Sign Up Login
Resource Center  >  Blog

Safety and Preparation for Hacker Summer Camp

July 24, 2022
Tanya Janca

Every August, hackers descend onto Las Vegas, Nevada to participate in #HackerSummerCamp, a combination of multiple cyber security/hacker events that occur simultaneously. There are several events, but the main ones you are likely to hear about are Black Hat, Def Con, B-Sides Las Vegas and the Diana Initiative. #HackerSummerCamp is just the affectionate nickname, it is not the official name.

Formally named or not, #HackerSummerCamp can provide security risks to you and your personal devices! In this article we will detail several ways you can protect yourself and your devices from the small minority of attendees at this event who behave unprofessionally by causing others issues during this annual event.

  • Do not connect to any WiFi with a device that you love. Bring a burner phone or laptop if you must connect while at/near the conference.
  • Use a VPN if you are going to connect for work, from your hotel. And use Cellular data if you can, instead of wifi. Do not connect to work from the conference WiFi. Do not connect to the conference WiFi unless you are using a burner or ghosted+backed-up device.
  • Make a backup of your laptop, then ghost it, attend Hacker Summer Camp, then ghost it again when you get home, then restore from your backup disk. This helped a lot when I received “the gift of malware” in 2016 at my first Def Con. Glad I prepared before I left home!
  • Turn off your Bluetooth and WiFi. Ensure they won’t turn themselves back on or do any scans in the background.
  • Use cellular, it’s safer.
  • Ensure that YOU are physically safe at all times. It’s best to not go to a party alone or with people you don’t know, but if you do, don’t get drunk/high/out of control.
  • Don’t accept drinks from strangers. Even if they are famous.
  • Don’t go back to someone’s hotel room unless you feel safe to do so, and preferably tell someone where you will be and don’t forget the room number when you say where you will be. Have someone check in with you after.
  • Exercise all the caution in the world when it comes to your physical safety, and then some more. Even if you have met someone before or feel like you know them very well from the internet, be careful; you are the most valuable thing you have.
  • Register for parties in advance to make sure you get a ticket. Getting tickets to thing last minute is a pain, and they often sell out.
  • Buy tickets to conferences in advance to make sure you get in.
  • If you have to do live demos I suggest recording them (I KNOW! Then they are not live). You can always ALSO do them live, but you have a back up just in case. That’s what I did and guess what? My laptop is fine AND my demo looked awesome!
  • If you go to Def Con, prepare to wait in line for at least 50% of the time you spend at the conference. Seriously. If you are an extrovert like me this can be fun, but if you are an introvert be prepared. #linecon
  • If you can network and make friends in advance of the event, it’s a good idea to do so. Attending in a group is always safer and usually more fun as well. If you can meet people who are part of a larger group, such as Diana Initiative, CyberJutsu, WoSEC, OWASP, etc. that can lead to even more fun (and safety).
  • If something happens, TELL SOMEONE. If a person has done something obviously inappropriate to you, they will (sadly) likely do it to even more people if you let them get away with it. Please report. For DEFCON there’s a hotline. And the people working there are super awesome and kind. They will help, regardless of the situation you’re in, regardless of the persons involved. You can even report anonymously over the hotline. Again: if something really bad happens please report.

Related Articles:

Related topics

Dynamic Application Security Testing (DAST) is a crucial component in fortifying web applications against potential vulnerabilities. By taking a proactive stance, DAST systematically detects and addresses security flaws.

See more

By mapping Dynamic Application Security Testing (DAST) to the Payment Card Industry Data Security Standard (PCI DSS) requirements, organizations can

See more

What Is Mobile Application Security Testing?  Mobile application security testing is the process of assessing, analyzing, and evaluating the security

See more

Test Your Web App for 10,000+ Attacks

See Our Dynamic Application Security Testing (DAST) in Action

  • Find & fix vulnerabilities fast
  • Zero false positives
  • Developer friendly

and see how easy AppSec can be

Test Your Web App for 10,000+ Attacks

Integrate vulnerability testing into your DevOps pipeline. Find & fix vulnerabilities fast with zero false positives.
See Our Dynamic Application Security Testing (DAST) in Action
Testing variance Using Legacy Dast Using Dev-Centric Dast
% of orgs knowingly pushing vulnerable apps & APIs to prod 86% 50%
Time to remediate >Med vulns in prod 280 days <150 days
% of > Med vulns detected in CI, or earlier <5% ~55%
Dev time spent remediating vulns - Up to 60x faster
Happiness level of Engineering & AppSec teams - Significantly improved
Average cost of Data Breach (US) $7.86M $7.86M