Derbycon 2017 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)
Derbycon 2017 Videos
These are the videos of the presentations from Derbycon 2017.
Big thanks to my video jockeys Some Ninja Master, Glenn Barret, Dave Lauer,
Jordan Meurer, Brandon Grindatti, Joey, nightcarnage, Evan Davison, Tim Sayre,
Morgan, Ben Pendygraft, Steven (SciaticNerd), Cory Hurst, Sam Bradstreet,
MadMex, Curtis Koenig, Jonathan Zentgraf, James Hurst, Paint27, Chris, Lenard.
Keynotes and Such
Opening
Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research
Matt Graeber
I had my mom break into a prison, then we had pie.
John Strand
Closing Ceremonies
Track 1
So you wanna be a Social Engineer?
Christopher Hadnagy
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Andy Robbins & Will Schroeder & Rohan Vazarkar
Game of Meat
John Cramb (ceyx) & Josh Schwartz (FuzzyNop)
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion &a Detection (@('Tech','niques') -Join'')
Daniel Bohannon
PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
Ryan Cobb
An ACE in the Hole: Stealthy Host Persistence via Security Descriptors
Lee Christensen & Matt Nelson & Will Schroeder
War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
Dr. Jared DeMott
Return From The Underworld - The Future Of Red Team Kerberos
Jim Shaver & Mitchell Hennigan
Memory-Based Library Loading: Someone Did That Already.
Casey Rosini
Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)
Marcello Salvati
Modern Evasion Techniques
Jason Lang
FM, and Bluetooth, and Wifi... Oh My!
Aaron Lafferty
Detect Me If You Can
Ben Ten
Full-Contact Recon
int0x80 (of Dual Core) & savant
Not a Security Boundary: Bypassing User Account Control
Matt Nelson
Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.
Stephen Hilt & Lord Alfred Remorin
Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences
John Toterhi
Evading Autoruns
Kyle Hanslovan & Chris Bisnett
MitM Digital Subscriber Lines
Marcus Gruber & Marco Lux
Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools
John Dunlap
Track 2
Further Adventures in Smart Home Automation: Honey, Please Don’t Burn Down Your Office
Ed Skoudis
Securing Windows with Group Policy
Josh Rickard
Defending against PowerShell Attacks
Lee Holmes
CredDefense Toolkit
Beau Bullock & Brian Fehrman & Derek Banks
Steel Sharpens Steel: Using Red Teams to improve Blue Teams
Christopher Payne
(Not recorded)
Introducing DeepBlueCLI v2, now available in PowerShell and Python
Eric Conrad
Run your security program like a boss / practical governance advice
Justin Leapline & Rockie Brockway
JReFrameworker: One Year Later
Benjamin Holland
Hidden Treasure: Detecting Intrusions with ETW
Zac Brown
How to Hunt for Lateral Movement on Your Network
Ryan Nolette
Kali Linux?
Johnny Long
Common Assessment Mistakes Pen Testers and Clients Should Avoid
Brent White & Tim Roberts
Everything I Need To Know About Security I Learned From Watching Kung Fu Movies
Paul Asadoorian
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Lee Holmes & Daniel Bohannon
Reverse Engineering Hardware via the HRES
Timothy Wright
IDAPython: The Wonder Woman of Embedded Device Reversing
Maddie Stone
Love is in the Air - DFIR and IDS for WiFi Networks
Lennart Koopmann
Going Deep and Empowering Users - PCAP Utilities and Combating Phishing in a new way
Joseph M Siegmann
We're going on a Threat Hunt, Gonna find a bad-guy.
Todd Sanders
Track 3
When to Test, and How to Test It
Bruce Potter
A New Take at Payload Generation: Empty-Nest
James Cook, Tom Steele
VMware Escapology: How to Houdini The Hypervisor
AbdulAziz Hariri & Joshua Smith
3rd Annual Metasploit Townhall
David "thelightcosine" Maloney & Spencer "ZeroSteiner" McIntyre & Brent Cook & James "Egyp7" Lee
Purpose Driven Hunt: What do I do with all this data?
