The Hacker Mind Podcast: DEF CON Villages

Robert Vamosi
August 3, 2022
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

DEF CON is 30 years old this year, and it’s bigger and better in part because of topic-specific villages. Here’s an inside look at four of the most popular villages.

In this episode I’m talking to the organizers of the Lockpicking Village,the ICS village, the Car Hacking Village, and the Aerospace Village. And, there’s thirty more villages including Girls Hack Village, the Voting Machine Hacking village, the IoT Village, and the Bio Hacking village. In each you will find people with like interests. You will learn cool new things. And … you won’t be disappointed.

Vamosi:  DEF CON turns 30 This year what began simply as a going away party for a coworker has since evolved over the decades into an annual summer tradition for InfoSec leaders in Las Vegas, which now includes other events such as besides Las Vegas, Diana is known as hackers summer camp. Anyone who has anyone in the information security community is usually melting under the hot Nevada sun. We're breathing, the mid afternoon monsoons, and from one year there even grasshoppers. Yes, grasshoppers invaded Las Vegas at the start of hacker summer camp in 2019. In Sin City, it's the Insect Invasion

NBC: putting on a show. No one can escape big popped up out of nowhere 24/7 onslaught of grasshoppers that really sticks with you. What did your uncovered in locusts covered for many the first impression felt downright biblical, migrating hoarded bugs so big you could even see him from space.

Vamosi:  I first attended DEF CON in 2000 when it was still at the Alexis Park Hotel, just off the Strip. The cost of entry then and still is nominal. Currently it's $300 a ticket. That's a steal. I went on to speak at DEF CON 18 When it was held in the Riviera. 

DEF CON 18:  I'm Robert Vamosi. And by de I'm an analyst at Javelin strategy and research where I do security risk and fraud for the financial services industry. I'm also a I'm a contributing editor at PC World Magazine. I write a monthly security column for Windows Secrets and I do a couple other things on the side. I've also written the book which I'll get to in a moment. This is a bytes and bullets. This is the author's panel here at DEF CON 18. And I'm joined today by Joseph Mann, Jeffrey Carr and Robert ConnectKey. And they've all written books and then from a few moments they'll get a chance to talk about their books. 

Vamosi:  DEF CON moved to the Rio for a few years, and now it's at Caesars well. Actually it's at five or six different hotels, including Caesars Yeah. DEF CON at 30 is massive. And part of the reason for that explosive growth is over the last 10 years DEF CON has been adding topic specific villages. This year, there are over 30 distinct villages available. So in this episode, I'm going to share some of the conversations I've had with leaders of some of those more established villages over the last 50 episodes of the hacker mine. Yes, this episode contains some recycled material. However, rather than just repeating the episode and repackaging it I hope you'll stick around.


Vamosi:  Welcome to the hacker mind and original podcast from for all secure. It's about challenging our expectations about the people who hack for a living. I'm Robert Vamosi. And in this episode, I'm discussing some of the individual villages you'll find at DEF CON in particular I'm going to be talking to the leaders of four villages, the car hacking village, the lock picking village, the ICS village and the aerospace Village.


Vamosi:  One of the oldest and most crowded independent villages at DEF CON. It's a lockpick village. I remember walking into that village for the first time years ago and finding table after table of locks and picks with friendly volunteers to assist anyone who had any questions. Literally, each block came with its own tutorial. I have to admit lockpicking itself is very addictive. And in Episode 16, I explored this topic further.

Ollam: So lockpicking has always been a huge part of the hacker world and the community, both as a hobby interest and also now increasingly as with faces like mine as a professional endeavor.

Vamosi:  This is Deviant Ollam of the names often associated with modern lockpicking. I first interviewed him a few years ago at BlackHat for my book when gadgets betray us recently I asked him why lockpicking remains so appealing within the hacker culture

Ollam: so locks at DEF CON and locks it at any hacker conference. They've been around, right they've been on somebody's table at lunch or in a hallway. So these informal sessions were always part of the hacker culture. But it was really fella named Kai and his friend doc and some other people from Colorado and the 719 area code they they were the first to anyone really remembers in those early single digit days of DEF CON to start challenges and workshop tables. Still very informal. But it was that was the beginnings of hey come over here and why don't you try this. So when they saw my presentation years ago about locks and lock picking at DEF CON, that's when they approached me and DEF CON leadership approached me and said Hey, do you want to be a part of this? Do you want to stand up some of you you know you had that you at a table in the hallway after your talk that was as big as anything other people set up usually all weekend. Do you want to do that next year? And that was sort of the inception of why what I call the lockpick Village at DEFCON. 

