First I would say thank you to Jerry Gamblin for allowing me to reuse its work.
This checklist is based on Jerry Gamblin works:
- 6 Technical Things To Do Before Security Summer Camp
- 6 Networking Things To Do Before Security Summer Camp
- Delete All The Saved SSID’s On Your Devices
A common attack that hackers like to do is spoof common SSIDs so that your device will
connect automatically and start using their AP so they can capture all your information.
I actually wrote a script called mana-common that spoofs the most common to demo this problem.
You should delete all the saved SSIDS on your devices to stop from falling victim to this attack.
- Get A Hot Spot
Connecting to a hotel network at a Hilton in Little Rock is dangerous. Connecting to a hotel network in Las Vegas is reckless. Connecting to a hotel network in Las Vegas during Security Summer Camp is stupid. You can pick up a mobile hotspot for about $25 a month.
- Get A VPN
You could easily get a commercial VPN but if you want to go to the next step build your own streisand
server or an openvpn server and delete it when you are done with it.
It will help protect your data from anyone who may be snooping on you.
- Change All Your Passwords (Before and After)
You should run your passwords managers auto-change feature before you leave for Vegas and
when you get back just incase someone gets a hold of your account.
You do use a password manager right?
- Turn on 2FA On All Your Accounts.
You should at a minimum enable 2FA on all your social media and financial accounts before you head out. Twofactorauth.org has great information on how to configure your accounts to use 2FA.
- PCAP All Your Traffic
This is the most paranoid of my tips but when I am at a conference I always PCAP all my data incase I do get breached I can hopefully figure out how or write a good blog post about it.
I wrote a blog post on doing this with docker earlier this summer so I now can run this to save the pcaps to my dropbox:
docker run -v ~/Dropbox/pcap:/pcap --net=host -d jgamblin/tcpdump
The truth is these rules should be followed all the time if you want to have a decent operational security posture. OK, you might not need to PCAP everything, I am just paranoid…follow the first and you will be ok.
- Get Some Personal Cards
It is 2016 and we should all be able to NFC our contact info securely to the person next to us in 10 seconds, but we cant.
You should invest in some personal networking cards that you can hand to someone when you want to take that conversation about that amazing project they are working on from the Rapid7 party offline so you can really understand the technical details.
These just need your name, email and social media contact information (Moo.com is where I get mine).
Have Fun !