Derbycon 2018 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)
Derbycon 2018 Videos
These are the videos of the presentations from Derbycon 2018.
Big thanks to my video jockeys
@nightcarnage,
@securid,
@theglennbarrett,
@LenIsham,
@curtisko,
@bsdbandit,
@someninjamaster,
@Simpo13,
@primestick,
@SciaticNerd,
@CoryJ1983,
@SDC_GodFix,
@Skiboy941,
@TeaPartyTechie,
@livebeef,
@buccaneeris,
@mjnbrn,
@sfzombie13,
@kandi3kan3,
@paint27,
@AlexGatti
Opening
How to influence security technology in kiwi underpants
Benjamin Delpy
Panel Discussion - At a Glance: Information Security
Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy
Red Teaming gaps and musings
Samuel Sayen
A Process is No One: Hunting for Token Manipulation
Jared Atkinson, Robby Winchester
Fuzz your smartphone from 4G base station side
Tso-Jen Liu
Clippy for the Dark Web: Looks Like You're Trying to Buy Some Dank Kush, Can I Help You With That?
Emma Zaballos
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
Joe Rozner
Escoteric Hashcat Attacks
Evilmog
NOOb OSINT in 30 Minutes or less!
Greg Simo and Guest Speaker
(Not Public)
RFID Luggage Tags, IATA vs Real Life
Daniel Lagos
#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection
Carl Alexander
Maintaining post-exploitation opsec in a world with EDR
Michael Roberts, Martin Roberts
Hey! I found a vulnerability - now what?
Lisa Bradley, CRob
Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov
Ridesharks
Kaleb Brown
IRS, HR, Microsoft and your Grandma: What they all have in common
Christopher Hadnagy, Cat Murdock
#LOLBins - Nothing to LOL about!
Oddvar Moe
Everything Else I Learned About Security I Learned From Hip-Hop
Paul Asadoorian
Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin
Android App Penetration Testing 101
Joff Thyer, Derek Banks
Draw a Bigger Circle: InfoSec Evolves
Cheryl Biswas
I Can Be Apple, and So Can You
Josh Pitts
From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
Sean Metcalf
MS17-010?
zerosum0x0
The Unintended Risks of Trusting Active Directory
Lee Christensen, Will Schroeder, Matt Nelson
Lessons Learned by the WordPress Security Team
Aaron D. Campbell
IronPython... omfg
Marcello Salvati
Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow
Walter Legowski
When Macs Come Under ATT&CK
Richie Cyrus
Abusing IoT Medical Devices For Your Precious Health Records
Saurabh Harit, Nick Delewski
Detecting WMI exploitation
Michael Gough
Gryffindor | Pure JavaScript, Covert Exploitation
Matthew Toussain
Instant Response: Making IR faster than you thought possible!
Mick Douglas, Josh Johnson
The History of the Future of Cyber-Education
Winn Schwartau
State of Win32k Security: Revisiting Insecure design
Vishal Chauhan
Offensive Browser Extension Development
Michael Weber
Protect Your Payloads: Modern Keying Techniques
Leo Loobeek
Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device
Nancy Snoke, Phoenix Snoke
In-Memory Persistence: Terminate & Stay Resident Redux
Scott Lundgren
(Not Recorded or Missing)
Tales From the Bug Mine - Highlights from the Android VRP
Brian Claire Young
Decision Analysis Applications in Threat Analysis Frameworks
Emily Shawgo
How Russian Cyber Propaganda Really Works
Jonathan Nichols
(No Show)
Threat Intel On The Fly
Tazz
Make Me Your Dark Web Personal Shopper!
Emma Zaballos
Driving Away Social Anxiety
Joey Maresca
Off-grid coms and power
Justin Herman
CTFs: Leveling Up Through Competition
Alex Flores
Mapping wifi networks and triggering on interesting traffic patterns
Caleb Madrigal
(Not Recorded)
Extending Burp to Find Struts and XXE Vulnerabilities
Chris Elgee
Introduction to x86 Assembly
DazzleCatDuo
Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama
Brutal Blogging - Go for the Jugular
Kate Brew
RID Hijacking: Maintaining Access on Windows Machines
Sebastian Castro
Your Training Data is Bad and You Should Feel Bad
Ryan J. O'Grady
So many pentesting tools from a $4 Arduino
Kevin Bong, Michael Vieau
Building an Empire with (Iron)Python
Jim Shaver
SAEDY: Subversion and Espionage Directed Against You
Judy Towers
OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
Amit Serper, Niv Yona, Yuval Chuddy
How to test Network Investigative Techniques(NITs) used by the FBI
Dr. Matthew Miller
Cloud Computing Therapy Session
Cara Marie, Andy Cooper
Silent Compromise: Social Engineering Fortune 500 Businesses
Joe Gray
Dexter: the friendly forensics expert on the Coinbase security team
Hayden Parker
Going on a Printer Safari - Hunting Zebra Printers
James Edge
Hardware Slashing, Smashing, and Reconstructing for Root access
Deral Heiland
App-o-Lockalypse now!
