After receiving an invitation I couldn't refuse I recently spent a week in Las Vegas with the BBC covering the most notorious week in the InfoSec calendar. 7 days packed with BlackHat, BSides Las Vegas and the notorious DEF CON.
The Trip
Things got off to a rocky start the evening before I was due to fly when British Airways sent me a message to say they'd cancelled my flight to Las Vegas! I got immediately on the phone to re-arrange travel it was looking like things were going to be a pain, and they were. To get me out to Vegas on time I had to fly MAN -> LHR -> JFK -> LAS whilst leaving earlier than originally planned and arriving much later. BA is a great airline though, which is why I'm still fighting them for my compensation claim, that I'm entitled to under European law. </sarcasm>
I was determined they weren't going to put a dampener on this trip but strange things did happen on the flight out!
My in-flight entertainment system broke itself... pic.twitter.com/fKb6CdAD2w
— Scott Helme (@Scott_Helme) July 23, 2017
The Hotel
We stayed at the Excalibur Hotel and Casino which is well connected to Mandalay Bay, the venue for BlackHat where we were spending a lot of time, and only a short distance from Caesars Palace, which is where DEF CON would be held. BSides LV was Uber distance (nobody has time to walk in 44c heat with equipment!) but we were only going to spend one day there so that didn't matter too much. The hotel did remind me a little of Disney Land from the outside!
There were some stunning views outside!
Vegas! 😎 pic.twitter.com/Iuk68eafjm
— Scott Helme (@Scott_Helme) July 23, 2017
The Conferences
If you've never attended any of the 3 conferences then having them all packed so closely together is a great opportunity to get the most bang for your buck, especially given that almost everyone has to travel to get to them.
BlackHat
Definitely on the more corporate end of the scale, BlackHat is still well worth attending. They have talks, trainings, a huge vendor hall and lots of sponsored after parties!
BSides Las Vegas
I've been to many BSides events and if you have you will know they're run by the community for the community. They're probably at the opposite end of the spectrum to BlackHat but certainly worth attending. BSides LV was packed with talks and whilst there were some vendor stands in the chill out room, it's not really what the event is about.
DEF CON
Finally, the notorious DEF CON. This conference probably sits between BlackHat and BSides LV in terms of corporate nature, and the scale of event is amazing. The talks at DEF CON are always worth checking out but most of the fun is had in the villages and other events.
The People
I got to spend the week with some truly awesome people and meet many others along the way. Most of my time was spent shooting with my producer Catharina 'Boss Lady' Moh.
Ready for @defcon with @Scott_Helme for @BBCClick - Also check out this awesome press badge. #badgelife #DEFCON25 pic.twitter.com/9Uarc5xZUk
— Catharina Moh (@CatharinaMoh) July 28, 2017
One of the things I love about introducing new people to the security community is that they're always pleasantly surprised at just how nice everyone is, and Cat's introduction was no different. She even looked the part after we acquired some swag at BlackHat!
Up to no good... serious hacking business going on here - first test get into @Scott_Helme 's laptop @notsosecure @BBCClick #hackingschool pic.twitter.com/PXX53kNwcJ
— Catharina Moh (@CatharinaMoh) July 24, 2017
After BlackHat we were at BSides LV where we got to do even more awesome things like hang out with Jack Daniel, pick locks and take a tour of the SOC!
Awesome that @CatharinaMoh and I got chance to hang out with @jack_daniel at @BSidesLV! pic.twitter.com/cRQoL3GDjQ
— Scott Helme (@Scott_Helme) July 25, 2017
Thanks @SteveD3 for teaching me how to pick a lock! Artful Dodger eat your heart out... #BSidesLV pic.twitter.com/MlfoM7tvjk
— Catharina Moh (@CatharinaMoh) July 26, 2017
Finally over to DEF CON and one of the first shoots we had was with AND!XOR who were making some epic badges!
