How do I "not get hacked" at security conferences like Defcon and Blackhat?

Hacker Summer Camp is coming up soon, and there have been some great conversations (ty @zombiehacker) and questions both in IRC and in the Bugcrowd offices about the current state of personal infosec in Vegas this year (and indeed, at any other security conference or otherwise hostile network environment).

What are your tricks and tips for running a gauntlet without getting pwned? (and keep in mind, the more difficult you make something for yourself, the more likely you are to say “oh, screw it” at some point and workaround your controls in a way that might actually be less secure. Usability counts.

My approach is basic infosec 101, with a dash of healthy paranoia plus a bit of compartmentalization for if anything fails.

What’s yours?

Defcon is around the corner and I am unsure how secure most people are. Do most use burner phones and laptops they only use at conferences? I know of a couple who do. Would using a virtual machine be good enough? I have an old laptop, but it only keeps a half hour charge when not connected and weighs 8 lbs or so.

I’d appreciate feedback on this.

I have a computer, I won’t call it disposable but let’s say it’s better for travel. i don’t take my personal computer out at all. I don’t even take my business laptop. Too much at risk, but I am super cautious.

I have one as well, but it only has a 30 minute charge when not plugged in and isn’t lightweight. I’ll be using a vpn on phone and pc for sure. A VM might be useful.

These are some good tips that I have thought about:

  1. Always have a trusted VPN in your hand for all your internet usage.
  2. Try your best to minimize your personal internet usage, (Just use internet when it’s necessary).
    3)Physical security is important: Do not bring many devices to conferences, it would be stolen if you lose your focus on it.
  3. in case you brought devices, try your best to not have important or personal data.
  4. Keep wifi, Bluetooth, NFC, etc… off when possible.

Also, you don’t bring your real debit or credit cards. You use pre-fill cards, that’s it. Oh, of course use your faraday wallet.

That’s crazy! I would just carry cash.

My 3 Tips: for Defcon, Blackhat, etc:

  1. If you dont drink a lot at home dont drink a lot in Vegas.
  2. If you dont work for a company dont wear their shirt (atleast in vegas).
  3. Go somewhere for a nice dinner and dont make a vendor pay for it.

Bonus Tip:
There are 30,000 people in Vegas who do what you do for a living. Make a friend… not everyone is trying to social engineer you.


Have a look at

It’s a very good checklist, and most is not Congress specific.

1 Like

I like 1 and 3. I’d agree with 2 if our swag t-shirt wasn’t so badass this year… :slight_smile:

1 Like

I expanded on my short list and turned it into a mini-blog post.

Surviving and Thriving at Blackhat

1 Like