DEF CON isn't what it once was, it's something like 30,000 people that are not all hackers necessarily. I agree people should be smart enough but some people are there for their first time and are interested in learning about security.
HackerOne is primarily a bug bounty company which is different from pentest (they offer that too but it's not well established). This is probably in response to other companies not having as big of budgets for bug bounty which no doubt took a hit with all these layoffs over the last year.
I think I can tell you why not CMD.exe, it's because you could run x86 MSDOS programs.
I know this because my dad ran Quattro Pro, a Lotus 1-2-3 competitor up until around 2020 (he finally retired but still might use it for other reasons) and we had to keep figuring out how to keep it working over the years.
