DEFCON China 2018: Event Report and Highlights

Senior security engineer Zhang Hongyang (formerly of KPMG, Alert Logic, and Beike) attended the first DEFCON CHINA, organized by Baidu and held from May 11‑13, 2018 at the Kun Tai Hotel in Beijing, and provides a first‑hand report of the event.

DEFCON is the world’s premier security conference with a 25‑year history, often called the “Oscars” of security; its founder Jeff Moss, a legendary hacker, also advises the U.S. Department of Homeland Security and serves as CSO of ICANN. The conference traditionally includes talks, CTF competitions, and hacking villages, and 2018 marked its inaugural edition outside the United States.

The article highlights the conference agenda, which, although smaller than the U.S. edition, covered a wide range of topics from mobile security and system security to vulnerability research and deep‑learning applications, with hands‑on workshops allowing participants to experiment on their own laptops.

One notable workshop was Alibaba’s presentation “You Logged Into My Account,” which discussed account‑takeover techniques, social‑engineering tactics, and exploitation of CSRF, SelfXSS, OAuth, and SSO, followed by mitigation strategies such as CSRF protection, login‑form signing, and visible username display.

Another workshop, presented by US researcher Eijah, demonstrated a decentralized hacker network built on a distributed hash table (DHT) secured with ECIES (Elliptic Curve Integrated Encryption Scheme), illustrating how such a setup can bypass firewalls.

The report also includes numerous photos of the venue, speaker Jeff Moss, workshop sessions, and the distinctive DEFCON badges, noting that badge colors indicate different roles and that each badge contains a hidden puzzle for participants with a hacker’s mindset.

Readers are encouraged to follow the official DEFCON website for more information and to look forward to future DEFCON events, including the next edition in the United States.