When Xyston was founded in 2019 with a passion in cyber security for real offensive hacking, one of our main goals was to take the entire company to DEF CON. After becoming profitable in 2020, we knew the goal of taking our Xyston team to DEF CON was possible and circled the DEF CON date, but sadly it was canceled due to the global pandemic. In 2021 we were finally able to make our goal a reality by taking the company to Las Vegas for DEF CON 29.
Not only did we get a chance to visit Las Vegas but we were able to participate in all things that DEF CON had to offer. For those who may be unfamiliar with DEF CON, it is the largest hacking conference in the world. Each year almost 30,000 professionals and enthusiasts alike descend onto Las Vegas to attend the four-day conference. It has keynote speakers on a variety of topics related to the hacking industry. Aside from the speakers, there are also challenges and tournaments one can participate in to win some DEF CON swag and the rights to be named the champion among other elite hackers. There are hundreds of these tournaments & challenges throughout DEF CON. Most of the challenges/tournaments are called capture the flags, or CTF's for short. These CTF’S cover subjects such as car hacking, embedded internet of things (IoT), hardware, and even voting machines! If there is something electronic, chances are that it was at DEF CON and there would have been a CTF for it.
Apart from being in 115℉ dry heat, we had a great time at DEF CON 29. Some of the awesome presentation topics we attended includes, Phantom Attack: Evading System Call Monitoring fdk, Offensive Golang Bonanza: Writing Golang Malware, and New Class of DNS Vulns Affecting DNS-as-Service Platforms. Watching the presentations makes one aware of how big this industry is and how it is still just on the surface of where we need to be for our critical infrastructure in the United States. Apart from the talks, we were able to pick up some cool DEF CON 29 swag. Not only did we, Xyston learn a lot of new attack surfaces and techniques, but we built new relationships with some of the other attendees and even a speaker!
The theme at DEF CON 29 was “Can’t Stop the Signal'' and there was a lot of interaction one could participate in with the badge itself. The badge that was given to each attendee is an electronic chipset that is meant to be hacked and played with. Apart from the “Simon Says” game that a lot of attendees played with almost immediately after receiving the badge, one could connect the badge to other individuals attending DEF CON to get new unlocks/missions. Once you were able to connect with enough people and different badge types, you would start giving the signal to those who haven't unlocked it yet. Our team also used our tools and specialized techniques to start looking deeper into the badge to see how the device worked and see what we could do to it from a black hat hacker perspective.
Xyston is just starting out, but our mission is to bring the excitement and cutting edge swagger that DEF CON brings into the professional world. We see it happening in the commercial space, but the government is far behind the curve when it comes to hacking into our own systems for critical vulnerability hunting. That is one of our main missions, to bring the edgy DEF CON activities into the government space. P.S. We WILL be returning to DEF CON next year! We will see you there!
Comments