Matt: And then I start walking away, and I hear someone be like, can I take a selfie with you? And he's like, well, I'll do a shoe selfie. So I'm like, oh, now's my chance. I spin around, whip out my phone, walk over, stick my foot in the circle of shoes. And his shoe is right next to mine, and I got a shoe selfie with him.
Narrator: You're listening to the Cyber Secured Podcast. Helping you become safer in every way. Now your hosts, Matt and Attila.
Matt: Welcome back to the Cyber Secured Podcast.
Attila: I'm your host Attila.
Matt: And I'm Matt.
Attila: And we're here to talk about DEF CON today. We got our swag on. DEF CON. Yeah. The world's largest cybersecurity conference in Las Vegas. We went in 2025 at long last after hearing about it for years and wanting to go. And if you have not listened to our last episode, episode 13, where we talk about our first impressions of DEF CON, you should listen to that because it has good travel tips if you've never been.
Matt: I need to add a little bit to the first impressions. I didn't say this in the first episode about DEF CON. When Attila talked to me about going, neither one of us had ever gone before. We just heard stories. There are two conferences back to back, Black Hat and DEF CON. In my mind, DEF CON was the vendor-focused event because it’s a government term meaning defense readiness.
Attila: And you would think that being anti-establishment you wouldn’t pick such an established name. It’s like opening an anti burger joint and calling it McDonald's.
Matt: Right. And Black Hat represents hacker roles like red hat, black hat, and gray hat. Gray hat means you sometimes cross lines to do good.
Attila: Ethical.
Matt: Ethical hackers, yeah. I assumed DEF CON was vendor-focused and Black Hat was hacker-focused, and then I realized we were actually going to the hacker conference.
Attila: Which is exactly what we wanted. We also got to meet people we listen to on podcasts, including Jack Rhysider. And Matt got a shoe selfie.
Matt: I was going into the bathroom and spotted someone wearing a mask. If you listen to Darknet Diaries, you know Jack always wears one. I heard his voice and knew it was him. When I walked out, he said he had to go and handed me a Darknet Diaries DEF CON 33 bracelet. Then someone asked for a selfie and he offered a shoe selfie. That’s when I jumped in.
Attila: Wow. If you took a regular selfie, it would just be a bandana, a hat, and sunglasses.
Matt: He’s shy about that and didn’t want real pictures.
Attila: That ties into the culture. Some scambaiters show their faces on YouTube.
Matt: Right, but guys like Jim Browning have never shown their face. Some parts of the scamming world are legitimately scary. Look up Black Axe if you don’t know about it.
Attila: Darknet Diaries has a great episode on Black Axe. That episode probably pushed Jack into hiding for a bit.
Matt: Yeah. I was monitoring someone who might have been part of that organization. Luckily not for long.
Attila: That could have turned out bad.
Matt: It definitely could have. We also saw other well-known figures there, like Hack Five.
Attila: Jack also had a really nice kids event. I didn’t realize how many kids attended DEF CON. They had arm-based computers, hacking kits, and special Q&A sessions. No pictures, of course.
Matt: Once you reach a certain level of fame, harassment becomes real. Jack talked about Pizzagate, where people sent pizzas to show they knew where someone lived. It escalated to family members.
Attila: That’s harassment meant to intimidate. Cameras are everywhere, but DEF CON culture values privacy.
Matt: There are people at DEF CON who’ve committed crimes and haven’t faced consequences. Some even talk about it. There was a journalist caught taking photos for authorities and was thrown out.
Attila: There were arrests this year. Law enforcement is definitely there. Spot the Fed is part of the culture.
Matt: DEF CON has reached critical mass. Too much interest can hurt the thing people love. Tragedy of the commons.
Attila: Oversaturation.
Matt: Exactly. But there’s still great stuff. Switching gears, what did we enjoy most?
Attila: I liked meeting vendors and researchers working on cloud vulnerabilities. Cloud is the big one. A lot of presenters were using Macs, which surprised me.
Matt: Tech people always check what others are using. I saw mostly PCs, some Linux, and presenters almost always on Macs.
Attila: ARM architecture is a big reason.
Matt: AMD and Intel are catching up, but Apple silicon still wins on heat and battery.
Attila: Cloud security was huge. Microsoft Entra and 365 defaults leave security switches off, which causes issues.
Matt: Lock everything down and users revolt. That’s the tradeoff.
Attila: Security irritates everyone.
Matt: But we still have to do it.
Attila: One of the scariest talks was about passkeys.
Matt: Passkeys are like SSH keys in browsers. They’re convenient and safer, but researchers showed ways to compromise them through browser extensions.
Attila: Which we’re seeing more and more.
Matt: The scary part is that 90 percent of extensions require global access. They can see passwords and passkeys.
Attila: That’s an architectural failure.
Matt: Exactly. Even tools like Grammarly need that access.
Attila: The browser is basically the new OS.
Matt: And VPN browser extensions are risky. One called FreeVPN was taking screenshots every second and sending them unencrypted.
Attila: That’s terrifying.
Matt: Security researchers found that many password managers are vulnerable to this too.
Attila: So almost no extension is really safe.
Matt: Almost. Bitwarden is working on fixes, but extensions are scary.
Attila: Another talk showed how admin rights can be escalated in Microsoft 365 due to architectural flaws.
Matt: Fixing it would probably break everything.
Attila: The big takeaway is that nothing is 100 percent secure. Everything can be hacked.
Matt: So preparation matters. Tabletop exercises were powerful because they force you to think about response, communication, legal fallout, and even human life.
Attila: At a smaller scale, businesses can fail from disruptions. That impacts livelihoods.
Matt: Those are big questions we should cover next time.
Attila: We’ll keep these episodes short and release longer discussions in chunks.
Attila: Thanks for listening. I’m Attila.
Matt: I’m Matt.
Attila: Stay safe out there.
Matt: Cheers, everybody.
Narrator: This episode was brought to you by Cypac. To learn more about keeping your business safe from threat, crime, and disaster, visit cypac.com.