Yet Another Hacker Summercamp Survival Guide

You’ve seen it a hundred times. Someone’s recommendation on how to survive a security conference / hacker summer camp / DEF CON.

‘Bunny’, you may say, ‘why are you writing this? Haven’t we had enough?’

Dear reader, no we have not. Though you may have seen hundreds of these guides, it doesn’t stop dozens of folks from posting on [insert social media site of the day here] requesting advice. And why should they?

Though there may be a lot of guides, what people crave is anecdote and realism. You don’t want to hear this stuff from a company trying to sell you something, you want to hear it from someone who’s lived it or is otherwise passionate about it.

Why Your Guide?

Howdy. In case you got this scraped off of some other website in the future or it’s been archived without context, let me rehash some of what’s on my intro:

As of the time of this writing, I’ve been working in security for almost ten years and going to conferences like DEF CON, local (and not so local) BSides, and other friendly conferences that will have me for the same amount of time.

I’m not an expert in anything, and I want to be the first to tell you that. In fact, I take pride in it – when one becomes an expert in something, they tend to lose the beginner’s mindset and fail to understand a beginner perspective, making it much harder to teach. The best way that I know to make the world a better place is to help teach others and pass along lessons learned so others won’t make the same mistakes.

In this guide, I’ll be talking about some of the most wonderful and awful things about cons. There will be stories, blunders, embarrassment, and admiration. At the bottom will be a TL;DR for those who don’t care much for blabbing.

It is my wish that you get something (anything, really!) out of this and that it can help our community flourish and enjoy the conference.

Getting There

Traveling to Vegas isn’t too bad, I promise. I’ve done it in almost every mode of transport besides horse and hitchhiking. But I have blundered regardless:

Vegas is HOT, and it’s only getting hotter. If you choose to drive from a nearby state or city, be aware that your 90s-era hatchback is about to suffer and you’ll probably experience the effects of heat delirium.

Don’t be like me and think that your rotting vehicle will comfortably hold your half-dozen broke college friends for a 6 hour ride without issue. Or at least if you choose to go that route, don’t take it down the center of Las Vegas Boulevard and pop your cracked transmission seals, experiencing the fiery hatred of all of Sin City.

This being said, for roadtrippers: stock up at a gas station early and often, there are many long stretches into Nevada. Cool down your PoS car regularly. There are several stretches of steep hills and windy deserts that will take a toll on your car – turn off the A/C in these areas or you will break down.

For any cons outside of God’s hot car, check the weather before you go. Consider it in everything you pack and plan.
For those coming by plane, you have a lot less to worry about, but you’re not immune. Past adventurers like yourselves have experienced some difficulties with TSA, typically over the following:
- Physical access tools, like lockpicks (but especially practice cylinders – I’ve gotten stopped for these repeatedly), door hooks, or handcuffs. They may say ‘allowed’ on the official TSA site, but if you’re carrying these you may want to allow extra time for security.
- Anything in a hardshell case.
- Multiple laptops or devices in the same bag.
- Antennas. I’ve carried through Baofengs and SDRs before with no problem, but the antennas got a second look. Why? I have no earthly clue.
- Keyports. As a popular key sorting solution, you’d think that TSA would easily recognize these little guys. They do not.
- Soldering irons. I’ve been told on two separate occasions at two different airports that they’re not allowed, and was given a wave-through anyways. According to the TSA site, they are allowed, but you’ll still probably get stopped if they’re not the tiny compact ones.
Bring something for rain and some closed-toed shoes. Vegas experiences some really awful monsoons. Please, for the love of all that is good and holy, DO NOT INNERTUBE IN LAS VEGAS MONSOON WATER. That’s disgusting.
Hotels are expensive no matter where you are on strip. Take it from me: Get one of the con hotels or something close to it. Your legs are gonna hurt regardless, and no matter how hard you try, you will absolutely forget your con badge in your room at least once. (The below is from a stay at Planet Hollywood while DEF CON was in Caesars Forum)

Keeping the Flesh Prison Happy

Stop acting like your body doesn’t exist. I know, hyperfixation and excitement and blah blah blah. You only have this body and we haven’t made artificial livers user installable yet. Take care of your body, please.

For years, when I went to a conference, I’d launch myself out of bed early and keep going until I passed out. For weeks after getting home, I’d be half zombified and unable to maintain a human conversation. I forgot to eat, barely slept, and wore nothing but ragged hacker shirts and cargo shorts.

Look, I’m not your mother. But please allocate one hour each morning to cleaning yourself up, eating something, packing enough water and snacks, and checking your mental health. At night, it’ll be harder to take care of yourself with so many parties and no set ‘end time’ for activities. Designate a trusted friend or group to help make sure you get back to your hotel room and keep you safe.

Food:
Some people are able to pony up a little more cash or room with others in a hotel that has kitchenettes. If you can do this, I highly recommend it – making food in bulk or cooking basic meals will save you a stupid amount of money. Order groceries or pick them up.

