Introduction
Dr. John Carls/Paul Hankins

UBoot to Root
Deral Heiland

A Discussion of Secrets
Robert Stewart

Continuous Skills Improvement For Everyone
Matt Scheurer

DLP Demystified
Micah Brown

Pixel Tracking: How it�s used and abused
Barry Kimball

Keynote
David Kennedy

Operationalizing the MITRE ATT&CK Framework
Robert Olson

Markets for Malware
Adam Hogan

The TIP of the Stinger: Efficiently Using Threat Intelligence With TheHive
Matthew Gracie

Calls to Arms: US Elections Hacking
Damian Huising

The Overlooked Cyber-Security Risk: 3rd Party Risk Management
Rose Songer

The Politics of Cyber
Ian Thornton-Trump

Unix: the Other White Meat
Adam Len Compton & David Boyd

Hack for Show, Report for Dough
Brian King

Early Detection through Deception
Jason Nester

Eval Villain: Simplifying DOM XSS and JS Reversing
Dennis Goodlett
(Most Audio Missing)

Securing the DOM from the Bottom Up
Mike Samuel
(Missing Most Audio)

Data Access Rights Exploits under New Privacy Laws
Amber Welch

Public Partnership Panel for Security Response
Jeremy Mio and Others

Automating Windows Kernel Analysis With Symbolic Execution
Spencer McIntyre

Incident response on macOS
Thomas Reed

Getting youth interested in infosec from a youth's perspective.
Tristan Messner

Keynote
Joshua Corman
(Not Recorded)

ShowMeCon 2019 Videos
These are the videos ShowMeCon 2019. Thanks to Renee & Dave Chronister (@bagomojo) and others for having me out to record and speak. Also thanks to my video crew @r3tr0_cod3x, James, Aaron, Jon, @AlexTShell, @Mayer302, @MatthewRekos  and some other people I may have forgotten.

Welcome

A Practical Approach to Purple Teaming
Matt Thelen

Circle City Con 2019 Videos
These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to @irishjack, @TheHomoHacker, @Paint27, @songsthatsaved, @nogoodrobot, @kitwessendorf, @cxstephens, @uncrustabl3  and others for helping set up AV and record.

Opening

Data Access Rights Exploits under New Privacy Laws
Amber Welch

How to reach and teach youth about Cybersecurity (if anybody will let you)
Jason Smith

More Tales from the Crypt...Analyst
Jeff Man

Could Static Code Analysis and Secure Coding have Saved the Death Star?
Mary Waddick

I�ll Complete My Threat Model Later Mom!: Infosec in Middle School.
Ashley Benitez Smith

Cons & Careers
Steven Bernstein

3D printing canister-launchable drones for city-scale wardriving
Glytch Tech

The Hunter Games: How to find the adversary with Event Query Language
Ross Wolf

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire
Micah Brown

Security lessons from the Woofmutt�
Chris Roberts

What The Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing
Priyank Nigam
(Not Recorded)

It's Coming From Inside the House: An Inside-Out Approach to NodeJS Application Security
Yolonda Smith

Get off my lawn� or are we looking for the right people?
Mike (Shecky) Kavka

Endpoint Security, Swimming Through the Snake Oil
Dan Beavin

Do You Have What It Takes? How to Support Your Career From Community Involvement
Kathleen Smith

Catching the Guerrilla: Powershell Counterinsurgency
Aaron Sawyer

SigInt for the Masses: Building and Using a Signals Intelligence Platform for Less than $150
Josh Conway

InfoSuck: The Nasty Bits Of The Industry We Want To Tell Noobs But Aren't Allowed To In Polite Company.
Danny Akacki

Standardizer: a standardization framework for your security alerts
Christian Burrows

Call Of Duty, Modernest Browser Warfare v2
Dhiraj Mishra
(Did not happen)

Information Security Practice Principles a Rosetta Stone for information security work
Susan Sons

What Can Data Science Do for Security?
Wendy Edwards

Deepfakes: If anything can be real then nothing is real
April Wright
(Not Recorded)

Evicting the Password from the Digital Estate
Alex Chalmers

A Theme of Fear: Hacking the Paradigm
Catherine Ullman

Beginning DFIR - How to get started with Cooties
Lisa Wallace

Of CORS it's Exploitable! What's Possible with Cross-Origin Resource Sharing?
Rebecca Deck

Nexus Zeta - How a newbie hacker managed to create a monster botnet
Adi Ikan

5G: Security Pitfalls and Considerations
Swapnil Deshmukh
(Did not happen)

Training and Education for the New Realities of Privacy and Security
Mitchell Parker

Container Security Deep Dive
Yashvier Kosaraju

Hacking Humans: Addressing Vulnerabilities in the Advancing Medical Device Landscape
Gabrielle Hempel

One Random Insecure Wep Application Please (ORIWAP)
Nancy Snoke

an Implantable Computer
Doug "c00p3r" Copeland

Modern AppSec Gotchas
Fletcher Heisler

A Few Things Right: Insights from Live and Simulated Incident Response
Chad Calease

The Resilient Reddit C2
Zach Zenner

Behind The Locked Door: we built an escape room for security awareness
Matthew Southworth Christian Bobadilla

F! Attribution
Xena Olsen Jared Peck

Inside Out Security - Building Castles not Warehouses
Alyssa Miller

Failure Is Not an Option: Developing Realistic Disaster Recovery Tests
Colin Campbell

Wibbly Wobbly: Designing Security for Systems that are Bigger on the Inside
Wolfgang Goerlich

Closing Ceremonies

One Random Insecure Wep Application Please (ORIWAP)
Nancy Snoke

Understanding XSS
Christina Mitchell

Social Engineering At Work - How to use positive influence to gain management buy-in for anything
April C. Wright

DNS - Strategies for Reducing Data Leakage & Protecting Online Privacy
Jim Nitterauer

Automating Hashtopolis
Evil Mog

"It's Malware Time" - A Bar Crawl from Skunked Homebrew to Rotten Apples
Erika Noerenberg

Breaking into Cyber: How the hell are you supposed to get started?
Josh Millsap

After Mirai: Cyber Security Implications of IoT Botnet Proliferation Against Critical Infrastructure
Paul W. Brager Jr M.Sci, CISSP, GICSP, CISM

Making an internal Let's Encrypt relay server
Josh Harvey

Keynote - I PWN thee, I PWN thee not!
Jayson E. Street

Breaking Into Your Building: A Hacker's Guide to Unauthorized Physical Access
Brent White. Tim Roberts

Formula for a Bug Bounty Program
Chris Holt

Forensics Phish Tank: Breaking Down Analysis of Advanced Phishing Emails
Joe Gray & Sophia Fadli

Baking Your Anomalous Cookies
Jim Allee

Waiter, there's a compiler in my shellcode!
Josh Stone

Empathy for the (Devel)oper: Lessons Learned Building An Application Security Module
Yolonda Smith

MORE Tales From the Crypt...Analyst
Jeff Man

IR with Volatility Framework
Evan Wagner

Let's Talk About WAF (Bypass) Baby
Brett Gravois

Behavioral Security and Offensive Psychology at Scale
Josh Schwartz. Samantha Davison

My making of a Metasploit Module
Aaron Ringo

Don't Panic! A Beginner's Guide To Hardware Hacking
Phoenix Snoke

The Jazz Improv of Infosec
Damon J. Small

Elliptic Curve Cryptography: What it is and who needs it
Michele Bousquet

Opening

Keynote
Matt Blaze

Embrace the Red: Enhancing detection capabilities with adversary simulation
Mauricio Velazco

I'lll Complete My Threat Model Later Mom!: Infosec in Middle School
Ashley Benitez Smith

Cleaning the Apple Orchard - Using Venator to Detect macOS Compromise
Richie Cyrus

More Tales From the Crypt...Analyst
Jeffrey Man

Anatomy & Evolution of a Fast Flux Malware Campaign
Emily Crose

COM Under The Radar: Circumventing Application Control Solutions
Jimmy Bayne

On The Line: What Phishing Really Impacts
Steven Becker

Automated Adversary Emulation
David Hunt

Comparing Malicious Files
Robert Simmons

How to Start a Cyber War: Lessons from Brussels
Chris Kubecka

You Moved to Office 365, Now What?
Sean Metcalf

You're Not as Safe as You Think: Clearing Up Common Security Misconceptions
Joshua Meyer

Keynote: The Declarative Future
Liam Randall

Exploring Community Volunteering Through a Career Development Lens
Kathleen Smith and Doug Munro

Defense in Depth Against DDoS Diminishes Dollars Destroyed
Daniel Gordon

Reasonable Rapid Recognition and Response to Rogues
Craig Bowser

BloodHound From Red to Blue
Mathieu Saulnier

A Code Pirate's Cutlass: Recovering Software Architecture from Embedded Binaries
evm

Technical Leadership: It's Not All Ones and Zeros
Timothy Schulz

Hunting for Threats in Industrial Environments and Other Scary Places
Nick Tsamis

It's Malware Time - A Bar Crawl from Skunked Homebrew to Rotten Apples
Erika Noerenberg

J-J-J-JEA Power
James Honeycutt

What did the SIEM Say?
JR Presmy and Shawn Thomas

Using Bashfuscator to Generate Bash Obfuscation
capnspacehook

Closing

Opening

Morning Keynote Featuring Runa Sandvik
Runa Sandvik

HACKERS, HOOLIGANS, HEISTS, & HISTORY
Brian Contos

Scrapping for Pennies: How to implement security without a budget
Ryan Wisniewski

Check Your Privilege (Escalation)
Kate Broussard

Wow, it really is always DNS! Becoming a Part of the DDoS Problem ( on purpose ).
Cody Smith

Unix: The Other White Meat
Adam Compton and David Boyd

Puppet Masters: How Social Engineers Continue to Pull Our Strings
Erich Kron

E-ZHack: An Update on SDR and Toll Booth Reverse Engineering
Kyle Westhaus

Mobile App Vulnerabilities - The Bad, The Worse And The Ugly
Ray Kelly

Mixing and Baking a New AppSec Person
Bill Sempf
(Some Missing Audio)

How Online Dating Made Me Better at Threat Modeling
Isaiah Sarju

What On Earth Is Quantum Computing?!? (And will it break all my encryption?)
Craig Stuntz

Battling Magecart: The Risks of Third-Party Scripts
Kevin Gennuso

Ship Hacking: Data on the Open Seas
Brian Olson

Common Developer Crypto Mistakes (with illustrations in Java)
Kevin Wall

The Overlooked Cyber Security Risk: 3rd Party Risk Management
Rose Songer

The Path to IAM Maturity
Jerod Brennan

Assumed Breach Testing
Brendan O'Connor

API Security: Tokens, Flows and the Big Bad Wolf
Ingy Youssef

Demystifying DMARC: A guide to preventing email spoofing
Sean Whalen

Afternoon Keynote Featuring Craig Hoffman
Craig Hoffman

Opening

Doesn't It make You WannaCry: Mitigating Ransomware on a Windows Network
David Branscome

RegEx for Incident Response
Daniel Nutting Bryan Turner

Intermediate Physical Security
Justin Wynn

Security Analytics in the Cloud
Marc Baker

How to use 400+M endpoints to build strong AI detection systems
Filip Chytry

20/20 Enterprise Security Monitoring: Seeing clearly with Security Onion
Wes Lambert

Beyond Lockpicking
Brian Etchieson

Social Forensication: A Multidisciplinary Approach to Successful Social Engineering
Joe Gray

Phishing U2F-Protected Accounts
Nikita Mazurov Kenny Brown

Election Hacking: Getting Ready for the Russian Onslaught in 2020
Jeremy Rasmussen

Logging Pitfalls and How to Abuse Them
Kevin Kaminski Michael Music

Personal security while on travel with additional pro-tips from seasoned travellers.
Derek Banks Beau Bullock

Securing Shadow IT
Gene Cronk

Day When Quantum Computers Breaks Crypto
Roger Grimes

An Inside Look At Stopping Unauthorized Sellers & Counterfeiters On Amazon
Bruce Anderson

The Sound of Evil
Wes Widner

Serverless Security Top 10
Tal Melamed

Hacking IoT devices by chaining application security vulnerabilities
Rick Ramgattie

