This post was originally published here by Ryan Nolette.
This past week I had the pleasure of going down to DerbyCon 7.0. Along the way, I got to see some fantastic presentations, an excellent Capture the Flag competition, and the tragic death of at least one insect. Here are a few of my takeaways from the conference.
1) Derbycon is one of the last remaining community first focused security conferences in the nation.
On the DerbyCon website, they state that “the idea of DerbyCon is to promote learning and strengthen the community. We are a community of peers learning from one another.” This definitely encapsulated my experience at the conference. The majority of the attendees I encountered were friendly and approachable which helped to foster and mentor the attendees newer to the field. I saw examples of teaching throughout the conference and not limited to just the talks. Witnessing someone find their first vulnerability and exploiting it is a magical experience. Additionally, the hosts of DerbyCon streamed all of their tracks live, to the entire Internet, completely free. I loved this for two main reasons- first, it demonstrated how much the DerbyCon hosts care about the community. Second, it puts pressure on other conferences to do the same, which will contribute to the community as a whole.
2) Threat Hunting as a concept with practical application is growing.
There were 7 different hunting talks this year, highlighting the increased prominence of threat hunting, as it is adopted by more and more SOCs. They can be viewed here:
- Jared Atkinson and Robby Winchester – Purpose Driven Hunt: What do I do with all this data?
- Mauricio Velazco – Hunting Lateral Movement for Fun and Profit
- Ryan Nolette – How to Hunt for Lateral Movement on Your Network
- Joe Desimone – Hunting for Memory-Resident Malware
- Robert Simmons – Advanced Threat Hunting
- Todd Sanders – We’re going on a Threat Hunt, Gonna find a bad-guy.
- Zach Grace – changeme: A better tool for hunting default creds
3) The Derbycon CTF is one of the best I’ve attended with flags for every skill level.
I sat with many different groups of people this year during the conference and all of them were welcoming. Each group had a mix of seasoned vets and first timers attempting the CTF. The vets mentored and taught the first timers without annoyance and with a joy and excitement that reminded me of teachers I had back in school. I have never met a group so willing to pause their own work to help walk someone through their questions and issues. The best part was that they did not just give the answers to the requester but instead asked them a series of leading questions helping the requester learn to think through the problem in a different way and get to the answer on their own.
While I was there, I also got the chance to give a presentation on detecting and identifying lateral movement activity on your network. You can pick up the presentation notes, or you can watch the entire presentation here.
Photo:informationsecuritybuzz.com