 Hey everyone. Thanks for coming to the party. Show of hands, who here is this year's first DEF CON? Okay, so we had a DEF CON 101 panel yesterday for newbies. This isn't that, but what I'm going to do is cover a lot of some of the same stuff. So you'll hear a little bit of DEF CON history, you'll hear a little bit about what's been going on this year. So with that said, welcome to DEF CON 31. So this started as a sort of a party 31 years ago, and the original origin story was essentially there was a lot of bullshit going around online, well, in the bulletin board days. And people would say the most ridiculous stuff. Like phone freaking was a thing back then because calling long distance was really expensive. So people would come up with all these ways to try to make free phone calls. And so that involved fraud. And so then people would be concerned that maybe they would get traced or the telco would figure out their home phone number. And so there's all this nonsensical stuff like if you run the jammer program, it dials these magical phone numbers and then nobody can trace you. And you're fine. You can do whatever you want on your home phone. And you'd be like, that doesn't, like, I don't think phone switching works that way. So when we were trying to figure out the conference, like what are we going to do at a conference, it was originally supposed to be a party, but we should, I really wanted to spell a lot of this nonsense. Okay, so we need to find somebody who can explain to the audience to the other hackers why the jammer is not working. And then people would say stuff like, well, on my bulletin board if I have my home screen and it says no law enforcement allowed. And they then connect. That's entrapment. Like, I don't think it works that way. I think there's probably a way around that for law enforcement. So okay, so we got the Gail Thackery who was the prosecutor at the time who just prosecuted the first cyber crime case, Operation Sun Devil in Maricopa County, Arizona. So Gail Thackery comes. And then the internet's a thing. And we're like, gosh, you know, what's going on there? We should get somebody who really understands that. And so we got Dan Farmer, who was the person everybody wanted to be, the original hacking rock star. He looked like a rock star. He was in charge of security for Sun Microsystems when Sun was the internet. And he gives a talk about how problematic it is as Sun was growing, there's so many computers on their network, he couldn't spend time on all of them securing them. So what he's going to do is he's going to try to write scripts to scan his Sun network to find security vulnerabilities. And it'll be like the security automation network tool. And it gets him on the front page of Time Magazine. And that was the first scanning tool called Satan. And so the whole purpose is to try to get you in front of the people that are doing the thing and trying to dispel the nonsense. And it wasn't a master plan of mine, it just sort of worked out that way. And I've just been smart enough to steer clear, not mess with it too much. And so that's essentially how we've turned in today. Balancing the party and the social with trying to get you the technical. The other thing is we try to do is as we've grown, we've realized that we've turned into like a conference of conferences. We're like a meta-conference. And so DEF CON, the main DEF CON, we spend a lot of time trying to figure out who to give space to, who to give stage time, who to platform. Literally put you on the platform. And so that's why you'll see churn. You'll see a contest come and go. You'll see a village try something for a few years and go. And if you do well, we'll give you more space. And if you don't do well, you get less space. And it just organically grows and morphs over the years. So all of this is possible because of goons. We have over, the people in the red shirts, we have over 500 goons that make the on-site operations possible. So yay goons. Give it up. It's pretty fantastic because you know, once you're in the goon brotherhood, you're sort of like one of us. But we don't give a shit who you are in the real world. And so you'll have like CSOs of billion-dollar companies crawling around pulling network cable. You'll have head of procurement for the Department of Defense for a while was pulling cable for years. And they just want to hang out and kind of be with their peeps. And so that's what's also pretty cool, is you never know who you're talking to. And that's part of the fear and excitement of who you're, who's next to you. The other thing is it takes over probably 1,500, about maybe 1,500 or more, maybe 2,000 people, the people creating the content. The creators. There's almost 2,000. They run contests and events and villages. They run stuff online. They build art. They play music. They design infrastructure. They build this podium. A great art collective. So there's tons of people that give so much of themselves to make this happen. And if you notice, you know, we're not super slick. We don't spend a lot of money on a whole lot of what I consider sort of unimportant sort of puffery. We try to keep the price as low as possible. I can't control the economy. I'm really sorry about the price increase this year. But we try to focus on the things that we think matter. And that's supporting content creators, supporting goons, and trying to, you know, fund our legal defense, pay insurance companies. So we can keep this going. And because of that model, we had enough money saved in the bank to survive COVID. Which is fantastic. I'm just a compulsively worrier on a lot of things. But that