hpr_transcripts/hpr1918.txt

Episode: 1918
Title: HPR1918: DerbyCon Interview with Dave Kennedy
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1918/hpr1918.mp3
Transcribed: 2025-10-18 11:07:37

---

This is HPR Episode 1918 entitled Narvikon Intermew in Main Canada and is part of the series
Intermew.
It is hosted by NOK and is about 3 minutes long.
The summer is Main Canada talks about a capture of land contest.
This episode of HPR is brought to you by An Honesthost.com.
Get 15% discount on all shared hosting with the offer code HPR15.
That's HPR15.
Better web hosting that's honest and fair at An Honesthost.com.
Hey, this is Oak for Hacker Public Radio.
I'm here with Dave Kennedy at DerbyCon and he's going to relate a little story about
when they captured the flag a few years back.
When we wanted to start DerbyCon, the way that it kind of transpired was interesting.
Iron Geek and Adrian and Martin Boss, per hate also, you know, two of the core founders
of DerbyCon.
We were kind of friends on IRC and chat rooms but we never really became really good friends.
And Martin Boss had called me up.
It was for a Louisville ISSA meeting where they had a big convention and I was speaking
there.
And Martin asked me, hey, is it possible for you to come and join the CTF and help me
out with the CTF?
I really want to break into the security space and that type of stuff.
And I was like, yeah, let him know.
I'm like, hey, man, I'm not really into CTF.
My biggest fear is go to a CTF and as a kid there that just destroys me and then I'm
like, oh, man, you know, I feel all bummed out.
I got around Dave Kennedy or whatever, you know, it's not an ego thing.
It's more of like a fear of the unknown type situation.
So I told Martin I couldn't do it but then he's like, oh, come on, come on.
I'm like, all right.
All right, fine.
I'll go and do it.
And so we started doing the CTF and what was interesting is Iron Geek was putting the
CTF on and the whole purpose of it was, you know, to find different objectives, hack
into systems and capture the flags.
And when we're going through the subnet ranges that Adrian had provided, I noticed there's
a number of systems in there and one of them in particular at the time was a Windows Vista
machine that was fully patched, you know, up to 100%.
And I happened to be working on a Windows Vista's year of day at the time and like, well,
maybe Adrian put a trophy in here that would be like a really hard box to get into and
be worth a lot of points and I can win the CTF.
So I spent a lot of my time focusing on this Vista box.
So I ended up compromising and exploiting it with a specific exploit, got into the computer
and I was starting to go through this laptop, this fully patch, Windows Vista box, I'm
like, oh, man, you know, Adrian does a really good job in details on this on the CTF because
like, you know, Adrian's pictures and Adrian's videos, I'm like, all right, well, you
know, and I saw this one folder that was like CTF videos and they're all the tutorials
and how to break into each one of the actual boxes for the CTF.
So I'm like, oh, and I started downloading those and I'm like, you know, I don't know
if I'm supposed to be in here.
And I'm like, so I go up to Adrian on my K-Man, is there a Windows Vista box on the CTF
and he looks at me and he looks back and he looks at me again and you can see the look
of dismay in his face like, ah, crap.
And you know, literally, I accidentally hacked Adrian's box on accident, but I ended up
winning the CTF.
Our team did.
Martin definitely did awesome, but we ended up winning the CTF and it was something that
was really cool.
Thank you very much.
So I don't think there's any stories going to top that.
But where can we find you?
Tell us quickly about DerbyCon for anyone else's interest.
Yeah.
You can always find me at Hacking Dave on Twitter or DerbyCon on Twitter.
But DerbyCon's a conference out here.
We usually cap it out at about, you know, 1,700 to 2,000 people depending on what year.
But usually we cap it out, sells out about two weeks and we really try to do a good job
here to have a good family feel and kind of have a good, tight-knit community and that's
kind of what we're all about and it's been successfully each year.
But you know, it's fun me at Hacking Dave or my company is trusted tech.com.
I'm happy to answer any questions here.
I should probably point out for full disclosure, I did come here for training.
It was trusted tech with doing the training.
But it was a lot of fun.
They did the Penn Test 101 training.
They've got training on PowerShell, Metasploit, Social Engineering.
I mean, that's obviously just this year.
They have all manner of fun training.
So if you're in the security field at all wanting to get into it, I would highly recommend
DerbyCon.
I appreciate it.
Thanks.
No problem.
Thank you, Dave.
And Dave likes hugs.
I do like hugs.
You've been listening to Hacker Public Radio at HackerPublicRadio.org.
We are a community podcast network that release the shows every weekday, Monday through Friday.
Today's show, like all our shows, was contributed by an HPR listener like yourself.
If you ever thought of recording a podcast and click on our contributing to find out
how easy it really is, HackerPublicRadio was founded by the Digital Dog Pound and the
Infonomicon Computer Club and is part of the binary revolution at binwreff.com.
If you have comments on today's show, please email the host directly, leave a comment
on the website or record a follow-up episode yourself, unless otherwise
you status.
Today's show is released on the create of comments, attribution, share a like, 3.0 license.
Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-26 10:54:13 +00:00			`Episode: 1918`
			`Title: HPR1918: DerbyCon Interview with Dave Kennedy`
			`Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1918/hpr1918.mp3`
			`Transcribed: 2025-10-18 11:07:37`

