WWHF 2018


WWHF 2018

My first InfoSec Conference was in Deadwood, SD. And it won't be my last.

Let me start by saying I’m not much of a conference guy. Having had opportunities to go to them in the past, I always passed them up for one reason or another. So when I was invited to go to Wild West Hackin’ Fest (WWHF) by Open Security, my first instinct was to think of a good excuse not to. When I could just watch the talk videos later, what was the point? Besides, I hate being shoved into a crowded venue, struggling to fit everything into a severely limited time schedule, and networking? …shivers.

Against my better judgment, I took a look at the website and found WWHF wasn’t anything like the Vegas-based monsters such as DefCon or Black Hat. The schedule was only set for two days and it was set in Deadwood, SD (wherever that was). Plus, the theme was mining for gold! Beyond that, it was only their second year. As a newbie to the InfoSec conference track, it made me feel a little more comfortable joining something new rather than trying to break into something well established. With all that in mind, I threw my name into the mix and secured myself a spot on the guest list.


The Offerin’

WWHF’s schedule listed 33 talks, 4 workshops, a Capture the Flag (CTF), several labs, a scavenger hunt, campfire talks, an escape room, a steak din—a, and more. In fact, with only a Thursday/Friday schedule plus some early access on Wednesday evening, there really wasn’t enough time to take it all in. After a welcome from John Strand and the keynote from Ed Skoudis, the race was on to jam as much learning and fun into the day before hitting the hotel bar to continue conversations from earlier or listening to some open mic karaoke.

During the day there was never any need to drive anywhere due to the conference providing everything one could need (meals, comfortable seating, drinks, power, etc.) inside the event center itself. If you did want to go somewhere, downtown Deadwood was just outside and the weather held strong enough for comfortable walks the whole time we were there.

Findin’ My Way Through the Gold Mine

I took it pretty slow for the start of my first conference. The Open Security team had a booth on the main floor and I was happy to sit there and let the community come to me. Looking back, it was probably the best thing to do. Within minutes of the conference kick-off, people were swarming to introduce themselves, ask questions, and share stories about their experiences. It also helped that our booth was backed up against one of the speaking tracks and I got to eavesdrop on David Kennedy’s talk on anti-malware prevention software.

After a couple of hours at the booth, I felt right at home and was eager to venture into the wild west of hacking conferences. I started with a team event in the escape room. I had never done one in the past, and without having much to compare it to, I must admit it was fun. The event hosts came up with a good sequence of challenges that ranged from lock picking to Wi-Fi hacking. With so much variety in the challenges, all of us got to take the lead in some aspect of the game. I was lucky to have a well-rounded team on my side or I might still be in there.

We tried everything to get out of the escape room.

After we escaped, we made the rounds to visit vendors, talk some shop, and collect our swag. Along the way, we ran into a car hacking lab put on by GRIMM, a DNS scavenger hunt, and the lunch buffet. By the time we finished, I was ready to sit and relax with some online challenges at the CTF put on by the MetaCTF team until the tool shed talks began.

The tool shed talks were a great way to see what people in the community were doing in their spare time or as they were getting their startup projects up and running. It was amazing to see some of the work that was being done to continue building the future of the field. Tools from both blue and red teams made their way onto the stage for quick five-minute overviews, but I wish there had been more time to really dig in.

Stakin’ Our Claim (Capture the Flag)

Day two at the conference started with the Open Security team deciding to buckle down on the MetaCTF challenges and get our name on the leaderboard. I can’t stress enough how well the MetaCTF team did putting up challenging puzzles and integrating their work with the rest of the conference. There were challenges that required connecting to other labs in the venue, pulling lessons out of talks given throughout the event, and they kept adding more!


With about an hour left to go, the Open Security team (youvegotmail) was showing in the top 7 teams when the scoreboard was turned off for suspense. We kept trucking along and finished a couple more challenges. One member of our team was even able to finish a crypto challenge that nobody else was able to solve (props to Marshall). In the end, we finished in 5th place - just enough to have our names announced in the closing ceremony.

The final event was a steak dinner provided by the Chuckwagon and yes, it really was an event in its own right. Successfully feeding 600 people a fresh steak dinner straight off the grill is a testament to the dedication of the WWHF team. I was taken aback when a young man no older than 12 asked how I liked my steak cooked when I reached the front of the line - and got it perfect. Did I mention there were 600 people that got this service?

Good ol’ Fashioned Hospitality

The volunteers of the WWHF were amazing. If there were any problems, help was never too far away. I relied on them heavily and was never made to feel bad for asking dumb questions. The staff at the Deadwood Mountain Grand was also exceptional. The coffee and water stations were always replenished quickly, and the lunch buffet got everyone through the day. The venue itself was clean and never felt too crowded. It really was the perfect place to hold WWHF.

the venue
There was a lot of history in the building going back over a hundred years.

As a final note on hospitality that I think gets overlooked, I would also like to point out that the conference attendees were fantastic ambassadors for the community. I didn’t personally see anyone cause problems and I felt welcome to join any conversation.

WWHF Struck Gold

If I could imagine a conference built for me, it would probably look a lot like WWHF. The small-town venue, the freshness of a second-annual event, a two-day limit on festivities, and a great community of people all came together to make my first experience in the greater InfoSec community an enjoyable one. I left with some new tools in my belt, motivation to continue learning, and the reassurance that there is a way to visit a conference in the way that works for me.

Reflecting on my time at WWHF, I feel like I am now an active participant in something that I had previously only peered into from the outer edge. It was inspiring to see the people I only knew from the internet with my own eyes. It was exciting to discover how small the world is as I ran into people that I knew from previous jobs or who had similar stories as mine. By the end of the conference, I was surprised to hear myself asking people for recommendations to other conferences in the future.

If I could do it again (and I plan to), I would see more of the talks and make more time to explore other labs and workshops. I would also put in a little more effort before the conference to research the speakers and plan my personal schedule to minimize the downtime trying to figure out where to go next.

I was able to pack more learning and motivation into two days than I would have ever been able to on my own. Even though I fear that I may have missed some opportunities by turning down other conferences in the past, I am glad I held out for WWHF. It was a great first con that will lead to my attendance at many more.

blog infosec post travel conferences