Vamosi: DEFCON wasn't the first conference to host lockpicking as we're about to hear the Dutch were way ahead of other countries in providing lockpicking as a sport or hackers.

Ollam:  The Dutch had sometimes been doing what they called a village tent at Dutch events at a big campground. But yeah, the idea of the mantra of the lockpick village I called it three words learn touch do it is a one stop shop the lockpick village and many other teaching villages that have grown out of that tradition now. Gosh, there must be 20 or more villages at DEFCON if you want to learn radio if you want to learn tampering with seals if you want to learn encryption, if you want to learn you name it. There was a cannabis village recently at DEF CON. But all one stop shop you can learn about a topic with someone instructing you, you can immediately go hands on and immediately get that wow, I can do this feedback moment that encourages people to keep on learning and developing that skill.

Vamosi:  And it's not just DEFCON lockpicking as a part of most legitimate hacker conferences today but largely because of something called the Open organization of lock pickers are tool with three O's. They're an international organization that provides membership for those wanting to pick locks for sport. And they also provide the general public with a lot of free resources online. Many of those resources were created by dvn.

Ollam:  I was there right at the earliest days, although I was not one of the original board members when tool was spun up in the United States. So tool the with three O's the open organization of lock pickers was originally a Dutch organization that still exists to this day in the Netherlands. And there are chapters all around the world. There are chapters in the United Kingdom later there are people who have contacted us from Canada and other countries. But the largest presence in addition to the Dutch Chapter is the American organization tool us initially, many of us all were exposed to tool through some of the Dutch hackers who were mainstays at American hacker conferences right around 2000. That was the first time that lockpicking made the leap from the silver screen to the tabletop in front of us at hacker events many times. So when the Dutch tool chapters, especially buddy wells, who's a name that comes up a great deal, when he and his associates sort of gave their blessing to people in America to start tool in the US. I have friends with that whole group and very met me at the same time, but the initial board members were a couple gentleman named Eric one guy named Skyler and one guy named Bhavik. Schuyler left. Early on, he was still very close to the lock sport community but he left the board and I was voted on to the board in those early days but I was not one of the original founders. I have been very proud to keep it going for many years. I am still on the board. I am one of the only board members remaining from that era. But we have no shortage of interest and great support and volunteer staff so totally around long after I'm gone.


Vamosi:  The form of creation of villages at DEF CON. I remember one just because it had a working model of a water treatment plant model because you couldn't possibly bring the entire system into the grand ballroom of a Las Vegas hotel. Still, it was part of the industrial control systems or ICS village and episode 45. I spoke with one of the founders.

Van Norman: My name is Tom Van Norman. I'm the co-founder of ICS village.

Vamosi:  How did it come about? Seems to me that it was one of the first villages at DEF CON.

Van Norman: Yes. So I think we are going on our eighth year now. I have to look back and might be nine years now but we'll go we'll go with eight. So we were one of the first ones that came about, you know there. At that time, there was a few other ones. The wireless village has been around for quite some time. There is other ones such as the car hacking village and stuff but so the the API says village started several years ago at DEF CON to bring education awareness and exposure to industrial control systems technology security. It started because we we would go to conferences and where we read articles and you know magazines or newspapers or whatever. And people are talking about hacking control system tackling PLCs and what we quickly realize is they don't they've never touched to be able to say they have no idea what these control systems are how they work their security researchers, you know that that maybe the firmware or maybe they found a program or something somewhere. It's legitimate work, but it's pretty pretty obvious pretty quickly that people don't know what those controllers are what a PLC. is or what it controls. And so we decided to put together ICS village and around the world now. We do international events now and expose people to control systems to the technology to security. What happens or how these systems go together, why they do what they do, how they work, things of that nature.

Vamosi: So who is attracted to this village.

Van Norman: We get people all over from students and academia we get controls people that work on the control systems engineers and technicians who want to learn more about security. We get the InfoSec people that that were on enterprise systems. We get them that come because they want to learn more about ot security we also get the ICS security community that comes to understand more how things work and or different vendors, how they play in with everything. You know, the audience is pretty is pretty wide which is which is fantastic. We have some technicians all the way to upper management to senior leadership and companies that get involved.