			`---`

			`This is HPR Episode 1918 entitled Narvikon Intermew in Main Canada and is part of the series`
			`Intermew.`
			`It is hosted by NOK and is about 3 minutes long.`
			`The summer is Main Canada talks about a capture of land contest.`
			`This episode of HPR is brought to you by An Honesthost.com.`
			`Get 15% discount on all shared hosting with the offer code HPR15.`
			`That's HPR15.`
			`Better web hosting that's honest and fair at An Honesthost.com.`
			`Hey, this is Oak for Hacker Public Radio.`
			`I'm here with Dave Kennedy at DerbyCon and he's going to relate a little story about`
			`when they captured the flag a few years back.`
			`When we wanted to start DerbyCon, the way that it kind of transpired was interesting.`
			`Iron Geek and Adrian and Martin Boss, per hate also, you know, two of the core founders`
			`of DerbyCon.`
			`We were kind of friends on IRC and chat rooms but we never really became really good friends.`
			`And Martin Boss had called me up.`
			`It was for a Louisville ISSA meeting where they had a big convention and I was speaking`
			`there.`
			`And Martin asked me, hey, is it possible for you to come and join the CTF and help me`
			`out with the CTF?`
			`I really want to break into the security space and that type of stuff.`
			`And I was like, yeah, let him know.`
			`I'm like, hey, man, I'm not really into CTF.`
			`My biggest fear is go to a CTF and as a kid there that just destroys me and then I'm`
			`like, oh, man, you know, I feel all bummed out.`
			`I got around Dave Kennedy or whatever, you know, it's not an ego thing.`
			`It's more of like a fear of the unknown type situation.`
			`So I told Martin I couldn't do it but then he's like, oh, come on, come on.`
			`I'm like, all right.`
			`All right, fine.`
			`I'll go and do it.`
			`And so we started doing the CTF and what was interesting is Iron Geek was putting the`
			`CTF on and the whole purpose of it was, you know, to find different objectives, hack`
			`into systems and capture the flags.`
			`And when we're going through the subnet ranges that Adrian had provided, I noticed there's`
			`a number of systems in there and one of them in particular at the time was a Windows Vista`
			`machine that was fully patched, you know, up to 100%.`
			`And I happened to be working on a Windows Vista's year of day at the time and like, well,`
			`maybe Adrian put a trophy in here that would be like a really hard box to get into and`
			`be worth a lot of points and I can win the CTF.`
			`So I spent a lot of my time focusing on this Vista box.`
			`So I ended up compromising and exploiting it with a specific exploit, got into the computer`
			`and I was starting to go through this laptop, this fully patch, Windows Vista box, I'm`
			`like, oh, man, you know, Adrian does a really good job in details on this on the CTF because`
			`like, you know, Adrian's pictures and Adrian's videos, I'm like, all right, well, you`
			`know, and I saw this one folder that was like CTF videos and they're all the tutorials`
			`and how to break into each one of the actual boxes for the CTF.`
			`So I'm like, oh, and I started downloading those and I'm like, you know, I don't know`
			`if I'm supposed to be in here.`
			`And I'm like, so I go up to Adrian on my K-Man, is there a Windows Vista box on the CTF`
			`and he looks at me and he looks back and he looks at me again and you can see the look`
			`of dismay in his face like, ah, crap.`
			`And you know, literally, I accidentally hacked Adrian's box on accident, but I ended up`
			`winning the CTF.`
			`Our team did.`
			`Martin definitely did awesome, but we ended up winning the CTF and it was something that`
			`was really cool.`
			`Thank you very much.`
			`So I don't think there's any stories going to top that.`
			`But where can we find you?`
			`Tell us quickly about DerbyCon for anyone else's interest.`
			`Yeah.`
			`You can always find me at Hacking Dave on Twitter or DerbyCon on Twitter.`
			`But DerbyCon's a conference out here.`
			`We usually cap it out at about, you know, 1,700 to 2,000 people depending on what year.`
			`But usually we cap it out, sells out about two weeks and we really try to do a good job`
			`here to have a good family feel and kind of have a good, tight-knit community and that's`
			`kind of what we're all about and it's been successfully each year.`
			`But you know, it's fun me at Hacking Dave or my company is trusted tech.com.`
			`I'm happy to answer any questions here.`
			`I should probably point out for full disclosure, I did come here for training.`
			`It was trusted tech with doing the training.`
			`But it was a lot of fun.`
			`They did the Penn Test 101 training.`
			`They've got training on PowerShell, Metasploit, Social Engineering.`
			`I mean, that's obviously just this year.`
			`They have all manner of fun training.`
			`So if you're in the security field at all wanting to get into it, I would highly recommend`
			`DerbyCon.`
			`I appreciate it.`
			`Thanks.`
			`No problem.`
			`Thank you, Dave.`
			`And Dave likes hugs.`
			`I do like hugs.`
			`You've been listening to Hacker Public Radio at HackerPublicRadio.org.`
			`We are a community podcast network that release the shows every weekday, Monday through Friday.`
			`Today's show, like all our shows, was contributed by an HPR listener like yourself.`
			`If you ever thought of recording a podcast and click on our contributing to find out`
			`how easy it really is, HackerPublicRadio was founded by the Digital Dog Pound and the`
			`Infonomicon Computer Club and is part of the binary revolution at binwreff.com.`
			`If you have comments on today's show, please email the host directly, leave a comment`
			`on the website or record a follow-up episode yourself, unless otherwise`
			`you status.`
			`Today's show is released on the create of comments, attribution, share a like, 3.0 license.`