Derbycon 2014 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Feel free to include my content in your page via my
RSS feed Follow @irongeek_adc

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:

Help Irongeek.com pay for bandwidth and research equipment:

Derbycon 2014 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2014 Videos

These are the videos of the presentations from Derbycon 2014. Big thanks to my video jockeys Skydog, Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Steven, Branden Miller, Joe, Greg and Night Carnage (and maybe the speakers too I guess).

Track 1 - Track 4 Schedule on Friday, September 26th, 2014
Time	Track 1 (Break Me)	Track 2 (Fix Me)	Track 3 (Teach Me)	Track 4 (The 3-Way)
8:30 – 9:00	Welcome to the Family – Intro
9:00 – 9:40	Johnny Long (Keynote) – Hackers saving the world from the zombie apocalypse
9:45 – 10:25	How to Give the Best Pen Test of Your Life (Keynote) – Ed Skoudis
10:30 – 11:10	Adaptive Pentesting Part Two (Keynote) – Kevin Mitnick and Dave Kennedy
11:10 – 12:00	Lunch
12:00 – 12:50	If it fits – it sniffs: Adventures in WarShipping – Larry Pesce	Threat Modeling for Realz – Bruce Potter	So You Want To Murder a Software Patent – Jason Scott	Subverting ML Detections for Fun and Profit – Ram Shankar Siva Kumar – John Walton
1:00 – 1:50	Abusing Active Directory in Post-Exploitation – Carlos Perez	A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services – Brent Huston	Leonard Isham – Patching the Human Vulns	Secrets of DNS – Ron Bowes
2:00 – 2:50	Quantifying the Adversary: Introducing GuerillaSearch and GuerillaPivot -Dave Marcus	Red Teaming: Back and Forth – 5ever – Fuzzynop	Burp For All Languages – Tom Steele	Snort & OpenAppID: How to Build an Open Source Next Generation Firewall – Adam Hogan
3:00 – 3:50	A Year in the (Backdoor) Factory – Joshua Pitts	How not to suck at pen testing – John Strand	Passing the Torch: Old School Red Teaming – New School Tactics – David McGuire and Will Schroeder	GET A Grip on Your Hustle: Glassdoor Exfil Toolkit – Parker Schmitt – Kyle Stone (essobi) – Chris Hodges (g11tch)
4:00 – 4:50	Ball and Chain (A New Paradigm in Stored Password Security) – Benjamin Donnelly and Tim Tomes	Mainframes – Mopeds and Mischief; A PenTesters Year in Review – Tyler Wrightson	I Am The Cavalry: Year [0] – Space Rogue and Beau Woods	DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model? – Tony Cargile
5:00 – 5:50	Et tu – Kerberos? – Christopher Campbell	The Multibillion Dollar Industry That's Ignored – Jason Montgomery and Ryan Sevey	University Education In Security Panel – Bill Gardner (@oncee) – Ray Davidson – Adrian Crenshaw – Sam Liles – Rob Jorgensen	Exploiting Browsers Like A Boss w/ WhiteLightning! – Bryce Kunz
6:00 – 6:50	Advanced Red Teaming: All Your Badges Are Belong To Us – Eric Smith	Code Insecurity or Code in Security – Mano 'dash4rk' Paul	What happened to the 'A'? – How to leverage BCP/DR for your Info Sec Program – Moey	Real World Intrusion Response – Lessons from the Trenches – Katherine Trame and David Sharpe
7:00 – 7:50	Bypassing Internet Explorer's XSS Filter – Carlos Munoz	C3CM: Defeating the Command – Control – and Communications of Digital Assailants – Russ McRee	Securing Your Assets from Espionage – Stacey Banks	Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed – David McCartney

Stable Talks on Friday, September 26th, 2014
Time	Stable Talks
12:00 – 12:25	NeXpose For Automated Compromise Detection – Luis "connection" Santana
12:30 -12:55	A girl – some passion – and some tech stuff – Branden Miller and Emily Miller
1:00 -1:25	InfoSec – from the mouth of babes (or an 8 year old) – Reuben A. Paul (RAPstar) and Mano Paul
1:30 – 1:55	Why Aim for the Ground? – Teaching Our School Kids All of the Right Computer Skills – Phillip Fitzpatrick
2:00 – 2:25	NoSQL Injections: Moving Beyond 'or '1'='1' – Matt Bromiley
2:30 – 2:55	SWF Seeking Lazy Admin for Cross Domain Action – Seth Art
3:00 – 3:25	Planning for Failure – Noah Beddome
3:30 – 3:55	The Social Engineering Savants – The Psychopathic Profile – Kevin Miller
4:00 – 4:25	Hiding the breadcrumbs: Forensics and anti-forensics on SAP systems – Juan Perez-Etchegoyen
4:30 – 4:55	You're in the butter zone now baby. – Chris Scott
5:00 – 5:25	Making BadUSB Work For You – Adam Caudill – Brandon Wilson
5:30 – 5:55	PassCrackNet: When everything else fails – just crack hashes. – Adam Ringwood
6:00 – 6:25	Vulnerability Assessment 2.0 – John Askew
6:30 – 6:55	Social Engineering your progeny to be hackers – Sydney Liles
7:00 – 7:25	A Brief History of Exploitation – Devin Cook
7:30 – 7:55	Hunting Malware on Linux Production Servers: The Windigo Backstory – Olivier Bilodeau

