Monday, October 24, 2016

SkyDogCon continues....

Our SkyDogCon family has said "See you at SkyDogCon 7" and headed home.  All the gear has been carefully packed and and put away - but you don't have to put away your wonderful SkyDogCon badge.  

This is the first of several applications to be released as we impatiently wait for SkyDogCon 7.

Thanks again to Redvers Davies and TrustedSec for these amazing badges!
Read more »

Saturday, October 15, 2016

Hacker Jeopardy Signup

If you've ever been to DEFCON you'll likely know what this is about...that said this is an "ADULTS ONLY" event that never fails to entertain!  After a 2015 hiatus, we're bringing it back in 2016 so come prepared!

Hacker Jeopardy will be played Friday night in "LoungeCON" starting somewhere after 9PM!  Make sure your entire team is able to participate before signing up else face self induced public humiliation!

Read more »

Wednesday, October 12, 2016


Ok students, let us begin today's lesson with...

Speaker Lineup & Schedule

The schedule is posted HERE and in the "Schedule" tab in the navbar...if you're reading this an not on our blog, well...

There are some changes expected due to speaker travel schedules, etc. (insert typical legalese blah here).  Even though you're not planning on leaving your seat the whole time anyways, we require you handle your biological functions in a designated area which attention to the schedule so you don't miss something important!



Remember we're at a new location this year! Don't show up to the old place just cause we were there the last 4 years in a row!  Go to the Location page to get directions, see where to park, etc.


Veteran attendees can tell you onsite food options in years past have been limited.  Not this year!

BreakfastHotel Restaurant:
Breakfast is included in your room rate for those staying at the hotel in the SDC#6 room block!
Lunch"Grab-n-go" options for SkyDogCon attendees announced each day
OR the Hotel Restaurant
FiveGuys Burgers
Which Which Sandwiches
DinnerHotel RestaurantTGI Fridays
wait...why am I typing this crap...Google it yourself!


Keep an eye open this week for posts here and on social media for details on the various activities.  Here is the current list of confirmed activities for this year:

  • Lockpick Village by the FOOLs @BLMGTN_FOOLS
  • Badge Hacking Competition by Redvers Davies @noidd
  • 2nd Annual "CTF for the rest of us!" Capture-the-Flag by James Bower @jamesbower
  • Hardware Hacking Village by Mr. Blinky Bling @MrBlinkyBling
  • Gaming Village by Benjamin Hicks @benthemeek
  • Hacker Jeopardy (Friday Night)

All activities will be in the "Vendors & Contests" area each evening which transitions to "LoungeCON" following the day's closing keynote.  We're keeping it simple!  Each evening we'll have:
  • FREE BEER & cash bar
  • Comfy chairs & places to sit
  • Tables to work on lockpicking, CTF, badge hacking, etc.
  • Music, movies, videos, and so on...
  • Good conversations, some laughs, general well intentioned shenanigans...maybe some not so well intentioned...


Be sure to bring your money to stock up on all the latest hackery goodies or projects from:
  • Ace Hackware - spy gear, pentest equipment, & cool gadgets!
  • The FOOLs - lockpicking gear, practice locks, & more!
  • Mr. Blinky Bling - beginner soldering kits & projects to do at SkyDogCon!

Read more »

Wednesday, October 5, 2016

#SDC6 Keynote Speakers Announcement!



Dave Kennedy is founder and principal security consultant of TrustedSec, creator of the Social-Engineer Toolkit (SET), and Artillery. He co-authors the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Dave is also the co-founder of DerbyCon, a large-scale security conference in Louisville Kentucky.

He is also running against 2 clowns in this year's presidential race! We're honored to have him come and give a "stump speech" at SkyDogCon! Show your support when you arrive by wearing you #Dave4President swag (hint, there may be some at registration).



