Resources / / DefCon

DefCon 26 - Here Comes the Blue Team

tl;dr – The inclusion of a ‘Blue Team Village’ is one of the greatest additions to DefCon I’ve gotten to experience and it’s a huge step forward for the InfoSec community overall.


DefCon is many things to many people. As one of the oldest and largest hacking conferences it always attracts its fair share of great presenters and interesting personalities. Over the past few years the conference has seen relatively explosive growth more than doubling the number of attendees in the last 5 years. Whether this is because the mainstream is more and more turning to embrace hacker culture (Mr. Robot, WatchDogs, Cyberpunk 2077 I’m looking at you) or due to regular and high-profile breaches (cough Equifax, DNC, Target cough) the average American is certainly more tech-aware then they were just a few years ago.

One of the great outcomes of this is that DefCon has been changing to embrace even more interests and viewpoints of the InfoSec community. These changes are most apparent in the increase of available villages setup during the conference. For those who haven’t had the chance to attend (and you really should go at least once, if only to discover that you’re not a fan of the unique nature of the conference) villages are presentation and socialization areas themed around a particular topic. The newer villages have grown to include an IoT village where smart devices frequently get pwned, a Voting Machine Village where, you guessed it, voting machines get put to the test (and defeated), and most recently – and the topic of this first DC26 Blue Team series – a Blue Team village.


The inclusion of this village is great but for some it was unwanted. After all, they say, DefCon is a hacking conference focused on breaking things, understanding how they work, and ultimately exploiting them, why would we want to include the defenders. Well this village is an incredible addition and something that I hope gets to see continued future support. You may wonder why a defensive village at an offensive conference has me, a Red-Teamer/Pentester/’whatever you want to call someone who enjoys getting access to systems you aren’t supposed to’ excited. Wonder no more, it’s because, at the end of the day, the “Blue Team” is why I (and all Red teamers) have a job.

Securing and protecting information and systems is a necessary business function, this is why companies can hire full time defensive staff. The purpose of any offensive or “Red” actions is to help to strengthen and improve the blue team. By including the Blue Team in DefCon the conference is now allowing for the cross pollination of ideas between offense and defense.

By better understanding the mindset of a defender attackers can improve their tradecraft, and by better understanding an attacker’s arsenal and tradecraft defenders can bolster their defenses, identify gaps, and work with their business to improve.

Overall the village was a blast, it was so popular in fact that on the first day you couldn’t get in 20 minutes after opening due to fire code violations. Getting to meet so many new people with a different security perspective was incredibly fun as was one of the more unique CTF’s I’ve had the chance to participate in. A more in depth discussion about the Blue Team CTF is incoming, so check back soon.