allowed us to do the DEFCON 28 for free online. It allowed us to survive to DEFCON 29. And here we are again, back up to full speed. And that's because we just try to focus on our core. And the community is really our core. And if you think about it a little bit, our community, this community right here in the room, we've become more, I would say, relevant and more important over the last probably five or ten years. And it's, I feel a little uncomfortable saying that. But it's true. After this talk, I'm having a conversation with the Secretary of Homeland Security. Like he's not coming here because it's unimportant to the department, right? It's like what we're doing is relevant not to just our country, but to countries around the world. And I think that's because internet problems are really global problems. And now we're seeing AI problems are going to be global problems. And we sort of are acting as this sort of third party civil society like validators. So for example, the lock manufacturer is not going to tell you that their lock is a piece of shit, right? Like every master lock, you read that master lock thing and it's like this is the best thing in the world. It'll keep, you know, the pink panther out. And then you go to the lock picking village and it's like, boop, done. You're like, no, no, wait, no, there's more to within that, right? You're like a professional and you'd like, no, I just sat down five minutes ago. See, look, it's open. You're like, well, who's talking about this? Well, the government doesn't regulate locks and the lock manufacturer doesn't and they have a marketing budget. Lock Smiths are very protective of their territory, right? So who talks about locks? Well, it's us. It's our community started talking about picking locks and safes. Access control. Who is talking about access control systems? Implanted medical devices? That was DEF CON, right? Insulin, pump talks, automotive, aerospace, right? And so what's happening is the dynamic is companies don't have a financial incentive to reveal their problems. Organized criminals taking advantage of those problems. Definitely don't have an incentive to tell the world how they're using the technology to steal money or commit crimes or espionage. Government agencies half the time might be using those exploits for law enforcement purposes, but that's that's fine pursue your law enforcement objectives, but I just want to be able to buy a better lock. You know, I want things to get better in my lifetime. And so it's up to us hackers, researchers, academics, we're the ones that are speaking truth to power and telling the world what works and what doesn't work and why. And I think that function has only gotten more important as the technology has become more embedded. And now with AI, we're going to become more relevant space, right? So yeah, have a party and hang out and meet people. But remember also what you're trying to do is you're trying to help make society a little bit better by speaking truth to power. And it's not easy, right? We had a couple talks pulled this year intimidation from giant corporation, lawyers involved, people threatening to quit, get fired. I mean, every year there is a tension between companies trying to protect themselves and researchers trying to reveal information. And that's why we have friends like the electronic frontier foundation in coders rights, where they're the experts, right? If you have a question or you're feeling intimidated or you're not quite sure if you should do something, the EFF has been with us for decades. And they're there to fulfill their role in our community to help be the legal protectors. So also want to give a shout out EFF. Yay. Good job guys. So a couple operational things for the show this year. Every year since the very first one, we always try to make things better. And sometimes it works and sometimes it doesn't. And so for example, this year, there's a lot of questions, right? The badges are still arriving. And our plan is to, as we get more real badges from the manufacturer, we'll be doing swap outs. And normally what a swap out entails is goons walking around with big bags of badges and if they see you with the wrong kind of older paper badge or plastic badge, temporary badge, they'll swap it out. Or we'll put them at the info booths. But our plan is as we get more in, we'll be doing swap outs. We even have somebody, we're trying to figure out how to fly them on an airplane on a Sunday morning to fly back here from the facility with boxes. I mean, we're doing everything we can to untangle it. But when it's all said and done, if you go to the badge talk, you can see the pictures and hear the gory details if you kind of are like into accident porn. So I hope that doesn't start your vibe off wrong. But every year we alternate between an electronic badge and a physical badge. And the reason is, electronic badges are expensive and complicated. And physical badges are generally less expensive. Also complicated. And it's a way of us trying to balance our budget over the long run. But DEF CON 29, it was an electronic year. DEF CON 30, it's an anniversary year. Of course we have to do electronic badges. So we did two years of electronic badges. And so now the new tick tock cycle of going between electronic and physical and electronic is starting again. So next year it will be an electronic badge. And the problem with that, since we originated and invented the electronic badge, Joe Grand, you guys, the community have totally outclassed us on some of the electronic badges because we have to produce like 26,000 of them or something. And a lot of these cooler