- This Week on Absolute AppSec
- Posts
- Episode #254
Episode #254
Pre-Planning for Hacker Summer Camp
This week on Episode #254 of Absolute AppSec, Seth (@sethlaw) and Ken (@cktricky) return off the normal to make sure everyone is prepped for all things Hacker Summer Camp. As regular visitors to Las Vegas since the early days for Blackhat, BSidesLV, and DEF CON, the duo share their experience, tips, and recommendations for making the most of the security expositions in the desert. The full episode with video is found at: https://youtube.com/live/3ZQKXi8CXiQ
For newcomers in the industry, Hacker Summer Camp is a colloquial term for the series of security conferences that run for a week during the heat of the summer. These include Diana Initiative (https://www.dianainitiative.org/), BSides Las Vegas (https://bsideslv.org/), Blackhat USA (https://blackhat.com/us-24/) and DEF CON (https://defcon.org/html/defcon-32/dc-32-index.html). Each of these conferences are targeted at slightly different audiences, but taken together they represent a great opportunity for anyone interested in security, either as a career or hobby, to network and learn about different aspects. Plan out your schedule by perusing the full list of talks, villages, and events through HackerTracker (https://hackertracker.app/).
"Planning ahead and having backup plans for attending talks and events is essential."
Special for podcast listeners and newsletter subscribers, the penultimate event will be at the Linq High Roller on Friday, August 9 during DEF CON. Attendees will get a memorable view of the strip and the opportunity talk application security with other Absolute AppSec members and guests. Reach out to Seth or Ken via DM, email, or your preferred communication method for a registration link.
"DEFCON provides a unique opportunity for security professionals to immerse themselves in hacker culture."
In general, spending a week in Las Vegas can be draining, especially if you don’t prepare mentally and physically. There are multiple guides for DEF CON available via reddit or other avenues. Seth and Ken spend the episode summarizing their experience and tips for the time, focusing on DEF CON. DEF CON can be overwhelming and is best summarized as 30 security conferences under one roof. Each associated village runs its own events, including talks, workshops, and contests in addition to the official DEF CON events. Attend villages to explore specific security topics in depth, but remember there is more to see and do. Remember that village talks are typically not recorded, whereas main stage talks can be viewed at a later date on Youtube.
"Networking and meeting new people is a significant part of the DEF CON experience."
One of the main reasons we all put up with Vegas during the middle of the summer is the ability to see other industry friends, partners, researchers, and hackers. The Hallway-Con at any of the larger Hacker Summer Camp events facilitates impromptu meetings and discussions among attendees. Don’t be afraid to speak up, ask questions, and enjoy it! If you have further questions or want to make plans with anyone in the community, join us on Slack. And represent the podcast during the event by grabbing a new t-shirt or hat at merch.absoluteappsec.com.
This episode was sponsored by DryRun Security. DryRun Security delivers near-instant security code reviews and feels as if you’ve just hired a team of the best AppSec code reviewers. It gathers security context in just seconds after a developer makes a change. From that gathered context, the company’s proprietary code review process interrogates each code change based on behaviors, not just static patterns. Try it free for yourself at https://dryrun.security.
Stay Secure,
Seth & Ken
https://youtube.com/live/KMf_N1yKmAg - Episode #215 - Learning Machine Learning, DEF CON 31 Recap.
https://youtu.be/ATZMidTB6tw - Episode #68 - Jerry Gamblin gives a recap of DEF CON 27.
https://youtu.be/S2SQfewMtIY - Episode #143 - Stefan Edwards and company during DEF CON, a recap of Trail of Bits Kubernetes review.
Absolute AppSec Happenings
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/ - Trail of Bits does an audit of Homebrew, sharing the results with the community. Always interesting to see what code review can tell us about core components for any operating system.
https://www.calcalistech.com/ctechnews/article/b1a1jn00hc- Follow up on recent articles and discussions about CISOs that promote and buy products from startups to increase their value. This article argues somewhat for the Gili Ra’anan model that leads to successful startups.
https://twitter.com/mattjay/status/1818407893416218752 - Have to laugh so we don’t cry (re: Crowdstrike). Very apropos given our collective experience. We hope everyone has recovered.