Vamosi:  So I wonder what is the barrier to entry for someone who is interested in this? For example, I have a laptop and it runs Linux so I can get into network security. I can do those basic things. But if I want to do some ICS work, what do I need? How do I go about going to eBay and buying some equipment? How would that even look?

Van Norman: So the we get that question all the time. Where do I start? How do I start? You know you can go to eBay. You can buy the stuff the problem going to eBay and buying a controller is a now you need the software. A lot of times it's software is not free. You're not going to find the software. Normally you don't need base you have to go back and find where the distributors are, how to buy that software. A lot of it's spent all this preparatory so yet there's a learning curve with that. There's a huge cost and everything going to an ICS village event. We we expose you to all that we have trainers that that we bring running give a little USB with a with all the required software on it was kind of crazy because we're security conference and we're giving a USB with a with a Ubuntu VM runs on it. And people gladly take your computer and run it and you have to question that but there's they're so eager to learn it and to do it. And a lot of people you know have burner laptops at conferences anyway, so maybe you start worried about it. There's more and more colleges, colleges, universities and community colleges that are that have programs now. There's also so many virtual conferences. One of the things that came out of COVID is everybody's doing hybrid this year. I can't think of any that are completely but I guess it's probably a few totally virtual ones out there but hybrid conferences and a lot of the hybrid ones are are for free occasionally you'll find one that that are not but there's a there's quite a few that that that are for free. But But back to your back to your initial question there. eBay. Sure. This ramp up time note is pretty long. We find people all the time that hey, I bought this thing off of eBay. Can you help me set it up? I'd love to help you set that up. But it's going to take us six hours to set that thing up because we have to get the software we have to just spend on time so come to one of the ICS village events will expose you to all of that. We're gonna be bringing our trainers around now to different different events this year. interact with it. And, you know, go go from there.

Vamosi: One of the things about the village is that you have physical models,

Van Norman: That display that you're referencing. We we we take that globally. We had that before the world shut down a couple of years ago we had that in Kuwait. So we went from Pennsylvania where it's where we had at the time only to Kuwait and back. But that goes to a lot of our conferences. We aren't working on some smaller kits where we don't have to ship that large one but the the nice thing about that is it shows people how the control systems go together how the process actually works. You know mentioned Process Automation before we're and we do have Level Transmitters and three phase pumps and variable frequency drives and how there's systems all work with one another. We have vendors, different vendors in there from you know Phoenix Contact Allen Bradley to Siemens, to Schneider draggers and clarity and zoning as the list goes on and on with the different technologies we show, how they all come together, how they work, why they're important, why some of them aren't that important. That's also another important thing to know, debunk some of the myths that are out there. Some of them some of the marketing stuff, certainly not to throw shade on anybody, but maybe you don't really need all of those things that are being sold.


Vamosi:  So, the villages are getting more and more ambitious from locks which you can hold in your hand to water treatment plants which are too large and therefore have to be modeled. But what about something in between something like a car in 2016 I took a two day car hacking training session at BlackHat USA. And this was one year after the Jeep Cherokee remote hack. In that case, rather than just reporting on the vulnerability, the researchers had some fun they actually had a reporter in the driver's seat on a Missouri interstate during rush hour, and they captured that video on how the researchers remotely turned off the brake system on that car. That video led Fiat Chrysler Automobiles to initiate one of the largest automobile recalls in US history, and rightly so disabling the brakes on a moving vehicle is dangerous to the driver and to other drivers on the road. But the remote vehicle hacks are rare for a number of reasons. And in Episode 27 I spoke with someone who knows car systems both inside and out.

Leale:   I'm obviously infamous and well known in some circles that's Robert

Vamosi:  That’s Robert Leale, my car hacking instructor at BlackHat. He's from CAN bus hack, and he's also the founder of the annual car hacking village at DEF CON

Leale:   I've been working with and in the automotive industry. I live in the Detroit metro area,

Vamosi:  and he's been working with the automotive industry for years as a consultant and a hacker.

Leale:   I mean it's a love hate relationship as you can imagine it and we do we do work with them. Right that's what's interesting like we work with them because they have reasons and needs for companies to interact with their systems to test them, et cetera. But at the same time, you know, it's still a political battle as well. You know, you know, manufacturers aren't just one person, like, like big companies aren't one person. And that's the thing that I've learned over the years. Like you could be one person who hates me, doesn't want to talk talk to to Robert, but at the same time and that same organization, there may be a group of 10 people who were like, Hey, let's hire him because he knows he's the best guy for the job. Right? So. So it's just sort of a it's, it's, it's it's a mixed emotion kind of thing.