So I got my first DEFCON badge...stay tuned for our film with @ANDnXOR @BBCClick #badgelife #defcon25 pic.twitter.com/fgaoiMLtqg
— Catharina Moh (@CatharinaMoh) July 27, 2017
After that it was time to hit the conference floor and I was really interested to see how the experience would be different now I was walking around with a press badge instead of a human badge.
Picked up my @defcon badge! I'm filming with @CatharinaMoh for @BBCClick, come say hi 😀 pic.twitter.com/JfVmIt24Oa
— Scott Helme (@Scott_Helme) July 27, 2017
I'm happy to report that 99.99% of people were totally cool with it. As a member of the community I totally understood and respected everyone's privacy and everyone was happy with polite requests to have them in shot. For wider shots where there were simply too many people to ask for permission, we'd use an incredibly shallow depth of field so that nobody in the background could be made out.
Next up was Dan 'Two Shoot' Simmons, because no matter how much you nail it the first time around, you're shooting it again! I've worked with Dan before on the nomx research that Alan Woodward invited me to take part in. This resulted in a fairly epic episode of Click, and a nomination for nomx in the 'Lamest Vendor Response' category for Blackhat's Pwnie Awards!
Our #nomx TV show is up for a #blackhat2017 award! Story:https://t.co/q86T5goGru TV:https://t.co/7Yvr9w50jI
— Dan Simmons (@dannsimmons) July 31, 2017
Award:https://t.co/p4irR2KZP6
Working alongside a pro does come with some drawbacks though...
.@dannsimmons: "Scott, give me shock and awe!"
— Scott Helme (@Scott_Helme) August 5, 2017
Me: *gives angry and confused*
... 😂 pic.twitter.com/OF8bjA7EZu
Next up was the awesome Kate Russell who amongst other things was covering Quantum Key Distribution! You can see the segment about QKD in the Click episode 'What happens in Vegas...'.
The scurrilous @katerussell returns to present part 2 of 'Hackers in Vegas' this week on @BBCClick! pic.twitter.com/N3W8yPGlFn
— Dan Simmons (@dannsimmons) August 2, 2017
Amongst Kate's responsibilities was making sure that everyone behaved and acted in a responsible manner.
https://t.co/pgT07EDb2j much silliness at #BHUSA17 with @Scott_Helme Omie and Cat x
— Kate Russell (@katerussell) July 27, 2017
That was Kate's main responsibility.
— Scott Helme (@Scott_Helme) August 5, 2017
Kate failed.
Kate failed a lot.
I also decided to give Kate the 'gif of the trip' award for this beauty that she shot on her phone while we were doing a shoot at Mandalay Bay!
Another hard day's hacking from @Scott_Helme with @BBCClick at #BHUSA17 pic.twitter.com/SFhmLh8G89
— Kate Russell (@katerussell) July 26, 2017
One of my other partners in crime was Mehrnaz Farahmand who sadly ended up leaving Vegas in a wheelchair after a rather mundane injury.
Leaving Las Vegas in a wheelchair. @BBCClick presenter @mehrnazfarah suffers 'I just stood up' injury. And there's no tech on hand to help. pic.twitter.com/aNFaFrRcys
— Dan Simmons (@dannsimmons) July 29, 2017
Mehrnaz was shooting in Farsi and I've always found it fascinating to watch someone switch between two languages so casually, especially being English as we suck at foreign languages. Great fun was had and I look forward to seeing myself dubbed in Farsi!
Mickey runs as fast as his cossie allows after @BBCClick presenter @mehrnazfarah goes in for a Vegas style kiss! #clickbehindthescenes pic.twitter.com/mj8iRmfu77
— Dan Simmons (@dannsimmons) August 2, 2017
Behind the scenes we also had two other legends making the magic happen; Ben 'High Roller' Lister and Omar 'Shotgun' Mehtab who proved difficult to get a picture of!
Filming ice cream melt in 37C. Sooo frustrating.