A professional hacker by trade, author by brute force, public speaker, “pirate by birth” and “ninja by training”. He travelled to Uganda in 2007 after his wife Jen was profoundly affected by a mission trip there the year before. During his first two-week trip, Johnny’s eyes were opened to how the “rest of the world lived”. From the Twitter version of the story: “Her pictures. Africans. Orphans. Ridiculous poverty. Filth. Huge smiles. Laughter. Happy kids?!? Happy about what? It ate at me, haunted me.” Johnny found that his (unlikely) skills could literally save lives when he leveraged them for more than personal gain. Realizing that others in the community might be interested in lending their skills to help others in need, Johnny founded Hackers For Charity in 2007 with it’s controversial tagline and T-shirt logo, “I hack charities”.

Johnny is coming at personal sacrifice to family time (kiddos home from college) to come and share with us.  We ask you bring donations for or give online to support Johnny, his family, and the awesome work he's doing!

Read more »

Friday, September 30, 2016

What Makes SkyDog Con CTF Different? And by "Different" I Mean the Best!


When talking with (describing to) people about the SkyDog Con CTF I’m often asked why I setup the CTF as a vulnerable VM rather than a “traditional” CTF. Having given this some thought I decided to write out the things that I love and hate when playing CTF’s and why I do things differently at SkyDog Con.

First, let me start off by saying that I believe CTF’s can be a great way of teaching not only techniques but more importantly critical thinking skills. I've tried to incorporate the need for critical thinking into the CTF by using a theme. The overall theme plays a vital role in solving the CTF because it provides “context” for each flag. Last years CTF was based on the movie “Sneakers” with each of the flags referencing something from the movie. The movie provided the context for the flags. If you didn’t watch the movie then solving some of the flags would be incredibly difficult and take much more time no matter what technique or tool you used. This year is no different. I’ve chosen a new theme and I’m excited to see how people do with it.


Ok so the first issue with a traditional CTF are resources. Particular the hardware needed to run the actual competition. This is usually made up of switches and a few wireless access points. Then there’s also the matter of the server/servers that host the virtual machines that the players are trying to access/pwn in some way in order to discover flags. This architecture immediately introduces two potential bottlenecks that can literally make or break the CTF for everyone. The first is the network and the second are the servers. Having played in well over a hundred CTF’s I can tell you that network latency is a huge issue which typically rears it’s ugly head as an incredibly slow network. The network speed will play a big part in how fast your scans will finish when doing your typical reconnaissance. Not to mention if some dingo starts deauthing the wireless. Several months ago I played a CTF where just doing nmap scans took several hours to complete due to network congestion. This makes total sense when you’ve got 100+ people bombarding a gigabit switch just by scanning. The server hardware also plays a huge role in all this. Depending on how many players and the specs on the server box it’s easy to overload the server and start bringing down services and applications.

Because of this the SkyDogCon CTF is provided as a vulnerable virtual machine that you run on your own laptop using either VMWare or VirtualBox. This resolves any potential network issues not to mention server performance issues that typical CTF’s face. You also don’t have to worry about being on a hostile network, as your completely isolated. 

The second issue is man power. I’m a one man show so I would much rather be spending my time helping players find flags and hopefully learning new things by giving hints instead of just trying to keep the network and servers up and running the entire time.


Let’s talk about flags and scoring. Some CTF’s don’t show you exactly how many flags there are. I find this annoying so I make sure that players know exactly how many flags there are in total. I also hate wasting my time when trying to submit flags that have no consistency.  Where maybe the first flag is a string like “Howard” and the second is hex or something. Searching and finding flags is the fun part. Submitting them is not, so all the flags in the SkyDog Con CTF are in the form of flag{0800fc577294c34e0b28ad2839435945}, where the actual flag is always an MD5 hash. I did this so that when you find a flag there is no guessing, you know that’s the flag. This also makes submitting flags a lot easier since each one is a hash. 

I could go on but those are the main points. I’d also like to say that this is in no way a jab at any other CTF’s out there. Creating one of these things from scratch is freaking tough and I have great respect for anyone who even tries let alone pulls it off. Hope this gets you interested in this year's SkyDogCon CTF & gives prepares you to come out and give it a try!
Read more »

Thursday, September 29, 2016

@SkyDogCon @DerbyCon 2016!

DERBYCON 2016 IN PICTURES least in the semi-appropriate ones we can share...


We had shirts, stickers, buttons, & a running mate!