Track 1 - Track 4 Schedule on Saturday, September 27th, 2014
Time	Track 1 (Break Me)	Track 2 (Fix Me)	Track 3 (Teach Me)	Track 4 (The 3-Way)
9:00 – 9:50	Interceptor: A PowerShell SSL MITM Script – Casey Smith	Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields – Eve Adams and Johnny Xmas	Hackers Are People Too – Amanda Berlin (Infosystir)	Making Mongo Cry-Attacking NoSQL for Pen Testers – Russell Butturini
10:00 – 10:50	Egypt – More New Shiny in the Metasploit Framework	How to Secure and Sys Admin Windows like a Boss. – Jim Kennedy	Ethical Control: Ethics and Privacy in a Target-Rich Environment – Kevin Johnson and James Jardine	Step On In – The Waters Fine! – An Introduction To Security Testing Within A Virtualized Environment – Tom Moore
11:00 – 12:00	LUNCH BREAK!
12:00 – 12:50	All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches – Valerie Thomas and Harry Regan	Red white and blue. Making sense of Red Teaming for good. – Ian Amit	The Road to Compliancy Success Plus Plus – James Arlen	Give me your data! Obtaining sensitive data without breaking in – Dave Chronister
1:00 – 1:50	The Human Buffer Overflow aka Amygdala Hijacking – Christopher Hadnagy	Around the world in 80 Cons – Jayson E. Street	Are You a Janitor – Or a Cleaner – "John Stauffacher and Matt Hoy	Third Party Code: FIX ALL THE THINGS – Kymberlee Price – Jake Kouns
2:00 – 2:50	Shellcode Time: Come on Grab Your Friends – Wartortell	Mirage – Next Gen Honeyports – Adam Crompton and Mick Douglas	Practical PowerShell Programming for Professional People – Ben Ten (Ben0xA)	Just What The Doctor Ordered? – Scott Erven
3:00 – 3:50	The Internet Of Insecure Things: 10 Most Wanted List – Paul Asadoorian	They touched you WHERE? When trusting a security questionnaire isn't enough! – Erin Jacobs & Zack Fasel (not posted)	GROK – atlas	Powershell Drink the Kool-Aid – Wayne Pruitt – Zack Wojton
4:00 – 4:50	DDoS Botnet: 1000 Knives and a Scalpel! – Josh Abraham	Active Directory: Real Defense for Domain Admins – Jason Lang	How building a better hacker accidentally built a better defender – Casey Ellis	powercat – Mick Douglas
5:00 – 5:50	wifu^2 – Cameron Maerz	The Wireless World of the Internet of Things – JP Dunning ".ronin"	Exploring Layer 2 Network Security in Virtualized Environments – Ronny L. Bull – Dr. Jeanna N. Matthews	Macro Malware Lives! – Putting the sexy back into MS-Office document macros – Joff Thyer
6:00 – 6:50	Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades – Tim Medin	NO TALK (SETUP)	Hardware Tamper Resistance: Why and How? – Ryan Lackey	Girl… Fault Interrupted – Maggie Jauregui

Stable Talks on Saturday, September 27th, 2014
Time	Stable Talks
9:00 – 9:25	Human Trafficking in the Digital Age – Chris Jenks
9:30 – 9:55	Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP – Nathaniel Husted
10:00 – 10:25	How to Stop a Hack – Jason Samide
10:30 – 10:55	We don't need no stinking Internet. – Greg Simo
11:00 – 11:25	Lunch
11:30 – 11:55	Lunch
12:00 – 12:25	Hacking the media for fame and profit - Jen Ellis and Steve Ragan
12:30 – 12:55	Rafal Los – Things Being a New Parent of Twins Teaches You About Security
1:00 – 1:25	ZitMo NoM – David Schwartzberg
1:30 – 1:55	Penetrate your OWA – Nate Power
2:00 – 2:25	RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours – Lucas Morris – Adam Zamora
2:30 – 2:55	Interns Down for What? – Tony Turner
3:00 – 3:25	i r web app hacking (and so can you!) – Brandon Perry
3:30 – 3:55	Building a Modern Security Engineering Organization – Zane Lackey
4:00 – 4:25	Information Security Team Management: How to keep your edge while embracing the dark side – Stephen C Gay
4:30 – 4:55	5min web audit: Security in the startup world – Evan Johnson
5:00 – 5:25	Project SCEVRON: SCan EVrything with ruby RONin – Derek Callaway
5:30 – 5:55	Soft Skills for a Technical World - Justin Herman
6:00 – 6:25	Gone in 60 minutes a Practical Approach to Hacking an Enterprise with Yasuo – Saurabh Harit and Stephen Hall
6:30 – 6:55	Snarf – Capitalizing on Man-in-the-Middle – Victor Mata – Josh Stone
7:00 – 7:25	Electronic locks in firearms – Oh My! – Travis Hartman
7:30 – 7:55
Extra	The Achilles Heel Of The American Banking System - Brandon Henery and Andy Robins

