This will be my 21st year attending Hacker Summer Camp. Back in 2000, it was just Black Hat USA followed by DEF CON, and only a handful of people knew about it. Now it’s a full nine days of technical conferences starting with Black Hat training sessions on early Saturday, followed by BSidesLV, then the Black Hat briefings themselves, followed by DEF CON ending the following Sunday. And several thousand of my closest friends all in one place. It’s draining to stay for the whole thing; and it’s even draining if you attend just a small part. So pace yourself.
That said, what should you expect to bring to Hacker Summer Camp? Well, don’t sweat it. ForAllSecure’s got you covered.
Black Hat Briefings USA (Jul 31, 2021 through Thu, Aug 5, 2021). Started in 1996, the Black Hat Briefings are a corporate version of its older sibling, DEF CON, with registration fees starting at $1600 USD. This year will be hybrid, in person and virtual. The Black Hat Briefings start with four days of hands-on training (Saturday through Tuesday) followed by two days of cutting-edge talks (Wednesday and Thursday). There are also events, such as the Pwnie Awards on Wednesday Night. The audience tends to be more corporate and professional, not quite RSAC-level but approaching that.
BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. This conference started out eleven years ago as a way for speakers who are rejected from Black Hat to still give their talks. This conference is put on by volunteers and is largely free--however, tickets are impossible to get (often you have to volunteer during the con to get a ticket).
DEF CON (August 5-8): This is the original hackers in the desert event. Started in 1993 as a going away party for a friend, DEF CON is now in it’s 29th year. The cost of entry is only $300 USD, and this event, too, will be hybrid, in person and virtual. If you are going to attend both Black Hat and DEF CON, you can purchase the registrations together. DEF CON is not Black Hat. The talks at DEF CON are more technical and edgy. Given its huge size (really, the hallways are not passable at times), there are more villages and things to do outside the talks and outside the conference hotels themselves. And of course, there’s the famous DEF CON Capture the Flag contest held throughout the weekend.
There’s also a bunch of other mini-conferences and parties throughout the weeks. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON.
This isn’t Burning Man, but it is the Nevada desert nonetheless. Over the last two decades, I have been caught in heavy monsoon rains, a dust storm, and even a plague of locusts one year. That said, it’s always very hot outside, up over 100 degrees Fahrenheit during the day and only down to the 80s at night.
The casinos on the other hand are over air conditioned, so if you’re sitting through an hour-long session, you might get cold. I usually wear long sleeve shirts and jeans and I’m fine. Others may want to bring a light jacket. There are those who insist upon wearing beachwear -- shorts, sandals-- to the talks, but don’t say I didn’t warn you about the air conditioning.
You don’t need to bring a lot of devices except if you're taking a class or want to show off your l33t skillz in the hallways. That’s up to you. But if you do want to bring electronics, what should and what shouldn’t you do?
With Black Hat, there’s a lot fewer fun and games (aka “experimentation”) these days. Elevators no longer get hijacked; the internet doesn’t get shut down either. In reality, though, you might not really need your phone always on during the conference given the generally crappy reception at Mandalay Bay. If you do need wi-fi, the network for Black Hat is pretty secure.
With DEF CON, I generally turn off my phone as a standard practice; it’s not going to work well inside Caesars/Bally/Paris, and, if it does, I don’t want it to get caught in someone’s homebrewed IMSI-Catcher or otherwise fake base station. Yeah, that’s me standing on the sidewalk in the blazing sun checking my messages.
And -- do I even need to say this?-- never leave your phone or laptop open/on unattended. Seriously, just getting up to get a glass of water is long enough for someone do something really stupid to your device.
If anything above has set you back and made you wonder-- don’t be afraid. First, you can attend all of this from the comfort of your own home if you want. All the talks will be provided virtually (but you’ll still have to register for them). And, if you do go to Las Vegas, you won’t be alone. The night before the Black Hat Briefings and the night before DEF CON you can find talks that welcome first-timers, with answers to allay your residual concerns.
Whichever attendance you chose -- in person or virtual -- you’ll come away smarter and better prepared for the year ahead in information security. As always it promises to be as action-packed as the year before. And, if you need CPE credits for your various ISC2 and other certifications, you’ll get those as well.
Thank you for subscribing!