DerbyCon 2011

This weekend I attended DerbyCon [], the new InfoSec (see: hacker) convention here in the midwest. It was hosted at the Hyatt in Louisville; a really nice town which also had an art show going on so my wife was happy to join me for the weekend and see the art.  The con was founded by three fellows:

  • Dave “ReL1K” Kennedy
  • Martin “Pure Hate” Bos
  • Adrian “Irongeek” Crenshaw

I was also fortunate to attend the training these guys put on Friday and Saturday on “Social-Engineering, CUDA Cracking, and PHUKD — OH MY”.  This training was extremely technical and required me to do a lot of homework and preparation and I was still treading water pretty hard both nights.  As part of the training, I setup a Windows 7 laptop running Oracle’s VirtualBox with two virtual machines.  One running BackTrack Linux 5 (Ubuntu 64bit) which I detailed here [] and the other a simple XP box with service pack 2.  The point is to setup a safe virtual area to test the exploits against.

My original goal with this training was to put my web applications to the security test and see what I can learn about securing web applications outside what’s obvious.  Looking back on the weekend, I’ve gotten that plus a much wider view (and respect) of the serious challenges facing us.  Particularly with the resurgence of client side scripting through JQuery.

The path ahead is fairly clear: educate and communicate.  For now, I’ll be educating myself and posting my findings as I go.

As a bonus I saw Kevin Mitnick ( speak.  Years ago when he was in the news I read Takedown ( about his capture and arrest.  It was nice to see that since his release he found a way to do what he loves legally and profitably.  His talk revolved around several penetration tests is which he was able to highlight social engineering as well as physical security compromises.  Hearing these stories was eye opening.  His main point seemed to be that it isn’t hard because people try and be helpful and trusting.  I’m not sure I like the “lesson” that people need to be paranoid and unhelpful, but, I’ll take it into consideration.  Aside from that, it was interesting to hear stories that match the ideas behind movies like Sneakers.

Leave a comment


Email(will not be published)*


Your comment*

Submit Comment

© Copyright Duke Hall - Designed by Pexeto