Derbycon is an annual hacking conference held in Louisville, United States and founded in 2011 by Dave Kennedy, Adrian Crenshaw and Martin Bos. Target audience are security professionals.


Conference information


Hyatt Regency
320 West Jefferson,
Louisville, Kentucky 40202
United States

Conference program

The conference program can be viewed here.


  • 22-09-2014 | Getting ready for the storm! – Read more

Hyatt Regency


The unpatchable malware that infects USBs is now on the loose

02-10-2014 | In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they’ve reverse engineered the same USB firmware as Nohl’s SR Labs, reproducing some of Nohl’s BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable. Read more

DerbyCon 4.0 – Family Rootz

02-10-2014 | “This is DerbyCon” where the final words echo’ed in a very emotional closing video that David Kennedy put together for the ending of the DerbyCon 4.0 Conference. Its a con… why would it affect anyone so strongly?  Don’t we all just go to these things to see new hacks, spend some quality time with beer and friends and maybe promote some things then get home to rest before the next one? Read more

Hacking the Internet of Things at DerbyCon: Weaponizing your coffee pot

01-10-2013 | At the security conference DerbyCon 3.0, Daniel Buentello gave a very interesting presentation titled “Weaponizing your coffee pot.” If you are not a morning person, then you might be a bit brain-dead until you have serious doses of caffeine. So if your high-tech coffee pot connected to the Internet of Things had been hijacked by a bad guy, how would you even know if it, or another of your connected appliances, were being used against you? Read more

Available videos

None yet, will be added soon!