DerbyCon 8 – Evolution

DerbyCon 8 was another fun time, and it again proved why Derby is one of my favorite conferences.

DerbyCon 8 - Introduction

No bachelor party this year, so it had been a full year since I was in Louisville this go round.

That said, we had some team meetings before the conference itself, so I was there for almost a week.

This was another great year, and I love this conference and city.

Louisville

I ate and drank at a lot of the same places as last year, but also hit up a few more.

Our team meeting (and team drinking the night before) were held at O'Sheas, which was great fun.

I also went back to the Jim Beam Urban Stillhouse, to bring home a bottle of the Select.

DerbyCon 8 - Jim Beam Stillhouse Select

Matt actually brought the bottle home with him, although it had a safe journey.

DerbyCon 8 - Car Seat Stillhouse

I also received a bottle of the Buffalo Trace Bourbon Cream from Dan, and I'm really looking forward to trying this.

DerbyCon 8 - Bourbon Cream

Other than that, I of course brought back some DerbyConFlu from the Ohio River.

DerbyCon 8 - DerbyConFlu

The Con/People

I had an awesome time this year, and hung out with a few fun people.

Spent more time talking to Lee, and we discussed the idea of a hobby swap at a future con. We also got to send Chrissy a picture, and she guessed that it was DerbyCon time.

The Marriott was a great site, although it did seem a little understaffed at time.

I got to walk around the vendor area, and talk to some of them about their swag and products.

The arcade setups were awesome though, and I got to play some MvC2.

I wish I had more time to visit the Mental Health Village, but I heard great things about it.

Other than that, spent a lot of time drinking and hanging out with people's whose names and handles I have since forgotten.

Talks

For the second year in a row, I managed to miss all the talks.

That said, Adrian already has most of the videos uploaded, so you can catch up with me if you missed any!

SwAG / Booth Babe

The Secureworks Adversary Group (SwAG) actually had an entire booth this year, which was fun.

We got some team t-shirts, which I really like.

DerbyCon 8 - SwAG Shirt

I worked the booth for a few hours, and got to talk to some potential customers as well as employees.

We also had a crypto challenge, that over thirty people managed to solve! The prize for the first solve was a Surface Pro, and then we drew names for a HackRF as well as a Yardstick One.

It was awesome having everyone there, and I think we ended up bring 60+ people to the conference.

While I didn't actually take part with the SwAG CTF team, we still had plenty of drinking, meals, and hanging out together.

Concert

Unfortunately, I missed the Vanilla Ice concert this year. This might be my biggest DerbyCon regret, and I heard it was pretty awesome.

That said, I was able to catch the entire Offspring concert!

DerbyCon 8 - Offspring

They definitely rocked the house, and it was a fun time. They played a bunch of songs I knew, though I didn't realize how young I was when they became hits.

The only real issue with the concert was the vocal audio, but it was still an enjoyable concert.

CTF

Another year, another DerbyCon CTF. As usually, I participated with EverSec. We had 5 core members, plus a new person that reached out to us before the con!

Unfortunately, I wasn't able/wanting to spend all of my time in the CTF room this year. That meant that no one else wanted to either, so we didn't do as well as earlier years.

In the end, we still ended up in 7th place, which isn't bad considering the time spent and number of team members.

DerbyCon 8 - CTF Scoreboard

SwAG ended up in 2nd place (Illuminopi), and I was able to discuss some challenges and hints with them at night when my team was asleep. I still caught plenty of flack as a traitor, but it was worth it.

Matt has posted one write-up so far, so be sure to check it out.

Unfortunately, but congratulations to them, Spicy Weasel (Nettitude) was able to pull out the victory again.

You can already find their write-ups here, which is awesome of them.

The style of the CTF was the same as the past two years, with an open network and an unknown number of challenges to solve.

The theme this year was the Equifax breech, with plenty of Equihax references.

There were no 0days or Windows 98 as far as I know, but there was a pretty in-depth MUD that had command execution.

I plan on publishing at least one challenge write-up, so be on the lookout for that.

We got $100 in cash as our prize that we donated to HFC.

DerbyCon 8 - Conclusion

I was able to catch the closing ceremonies this year, even after we grabbed a quick lunch at Gordon Biersch. I'm not sure how much that attendees donated in the end, but there were some fun items up for auction.

This was a great conference again, though I was definitely tired out after spending almost an entire week in con mode.

Oh, and thanks to DerbyCon for bringing back the aluminum bottles that are dishwasher safe! I definitely prefer these to the ones from last year.

DerbyCon 8 - Water Bottle

I kept it low-key enough this year, and I've got plenty of CTF challenge ideas and write-ups in the works.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (currently GXPN) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.