Becoming a Human nMAP! Cultivating a Renaissance Approach for the Social Engineer
Tigran Terpandjian

vCISO Is That the Right Answer
Mike Brooks

Intro/Welcome to SecureWV / Hack3rCon

Keynote - Hackers, Hugs, & Drugs.... Part II
Amanda Berlin

Why The Legal System Needs Your Help
Brian Martin

Mobile devices and you.
Detective Jeremy M. Thompson

The New Age of Ransomware: Cybercriminals Adopt Nation State Techniques
Allan Liska

Outside the Box: How the Internet of Things Poses New Cybersecurity Risks and Challenges the Law
Evan Kime

Applying the principles of Dodgeball: A True Underdog Story to CTFs
Branden Miller

Gun Safety Class
Branden Miller

Python Scripting
Justin Rogosky

Red Hat Enterprise Linux Security Technologies Lab
Lucy Kerner and Roy Williams

Automating Security Operations - on a budget
Jeremy Mio

Security Automation for the Blue Team
Eric Waters

Home Alone: A Pentester Perspective
Craig Vincent & Derek Banks

Simplified Red Hat Enterprise Linux Identity, Authentication, and Authorization management with Microsoft Active Directory and Red Hat Identity Management Trust
Roy Williams

Simple Attribution in Social Media and Websites
Brian Martin

Offensive and Defensive Security with Ansible
Lucy Kerner

High School Competitive Robotics and why you should care.
Charleston Area Robotics Team (CART)

Guaranteed Failure - Awareness The Greatest Cyber Insanity
Joshua Crumbaugh

Developing a Cloud Based Cyber Security Simulation Portal
David Krovich

The Hybrid Home Lab: From Laptop to Cloud
Holden Fenner

Securing your networks with Ansible
Adam Vincent

A deep look at Stack Buffer Overflows and Format String Vulnerabilities
Philip Polstra

Advanced threat hunting with open-source tools and no budget
Joseph DePlato

What's in a Domain Name?
Collin Meadows

Monitoring your home LAN with Python
Zach Tackett

Left of Boom
Ted Corbeill

Your Dead! Now what. How to help your family after your gone.
Steven Truax

A Brief Introduction to Metasploit
Joey Maresca

SecureWV / Hack3rCon Closing / Awards
Benny Karnes

Welcome & Opening Remarks
BsidesRDU Staff

Keynote from Shahid Buttar, EFF Director Of Grassroots Advocacy
Shahid Buttar

Approaching Parity: Considerations for adapting enterprise monitoring and incident response (IR) capabilities for efficacy in cloud environments, and how to operationalize these capabilities with a playbook.
Matt

Movement After Initial Compromise
SleepZ3R0 and HA12TL3Y

Our Docker app got hacked. Now what?
Joel Lathrop

Sky-high IR - IR at Cloud Scale
@aarondlancaster

When it rains it pours
Sam Granger

Rise of the Advisor
Neal Humphrey

No Network Needed?!?!
Ron Burkett

WarGames
Justin Hoeckle

Opening

How to influence security technology in kiwi underpants
Benjamin Delpy

Panel Discussion - At a Glance: Information Security
Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy

Red Teaming gaps and musings
Samuel Sayen

A Process is No One: Hunting for Token Manipulation
Jared Atkinson, Robby Winchester

Fuzz your smartphone from 4G base station side
Tso-Jen Liu

Clippy for the Dark Web: Looks Like You're Trying to Buy Some Dank Kush, Can I Help You With That?
Emma Zaballos

Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
Joe Rozner

Escoteric Hashcat Attacks
Evilmog

RFID Luggage Tags, IATA vs Real Life
Daniel Lagos

#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection
Carl Alexander

Maintaining post-exploitation opsec in a world with EDR
Michael Roberts, Martin Roberts

Hey! I found a vulnerability - now what?
Lisa Bradley, CRob

Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov

Ridesharks
Kaleb Brown

IRS, HR, Microsoft and your Grandma: What they all have in common
Christopher Hadnagy, Cat Murdock

#LOLBins - Nothing to LOL about!
Oddvar Moe

Everything Else I Learned About Security I Learned From Hip-Hop
Paul Asadoorian

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Android App Penetration Testing 101
Joff Thyer, Derek Banks

Draw a Bigger Circle: InfoSec Evolves
Cheryl Biswas

I Can Be Apple, and So Can You
Josh Pitts

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
Sean Metcalf

MS17-010?
zerosum0x0

The Unintended Risks of Trusting Active Directory
Lee Christensen, Will Schroeder, Matt Nelson

Lessons Learned by the WordPress Security Team
Aaron D. Campbell

IronPython... omfg
Marcello Salvati

Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow
Walter Legowski

When Macs Come Under ATT&CK
Richie Cyrus

Abusing IoT Medical Devices For Your Precious Health Records
Saurabh Harit, Nick Delewski

Detecting WMI exploitation
Michael Gough

Gryffindor | Pure JavaScript, Covert Exploitation
Matthew Toussain

Instant Response: Making IR faster than you thought possible!
Mick Douglas, Josh Johnson

The History of the Future of Cyber-Education
Winn Schwartau

State of Win32k Security: Revisiting Insecure design
Vishal Chauhan

Offensive Browser Extension Development
Michael Weber

Protect Your Payloads: Modern Keying Techniques
Leo Loobeek

Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device
Nancy Snoke, Phoenix Snoke

Tales From the Bug Mine - Highlights from the Android VRP
Brian Claire Young

Decision Analysis Applications in Threat Analysis Frameworks
Emily Shawgo

Threat Intel On The Fly
Tazz

Make Me Your Dark Web Personal Shopper!
Emma Zaballos

Driving Away Social Anxiety
Joey Maresca

Off-grid coms and power
Justin Herman

CTFs: Leveling Up Through Competition
Alex Flores

Extending Burp to Find Struts and XXE Vulnerabilities
Chris Elgee

Introduction to x86 Assembly
DazzleCatDuo

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

Brutal Blogging - Go for the Jugular
Kate Brew

RID Hijacking: Maintaining Access on Windows Machines
Sebastian Castro

Your Training Data is Bad and You Should Feel Bad
Ryan J. O'Grady

So many pentesting tools from a $4 Arduino
Kevin Bong, Michael Vieau

Building an Empire with (Iron)Python
Jim Shaver

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
Amit Serper, Niv Yona, Yuval Chuddy

How to test Network Investigative Techniques(NITs) used by the FBI
Dr. Matthew Miller

Cloud Computing Therapy Session
Cara Marie, Andy Cooper

Silent Compromise: Social Engineering Fortune 500 Businesses
Joe Gray

Dexter: the friendly forensics expert on the Coinbase security team
Hayden Parker

Going on a Printer Safari - Hunting Zebra Printers
James Edge

Hardware Slashing, Smashing, and Reconstructing for Root access
Deral Heiland

App-o-Lockalypse now!
Oddvar Moe

Web App 101: Getting the lay of the land
Mike Saunders

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Daniel Bohannon

WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids
Chris Sistrunk, Krypt3ia, SynAckPwn

Just Let Yourself In
David Boyd

A "Crash" Course in Exploiting Buffer Overflows (Live Demos!)
Parker Garrison

Living in a Secure Container, Down by the River
Jack Mannino

VBA Stomping - Advanced Malware Techniques
Carrie Roberts, Kirk Sayre, Harold Ogden

Media hacks: an Infosec guide to dealing with journalists
Sean Gallagher, Steve Ragan, Paul Wagenseil

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs
Arian Evans

Perfect Storm: Taking the Helm of Kubernetes
Ian Coldwater

How to put on a Con for Fun and (Non) Profit
Benny Karnes, John Moore, Rick Hayes, Matt Perry, Bill Gardner, Justin Rogosky, Mike Fry, Steve Truax

Web app testing classroom in a box - the good, the bad and the ugly
Lee Neely, Chelle Clements, James McMurry

Metasploit Town Hall 0x4
Brent Cook, Aaron Soto, Adam Cammack, Cody Pierce

Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community
Kathleen Smith, Magen Wu, Cindy Jones, Kathryn Seymour, Kirsten Renner

Disaster Strikes: A Hacker's Cook book
Jose Quinones, Carlos Perez

Ninja Looting Like a Pirate
Infojanitor

Hacking Mobile Applications with Frida
David Coursey

Victor or Victim? Strategies for Avoiding an InfoSec Cold War
Jason Lang, Stuart McIntosh

Ubiquitous Shells
Jon Gorenflo

99 Reasons Your Perimeter Is Leaking - Evolution of C&C
John Askew

Ship Hacking: a Primer for Today's Pirate
Brian Satira, Brian Olson

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget
Mark Milhouse

Patching: Show me where it hurts
Cheryl Biswas

Advanced Deception Technology Through Behavioral Biometrics
Curt Barnard, Dawud Gordon

We are all on the spectrum: What my 10-year-old taught me about leading teams
Carla A Raisler

No Place Like Home: Real Estate OSINT and OPSec Fails
John Bullinger

The Layer2 Nightmare
Chris Mallz

Attacking Azure Environments with PowerShell
Karl Fosaaen

Blue Blood Injection: Transitioning Red to Purple
Lsly Ayyy

Mirai, Satori, OMG, and Owari - IoT Botnets Oh My
Peter Arzamendi

Comparing apples to Apple
Adam Mathis

How online dating made me better at threat modeling
Isaiah Sarju

Threat Hunting with a Raspberry Pi
Jamie Murdock

M&A Defense and Integration - All that Glitters is not Gold
Sara Leal, Jason Morrow

Social Engineering At Work - How to use positive influence to gain management buy-in for anything
April Wright

Ham Radio 4 Hackers
Eric Watkins, Devin Noel

Getting Control of Your Vendors Before They Take You Down
Dan Browder

Cyber Intelligence: There Are No Rules, and No Certainties
Coleman Kane

Getting Started in CCDC
Russell Nielsen

Changing Our Mindset From Technical To Psychological Defenses
Andrew Kalat

Red Mirror: Bringing Telemetry to Red Teaming
Zach Grace

Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes
Austin Baker, Doug Bienstock

IoT: Not Even Your Bed Is Safe
Darby Mullen

Fingerprinting Encrypted Channels for Detection
John Althouse

On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone
Nick Stephens

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Gabriel Ryan

Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight
Omer Yair

Cloud Forensics: Putting The Bits Back Together
Brandon Sherman

Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil
Francisco Donoso

The MS Office Magic Show
Stan Hegt, Pieter Ceelen

Living off the land: enterprise post-exploitation
Adam Reiser

Hillbilly Storytime: Pentest Fails
Adam Compton

Bug Hunting in RouterOS
Jacob Baines

Breaking Into Your Building: A Hackers Guide to Unauthorized Access
Tim Roberts, Brent White

The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.
Bryce "soen" Bearchell

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel

Pwning in the Sandbox: OSX Macro Exploitation & Beyond
Adam Gold, Danny Chrastil

IOCs Today, Intelligence-Led Security Tomorrow
Katie Kusjanovic, Matthew Shelton

Closing Ceremonies

Keynote
Dave Kennedy

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

The Abyss is Waving Back - The four paths that human evolution is charging down, and how we choose which one's right
Chris Roberts

Crypto Gone Rogue: A Tale of Ransomware, Key Management and the CryptoAPI
Pranshu Bajpai & Dr. Richard Enbody

You're right, this talk isn't really about you!
Jayson E Street

Analyzing Pwned Passwords with Apache Spark
Kelley Robinson

How to rob a bank over the phone
Joshua "Naga" Crumbaugh
(Posting Later Maybe)

Vibing Your Way Through an Enterprise: How Attackers are Becoming More Sneaky
Matthew Eidelberg

PwnBook: Penetrating with Google's Chromebook
Corey Batiuk

Life, Death + the Nematodes: Long live Cyber Resilience!
Chad Calease

Data Data Everywhere but No One Stops to Think
Scott Thomas, Carl Hertz & Robert Wagner

Automation and Open Source: Turning the Tide on Attackers
John Grigg

w.e w.e Internet Explorer Does What It Wants
Aaron Heikkila

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

Hacker Tools, Compliments of Microsoft
David Fletcher & Sally Vandeven

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Dr. Jared DeMott

Over the Phone Authentication
Spencer Brown

Designing a Cloud Security Blueprint
Sarah Elie

To Fail is Divine
Danny Akacki

Zero to Owned in 1 Hour: Securing Privilege in Cloud, DevOps, On-Prem Workflows
Brandon Traffanstedt

