Blog ·
Attended DEF CON Singapore 2026 — Event Report

On April 28–29, 2026, I attended DEF CON Singapore 2026 at the Sands Expo and Convention Centre at Marina Bay Sands. As DEF CON's first-ever edition in South-east Asia, the two days drew hackers, researchers, and engineers from around the world — an electric, energising experience. This post is a quick report on the event and the on-site atmosphere.
What is DEF CON?
DEF CON is one of the world's largest hacker conferences, founded in 1993 by Jeff Moss (The Dark Tangent). It is normally held in Las Vegas and is known for its mix of Talks, themed Villages, the CTF (Capture The Flag) competition, lock-picking and hardware-hacking corners, Demo Labs, and much more.
This year's DEF CON Singapore 2026 was co-hosted with the Singapore government agency HTX (Home Team Science and Technology Agency), running April 28–30, 2026, with training sessions on April 26–27. As DEF CON's first South-east Asia edition, it was a rare chance to experience the cutting edge of cybersecurity in Asia.
- Venue: Sands Expo and Convention Centre (Marina Bay Sands)
- Dates: April 28–30, 2026 (main conference)
- Hosts: DEF CON × HTX
- Official site: defcon.org/html/defcon-singapore
Entry and badge
The standard conference ticket — without any early-bird discount — was SGD 400. Training is priced separately from the conference and varies by course. I attended the main conference only.
On entry you receive a conference pamphlet, electronic badge, stickers, and a knapsack. DEF CON badges are iconic — they double as your entry ticket — and this year's badge was, of course, an LED-lit gadget that is itself a hacking target. Rewriting code or probing it from the outside changes how it lights up and what patterns it shows, so attendees can keep reverse-engineering the badge throughout the event.
Venue and track layout
The basic flow is simple: pick the talks you want from the printed pamphlet or the schedules posted around the venue, and head to the corresponding room. Talks were split across three tracks.
- Track 1: The biggest hall. Headline talks were held here.
- Track 2: The second-largest room. To avoid bleed-through with Track 1, audio was streamed to wireless headphones — which actually made the talks easier to hear.
- Demo Labs: Four small-group sessions of about 10 attendees each running in parallel, also via headphones. Being so close to the presenter makes it easy to ask questions directly.
Booths did not have rigidly assigned roles, so it was easy to just wander between whatever caught your interest.
Memorable talks and exhibits
Hacking hotel keycards
The most striking session for me was on hotel keycard hacking. The talk was titled "HOTEL LOCK VULNERABILITY DEMONSTRATION: UNDERSTANDING XOR, REVERSE ENGINEERING, CARD DECRYPTION AND UNAUTHORIZED MASTER CARD WITH CARD ALGORITHM", presented by Dennis Goh Yong Sen and Ambrose John Doormie.
The topic was reverse-engineering the XOR-based proprietary cipher used in a particular brand of hotel lock that is widely deployed across Asia. Using Proxmark3 RDV4 — a staple piece of RFID-analysis hardware — the speakers communicated with the cards, picked apart the cipher, and walked the audience step by step all the way to unauthorised duplication of a master card.
- ① Identify the cipher: Talk to the card with a dedicated reader and identify the XOR-based cipher structure used by the hotel system.
- ② Reverse engineer: Combining static analysis with captured traffic, work backwards to the encryption sequence and the on-card data layout (room number, valid-time fields, and so on).
- ③ Decrypt and tamper: Reproduce the key schedule, recover plaintext for guest and master cards, and then rebuild a master card capable of opening any room — using only commercially available hardware — in a live demo.
The presenters approached this strictly in the spirit of responsible disclosure: no weaponised code was published. The point was to show how far an attacker can get when weak cipher design and well-known default keys are left in place. Hearing how the keycards we casually slide into hotel doors can have surprisingly fragile internals was thought-provoking — and directly relevant to how we design authentication, authorisation, and key management in web and mobile apps.
Dries Depoorter — art × hacking
Another standout was the session by Dries Depoorter, a Belgian artist–developer (born 1991, based in Ghent). He is known for turning contemporary themes — AI, surveillance, social media, privacy — into cynical, playful artworks that have shown at the Barbican (London), Art Basel, Ars Electronica, ZKM, and other major venues. As he himself puts it, "I don't like difficult art. I want to make things anyone can understand," and his pieces let viewers feel the dangers of technology directly.
His talk, "SURVEILLING POLITICIANS, UNMASKING INFLUENCERS, FAKE LIKES AND DYING TOGETHER", was structured around "approaching security research from the world of art rather than the lab" — a tour of his signature projects.
- SURVEILLING POLITICIANS — The Flemish Scrollers
AI continuously analyses live broadcasts of the Flemish (Belgian) parliament, uses face recognition to spot politicians scrolling on their phones during sessions, and automatically posts the clip to social media tagging the person in question. The stance: "If governments can use AI to surveil citizens, citizens can use AI to surveil governments at work." - UNMASKING INFLUENCERS — The Follower
AI analyses footage from open-access live cameras around the world and matches it to picture-perfect Instagram posts to identify the exact place and moment a photo was actually taken. It exposes how staged those glamorous shots really are behind the scenes. - FAKE LIKES (live demo)
Using a Python tool he built himself, he ran a live demo on stage in which massive numbers of "likes" were generated in real time on an arbitrary social media post. A confronting, on-stage demonstration of how cheaply and easily the foundations of social-media trust can be broken. - DYING TOGETHER — Die With Me
A chat app you can only access when your phone has less than 5% battery remaining. An experiment in "digital scarcity" where dying devices share their final moments — a bestseller that went viral worldwide.
Reframing surveillance, social media, and trust through an art lens — rather than purely as engineering problems — is one of the things that makes DEF CON special.
Reference: https://driesdepoorter.be
Student exhibits, CTF, and lock-picking
There was no shortage of other things to see — student research and project booths, a CTF corner, and a hands-on lock-picking area for learning physical security.
The biggest crowd? The swag booth
Surprisingly, the biggest crowd at the venue was at the swag booth. On day one a long line formed the moment the doors opened. There seemed to be no entry-fee gate to it, so anyone willing to queue could buy merch. I picked up a single DEF CON patch as a souvenir.
Breaks and food
Between talks you can wander Marina Bay Sands or relax in the on-site dining and break area. Note that the food court gets busy around lunchtime — securing a seat takes some effort.
The on-site canteen was actually pretty reasonable — about SGD 15 per meal. A coke at SGD 5, on the other hand, felt a bit steep.
And the personal highlight: a beer booth
The personal highlight, though, was the beer booth right inside the venue. That said, paper-cup-sized servings at SGD 15 was a confident price point.
Closing thoughts
I did not attend any training, so I cannot speak to that side, but based on the main conference alone, my impression is that DEF CON is less a place to systematically learn techniques and more a place to soak up the cutting-edge atmosphere and community. The chance encounters with engineers and researchers from around the world, the unique culture, and the playful exhibits all add up to something energising.
Next time I would love to make it to the original DEF CON in Las Vegas and try the CTF myself.
At FJT SOLUTIONS (THAILAND), we will keep tracking these latest security trends and feed what we learn back into our web, mobile, and business-system development work.


