Can't believe it's the end. Only 2nd year that I've gone. Never expected to go, but turns out that my boss really likes this con, and I can see why. Plenty of people are nice, and friendly. I posted about awkwardness really early yesterday morning, but that was my personal problem, not the problem of others.
Only thing was a vendor who was a little rude, but that's not Derby's fault. That reflects badly on his company. I tweeted about it. Also, I'm not saying he's the devil incarnate. Seems obvious to me that I was there to look at the product, but maybe he didn't realize. It's possible.
This week has been a huge dose of humble pie. It's yet again confirmed that I still need to learn so much. Yeah, I know, shocker. I'd like to try to get an OSCP someday- mostly just to see if it's possible.
Had Practical Burp: Advanced Techniques (PBAT) training this week - it's from here: https://www.lanmaster53.com/training/. He was offering it at Derbycon, and in the ticket race, that's what my boss could get. Strangely enough, it does kind of mesh with my job. I really need to study how common web apps work if I really want to get the most out of that training. I know the basics - OWASP Top 10, some of what they mean, and some about how they work, but in order to execute them properly, I need to know the underpinnings of the apps. What weird caveats does each language have that I can leverage? Kind of like the weird php comparison operators - or that you can use variables without the $ sign in some cases.
I tried the Derbycon CTF. It's meant for beginner up, but there's not really a lot of guidance to it. You get a scope of IPs and have at it. I figured out some of it, but if it's any indication of my skills, I could use some more practice. I did learn something new, though, so that was cool. Almost gave up on the CTF. The Wireless connection was slow. Some machines that were up weren't showing as up. Some kept going down right after they said that they were up. That was a little bit of a nightmare. Glad that I didn't give up though - considering I learned something. I think that this was good practice to expect for the OSCP. I hear you get study material, you study it so long, then you have to try to pwn a certain number of machines in 24 hours and you write a report in that time. I hear most people don't pass it first time around. I'm a little afraid to try a first time because what if I never pass it? I guess I should think like that movie - "If I can't go on, I'll go on"?
Both concerts were awesome. I'm so glad I went. Discovered new music that I like. It's by Infected Mushroom. Didn't know who they were before attending.
Signed a Trevor memorial card. That was so fun watching that escalate 3 years ago on Twitter - then to see the memorial last year, and the memorial this year. Trevor will always be in our hearts. :D #trevorforget
I'm going to miss Derby. It just started for me, but the impact it's had... I hope someone tries to bring it back.
No comments:
Post a Comment