Vamosi:  Robert and his team returned to DEF CON 29 This year in Las Vegas. This interview was actually recorded just before that event 

Leale:   Tell him to go back in time and go to DEF CON. You know, for the most part we're really excited. We we've worked really hard on you know, having a safe environment for for our CTF and we hope that people join us. We were trying to make sure we still maintain social distancing at our CTF and and in vehicles. We're trying to be as remote as possible so they don't have to actually go and connect and sit in vehicles themselves. So we're really working hard to make sure that that happens. And you know, obviously every DEF CON is requiring masks so you know if you if you're vaccinated and you feel feel like this is a good fit for you Come join the car hacking village and our CTF and we're really excited to have in person event or this will be my first in person con since you know since March of 2020. So I'm really looking forward to it.

Vamosi:  2019 was last time I was at DEF CON and I remember there were a lot of activities going on in the car hacking village. For example. There were cars to hack there were talks there was even a capture the flag event.

Leale:   For the most part we like we have a CTF. We started in year two of the car hacking village we started a CTF and from that it was super successful. We had a lot of teams joining it's a really great way to for people to just start into like car hacking. So this year we're gonna have to two individual CTS because we're hybrid and so we wanted to make sure there was one virtual for for for people who couldn't attend or just aren't able to for various reasons attend DEF CON in person. So we'll have a we'll have a virtual CTF and they will also have an in person win we're gonna keep them a little bit separate because we want to we want to make it still fun and games for the people who are who are there in person. And that the thing is we give away prizes, and we can't really some of the prizes are pretty big. They're hard to nail so we can't really give them away in any other way but in person anyway. So we just figured let's just have a person one.

Vamosi:  So the goal is not necessarily to hack vehicles, and I mean disable the vehicles with some sort of catastrophic new exploit, but rather to familiarize people with the general concepts of hacking.

Leale:   So our goal here is to just have a general interest meet and make a community out of it right not necessarily not necessarily to to talk about exploits or really even get to that level because for the most part like to get an exploit on a vehicle is a significant challenge, right? Like any exploit in the world doesn't matter if it's a car or a PC takes research and understanding. And so you can't have an exploit. You can't get into that field until you start understanding what a canvas is or what attack surfaces are. And so that's really our main goal is to just through gamification of CTF and other events there to have people interact with vehicle hardware that they are might be afraid to do otherwise on their own vehicle.

Vamosi: Yes that. Do you hack your own vehicle, which has considerable value to you? Or do you need to go out and buy a vehicle just for the purpose of hacking?

Leale:   The number one thing like sort of restraint that I get from people when they want to get into car hacking as well. They may have a car but they don't want to hack their own car they like they're afraid that they're going to hurt their own car. 

Vamosi:  Okay, I feel there needs to be a disclaimer here to hack your own car at your own risk. I do not personally recommend this. There are tools that you can buy that can adequately emulate a car's system.

Leale:   I mean, I to some extent I get that you know, especially when you're new you don't want to like hurt your own car. But you probably won't like they don't make these cars in such a way that they're going to break so quickly and so easily. You really have to intentionally do something to your car before it really, really stops working and and what's great about like if you mess up your computer or some software on your computer, what do you do? You turn it off and back on again. Well, same thing happens with cars. You take the battery off to put the battery back on. They're usually back to normal. In my you know 1011 Oh man even more than that 2012 1415 years now. It's like actually doing vehicle like hacking. I have only ever accidentally made a one vehicle network and it was always a possibility when I was doing I do when I launched the attack I was like this is a possibility that that I could accidentally make this thing that work anymore and that was just happened once you know what I mean. So it wasn't it wasn't the worst thing that ever happened


Vamosi:  There was that Jeep Cherokee hack. There was also a hack of the internal Wi Fi network of a commercial airplane. In flight. The details of these two hacks are far more nuanced, of course, but both lit up the media with concerns about cars randomly driving off the road and airplanes under the control of a rogue passenger. That fear, uncertainty and doubt led to the creation of yet another village at DEF CON, the aerospace village and then episode 42. I spoke with some of its leaders.

Luczynski: My name is Steve Luczynski and I am the board chairman for the Aerospace Village.

Vamosi:  Before we get too far, one might ask if you're gonna go through the process of creating a village. Why not create a whole conference around the topic of aerospace instead?

