Defcon is dead. Long live Defcon.

Defcon is dead. Long live Defcon.

By Stephen Heath – VP of Security – Intrinium 

“This year feels different,” a friend sighs as we enter yet another of the dreaded “LineCons” that exist outside of nearly every village, talk, and swag area. While crowds and lines are nothing new this year, I can’t help but agree. Defcon is friggin’ HUGE.

What once fit in the modest Alexis Park (whose website boasts “an unforgettable setting for gatherings of up to 1,600 people”), now has overwhelmed the massive Caesar’s Palace and sprawled into the neighboring Linq and Flamingo hotels. Despite all this space, you still can’t seem to get in anywhere. Gone are the days of spontaneously visiting a village or talk, now every action requires careful planning and arriving early. I start getting grumpy.

“Defcon sucks now and is getting too big,” I catch myself thinking.

Beyond the mass of people, another pall hangs over the conference: the unspeakable tragedy of October 1, 2017 and the effect it had on hotel security. A Google engineer makes an unfortunate tweet talking about how, if he was bad guy, he would choose to “attack” the wealthy of Blackhat over the poor attendees of Defcon. The Las Vegas Metro Police Department becomes involved. They quickly determine that the man clearly meant if he were to launch a cyber attack on the WiFi, but the damage was already done. Caesar’s security trespasses the man and bans him from their casinos. He was eventually allowed back in after about 24 hours, but the damage was done. (

That is hardly the end of it. Stories emerge of unauthorized invasions by hotel security searching guest’s room and photographing personal belongings. One woman reports two people claiming to be hotel security banging on her door demanding entry. Another woman tells of an unidentified man charging into her room without knocking while she was dressing.

WTF is going on?



My first visit to the annual hacker conference was Defcon 17 in 2009 when less than 1/5 of the current attendees squeezed into the (now non-existent) Riviera hotel and casino. I can still remember being blown away by the technical talks and the counter-culture atmosphere. I cheered as a guy hacked the World of Warcraft API to give himself a player vs player heal bot. I was able to network and meet the full Intrinium team. I was mindblown by my first exposure to Metasploit and the goodies it brought to the table. Ah, the good old days of ten Defcons ago… Of course, when we think of the past, we tend to romanticize.

Defcon 2009

  • The hallways between talks were more packed than Caesar’s escalators at their worst.
  • There were just four tracks of talks and a few rooms for CTF and Hardware Hacking.
  • I had to wait three hours to get a badge because they were delivered late and the badge line was terribly inefficient.
  • Bringing a kid to Defcon would be considered child abuse.
  • Women speakers were a novelty and those just in attendance were as likely to be sexually harassed as they were to be figuratively labeled “scene whores.”
  • I had to listen to the old timers talk about how Defcon sucked now and was getting too big.

Defcon 2018

  • This year, I arrived at a peak badge rush time and had to wait less than 60 minutes.
  • Now there are more villages than ever before and more opportunities for attendees to deep dive into topics ranging from packet hacking, cryptography, and even ethics.
  • There are full and half-day workshops where attendees can learn and improve their skills.
  • There are more parties than you can shake a stick at.
  • Today, children roam the halls of Defcon building the next generation of hackers who pwn voting simulators and even walk away with coveted black badges.
  • This year Rachel Tobeck’s WISP organization raised money for 57 Defcon women’s sponsorship, where they got to see women not only attend but continue to emerge as some of the most respected leaders and pioneers in the field.
  • I have become an old timer who talks about how Defcon sucks now and is getting too big. At least some things will never change.

The reality is, I’ve had to accept that Defcon is ever-changing and no one year will be anything like the previous ones. There will be good, bad, and ugly.

I’ll recap some of the highlights in the coming weeks, but in the meantime, I’ll leave you with a crazy thought: If we’ve gone through this much change in only 9 years, can you imagine what Defcon 35 in 2027 will look like?

Want to have the chance to talk about the wild dark world of #Defcon and more, join us for our first lunchtime webinar! 

Join Stephen Heath for Exploring the Darknets live webinar on Wednesday, August 22nd at 12:30PST to be a part of the conversation!

The terms “Darknets” and “Darkweb” frequently make headlines, but what, exactly do these terms mean? How does it work? Can you really find *anything* in the seedy underbelly of the internet? How anonymous is the Darknet? How much of the Darknet is just urban legends of our time? Join the speaker on a deep dive of the Darknets, in which you will gain a glimpse in the wretched hive of scum and villainy where everything from prescription drugs, PHI, credit cards, and even organs are rumored to be bought and sold. RSVP now to reserve your spot! 



Pin It on Pinterest

Share This