@IronGeek prepares an epic surprise even we weren't ready for!


As always we're amazed how long people will wait in line to get one of these! We love making them!


Hak5's Shannon Morse (@Snubs) w/ Jayson...being creepy! Even "Boss Bitch" got a new ID!


Meet "Oppressy" the clown!  I almost need to apologize for posting these...but man did he go all out!

Added per IronGeek's request! via @cl64rk

Added per IronGeek's request! via @primestick

Added per IronGeek's request! via @StaceyBanks & @HackHunger


We socially engineered free beer from the machine!

Curtis punished Evan for years of #ICING...a truce was negotiated.


Jack Daniel was everywhere & got an updated employee badge!

Yeah...these guys are, aren't related! Holy cow at the tweets though!

James cuddling an inanimate object of affection...


We all put on clown noses and showed Dave our support! #Dave4President

We gave Dave Kennedy a reciprocal "black badge" to SkyDogCon (complete w/ clowns)!

DerbyCon staff photo (a few of us are in there)

Read more »

Wednesday, September 28, 2016

Electronic Badge Update!

What is it?

A surprise.  No, really... you'll be surprised...

The attendee badges are red this year but the badge you want to earn of course is the black badge.

Not only do you get free access to the con for life but it's also gold plated in all the right places.

There's a sweet little OLED screen which you've seen before in 2013, the joystick that nearly killed me and a few other odds and ends.

Those are three single-colour LEDs.  Knowing how much we like the bling and blinkies should give you a clue that we sacrificed the blinding LEDs for something else more interesting.  Dare I say, more practical?  Certainly more fun.

What's on the left of the badge?

What we sacrificed the blinkies for.  Worth it.

So, you going to be building badges at the con again this year?

For those not familiar with 2013, we built a badge.  An awesome badge.  A badge that we were deliriously happy with only to get delivered by our fabricator half-baked.  Quite literally half-baked; they hadn't baked the boards long enough so components were falling off boards.

Many heroic volunteers that year put in massive hours to get badges to attendees.

This year I'm building the badges by hand because I have trust issues.  Really, I built a robot to build most of the badge but I'm still having to do some of the assembly by hand like attaching the OLED display, SecretIC, joystick and battery pack.  This badge is assembled with lurve.

I intend to relax during the con.

If I want to hack the badge, what should I bring?

Yourself and maybe some AA batteries.  You're probably not going to want to hack the hardware this year for reasons that will be apparent later.

Okay, so software?  What processor / language are you going to use?

Processor doesn't matter language doesn't matter.  What is language but syntax?

You can program the badge in any language.  Fluent in APL? cool... perl? awesome... python, ruby, C, C++, erlang, elixir, Cobol (or its modern day version, java).

Bring your language and a host to show me it working on and I'll help you to get it to run on the badge.

We do however ask for advance notice if you do choose APL and bring an IBM 360/50 to run your APL code.

Write in whatever language you're comfortable in or learn a new one for kicks... maybe this is the fun excuse you needed to learn LISP?

... and that's the point.

We wanted to see a badge that people could have fun with and was accessible to anyone without being forced to crash-learn a new embedded processor, language and its idiosyncrasies.

Speaking of accessible, rock it out and we'll get your code running on all the badges...

After all, this is meant to be fun right?


Read more »

Thursday, September 15, 2016

Critical #SDC6 Dates!

In case you've been living in a cave, the dates for #SDC6 are set for October 21-23, 2016, at the Embassy Suites - Nashville South Cool Springs.  If you needed this post to tell you that...ITS ON THE FREAKING HEADER OF THE WEBSITE YOU IDIOT!

Moving on...


If you don't have your tickets yet, we're doing something new this year by pre-ordering your shirt to guarantee you get your size when checking in at registration!  There is a closing date for this to allow delivery before the CON.

If you want to be guaranteed a shirt in your size, the ticket option will close September 30th, 2016! 



The hotel block rate closes September 30th, 2016!  Its already pretty tight and we're working with hotel to allocate the block based on demand.  That said...


We're actively updating Facebook, Twitter, and the website with information so continue to monitor for updates!  See you at SkyDogCon!

Read more »