Malware Mitigation Sample Detonation Intelligence Automation: Make Your Binaries Work for You
Adam Hogan

emulacra and emulation: an intro to emulating binary code with Vivisect
Atlas of D00m
SniffAir - An Open-Source Framework for Wireless Security Assessments
Matthew Eidelberg & Steven Daracott

Threat Hunting: the macOS edition
Megan Carney

The Hybrid Analyst: How Phishing Created A New Type of Intel Analyst
Rachel Giacobozzi

Dragnet: Your Social Engineering Sidekick
Truman Kain

Intelligence Creating Intelligence: Leveraging what you know to improve finding what you don,t
Tomasz Bania

Guaranteed Failure: Awareness The Greatest Cyber Insanity
Joshua "Naga" Crumbaugh

Threat Modeling: How to actually do it and make it useful
Derek Milroy

Structuring your incident response could be one of the most important things you do to bolster Security
Matt Reid

How this 20 Year Old Changed the Security Industry
James O'Neill

Stop Boiling The Ocean! How To Succeed With Small Gains
Joel Cardella

Do I have a signature to detect that malware?
Ken Donze

2018 SIEM Trends: What is my Mean Time to Value?
Bill Lampe

Advanced Attackers Hiding Inside Encrypted Traffic at the Endpoint
Jared Phipps

More Tales from the Crypt-Analyst
Jeff Man

My First year in Application Security
Whitney Phillips

Career Risk Management: 10 tips to keep you employed
Chris Burrows

Red vs Blue: The Untold Chapter
Aaron Herndon & Thomas Somerville

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Analyzing Multi-Dimensional Malware Dataset
Ankur Tyagi

Physicals, Badges, and why it matters
Alex Fernandez-Gatti

InSpec: Compliance as Code
Kent picat, Gruber

Bounty Hunters
J Wolfgang Goerlich

Introduction
Dr. John Carls

Catching the Social Engineer
Robert Stewart

Hacking Identity, A Pen Tester�s guide to IAM
Jerod Brennen

Active Defense: Helping the Threat Actors Hack Themselves
Matt Scheurer

Planning & Executing A Red Team Engagement
Tim Wright

Hacking Your Happiness
Chris Gates

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Reflective PE Unloading
Spencer McIntyre

One Puzzle Piece at a Time: Logging Quick Wins
Celeste Hall

GO HACK YOURSELF: MOVING BEYOND ASSUMPTION-BASED SECURITY
Christine Stevenson

Using Technology to Defend Digital Privacy & Human Rights
Tom Eston

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

Abandoned Spaces: Reconstructing APT Campaigns From Lapsed Domains
Daniel Nagy

What's Changed In The New OWASP Top 10?
Bill Sempf

Raindance: Raining Recon from the Microsoft Cloud
Michael Stringer

Tools and Procedures for Securing .Net Applications
Sam Nasr

Hacking Identity: A Pen Tester's Guide to IAM
Jerod Brennen

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Securing Code - The Basics
Michael Mendez

The Marriage of Threat Intelligence and Incident Response or... Threat Hunting for the Rest of Us
Jamie Murdock

Wacky and Wild Security - Getting things under CIS Controls V7
Jeremy Mio

Interdisciplinary Infosec: Equifax, Individuation, and the Modern State
Thomas Pieragastini

Mobile Application Privacy and Analytics
Kevin Cody

Evolving the Teaching of Pen Testing in Higher Ed
Robert Olson

Go back to the basics with your processes: Improving operations without technology.
Mark Abrams

Anatomy of an Attack
John Fatten

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Opening

The Insecure Software Development Lifecycle: How to find, fix, and manage deficiencies within an existing methodology.
April C. Wright

The Sky Isn't Falling, But the Earth May be Shifting: How GDPR Could Change the Face of InfoSec
Cliff Smith

Gulliver's Travels: Security Exploits and Vulnerabilities Around the Globe
Kevin Johnson

From DDoS to Mining: Chinese Cybercriminals Set Their Sights on Monero
David Liebenberg

ANTI-OSINT AF: How to become untouchable
Michael James

Who's Watching the Watchers?
Nathan Sweaney

We don't have to worry about that, It's in the cloud
Arnar Gunnarsson

SS7 for INFOSEC
Paul Coggin

Getting Newcomers into Infosec: The Tribulations of the Auburn University Hacking Club
Matthew Rogers

Exploring Information Security Q&A Panel
Timothy De Block

Securing Windows with Group Policy
Josh Rickard

ATAT: How to take on the entire rebellion with 2-3 stormtroopers
ll3nigmall

How Hyperbolic Discounting is keeping your security program from succeeding
Jon Clark

Hijacking the Boot Process - Ransomware Style
Raul Alvarez

Building a Cyber Training Range on a Budget
Robert Guiler

Lessons Learned from Development and Release of Blacksmith (The Meltdown Defense Tool For Linux)
Jared Phipps

How to Train Your Kraken - Creating a Monster Out of Necessity
Sean Peterson

PowerShell exploitation, PowerSploit, Bloodhound, PowerShellMafia, Obfuscation, PowerShell Empire, the Empire has fallen, you CAN detect PowerShell exploitation
Michael Gough

Offensive Cartography
Trenton Ivey

The Wrong Kind of DevOps Talk - Now with Extra Badness!
Bobby Kuzma

This Job is Making Me Fat!
Thomas Smith

You'll understand when you are older
Amanda Berlin & David Cybuck

Bitcoin - The generation of private keys based on public keys, a live demonstration
Richard Dennis

Opening Ceremonies
Circle City Con Staff

Espionage In The Modern Age of Information Warfare
Scot Terban

The Never Ending Hack: Mental Health in InfoSec Community
Danny Akacki

The Network Night Watch
Eric Rand & Lesley Cahart

Held for Ransom with a Toy Gun
Brian Baskin

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

CTF Tips and Tricks
Aaron Lintile

Classic Cons in Cryptocurrency
Wolfgang Goerlich & Zachary Sarakun

Enterprise Vulnerability Management (Assessing, Implementing, and Maintaining)
Derek Milroy

Security Beyond the Security Team: Getting Everyone Involved
Luka Trbojevic

The consequences of lack of security in the Healthcare and how to handle it
Jelena Milosevic

Stealing Cycles, Mining Coin: An introduction to Malicious Cryptomining
Edmund Brumaghin & Nick Biasini

Applying Thermodynamic Principles to Threat Intelligence
Kyle Ehmke

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

How to Lie with Statistics, Information Security Edition
Tony Martin-Vegue

IoT 4n6: The Growing Impact of the Internet of Things on Digital Forensics
Jessica Hyde

A Very Particular Set of Skills: Geolocation Techniques For OSINT and Investigation
Chris Kindig

Rise of the Machines
Aamir Lakhani

Backdooring with Metadata
Itzik Kotler

Automahack - Automate going from zero to domain admin with 2 tools
Dan McInerney

Patching - It's Complicated
Cheryl Biswas

Containers: Exploits, Surprises and Security
Elissa Shevinsky

Playing Russian Troll Whack-a-Mole
Courtney Falk

The FaaS and the Curious - AWS Lambda Threat Modeling
Bryan McAninch

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

Quick Retooling in .Net for Red Teams
Dimitry Snezhkov

(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)
Jeff Man

Carrot vs. Stick: Motivation, Metrics, and Awareness
Magen Wu

Securing without Slowing: DevOps
Wolfgang Goerlich

Operator: The Well-Rounded Hacker
Matthew Curtin

Abuse Case Testing in DevOps
Stephen Deck

GreatSCT: Gotta Catch 'Em AWL
Chris Spehn

Chasing the Adder... A Tale from the APT world
Stefano Maccaglia

Aww Ship! Navigating the vulnerabilities and attack surface of the maritime industry
John Sonnenschein

Hacking Dumberly, Just Like the Bad Guys
Tim Medin, Derek Banks

Automahack - Python toolchain for automated domain admin
Dan McInerney

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

You'll Understand When You're Older
Amanda Berlin

Skills For A Red-Teamer
Brent White, Tim Roberts

Hacking Smart Contracts--A Methodology
Konstantinos Karagiannis

Fighting Child Exploitation with Oculum
Andrew Hay, Mikhail Sudakov

How to tell cajun doctors they have bad cyber-hygiene and live
Joshua Tannehill

What Infosec in Oil & Gas can Teach us About Infosec in Healthcare
Damon J. Small

On the Hunt: Hacking the Hunt Group
Chris Silvers, Taylor Banks

Your Mac Defenestrated. Post OSXploitation Elevated.
FuzzyNop & Noncetonic

Keynote: Follow The Yellow Brick Road
Marcus J. Carey

We are the Enemy of the Good
Stephen Heath

Taking out the Power Grid's Middleman
Nathan Wallace, Luke Hebert

Privacy for Safety- How can we help vulnerable groups with privacy?
Stella

Cash in the aisles: How gift cards are easily exploited
Will Caput

Mind Games: Exploring Mental Health through Games
Todd Carr

Jump into IOT Hacking with Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

The Future of Digital Forensics
Imani Palmer

Changing the Game: The Impact of TRISIS (TRITON) on Defending ICS/SCADA/IIoT
Paul W. Brager Jr M.Sci, CISSP, GICSP, CISM

Ducky-in-the-middle: Injecting keystrokes into plaintext protocols
Esteban Rodriguez

Gamifying Developer Education with CTFs
John Sonnenschein & Max Feldman

Active Directory Security: The Journey
Sean Metcalf

HTTP2 and You
Brett Gravois

Opening

Yes, You're an Impostor; now get back to work
Johnny Xmas

GRC - "What Would You Say You Do Here?"
Brian Martinez

Protecting Phalanges from Processor Pressure Points
Matthew Clapham

A Reporter's Look at OSINT
Hilary Louise
(Sorry, mic was off, but here is a longer version from GrrCon)

Nowhere to hide
Lucas Gorczyca

Know the Enemy - How to make threat intelligence work!
Nir Yosha

Hack like a Gohper
Kent Gruber

@taco_pirate's Art of Woo
Ben Carroll

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Practical Incident Response in Heterogenous Environment
Kevin Murphy & Stefano Maccaglia

Security KPIs - Measuring Improvement in Your Security Program
Steven Aiello

Opening

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Winning the cybers by measuring all the things
Jim Beechey

Social Engineering for the Blue Team
Timothy De Block

The Emerging Product Security Leader Discipline
Matthew Clapham

Server Message Block Worms: The gift that keeps on giving
Matthew Aubert

Don't Fear the Cloud: Secure Solutions at Lower Cost
Matt Newell

DevSecOps: Security Testing with CI/CD Automation Servers
Ed Arnold

Backdooring With Metadata
Itzik Kotler

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Nick Defoe

Securing ASP.NET Core Web Apps
Dustin Kingen

All the Bacon: How Lesley Knope and Ron Swanson encourage community growth
Kevin Johnson

ATT&CK Like an Adversary for Defense Hardening
Steve Motts & Christian Kopacsi

Unblockable Chains � Is Blockchain the ultimate malicious infrastructure?
Omer Zohar
(may post later)

DADSEC 102
Richard Cassara

The Things You Should Be Doing Defensively Right Now
Joel Cardella

Held Hostage: A Ransomware Primer
Nick Hyatt

Prowling: Better Penetration Testing
J Wolfgang Goerlich

Automating Web App security in AWS
Luther Hill

Finding the Money to Run an Effective Security Program
Matt Topper

Cryptocurrency- The Internetwide Bug Bounty Program
Brian Laskowski

Hacking Identity: A Pen Tester,s Guide to IAM
Jerod Brennen

Keynote
Jessica Payne

To AI or Not to AI? What the US Military Needs for Fighting Cyber Wars
Ernest Wong

Preparing for Incident Handling and Response within Industrial Control Networks
Mark Stacey

FailTime:​ ​ Failing​ ​ towards​ ​ Success
Sean Metcalf

Getting Saucy with APFS! - The State of Apple�s New File System
Sarah Edwards

Basic Offensive Application of MOF Files in WMI Scripting
Devon Bordonaro

An Open Source Malware Classifier and Dataset
Phil Roth

Counting Down to Skynet
Nolan Hedglin

How we reverse engineered OSX/Pirrit, got legal threats and survived
Amit Serper

Threat Activity Attribution: Diferentiatinn the Who from the How
Joe Slowik

Quantify your hunt: not your parents� red teaming
Devon Kerr

Internet Anarchy & The Global March toward Data Localization
Andrea Little Limbago