Track 1 - Track 4 Schedule on Sunday, September 28th, 2014
Time	Track 1 (Break Me)	Track 2 (Fix Me)	Track 3 (Teach Me)	Track 4 (The 3-Way)
9:00 – 9:50	Introducing Network-Scout: Defending The Soft Center of Your Network – Bill "oncee" Gardner – Aaedan SomerVille – Shawn Jordan	Open Source Threat Intelligence: Developing a Threat intelligence program using open source tools and public sources – Edward McCabe	Analyzing Weak Areas of the Federal Cloud Security Program – Vinny Troia	Surviving until Dawn – Bart Hopper (Microphone was off, Bart recorded a new version for me)
10:00 – 10:50	Getting Windows to Play with Itself: A Pen Testers Guide to Windows API Abuse – Brady Bloxham	Once upon a time… (InfoSec History 101) – Jack Daniel	Proactive Application Security – Karthik Rangarajan	A Bug or Malware? Catastrophic consequences either way. – Benjamin Holland and Suresh Kothari
11:00 – 12:00	Lunch
12:00 – 12:50	(Offensive) Safe Words – Exploiting a Bad Dom(admins) – Nathan Magniez (Not recorded)	Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 – Dominic White	Chicken of the APT: Understanding Targeted Attackers with Incubation! – Kyle Wilhoit	It's Not Easy Being Purple – Bill Gardner – Valerie Thomas – Amanda Berlin – Eric Milam – Brandon McCann – Royce Davis
1:00 – 1:50	Protocol Me Maybe? How to Date SCADA – Stephen Hilt	Single Chip Microcontrollers: Beyond Arduino – Tharon Hall	Bending and Twisting Networks – Paul Coggins	Control Flow Graph Based Virus Scanning – Douglas Goddard
2:00 – 2:50	Attacks and Countermeasures: Advanced Network Traffic Manipulation – Matt Kelly and Ryan Reynolds	Building Better Botnets with IPv6 – Code24	Bridging the gap between red and blue – Dave Kennedy and Jamie Murdock	Ok – so you've been pwned – now what? – Jim Wojno
3:00 – 3:50	What to expect when you're expecting…a pentest – Martin Bos and Eric Milam	Bad Advice – Unintended Consequences and Broken Paradigms. Think && Act Different! – Steve Werby	CMS Hacking Tricks – Greg Foss	Everybody gets clickjacked: Hard knock lessons on bug bounties – Jonathan Cran
4:00 – 4:50	Rafal Los – Things Being a New Parent of Twins Teaches You About Security -> Moved to Stable	Simple Network Management Pwnd – Deral Heiland and Matthew Kienow	Advanced Incident Response with Bro – Liam Randall (@hectaman)	Are you a Beefeater – focused on protecting your crown jewels? – Jack Nichelson
5:00 – 5:30	Closing Ceremonies

Stable Talks on Sunday, September 28th, 2014
Time	Stable Talks
9:00 – 9:25	Dolla Dolla Bump Key – Chris Sistrunk
9:30 – 9:55	What Dungeons & Dragons Taught Me About INFOSEC – Joey Maresca (l0stkn0wledge)
10:00 – 10:25	Gender Differences in Social Engineering: Does Sex Matter? – Shannon Sistrunk – Will Tarkington
10:30 – 10:55	Introduction to System Hardening – Eddie David
11:00 – 11:25	Lunch
11:30 – 11:55	Lunch
12:00 – 12:25	Hacking your way into the APRS Network on the Cheap – Mark Lenigan
12:30 – 12:55	Building a Web Application Vulnerability Management Program – Jason Pubal
1:00 – 1:25	Fighting Back Against SSL Inspection – or How SSL Should Work – Jacob Thompson
1:30 – 1:55	Physical Security: From Locks to Dox – Jess Hires
2:00 – 2:25	Am I an Imposter? – Warren Kopp
2:30 – 2:55	Call of Community: Modern Warfare – Ben Ten and Matt Johnson
3:00 – 3:25	The Canary in the Cloud – Scot Bernerv
3:30 – 3:55	Defensive talks NOT sexy? Whats sexier than catching an attack like Target – APT – SET or your Pen Tester? Let me show you some sexy logging – Michael Gough (did not happen?)

Download videos from:
https://archive.org/details/derbycon4

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.