Badgelife: A Defcon 26 retrospective

One more year gone, one more Defcon completed.

Defcon is the longest-running security conference in existence and one that I have been attending since Defcon 18. It is an opportunity to see and interact in real life with industry peers that would forever remain a digital persona otherwise. It is the place where you hear about the newest attack techniques, the coolest hacks, and the most spectacular security failures. A giant melting pot of hackers, security professionals, various three-letter agency employees, lawyers, students, black hats, grey hats, white hats, IT admins, help desk warriors, journalists, activists, reversers, cypherpunks, scary pentesting voodoo red team experts, and stoic blue team defenders.

Defcon is the conference of conferences. There’s even a LineCon, consisting of the impromptu discussions that take place while waiting to register or waiting to get into a room to see a presentation. And let’s not forget HallCon, where you strike up a conversation with random strangers and never, not once, have them roll their eyes when you start talking about security.

Villages, such as the LockPick village, exist where volunteers demonstrate just how illusionary the protection a physical lock provides. Then there are various hardware hacking villages, where routers, Wi-Fi repeaters, or anything containing a small computer is picked apart. Soldering irons abound, and disassembling is encouraged. Warranties are gleefully broken and tamper mechanisms are ignored or defeated in an undetectable manner. There’s the car hacking village, drone hacking, the social engineering events. The list goes on and on in a cornucopia of coolness.

And let’s not forget the swag. Oh the swagiest of swag! Epic t-shirts, cool and weird stickers, army backpacks with a bajillion pockets, personalized hotel cards, challenge coins, and the crown jewel of them all…The coveted unofficial electronic badges.

Defcon has the best badges—in part out of necessity, I theorize. How do you combat counterfeit badges when the vast majority of your attendees know about plastic card printers, have a passing familiarity with photo editing software, and perhaps a flexible moral code?

An example of an early Defcon badge. (Photo acquired on the Internet)

You step up your game. Early examples were embossed, then made of laser-cut plexiglass, and even metal! Very soon, functionality was thrown into the mix. It started slowly, with blinking LEDs, and rapidly progressed. As badges started including crypto challenges, greater and greater functionality was added. The rationale behind this enhancement was to foster collaboration between attendees with different skill sets when attempting to solve the puzzles contained within.

As badge functionality grew, enterprising conference attendees started modifying them. The Defcon 16 badge included a “TV-B-GONE” function, to the great chagrin of the Las Vegas restaurants and sports bars owners. A Defcon 17 attendee even added a Breathalyzer to his badge.

Official Defcon badges of yesteryears.

Eventually, the Defcon organizers settled into a cadence. One year was a crypto challenge with an artistic style of badge; the alternating year an electronic one. This was probably a logistical decision, as the electronic badges became more and more intricate, requiring longer and longer development time due to their complexity.

Around this time, Defcon attendees witnessed the birth and rise of unofficial Defcon badges. Built by attendees, these unofficial badges became the most sought-after object to wear around your neck: a prestigious status symbol, confirming your “leet-ness.” A visual confirmation that had the guile necessary to acquire them. You knew the right people, or had the skills to create your own.

Unofficial Defcon badges, including: the Whiskey Pirates badge, a MK1 Bender badge, the Ides of Defcon, and a VoidDC24 badge.

Defcon 26 saw a veritable explosion of unofficial badges, as more and more groups of enterprising con attendees started making their own badges with a dizzying array of features. Here is a selection of unofficial badges acquired this year.

A DC801 badge, a Furcon Badge, a Fale badge, a Linecon2018 badge, and an LHC badge.

With the explosion of unofficial badges, a standard was developed known as the “SAO.” This standard allowed for add-on mini badges that were much easier to make and gave the opportunity to less experienced badge makers to wet their feet. These mini badges also allowed for much brisker badge trading, as they tended to be simpler in design and scope.

A custom red-eyed pickle Rick SAO made by @reanimationxp @tr_h and @ssldemon

A selection of the SAO mini badges acquired through trade, beverage exchange, or monetary transactions.

All of these are but a small sampling of what was available. The project I was involved with was Defcon Drone badge (Hi Bl1n7!) and our team frantically flashed badge operating systems and assembled kits into the late hours of the night. I got to learn about the Arduino IDE as I flashed the base firmware on the Kickstarter pledged badge packages. I also took the opportunity to hone my soldering skills and repair electronics. The suite where all these activities took place was most thoroughly equipped with microscopes, soldering stations, classic sci-fi movies in the background, and a bevy of delicious snacks!

Defcon is what you make of it, and this year I elected to make it all about the badge life. You can find out more about badgelife here, courtesy of Hackaday.

*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Jean Taggart. Read the original post at: