So who am I, who the hell am I? Who is this weird guy? So, I am DEF CON's official cryptographer and puzzle master. I created the hardware hacking village, I have been doing puzzles and mystery challenges for many, many years. This is my lovely wife and yes, that's a Dr. Seuss book on the right. Who wants to come to Las Vegas in the summertime with a bunch of sweaty people that don't shower and rub elbows? I'm not a Vegas person. This is for noobs and not for any particular subject area. Who knows who Matt Blaze is? It says don't be shy. A quick shoutout and APG and a couple others. I have some good props. Everyone should do that. Disclaimer. I'm not going to sit up here and read slides to you. I will not advocate criminal activity. You can determine what that access is for later. How many of you notice a certain folder on my desktop when I came in here? I'm going to open that. What was the folder? You asked for it. Remember, you asked for this. Oh! [ APPLAUSE ] Dang. How many of you notice the name of this song. How many of you are going to take another weird ass look at the name of this song and read just the first letter of the word that is there? First of all, you are full of crap because this is a bull bullshit and arrogant in our community. Get over the bullshit. Every person in this room, especially, if you are from the United States, look it up. It is talking about what type of research securities are legal and not legal. Big joke, everyone came to DEF CON this year and now, you have a record. Ah-ha see what you did there. This is a hacker and if you see him at the conference thank him and shake his hand and thank him for putting this together. The first two talks before DEF CON actually starts. How many of you have been through the hellacious red line? How many people took five hours? Six hours? Seven hours? How was it this year? [ APPLAUSE ] So, we got a whole bunch of red folks and the same thing with the swag. Was it awful? Tell the truth. >> Better than last year. >> Anyway, for those of you that are familiar with the contests and the puzzles that I do, there are people who are working on the crypto challenges and it takes up their entire DEF CON time. For me, it takes an entire year to put together everything that I do and I'm entirely busy. He would always bug me for slides and a title. I kept putting him off and off. So, he would start making up talk titles. Now, the title is kind of a tradition. Highways came up with that. I'm the brunt of that joke, as well as you guys. Anyway. How many of you have seen "Spinal Tap"? How many of you get the reference? There is a scene in "Spinal Tap" and they are like what the hell are we going to talk about? There is some jazz that you can bullshit through all of that. I would encourage you if someone says something that doesn't make sense to you, challenge the speaker. Challenge me. That's how we are going to get better. That's the whole point of a conference like this. Don't go in and listen to a guy who is giving basically a vendor speech. If someone is saying something that is bullshit, challenge them. We are going to get better that way. How many of you have heard my 101 speech before? Because of all of the puzzles in crypto and mysterious things that I do, I'm accused of thinking outside of the box. Most of the time I talk to reporters and they are like you are creative and you think outside of the box. That's one of my biggest pet peeves right now. How many of you know where the term "thinking outside of the box" comes from? Connect all of the dots. Don't let your pen leave the paper. If this is not your cup of tea, feel free to leave. I will not be offended at all. I will talk about some technical issues, but 101. That's what it is." So the nine dot problem. You are often presented with connect all of the dots. Can't lift the pen from the paper or you have a limit etc.? And everyone knows that you have to extend the lines past the mental imposed box. The presenter, like Tony Robinson or something will come down and like, oh, ha ha I'm going to challenge you to be creative. Especially, for us, as a hacker, and coming up with solutions to problems and as a hacker, you have to think outside of the box and come up with a different method or a abuse the system in a way that nobody else has thought of. There is another examination and basically says that all I have to do to make people sign that nine dot problem is to tell them they are mentally constraining themselves and there are studies that show that's not true. There are studies that even ahead of time you cannot -- you have to draw outside of this imposed space in order to solve this problem. The same person (Indiscernible) oh, that particular puzzle. The ones that could do it could do it anyway and the ones that couldn't, couldn't. The only thing that helped was the study of the generation. How many of you are in high school? College students? Fresh out of school? How many people are looking for jobs? No, I'm serious. It is a great place to get recruited. How many people are looking for jobs? Let's do that again. How many people are looking for jobs? How many people are looking to hire someone? Everybody see that? Okay, just trying to help. You're welcome. [ LAUGHTER ] The reason I bring that up is that we have a generation of wanna be hackers and the epithermal moments are not going to come from thinking outside of the box, but from what you are exposed to. I used to teach at the university and students would come up and ask questions. I would say first, have you tried what you have tested? And I'm afraid that we have a generation of hackers that have or have not be in school and they don't tinkle anymore and we are going to put constraints on people and if you do these things, you are going to go to jail. You are going to get arrested. You are going to get a record. You are not going to be able to get a job. We are scaring this younger generation where they are not tinkering anymore. We have to break that. Or we are not going to have these epiphrenal moments and I have a brand-new daughter, who is in the front row and I want her to be able to explore like I used to and not go to jail for it. Not get a record for it. That's my bullshit and would you argue with me? Agree with me? That's a good point. I have to Google proof everything that I do. What's going to happen the first time that someone gets a piece of information that I give and I have to Google proof of it because they are going to throw it into Google? That's correct. It goes back to the informational knowledge and gives you the epiphany and so you can have these pivotal moments and break through to the next great thing. When I was in college. Like magic and as a kid, I would see magic tricks and try and figure out how it was done and when a kid sees magic tricks now, he goes to Google and the magic trick is ruined because they have instant gratification. How many of you have looked at the code on your lanyard already? Well, that code is deliberately deceptive. I will tell you that it is not simple. I will also tell you that everything that I do that you see in my puzzles and challenges require people and require you to have communication. If you look at where a lot of our great tech came from, it came are from Belfast. How many of you know what I mean by bell labs? No one wants to foot the bill for places like bell labs. You had a giant group of people that had diverse subject knowledge and they all had direct access to each other. If we don't have bell labs anymore, where is the next great thing going to come from? How many of you in here, Java is your first coding language? You don't even know what an object is. I totally disagree with that way of teaching things. And then, you have to think to yourself, why did we start with Java? We are trying to spit out a guy that can work for a meat factory as far as coding is concerned and you are not going to get mitigration with that happening. Talk to me. >> (Indiscernible). >> I love the way that you are thinking. >> Can I interrupt? >> Sure. >> I came out of a school where Java is taught and he said that we have an intuitive knowledge of objects. That's bullshit. I grew up with computers since I was in elementary school. (Indiscernible) when I took (Indiscernible) coming out of high school and I was with a group of people all the same type of nerd as me. Our minds were melted by objects when we has been scripting our entire career. It took five weeks of doing these labs and everything for us to have that epiphany, oh, objects. >> Thank you for that comment. It sounds like we all need to get together and have a drink. People who say stuff like that are full of crap and I really mean it. Come over to me on the conference floor. Everyone turn around and say hello to Russ. He's in charge of DEF CON operations and someone that you can throw things at. >> (Indiscernible). >> That's probably not a good thing to ask me because of my background. I have mixed feelings and would argue lit or assembly. If you take for example, in fact, I'm going to talk about that in a minute. (Indiscernible) kind of a little bit of skills that I think that everyone is considering themselves a hacker is a basic set of skills that everyone should have. You would be amazed that people who are basically elite don't have a knowledge of certain things. When I get to that point, I'm going to explain to you why I think that assembly is important. It has to do with extraction and if you don't understand what is going on under the hood, you are not going to code in certain ways and I think that everyone should understand. Not to the nitty-gritty, but fundamentally. How do I make a fricking processor for that? If you explain to a 4-year-old or a 5-year-old how that extraction working. I have literally a cutter and I can turn it off by a switch. Everyone goes, I know that computers use binary and ones and zeros. You all must be very educated because computers use binary and I say, what does that mean? They don't unction what it means, they are just regurgitating. I wanted to talk about the life of a file. Yay or Ney? Shout it out. >> (Indiscernible). >> Sure. I can also play devil's advocate and because I have vast knowledge, I can play quickly and adequately. We as hackers need to have the benefit of the deep knowledge of the understanding and taking the knowledge that I understand it. Looking it up in the Chinese dictionary is more effective than drawing my finger in a text box. I can use tech in a way that shortcuts that process and goes back to Java and the whole point of Java programming is to extract. Let's move past that. Basically, I was going to talk about how DAT files are created. I believe that mathematics is the language of science. Anyway, we don't want to talk about that so... I'm pausing long enough for you to read the slides for those of you that were interested in how to break a/b. How many of you know what movie this picture is from? He's trying to seek out the magical power and it is kind of Dorothy's slippers. Go play with it. If you don't know what it is, how many of you know what MetaSport is? The authors of this are here at DEF CON. Everyone asks my opinion, who should I hear talk? If you want to have your mind blown, go and listen to Gary's talk. He's a pure genius and created chip set. We are slowly moving down a step. First, we were using stuff in the software. And then, OS. And then, the network. And now, you are hearing about BIOS and the shift is happening. Shift set takes you lower in talking to processors and the reason that it is applicable in this day in age is because it is applicable to Hypergliser. How many of you know what a Hypergliser is? I'm not trying to make you feel stupid. It is the underlying piece that allows you to have the virtualization properly and because a lot of our systems are on the cloud and everything else and learning how to attack viper and getting down lower in the stack is important. The purpose for me, up here in the 101 and throwing you nuggets of information that you may not have heard of or thought of. This is 101. If you want the deep DAT stuff, start tomorrow. I'm going to give you the quick basics that are a pet peeve of mine. I was thinking of taking this out of my talk this year. The reason I left them this is because still to this day, I'm having interactions with people on how to security conference with people and some of the things require a fundamental knowledge that some people are lacking even though they may be a genius in a particular area. If you consider yourself a computer person or a hacker, you should know these things. It is really fundamental stuff. So, here we go. How am I doing on time? I have no idea? Anyone? What are we supposed to go to, four? Everyone hold up your right hand. We are going to count in binary. If you don't know how to count in binary, I'm going to cry because you are at DEF CON. It 1, 2, 3, 4. All right, you have all flipped me off at DEF CON. If you can't take bits and write it, out in a series and I mean quickly, then go home and learn how to do that. You need to know how to do that, especially, if you are going to do reversing and hacking, it is going to help you. I talk to people who are way above my level on a lot of subjects that can't do simple things like that. They rely on their tools so much. It is amazing. The same thing with hex. [ NO AUDIO ] Interesting, what would be the largest digit possible in Bart Simpson's phone number? Why? How many fingers did the simple son characters have? What did they count on? >> (Indiscernible). [ LAUGHTER ] >> What number base do you think that a pirate would count in? Radial. 6. Why? Five fingers and a hook. We created a thing called radix. It is a hexadecimal. There is a word list out there for you. If you don't, know what they are, I would suggest you look them up. By the way, I totally encourage you to approach the speakers at DEF CON. I say this every year, if you approach someone at DEF CON and they are too high and mighty to talk to you, then they are a douchebag and I don't want them here anyway. We have too many people in our community that think they are rock stars and too cool to talk to anybody and that's got to stop. We have enough problems with people trying to cram back doors into our back systems and it has to stop. I love our community and I dedicate a lot of my time and money to make DEF CON happen every year. By the way, going back to my discussion on tinkering, if you don't know how to set-up a VP and experiment with stuff that would otherwise put you in jail in the real world, learn. The players are free. People are giving out VM's of stuff and virtual boxes and one of the ways of doing it without going to jail these days is virtualization. Any comments on the list so far? Come on. You guys are smart. I don't generally give my slides out and this is the first time I that I have allowed my 101 be recorded. I know when I go for a new talk and I watch it, and realize it is six years old and I wasted my time, but I will make these slides available on the lost boy website. If I forget to do that, send me an email and say, you said you would put those slides up, and I will put them up. >> Thank you. >> Yep. I want to make a comment about tinkering as far as hardware is concerned. How many of you know about Digi-Key? It breaks my heart. How many of you remember (Indiscernible) from Radio Shack and it was printed on graph paper and how many of you, that book changed your life? It hurt my soul that Radio Shack turned into a place that only sold cell phones and why? Because that was a place that you went and tinkered with stuff. Nowadays, we have suppliers and that's enough. Go to the websites of these companies and request their catalogs and I say this about Digi-Key because it is larger than most phone books and it is great for if you need to drill something underneath. Coming up with the challenges and it is hard because I have to stay ahead of you guys, which are smarter and I have to have stuff that is Google proof and solvable within a finite amount of time. Every year, I think I'm going to learn a little bit about like getting a subscription to a magazine that I have no interest about. So, for you, get the Digi-Key catalog and thumb through it when you are in your bathroom. >> (Indiscernible). >> Yeah, excellent. This goes deeper into my secret. How many of you know who Lady Ava is? She puts out a list of where you can get free samples of and all you have to do is say I'm going to make fifty thousand of it. You go and make a fake Gmail account. Often times you will get free shipping and they are going to put T-shirts in, as well. Get on some of these lists and figure out where you can get these parts. There are people who make enclosures and I have scripts that I run and free stuff every often and I figured out where the window of abuse is. Don't get greedy and if you go to maxim and request a chip, they are going to send you five. Lady Ava keeps a list. How are we doing? Are you bored? Am I talking too fast? Louder? Is this better? >> Yeah. >> Here's another fun way of doing an exercise regardless of what field you are in. Pick an illegal activity and find a legal way of doing the activity. You will be amazed of what you will learn. How many of you read "spam nation" and he talked about the Russian hackers and everything else. He talked about what a lot of us know about. If you are trying to procure an infrastructure and have it not traced back to you. By the way, I'm not going to talk about why I have the right to privacy and if I hear the argument, I'm not doing anything illegal and have nothing to hide. Well, when you are having sex with your wives, it is not illegal, but do you want someone watching that? Taking a dump in the bathroom? I'm not going to have an argument with you why I have to justify why I should have privacy and this is some of the stuff that I have done in the past year and trying to find legal ways of doing illegal activities and there is places where you can go online and register a email and there are many places that check the address of the registration of the card and many of the gift cards that you buy are going to get flagged and you can't use them to buy certain things like VPN access. What these allow, you buy them with cash, and you register an address for the card. The address can be anything that you want. I will tell you a hint. Certain sites are going to look at the geolocation of the IP address and just find a particular VPN the state that matches what you registered with the card. Some of the fun that I found with this. How many of you see the charge on December 9, 2014. Yeah, that was me playing with the illegal stuff and someone tried to charge $1 million to that card. I thought it was funny and the most funny thing about it, if you look; it is listed as a reoccurring installment. Wait a second. These guys are completely off their rocker until they did it again. [ LAUGHTER ] And again. If you look, I have two charges on 12/9 for restricted country and when you do this, this is what you find out when you stuff like this. A million dollars and this one had $100 load on it. Don't get caught up with the media definition of what a hacker is. Anyone that has pressed your sins? How many of you have a yellow badge? For those of you that are new to DEF CON, we have special press policies and we try and be hacker and anonymity-friendly and anyone with a big yellow disk around their neck and if you turn it around and the back of the press badge this year is a guy like this. [ LAUGHTER ] The 101 panel probably said, I was wasn't in here, but they usually do. Take it for what it's worth; the press is not your friend. They really aren't. I have seen friends get burned. I have been burned. There are very few in the media that I trust. They are coming here because they want to get a Sound Byte and put something up in the news and that is going to shock mom and pop U.S.A. Be careful what you say to anyone in the press. Be aware of the fact that you are going to be misquoted. That's the end of my rant. What do you think about that? Do you think I'm full of crap? Tell the truth. [ APPLAUSE ] So, that's the end of my little notes there. I'm happy to answer questions and anything that you guys have for whatever time we have left. Can you use the mic so people can hear? >> Why did you stick a hubcap on us this year? >> For those of you that are new to DEF CON, we do a Tick-Tock cycle and Joe Bran was one of the first to do an electronic badge. Every conference has an electronic badge. It would be pass say. We always try and do something new and different and fun. This is a non-electronic year. It was actually my wife's idea to come up with the record. Not that I'm trying to throw the hate at her. >> She's a lot smarter than you. >> Yes. These are seven-inch. I couldn't do a five-inch because no one makes records anymore. By the way, I will tell you here, but I'm going to talk more in detail about the badges tomorrow, but I will tell you that we printed hatch as many LP records that Taylor swift has put out in her entire career. Also, the vinyl in these, when they came here, weighed over two tons. That's how many people are going to be at DEF CON this year. Any other questions? I almost forgot! Thank you for reminding me. Those of you that follow me on Twitter, I got a tweet back from William Schattner. Are you a fan? Fake it if you are not. I'm going to stick with our own policy and I would like to take a selfie per request of William Schattner of this sign. I'm going to hold my phone up and send it to him. [ LAUGHTER ] Thank you. [ APPLAUSE ] These are for tomorrow and I'm going to explain in detail. This is an Uber badge. This year, there are six radioactive badges. I'm going to explain that tomorrow. Thank you for coming. [ APPLAUSE ]