Jared Atkinson & Robby Winchester
DanderSpritz: How the Equation Group's 2013 tools pwn in 2017
Francisco Donoso
Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
Matt Swann
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
Waylon Grange
To Catch a Spy
Tyler Hudak
Rapid Incident Response with PowerShell
Mick Douglas
Windows Rootkit Development: Python prototyping to kernel level C2
R.J. McDown
Peekaboo! I Own You. Owning Hundreds of Thousands Vulnerable Devices with only two HTTP packets
Amit Serper
Burping for Joy and Financial Gain
Tim "lanmaster53" Tomes
POP POP RETN ; An Introduction to Writing Win32 Shellcode
Christopher Maddalena
What A Long Strange Trip It’s Been
Jim Nitterauer
Game On! Using Red Team to Rapidly Evolve Your Defenses
Joff Thyer & Pete Petersen
Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match
Joshua Corman & Christian Dameff MD MS & Jeff Tully MD & Beau Woods
Windows Event Logs -- Zero 2 Hero
Nate Guagenti & Adam Swan
Gone In 59 Seconds - High Speed Backdoor Injection via Bootable USB
Piotr Marszalik & Michael Wrzesniak
SniffAir - An Open-Source Framework for Wireless Security Assessments
Matthew Eidelberg
Become the Puppet Master - the battle of cognition between man and machine
Michael Robinson & Joseph Oney
Track 4
How to Measure Your Security: Holding Security Vendors Accountable
Winn Schwartau & Mark Carney
How we accidentally created our own RAT/C2/Distributed Computing Network
Adam Compton & Bill Harshbarger
Active Defense for web apps
Grid (aka Scott M)
IoT Security
-" Executing an Effective Security Testing Process
Deral Heiland
Fileless
Malware - The New "Cyber"
Edmund Brumaghin & Colin Grady
Hunting Lateral Movement for Fun and Profit
Mauricio Velazco
(Mostly) Free Defenses Against the Phishing Kill Chain
Schuyler Dorsey
Advanced Threat Hunting
Robert Simmons
CHIRON - Home based ML IDS
Rod Soto & Joseph Zadeh
Blue Team Keeping Tempo with Offense
Casey Smith & Keith McCammon
Data Mining Wireless Survey Data with ELK
Matthew Verrette
How to KickStart a Drone Jailbreaking Scene
by Kevin Finisterre
Web Application testing - approach and cheating to win
Jim McMurry & Lee Neely & Chelle Clements
When IoT Research Matters
Mark Loveless
I want my EIP
Mike Saunders
Would You Like To Play A Game: A Post Exploitation Journey in to z/OS
Philip Young aka Soldier of FORTRAN
EDR, ETDR, Next Gen AV is all the rage, so why am I enraged?
Michael Gough
Kinetic to Digital: Terrorism in the Digital Age
Kyle Wilhoit
Hacking Blockchains
Aaron Hnatiw
Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags
Tim MalcomVetter
Stable Talks
Eye on the Prize - a Proposal for the Legalization of Hacking Back
Adam Hogan
Building Better Backdoors with WMI
Alexander Leary
Beyond xp_cmdshell: Owning the Empire through SQL Server
Alexander Leary & Scott Sutherland
Bots, Trolls, and Warriors: The Modern Adversary Playbook
Andrea Little Limbago
DFIR Redefined
Russ McRee
Building Google for Criminal Enterprises
Anthony Russell
V!4GR4: Cyber-Crime, Enlarged
Koby Kilimnik
The skills gap: how can we fix it?
Bill Gardner
Extending Burp
Carl Sampson
Shellcode Via VBScript/JScript Implications
Casey Smith
(Missing?)
Retail Store/POS Penetration Testing
Daniel Brown
Improv Comedy as a Social Engineering Tool
Dave Mattingly
How to safely conduct shenanigans
Evil_Mog & Renderman
The .NET Inter-Operability Operation
James Forshaw
A presentation or presentations because... presenting
Jason Blanchard
Personalities disorders in the infosec community
Jenny Maresca
Purple team FAIL!
Jason Morrow
Architecture at Scale
- Save time. Reduce spend. Increase security.
Ryan Elkins
Building a full size CNC for under $500
Justin Herman
Python Static Analysis
Spencer J McIntyre
The Trap House: Making your house as paranoid as you are.
Jonathan Echavarria & David E. Switzer
Hunting for Memory-Resident Malware
Joe Desimone
C2 Channels - Creative Evasion
Justin Wilson
Reaching Across the Isle: Improving Security Through Partnership
Kevin Gennuso
Out With the Old, In With the GNU
Lsly
Tracing Adversaries: Detecting Attacks with ETW
Matt Hastings & Dave Hull
The Current State of Security, an Improv-spection
Sean Metcalf & Nick Carr
I Survived Ransomware . . . TWICE
Matthew Perry
Drone Delivered Attack Platform (DDAP)
Michael Collins
Mobile APTs: A look at nation-state attacks and techniques for gathering intelligence from military and civilian devices
Michael Flossman
MacOS host monitoring - the open source way
Michael George
Statistics on 100 million secrets: A look at recent password dumps
Nyxgeek
Hacking VDI, Recon and Attack Methods
Patrick Coble
Smart toys ain't that Smart, when Insecure!
Reuben Paul
Introducing SpyDir - a BurpSuite Extension
Ryan Reid
Phishing for You and Your Grandma!
Sarah Norris
Regular Expressions (Regex) Overview
Matt Scheurer
Securing Your Network: How to Prevent Ransomware Infection
Jonathan Broche & Alton Johnson
Diary of a Security Noob
TJ Toterhi
Spy vs. Spy - Tip from the trenches for red and blue teams
Tom McBee & Jeff McCutchan
changeme: A better tool for hunting default creds
Zach Grace
15 most recent posts on Irongeek.com:
Printable version of this article