Powershell Deobfuscation: Putting the toothpaste back in the tube
Daniel Grant

Effective Monitoring for Operational Security
Russell Mosley Ryan St. Germain

Plight at the end of the Tunnel
Anjum Ahuja

Rise of the Miners
Josh Grunzweig

Malware Analysis and Automation using Binary Ninja
Erika Noerenberg

Between a SOC and a Hard Place
Shawn Thomas Andrew Marini James Callahan Dustin Shirley

Using Atomic Red Team to Test Endpoint Solutions
Adam Mathis

Exercise Your SOC: How to run an effective SOC response simulation
Brian Andrzejewski

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers Barrett Adams

Building a Predictive Pipeline to Rapidly Detect Phishing Domains
Wes Connell

Closing Ceremonies

Intro

Know Your Why
Oladipupo (Ladi) Adefala

Deploying Microsoft Advanced Threat Analytics in the Real World
Russell Butturini

An Oral History of Bug Bounty Programs
Dustin Childs

Blue Cloud of Death: Red Teaming Azure
Bryce Kunz

SECURITY INSTRUMENTATION: BE THE HERO GETTING VALUE FROM SECURITY
Brian Contos

Changing Who Writes the Queries: High-Leverage IR with Visual Playbooks & Visual Graph Analysis
Leo Meyerovich

Learning to Hack the IOT with the Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

Hacking the Users: Developing the Human Sensor and Firewall
Erich Kron

Community Based Career Activities or How Having Fun Can Help You with Your Career
Kathleen Smith, Cindy Jones,Doug Munro, Magen Wu

Hillbilly Storytime - Pentest Fails
Adam Compton

See the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How?
Bruce Wilson

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

Growing Up to be a Infosec Policy Driven Organization
Frank Rietta

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers, Barrett Adams

Hacking VDI 101
Patrick Coble

Evaluating Injection Attack Tools Through Quasi-Natural Experimentation
John O'Keefe-Odom

Social Engineering for the Blue Team
Timothy De Block

On Business Etiquette and Professionalism in the Workplace
Tess Schrodinger

InfoSec by the Numbers
Bill Gardner

Practical OSINT - Tools of the trade
Tom Moore

Potentially unnecessary and unwanted programs (a.k.a. PUPs)
Josh Brunty

How To Test A Security Awareness Program
Matt Perry

Disrupting the Killchain
Amanda Berlin

I have this piece of paper, now what?
Brandon Miller

Statistics Lie...Except About Passwords
Jeremy Druin

Intro

Red vs Blue and why We are doing it wrong
Chris Roberts

The Semi-Comprehensive Guide to Setting Up a Home Lab
Andrew Williams

Lessons learned from a OWASP Top 10 Datacall
Brian Glas

Attacker vs. Defender: Observations on the Human Side of Security
Todd O'Boyle

The Gilligan Phenomenon: Fixing The Holes In the Ransomware And Phishing Boats
Eric Kron

Machine Learning and Cyber Security: How Smart is Can it Be?
Shayne Champion

Closing

Intro

Lessons Learned - A 15 year Retrospective
Price McDonald

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

The Pillars of Continuous Incident Response
Brad Garnett

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Social Engineering for the Blue Team
Timothy De Block

Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail
Chris Reed

Creating a Cyber Volunteer Department
Ray Davidson

Closing
Frank Diaz

Keynote
Dave Kennedy

Automating Security Testing with the OWTF
Jerod Brennen

Looks Like Rain Again: Secure Development in the Cloud
Bill Sempf

How Stuxnet Ruined My Life For 6 Months (But I Got To Fly 1st Class A Lot)
Chris Raiter, Jeremy Smith

Emotet - Banking Malware With A Bite
Bradley Duncan

Keynote
Kevin Burkart

Cryptology: It�s a Scalpel, not a Hammer
Mikhail Sudakov

Pass the Apple Sauce: Mac OS X Security Automation for Windows-focused Blue Teams
Brian Satira

Why People Suck at Delivery: How to get your security projects off the ground and into production!
Nick d'Amato

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Are you ready for my call? Security researcher insights into Responsible Disclosure.
Jason Kent

Everything you always wanted to ask a hiring manager, but were afraid to ask!
Mike Spaulding
 

Deep Learning for Enterprise: Solving Business Problems with AI
Christian Nicholson

Building Jarvis
Stephen Hosom

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Shifting Application Security Left
Craig Stuntz

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

Security and Networking: Dual Purpose Tools
Cody Smith

Cybereason's Jim VanDeRyt - Fileless Malware Breakout Session
Jim VanDeRyt

The Quieter You Become, the More You�re Able to (H)ELK
Nate Guagenti, Roberto Rodriquez

AM Keynote
Matt Devos

Deep Dive in the Dark Web (OSINT Style)
Kirby Plessas

PM Keynote
Jack Daniel

Adding Pentest Sauce to your Vulnerability Management Recipe
Luke Hudson, Andrew McNicol

The Value of Design in Cyber Threat Intelligence
Devon Rollins

DNC Hacked Data in the Hands of a Trained Intelligence Professional
Wally Prather, Dave Marcus

Your Facts Are Not Safe With Us: Russian Information Operations as Social Engineering
Meagan Keim

DECEPTICON: Deceptive Techniques to Derail OSINT attempts
Joe Gray

I Thought Renewing the Domain Name Was Your Job?
Allan Liska

Automating Unstructured Data Classification
Malek Ben Salem

Vulnerability Patched in Democratic Donor Database
Josh Lospinoso

Living in a world with insecure Internet of Things (IoT)
Marc Schneider

Vulnerability Accountability Levers and How You Can Use Them
Amelie Koran

Cyber Mutual Assistance - A New Model for Preparing and Responding to Cyber Attack
David Batz

Rethinking Threat Intelligence
Tim Gallo

What Color Is Your Cyber Parachute?
Cliff Neve, Candace King, Kazi Islam, Trey Maxam, Amelie Koran

Feds Meet Hackers
Ariel Robinson, Alyssa, Feola, Gray Loftin, Beau Woods, Amélie E. Koran

Recruiting in Cyber
Dan Waddel, Kathleen Smith, Suzie Grieco, Sabrina Iacarus, Kirsten Renner, Karen Stied

How to get started in Cybersecurity
John Stoner

Improving Technical Interviewing
Forgotten Sec

Ask An Expert: Cyber Career Guidance and Advice
Micah Hoffman, Bob Gourley, John TerBush, Chris Gates, Kirby Plessas, Lea Hurley, Neal Mcloughlin, Ovie Carroll, Sarah Edwards, Tigran Terpandjian, Willie Lumpkin

Cyber Assurance - Testing for Success
Col. John Burger

You Can Run..but you cant hide!
Bruce Anderson

Red Team Apocalypse
Beau Bullock and Derek Banks

Advanced Persistent Security
Ira Winkler

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers and Barrett Adams

The Shoulders of InfoSec
Jack Daniels

Blockchain: The New Digital Swiss Army Knife?
G. Mark Hardy

Modern Day Vandals and Thieves: Wireless Edition
David Switzer and Jonathan Echavarria

Fraud; Should you worry?
Greg Hanis

A Security Look at Voice-Based Assistants
David Vargas

Hackers Interrupted
Alex Holden

Insane in the Mainframe: Taking Control of Azure Security
Jeremy Rassmusen

MiFare lady Teaching an old RFID new tricks
Daniel Reilly

Medical Device Security: State of the Art in 2018
Shawn Merdinger
(not recorded)

Weaponizing IoT - NOT!
Kat Fitzgerald
(not recorded)

Blue Team's tool dump. Stop using them term NeXt-Gen this isn't XX_Call of Duty_XX.
Alex Kot

Exploiting Zillow "Zestimate" for Reckless Profit
Robert "RJ" Burney

Self Healing Cyber Weapons
Logan Hicks

Ransomware: A Declining Force in Today's Threat Landscape
Brad Duncan

Modern web application security
Julien Vehent

Advanced Social Engineering and OSINT for Penetration Testing
Joe Gray

Critical Infrastructure & SCADA Security 101 for Cybersecurity Professionals
Juan Lopez

Exothermic Data Destruction: Defeating Drive Recovery Forensics
Nikita Mazurov and Kenneth Brown

Innovating for 21st Century Warfare
Ernest "Cozy Panda" Wong

MFA, It's 2017 and You're Still Doing Wrong
Presented by Dan Astor and Chris Salerno.

Out With the Old, In With the GNU
Lsly

IoT devices are one of the biggest challenges
Charles @libertyunix Sgrillo

Evading C2 Detection with Asymmetry
By Brandon Arvanaghi and Andrew Johnston

Abusing Normality: Data Exfiltration in Plain Site
Aelon Porat

Smarter ways to gain skills, or as the DoD puts it
Dr. P. Shane Gallagher, Institute for Defense Analyses, and Evan Dornbush, co-founder, Point3 Security, Inc.

Game of the SE: Improv comedy as a tool in Social Engineering
Danny Akacki - Security Monkey

File Polyglottery; or, This Proof of Concept is Also a Picture of Cats
Evan Sultanik

Your Facts Are Not Safe With Us: Russian Information Operations As Social Engineering
Meagan Dunham Keim

Supercharge Your SOC with Sysmon
Chris Lee & Matthew Giannetto

Threat Hunting: Defining the Process While Circumventing Corporate Obstacles
Kevin Foster, Matt Schneck, Ryan Andress

Put up a CryptoWall and Locky the Key - Stopping the Explosion of Ransomware
Erich Kron, CISSP-ISSAP

Web Hacking 101 Hands-on with Burp Suite
David Rhoades of MavenSecurity.com

Hacker Mindset
David Brown: CISSP, CISM, IAM

Intro
Benny Karnes

Fighting Advanced Persistent Threats with Advanced Persistent Security
Ira Winkler

Coming Up with the Next Wave of Cyber Innovations-Start by Thinking 1ns1d3 th3 B0x
Ernest Wong

I survived Ransomeware.... Twice
Matt Perry

Value of threat intelligence
Stealthcare

SDR & RF Hacking Primer
Andrew Bindner

Digital Forensic Analysis: Planning and Execution
John Sammons

Intro to WireShark
Josh Brunty

Secrets of Superspies
Ira Winkler

Total Recall: Using Implicit Memory as a Cryptographic Primitive
Tess Schrodinger

IoT Panel
RCBI

Hillbilly Storytime - Pentest Fails
Adam Compton

Hackers, Hugs and Drugs
Amanda Berlin

FLDigi - E-mail over Packet Radio
Aaron West and Rob West

From junk to jewels: Destruction is the key to building
Branden Miller & Audrey Miller

SCAP: A Primer and Customization
Scott Keener

Security Through Ansible Automation
Adam Vincent

Vehicle Forensics: An Emerging Source of Evidence
John Sammons

Network Forensics using Kali Linux and/or SANS Sift
Josh Brunty

911 DDOS
Dianiel Efaw

Pi's, Pi's and wifi
Steve Truax

Technical Testimony: Doing the Heavy Lifting for the Jury
John Sammons

Emergent Gameplay
Ron Moyer

Closing

GrrCON 2017 Videos
These are the videos of the presentations from GrrCON 2017. Big thanks to EggDropX and Jaime for having me out, and my video crew  (paint27, Erick, & brettahansen) for recording.

