🎙️
AIPodify
Shows

Darknet Diaries

Secrets of Defcon: Untold Stories From the World's Greatest Hacker Conference Ep.157: Grifter

Guest: Neil WylerApril 1, 2025
defconblack hathacker conferencescybersecuritythreat huntingnetwork securitycredit card fraudair forcedefcon villagesanonymitysocial engineering
Secrets of Defcon: Untold Stories From the World's Greatest Hacker Conference 💾 Ep.157: Grifter

Episode Summary

AI-generated · Mar 2026

AI-generated summary — may contain inaccuracies. Not a substitute for the full episode or professional advice.

This episode introduces Neil Wyler, better known by his alias Grifter, a long-standing fixture in the hacker community and a respected cybersecurity professional. The central thesis explores Grifter's remarkable transformation from a mischievous, street-smart youth involved in crime and early computer hacking to a key organizer at major hacker conferences and a leader in enterprise threat hunting, highlighting the unique trajectory many take in the InfoSec world.

👤 Who Should Listen

  • Aspiring cybersecurity professionals seeking career path inspiration from diverse backgrounds.
  • Individuals interested in the history, culture, and behind-the-scenes operations of hacker conferences like Defcon and Black Hat.
  • Network defenders and security engineers looking for insights into advanced threat hunting strategies and real-world attack detection.
  • Anyone curious about the blurred lines between ethical and unethical hacking, and the unique personal journeys within the InfoSec community.
  • Event organizers or community builders looking for creative ways to foster engagement and create specialized content areas at conferences.

🔑 Key Takeaways

  1. 1.Grifter's early exposure to pirated games and subsequent need to troubleshoot self-induced malware problems fostered crucial foundational skills in understanding computers and networks [10:34].
  2. 2.His stint in the Air Force, a stark contrast to his earlier life, instilled core values like integrity and excellence, which profoundly shaped his professional ethos [29:29].
  3. 3.Grifter conceptualized Defcon Groups in 2003, decentralized hacker meetups organized by area code, which have grown to over a hundred chapters globally and serve as a vital community and mentorship resource [37:58].
  4. 4.Defcon Villages, including the Lockpick Village and the Hardware Hacking Village, and Skytalks, which feature unrecorded, candid talks, originated from Grifter's innovative idea to utilize skyboxes at the Riviera venue for daytime activities in exchange for party space [41:08].
  5. 5.As the co-leader of the Black Hat Network Operations Center (NOC), Grifter manages a sophisticated security operation by replacing all hotel network infrastructure and securing equipment for free from vendors eager to be 'trusted by Black Hat' [48:30].
  6. 6.Grifter's 'Aggressive Network Self-Defense' philosophy advocates for actively targeting and neutralizing attacking machines, even if they are compromised innocent devices, to protect one's own network resources [65:21].
  7. 7.His threat hunting engagements consistently uncover active or past breaches, even in highly secure financial organizations with large security teams, often due to overlooked protocols or tunnel vision regarding 'unallowed' traffic [67:26].
  8. 8.The cybersecurity field is a unique space where individuals with pasts in 'criminal hacking' can transition to become trusted consultants for governments and major corporations, driven by a shared passion for learning and the 'chase' of the cat-and-mouse game [74:43].

💡 Key Concepts Explained

Defcon Villages

These are dedicated areas at Defcon, born from Grifter's idea at Defcon 14, where groups host daytime activities (e.g., lock-picking, hardware hacking) in specific 'skybox' rooms in exchange for using the space for parties at night. This concept fostered specialized communities within the larger conference and has since spread to other InfoSec events.

Skytalks

Also originating from Grifter's skybox concept, Skytalks are presentations given at Defcon that prohibit recording or photography. This policy allows speakers to deliver more secretive, potentially incriminating, or uninhibited content, fostering a unique environment for candid discussions.

Defcon Groups (DCGs)

Initiated by Grifter in 2003, Defcon Groups are local hacker meetups organized by area code in cities and countries worldwide. They serve as community hubs for cybersecurity enthusiasts, offering networking, learning opportunities, and mentorship outside of the main annual conference, distinguishing themselves from political or preachy alternatives.

Black Hat NOC

The Network Operations Center for the Black Hat conference, which Grifter co-runs, is a full-fledged security operations center that completely replaces the venue's network infrastructure with its own, using custom equipment and a team of cybersecurity experts. Its importance is in providing a secure and monitored environment for a hacker conference, resilient against the constant attacks and exploits demonstrated by attendees and speakers.

