For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Sign inTry it free
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
DocsGuidesSDKsIntegrationsAPI docsTutorialsFlagship blog
  • Flagship blog
    • 52 Blog Posts, Claude, 3 Prompts, Under an Hour
    • Shipping from Oakland: An Observability Hackathon Recap
    • Day 12 | New Year, New Observability
    • Day 11 | What engineering teams really want from Observability
    • Day 10 | Why observability and feature flags go together like milk and cookies
    • Day 9 | The Three Ghosts Haunting Your AI This Holiday Season
    • Day 8 | Observable Multi-Modal Agentic Systems
    • Day 7 | SLOs that actually drive decisions
    • Day 6 | Stop cardinality from stealing your cloud budget
    • Day 5 | Using a Popular Tidying Method to Consolidate Your Observability Stack
    • Day 4 | Tracing the impact of feature flags in your Node.js app
    • Day 3 | Zero-Config Observability with OpenTelemetry
    • Day 2 | Why AI agents need three layers of observability
    • Day 1 | Observability Under the Tree: What Changed in 2025
    • 5 takeaways from my first PyCon JP conference
    • Dungeons & Downtimes: XP gained from our adventure
    • Reverse Proxy for custom domains
    • Adventures in dogfooding: Guarded Releases
    • A quick tool for npm package scanning
    • My DEF CON 33 experience
    • Make every launch a big deal
    • Fun with JS streams
    • Moonshots XXII: Hack to the Future recap
    • A tale of three rate limiters
    • My good friend Claude
    • My approach to React app architecture in 2025
    • Data isolation with ClickHouse row policies
    • Ingest and Visualization for OpenTelemetry Metrics
    • Alert Evaluations: Incremental Merges in ClickHouse
    • Optimizing ClickHouse: The Tactics That Worked for Us
    • Migrating from OpenSearch to ClickHouse
    • Revamping Privacy Mode: A Better Way to Obfuscate Sensitive Data
    • An open-source session replay benchmark
    • LLM-based Grouping of Errors
    • Building GitHub Enhanced Stacktraces
    • Vercel Edge Runtime Support
    • Finding Interesting Sessions with Markov Chains
    • Building Logging Integrations at LaunchDarkly
    • The Network Request Details Panel
    • Using Github as a Headless CMS
    • Your Source Maps Should Be Public
    • Supporting Outside Contributions at LaunchDarkly
    • Managing our design tokens at LaunchDarkly
    • Our Commitment to OpenTelemetry
    • The 5 Best Logging Libraries for Ruby
    • InfluxDB: Visualizing Millions of Customers' Metrics using a Time Series Database
    • 8 Tips to Help You Maximize Chrome DevTools
    • The Debugging Process and Techniques for Web Applications (Part 2/2)
    • 5 Best Node.js Logging Libraries
    • What are rage clicks and how to detect them
    • 5 Best Practices for Maintaining a Clean ReactJS App
    • Is Kafka the Key? The Evolution of LaunchDarkly's Ingest
    • What Is Full Stack Monitoring and How Does It Work?
    • The beauty of contact-first API design
    • What is Frontend Monitoring and What Tools Help You Do It?
    • 5 strategies to monitor the health of your web application
    • Configuring OpenSearch for a Write-Heavy Workload
    • Maximizing Our Machines: Worker Pools At LaunchDarkly
Sign inTry it free
LogoLogo
On this page
  • 👋 Introduction
  • 🎯 Why I attended
  • 🔍 Favorite talks & villages
  • Talks
  • 📍 Amplifying Phishing Attacks with Generative AI
  • 📍 Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug
  • Villages
  • 🧪 Red Team Village
  • 🧪 Physical Security Village
  • 🔒 Practical takeaways
  • 👀 Noteworthy quotes
  • 📸 Photo dump
  • 💭 Final thoughts
Flagship blog

My DEF CON 33 experience

Was this page helpful?
Previous

Make every launch a big deal

Next
Built with

Published September 11th, 2025

Portrait of Mike Rose.

by Mike Rose, Senior IT Security Engineer, LaunchDarkly

👋 Introduction

I attended DEF CON 33 this year in Las Vegas and want to share a recap of my experiences and insights from the event. Whether you’re a seasoned security practitioner or just DEF CON-curious, I hope this gives you a helpful window into what goes on at one of the world’s largest hacker conferences.

Spoiler alert: AI dominated the conference discussions.

🎯 Why I attended

I went into DEF CON this year with a few goals in mind:

1️⃣ Stay up-to-date on emerging threats.

2️⃣ Find practical inspiration for our security workflows at LaunchDarkly.

3️⃣ Catch up with old friends and colleagues.

🔍 Favorite talks & villages

Talks

📍 Amplifying Phishing Attacks with Generative AI

  • Speaker: Daniel Marques

  • What it was about: This talk examined how AI allows threat actors to automate key phases of phishing campaigns, including initial reconnaissance, crafting targeted communications, and establishing attack infrastructure.

  • Why it stood out: Threat actors can now easily scale and customize phishing campaigns using AI, which was previously more challenging with manual methods.

📍 Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug

  • Speaker: David Cash & Rich Warren

  • What it was about: This talk highlighted how Zero Trust Network Access (ZTNA) solutions were exploited to bypass authentication, spoof device posture checks, and escalate privileges.

  • Why it stood out: This presentation aimed to highlight the vendor flaws of Zero Trust solutions. The key takeaway is to avoid blindly trusting your Zero Trust solution; consistently monitor logs and keep your infrastructure updated.

Villages

🧪 Red Team Village

  • What I explored: Modern red team tools and methodologies for penetration testers and red team engagements.

  • Key insight: I discovered some tools that I can leverage during our upcoming internal red team exercise for FedRAMP.

🧪 Physical Security Village

  • What I explored: This year I volunteered for the Physical Security Village despite having limited experience with physical penetration testing.

  • Key insight: I learned various lock bypass techniques and demonstrated them to other conference attendees.

Photo of a J-Tool demonstration.

Photo of a J-Tool demonstration..

🔒 Practical takeaways

Here are a few ideas or trends to dig into:

  • We should consider leveraging AI more to perform log analysis.

  • Prompt injections will become more prevalent with LLM adoption.

  • AI is enabling threat actors to launch hyper personalized, convincing, and adaptive phishing campaigns.

👀 Noteworthy quotes

“Attackers have traditionally held the advantage in security, moving quickly and adapting swiftly. However, defenders using AI and automation are shifting this narrative.”
“We don’t have true artificial intelligence; we have a system skilled in pattern recognition that can provide relevant information.”

Sources for these quotes were smart folks at a happy hour I attended, but I didn’t catch their names.

📸 Photo dump

Photo of Red Team Village panel.

Red Team Village panel

Photo of car hacking village.

Car hacking village

Photo of AIXCC exhibit.

AIXCC exhibit

Photo of Physical Security Village.

Physical Security Village

Photo of J-Tool instructions.

J-Tool instructions

Photo of wall of sheep who have been pwned at defcon 33.

Wall of sheep

Photo of the inside of lvcc.

Inside lvcc

A cool collection of six previous defcon badges.

I am running out of space for the badges I collect each year at DEF CON. 😆

My favorite badge this year was the Laser Tag Badge. Unfortunately, my IR emitter fell off on the first day of the Con. I soldered on a new one but finished 160th on the leaderboard.

💭 Final thoughts

This was my fourth DEF CON and it’s always a bit overwhelming—in the best way. It’s a reminder of the creativity, curiosity, and persistence that defines the security community. Whether you’re trying to break things or protect them, it’s all about asking better questions.