Denver Enterprise Risk
Apr 30 - May 1, 2020
COVID-19 has affected huge sectors of everyday life but many of us in the InfoSec community are fortunate enough to have employment that transitioned to remote work.
While many folks around the nation are facing medical or financial hardships, our staff wanted to find a way we could give back to those in need. Our solution was DerpCon 2020 (derpcon.io). We may not be able to be on the front lines of this crisis, but we can use our efforts to provide an interesting information security conference to share knowledge and passion with our community. Most importantly, we can help those in need through donations from kind-hearted infosec individuals from all over.
Communities across Colorado without access to critical services and opportunities due to race and socioeconomic status are now facing unparalleled barriers due to COVID-19. The Colorado COVID Relief Fund's purpose is to raise and coordinate allocation of funds for unmet needs of disproportionately affected Coloradans all over the state, including: • People without health insurance • Workers that do not have access to paid sick leave • People with limited English proficiency • Healthcare, hospitality, service industry and gig economy workers Older adults living on low income • Communities of color • People with disabilities
CCRF OveriewSPEAKERS
SEATS
DAY EVENT
Workshop | Speakers | Time - MDT |
---|---|---|
Bypassing Application Whitelisting |
![]() Joe Leon |
9:00 am - 1:00 pm MDT |
Introduction to Exploit Development |
![]() Sam Bowne |
9:00 am - 3:00 pm MDT |
Getting Your Hands Dirty: CTF Workshop |
![]() ![]() Barrett DarnellWes Thurner |
1:00 pm - 5:00 pm MDT |
Breaching the Cloud Perimeter |
![]() Beau Bullock |
1:00 pm - 5:00 pm MDT |
Appsec DFIR 200 |
![]() Serge Borso |
3:00 pm - 5:00 pm MDT |
Talk | Speakers | Time - MDT |
---|---|---|
Introduction |
Derpcon |
9:00 MDT |
.NET Roulette: Exploiting Insecure Deserialization in Telerik UI |
Caleb Gross |
9:10 MDT |
Supply Chainsaw |
Matt "scriptjunkie" Weeks |
10:00 MDT |
Ham Hacks: Breaking into the World of Software Defined Radio |
Kelly Albrink |
11:00 MDT |
Building Secure Systems using Security Chaos Engineering and Immunity |
Yury NiƱo Roa |
12:00 MDT |
Assumed Breach: The Better Pen Test |
Tim Medin |
1:00 MDT |
Going Phishin' with GoPhish |
Patrick Laverty |
2:00 MDT |
Adversary Emulation |
Jorge Orchilles |
3:00 MDT |
.NET & Python: Let's get weird with it |
Marcello Salvati |
4:00 MDT |
Talk | Speakers | Time - MDT |
---|---|---|
Introduction |
Derpcon |
9:00 MDT |
Dear Diary: Today I met my first APT |
Brian Warehime |
9:10 MDT |
A Hacker's Viewpoint: Planning The Attack |
Kristina Krasnolobova & Robert George |
10:00 MDT |
Resource Smart Malware Detection with YARA & osquery |
Julian Wayte |
11:00 MDT |
Reducing The Breach Detection Gap |
Markus Hubbard |
12:00 MDT |
Passive (Aggressive) DNS |
Donald "Mac" McCarthy |
1:00 MDT |
Anatomy of a Gopher - Binary Analysis of Go Binaries |
Alex Useche |
2:00 MDT |
Hypothesis driven MacOS Threat Hunting |
Plug |
3:00 MDT |
The Offensive Defender | Cyberspace Trapping |
Matthew Toussain |
4:00 MDT |
Talk | Speakers | Time - MDT |
---|---|---|
Introduction |
Derpcon |
9:00 MDT |
Fifty Shades of Grey - Ethical Challenges of Today's CSO |
Vincent Grimard |
9:10 MDT |
Demystifying Capture The Flags (CTFs) |
Barrett Darrnell |
10:00 MDT |
The Economic Realities of Red Teaming: Does 0-Day Ever Make Sense? |
David Wolpoff |
11:00 MDT |
The Truth About Passwords, Privacy & Breaches |
Serge Borso |
12:00 MDT |
Entrepreneurial Adventures: Starting Your Own Company |
Bryson Bort |
1:00 MDT |
Where the real security work gets done and how to measure it |
Dan DeCloss |
2:00 MDT |
A Day in the Life of a Pentester: What Pentesting Really Looks Like |
Chris Elgee |
3:00 MDT |
The Pentester Blueprint: A Guide to Becoming a Pentester |
Phillip Wylie |
4:00 MDT |
The first CTF is geared towards beginners with a fun Tiger King theme. This is the perfect place to start if you are new to CTFs. Registration link coming soon. This CTF is brought to you by Threat Simulations in partnership with RunCode.ninja.
The second is a more advanced CTF at an intermediate level. This CTF is a hack back scenario responding to Covid-19 scammers. Along with the main theme there will be additional challenges. Registration link coming soon. This CTF is brought to you by Threat Simulations in partnership with RunCode.ninja.
The third event is a secure coding CTF brought to you by our awesome sponsor: Secure Code Warrior
Improve your secure coding skills by joining our live Secure Code Warrior tournament. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.
All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.
The fourth event is a blast from the past! Try your hands at Cobol programming thanks to the wonderful work done by Sam Bowne and Elizabeth Biddlecome.