Another year and another awesome conference put on by Dave Kennedy and his team. DerbyCon never lets down and is getting better every year. This year also brought in training classes before the conference that were an excellent addition. Kevin and James taught the Assessing and Exploiting Mobile Applications with OWASP MobiSec and the feedback on the class was great. Two days of working with mobile testing is always a good time. Throw in these two instructors and it gets even better.
In addition to the training, there were a lot of great talks. If you were not able to attend the talks, they are all recorded. I will include links to the ones that are up at the time of this post. The rest should be up soon.
Kevin and James did their talk about testing SharePoint servers. In addition, we have some cool new tools that will be released soon to help with assessing these servers. The full talk can be seen at https://www.youtube.com/watch?v=Kb450FtCieY. The tools will be released under both http://extensions.professionallyevil.com and http://sharepoint.professionallyevil.com.
John Strand from Black Hills Information Security did another excellent talk regarding the ADHD project. For those that don’t know, ADHD is an Active Defense distribution and John does a great job explaining what Active Defense really is.
Tom Eston and Spencer McIntyre from Secure State did a talk about exploiting the Microsoft Dynamics application. The talk included some cool demos of how they could use Metasploit modules to manipulate the Dynamics server.
This is just a small sampling of the talks that were available. One of the great things about DerbyCon is that it brings in many, many well known speakers. Time spent is well worth it as you get a chance to also hang out with friends you don’t normally get to see throughout the year.
The Secure Ideas team has also done a podcast talking about their experience at DerbyCon which you can listen to at http://secureideas.libsyn.com/derby-con-and-the-security-con-discussion
James Jardine is a Principal Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at firstname.lastname@example.org or visit the Secure Ideas – Professionally Evil site for services provided.