Luczynski: Yeah, it's it's certainly easier to be a village than to put on an entire conference and especially I know the villages from DEF CON. So being able to be a part of a massive event with the audience that that's who we want to engage that so we want to help. Being a part of DEF CON and being invited into the villages is what's it's such a good experience. I think the easiest way to describe it and in talking to different folks who are not familiar with DEF CON, any conference has presentations. You have your keynote, you have your you can do a specialization track of different talks and they try to have names and things of that nature. And DEF CON is the same way. But what DEF CON has done is they've had groups of people who come together that want to focus on a particular topic. Things like industrial control systems, car hacking, and things of that nature biohacking medical devices. And so the ability to find folks who are interested in aviation related computer systems and how do you make them secure space systems and how do you make them secure and just the fact that those are hard to get too hard to access? So to get like minded folks coming together to get exposure for other folks to go, Hey, what's going on over there? I want to learn more about that and they didn't know they were like minded till they started seeing and talking and that's the beauty of that village concept that as I've seen it and my few years of going to DEF CON and then being a part of the the aerospace village and getting to contribute to all 

Vamosi:  DEF CON is celebrating its 30th year this year with villages that are relatively new. So how did the aerospace village get started?

Luczynski: I wish it was something as good as that as the you know all good ideas on the back of a cocktail napkin type of story but I don't think it's too far from it. I spoke with one of the guys that was fundamental to the village starting Bo Woods who has been on your podcast before and I think folks who know DEF CON and the hacker community probably know him very well. And beyond the hacker community in the policy side of things, his Think Tank work, lose a tremendous asset, wealth of knowledge and things like that. And so I was asking him what are the things that led up to what I started seeing and what was going on. And so some of the things because of those work on nonprofit side. Again, all all around the InfoSec community. But looking at these different villages and if you remember to 2014 Around that time before that or so, car hacking was starting to be in the news, people were talking about it. And Bo told me he's like, Yeah, I had conversations with folks at the Aviation ISAC. They focus on security in that community. And they there was interest in the fact of these. These are issues that we need to address the inability or the reluctance to talk across communities or the private sector with government government with private sector. i There's that's ongoing and always there but the private sector in the cybersecurity community getting the security researchers and there wasn't a whole lot of trust there. A lot of people didn't know each other and there wasn't always trust because of some of the claims that were coming out in the way that it was being presented in the media. That just made things difficult.

Vamosi:  As a longtime InfoSec reporter, I know it's sometimes hard to cover the issues as they are. There's so much hype, but I will say some of us really do. Take the time to talk to the experts and some of us really do. Try to understand what's what. And often Yeah, it's not quite as sexy as your editor might want it to be. Often though, the truth is a lot more cool.

Luczynski: So there was interest in doing these things. conversations he had like I mentioned on the private sector side with folks that worked at the Department of Homeland Security. Before scissor was an actual agency, its predecessor, and there was interest in doing these things. But the struggle was how do you do these things and how do you bring these folks together? And I remember what really struck me, you know, not knowing that was going on, but as an Air Force pilot. I my last three years in the Air Force were at the Pentagon, and I had the opportunity because of where I were working on cyber policy plans and operations specifically. I got to go to DEF CON. And man what a great experience. That was DEF CON 22 back in 2014. But one of the panels, one of the talks that I went to was specifically I remember it was a there was a I can't remember the guy's role. I think he was a citizen. The woman talking I think she was a chief pilot at one of the airlines. But the discussion was, hey, there's these stories in the media. Here's the reality of how airplanes work, how the systems are connected, and whether or not they can really be hacked the way the claims are made. So it was very good for me from a flying background to hear it and having a little bit of a cybersecurity background hearing it and then the discussion that went with that because of what was going on at the time.

Vamosi:  Given the size of airplanes, you might be thinking that the aerospace village is in a Grand Ballroom full of equipment, or an airplane hangar, but in reality, it's pretty small. I asked Steve to give me a walkthrough of what the village looked like back in 2019 and what it might look like in the future.

