OpenVPN Blog

DEF CON 31: Breaking Software & Building Connections

Written by OpenVPN Team | Oct 2, 2024 3:34:14 PM

 

OpenVPN Cloud is now CloudConnexa® — learn more here.

DEF CON 31: A Hub of Cyber Exploration

DEF CON, a hacker convention held every year in Las Vegas, is an annual pilgrimage for hackers, tech enthusiasts, and cybersecurity experts — and while members of the OpenVPN team have attended before, this August was the first time OpenVPN joined as an exhibitor. This year marked DEF CON's 31st edition, and the atmosphere was electric. 

It Takes a Village

Divided largely into ‘villages,’ the conference provided a wide variety of challenges and experiences. Attendees could explore everything from bio-hacking to car-hacking, from physical security to cloud data hacking. While a conference-wide scavenger hunt is an annually beloved tradition, individual villages also had activities, presentations, and contests unique to their particular focus. 

One of the most talked-about challenges attendees could participate in was presented by the AI village: The Generative Red Team Challenge. In this challenge, hackers from all over the world competed to try and ‘break’ one of many generative AI models participating in the event — from OpenAI’s ChatGPT to models from Google, Meta, Stability.ai, and more. Even the White House supported the challenge, which aligned with the Biden-Harris Blueprint for an AI Bill of Rights and the NIST AI Risk Management Framework. 

A favorite among the OpenVPN team was the presentation on ANSI escape sequences, which explored “how ANSI escape sequences can be used to inject, vandalize, and even weaponize log files of modern applications.” 

Garrett Leber, a Datawarehouse DevOps Engineer for OpenVPN mentioned this presentation had him hooked. “I personally haven’t considered the ways these special sequences can end up executing code on servers via something as simple as a specially crafted HTTP GET request (via curl for example).” This is what DEF CON is all about — those new discoveries, especially about trends in security. 

Engaging Conversations: Dispelling Misconceptions

The heart of the DEF CON 31 experience lay in the conversations the OpenVPN team had with attendees, particularly at the company booth. While OpenVPN is widely known for its open-source protocol, our presence at DEF CON 31 aimed to educate attendees on the other products we offer that include more features and ease-of-use — and that, for the personal user, are still available for free. 

As Dasha Davidov, Director of Marketing & PR at OpenVPN, explains, “Almost everyone who came to the booth was at least familiar with the open source protocol — but many people were surprised to hear that we had business products, too.”

 

 

"One attendee was asking when the open-source protocol was going to get SAML support. He didn't realize it already has it, and Access Server already uses that!" says Elfredy Cadapan, Director of Product Development at OpenVPN. “Several people were also excited about the recent release of data channel offload (DCO) which allows us to match IPSec performance.” 

Building on Open Source

The truth is, like so many products, both Access Server and Cloud Connexa are built on the OpenVPN protocol — and that relationship is symbiotic with OpenVPN the company. Some folks, naturally, wondered about that. After all, how does a company earn revenue if their code is just given away for free? 

"Open source devs only work on the particularly difficult or interesting bits,” explains Cadapan. So if you don’t want anything built out from there, then sure — you might not need Access Server or Cloud Connexa for your purposes. But there are plenty of features that make for a much easier to manage tool, and you might not want to create that yourself. “People pay us to do the boring bits,” Cadapan says. “User management, cert management, and SAML." Hey — someone’s gotta do it. It just doesn’t need to be you. 

DEF CON & OpenVPN

Our experience at DEF CON 31 reinforced our commitment to building innovative products that help individuals and companies securely connect to the resources they need. And perhaps the most surprising — swag. 

 

 

“We gave away 500 shirts in less than one hour,” says Davidov. “We went through more than 1k flyers, and we went through all of our stickers.” 

If you weren’t able to attend yourself, you can see all the presentations on the DEF CON media server — make sure you check it out. 

Thank you for an incredible week, DEF CON — until next year.