Oddvar Moe
Web App 101: Getting the lay of the land
Mike Saunders
Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Daniel Bohannon
WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids
Chris Sistrunk, Krypt3ia, SynAckPwn
Just Let Yourself In
David Boyd
A "Crash" Course in Exploiting Buffer Overflows (Live Demos!)
Parker Garrison
Living in a Secure Container, Down by the River
Jack Mannino
VBA Stomping - Advanced Malware Techniques
Carrie Roberts, Kirk Sayre, Harold Ogden
Media hacks: an Infosec guide to dealing with journalists
Sean Gallagher, Steve Ragan, Paul Wagenseil
Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso
The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs
Arian Evans
Perfect Storm: Taking the Helm of Kubernetes
Ian Coldwater
How to put on a Con for Fun and (Non) Profit
Benny Karnes, John Moore, Rick Hayes, Matt Perry, Bill Gardner, Justin Rogosky, Mike Fry, Steve Truax
Web app testing classroom in a box - the good, the bad and the ugly
Lee Neely, Chelle Clements, James McMurry
Metasploit Town Hall 0x4
Brent Cook, Aaron Soto, Adam Cammack, Cody Pierce
Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community
Kathleen Smith, Magen Wu, Cindy Jones, Kathryn Seymour, Kirsten Renner
Disaster Strikes: A Hacker's Cook book
Jose Quinones, Carlos Perez
Ninja Looting Like a Pirate
Infojanitor
Hacking Mobile Applications with Frida
David Coursey
Victor or Victim? Strategies for Avoiding an InfoSec Cold War
Jason Lang, Stuart McIntosh
Ubiquitous Shells
Jon Gorenflo
99 Reasons Your Perimeter Is Leaking - Evolution of C&C
John Askew
Ship Hacking: a Primer for Today's Pirate
Brian Satira, Brian Olson
Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins
PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget
Mark Milhouse
Patching: Show me where it hurts
Cheryl Biswas
Advanced Deception Technology Through Behavioral Biometrics
Curt Barnard, Dawud Gordon
We are all on the spectrum: What my 10-year-old taught me about leading teams
Carla A Raisler
No Place Like Home: Real Estate OSINT and OPSec Fails
John Bullinger
The Layer2 Nightmare
Chris Mallz
Attacking Azure Environments with PowerShell
Karl Fosaaen
Blue Blood Injection: Transitioning Red to Purple
Lsly Ayyy
Mirai, Satori, OMG, and Owari - IoT Botnets Oh My
Peter Arzamendi
Comparing apples to Apple
Adam Mathis
How online dating made me better at threat modeling
Isaiah Sarju
Threat Hunting with a Raspberry Pi
Jamie Murdock
M&A Defense and Integration - All that Glitters is not Gold
Sara Leal, Jason Morrow
Social Engineering At Work - How to use positive influence to gain management buy-in for anything
April Wright
Ham Radio 4 Hackers
Eric Watkins, Devin Noel
Getting Control of Your Vendors Before They Take You Down
Dan Browder
Cyber Intelligence: There Are No Rules, and No Certainties
Coleman Kane
Getting Started in CCDC
Russell Nielsen
Changing Our Mindset From Technical To Psychological Defenses
Andrew Kalat
Red Mirror: Bringing Telemetry to Red Teaming
Zach Grace
Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes
Austin Baker, Doug Bienstock
IoT: Not Even Your Bed Is Safe
Darby Mullen
Fingerprinting Encrypted Channels for Detection
John Althouse
On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone
Nick Stephens
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Gabriel Ryan
Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight
Omer Yair
Cloud Forensics: Putting The Bits Back Together
Brandon Sherman
Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil
Francisco Donoso
The MS Office Magic Show
Stan Hegt, Pieter Ceelen
Living off the land: enterprise post-exploitation
Adam Reiser
Hillbilly Storytime: Pentest Fails
Adam Compton
Bug Hunting in RouterOS
Jacob Baines
Breaking Into Your Building: A Hackers Guide to Unauthorized Access
Tim Roberts, Brent White
The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.
Bryce "soen" Bearchell
Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel
Pwning in the Sandbox: OSX Macro Exploitation & Beyond
Adam Gold, Danny Chrastil
IOCs Today, Intelligence-Led Security Tomorrow
Katie Kusjanovic, Matthew Shelton
Closing Ceremonies
Printable version of this article