Skip to Main Content
October 09, 2011

DerbyCon Wrapup

Written by David Kennedy
It's been a week since DerbyCon has ended and I'm finally back into the normal swing of things. First off, I want to thank everyone that made DerbyCon possible. Everyone from the attendees who were so much fun to hang with all the way to the staff and security who kept things in order. Also a special thanks for all of the late helpers like Mike Perez who helped for the majority of registration and assisted us in anyway we needed. A special shout-out to a few folks and I know I can't name everyone that made this possible but to Martin and Adrian for being the core founders of DerbyCon and to Nick Hitchcock for running the security ship. We literally had very little incidents and with Banasidhe, the conference ran smoother than we could have ever anticipated. I even got to have my father be present and witness what this family is all about. Yes, family. At DerbyCon we were all equals, all contributors with different experiences and knowledge to add. It felt like it was hanging with family.
For me this conference was different. Not because we were running it, but the feeling I had when walking around or going into talks was different. When talks were going on, the rooms were jam packed with people with few in the hallways socializing. One thing that I always feel like when going to conferences is there is this perception of groups that only hang around with each other and stay in those groups. Instead, when the talks were out, everyone was hanging with each other. For once it felt like a collaboration with the community and with each other instead of feeling nervous to talk to someone we may not know or don't feel like others are approachable. I truly felt like this was a group that could accomplish something, that can drive home security in the right direction. A special thank you to all of the sponsors of DerbyCon. Without them, it truly would not have been possible. Also a special shout out to my wife Erin for keeping us in check, she really was the mastermind behind this running so smooth. The talks themselves were just awesome one after another. I unfortunately didn't get to see all of them in order to make sure the conference ran smoothly however with Adrian's insanely efficient system, all of the videos can now be viewed from DerbyCon here: DerbyCon 2011 videos. I seldom stick around for talks and watch them afterwards, I've found myself engrossed in watching every single one and haven't found a bad one yet. To the speakers, my hats are off to each and everyone of you for making your talks simply amazing. Some of my favorite highlights of the conference: * Integgroll printing exclusive Dave (ReL1K) hugging tickets. I literally gave way over a 1000 hugs that weekend. The best part was when counterfeit hug tickets were printed in bulk. I still willingly accepted as I will never turn down hugs. I still have people when I'm speaking at other conferences hand out the ticket. I have a feeling I'll be hugging for quite a long time :-) Thanks Integgroll, I did enjoy all of the hugs. * Martin running around putting out 10 fires at a time was awesome and Adrian running all of the video for all of the rooms. * Rick Farina (Zero_Chaos) winning the bid for the golden ticket Dave hugs which sold for 70$ to raise money for the Hackers for Charity. I think that was first walking on stage and stepping off stage while carrying someone hug. Rick not only hooked up all the radios for the conference but was a pinnacle part in making sure the conference ran smoothly. I would have given him that same hug for free :-) Funny party is the tickets for the hugs sold for more than my signed copy of the Metasploit book. * Dual Core rocking it out on Saturday nights party and Scott Ullrich with the DJing afterwards. The party turned out awesome with a 10 minute minor glitch on the cooler for the keg dying (which was quickly resolved). Rapid7 was great for sponsoring the event. * Boris' don't buy shit and don't click shit mentality was perfect. Simple yet so highly true in our environment. * Chris Nickersons' Mike Tyson punching you and where's that in your IR plan analogy hit home. I always wonder what would happen if I got punched in the face by Mike Tyson :) But in all honesty the analogies of warfare and how we continue to get our asses handed to us. * HD Moore's keynote presentation. Amazing to see how far voice analysis with WarVox has come and what is possible. Love how he always does live demos. Only way to do it! * Walking through the halls and getting to meet everyone. It was awesome to see people that are highly respected in the community just sitting out and hanging and talking. There wasn't a rockstar mentality, no elitist; none of that. Everyone was there to hang out and talk and have a blast doing it. * The CTF battles were fun to watch from the sidelines. Watching the teams going at it, not sleeping, and punching computer screens as the frustration level set forth on the CTF. Awesome job Ryan Elkins, Scott White, and Rob Simon for putting that together. We were so impressed that we handed out two black badges to the winners, not just one. * Scott White saving every damn video that I seem to do something funny or embarrassing on. I video I left for Scott while testing video teleconferences a few years ago made it into Josh Kelleys and Rob Simons slides as well as the background for the CTF. Note to self, Scott White saves everything. Also note that payback is a total bitch, retaliation will occur :-) * Speaking with Kevin Mitnick at DerbyCon was a blast. He always has great stories and just one masterful social engineer. It was good to share some of our stories of penetration testing and where we think the industry should be heading. * The lack of lines during registration. For once, my coding worked as expected as I coded a completely custom ticketing system and barcode system this year which seemed to run without any hickups. People had to wait a maximum for five minutes to get a ticket on the opening day which was astounding to me. I even had the barcode server and system up early the night before and started opening up the registration then. Python ftw. * Leonard Isham for winning the bid for the hackers for charity black badge. The badge itself raised $1,337 dollars for the Hackers for Charity foundation. Awesome job man, you're contributions go a long ways with Johnny Long. * One of the most memorable portions where I actually got teary eyed on stage. A first year conference that pulled in a little over a 1,000 people raised more money than what Defcon (over 15,000 people) brings in (almost over double!!!!). DerbyCon raised over $13,000 for the I Hack Charities foundation for Johnny Long. This for me was what it was all about. This gives an idea of the actual people there and the just overwhelming support. For those that attended, you should be proud of the accomplishments that this brought for Johnny. This was a security family. There is way to many highlights to point out, I've just covered some of the many. Overall, I have to say I felt like DerbyCon was an overwhelming success. There were a few things that we will tweak next year as well as taking ideas from everyone attended on how to make it better. Some of the things that are possible and likely to happen: * Lunch and dinner breaks between talks. This is something that totally escaped our minds. We figured that beer would serve as the lunch and dinner for the days :-) Next year expect lunch breaks and dinner breaks. * There was one occasion where I had scheduled Carlos Perez first then Pauldotcom and John Strand right after the talk. Both very popular talks which caused us to have to empty the room to make room for those on the outside. In the future we will work with the schedule a bit better but most importantly, the way we are going to do it next year is expand Tracks 1 and Tracks 2 into one big room, keep track 3 the same, and use two other track rooms as well for a total of 4 tracks versus 3. The expansion of track 1 and track 2 will give significant more room for the extremely popular talks. * A fourth track will be added next year. This will be geared more towards "newbie" tracks or "starting off" tracks. For some, it was the first year that they had attended a conference like this. A lot were new to the community. Getting a place to start off at and learn is awesome. There is preliminary talks with others like Mubix and JP about running basic trainings as well next year. * Possibly doing training on Thursday and Friday versus Friday and Saturday. Doing it on Thursday/Friday will allow us to do it through the day and not at night. This is still up for debate and would like feedback from those that were in the training sessions. * Hyperlinking the names of the talks in the schedule to the actual talks page so you don't have to bounce back and forth. Easy enough and something that totally slipped the mind. Wrapping things up, I really can't thank all of you for making DerbyCon. We just organized it, you made it the family feeling, the community contributing feeling. I really never expected it to run as smoothly as it did. We have some exciting surprises for DerbyCon 2012 that we are excited about and can't wait to begin planning for next year. I actually went through a few days of DerbyCon withdraws as it was one of the most exciting times I've had in a very long time. More motivation for the team to make it even better next year. Hats off to everyone that made DerbyCon possible. See you folks next year.