— Dan Simmons (@dannsimmons) July 26, 2017
But we need to explain quantum physics, obvs - so... @mrbenlister nails the shot. pic.twitter.com/30h6RmCsWb
Can you hear what someone types? And if you could, could you read what they say? Our first cyberhack on this week's @BBCClick pic.twitter.com/FROpymI9lc
— Dan Simmons (@dannsimmons) July 26, 2017
Ben was behind the other camera for most of the trip and had a great eye for a good shot. Having no artistic capabilities whatsoever I'm always in awe at people who can take a scene and make it look great in the blink of an eye. Just look at a couple of his pictures!
On top of this there was also a truck load of kit to manage, I never realised just how much 'stuff' there was...
Filming prep and planning 🎥 pic.twitter.com/3R695oUboD
— Scott Helme (@Scott_Helme) July 23, 2017
Bio-hacking
The last time I was at DEF CON a couple of years ago I took a look around the Bio-hacking village and was fascinated by some of the things taking place. One of them I really liked was the idea of an NFC implant you could get in your hand. In the interim I've done some reading up on these but the best way to get a proper understanding of something is to dive right in, so I did!
Just had my NFC implant by @DangerousThings at @defcon! Don't be scared of the process, it's really not that bad. pic.twitter.com/hmNAvYiBH1
— Scott Helme (@Scott_Helme) July 29, 2017
I really want to give this a lot more coverage so I will probably write at least one blog about the process and technology. I've already discovered a few uses for my chip and am making plans for what to do with it in the future.
The Awesome
There were so many awesome things on the trip but there were definitely a couple of highlights; a helicopter ride and a limo ride! Both of these were filmed and appear in the show.
My photography skills aren't great so please excuse the bad photos and bear in mind I was squashed in the back of the limo to give Ben room to film!
The Ending
Being in Las Vegas I really wanted to get a little hat tip to Ocean's 11 in there and my idea of doing a special ending to the show was really good fun to do!
Shooting the final scenes for our cyber security special for this week's show @BBCClick #sneakpeak pic.twitter.com/Y8LAiziDEj
— Catharina Moh (@CatharinaMoh) July 28, 2017
For those of you that have seen the movie you will recognise this scene, if not you can view the ending of the movie here. I think we did it justice.
Behind The Scenes
One of the other really cool aspects of the trip was getting to see just what goes on behind the scenes during filming. That 10 second segment that appears on TV is often the product of hours of work from several people!
Thanks
One of the great parts of the trip was catching up with my old work colleagues who were competing as a team in the IoT CTF and gave us permission to film them too. They were first place whilst we were there and finished in joint first at the end of the event!
#Hacking planet IoT. Bring it on! #Defcon25 Las Vegas @Secarma @SecarmaLabs pic.twitter.com/qsmwbS1rCN
— H (@PRWHarris) July 28, 2017
Meet one of the teams competing in the #DEFCON25 IoT CTF competition - where they spend three days straight attempting to hack all they can! pic.twitter.com/iRyqEeao63
— BBC Click (@BBCClick) July 28, 2017
I also owe another thanks to Darren Kitchen from Hak5 who hooked me up with one of their Field Kits! I used various pieces of the kit in various demos and whilst there were a couple of segments that we shot with the devices in use, we ended up filming so much great stuff that we just couldn't fit it all in. Still, the WiFi Pineapple does get a brief appearance during one of the voice-over segments.
Massive thanks to @hak5darren / @Hak5 for hooking us up with a load of tools for one of our shoots! pic.twitter.com/c287AmR82u
— Scott Helme (@Scott_Helme) July 27, 2017
Winner winner!
We did have a gamble on a few nights during the week (this is Vegas after all baby!). I was down by a couple hundred dollars overall, but given that you drink free whilst sitting at the tables, I hadn't really lost anything more than I would have spent on drink. So I was pretty happy. On the way out of the hotel though, after checking out, I scraped my last dollars together, walked over to a roulette table and threw $20 on green. I guess it was my lucky day!
Scraped together my last money and threw it all on green after checking out. Winner! pic.twitter.com/diIKI7DbE1
— Scott Helme (@Scott_Helme) July 29, 2017
That was a nice way to end the week, $360 in winnings!