Ghast

STRATEGIES ON SECURING YOU BANKS & ENTERPRISES. (FROM SOMEONE WHO ROBS BANKS & ENTERPRISES FOR A LIVING!)
Jayson E Street

Population Control Through The Advances In Technology�
Chris Roberts
(sorry for the music in back ground)

You Got Your SQL Attacks In My Honeypot
Andrew Brandt

3rd Party Data Burns
Arron "Finux" Finnon

Morphing to Legitimate Behavior Attack Patterns
Dave Kennedy

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF
Jerod Brennen

Oops! Was that your pacemaker?
Charles Parker, II

10 Cent Beer Night: The World we now Live In
Johnny Xmas

Realizing Software Security Maturity: The Growing Pains & Gains
Mark Stanislav & Kelby Ludwig

Cyber, Cyber, Cyber - Using the killchain to accomplish something
Amanda Berlin

An Employee, their Laptop and a Hacker walk into a Bar
Shannon Fritz

Eye on the Prize - a Proposal for Legalizing Hacking Back
Adam Hogan

I've got a (Pocket) Bone to pick with you
Dr Phil Postra

Gig

Topic depends on number of federal agents in audience
Atlas of Doom

Embedding Security in Embedded Systems
Dr. Jared DeMott

National Guard for Cyber? How about a Volunteer Cyber Department?
Ray Davidson

Red Team Yourself
Thomas Richards

An Attack Pathway Into Your Organization? Reducing risk without reducing operational efficiency
David Adamczyk

Pen Test War Stories - Why my job is so easy, and how you can make it harder
Aaron Herndon

Skills For A Red-Teamer
Brent White & Tim Roberts

ProbeSpy: Tracking your past, predicting your future
stumblebot

vAp0r and the Blooming Onion
Justin Whitehead & Jim Allee

A GRReat New Way of Thinking about Innovating for Cyber Defense (and even Cyber Offense)
Ernest "Cozy Panda" Wong

Threat Intelligence: Zero to Basics in presentation
Chris J

Learning from InfoSec Fails
Derek Milroy

A Reporter's Look at Open Source Intelligence
Hilary Louise

Hidden Treasure: Detecting Intrusions with ETW
Zac Brown

The Black Art of Wireless Post-Exploitation
Gabriel "solstice" Ryan

Mi Go

Change is Simply an Act of Survival: Predicting the future while shackled to the past
Bil Harmer

Dissecting Destructive Malware and Recovering from Catastrophe
Bryan York

Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm Gladwel
Jim Wojno & Dan Kieta

How do you POC? Are you really testing a product
Ken Donze

Tales From The Trenches: Practical Information Security Lessons
Michael Belton

Securing the Internet of Things (IoT) -Through Security Research and Vulnerability Analysis
Deral Heiland

The Future of Cyber Security
Anthony Sabaj

Building a Usable Mobile Data Protection Strategy
David "Heal" Schwartzberg

Software Defined Segmentation
Matt Hendrickson

The Shuttle Columbia Disaster: Lessons That Were Not Learned
Joel "I love it when they call me Big Poppa" Cardella

Infrastructure Based Security
Chris Barnes

Defending The De-funded
Keith Wilson

Real-World Red Teaming
spartan

We got it wrong
Wolfgang Goerlich

Critical Incident: Surviving my first layoff by applying BCP/DRP Principles
Tom Mead

Louisville Infosec 2017
Below are the videos from the Louisville Infosec 2017 conference. Thanks to all the video volunteers for helping me record.

Building an Infrastructure to Withstand
David Kennedy

Learning Crypto By Doing It Wrong
Jeremy Druin

A Needle in the Cloud
Michael Leigh

How to make your next audit less awful: Compliance by Default
Tom Kopchak

Strengthening the Human Firewall
Alexandra Panaretos

Of Flags, Frogs & 4chan: OPSec Vs. Weponized Autism
Adrian Crenshaw

The Enemy Within - Detecting and Mitigating Insider Threats
Justin Wilkins

Assessing POS Devices for Tampering
Chris Gida

Or How I Learned to Stop Worrying and Love the ...
Robert L. Brown

The Edge of Normal
Mark Loveless

Measuring Cyber Risk with Open FAIR
Apolonio "Apps" Garcia and John Zuziak

Investigating Malware using Registry Forensics
Jason Hale

Defeating the Modern Cyber Attacker
Travis Funkhouser

Show me the Money! Using the CIS Critical Security Controls to procure funding for your security program
Carla Raisler

BSides Cleveland 2017 Videos
These are the videos from the Bsides Cleveland conference. Thanks to djaj9, JDogHerman, jayw0k, justinschmitt & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.

Morning
 Keynote
Wendy Nather

Better manual web application testing through automation
Brian Mead

Blue-Teamin' on a Budget [of Zero]
Kyle Bubp

PANDA, walking loud in the cloud
Logan Hicks, Seth Hall, Kelsey Hightower, Laura Taylor, Doug Burks

Diary of a Security Noob
TJ Toterhi

Delete Yourself: Cognitive Bias during incidence response
Dru Streicher

Enterprise Monitoring From Zero
Andrew Johnson

What They're Teaching Kids These Days
Rob Olson, Chaim Sanders

Mid-Day Keynote
Ben Ten

IoT Device Pentesting
Erik Daguerre

Cyber, Cyber, Cyber - Using the killchain to accomplish something
Amanda Sullivan Berlin

Decentralization For Security and Freedom: A Discussion of Asymmetric and Decentralized Technologies
Tom Pieragastini

Getting back to the old school
Jamie Murdock

The Python in the Apple
Spencer McIntyre

Quantifying Security's Value - It Can Be Done!
Arianna Willett

Building your Human Firewall
Christopher Jones, John Winkler

Spy vs. Spy - Tips from the trenches for red and blue teams
Thomas McBee, Jeff McCutchan

Eye on the Prize - a Proposal for Legalizing Hacking Back
Adam Hogan

Choose Django for Secure Web Development
Vince Salvino

MacOS - An easy exploit 2-ways.
Cody Smith

Bypassing Next-Gen Tech
David Kennedy

Hacking in Highschool: Inspiring the next generation of security professionals
Michael Benich

Afternoon Keynote
John Strand

ANYCon: Year One Kick-Off
Tyler Wightson

Keynote: Industry Of Change
Dave Kennedy

The Changing Landscape of Cyber Security and Training the New Generation of Cyber Warriors
Sanjay Goel

OWASP Top 10: Hacking Web Applications with Burp Suite
Chad Furman

Hacking Politics: Infosec in Public Policy
Jonathan Capra and Rashida Richardson and Shahid Buttar

Sniffing Sunlight
Erik Kamerling

Noob 101: Practical Techniques for AV Bypass
Jared Hoffman

Jedi Mind Tricks: People Skills for Security Pros
Alex DiPerna

Red Team Yourself
Thomas Richards

Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools
John Dunlap

The Stuffer
Sean Drzewiecki and Aaron Gudrian and Dr. Ronny L. Bull

Big Data's Big Problems
Jeanna Neefe Matthews

VLAN hopping, ARP Poisoning and Man-In-The-Middle Attacks in Virtualized Environments
Dr. Ronny L. Bull

Bringing Home Big Brother: Personal Data Privacy in the Surveillance Age
Todd Brasel and Michele Warner

Measuring the Efficacy of Real-Time Intrusion Detection Systems
Jeffrey Richard Baez

To SIEM or not to SIEM: an Overview
Chris Maulding

Let's Play Defense at Cyber Speed
Duncan Sparrell

Real Security Incidents, Unusual Situations
Adam Dean

Incident Response Evolved - A Preventative Approach to Incident Management
Aaron Goldstein

Thinking 1nside-the-B0x: Cyber Defense and Deterrence via How Hackers Think
Lieutenant Colonel Ernest Y. Wong

Making Friends for Better Security
Alexander Muentz

Does DoD Level Security Work in the Real World?
Jeff Man

The Road to Hiring is Paved in Good Intentions
Tim O'Brien

Whose Idea Was That? Comparing Security Curriculums and Accreditations to Industry Needs
Robert Olson and Chaim Sanders

Hacks, Lies, & Nation States
Mario DiNatale

Hold my Red Bull: Undergraduate Red Teaming
Jonathan Gaines

Ermahgerd: Lawrs
Prof. Robert Heverly

So You Want To Be A H6x0r, Getting Started in Cybersecurity
Doug White and Russ Beauchemin

DIY Spy Covert Channels With Scapy And Python
Jen Allen

InfoSec Career Building Through Reserve Military Service
Dan Van Wagenen

A Day in the Life of a Security Analyst
Marc Payzant and Ken Oliver and Aneesa Hussain

Breaking is Bad: Why Everyone at This Conference Will be Unemployed
Reg Harnish

Opening Ceremonies

Opening Keynote: Words Have Meanings
Dan Tentler

And the Clouds Break: Continuity in the 21st Century
Wolfgang Goerlich

DNS Dark Matter Discovery - There's Evil In Those Queries
Jim Nitterauer

Tales from the Crypt...(analyst)
Jeff Man

Trials and Tribulations of setting up a Phishing Campaign - Insight into the how
Haydn Johnson

Everything is Not Awesome: How to Overcome Barriers to Proper Network Segmentation
Jason Beatty

Talky Horror Picture Show: Overcoming CFP Fears
Kat Sweet

Fuzzing with AFL
Adam DC949

Cybersecurity for real life: Using the NIST Framework to protect your critical infrastructure
Ryan Koop

Why is the Internet still working?
James Troutman

Effective Report Writing for Security Practitioners
Benjamin Robinson

The Decision Makers Guide To Managing Risk
Joel Cardella

Application Security Metrics
Caroline Wong

Security Training: Making Your Weakest Link The Strongest
Aaron Hnatiw

Network Security? What About The Data?
0ddj0bb 0ddj0bb

Detecting DNS Anomalies with Statistics
Jamie Buening

It's A Disaster!
Cheryl Biswas

OSINT And Your World A Love Story
Michael James

Network manipulation on video games.
Alex Kot

Threat Intelligence: Zero to Basics
Chris J

The Kids Aren't Alright: Security and K-12 Education in America
Vivienne Pustell

Ph'ing Phishers
JAe

How To Be Curious
Bret Mattingly

Of Flags Frogs 4chan OPSec vs Weaponized Autism
Adrian Crenshaw

The State of Security in the Medical Industry
Cannibal (billy)

Open Sesamee
Max Power

See beyond the veil: Automating malicious javascript deobfuscation
Chad Robertson

Changing our future with 3D Printing
Emily Peed

You're not old enough for that: A TLS extension to put the past behind us
Falcon Darkstar Momot

We Don't Always Go Lights and Sirens
Kendra Cooley

Ichthyology: Phishing as a Science
Karla Burnett

Creating Your Own Customized Metamorphic Algorithm
Raul Alvarez

Peakaboo - I own you: Owning hundreds of thousands of devices with a broken HTTP packet
Amit Serper

Ye Olde Hacking
Johnny Xmas

Closing Keynote: Lectures or Life Experiences - Awareness Training that Works!
Tottenkoph & Cindy Jones

Closing Ceremonies

ShowMeCon 2017 Videos
These are the videos ShowMeCon 2017. Thanks to Renee & Dave Chronister (@bagomojo) and others for having me out to record and speak. Also thanks to my video crew @r3tr0_cod3x Aaron, Jon and some other people I may have forgotten.

Data Loss Prevention in a Social Media World
Phllip Tully

Royal Testing: Purple teaming to build and secure applications better!
Kevin Johnson

Dark Web Economies (...and you can too!)
Johnny Christmas

DIY CTF - How to gain momentum on your security awareness program by hosting a CTF
Matt Thelan

Deconstructing Chaos: �through "Behavioral Detection"
Daniel Stiegman

Something Died Inside Your Git Repo: Recognizing the Smell of Insecure Code
Cliff Smith

REVERSING A POLYMORPHIC FILE-INFECTING RANSOMWARE
Raul Alvarez

The Beginner's Guide to ICS:� How to Never Sleep Soundly Again
Dan Bougere

Windows IR made easier and faster - Find the head of the snake using AutoRuns, Large Registry Keys, Logs, IP/WhoIs and Netflow
Michael Gough

Homebrew powershell: Where to begin with Data Sources and baseline data.
Andrew Metzger

Where Cypherpunk Meets Organized Crime: The Shifting Landscape of Underground Economies and Crypto-driven Privacy
Ben Brown

VR-Bleeding Edge of Development and Technology-But Are We Making Old Mistakes?
Arnar Gunnarson

F@$#IN Trojans! An Interactive Impromptu Talk on Our Most Dangerous Threat
Parameter

Kick starting an application security program
Tim De Block

Of Flags, Frogs & 4chan: OPSec vs. Weaponized Autism
Adrian Crenshaw

Intro to Threat Hunting
Aaron Mog

Panel Title: The Good, the Bad, and the Ugly: HIPAA in an InfoSec World
Hudson Harris

How to Patch Stupid - A Modern Approach To Securing Users
Joshua Crumbaugh

When Molehill Vulnerabilities Become Mountainous Exploits
Igor Matlin

Dear Blue Team, This is why I always win. Love, A Hacker
Dave Chronister

How I Inadvertently Outsourced My IT Job to a Fancy Bear
Tim MalcomVetter

NolaCon 2017 Videos
Recorded at NolaCon 2017. Thanks to @CurtisLaraque, Federico, Morgan, & Ken for the video recording help, and @nola_con, @erikburgess_, Yvonne & Rob for having me down to record.