If you find someone cool, it’s awesome to have the ability to feed them a $5 meal and save them from a $30 burger and fries. I’ve got a wholesale club membership, and picking up cases of snacks and meal supplements will also allow you to experience more of the con without hiking to an expensive restaurant nearby.

Water:
Keep a water bottle with you at all times. Drink water before you get thirsty, hiking rules apply here. I find folding water bottles are really useful for saving space and ensuring that I don’t piss off airport security. Conference centers will tend to have potable water in fountains.

Sleep:
Sleep when you can. Get a few hours at least – you’ll hear the ‘3 2 1 Rule’ often, indicating that you should get at least 3 hours of sleep, 2 meals, and 1 shower. Listen to your body and do more than this if you can, this is an absolute minimum.

General Hygiene:
We’re already slammed into a hot location with minimal air circulation. Please wash yourself.

Mental Health

If you’re familiar with conferences already, you might remember how stressful your first one was. If not, take this as a warning: you can not do everything. Please don’t try to. Your planning should be minimal: familiarize yourself with the events going on, but only pick one that you absolutely want to attend/participate in. Everything else is optional.

For those who are neurodivergent, this will be a massive sensory overload. Carry your favorite sensory items and familiarize yourself with resources/spaces like Mental Health Hackers.

By the second day, the average new con-goer will start experiencing a breakdown. Having so many things and people around you will be overwhelming, whether you are neurospicy or not. Be kind to yourself, lean on a friend/mentor, dive into a bathroom, and breathe.

Privacy and Security

This is the most common question I get from new con-goers. “How do I keep my devices secure? Should I carry a burner? What do I need to stay safe?”

There are many right answers to this, but these are my personal recommendations:

You do not need a burner. For several years, I was very paranoid and carried a burner laptop and phone. While I don’t recommend foregoing your own comfort (carry a burner if it makes you feel better), turning off radios on your devices will do enough in many cases.
Don’t use cellular, connect to strange wireless networks (you don’t know where that’s been!), or use Bluetooth devices unnecessarily if you don’t know how they work or why their security can be iffy.

Most conferences will have a (mostly) secure network to work off of. As with anything else, you shouldn’t put your trust in it entirely, but it’s nice to have.
If you have a job, DON’T BRING YOUR WORK DEVICES OR ANY DEVICES WITH WORK MATERIALS ON THEM. I can’t overstate this enough – this is the number one way to get your ass fired. Even if you don’t cause a breach or security incident, it is still a risky environment.

This has happened before, and it has not been pretty. Friends have gone to con and come home without a job.
Never leave your stuff alone. Be the turtle you are and carry your backpack with you. Unattended phones will get goon selfies, unattended laptops will be fucked with. The people here are nice but they are mischievous and it only takes one asshole to disappear all your gear.
Use an end-to-end encrypted chat – my favorite is Signal. Most of the folks you’ll meet at cons use one, and the people behind Signal are wonderful.
Maintain the level of privacy that is comfortable for you, but be cautious with your data. Don’t do your online banking near the con. Learn more about the security of the websites you’re accessing or applications you’re using if you can. Risk appetite is a personal thing and I can’t tell you how much you’re willing to accept.

If you wanna scare yourself and learn more about network traffic, visit the Wall of Sheep in the Packet Hacking Village.

Equipment, Devices, and Everyday Carry

Though up to preference, these items are nice to have:

Cash. Most vendors either prefer or only accept cash, and it’s a whole lot harder to track 🙂
Water and snacks. You don’t wanna have to run out somewhere because you’re starving or burning to a crisp. I’ve half fainted on the con floor before because my blood pressure dropped to zero – it’s easy to lose track of when you last ate when you’re in a CTF.
UV mitigation, like a hat, sunglasses, sunscreen, after sun lotion. Even a few minutes in the sun will burn you, fellow computer goblin.
Really good walking shoes. Have you ever walked in stilettos anywhere in Vegas? I have, and I don’t recommend it. Your feet will look like a mess.
An extremely comfortable backpack – I recommend Osprey bags. More expensive upfront, lifetime warranty, highly water resistant and ergonomic.
A notebook and several writing implements
A spare charger for your phone, laptop, etc.
Lockpicks
Stickers. Got any favorite designs? Leave em on any available table, hand them to people in the hallway. Everyone loves stickers.
Tech goodies:
- A trustworthy laptop. Too many times have I brought a burner that I spiffied up just before con only to find that I screwed something up and no longer have an effective machine. Similarly, make sure you have a hub or ports for all the equipment you’re carrying.
- A live USB with your choice of burnable operating system. Kali Linux is an obvious choice, but some people prefer Parrot OS, Windows, or if you’re feeling particularly spicy, Pentoo.
- A big fat battery. I recommend the Halo Bolt, which will also charge your laptop, power a transciever, or start your car. It’s just really damn good.
- A spare WiFi card. Useful for wireless testing so you don’t sacrifice your internet connection to monitor mode.
- An SDR. If you don’t have one yet, HackerWarehouse carries a bunch and is in the vendor hall. My personal favorite is the HackRF One, but the RTL-SDR works great if you’re low on cash. Don’t worry if you don’t know how to use it yet – you’ll have tons of fun just kicking around with it on GQRX.
- A handheld radio to listen in on. The Baofeng UV-5R is a popular choice. You can even get your amateur radio license at the Ham Radio Village if you want to join in on the conversation! But if you’re not licensed, you can’t transmit.
- A Flipper Zero. This little device is an awesome entry to tons of handheld hackable activities, much to the chagrin of the average North American government.
The conference program. It will help you figure out what to do next.