Luczynski: The conference space we are one small part of it with the other village but the area that we had in 2019 for example. I'd say like think of an Olympic sized swimming pool worth of floor space, where off on one end We had an F 35 simulator that the Air Force brought in for us we have some tables and things for folks to hang out. We had a video feed showing a bug bounty effort that was being done on the FFT maintenance system. It wasn't in the same venue. We didn't have room for it, but it was the folks who were running that from Sinag the defense Digital Service who were bringing that in and talking about what these folks were doing next to that we had a virtual reality training that the Air Force uses for pilot training. And so just getting to see that that some of those that the simulator in the VR goggles were interest to bring people in not necessarily to hack on him. But it certainly drew a crowd. But we also had what looked like a it was a general aviation cockpit with the equipment on on just basic plywood. But what it was operating it has power to it. And the guy who built it Patrick Kiley, he worked for rapid seven and for that event, rapid seven because the his work had found found a vulnerability in Canvas and did a coordinated disclosure with DHS and he was able to be there with his equipment. Talk to folks coming up and show this is how it works. Here's the problem. And here's what it looks like when it isn't working correctly. So not only did you have the technically smart person who's talking about it, but there's the gear right there that you could touch and see and interact with and you'll get to learn what he was doing. In addition to that, and towards the other side of things. We had a display area where the cantenna that we mentioned before was on display had a small workshop. Our chief hacking Officer Jim Ross, he does some great work and he was showing folks how he built that antenna, how it works. And he had displayed the air traffic over the top of Las Vegas that that antenna could pick up and in that same area. We had a couple of tables set up and our pen test partners they're based in the UK they were there and they had pieces of aircraft equipment. It's not the latest and greatest cutting edge. They did not want to do anything like that, but it was simple equipment showing this is what it looks like. Here's what the inside looks like. Here are the protocols that are in there. The languages, the coding, the things in their work, that they know how this equipment works, that they can interact with folks and talk to them

Vamosi:  So think of the village then as a mini conference. It has presentations. It has its own activities, and the talks are pretty good

Luczynski: and then we were able to have a few talks in that area but also we had another that we shared for presentation. So we had a number of folks coming in talking across the range of aviation cybersecurity policy issues from a government perspective. Things that other folks had done from the hacking perspective, and being able to talk about those in a small audience of about 100 people at a time. So it was a good variety of things. And then Matt mentioned it before like what we did last year we had a hybrid both virtual and in person presence. at DEF CON. And in that sense because we built up a great partnership between the Air Force, Air Force Research Labs, defense, digital and the hackers that effort and bringing in folks who had a flat sat on the table showing how it works. Here's the actual device. Here are how things work on that. Our support from Boeing having an electronic flight bag, and talking about what this piece of equipment looks like and how it interacts and how pilots use it.

Vamosi:  So we've mentioned that these villages draw a subset of people from the larger conference, and some spend their entire time in the village, not even in the larger conference. So I'm wondering, who are the people who are drawn to the aerospace village? Are they hackers? Are they pilots? Are they both?

Mayes:  Yeah, my name is Matt Mays. And I'm the deputy director or Chief of Staff depending on on how you want to frame it.

Vamosi:  So what drew an experienced pilot like Matt, to the village

Mayes: all the different workshops and speakers we've had it really is just an impressive list of, of groups and people that we've had be a part of the village and you really, I'd like to say you could almost spend the entire conference just in our in our village. It really is impressive, just the wide range of activities. Available.

Vamosi:  Since these villages are many hacking conferences within the larger hacking conference. It makes sense that in addition to having the exhibits and having their own speakers, they would also have their own Capture the Flag competitions in the aerospace village is no different. 

Mayes: We've actually again sort of down the path of crawl, walk, run our CTFs have also run the gamut there from really just basic puzzles, all virtual, to the to the sort of the grand challenge of sorts, the hacker sat CTF where that had dedicated qualification rounds and then the finals were done at as part of DEF CON two years ago. And that hackers had to then took take place this last year and and so while the finals for Hex at two were not a part of DEF CON, their presence was there talking about a lot of the different challenges that were available in the puzzles and that all of the skills that needed to go into taking part in their CTF. So it very much was was there but yeah, there's, we have ETFs for all ranges of interests and abilities.

Vamosi:  Okay, so this is only four of the 34 villages expected to be at DEF CON 30 this year. And I'd like to thank Deviant, Robert, Tom, Steve, and Matt for sharing their experiences about DEF CON villages. As I said, there are many more villages, the girls hacking village, the voting machine hacking village, the IoT village, the bio hacking, and I'll have links to those in the show notes. If you've never been to DEF CON, I encourage you to go and try the villages. You will find people with like interests and you will find cool new things and you won't be disappointed. 

I have so many stories about hackers who are making a positive difference in the world. I don't want you to miss out. Let's keep this conversation going. DM me @RobertVamosi on Twitter, or join me on Discord you can find the deets at the

 For the Hacker Mind,  I remain a village unto myself, Robert Vamosi

Share this post

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem