For thousands of people in the hacking and cybersecurity world, the back-to-back Def Con and Black Hat conferences in Las Vegas are marked in red on their calendars. With its legendary badges, extravagant parties, and diverse set of activities—talks, movie viewings, and the massive capture the flag event—Def Con is widely considered the hacking conference.
And after being held virtually last year because of the coronavirus pandemic, they're both back in a hybrid format.
Last week, Black Hat was the first one to announce that it was going to be an in-person event. Def Con followed suit on Friday.
Because of travel restrictions, as well as the different pace of vaccinations around the world, both conferences are also going to be streaming talks.
According to the official announcement by the conference founder Jeff Moss, Def Con will require people who want to attend in-person to wear masks, respect social distancing indoors, and be vaccinated.
"If the law requires us to do something different, we will do whatever the law requires," Moss, also known as The Dark Tangent, wrote in the announcement.
A spokesperson for Def Con said that “we're still working through those details, but we likely won't be doing it ourselves.”
“As Jeff mentioned in his blog post, the goal is for DEF CON to collect and store as little data as possible for as short a time as possible,” the spokesperson said in an email.
In an online chat, Moss said that “we will do whatever people do in August to verify.”
“I have a feeling much will change between now and then, but it is important to set the expectation we will be checking,” he said.
Currently, the CDC is giving out vaccination cards on paper; counterfeit cards are for sale all over the internet. Also, Def Con attendees are also known to not always, uhh, respect rules.
Right now, Black Hat is not requiring proof of vaccination, according to the conference FAQ posted last week.
Historically, Def Con never required pre-registration, allowing attendees to be completely anonymous if they wanted. Anyone could just show up on the first day of the conference and pay for a badge in cash. This year, however, the conference is asking people to pre-register.
"For the first time ever, we will have conference pre-registration for the in-person conference. It is simply too risky both from a space planning and financial perspective to try and guess how many people may attend," Moss wrote. "We need hard numbers to make decisions so we will need people to pre-register. How to do this? We will try and incentivize you. If you pre-register we will be able to ensure you get a real badge and if attendance gets restricted you will know your space is reserved."
Attendees will still be able to show up and pay in cash, but the organizers are not promising late-comers a real badge, and are warning them they may be turned away if "we are at capacity."
Black Hat organizers said they are capping capacity at 50 percent of "a given space’s standard capacity."
When both conferences were held in the before times in the summer of 2019, Black Hat had more than 20,000 attendees, and Def Con estimated that more than 30,000 hackers participated in the conference.
It is not immediately clear whether the hacking community is actually going to attend in person, and Black Hat in particular—with its lack of a vaccine rule—was criticized for trying to do a large, indoor, in-person event.
If you're vaccinated and missing the timeless and lightless slot machine-filled halls of the Vegas casinos, the brain-melting heat of the Strip, or just your hacker friends that you may not have seen for more than a year, y'all can go once more to hacker summer camp.
Don't forget your tinfoil hats, burner phones, and masks.
UPDATE, Friday April 16, 11:36 a.m. ET: This story has been updated to include a comment from Def Con’s spokesperson and Jess Moss.
Subscribe to our cybersecurity podcast, CYBER.