hearing the untold crazy DEFCON stories and people’s hobbies. Toxic BBQ was also where I realized DEFCON has to have the most concentrated group of people who are obsessed with niche things. If there’s any event that brings that sort of people, it’s DEFCON. I talked to people obsessed with stuff I didn’t even know you could be obsessed about. I think there’s beauty and benefit in that (just knowing a very specific thing about something, more than the average person should).
The organizers later shared some wild stats from the event - apparently over 1000 people showed up and the stats for this year were:
- 810 burgers (+80 meatless)
- 500 hot dogs
- 100 lbs tomatoes, onion, lettuce
- 40 lbs grapes, corn, other vegetables
- 4 actual dogs
- 1 vole
- Plus Peppercon, Hot Ones flights, Cheesecon and a fuel pump repair on site
Yes… peppercon and cheesecon.
Pool Parties and Projectile Marine Life
After a few hours at the BBQ, we ended up going to the KEVOPS pool party hosted at the Sahara pool. I loved the pool venue and the big screen that spanned across it. I still don’t know who or what KEVOPS is, but it was a cool pool party. Throwing sharks at people and leaving the pool with unnoticed cuts and bruises on your body is always a blast (still don’t know why that happens).
We weren’t late but we weren’t early, and if you’re not early you’re probably not getting a chair to put your stuff on. So I recommend not taking anything important, but if you do, make sure to keep eyes on it or put it next to where the lifeguard is sitting in clear view of your position in the pool. After that pool party it was about 10 PM and we decided to walk the main strip to get a taste of Vegas. I can definitely see why they call it Sin City.
Friday: The Main Event
Friday marks the first actual day of DEFCON full of content and activities. Honestly, going to DEFCON I knew I was going to spend some money on merch and stuff like that, but I didn’t know the vendor area was going to pull me in that much, nor did I know there was even going to be a vendor area. Walking into the vendor area was like being a kid in the world’s most dangerous candy store. I spent the first 3 hours just looking at everything and counting every last penny I had. My wallet was getting lighter by the second.
Where wallets go to die
At some point I had to stop myself and force my eyes to look away and actually attend the talks I had planned the night before (I had already missed 2 really good talks I wanted to attend, but it was also worth it). After that I attended many talks and did activities in the main halls. I didn’t get to do any CTFs as I am a very competitive person and I would’ve spent my entire week doing that CTF, with no guarantee I’d even get top 3. I didn’t want to take that risk and miss out on many things. I also stopped by the BadgeLife community. This area was filled with people focused on designing and collecting unique electronic badget, and I got to see some of the past ones.
Saw this guy fox hunting
past badges
A village that really caught my attention was the Embedded Systems village and the Aerospace village. I unfortunately didn’t get to really dive into a lot of villages because there was just so much to do and I didn’t want to overwhelm myself. My friend and I split up because of this reason - there’s just too much to see for us to all be together. I also didn’t get to see many main track talks because they’re recorded and I can just see them at home. I wanted to do the stuff that I CAN’T see or do at home.
Vishing bots
One of my favorite things on Friday was “The Battle of the Bots: Vishing Edition.” This event was in the Social Engineering village where teams design AI-powered agents to place live vishing calls in a soundproof booth. The goal was to extract predefined objectives from real human targets. The rules were defined in the beginning - what the AI agents would try to get, like what computer they’re using, the model, or what system they’re using, etc.
As expected, there were some technical issues, but when there weren’t… man, that was so interesting and funny. But even when there were technical issues it was still funny because the AV team would just play some troll stuff on the screen while we were waiting. I was cracking up at some of the calls these AI agents would make. One AI voice was a guy named Greg, and I’m not sure what they put as his personality prompt, but that guy was hilarious without even trying.
Just imagine this: Greg is the AI agent and Bob is the real store associate.
Greg: “Hello Bob, how are you doing? I am calling from IT regarding an issue you guys had.”
Bob: “Who is this?”
Greg: “I’m Greg, calling for an issue you guys had.”
Bob: “What are you doing?”
Greg: “Ya know, just a regular day as an IT guy, ready to fix your issues.”
Bob: “Oh.”
Greg: “So Bob, I need you to do something. In order for me to fix this issue I need you to get on your computer and type in this URL so I can get it set up: http://getvished.com”
Bob: “The URL?”
Greg: “Yes the URL. I can help you better if you tell me what computer and model you have, as well as your web browser.”
Bob: “The what where?”
This literally went on for about 10 minutes and it was hilarious because Greg’s tone was starting to change as he was getting frustrated because the poor associate didn’t even know what a URL was or how to search something apparently. Eventually Bob typed the URL in after I had grown gray hairs, and the mission was accomplished (the link was just a random website that did nothing).
After that I spent the rest of the time looking at talks and spending time around some villages. Eventually we got advised to attend the Hacker Jeopardy because it’s fun, so we did just that. It started at about 8 PM and it was a good experience. The teams were picked beforehand, were given some beers, and given some questions. To be honest, I didn’t get half the questions unless they were technical ones. I guess I need to get my culture up.
After that we headed out to some parties like the IoT party and Arcade party. The arcade party had a cool long foosball table that I ended up sweating and playing competitively on for a while. And of course there were a whole bunch of arcade machines surrounding the room. I wanted to play Pac-Man because I am a Pac-Man pro till I die, but others would not let go of it.
The Cyberdeck That Could
Throughout all of this, my cyberdeck became a huge conversation starter. By the end of the weekend, I had literally lost my voice from explaining what it could do, how I built it, what this thing does, what that thing does, and answering the eternal question: “Can I take a picture of it?”
While I’m not fully comfortable explaining what it all does publicly, I may make a separate post about the process. For now, just know that this beast can do more than you think… And yes, every button and screen you see is fully functional and has a purpose.
