Before I get to my Derbycon 2015 wrap-up, I got to set the stage (bear with me, I’ll try not to ramble on too long).
In 2009 two big things happened in my life. The first big thing, the floor was dropping out from under me with losing a job in IT due to the economy and due to no fault of my own. It was a terrible time and IT support jobs were drying up. The job market was going through a major shift. Which leads to….The second big thing, It was time to reinvent myself as the work I was doing was boring I and I wanted to avoid another situation like this. I discovered the growing field of Information Security. So the journey began, which lead me to Bsides Detroit 2011. I’d found my new passion. Also that year, I attended the first Derbycon in 2011. I was all in and that experience helped me grow career wise and as a person.
(Too long? I tried to get to get to the point, trust me….. It’s relevant…..)
About a year ago I started my current role. When the opportunity was there to submit my training requests, I had only one thought: DerbyCon.
My plane arrived late Thursday night taking the most scenic route possible (Detroit to Phiily, Philly to Louisville). Unfortunately I didn’t get as much sleep as I had hoped. I wanted to make it for the start.
Welcome to the Family begins. As I’m listening to the intro, no truer words had been spoken. This conference was like a big family. Infosec is a small community I’ve found out starting back to 2011 when I attended my first security conference and nothing resonates that home any deeper than after you’ve attended a few conferences.
First up,Jordan Harbinger from the Art of Charm and Social Engineering podcast delivers the keynote. Jordan isn’t a technical guy, he even says so. He’s started his own company The Art of Charm and it’s about building social capital and becoming better socially, and as his LinkedIn profile says regarding Art of Charm; “Where ordinary guys become extraordinary men.” So out of the chute, it’s about relationships, family. Jordan killed it on the keynote.
This was a great panel and a lot of good conversations. It’s well worth checking out.
Next up was lunch. You can run hackers all day long but you got to break and throw them a burger or two along with some caffeine.
After that, I attended HallwayCon. The ever illustrious infosec conference staple where those who aren’t watching a talk start their own conversations, recharge phones and tablets (part of what I did).
Next on the list I had hoped to see “Python for Infosec”, but, I didn’t get in in time and had figured “I’ll catch it on video”, so I went over to “Stealthier Attacks and Smarter Defending with TLS Fingerprinting” by Lee Brotherson. This was a very interesting presentation and I did definitely walk away having learned a thing or two…. and looking forward to trying to carve out time to investigate the tools he released. As I’m writing this I found out the Python for Infosec talk had no audio. #sadpanda
Next on the agenda,Honeypots for Active Defense – Greg Foss from LogRhythm. This was a great talk as I do love to hear others implementing and talking about their findings with honeypots. Greg has definitely sparked some ideas I took notes on that I do plan on working on soon.
So after that talk, the next talk that intrigued me was Red vs. Blue: Modern Active Directory Attacks & Defense – Sean Metcalf “@PyroTek3”. Sean is seriously a mad crazy smart dude and one of only 100 who hold the Microsoft Certified Master Directory Services. This talk showed me how deep Active Directory can go. It was definitely a great talk and I highly suggest watching it.
Next up, back to HallwayCon, this time due to the close tightness which the seating in the previous talk had. My only complaint on DerbyCon this year… a lot of the talks were VERY packed. So after one of those, I had to step out and enjoy some personal space.
My next talk I went to, was down in the Stable talks.
Backdooring Git – John Menerick was a very good and interesting talk as one of things on my list is to learn more about Github.
Detecting phishing attacks with DNS reconnaissance – Mike Saunders This one was extremely good. It’s definitely sparked some ideas combined with the DNSMiner talk (but more on that one later).
Hacking Web Apps – Brent White – Another good talk. I am weak when it comes to the web app space and I try to challenge myself to see more web app related talks to try to pick up more.
Sticky Honey Pots – Paul J. Vann – So by the abstract alone it sounded intriguing. What made it even more intriguing, the presenter was a 9th grader!! The kid was very smart and advanced and had a very good presentation. It hit home with me as my son just started preschool. I look forward to exposing him to the hacker culture and conferences to see if he likes it.
At this point, my day was done. I’m not much of a bar guy and counting I had only 3 hours sleep, I went back, wound down and called it a night.
Decent night of sleep was had. Relaxation was achieved. Off to Day 2.
OSINT for AppSec: Recon-ng and Beyond – Tim Tomes “lanmaster53” – This one jumped out at me as I am weak in the AppSec area and I knew only the surface level of Recon-ng. WOW, am I ever glad that I did attend this one.
Introducing the RITA VM: Hunting for bad guys on your network for free with math. – John Strand – Derek Banks – Joff Thyer – Brian Furham – This talk was one of the top 5 that I was looking forward to and it did deliver. I can’t wait to dig into this project further. It was a great great talk.
Next, was back to HallwayCon. I had visited some vendor booths, gained too many tshirts and topped off the phone charge again. It would help if I wasn’t tweeting so much or reading other tweets during some talks.
