What is a "hacker"? Over the years the media has twisted the meaning, so that today it is widely used to describe cyber criminals and is full of negative connotations. However, the term was first used within the technology industry in reference to a special breed of inventors and engineers. These engineers, inventors, technicians, and specialists were singular in that they 'creatively' approached problems. Basically, they attempted to solve problems through technology in ways that were not intended.
At the DEFCON conference, you constantly hear that we are all hackers. Being a hacker does not require a specific skill level or lack of concern for the law, but rather a desire to learn and to make the most of what is given to us - to think outside the box, so to speak. Almost everyone there embodies the hacker spirit, which is evident by the numerous competitions and villages that are open to all. The competitions are designed to force participants to expand their minds and think in unconventional ways, while villages allow participants to come together and learn how to use unique skills such as soldering or lock picking. Attendees with more experience in a specific skillset are often seen assisting beginners.
While the competitions and villages are an important part of the DEFCON experience, The DEFCON talks are perhaps the most fundamental part of the conference and are given by members of the hacker community. One excellent talk we attended addressed some of the insecurities in the Adobe Reader Javascript API, highlighting several vulnerabilities in Adobe Reader discovered by the authors. Not only did they describe the vulnerabilities, but they also demonstrated the process used to find them. At the end of the talk the authors were able to demo a full exploit on the software that didn't require any messy memory corruption attacks. A slightly less applicable talk, but still fun to watch and in the true hacking spirit, was the "REpsych" presentation. The presenter discussed how he analyzed a popular piece of software used for reverse engineering, IDA Pro, in order to discover how the software constructs control-flow graphs. He then used this knowledge to build a tool that could embed images in these graphs.
Overall, the entire DEFCON conference turned out to be an amazing experience. The True interns only wished we had more time, as it was impossible to fit everything we wanted to see and do in one weekend. We are definitely looking forward to future conferences and getting more involved as we broaden our skill sets and seek to approach problems from an ethical hacker perspective.