Hey,

I am still in Vegas and DefCon 18 ended a few hours ago. I wanted to let you know how it went, from my  own point of view. As a note, DefCon 17 was my first DefCon last year.

Here is what I liked this year:

• Some presentations were so good (about 30%). You could tell when a presenter has been speaking at RSA, Schmoocon, BlackHat, etc. They are usually structured and entertaining.
• People are friendly and it is easy to start a conversation with pretty much everyone.
• Most hackers are real nerds. Next year, I propose a new challenge for the crowd: find the ugliest person. It would be pretty easy...

Here is what I didn't like:

• We were way to many for the Riviera Casino. Come on, already last year, we could barely moved in the hallway. This year, I missed 5 very, very interesting presentations because we were about a thousand waiting in the hallway!!! Everyone was very pissed about that...
• Because of the above problem, we didn't have enough time to go from the tracks 1,2,3 and 4 to track 5, which was separated from the others. 10 min wasn't enough.
• Compared to last year, a lot of presentations this weekend sucked: Bad speaker, no structure, taking about beer all the time, laughing at users, etc. I know it is DefCon and it is supposed to be "cool" and "underground", but there is a limit to human stupidity...
• We couldn't get "real food" around (but that I knew from last year) You get tired pretty quickly at eating hamburgers and cheap pizzas.
• People are so immature! I saw a guy getting drunk during his own presentation... Also, everyone is talking about "beer". They are between 30 and 45 years old and all they think is "I am going to have a beer tonight!". I was like that at 16... Come on, grow up!
• About 20% of the goons think they are super heros. Like anywhere else, put a t-shirt on a guy with the word "security" on it and look at his head getting bigger and bigger...

Bottom line, I paid my own airplane tickets (and it takes 10 hours, one way), paid the hotel, took 3 days off work to have about 5 good presentations of 50 minutes each. It cost me about $600/hour (I know I am pushing, butt still...).  I could have had 10 good presentations, but the rooms were full.

Next year, I will wait until the presentations are on the internet...

Check out Mystere

Yes, I would consider RSA, BlackHat or Schmoocon next time I feel like traveling...

But seriously, DefCon is becoming very big for the Riviera...

I agree with H1t M0nk3y. This year we were definitely to many for the Riviera. The entire space outside of track1-5 wasn't enough for the hundreds of people changing track and often the rooms were to small to handle everybody.

In addition, most of the people were just there to drink. I saw people with beers and alcohol in the hallway, in the contest room and in the speaker rooms. Probably, most of them were more interested in alcohol and strange haircuts than security stuff.

That said. I would like to suggest few presentations very interesting (from my point of view) and very well structured and entertaining.

• Mastering the Nmap Scripting Engine (very good speakers)
• Insecurity Engineering of Physical Security Systems (interesting stuff)
• Exploiting WebSphere Application Server's JSP Engine (very good speaker)
• pyREtic - In-memory Reverse Engineering for Obfuscated Python (interesting stuff)

Unfortunately, these are the only interesting presentations that I saw at Defcon 18 and I was wondering if you have some other presentations to suggest.

gnix

I'll add to the sentiment that there were too many people for the Riv.  DEFCON either needs a new location next year or it needs to pre-sell tickets and limit numbers (like ShmooCon).  Personally, I'm all for a new location.

So H1t M0nkey, I agreed with some of your picks and I didn't get to see the last two.  I wasn't very impressed with the Malware Freak Show.  Compared to many of the folks there, these guys were stellar presenters but the content was a little weak.  Of course, I may be biased since I work in mawlare all the time, but I thought it was lacking.

The Nmap scripting engine talk was good.  Hardware hacking for the software guys convinced me to put an Arduino board on my Christmas list.  The GSM talk was great.  I wanted to see the "Powershell: OMFG" talk, but couldn't get in the room.  I don't see those slides on the CD.  Does anyone know where they are posted?

The android rootkit talk was a little weak in that they basically described how they built a Linux rootkit.  The droid specific stuff took less than 10 minutes.

The most memorable talks by far were "How I met your girlfriend" where the speaker talked about merging web hacking with the real world and "My life as a spyware developer."  While the latter was a little light on tech, the guy presented well and it was well put together.