DerbyCon 8 was another fun time, and it again proved why Derby is one of my favorite conferences.
DerbyCon 8 – Introduction
No bachelor party this year, so it had been a full year since I was in Louisville this go round.
That said, we had some team meetings before the conference itself, so I was there for almost a week.
This was another great year, and I love this conference and city.
I ate and drank at a lot of the same places as last year, but also hit up a few more.
Our team meeting (and team drinking the night before) were held at O’Sheas, which was great fun.
I also went back to the Jim Beam Urban Stillhouse, to bring home a bottle of the Select.
Matt actually brought the bottle home with him, although it had a safe journey.
I also received a bottle of the Buffalo Trace Bourbon Cream from Dan, and I’m really looking forward to trying this.
Other than that, I of course brought back some DerbyConFlu from the Ohio River.
I had an awesome time this year, and hung out with a few fun people.
The Marriott was a great site, although it did seem a little understaffed at time.
I got to walk around the vendor area, and talk to some of them about their swag and products.
The arcade setups were awesome though, and I got to play some MvC2.
I wish I had more time to visit the Mental Health Village, but I heard great things about it.
Other than that, spent a lot of time drinking and hanging out with people’s whose names and handles I have since forgotten.
For the second year in a row, I managed to miss all the talks.
That said, Adrian already has most of the videos uploaded, so you can catch up with me if you missed any!
SwAG / Booth Babe
The Secureworks Adversary Group (SwAG) actually had an entire booth this year, which was fun.
We got some team t-shirts, which I really like.
I worked the booth for a few hours, and got to talk to some potential customers as well as employees.
We also had a crypto challenge, that over thirty people managed to solve! The prize for the first solve was a Surface Pro, and then we drew names for a HackRF as well as a Yardstick One.
It was awesome having everyone there, and I think we ended up bring 60+ people to the conference.
While I didn’t actually take part with the SwAG CTF team, we still had plenty of drinking, meals, and hanging out together.
Unfortunately, I missed the Vanilla Ice concert this year. This might be my biggest DerbyCon regret, and I heard it was pretty awesome.
That said, I was able to catch the entire Offspring concert!
They definitely rocked the house, and it was a fun time. They played a bunch of songs I knew, though I didn’t realize how young I was when they became hits.
The only real issue with the concert was the vocal audio, but it was still an enjoyable concert.
Another year, another DerbyCon CTF. As usually, I participated with EverSec. We had 5 core members, plus a new person that reached out to us before the con!
Unfortunately, I wasn’t able/wanting to spend all of my time in the CTF room this year. That meant that no one else wanted to either, so we didn’t do as well as earlier years.
In the end, we still ended up in 7th place, which isn’t bad considering the time spent and number of team members.
SwAG ended up in 2nd place (Illuminopi), and I was able to discuss some challenges and hints with them at night when my team was asleep. I still caught plenty of flack as a traitor, but it was worth it.
Matt has posted one write-up so far, so be sure to check it out.
Unfortunately, but congratulations to them, Spicy Weasel (Nettitude) was able to pull out the victory again.
You can already find their write-ups here, which is awesome of them.
The style of the CTF was the same as the past two years, with an open network and an unknown number of challenges to solve.
The theme this year was the Equifax breech, with plenty of Equihax references.
There were no 0days or Windows 98 as far as I know, but there was a pretty in-depth MUD that had command execution.
I plan on publishing at least one challenge write-up, so be on the lookout for that.
We got $100 in cash as our prize that we donated to HFC.
DerbyCon 8 – Conclusion
I was able to catch the closing ceremonies this year, even after we grabbed a quick lunch at Gordon Biersch. I’m not sure how much that attendees donated in the end, but there were some fun items up for auction.
This was a great conference again, though I was definitely tired out after spending almost an entire week in con mode.
Oh, and thanks to DerbyCon for bringing back the aluminum bottles that are dishwasher safe! I definitely prefer these to the ones from last year.
I kept it low-key enough this year, and I’ve got plenty of CTF challenge ideas and write-ups in the works.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.