Does DoD Level Security Work in the Real World?
Jeff Man

Hacking the IoT: A Case Study
Nancy Meares Snoke and Phoenix Snoke

Going past the wire: Leveraging Social Engineering in physical security assessments
"Snow" Stephanie Carruthers

Hurt Me Plenty: The Design and Development of Arganium
Todd Carr

Easy Indicators of Compromise: Creating a Deception Infrastructure
David Kennedy

Arming Small Security Programs: Network Baseline
Matt Domko

Make STEHM Great Again
David Schwartzberg

Designing and Implementing a Universal Meterpreter Payload
Brent Cook

EDNS Client Subnet (ECS) - DNS CDN Magic or Secur
Jim Nitterauer

Rooting out evil: defend your data center like the Secret Service protects the President
Nathaniel Gleicher

Attacking Modern SaaS Companies
Sean Cassidy

The Unbearable Lightness of Failure
Dave Lewis

Phishing for Shellz: Setting up a Phishing Campaign
Haydn Johnson

Iron Sights for Your Data
Leah Figueroa

Security Guards -- LOL!
Brent White & Tim Roberts

Embrace the Bogeyman: Tactical Fear Mongering for Those Who Penetrate
FuzzyNop

Skynet Will Use PsExec: When SysInternals Go Bad
Matt Bromiley & Brian Marks

The Devil's Bargain: Targeted Ransomware and Its Costs
Joshua Galloway

22 Short Films About Security
Charlie Vedaa

Security is dead. Long live Infosec!
David Shaw

An Employee, their Laptop and a Hacker walk into a Bar
Shannon Fritz

Beyond OWASP Top 10
Aaron Hnatiw

Scamming the Scammers: Hacking scammers with pwns
Nathan Clark

Moving Towards Maturity: 5 Issues InfoSec Must Address
Jim Beechey

Plotting Hackers: Visualizing Attack Patterns
Kent Gruber

STEHM is the new STEM
David Schwartzberg

Hacking with Ham Radios: What I have learned in 25 years of being a ham.
Jay and Jerome Radcliff

Navigating Career Choices in InfoSec
Fernando Montenegro

Windows Event Logs - Zero to Hero
Nate Guagenti / Adam Swan

Network Security? What about the Data?
Jack Hatwick

ProbeSpy: Tracking your past, predicting your future
Ian Odette

Playing in Memory: Examples of User Theivery and Hunting for Malware
Kyle Andrus

The AppSec Starter Kit
Timothy De Block

An Employee, their Laptop and a Hacker walk into a Bar
Shannon Fritz

Estimating Development Security Maturity in About an Hour
Matt Clapham

You Are Making Bad Decisions and You Should Feel Bad
Joel Cardella

Violent Ruby: A Talk for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
Kent Gruber

Prioritize Vulnerability Remediation
Amol Sarwate

Stories through Logging: "It was the best of logs, it was the worst of logs"
Tom Kopchak

That Escalated Quickly
Shaun Bertrand

How to kick start and application security program
Timothy De Block

Vectors and Victims: Analyzing vulnerabilities through disease models
Rich Cassara

Threat Modeling 101
Matt Clapham

Prioritizing IT Security Projects for the Business
Martin Bally, Steve Barone, John Beeskow, David Derigiotis, Russ Gordon, John Scrivens

Defending The De-funded
Keith Wilson

How to Transform Developers into Security People
Chris Romeo

You have Updates!...A look at an old tool making a comeback 'Evilgrade'
Reid Brosko

Predicting Exploitability
Michael Roytam

Fast wins for the defense!
Justin Herman

How Much Security Do You Really Need?
Wendy Nather

Tarnished Silver Bullets
Wolfgang Goerlich

A Top 10 List for Better AppSec (Hint: It's Not the OWASP Top Ten)
Dave Ferguson

AppSec Behaviors for DevOps Breed Security Culture Change
Chris Romeo

The 4 Eyes of Information Security
Fernando Montenegro

Practical Security Recommendations from an Incident Responder
Matthew Aubert

You and Your Technical Community
David Giard

Panel - Cyber Security Hiring, Retention, and How to Get the Perfect Job in a Competitive Market

Misbehaving Networks?
Daniel Gregory

Leveraging Vagrant to Quickly Deploy Forensics Environments
Jeff Williams

New School Security: Combat Mindset
Mike Behrmann

Keynote
Rob M Lee

Clean up on Aisle APT
Mark Parsons

Frony Fronius - Exploring Zigbee signals from Solar City
Jose Fernandez

Weaponizing Splunk: Using Blue Teams for Evil
Ryan Hays

Current State of Virtualizing Network Monitoring
Daniel Lohin & Ed Sealing

The Not So Same-Origin Policy
David Petty

IoT Pressure Cooker What Could Go Wrong
Ben Actis

OPSEC for the Security Practictioner
Michael Clayberg

Automating Bulk Intelligence Collection
Gita Ziabari

I Went Phishing and Caught a Charge � Maryland Law for Pentesters
Joshua Rosenblatt

Imposter Syndrome: I Don't Feel Like Who You Think I Am
Micah Hoffman

The Battle for OSINT - Are you Team GUI or Team Command Line?
Tracy Z. Maleeff & Joe Gray

SOC Panel Keynote

Keynote
Jim Christy

Red Teaming the Board
Robert Wood

The AVATAR Project and You
da_667

Threat Hunting - Thinking About Tomorrow
Tazz

Understanding the Cybersecurity Act of 2015
Jeff Kosseff

Detecting the Elusive: Active Directory Threat Hunting
Sean Metcalf

Microsoft Patch Analysis for Exploitation
Stephen Sims

Arming Small Security Programs: Network Baseline Generation and Alerts with Bropy
Matt Domko

The Cryptography of Edgar Allan Poe
Robert Weiss (pwcrack)

Closing

Mental Health in Infosec: Hackers, Hugs, & Drugs
Amanda Berlin

Got Vendors?
Armin Smailhodzic and Willie Hight

Emerging Legal Trends in Cybersecurity
Rodney Hampton

Trust, But Verify, Your SAML Service Providers
Bruce Wilson

Does DoD Level Security Work in the Real World?
Jeff Man

Abstract Tools for Effective Threat Hunting
Chris Sanders

Infosec Tools of the Trade: Getting Your Hands Dirty
Jason Smith and Tara Wink

How to learn reverse engineering, kick ass at bug bounties, and being a bad ass SOC analyst
ben actis

A Pyrate looks at 40
Adam John

Springtime for code reviews
Ryan Goltry

Marrying Incident Response and Threat Intel Within Your Enterprise
Joe Gray and Ben Shipley

Security Guards -- LOL!
Brent White

Windows Operating System Archaeology
Casey Smithand Matt Nelson

Intro to drone tech
Ron Foster

Weaponizing Splunk: Using Blue Team Tools for Evil
Ryan Hays

Chunky Cookies: Smashing Application Aware Defenses
Russell Butturini

The Attack Is Coming From Inside The Refrigerator!
Mark Boltz-Robinson

Human Error and It's Impact on Your Infosec Program
Mike Baker

How to Speak Cat Picture Resiliency -- The ability to make a business case for proactive incident response
Scott Lyons and Joshua Marpet

Learning Cryptography by Doing it Wrong
Jeremy Druin

I Survived Ransomware... TWICE
Matt Perry

How Russia Hacked The Election
Bill Gardner

OS X Forensics
Brian Martin

Making Our Profession More Professional
Bill Gardner

Cyphercon 2.0 Videos
These are the videos from the Cyphercon 2.0 conference. Thanks to Michael Goetzman for having me out to record, and Paul and Tom for helping record.

Opening Ceremony
CypherCon Organizors

KEYNOTE: STEHM is the new STEM
David "Heal" Schwartzberg

Beyond the Fringe: Anomalies of Consciousness, Experience, and Scientific Research
Richard Thieme

Cluster Cracking Passwords & MDXfind
Robert Reif

A Look Behind the Scenes of DEFCON DarkNet
Ed Abrams (zeroaltitude), Demetrius Comes (cmdc0de)

JavasCrypto: How we are using browsers as Cryptographic Engines
Kat Traxler

Can Cryptography Frustrate Fascism?
Phillip Rogaway

Threat Intelligence 101: Basics without Buzzwords
M4n_in_Bl4ck

Explore Wisconsin Hacker History
Brad Swanson

Brain Based Authentication
Melanie Segado, Sydney Swaine-Simon

The Upside Down: Going from NetSec to AppSec
Cody Florek

Tracking/Monitoring WiFi devices without being connected to any network
Caleb Madrigal

Wireless Capture the Flag
Eric Escobar

KEYNOTE: The History of Video Game Console Hacking
Dan Loosen

Protecting Passwords with Oblivious Cryptography
Adam Everspaugh

A Look Behind the Scenes of DEFCON DarkNet - Part II - Part II
Ed Abrams (zeroaltitude), Demetrius Comes (cmdc0de)

Forensic Deconstruction of Databases through Direct Storage Carving
Dr. Alexander Rasin

Espionage & Soviet MiGs
Dave Roebke

Naked and Vulnerable: A Cybersecurity Starter Kit
Shannon Fritz

Wasn't DLP supposed to fix this?
Amit Riswadkar (FeMaven)

IoT Security Privacy Weaknesses & Ransomware
Rick Ramgattie

Predictive Analytics and Machine Learning: 'Real' Use Cases for IT/Security Professionals
John Platais

From zero to Bender in 12 months, how a software guy turned hardware
Zapp

Badge Panel

Does DoD Level Security Work in the Real World?
Jeff Man

Badges

Closing Ceremony
CypherCon Organizors

Strange times we live in:
Alexander Muentz

Real World Examples of IT Risks
Fred Reck

The first 48: All your data are belong to us
Chad Gough & Molody Haase & Jared Sikorski

Deleted Evidence: Fill in the Map to Luke Skywalker
David Pany

The Cox Fight and Beyond: Kodi, the Brave New World of Copyright Infringement, and ISP Liability
Alex Urbelis

What is the size of a sparse file in NTFS
John Riley

Black Box Mac OSX Forensics
Brian Martin

Math and Cryptography
Sam Gross

Road Ahead
Ben Tice

Honey, I Stole Your C2 Server: A dive into attacker infrastructure
Andrew Rector

Building a Scalable Vulnerability Management Program for Effective Risk Management
Katie Perry

New results in password hash reversal
Mark Sanders

Lessons Learned from Pwning my University Aaron Thomas
Aaron Thomas

Windows Event Logs - Zero to Hero
Nate Guagenti & Adam Swan

What Can my Logs Tell me?
Art Petrochenko

A POS Breach Investigation
Kevin Strickland

Abusing Google Dorking and Robots.txt
Dave Comstock

APT-What the heck is an APT?
Bill Barnes

Technological Changes that Affect Forensic Investigations
Diane Barrett

Deceptive Defence
Daniel Negron

Cryptography 0-128
Ben Tice

Sometimes They Are Innocent!
Scott Inch

Securely Deleting Data from SSDs
Stephen Larson

Intro

Strategies on Securing you banks & enterprises. (From someone who robs banks & enterprises for a living!)
Jayson Street

Crypto defenses for real-world system threats
Kenneth White

Hardware Hacking: Abusing the Things
Price McDonald

Kick starting an application security program
Timothy De Block

OSINT For The Win - Tools & Techniques to Maximize Effectiveness of Your Social Engineering Attacks
Joe Gray

Physical Phishing, Way Beyond USB Drops!
Rich Rumble

Weaponizing Nanotechnology and hacking humans; 2017 updates :)
Chris Roberts

Make STEHM Great Again
David Schwartzberg

AM Key Note
Ron Gula

Using Software Defined Radio for IoT Analysis
Samantha Palazzolo

Imposter Syndrome: I Don't Feel Like Who You Think I Am.
Micah Hoffman

PM Keynote - Tarah Wheeler

How the Smart-City becomes stupid
Denis Makrushin

Won't Get Fooled Again: The expected future of IoT malware and what to do about it.
Blaine Mulugeta

