Last weekend was DerbyCon, Louisville’s hacker conference. (There’s also the Louisville Metro InfoSec Conference, that takes place the day after, but it’s more aimed a little more at the business community / general public, instead of being a “by hackers, for hackers” thing like DerbyCon.)

As always, there were amazingly cool sessions and events. There were tracks for red team/black hat, blue team/white hat, tracks for hardware/physical, software/online, and social engineering/people hacking. There was an all-weekend Capture the Flag contest, a silent auction to raise money for charity, dances, parties, and more. Sponsors lined the hallways, and the traditional “lockpick village” was set up, so hackers could try their skill at getting past dozens of kinds of security devices.

It’s always great to see friends and colleagues, and to fanboy gush with all the speakers that I stalk. I mean, admire.

Sadly, I had a nasty cough for most of it, and wasn’t able to attend the full time each day, but I was there for as long as my body could handle.

On the software side of things, I learned about OSINT, RITA, and doxxing.
On the social side, I learned about pwning people, managing people, and reading people.
On the machinery side, I learned about our power grid, industrial machinery, and medical devices.

Personally, the most valuable session was about helping law enforcement catch criminals through online research, by @DennisKuntz. At my last job, I used databases to detect and prevent fraud. Right after 9/11, I worked for Homeland Security’s bioterrorism division. It’s cool to use tech to stop the bad guys.

As a nice surprise, I attended the Believer’s Breakfast and met many fellow Christians who are hackers of various sorts, and learned about #CrossCon, the Sunday morning Bible study at DerbyCon.