DerbyCon 6 – Recharge (Sept. 2016)

I traveled to DerbyCon 6 - Recharge this past weekend, and it was definitely an awesome event.

Louisville in General

Louisville is no Vegas, but that was often a good thing this weekend. The crowds were MUCH smaller (con and non), the prices were lower, and sleep was (a little) easier to obtain.

First of all, there was definitely far less bourbon and horses than I had expected. While I had good bourbon, I expected it to flow into the streets and out of water fountains! Contrary to expectations though, it was about the same as any other major city, albeit with a few more distilleries.

There was also no gambling in the hotel this time, which definitely had its pros and cons this time around. Having the option never hurts, but I couldn't lose money this trip which was nice.

All in all, an enjoyable city, with decent food, that I'd like to go back and visit.

The Con/People

Going to DerbyCon for the first time was a great experience, and something definitely hope to repeat.

DerbyCon is in a smaller venue, which made getting around easier and less stressful. It also meant that there was less of a chance to miss something fun/important.

There was also a much more familiar atmosphere. Everyone wanted to get to know everyone else, and there were less cliques than some of the bigger cons. Even the people running the con encouraged newcomers to join in on any conversations that they wanted.

Meeting more people who I've only read about or spoken to on the internet was fun, and maybe one day I'll be that person to others at cons.

Even if you don't go to any talks, the people and the environment alone are reason enough to head to DerbyCon at least once.


So, I definitely did Grifter proud this con; "no talks, not even one".

The closest I got was discussing a few that my teammates went to, and streaming one to my laptop while a few of the CTF machines were down.

I attended the keynote though, which was a talk I was highly anticipating. The official title was, "Vulnerability disclosure, cloudy clouds, and million dollar shopping trips" by Jeffrey Snover and Lee Holmes from Microsoft. It was everything I hoped it would be and more.

During the keynote Jeff and Lee touched on problems with today's security landscape, how we can make the world more secure, and behaviors that need to change.

There is no way that I can come close to summarizing their awesome keynote, so I can only recommend that you watch the video for yourself:

Youtube - 101 Key Note Jeffrey Snover Lee Holmes

During the CTF (more below), I also streamed "Adam Compton, Austin Lane – Scripting Myself Out of a Job – Automating the Penetration Test with APT2".

APT2 was actually a talk that I missed during DefCon, so I was glad to at least stream part of it during the competition. This is a tool that I've long thought of/started myself, but far more fleshed out and useful already. Their general idea is automating the rote process of, "run a NMAP scan, review the results, choose interesting services to enumerate and attack, and perform post-exploitation activities".

For more on this tool, see the talk and GitHub repo.


The DerbyCon CTF is where I spent most of my time, and we ended up with plenty to show for it.

We placed 2nd by a mere 500 points when it was all said and done.

DerbyCon 6 - CTF Scoreboard

I had never done a CTF like this before, and it was addictive. The design was closer to something like the OffSec labs where you are given an open network and an unknown number of challenges to solve.

The organizers gave us the subnet hosting the target machines, and what was/wasn't allowed to start. Early on, we realized that it was politically themed, but it was still fairly unclear what was/wasn't a flag. This was in contrast to most CTFs that I had done in the past, where the flag was usually CTFNAME{flag_here} or something similar.

Some of the more difficult challenges involved blind SQL injection with DNS exfiltration, a fully patched machine only running RDP, and .wav file steganography.

There were also a number of unique challenges that we had to face. There were multiple Windows 98 machines, a terribly obscure programming language to exploit, and even a text-based adventure game to beat!

I may publish a write-up or two depending on my documentation, so be on the lookout.

It was a lot of late nights, but we definitely had some great team work and collaboration on a lot of the challenges. At the very end, we were down by 300 points, submitted a 500 point flag, and saw that we were now down by 500 points. While heartbreaking, once we got over silver medalist syndrome, we realized that it was an awesome finish considering.

The people in the CTF room were great fun, and I got plenty of free bourbon and snacks from other teams.

When it was time for closing ceremonies, they announced the teams in order to come select a prize. As the black badge went to first place, we ended up selecting the Proxmark3 RDV2 Kit. This might come in handy when trying to clone badges or other RFID cards.

(all pictures shamelessly stolen from the closing ceremony Youtube video below)

(Eversec deciding on a prize)
DerbyCon 6 - Eversec Selecting a Prize

(me flashing the crowd - pictured @doylersec, @LuxCupitor, @ch1kpee, @Matt, and @Recviking's right arm, beard, and gut)
DerbyCon 6 - Victory Pose

(telling them what we selected as @ch1kpee harasses @HackingDave)
DerbyCon 6 - Prize Confirmation

There were also some statistics about the CTF, participants, and flags. For these, as well as the rest of the winners and prizes, see the Youtube - Derbycon Closing Ceremonies (CTF timestamp) video.


Also during the Closing Ceremonies was the 2nd Hackers for Charity auction. This was like nothing I had ever seen before. People who had donated their entire weekends at DerbyCon to charitable purposes raising thousands of dollars. At one point, a Louisville slugger made by Eddie sold for $2048 and was immediately re-donated. It then sold for $1024, being donated back one more time. The 3rd, and final price, was $769, making the total price (and donation) $3841.

The best way to sum up my feelings after DerbyCon was this Tweet of mine below:

DerbyCon 6 - Tweet

All in all, I am more excited about my career and side projects. I definitely want to go to DefCon every year that I can from now on.

doyler on Githubdoyler on Twitter
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

As an Amazon Associate I earn from qualifying purchases.

Common passed on this blog, I made it to a jam.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.