Seeing as how I just returned home from DerbyCon 6.0 - Recharge in Louisville, Kentucky, I'd like to share my experience.
As a PowerShell junkie this con was special and certainly that feeling is shared amongst a lot of you that attended or watched the videos (Big thanks to @irongeek_adc (Adrian Crenshaw) for all the uploads). But before we get to all that I wanted to start at the very beginning of my trip.
I went 3 days before the actual conference began for @Carlos_Perez (Carlos Perez) class, "Advanced PowerShell for Blue and Red Teams". Thought I'd get in town a bit early, see the city a little and rest (as you can see in the below photo) since the next 2 days would be 8am starts and a lot of content to take in.
Showed up to get my badge a bit before class and it was off to the PowerShell races!
The class was fantastic. In all honesty, I left with a far deeper understanding of PowerShell and WMI not only for the pwnage, but on the blue side as well. There was an epic amount of content to get through and Carlos did an excellent job preparing the course and executing it (big thank you
to Jose Quinones as well). Carlos also delivered a great talk about purple teaming I encourage you to watch.
The class was full and by sheer tyranny of will, I happened to pick a seat next to a fellow Canadian.
Met some fantastic folks in class so thank you all for the great chats. To make it all the more interesting both days had some amazing drop-ins and characters meandering about:
Once the 2 days of training were over, some mental rest was definitely needed.
September 23, the conference officially kicked off. I was excited because so many people I had never encountered in person were in attendance, which was the real treat.
Talks were starting, the vendors were out. I was interested in seeing as much PowerShell-related talks as I could - not a difficult task since unofficially this was PowerShellCon 2016 :). An awesome blend of red and blue content dominated along with their master practitioners. The only real difficulty was choosing between @harmj0y and @PyroTek3 about "Attacking EvilCorp: Anatomy of a Corporate Hack" talk and @mattifestation and @jaredcatkinson
"Living off the Land 2: A minimalist's guide to Windows Defense" talk, which was totally accidental that they would be scheduled at the same time right ;) .
PowerShell aside, there was an amazing mix of topics with wonderful speakers and I highly encourage you all to watch the vids
On to the folks I would really like to acknowledge for making my first DerbyCon a killer experience (didn't get to take pics with everyone ): )
@armitagehacker (Raphael Mudge) has been a major influence on me and as a Cobalt Strike junkie myself, being able to speak to the developer is a lot of fun. I can't stress enough that you should be reading his blog as it's full of incredible insights if you love Cobalt Strike and red teaming / adversary and threat tactics. YouTube channel is an excellent resource as well
@subTee (Casey Smith) delivered a great talk and has made amazing contributions to application whitelist evasion and more. Another individual who couldn't be friendlier and has had profound affect on my knowledge and education. Be sure to check out his blog too
@jasonstreet - Let's be honest, no conference is complete without an awkward hug!
@edskoudis - Despite being interrupted by me on his way out, Mr. Ed was kind enough to stop and chat for a while about all kinds of shenanigans ,
@harmj0y (Will Schroeder) - Like @armitagehacker, Will has tremendous influence on me and many of you I'm sure. From Veil to Empire to BloodHound (and all the other devs involved of course).
@ReL1K (Dave Kennedy) - Last but certainly not least, thank you Dave (and all DerbyCon staff) for everything. Couldn't have happened otherwise.
Some other mentions I have to throw out there:
@PyroTek3 (Sean Metcalf) - Another fellow I managed to interrupt on his way somewhere but still took the time to stop and chat about fun AD things. I'd be a fool to not mention his blog adsecurity.org which is your one stop shop for Active Directory security.
@jsnover (Jeffrey Snover) - Well, when the father of PowerShell is in the house, you gotta shake his hand. Jeffrey and @Lee_Holmes delivered the opening keynote for the conference.
@tifkin_ - (Lee Christensen) - Another awesome guy to chat with, and you know that unmanaged PowerShell ability in that tool you love? Ya this is the guy :)
@engima0x3 (Matt Nelson) - One more reason the Veris ATD guys are kicking butt. Matt was great to chat with and if you're not up to date on his blog an research, you should be.
@byt3bl33d3r (Marcelo Salvati) - Funny how someone you maybe talking to on the Twitterz is quite literally sitting beside you. Had a blast walking around, talking shop, and beers with the developer of CrackMapExec. He also gave an excellent talk during the con I highly encourage you to check out.
@traversal (Haydn Johnson) - A must do shout out to my pal Haydn. Thanks for dragging me out of the hotel :) Haydn along with @carnal0wnage (Chris Gates) are delivering a talk at SecTor 2016. Check them out if you're in town!
OK, back to the story. Like I said, it's not always about the talks and training; sometimes it's just meeting the people you've always wanted to talk to. @superkojiman, member of the @VulnHub team whom we competed against at @defcon_toronto CTF (that's us in 3rd), invited me and others out to a pizza meet up with some awesome folks. Next time you're in Louisville, KY be sure to check out Spinellis (very cool joint). Great hanging with you all.
All in all, I met people I've always wanted to meet, attended talks I planned on attending, and learned what I came to learn. It's easy for a conference to have a disconnected, cold, just business feeling to them but DerbyCon had more of close-knit, belonging, comfortable vibe that makes it very unique and special.
In closing, thank you for the experience and I'll see you next year!
As a PowerShell junkie this con was special and certainly that feeling is shared amongst a lot of you that attended or watched the videos (Big thanks to @irongeek_adc (Adrian Crenshaw) for all the uploads). But before we get to all that I wanted to start at the very beginning of my trip.
I went 3 days before the actual conference began for @Carlos_Perez (Carlos Perez) class, "Advanced PowerShell for Blue and Red Teams". Thought I'd get in town a bit early, see the city a little and rest (as you can see in the below photo) since the next 2 days would be 8am starts and a lot of content to take in.
Showed up to get my badge a bit before class and it was off to the PowerShell races!
The class was fantastic. In all honesty, I left with a far deeper understanding of PowerShell and WMI not only for the pwnage, but on the blue side as well. There was an epic amount of content to get through and Carlos did an excellent job preparing the course and executing it (big thank you
to Jose Quinones as well). Carlos also delivered a great talk about purple teaming I encourage you to watch.
The class was full and by sheer tyranny of will, I happened to pick a seat next to a fellow Canadian.
Met some fantastic folks in class so thank you all for the great chats. To make it all the more interesting both days had some amazing drop-ins and characters meandering about:
Once the 2 days of training were over, some mental rest was definitely needed.
September 23, the conference officially kicked off. I was excited because so many people I had never encountered in person were in attendance, which was the real treat.
Talks were starting, the vendors were out. I was interested in seeing as much PowerShell-related talks as I could - not a difficult task since unofficially this was PowerShellCon 2016 :). An awesome blend of red and blue content dominated along with their master practitioners. The only real difficulty was choosing between @harmj0y and @PyroTek3 about "Attacking EvilCorp: Anatomy of a Corporate Hack" talk and @mattifestation and @jaredcatkinson
"Living off the Land 2: A minimalist's guide to Windows Defense" talk, which was totally accidental that they would be scheduled at the same time right ;) .
PowerShell aside, there was an amazing mix of topics with wonderful speakers and I highly encourage you all to watch the vids
On to the folks I would really like to acknowledge for making my first DerbyCon a killer experience (didn't get to take pics with everyone ): )
@armitagehacker (Raphael Mudge) has been a major influence on me and as a Cobalt Strike junkie myself, being able to speak to the developer is a lot of fun. I can't stress enough that you should be reading his blog as it's full of incredible insights if you love Cobalt Strike and red teaming / adversary and threat tactics. YouTube channel is an excellent resource as well
@subTee (Casey Smith) delivered a great talk and has made amazing contributions to application whitelist evasion and more. Another individual who couldn't be friendlier and has had profound affect on my knowledge and education. Be sure to check out his blog too
@jasonstreet - Let's be honest, no conference is complete without an awkward hug!
@edskoudis - Despite being interrupted by me on his way out, Mr. Ed was kind enough to stop and chat for a while about all kinds of shenanigans ,
@harmj0y (Will Schroeder) - Like @armitagehacker, Will has tremendous influence on me and many of you I'm sure. From Veil to Empire to BloodHound (and all the other devs involved of course).
@ReL1K (Dave Kennedy) - Last but certainly not least, thank you Dave (and all DerbyCon staff) for everything. Couldn't have happened otherwise.
Some other mentions I have to throw out there:
@PyroTek3 (Sean Metcalf) - Another fellow I managed to interrupt on his way somewhere but still took the time to stop and chat about fun AD things. I'd be a fool to not mention his blog adsecurity.org which is your one stop shop for Active Directory security.
@jsnover (Jeffrey Snover) - Well, when the father of PowerShell is in the house, you gotta shake his hand. Jeffrey and @Lee_Holmes delivered the opening keynote for the conference.
@tifkin_ - (Lee Christensen) - Another awesome guy to chat with, and you know that unmanaged PowerShell ability in that tool you love? Ya this is the guy :)
@engima0x3 (Matt Nelson) - One more reason the Veris ATD guys are kicking butt. Matt was great to chat with and if you're not up to date on his blog an research, you should be.
@byt3bl33d3r (Marcelo Salvati) - Funny how someone you maybe talking to on the Twitterz is quite literally sitting beside you. Had a blast walking around, talking shop, and beers with the developer of CrackMapExec. He also gave an excellent talk during the con I highly encourage you to check out.
@traversal (Haydn Johnson) - A must do shout out to my pal Haydn. Thanks for dragging me out of the hotel :) Haydn along with @carnal0wnage (Chris Gates) are delivering a talk at SecTor 2016. Check them out if you're in town!
OK, back to the story. Like I said, it's not always about the talks and training; sometimes it's just meeting the people you've always wanted to talk to. @superkojiman, member of the @VulnHub team whom we competed against at @defcon_toronto CTF (that's us in 3rd), invited me and others out to a pizza meet up with some awesome folks. Next time you're in Louisville, KY be sure to check out Spinellis (very cool joint). Great hanging with you all.
In closing, thank you for the experience and I'll see you next year!