Software Supply Chains and the Illusion of Control
Derek Weeks

"Humans, right?" Soft Skills in Security
Ariel Robinson

Panel | Local Community Cyber Groups in NoVA
Jeremy Duncan

Networking with Humans to Create a Culture of Security
Tracy Maleeff

Why the NTP Security Problem Is Worse than You Think
Allan Liska

Bro, I Can See You Moving Laterally
Richie Cyrus

Panel | Parlaying Education and Experience into an Infosec Career
Forgotten Sec

So you want to be a "Cyber Threat Analyst" eh?
Anthony Melfi

0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
Blaine Stancill

Finding a Companies BreakPoint
Zachary Meyers

Challenges and Opportunities: Application Containers and Microservices
Andrew Wild

Cyber Hunt Challenge - Develop and Test your Threat Hunting skills
Darryl Taylor

Anti-Virus & Firewall Bypass Techniques BY Candan B�-LÜKBAS
Candan Bolukbas

I'm Cuckoo for Malware: Cuckoo Sandbox and Dynamic Malware Analysis
Lane Huff

Keynote Talk : - Cyber Security in the Age of Espionage
Eric O'Neill (Not posted)

Advanced Targeted Attack.
Andy Thompson

Phishing Pholks Phor Phun and Prophit
Erich Kron

Alert All the Things! (Network Baselines/Alerts with Bro Scripts)
Matthew Domko

Intro to Fuzzing for Fun and Profit
Brian Beaudry

Keynote
Kevin Poulsen (Not Recorded)

Build Your Own Physical Pentesting Go-Bag
Beau Bullock, Derek Banks

NFC Your Smartphone's Best Friend or Worst Nightmare
Shane Hartman

e-Extortion Trends and Defense
Erik Iker

HIPAA for Infosec Professionals
Michael Brown

Deconstructing 100% JavaScript-based Ransomware
Jeremy Rasmussen & Paolo Soto

Mozilla's tips on strong HTTPS
Julien Vehent

Redefining Security in a Cloud-Centric Future
Mike Spaulding & Mitch Spaulding

Securing The Electrical Grid From Modern Threats
Christopher Williams

Securing Agile Development
Alan Zukowski

What I've Learned Writing CTF Challenges
Vito Genoese

Build the capability to Detect, Triage And Respond
Scott Sattler

What the Hell is ICS Security?
Brandon Workentin

Protecting Third-Party Risk From Plundering
Stacey Banks

Protecting Visual Assets: Digital Image Counter-Surveillance Strategies
Nikita Mazurov & Kenneth Brown

ArchStrike Linux
Chad Seaman

Hacking The Sabbath
Jonathan Singer

Chaining The Future: Block Chains and Security
Joe Blankenship

Learning From Pirates of the Late 1600s - The first APT
Adam Hogan

What I Learned About Cybersecurity by Training With US Navy SEALs
Matthew Curtin

Cross Origin Resource Sharing Kung fu
Aditya Balapure

Redefining Security in a Cloud Centric Future
Mike Spaulding

Automating Security in Building Software
Warner Moore

Planning and Executing a Red Team Engagement
Timothy Wright

DNSSec Explained!
Dan Benway

Midwestern Nice - Stereotype or Enterprise Threat?
Valerie Thomas

Information Security Talent Trends to expect in 2017
Megan Wells AJ Candella

Attacker's Perspective: A Technical Demonstration of an Email Phishing Attack
Zac Davis

Crashing Android phones via hostile networks
Yakov Shafranovich

I'm Cuckoo for Malware: Cuckoo Sandbox and Dynamic Malware Analysis
Lane Huff

How to Find a Company's BreakPoint
Andrew McNicol

What the deuce? Strategies for splitting your alerts.
John T. Myers

Red Team Yourself
Thomas Richards

Keynote
Matt Blaze

Solar Flare - Pulling apart SolarWinds ORION
Rob Fuller

Staying Afloat in a Tsunami of Security Information
Tracy Z. Maleeff

Hunting: Defense Against The Dark Arts
Danny Akacki

Every day is a Zero Day: Building an in-house Secure SDLC program
Tony Reinert

Owning MS Outlook with Powershell
Andrew Cole

A tour through the magical wonderful world of crypto land
Ben Agre

Remote attacks against IoT
Alex Balan

Hacking the Human: Social Engineering Basics
Dave Comstock (sten0)

Where do I start?
Charles Sgrillo II

Top 10 Mistakes Made In Active Directory That Can Lead To Being Compromised
Adam Steed

So you want to beat the Red Team?
Cameron Moore

Hacking Your Way into the APRS Network on the Cheap -- Extended Edition
Mark Lenigan

Threat Intel Analysis of Ukrainian's Power Grid Hack
Nir Yosha

Cryptography Pitfalls
John Downey

Information security and the law
Alex Muentz

Getting Permission to Break Things
William Bailey

"Knowing the Enemy"- Creating a Cyber Threat Actor Attribution Program
Jack Johnson

Red Teaming your Risk Management Framework
Keith Pachulski

Web Application Exploit 101 : Breaking Access Control and Business Logic
Tomohisa Ishikawa

Size Doesn't Matter : Metrics and Other Four Letter Security Words
Jim Menkevich

These are the videos of the presentations from Secure West Virginia 2016. Thanks to Dave, Justine and Tim for helping record. Sorry for the off audio timings, this is the first time I've used OBS Studio for a con and I was testing new capture gear.

Welcome
Benny Karnes

Keynote
Dave Kennedy

SHALL WE PLAY A GAME. How to make an two player bartop arcade machine with a Raspberry Pi.
Steven Truax

Maker/Hacker Space Panel - RCBI
 

So You Wanted to Work in Infosec
Joey Maresca

Making Our Profession More Professional
Bill Gardner

Special Agent Michelle Pirtle
(not recorded)

So You've Inherited a Security Department, Now What?
Amanda Berlin

SUSpect - A powershell based tool to provide early detection of ransomware and other attack techniques.
Mick Douglas

Building an Infosec Program from Ground Zero: From the Coat Closet to the Data Center
David Albaugh

How to Not Cheat on Your Spouse: What Ashley Madison Can Teach Us About OpSec
Joey Maresca

Windows Timelines in Minutes
Dr. Philip Polstra

Scripting Myself Out of a Job - Automating the Penetration Test with APT2
Adam Compton

WTF? Srsly? Oh FFS! - IR Responses
Mark Boltz-Robinson

Women in Infosec Panel
Adrian Crenshaw
Amanda Berlin
Taylor
Blair Gardner
(not posted)

Securing The Secure Shell, The Automated Way
Adam Vincent

Bitcoin: From Zero to "I get it."
Luke Brumfield

How to hack all the bug bounty things automagically & reap the rewards (profit)!
Mike Baker

Giving Back - Submitting to PTES 101
Jeremy Mio

Closing/Awards
Benny Karnes

Training

Intro to Linux
Benny Karnes

BASH Scripting
Justin Rogosky
(not recorded)

Python Scripting
Adam Byers

Intro to Kali
Wyatt Nutter

Forensics

Evidence Collection
John Sammons

Intro to WireShark
Josh Brunty

Intro to Digital Forensics
John Sammons

Network Forensics using Kali Linux and/or SANS Sift
Josh Brunty

Mobile Forensics An Introduction
Josh Brunty

Thieves

Act Three, The Evolution of Privacy
Finux

Weaponizing Nanotechnology and hacking humans; defining the boundaries
Chris Roberts

Becoming a Cyborg: The First Step Into Implantable Technology
Michael Vieau

Abnormal Behavior Detection in Large Environments
Dave Kennedy

Secure Dicks
Michael Kemp

and bad mistakes I've made a few...
Jayson Street (Only first 30 min)

Predator to Prey: Tracking Criminals with Trojans and Data Mining for Fun and Profit
Ken Westin

Guarding Dinner
J Wolfgang Goerlich

Back to the Future: Understanding our future but following the past
Kevin Johnson

Breaking Android Apps for Fun and Profit
Bill Sempf

Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years
Matt Bromiley & Preston Lewis

Pirates

Internet of Things (IoT) radio frequency (RF) Analysis With Software Defined Radio
Kevin Bong

So You Want to Be a Pentester
Absolute0x0

What do you mean I'm pwn'd! I turned on automatic updates!
Scott Thomas & Jeff Baruth

Surreal Paradigms: Automotive Culture Crash
D0xt0r Z3r0

Reversing and Exploiting Embedded Devices (Walking the software and hardware stack)
Elvis Collado

Threat Detection & Response with Hipara
J. Brett Cunningham

Still Broken After All These Years Aka Utility Security For Smarties
Doug Nibbelink

Threat Detection Response with Hipara
J Brett Cunningham

Quick and Easy Windows Timelines with Pyhon, MySQL, and Shell Scripting
Dr. Phil Polstra

Cruise Ship Pentesting OR Hacking the High Seas
Chad M. Dewey

Using Virus Total Intelligence to track the latest Phishing Document campaigns
Wyatt Roersma

Encryption, Mobility & Cloud Oh My!
Bill Harmer

Magnetic Stripes 101
Tyler Keeton

Machine Duping: Pwning Deep Learning Systems
Clarence Chio

Money, Fame, Power - Build your success as a security professional
Nathan Dragun

Tales from the Crypt...(analyst)
Jeff Man

What's in your Top Ten? Intelligent Application Security Prioritization
Tony Miller

Binary Ninja
Jared Demott

Phish your employees for fun!
Kristoffer Marshall

Securing Trust - Defending Against Next-generation Attacks
John Muirhead-Gould

Five Nights At Freddys: What We Can Learn About Security From Possessed Bears
Nick Jacob

Make STEHM Great Again
David "HealWHans" Schwartzberg

Pentester-to-customer:I will 0wn your network! - Customer-to-pentester:No, I will make you cry!
David Fletcher & Sally Vandeven

How Do You Secure What You Don't Control
Dimitri Vlachos

Fighting the Enemy Within
Matt Crowe

Getting to the Root of Advanced Threats Before Impact
Josh Fazio

Reality-Checking Your AppSec Program
Darren Meyer

How to Implement Crypto Poorly
Sean Cassidy

Stop attacking your mother's car!
Charles Parker, II

Contracting: Privacy Security and 3rd Party
Nathan Steed & Kenneth Coleman

Alignment of business and IT Security
Shane Harsch

So You've Inherited a Security Department, Now What?
Amanda Berlin

Piercing the Air Gap: Network Steganography for Everyone
John Ventura

On being an Eeyore in Infosec
Stefan Edwards

Welcome to The World of Yesterday, Tomorrow!
Joel Cardella

Board Breaking

Derbycon 2016 Videos
The link above is where I will be putting presentations from Derbycon 2016 (it will take a few days). Big thanks to my video jockeys Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Fozy, nightcarnage, Evan Davison, Chris Bridwell, Rick Hayes, Tim Sayre, Lisa Philpott, Ben Pendygraft, Sarah Clarke, Steven (SciaticNerd), Cory Hurst, Sam Remington, Barbie, Chris Bissle (and maybe the speakers too I guess).

Louisville Infosec 2016 Videos
Below are the videos from the Louisville Infosec 2016 conference. Thanks to all the video volunteers for helping me record. 