Aggressive Network Self-Defense

This is the philosophy behind a book co-authored by Grifter (Neil Wyler). It advocates for an offensive approach to network defense, suggesting that defenders should not just block attacks but actively seek to disable or 'send to the bottom of the digital ocean' the attacking machines, even if they are compromised third-party systems, to stop the threat.

Threat Hunting

A proactive cybersecurity discipline focused on actively searching for threats within a network that may have bypassed existing security controls. Grifter has spent over a decade leading global threat-hunting programs for companies like RSA Security and IBM X-Force, emphasizing that engagements consistently uncover active attacks, previous breaches, or policy violations.

⚡ Actionable Takeaways

  • If you're interested in cybersecurity, actively seek out and join a Defcon Group (DCG) in your area to network with passionate individuals and find mentors, as they are specifically designed for this purpose [39:01].
  • Embrace the core value of integrity by striving to 'do the right thing even if nobody’s looking,' a principle Grifter adopted from his military experience and applies to his professional conduct [29:29].
  • When securing a network, actively monitor and scrutinize all traffic, even for protocols you believe are blocked, as overlooked 'unallowed' traffic can be a significant exfiltration vector, as seen in Grifter's financial institution case [69:30].
  • Foster an 'excellence in everything you do' mindset, as Grifter's mother instilled in him, applying it to your chosen field to continuously improve and stand out [29:29].
  • Be mindful of public disclosure, especially at hacker conferences; consider 'responsible disclosure' protocols before immediately posting vulnerabilities, as Grifter learned when revealing an elevator hack [57:00].
  • For event organizers, consider innovative models like Defcon Villages, which require participants to contribute daytime content in exchange for evening social space, to foster community engagement and content creation [41:08].