badges will produce like 200. And you just can't compete with that. So we're always trying to do instead something new. Aluminum. One time we did flexible badges. We always try to add something that we can get our hands on, quantity 26,000, that you can't get your hands on it, you know, quantity 200. So it's a really fascinating give and take in the badge space. And that kicked off the hardware hacking village and a lot of other stuff. And it, okay, I'll just dig right, I have five minutes left, but I really want to tell the story. Because it might be instrumental on our future battles with AI. I was thinking all the movies and books you read, the hackers, the people fighting against the evil intelligence or whatever, they always seem to know how to like fight back. And I was thinking, well, nobody knows how to really hack hardware. So if we need to incubate the next generation to be able to fight the terminator, how are we going to do that? And we're like, oh, an electronic badge. And then we'll get people to hack on the electronic badge and it'll be very simple and over time it'll get more complicated. And it worked. It totally worked like that. Everybody like was messing around with LEDs one year and five years later they're making drone badges that fly around. It was amazing. And so, again, we can plant seeds and see what the community does with them and also hopefully prepare to feed our, you know, overlords. There's a lot of things going on here. And info.defcon.org is the main repository for like all the schedule updates. The data from info.defcon.org feeds Hacker Tracker app on your phone. So if you're using Hacker Tracker, it's all the same data. One's more in a web presentation. The other is mobile. If you're in your hotel room, we have Defcon TV. You're just hung over or broke your foot, walking too many feet. TV channels, we stream to all the con properties, all the five tracks. So if you feel like it's too crowded, you can just chill in your room, have a room party. Defcon TV also, we're streaming certain tracks based on bandwidth out to everybody, to internet for free. And that's another big thing we do with Defcon is I try to release all the talks. Everything is free. And the origin of that was because I got lazy. I recorded Defcon 1 on Audio Tape and I was selling the Audio Tapes to help make money. And after a couple of years, I just didn't want to do that anymore. And so we used real networks and we just released the content for free. But in doing that, and then when I started BlackHat and we released the BlackHat content for free, accidentally what we were doing is we're creating a culture of sharing information for free. And that culture started what, 30 years ago? And that's why nobody thinks twice about, well of course I give away the content. Again, I would like to think that that was a master plan. It was not. I was being lazy, right? But now we get all this stuff for free. It's great. So feel free to share and feel free to use our online resources. You know, we've been running the Defcon forums for over 25 years. And online activity has come and gone over the years. Now it's more like on our Defcon Discord. You'll see in your bag we started a mastodon server, Defcon. Social. Once the Musk started wrecking Twitter, we needed an escape hatch. So that's Defcon.Social. And if that takes off and people like it, we might do, you know, there's a distributed version for like a Reddit replacement and a pixel fed for Instagram. We'll think about do we want to run more services to support the community. And let me see. Final thoughts? We were one of the first, I guess, information security conferences to have a code of conduct and a transparency report. And I'll just briefly touch on those. The idea with our code of conduct is as we grew and people got a little bit more sophisticated in sort of evading appropriate behavior, we really needed to say, hey, this is what we stand for. This is our code of conduct. We spent money on lawyers. We got it reviewed. And we tried to create it as a model that other conferences could take, take what they liked out of our code of conduct, make it their own. But that's half of the problem, right? We have a way of you identifying that there's a problem, reporting a code of conduct violation, say, through our hotline or talking to security goons. But if we don't hold ourselves accountable publicly, then you might not trust anything we're saying. So our transparency report was launched where we started in a sort of sanitized way saying, this is how many people we kicked out. There's how many drunk accidents. This is how many allegations of just nobody knew in the conference world, like, is it prevalent or not? Is there a lot of abuse or very little abuse? Nobody knew. And we figured being data geeks, well, we got to collect the data. And if we collect the data, we got to share the data. And so that's where the transparency report comes on. And you'll see every once in a while we kick out goons. The code of conduct applies to goons and creators just as it applies to attendees. I see you there. And so what I want you to think about is, you know, we're not perfect, but if you see something, please report it. If you're feeling like you're under stress or you're having troubles, it's too overwhelming, we have a hotline of trained professionals to help you deal with issues. So please take advantage of this. And if you look at it from the big picture, all we're trying to do is we're trying to build a bigger, safer community so we can all hack on shit, right? And that's what it's about. So thank you for coming to 31. I hope you have a great time.