The best part wasn’t just showing it off - it was all the tips and suggestions people shared for my next builds or how to improve this one. The DEFCON community doesn’t just admire cool projects; they actively want to help you make them cooler.
Last Day
Magical hacks
The last day had a similar pattern. I went to the vendor area one last time to snatch the T-Deck Plus Meshtastic device that I wanted to add to my cyberdeck, and I headed out to some talks. A cool one was from Inti De Ceukelaire, called “Magical Hacks.” During the show, he was bypassing several locks, passwords, PINs, making BBC display whatever news the audience inputted, guessing people’s cards with the use of tech, etc. He then told us his tricks at the end of every trick, and he insisted we be aggressive hecklers and try to explain how he did it. Overall it was a cool experience in the Bug Bounty village.
After a few more talks and looking at the cool stuff in the villages, I had to stop to rest and eat. My right hand was absolutely red and blistered from holding a heavy cyberdeck all day. If you eat at DEFCON, I suggest you not eat the cafeteria food unless you don’t want to leave the convention center. I paid $20 for a hot dog and some small chips - highway robbery, but at least it was DEFCON-themed highway robbery.
One thing I noticed at DEFCON is that you never really know who you’re talking to. While I was waiting in line for food, I ended up chatting with this chill older guy who was just cracking jokes and being silly. Turns out he was one of the core cryptographers involved with making BitLocker - and I just thought that was so awesome. It really hit me how DEFCON strips away all the corporate personas(for some people). You’ll see someone show up in a mohawk and Hello Kitty suit, and they might secretly be the CEO of some major company. It’s refreshing to see the human side of people instead of their LinkedIn corporate profiles for once.
Cat
Eventually at night we went to the final DEFCON pool party, which ended up surprisingly having fewer people than the first KEVOPS pool party. But it was still cool and their tacos were amazing. This time it had more of a DEFCON theme going on the large screens lighting up the entire venue, and even a cat licking the screen as an animation.
After the pool party at around 10 PM, we decided to go back to the convention center and hit up some parties. We went to a few but the best one was by far GOTHCON. As soon as we entered, the music was lit, the people were lit, and I just so happened to bring something lit - my damn cyberdeck. When I tell you this cyberdeck got so much attention in there, I’m understating it. As soon as I opened it and got it up and running, many people would gather around the table and ask me so many questions, ask to take pictures, and then eventually ask me if I work in the industry for this. What industry would this even be? If I can make badass cyberdecks for a living sign me up.
This cyberdeck was fitting the hacker scene in GOTHCON so well that it really made me finally sit back and admire the work that was put into it as I was watching others also admire it. At one point my friend heard me explain it so much that he took over and started explaining to others while I was busy or trying to get my voice back.
We stayed at GOTHCON till 2 AM and we decided to go get some food, ending up picking Tacos El Gordo since they closed at 4 AM. While we were there some woman who looked like she just got out of a club passed out right in front of us and everyone looked like that’s something they see every day in Vegas. I ended up staying up till 6 AM and eventually slept, then woke up at 8 AM because the Airbnb cleaner was about to arrive. We decided to just head home since I had another long drive back and I would be running on 2 hours of sleep, on top of the average 3 hours of sleep I was getting during hacker summer camp.
I say we left with a banger and I will for sure be coming back next year.
Lessons from the Trenches
For a first DEFCON, I learned a few things:
Build something cool and bring it - Try to come to DEFCON with a cool project that you’re proud to brag about and show people. People at DEFCON love to provide input and know what other people are working on. It’s usually one of the best conversation starters.
Your voice is a finite resource - My voice was gone from explaining my projects to people. Pace yourself when demoing your cool projects.(this is mainly advice for me lol)
The community is incredible - Everyone wants to help you level up. Don’t be afraid to ask questions and don’t hold back.
Budget accordingly - The vendor area is financially dangerous. Trust me. Like… really.
Bring your resume if you’re looking for a job - I made a mistake of not bringing my resume. Whether you have an easy-to-send digital one or paper, bring a few because you never know when someone will give you an opportunity if you put yourself out there.
If you’re coming in a big group, split up and download the Hacker Tracker app - There’s too much to explore to just stay in one group and attend things all together. You also find a lot of value in each attending your own things and then talking about what each person attended later. It also helps with recalling and understanding what the talk was about.
You’re going to have FOMO - The night before each day, plan the talks you want to attend very well. You wont be able to attend everytalk since there is multiple happening every second. You don’t want to be like me and spend an hour trying to find a talk that interests you, just to find out it was an hour ago and it was also 10 miles away on the third floor past some jungles into the ocean and then across the galaxy (the convention center is huge and it can take a while to go from one location to the other, especially with all the people there). If you don’t get to see one talk or activity in your planned schedule, it’s okay because you planned more for the next few hours.
Lastly, try to attend the stuff you won’t be able to see online - Attend the workshops, villages, attempt a CTF to see what it’s about, go to some communities, attend some demo labs. Not only will you get valuable information from these things, but you’ll meet amazing people.
What’s Next?
I wasn’t sure if I was going to be attending DEFCON annually, but after this DEFCON, I’m already planning for next year. I want to come with new and improved projects, more experience, and good vibes. I hope to be a better reverse engineer and malware analyst by then so I can have more developed skills under my belt. I also aim to attend more villages and be more interactive with what they’re demoing and what they have.
Same time next year? Absolutely.
Are you a cool outgoing person attending DEFCON next year (2026)? Hit me up - let’s work on some projects or or talk about some stuff!
And for those of you people who actually made it to the end - congrats. You are officially awesome in my book.
Achievement Unlocked!
"DEFCON Post Completionist" - Read an entire DEFCON writeup from Qewave