I'm Conor Patrick. Former {FTC OTRI, JHUAPL} intern. I support open source development. I do research for Secure Embedded Systems at Virginia Tech. You can follow me on Twitter.

My experience going to Defcon and SAC

15 August 2016

I just attended Defcon 24 in Las Vegas and went to SAC (Selected Areas in Cryptography) afterwards.


Defcon is a great conference that hosts around 15k people every year. People come to share their new research in infosec and exploits that they have developed over the past year. Some people come to partake in the various competitions like the badge puzzle. And of course there are the parties that various vendors and groups throw.

I got to LV a day early so I could attend the unoffical Defcon Shoot. It’s where a bunch of people bring guns to go shoot in the desert. I didn’t have anything to bring but most people are nice and let you shoot their weapons for the cost of ammo. I got to put 100 rounds through an M60:

The Villages

In addition to the official talk tracks put on by Defcon, there are the villages. The villages are separate groups that focus on more specific parts of security. Each village typically hosts their own set of talks or competitions.
To list the different Villages from this year:

I spent a lot of time in the Crypto and Privacy Village this year as they often have talks I’m interested in. I also learned a little bit about getting past tamper evident envelopes and tape at the Tamper Evident Village which was fun.

One of my friends went to the Bio Hacking Village and got an NFC chip inserted into his hand:

It’s supposed to last for life (or until you remove it surgically). We of course first programmed it with this link to pop up anyone’s phone that read his hand.

But my favorite part about Defcon is getting to meet new people and catch up with old friends.

I met the folks behind AND!XOR and learned about their creation of the Bender Badge:


I only went to like one or two of the talks. I think at a conference like this, most of the fun and memorable things will happen outside of the talks.

There was a Cyber Grand Challenge sponsored by DARPA. The challenge was to make the best automated computer system that would find and patch bugs in software. They had teams from different universities competing for millions of dollars. The competition was narrated and animated to give it an eSport feel. It was really cool, but ultimately it gets boring to watch computer programs run (really fast) despite all of the animations.

Then each night there are a lot of parties. Each is hosted by companies or other groups that are popular at Defcon. Some of the parties are awesome; but a lot of them I think are bad because it’s either really long lines or just a bunch of fellow nerds trying to dance.

The lines really put me off. If there’s a long wait then don’t bother waiting. There’s this norm where the hosts will keep the lines long even when there’s plenty of room inside. I guess it helps make the party seem better than what it really is.

I get that there isn’t enough room for everyone, but some groups I think do it better. For example, the Telephreak group held an invite only event for well known hackers and left open challenges that skillful people at the conference could solve. If you could solve it, then you could get an invite. Unfortunately I flew out of LV before the Telephreak party otherwise I would have tried to solve one of their challenges.

There’s so much going on at Defcon that you can’t possibly participate in everything. But it’s great and I’ll be going next year.

Selected Areas in Cryptography (SAC)

This was purely an academic conference that focuses on, well, selected areas in cryptography. The research group I work in at Virginia Tech did a lot of work in fault attacks and countermeasures. SAC had a special focus this year on fault attacks and side channel analysis. So we submitted a paper and I traveled to present it.

If you’re interested, check out my advisor’s post for an overview of our work.

This was my first time at an academic conference and my first time presenting at any conference. It was pretty laid back. There was around 100 attendees of people from around the world and about 30 speakers. I suppose that’s what to expect from small conferences.

It was an awesome experience for me to get to meet other researchers in the field and see people that are on papers I’ve previously studied. I got to meet other graduate students that know a lot about crypto.

It’s pretty motivating to come back from a conference so related to your research and meet like minded people. I feel like I think of a lot more ideas of things to work on coming back to the lab. As Francesco Regazzoni put, (paraphrasing), “For the students here, there’s one thing you should get from a conference like this, and that’s a big idea. By the end of this, you should feel like there’s a big problem you want be working on.”


SAC was held in St. Johns in Newfoundland, Canada. Fortunately the weather was still good and the area was really nice.

I hiked Signal Hill, which was the first place to receive a transcontinental wireless signal.

Signal Hill

The conference also hosted a Puffin and Whale watching tour. I never thought myself to be much of a whale watcher but this was actually really cool (even though we saw no whales). Turns out there’s this island of the coast that most of the Puffin race relies on to lay their eggs for various ecological reasons. And they were all there because it was the egg laying time of the year. It was surprising to see thousands of puffins all flying around you at once. We were told to not look up with our mouths open. Unfortunately my camera was dead and I couldn’t get a picture.

On the last day, me and a couple friends I met went to a small town called Quidi Vidi to try out the brewery there. They make a lager called Iceberg Beer from the water of melted icebergs. It was pretty good!

At the brewery, I think me and the other grad students stuck out – None of us were from Canada and most of the crowd was older. One lady even tried calling me out for not being old enough to drink (in good fun). All of the local were very nice. One local sat down with us and exchanged stories. He even offered to take us fishing!

There’s this tradition in Newfoundland for newcomers to drink a shot of Newfoundland Screech Rum and then kiss a cod. Some of the bars will let you honor this tradition but I forgot to ask. I did get a chance to drink the rum (which was good). Next time I go down I will try to kiss the cod.