⏱ Timeline Breakdown

00:00Jack describes Defcon's unique all-night party atmosphere, including vendor parties spending over $100,000.
01:00Jack shares his secret for attending Defcon anonymously: a bandit-like disguise that paradoxically makes him recognizable.
02:05Jack describes his 'everyone is Jack Rhysider' party at Defcon, where 800 guests wore his disguise, allowing him unprecedented anonymity.
04:12Jack details his experiment of giving party attendees control over his live Twitter feed, blocking only URLs.
06:21The Twitter experiment ended after hours due to rate-limiting, but Grifter's party saw a line of 1,000+ people and ran for six hours.
08:29Grifter explains how he got his name and his early life in Long Island, New York, including dialing into pirate bulletin board systems.
10:34Jack explains how Grifter's troubleshooting of self-induced malware problems led him to become a 'superuser.'
11:37Grifter recounts discovering hacker BBSs and being fascinated by viruses and operating systems, finding a connection to a wider world.
14:51Grifter describes his youth of committing various street crimes, including shoplifting, car theft, and bartering stolen goods.
16:59Grifter explains how he and friends committed barcode swapping and credit card fraud (carding) to order goods like streetwear.
19:03Grifter recounts hacking into a credit card provider, discovering training manuals, and internally processing a credit card for himself.
22:11Grifter describes the mix of elation and horror upon receiving his first self-generated, fake-name credit card with a $5,000 limit.
24:17Grifter leveraged his credit card creation skill by selling cards to an organized crime figure for 10% of their limit, sustaining this for two years.
27:24Grifter explains his abrupt decision at age 17 to join the Air Force as a way to escape his criminal life and hometown.
28:26Grifter shares how the Air Force instilled core values like integrity and excellence, helping him transition from a troubled youth to an adult.
31:40Frustrated by military inefficiency, Grifter left the Air Force knowing only how to fix F-16s or break into computers, choosing the latter.
32:45Grifter attended Defcon 8 in 2000, calling it an 'incredible experience' where he found his 'people' and connected over shared interests.
33:48Grifter started as a Defcon vendor selling 320 t-shirts, later becoming a 'goon' (volunteer) for security and other areas from Defcon 10 onwards.
35:56Grifter's extensive involvement with Defcon included running forums, the Scavenger Hunt, speaking, and eventually technical operations for Black Hat.
36:56Grifter conceptualized and launched Defcon Groups in 2003, decentralized hacker meetups based on area codes, to foster community without politics.
39:01Defcon Groups grew to over a hundred chapters worldwide, serving as a key resource for cybersecurity networking and mentorship.
40:05Grifter recounts how, after wanting to stop 'gooning,' Dark Tangent tasked him with developing a unique concept for the Riviera's skyboxes.
41:08Grifter's skybox idea led to the birth of Defcon Villages (like the Lockpick Village) and Skytalks, requiring groups to host daytime activities for party space.
43:14Grifter reveals that his anonymity as 'Grifter' was accidentally broken by his ex-wife at Defcon 9, revealing his real name, Neil Wyler.
45:22Grifter discusses his role running the Black Hat Network Operations Center (NOC) and the unique challenges of securing a hacker conference network.
48:30The Black Hat NOC evolved to leverage vendor equipment for free by offering them 'trusted by Black Hat' branding, allowing access to sophisticated gear.
50:37Grifter emphasizes his integrity in selecting Black Hat NOC equipment, rejecting bribes and choosing based purely on performance.
51:42The Black Hat NOC actively monitors for compromised devices, issuing captive portal warnings to attendees whose devices show signs of infection.
53:46Grifter shares a story about attendees rappelling off the Riviera roof to avoid security at a party, leading to ejections.
54:49Grifter confirms malicious ATMs have been found at Defcon, including one rolled into a lobby.
55:55Grifter recounts how he discovered an open pin-out on a Mandalay Bay elevator card reader, allowing control, and how he posted it on Twitter.
57:00Grifter describes getting a call from Mandalay Bay security, who used 'responsible disclosure' to convince him to remove his elevator hack tweet.
59:06Grifter recalls a Defcon party where gallons of liquid nitrogen were dumped into a pool, creating massive steam effects.
60:12Grifter describes himself as a 'high-functioning introvert' who enjoys the Defcon chaos but needs time to recharge.
61:17Grifter tells a story about inadvertently 'eviscerating' a book to its publisher's VP, leading to a relationship that would result in his own book.
63:19Grifter co-authored 'Aggressive Network Self-Defense,' a book promoting offensive tactics for network protection, and decided to use his real name, Neil Wyler, on it.
64:19Grifter explains his 'aggressive self-defense' philosophy, advocating for taking down attacking machines regardless of who owns them.
66:26Grifter details his career focused on threat hunting, including running programs for IBM X-Force and RSA Security, and consulting Congress and NATO.
67:26Grifter recounts a threat hunting engagement at a major financial institution where he discovered ongoing FTP exfiltration of financial transactions to Russia.
72:39Jack speculates on the significant fallout if such a story of a major financial hack were to go public, and his desire for such a 'banger-level' story for the show.
73:40Grifter reflects on the unique InfoSec space where former criminal hackers become trusted consultants, united by a love for learning and the 'chase.'

Best of this topic

Best defcon episodes →Best black hat episodes →Best hacker conferences episodes →Best cybersecurity episodes →Best threat hunting episodes →

💬 Notable Quotes

"Nobody knows what I actually look like, and I can still meet hundreds of people if I want. In fact, I’ve worn this costume so much that everyone seems to know me when I wear it. It’s my brand. It’s my look..." [01:00]
"We’d just go out on a Saturday and we’d hit like, seven or eight stores. We’d go buy it at one store, return it at the next one, buy some other stuff at that store, go return it at the next one, go do stuff like that." [18:00]
"The Air Force core values are integrity, service before self, and excellence in everything you do. I took that to heart. I didn’t even really know what integrity meant at the time... it’s like, doing the right thing even if nobody’s looking..." [29:29]
"I would get so much heat from people about that because they were like, well, you don’t know if you're actually attacking some grandma’s computer, 'cause it’s not — it’s a jump box. It’s not likely that the person that you're attacking is that — that’s their machine. I’m like, yeah, but then let’s get rid of their resources then. If we knock the machine that’s doing the attack offline, then the attack stops." [65:21]

More from this guest

Neil Wyler

All appearances →Best episodes →

📚 Books Mentioned

Aggressive Network Self-Defense by Neil Wyler (Grifter) and co-authors
Amazon →

Listen to Full Episode

▶ YouTube

📬 Get weekly summaries like this one

No spam. Unsubscribe anytime. By subscribing you agree to our Privacy Policy.

Continue Exploring

🎙️

More from Darknet Diaries

All episodes →

🏷️

More defcon episodes

Browse topic →

Best black hat episodes

Ranked list →

🗂️

Browse all topics

Topic directory →

← All episodes of Darknet Diaries