This past August, I was excited to be heading back to DEFCON! I have attended the hacker conference DEFCON for several years but knew that this year would be a whole new experience. In the past, I participated in various CTF (Capture the Flag) competitions and gave a talk in the DEFCON 27 Maritime Village about IoT/ICS firmware analysis. However, this would be my first DEFCON experience helping run a village.
My first DEFCON was DEFCON 23 in 2015 during my time as a graduate student in Information Assurance at Iowa State University. My wife and I drove 14 hours straight from Ames, Iowa, to Las Vegas. Even with the lack of sleep I arrived at my first DEFCON ready to learn and network with smart people. I attended a few talks but then quickly discovered the IoT Village and their CTF competition. At the time, I was working as a graduate research assistant in Iowa State’s PowerCyberSec lab where I conducted research on networked devices which controlled critical infrastructure in power grids and the village caught my interest. I ended up spending most of my time in this village and placed 2nd in the IoT CTF. My team name, since I was playing by myself in Vegas, was “One Man Wolf Pack”.
Seven years later, I had the amazing opportunity to join ISE as an analyst and work alongside the incredibly smart people that founded the IoT village. This has provided me with the chance to help run the village I came to enjoy as a DEFCON attendee. I have quickly learned just how much prep work goes into running the IoT Village! It is a huge effort and I have mad respect for the team that makes the village run smoothly. I never could have guessed that 7 years after my first DEFCON I would get to take part in this great village that captured my interest in 2015.
My DEFCON 30 experience did not start off the way I expected. My flight was canceled due to weather, and I was not able to get a flight until early Friday morning! I was concerned this could put a hamper in my conference experience but I when I got to the venue, I was relieved to be there and jumped in to help out with the IoT Village. My responsibilities this year included assisting with our IoT Hacking 101 Labs, which were built in collaboration with Loudmouth Security. The lab environment included a slideshow and Linux shell embedded in a webpage. DEFCON attendees with no previous hacking skills would get hands-on experience performing basic IoT hacking exercises and it felt great to be able to contribute to their knowledge.
The lab topics covered IoT firmware extracting and analyzing, exploiting a command injection vulnerability, and interacting with a MQTT server, a common networking protocol found in IoT devices. These are all things I do in my everyday job performing IoT pentests. All the lab exercises used real IoT devices or IoT device firmware. These are the kind of things I have enjoyed doing in my free time and professionally for years and now I was helping people who had questions or got stuck on certain parts of the labs. While you might expect beginners only at the IoT Village, I also got to talk with some more experienced attendees who enjoyed the labs and wanted to chat about various IoT security related projects they were working on. Some even worked in industries that produce IoT devices and wanted to get ideas about how to better secure their products. It felt like I was contributing towards the security mission just by having a simple chat. As someone with embedded development experience, I loved talking with developers about the challenge of balancing security and feature development when working on hardware products.
Although my main responsibility was to hang out in the IoT Village, I did get to attend some talks that I found interesting. One of them was a chance to see a YouTuber I have been watching for years, Louis Rossmann, who runs a channel about his MacBook repair business. I gained significant knowledge about soldering and other hardware skills from watching his videos over the years. The panel he participated in at DEFCON was about the right to repair, which Louis often discusses on his Youtube channel, including how many device makers use anti-repair tactics against the best interests of their customers. It was amazing getting to see Louis invited into the hacker world and share his unique perspective with our community.
Working in the IoT Village also gave me the ability to meet people at the cutting edge of the IoT security community like Deral Heiland from Rapid7. He was running a hands-on lab in the IoT Village that involved getting root on an IoT device by modifying the NAND flash storage on the device. If this was done by an attacker against a real user’s IoT device, it would allow the attacker to gain complete control over sensitive user data and the device’s actions. While picking his brain, I learned that Deral and I both share a love for buying random hardware hacking devices from China. I even learned about some new devices, specifically a reflow oven, that I hope to get soon. A reflow oven is a specialized oven for removing computer chips soldered to circuit boards. Getting to exchange ideas like this with other professionals in the same line of work is an opportunity that is hard to find outside of DEFCON.
While many things about this DEFCON presented unique experiences for me, I left feeling the same enthusiasm as my first time going in 2015. No matter what my role has been as an attendee or exhibitor, DEFCON has always allowed me to put my skills in pentesting and hardware security to the test, as well as learn about new things I want to dive into in the coming year. Overall, this was a great DEFCON and I’m already thinking about how to help out more in the IoT Village in the next year!