Agile Computing Authors: William Schmarzo, Elizabeth White, Pat Romanski, Zakia Bouachraoui, Liz McMillan

Blog Feed Post

DerbyCon 2.0 – The Reunion

I recently got back from Louisville, Kentucky where I attended Derbycon 2.0.

Derbycon is an information security conference based in Louisville, Kentucky. Founded by Martin BosAdrian Crenshaw, and Dave Kennedy in 2011. The topics that are covered during the conference can include (but are not limited to): hacking/pentesting, cryptography, network defense, vulnerability research, and more.

What I really enjoyed this year was the willingness of everyone to share ideas and, in general, talk about their field of work. One talk that I took the absolute most from was Eric Smith’s talk – Penetration Testing from a Hot Tub time Machine. Their presentation covered “older” methods of pentesting that have seemingly been forgotten but still work. It mainly focused on using less automated tools and scanning – and relying more on a sense of curiosity and passive information gathering techniques for engagements such as internal/external and even physical and social engineering engagements, there are a lot of things pen testers can do before launching a vulnerability scan to help the test become much more successful.

Carlos Perez gave a talk that dove pretty deep into using DNS as a viable way to perform information gathering on a target network. He also developed a tool, DNSRecon, that helps this process along. DNSRecon is a tool written in python that can enumerate domains, bruteforce subdomains, check for zone transfers, cache snooping and many other things. A good overview and tutorial can be found here.

I wanted to explore as much of the conference as I could, but I found that I missed a good number of talks that I wanted to see due to the sheer number of talks going on at any given time. Along with the four “tracks”, new for this year were the “stable” talks. Stable talks were presentations that were shorter (about 30 minutes) in nature and held in smaller rooms. Fortunately for me, almost all of the presentations are recorded, so I can catch up on them here at irongeek.com.

Capture the Flag
A CTF (capture the flag) was also hosted at DerbyCon. A capture the flag contest is where contestants hack a number of hosts on a network and find “flags” which are submitted to a scoring server and obtain points (or take away points). The contest ran during the entire conference – the LAN room shut down at night while wireless access was granted to the contest network 24/7. I very briefly competed, finding a few flags. I liked the layout of the contest but I found something a bit odd – the coordinators of the contest would bring hosts up and down throughout the contest. Announcements were made via their Twitter account, @Derbyconctf.

Lockpick Village
The lockpick village was run by FOOLS (Fraternal Order Of Locksport). Many tables were set up with a large variety of locks for anyone to sit down and practice their lockpicking skill. For the newbies out there, they provided plenty of information and guidance to help learn the basics and get you started. Along with the previous, they also had lockpick sets for sale.

The number of vendors literally doubled this year, ranging from managed services firms to booksellers. The one vendor I spent a bit of money at was Hak5. They had a booth set up with demos of their products (such as the Wifi Pineapple and USB Rubber Ducky). I ended up buying the Wifi Pineapple for myself to delve deeper into wireless pen testing. No Starch Press was another table I spent money at, picking up the book “Gray Hat Python” for further studies.

Derbycon organizers took it upon themselves to celebrate a birthday. Not a person’s birthday, but an exploit. MS-08-067 is a very well known exploit that affected a large number of Windows-based systems. When executed properly, it can fully compromise a computer.

Final Thoughts
Being the second year I attended, I was very impressed with how it had grown from last year (from 1100 to over 1600 attendees this year). The staff for the conference were polite, friendly, and helpful. The events ran smooth with little to no snags (at least visible to us attendees). In closing, I will say that it was very nice catching up with friends I had met last year, and making new ones this year.

The post DerbyCon 2.0 – The Reunion appeared first on Hurricane Labs.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.

IoT & Smart Cities Stories
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
Tapping into blockchain revolution early enough translates into a substantial business competitiveness advantage. Codete comprehensively develops custom, blockchain-based business solutions, founded on the most advanced cryptographic innovations, and striking a balance point between complexity of the technologies used in quickly-changing stack building, business impact, and cost-effectiveness. Codete researches and provides business consultancy in the field of single most thrilling innovative te...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...