Tens of thousands of hacking and cybersecurity experts descending on Las Vegas for a long weekend of breaking into pretty much anything. A dream for our penetration testing team, but presumably a nightmare for the Wi-Fi provider.
The largest hacking convention in the world, Def Con, celebrated its thirtieth anniversary in August. We sent our four penetration testers to the convention for the first time to soak up the atmosphere and hone their skills.
The schedule was packed with presentations and workshops. However, unlike other hacking events, Def Con is unique in the sense that it is divided into “villages” that host a variety of events and contests dedicated to hacking. These villages are dedicated to a wide variety of things from reconnaissance to voting machines. Def Con styled it’s thirtieth anniversary as a ‘Homecoming’, as guests returned to the physical halls of Las Vegas, rather than attending online in the last two years, for obvious reasons.
“Especially for a small company like us, it’s a great way of showing that we don’t just want to be a box ticking exercise, we want to be the best we can be, so we can properly help people.”
The Def Con experience for our pen testers involved talks by cyber specialists, workshops to develop skills, and lots of queuing for each event. The workshops included practical skills like lock picking, which involved one of our testers being stuck in handcuffs for quite a while. There were also classes on hacking most things that move, namely planes, trains, automobiles and satellites. Car hacking involved both getting into a car by replicating key signals, and hacking into the dashboard once you have access. Two Tesla models were provided by the village for hackers to try out their skills on. Hacking planes is difficult to replicate exactly in a classroom environment, so instead there was a simulator of an Airbus that attendees were encouraged to break into.
Learning and practising these hacking skills might seem like encouraging wrongdoing, but for many of the Def Con participants, including the pen testers from OmniCyber, it’s the opposite. By developing these techniques and connecting with their contemporaries, they can better replicate a real attack on a network, and devise solutions to patch those holes in your cybersecurity.
Louie Augarde, our Lead Penetration Tester said: “It’s really important for us to keep up to date with cybersecurity, which is one of the fastest-growing industries in the world, so we can continue to provide a quality service for our customers.”
One of the most important talks for our testers was a discussion of a new technique to get through an important layer of security software known as Endpoint Detection Response (EDR). The method doesn’t just bypass the security, it switches it off completely, and as a result, or testers could now help you to protect your business from malicious uses of this particular technique.
Jack Button, Penetration Tester at OmniCyber Security said: “On the other side of cybersecurity, the more organised crews are being run like multi-million pound businesses, so it’s really important for us to go to somewhere like Def Con to keep pace with them and keep our customers safe.”
OmniCyber keeps right up to date to keep your security right up to date – Contact us to find out more about infrastructure penetration testing for your company or organisation.