Hayden Schiff - defcon2023-04-18T01:42:37+00:00https://www.schiff.io/tag/defcon.htmlHayden SchiffDefcon preparation checklist2017-07-24T16:39:53+00:00https://www.schiff.io/blog/2017/07/24/defcon-checklist<p>I'm heading to my first Defcon on Wednesday, and naturally, I'm a little bit anxious about prepping my devices so as to not get pwned. The advice I've seen for this varies wildly – some people go all out and use a separate phone and laptop for the convention, while others simply turn off wi-fi and Bluetooth.</p>
<p>I'm thinking the best strategy for me is somewhere in the middle – make sure I'm locked down and have backups, but don't put myself through hell when the odds of anything bad happening are realistically low. I'm not a worthwhile target; anyone who would waste 0days on the likes of me is probably not smart enough to have found a 0day in the first place.</p>
<p>So, I'll be bringing my normal work laptop (MacBook Pro), my normal cell phone (HTC 10), and even my tablet (Asus ZenPad 3S 10 – probably won't be using this much besides on my flight though). Without further ado, here is the checklist I'll be following to prepare for Defcon:</p>
<h2 id="pre-con">Pre-con</h2>
<ul>
<li>Patch, patch, patch!
<ul>
<li>OS X system updates</li>
<li><code>brew update; brew upgrade</code></li>
<li>app updates</li>
<li>Android updates (if available)</li>
</ul>
</li>
<li>Backup everything.</li>
<li>Shut down local web/database servers.</li>
<li>Port scan myself with nmap – make sure I'm not running anything else.</li>
<li>Enable 1Password <a href="https://support.1password.com/travel-mode/">Travel Mode</a>.</li>
<li>Withdraw enough cash that I never have to use an ATM in Vegas.</li>
<li>Remove RFID cards from my wallet (namely my office badge).</li>
</ul>
<h2 id="during-the-con">During the con</h2>
<ul>
<li>Keep all unnecessary radios off (Wi-fi, Bluetooth, NFC, GPS).
<ul>
<li>Due to <a href="http://www.techrepublic.com/article/android-security-bulletin-july-2017-what-you-need-to-know/">BroadPwn</a>, I'm not gonna be using wi-fi at all on my Android devices (neither of them is up to the July update yet).</li>
</ul>
</li>
<li>In the con, only use direct-to-internet wi-fi. In the hotel, only use wired.</li>
<li>Always use VPN, and turn it on <em>before</em> connecting to wi-fi.</li>
<li>Leave laptop/tablet in the hotel safe unless I have a specific reason to bring them out.</li>
<li>Do not let any of my devices leave my vision.</li>
<li>Don't trust any device anyone gives me.
<ul>
<li>The last two are obvious, but I'm particularly keen on mentioning them now that <a href="https://samy.pl/poisontap/">PoisonTap</a> is a thing.</li>
</ul>
</li>
<li>Use <a href="http://syncstop.com/">USB condom</a> if using a public charging station.</li>
<li>Only communicate using <a href="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms">Signal</a> if possible.</li>
</ul>
<p>So that's my list. It might not be perfect, but I think it should be sufficient for me. What do you think? Am I too carefree, or even too paranoid? Did I miss anything crucial?</p>
<p>[<a href="https://www.reddit.com/r/Defcon/comments/6p9q32/i_made_a_security_prep_checklist_for_my_first/">discuss on /r/Defcon</a>]</p>