Gray Hat PowerShell – Ben Ten (@ben0xa) – Ben always delivers a great presentation. There are some people who exude the confidence and have the charm for a group of people. Ben is one of a few Powershell masters I’ve talked with being a part of Misec.
WhyMI so Sexy? WMI Attacks – Real-Time Defense – and Advanced Forensic Analysis – Matt Graeber – Willi Ballenthin – Claudiu Teodorescu – The Powershell lovefest continued. While this talk wasn’t specific on Powershell, Matt Graeber is an admitted Powershell fanboy. These guys are mad wicked smart and gave a great presentation on WMI.
Next up, to the Stable talks again.
Tool Drop: Free as in Beer – Scot Berner – Jason Lang – It was a great presentation and to learn some strategies people use in scripting out a tool to solve an immediate problem.
After that, I wanted to catch Medical Devices: Pwnage and Honeypots – Scott Erven “windshield wipers” – Mark Collao. This was a pretty fascinating talk and it reflected on how vendors still fail with default passwords and other areas of fail.
I originally wanted to catch How to ruin your life by getting everything you ever wanted. – Chris Nickerson but after a few too many talks that were tighter than the airplane ride I flew in on, I thought “Catch it on video”. I found out later that it was an extremely moving and powerful talk. I just watched it today, and no offense to the guys who did the medical devices talk, I am kicking myself for not attending. The talk Chris gave is extremely moving and powerful because he ain’t putting on any schtick. I was completely blown away and have some mad serious respect for the guy and all he’s done for the industry that saved me from a mundane career of fixing Windows issues and building standardized corporate images.
So by this point, it was back to HallwayCon. It was during HallwayCon that I ran into some of the Misec guys, including David Schwartzberg (@, one of the nicest guys you could ever meet). He was participating in the scavenger hunt. One of things he was looking to do was to get 25 people running backwards up the escalator. After he talked with the DerbyCon security staff, we did it. I made a big mistake in participating only for one reason, I didn’t ask someone “Hey can you keep an eye on these backpacks?” and after adding in some of the conference swag, my backpack wasn’t the lightest. So the line started and I brought up the end of the line. Running up a fast escalator being out of shape = hard. Running up a fast single lane escalator being out of shape with a heavy backpack on your back = sheer stupidity. But, I did complete it. I almost face planted at the end as those last few steps were rougher than I expected. But… during the run, by the time I got to the top, I had apparently dropped my Fitbit Flex strapped loosely to my wrist (apparently too loose).
But, due to DerbyCon being about family and the overall culture of the tight knit Infosec community, someone picked it up for me.
One mission I had on the trip down was to get some Kentucky Bourbon Barrel Ale. I had heard great things about it and since it didn’t seem like Michigan had any, when in Kentucky, you seek out bourbon (ale in this case for me). While it wasn’t Kentucky Bourbon Barrel Ale, it was GoodWood Brewery Bourbon Barrel Ale was on tap in the lobby. I have only one word to describe this beer:
It was dinner time and I had met someone over at Dish on Market to have dinner with. It was definitely a great conversation I had with@. After some dinner then I headed back to my room for the night. My back was a bit sore and I definitely didn’t feel up to partying, besides, my hotel was 20 minutes away, so…
Is That a Router in Your Pocket or are You Trying to P0wn Me? – Michael Vieau – Kevin Bong – A very interesting talk. I had learned that using OpenWRT it was possible to remove some stuff for those tiny router flashes and be able to put in the tools you want.
Next, DNS Miner – A semi-automatic Incident response and threat intelligence tool for small – over worked security teams – Doug Leece – AJ Leece. This was a talk that really captured my attention prior and I’m glad I went. I do plan on looking more into this project as I can see some interesting things coming from this.
Next, LongTail SSH Attack Analysis – Eric Wedaa. Mr Wedaa did a great job to capture attention as honeypots always get peoples attention at security conferences, especially if the presentation is good.
Next? Lunch of course, then some HallwayCon as well, of course.
Last talk of the day for me was Intrusion Hunting for the Masses – A Practical Guide – David Sharpe. Another talk I found fascinating by the abstract and it definitely delivered.
And so the conference was done as closing ceremonies began.
I made the mistake of not getting in line soon enough. So there was an additional room that you could see what they were showing on the screen but you couldn’t see those on the stage. So at this point, I threw in the towel and headed off to the airport.
Last but not least
DerbyCon 2015 was great. I can see why many people make this their main conference. It has a great environment (a bit tight during some talks) and good people going as well as putting on the conference and volunteering as well.
Earlier I had summarized briefly to the path that lead me to Information Security. It’s conferences like this that make me glad I moved my career to Information Security. I never witnessed or knew of any regional conferences for Windows support folks. It’s conferences like this that help inspire me and other folks to contribute to the community as a whole.
I’m glad I got to meet some new people and such and grateful was the knowledge and ideas I gained.
Hope I can make DerbyCon 2016.