Con Etiquette and People

We’ve talked a little about being polite via hygiene, now let’s talk about the most important part of a security/tech conference: the people. While all of the shiny things are well and good, the people are the whole reason for this entire thing.

Over the past 5 years, I’ve found myself getting involuntarily adopted by first timers as a psuedo-nerdherder. Of these first timers, few come back, and it makes me kinda sad even though I know that most find their calling elsewhere or just aren’t a fan of the vibe.

That being said, you’ll find people milling about that have been doing this for decades. They don’t look how you expect, and they don’t act like it, either. The most incredible and experienced people in this group are humble, excited to learn, and hunt for new puzzles like their lives depend on it. By lending them your ear, you can learn amazing things that you never thought you’d learn.

My favorite part of conferences is hearing stories, learning new things together, and spending time with my favorite people. By this time, I’ve met folks from all across the globe with a rainbow of backgrounds and perspectives. All of them are valuable and wonderful.

When you speak with folks, hop right in! Most people at security cons don’t follow standard social etiquette and are just excited to talk about their favorite topics. Here’s some pointers on striking a conversation and getting the most out of your people time:

Be prepared to get swept up in the moment. If someone invites you to something cool and you get good vibes from them, they may be your new best friend. Go for it.
Linecon is great. Look at the people ahead of and behind you in line, ask them what they’re excited about for the con. I’ve waited in line for 6 hours for the merch line before (like a fool) but met some really fun people while waiting. It made the time melt away.
If you feel awkward, you’re in good company. We all are.
As with all things, pay attention to consent. Taking photos without the express consent of everyone in the shot is a big no-no. Touching or acting in a way that infringes on someone else is always a faux pas outside of conferences, and it’s the same way within them.
The greatest and brightest minds of this century surround us. Stay humble.
The parties are insanely cool, but be conscious of your surroundings. Parties in a suite are still surrounded by other rooms. If you get too rowdy in the hallway or flood a tiny room, you might get your favorite party cancelled.
Don’t screw with the con hotel or venue. We’d like to come back – as tempting as it is to sticker the hell out of every surface or put googly eyes on everything, keep in mind that the organizers suffer for it and have to pay exorbitant cleaning fees. That means next year will be more expensive and the hotel might not accept us back.
The goons are here to help, but that doesn’t mean they’re not gonna subject you to shenanigans. If it is a serious issue, though, they are extremely reliable and will not hesitate to jump to your aid.

Other than that, find your folks. If a particular thing interests you, nerd out and chat about it in a village. Join Discord groups on subjects or for villages that interest you.

Burnout, Con Drop, and What Comes After

This one is always really hard to talk about. What goes up must come down, and the greatest highs can result in crushing lows. Frequently, security folk experience burnout. This can result from getting fed up of chaos or drama, oversaturation, or general stress. Burnout happens, and it sucks.

Similarly, there’s a phenomenon known as ‘con drop’. This is the equivalent of a big event/conference related burnout. After flying home from your big crazy event, coming home, sitting down at your desk, and realizing that you can’t be wrapped up in that insanity all the time (or that it may be the only time you see certain friends), lots of people find that they experience a bout of depression or loneliness.

In years past, I’ve come home excited to mess around with my newest project discovered from a conference, only to feel inadequate or like I have a mountain of new things to do/learn before I can get to it. It’s okay to lose momentum for a little while and take a break, and in fact, it’s important to keep from burning out.

If you need to take a break, do it. Save your thoughts and ideas in a notebook – they’re not going anywhere. Your mental health is more important than anything else.

Wait, What Do I Do?!

Note that I didn’t say what you should do exactly, only offered suggestions. Each one of us is unique and has entirely different interests – as hard as I can push amateur radio or the radio frequency CTF, only some people will be interested.

So instead of evangelizing on antennas or specific events, I recommend doing what sounds cool. Building a rigid schedule based off of someone else’s interest isn’t gonna spark joy in your heart. You do you.

TL;DR:

For the short attention spans among us:

Consider the weather and safety restrictions in place when traveling. Pack for the temperature.
Take care of your body first and foremost or you won’t remember any of this. Make time to eat, sleep, hydrate, and listen to your thoughts.
Don’t try to do everything. Pick one thing a day that you must do, consider everything else a happy bonus.
Don’t bring your work devices, just be cautious when at con. Burners aren’t necessary but you can bring one if you like.
Come up with a decent daily carry ahead of con, eliminate anything that’s too heavy and will break your back.
The people are incredible. Listen and nerd out, don’t get pompous.
Prepare for a drop after.

killrbunn3