titlepage

It was a tag-team effort - with Gx00 !!

If you had read my two previous blog posts summarizing my experiences with the BSidesLv 2023 and 2024 Pros Vs Joes CTFs (aka Capture the Flag cybersecurity competitions), you are probably very familiar with Gx00. I first met him in 2021 when he volunteered to help a complete CTF newb enter their first CTF (BSidesVancouver). Then fast forward to 2023 when he encouraged me to apply to partcipate in my first PvJ CTF at BSidesLV, and he turned out to be my team captain (along with MalwareMama). And if that was not enough of a coincidence, I ended up on his team AGAIN in 2024. Fortunately in 2024, our team won!

It would only be fitting, that I share the podium at my first local DefCon presentation with Gx00. I would not have participated in PvJ if Gx00 had not suggested it to me.

** Note: You can read about my experiences at the BSidesLV 2023 and BSidesLV 2024 Pros vs Joes CTFs at these links.

How did we end up on the agenda on November 28 2024?

Gx00 and I were chatting with some organizers of our local DefCon group (DC604) at a recent meeting. They are always on the look out for speakers and presenters and asked if we might be interested to talk about our experiences with the PvJ CTFs. We volunteered to present at an upcoming evening of shorter “lightning” talks but we had to withdraw due to a scheduling conflict. We were expecting to be rescheduled in 2025 but the speaker for November 28 2024 had to cancel; we were the replacements for the first half of the evening, and Shyhat would run a workshop for the second half.

We were requested to write an introductory blurb for our talk - we had a pretty good idea of what we wanted to talk about, but were feeling a little lazy so Gx00 threw some text into a LLM and b00m - it turned out pretty well so we used it!

summary

What did we talk about?

I recall attending a few sessions at DefCon in Las Vegas, where a first time presenter would share a shot of some hard liquor with the Moderator/Goon. Since this was our first local DefCon presentation for both of us, I brought a small 50 ml bottle of whisky and a couple of tiny plastic cups to kick off our presentation. Hopefully it had relaxed us a little :) Unfortunately, I forgot to ask someone to take a picture of us.

From there, we proceeded with our talk. Gx00 spoke about the challenges and rewards with organizing a team of 12 players from around the world in preparation for the CTF. I then spoke about the CTF from a player’s perspective. You can see my Outline and Conclusion slides, below.

outline conclusion

How did it go?

I can’t speak for the audience or Gx00, but I had a lot of fun. I didn’t see many people falling asleep despite the didactic nature of the talk. I didn’t include any interactive questions or activities but I would certainly include more questions if I ever have the opportunity to do this again. A hands-on workshop, by nature, would be much more interactive. Fortunately, I think the audience was engaged because they asked a number of questions during the Question/Answer period. After the session, a few more participants came up to us afterwards to ask more questions about CTFs, ethical hacking and other related topics. I attended two more cybersecurity gatherings since our presentation, and others have approached me with additional questions, or recognized me from our presentation - so perhaps the topic was of interest to some people afterall!

Prior to the session, Gx00 and I joked that we only needed 5 minutes each. We were alotted 15 minutes each and had no idea how we were going to fill the time. In fact, we both spoke for 30 minutes each, LOL. In retrospect, I suppose there was A LOT to talk about, after all!

Lastly, I had completely forgotten to take a picture of Gx00 during his part of the talk. Ugh. I will definitely take a picture for him at his next talk.

pic

So, what’s next?

I enjoyed the experience and we have been asked to give additional talks to our local DefCon DC604 group. I would certainly be keen to do so - but I will need to obtain some expertise in something that might be of interest to the group first!

Thank you for reading, and perhaps I may see you at a future DC604, BSides or DefCon conference.

ip3c4c