DerbyCon 6.0 - Recharge: My First Security Conference

It's been a while since I've posted anything. I'm actually getting married in a few short weeks and found that my life has been pretty hectic lately. But I knew before I went on my honeymoon, that I needed to find some time to briefly write about the BEST (and my first ;]) security conference: DerbyCon!

A few weeks back I was lucky enough to attend my first security conference: DerbyCon 6.0. I've heard a lot of mixed opinions from security conferences in general. Lately it almost appears that the bigger ones are becoming a trick and pony show. However, DerbyCon has had nothing but praise and hype. Everything I've heard about this conference, founded by Dave Kennedy aka ReL1K and friends
(Martin Bos, Alex Kah and Adrian Crenshaw), is how it is by far one of the best conferences to date. After I hearing this and doing my research, I knew this was something I had to go to.

This was unlike anything I've ever experienced. I find myself always researching online for the latest updates to technology, listening to podcasts for security news, and straight up testing my own strengths and weaknesses in my home-lab; and everyone else at this conference appeared to be no different. On top of that, everyone was extremely nice. Everyone always seemed to have a smile on their face and happy to be there. Immediately walking into DerbyCon you could feel the buzz in the air. I knew at this moment that this conference was something different.

There were many different things to do at DerbyCon. I found that there was never a dull moment. Below are some the highlights:

Lockpick Village

This was probably the one thing that was first on my radar. Lockpicking is something that has always interested me. However, buying a lock pick set can be an extremely difficult task. Not many places sell lock pick sets, or you can buy one online but risk being 'flagged'. Also, laws differ from state to state and country to country in regards to having your own lock pick set. You'll want to research your own situation before buying your own.

Regardless, at this village there were dozens of different locks to test your skills on. There were picks there to use as well if you did not have your own. The difficulty in locks ranged from beginner to expert and there was always someone around to help inform you on different techniques if you cared to learn more about this art.

Social Engineering

This was a new village that I was not aware of until arriving. This village was exactly what it sounded like: situations where social engineering will come in handy. I was only there for a few moments but was quickly intrigued. The name of the experience was called "Mission SE Impossible". It was set up as an obstacle and the 'player' had to make their way through different challenges in order to win. It started off with first escaping from handcuffs, make your way through laser detection, stealing documents (stored "securely" in a locked file cabinet) and many more. It was really eye opening to see how easily, or better yet, how talented some people are with the craft of social engineering.

Capture the Flag

This was also something that interested me. Like every year, the DerbyCon crew set up a CTF event that was located inside the conference. It was free to sign up and register your team. All you had to do was connect to the LAN and start hacking! I signed up for a few moments just to see what it was like and I must say, this was the real deal. The difficulties ranged from beginner to highly advanced and everything in between. Flags were awarded for simple enumeration such as viewing the Page Source of a web page to reverse engineering and forensics. You can easily find yourself working on the CTF for the entire conference so be prepared before-hand if this is something you decide to check out.


The talks are one of the main events for conferences. Many people have submitted their paper to present and only a select few were accepted. The talks were extremely balanced between 'Red' (Offensive) and 'Blue' (Defensive) topics. A lot of the presenters were also well known security professionals that I recognized from podcasting, blogging and vulnerability research. It was great to listen to the latest and greatest findings that were revealed for the first time publicly during DerbyCon.

Networking / Meeting people

For some, this might be the main reason why people go to conferences, especially DerbyCon. Because the conference is smaller than most, it is very easy to just approach someone and start talking Security with them. I actually met a few 'idols' of mine just by telling them how cool their shirt was or by flat out asking "Hey! Aren't you that one guy?" It was amazing to see how welcoming everyone was and how much respect everyone had with each other during this conference. If you are new to the Information Security realm, I highly recommend walking up to a random person and just asking them your questions.


Parties are also something that people talk about during conferences and DerbyCon was no exception. Dave was able to get Redman and Method Man to play during the first night and PantyRaid to perform the second night. The amount of effort to setup a stage, lights, audio and visuals in the amount of time they do is unreal. The DerbyCon crew did not hold back to anything. Also, there were vendors who had parties as well that was easy to be invited to just by asking.

Final Thoughts

DerbyCon is something special as many have told me. The amount of brilliant people there was something amazing to witness. Additionally, I noticed there was never any judgment shown during the entire conference. If you had a question, you can freely ask. If you didn't know how to pick a lock, people were willing to help teach. If you wanted to pick someones brain on a topic of interest, you could freely ask and most everyone was more than happy to discuss.

The great thing about this conference is that Dave (and friends) prides it on a family atmosphere. You don't have to be a security professional to even go. Honestly, if you have even the smallest interest in security, I would highly recommend attending.  You are also encouraged to bring your kids who are allowed to join for free! This is a conference where everyone is willing to help each other, no matter what. It truly felt like a family.