Morning Keynote
Chandler Howell
Ryan J. Murphy
John Pollack

The Domain Name System (DNS) - Operation, Threats, and Security Intelligence
Tom Kopchak

Insiders are the New Malware
Brian Vecci

Cloud Security; Introduction To FedRAMP
Sese Bennet

Cloud Access Security Broker - 6 Steps To Addressing Your Cloud Risks
Matt Bianco

Not One Thin Dime: Just Say No to Ransomware!
Mick Douglas

Securing Docker Containers
Chris Huntington

Emerging Governance Frameworks for Healthcare Security
Max Aulakh

Building Our Workforce
Kristen Bell

The Art of Offense and Defense
Mark Loveless

The Current State of Memory Forensics
Jason Hale

Understanding Attacker's use of Covert Communications
Chris Haley

How to Talk to Executives about Security
Harlen Compton

Pen Testing; Red and Blue Working Together
Martin Bos

Data Loss Prevention - How to get the most for your buck
Brandon Baker

The Transition: Risk Assessment > Risk Management
Mike Neal

Darwinism vs. Forensics
Bill Dean

Closing

Keynote

Keynote - Robert Joyce

Super Bad

Mobile Hacking
Aaron Guzman

Incident Response Awakens
Tom Webb

Dr. Pentester or: How I Learned To Stop Worrying and Love the Blue Team
Ryan O'Horo

Exploit Kits/ Machine Learning
Patrick Perry

Detection of malicious capabilities using YARA
Brian Bell

Owning MS Outlook with Powershell
Andrew Cole

RAT Reusing Adversary Tradecraft
Alexander Rymdeko-Harvey

Internet of Terrible
Brandon McCrillis

I Got You

Using Honeypots for Network Security Monitoring
Chris Sanders

This one weird trick will secure your web server!
David Coursey

This is not your Momma's Threat Intelligence
Rob Gresham

Moving Target Defense: Evasive Maneuvers in Cyberspace
Adam Duby

Beyond Math: Practical Security Analytics
Martin Holste

Exploit Kits and Indicators of Compromise
Brad Duncan

ICS/SCADA Threat Hunting
Robert M. Lee and Jon Lavender

Agilely Compliant yet Insecure
Tom Ruff

It's Too Funky In Here

Gamification for the Win
Josh Rykowski and Scott Hamilton

IDS/IPS Choices: Benefits, Drawback and Configurations
ForgottenSec

Micro-segmentation and Security: The Way Forward
Jack Koons

Adventures in RAT dev
Hunter Hardman

Linux privilege escalation for fun, profit, and all around mischief
Jake Williams

How About a Piece of Pi - Experiences with Robots and Raspberry Pi Hacking
John Krautheim

Flaying out the Blockchain Ledger for Fun, Profit, and Hip Hop
Andrew Morris

Network Situational Awareness with Flow Data
Jason Smith

Living In A America

A worm in the Apple - examining OSX malware
Wes Widner

You TOO can defend against MILLIONS of cyber attacks
Michael Banks

Finding Evil in DNS Traffic
Keelyn Roberts

Ransomware Threats to the Healthcare Industry
Tim Gurganis

Using Ransomware Against Itself
Tim Crothers and Ryan Borres

Hunting: Defense Against The Dark Arts
Jacqueline Stokes, Danny Akacki, and Stephen Hinck

Automating Malware Analysis for Threat Intelligence
Paul Melson

Hide and Seek with EMET
Jonathan Creekmore and Michael Edie

Intro

BSides Keynote
Atlas Of D00m

Car Hacking 0x05
Robert Leale

Learning Security the Hard Way: Going from Student to Professional
Benjamin Carroll

So You Want to Be a Pentester
Calvin Hedler

Sheep, the Shepard, History, and Eugenics - A historical reminder on why personal privacy matters when it comes to the government and corporations in the digital age.
David Schaefer

Emerging Threats
Tazz Tazz (Not posted)

I Have Been to The Future and I Did Not Want to Come Back
Garrett McManaway

How to Build a Home Lab
Chris Maddalena

Vulnerability Management Systems Flawed - Leaving your Enterprise at High Risk
Gordon MacKay

Bootstrapping A Security Research Project
Andrew Hay

Converge 2016
These are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Chris, Daniel, Daniel, Ed, Ben, Sam, Adam & Eric and others I may forget for helping to record.

Intro

Keynote 1
Steve Werby

So You've Inherited a Security Department, Now What?!?!
Amanda Berlin

Violating Trust: Social Engineering Past and Present
Paul Blonsky

AppSec Awareness: A Blue Print for Security Culture Change
Chris Romeo

Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester Mistakes
Jeremy Nielson

Threat Modeling for Secure Software Design
Robert Hurlbut

Not Even One Shade of Gray: Stop Tolerating Compromise in Security
Rich Boyer

MySQL 5.7 Security
Dave Stokes

Evolving the Noise out InfoSec using Law Enforcement Paradigms
Charles Herring

Game of Hacks - Play, Hack, and Track
Igor Matlin

Red is the new Blue - Defensive Tips & Tricks from a Defender turned Pentester
Ben Ten

Building a better user: Developing a security-fluent society
Rich Cassara

Food Fight
J Wolfgang Goerlich

Maneuvering Management Madness
Andrew Hay

Enterprise Class Threat Management Like A Boss
Rockie Brockway

Compliant, Secure, Simple. Pick two.
Joshua Marpet

Sentry on the Wall
Reid Brosko

Expanding Your Toolbox the DIY Way
Chris Maddalena

Surreal Paradigms: Automotive Culture Crash
Dave Schaefer

Haking the Next Generation
David Schwartzberg

Malware Magnets: A practical walkthrough in developing threat intelligence
Tazz Tazz

Still broken after all these years aka Utility Security for Smarties
Doug Nibbelink

Intro
Tom Webster

Breaking The Teeth Of Bluetooth Padlocks
Adrian Crenshaw

Identifying and Exploiting Hardware Vulnerabilities: Demo of the HRES Process
Tim Wright

2016 Predictions and How History repeats itself
Jason Samide

A Lawyer's Perspective on Data Security
Dino Tsibouris and Mehmet Munur

The Attacker's Dictionary
Joel Cardella

BSides Cleveland 2016 Videos
These are the videos from the BSides Cleveland conference. Thanks to djaj9, JDogHerman, jayw0k, Kevin, f0zziehakz & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.

Morning Keynote
Ian Amit

Red is the New Blue
BenOxa

My Cousin Viinny: Ethics and Experience in Security "Research"
Kevin Johnson

The Psychology of Social Engineering
Dave Chronister

Show Me Your Tokens (and Ill show You Your Credit Cards)
Tim MalcomVetter

IRLHN Pt.3 Intermediate Networking Techniques for the Recovering Introvert
Johnny Xmas

And Bad Mistakes�I've made a few
Jayson Street

All your Door(s) Belong to Me - Attacking Physical Access Systems
Valerie Thomas

Exploiting First Hop Protocols to Own the Network
Paul Coggin

Check Yo Self Before you Wreck Yo Self: The new wave of Account Checkers and Underground Rewards Fraud
Benjamin Brown

The Collission Attack - Attacking CBC and related Encryptions
Fontbonne

It's not a sprint�.
Tim Fowler

Social Media Risk Metrics - There's a way to measure how +@&# you are online
Ian Amit

Attacking OSX for fun and profit: tool set limiations, frustration and table flipping.
Dan Tentler

The Art of AV Evations - Or Lack Thereof
Chris Truncer

Understanding Offensive and Defense - Having a purple view on INFOSEC
Dave Kennedy

Breaking the Teeth of Bluetooth Padlocks
Adrian Crenshaw

PowerShell Phishing Response Toolkit
Josh Rickard

Championing a Culture of Privacy: From Ambivalence to Buy-IN
Hudson Harris

Why Compliance Matters; You've Been Doing it Wrong
Stacey Banks

How to Build a Home Lab
Timothy De Block

Logging for Hackers, How you can catch them with what you already have and a walk through of an actual attack and how we caught it.
Michael Gough

Where to Start when your environment is F*(3d
Amanda Berlin

Circle City Con 2016 Videos
These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Mike, 3ncr1pt3d, fl3uryz, InfaNamecheap, f0zziehak, Chris, PhenixFire, Sammy and other for helping set up AV and record.

Opening Ceremony
CircleCityCon Staff

Keynote - Dave Lewis
Dave Lewis

NolaCon 2016
Recorded at NolaCon 2016. Thanks to @CurtisLaraque, @HoltZilla, @sid3b00m & @ynots0ups for the video recording help, and @nola_con, @erikburgess_, & Rob for having me down to record.

Intro

Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
Jim Nitterauer

Snake Charming: Fun With Compiled Python
Gabe K

Monitoring & Analysis 101: N00b to Ninja in 60 Minutes
Grecs

Calling Captain Ahab: Using Open Tools to Profile Whaling Campaigns
Ryan Jones, McOmie

Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards Fraud
Benjamin Brown

Introducing the OWASP API Security Project
Leif Dreizler, David Shaw

Breaking Barriers: Adversarial Thinking for Defenders
Stacey Banks

It's Just a Flesh Wound!
Brett Gravois

Owning MS Outlook with PowerShell
Andrew Cole

Why can't Police catch Cyber Criminals?
Chip Thornsburg

Keynote
David Kennedy

Calling Captain Ahab: Using Open Tools to Profile Whaling Campaigns
Matt Bromiley

Haking the Next Generation
David Schwartzberg

Hacking Web Apps (v2)
Brent White

Evolving Your Office's Security Culture by Selective Breeding of Ideas and Practices
Nancy Snoke

I Promise I'm Legit: Winning with Words
Cyni Winegard &  Bethany Ward

You Pass Butter: Next Level Security Monitoring Through Proactivity
Cry0, S0ups

Going from Capture the Flag to Hacking the Enterprise. Making the switch from 'a hobby and a passion' to a lifelong career
Joseph Pierini

Hackers are from Mars, CxO's are from Jupiter
Rob Havelt

Don't be stupid with GitHub
Metacortex

DDoS: Barbarians at the Gate(way)
Dave Lewis

Hunting high-value targets in corporate networks
Josh Stone

Do You Want Educated Users? Because This is How You Get Educated Users.
Tess Schrodinger

Don't blame that checklist for your crappy security program
Branden Miller

Shooting Phish in a Barrel
Amanda Berlin

Minimalistic Physical Assessment Kit
Tom Moore

Hacking Web Apps
Brent White and Tim Roberts

BSides Nashville 2016 Videos
These are the videos BSides Nashville 2016. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Gabe Bassett, Nate and Alex McCormack for helping set up AV and record.

And bad mistakes I've made a few
Jayson Street

At the mountains of malware
Wes Widner

Collection and Detection with Flow Data: A Follow Up
Jason Smith

Container Chaos: Docker Security Container Auditing
Chris Huntington

Threat Modeling the Minecraft Way
Jarred White

AppSec Enigma and Mirage - When Good Ideas Can Go Awry
Frank Catucci

The Art of the Jedi Mind Trick
Jeff Man

How to get into ICS security
Mark Heard

The Ransomware Threat: Tracking the Digital Footprints
Kevin Bottomley

InfoSecs in the City - Starting a Successful CitySec Meetup
Johnny Xmas, Fletcher Munson, Chris Carlis, Kate Vajda

Ever Present Persistence - Established Footholds Seen in the Wild
Evan Pena, Chris Truncer

Forging Your Identity: Credibility Beyond Words
Tim Roberts, Brent White

IAM Complicated: Why you need to know about Identity and Access Management
Ron Parker

Put a Sock(et) in it: Understanding and Attacking Sockets on Android
Jake Valletta

Track 1

Penetrating the Perimeter - Tales from the Battlefield
Phil Grimes

Navigating the FDA Recommendations on Medical Device Security _ and how they will shape the future of all IoT
Jake "malwarejake" Williams

Detecting the Undetectable: What You Need to Know About OSINT
Jerod Brennen

Why I quit my dream job at Citi - A data centric approach to key management
Mike Bass

Fail Now _ So I Don't Fail Later "A look into security testing and training methodologies"
Deral Heiland

Putting the Intelligence back in Threat Intelligence
Edward McCabe

All Your Door Belong To Me: Attacking Physical Access Systems
Valerie Thomas

The Humanity of Phishing Attack and Defense
Aaron Higbee

The Node.js Highway: Attacks Are At Full Throttle
Joshua Clark

Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway

Understanding Attacker'�s use of Covert Communications
Chris Haley

InfoSec Productization
David Kennedy

Track 2

Future of Information Security Governance, Risk and Compliance
Max Aulakh, Bill Lisse

How Experts Undermine Your Forensic Evidence
Matthew Curtin

Datacenter Security Virtualized
John Michealson

Embracing the Cloud
Lisa Guess

"It was the best of logs, it was the worst of logs" - Stories through Logging
Tom Kopchak

Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities via Hardware Reverse Engineering
Stephen Halwes, Timothy Wright

PKI-Do You Know Your Exposure?
Kent King

No Tradeoffs: Cloud Security and Privacy Don't Need to Be at Odds
Jervis Hui

Today's Threat Landscape
Dean Shroll

6 Critical Criteria For Cloud Workload Security
Sam Herath

Track 2

Educating the Board of Directors
Bob West

Burp Collaborator: The Friend You Didn't Know You Needed
Jon Gorenflo

Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger

Threat Modeling for Secure Software Design
Robert Hurlbut

IAST Deep Dive: Understanding Interactive Application Security Testing
Ofer Maor

Building an Application Security Program
Mike Spaulding

Formal Verification of Secure Software Systems
Aaron Bedra

AppSec without additional tools
Jason Kent

Leveraging your APM NPM solutions to Compliment your Cyber Defense Strategy
Ken Czekaj, Robert Wright

Artificial Intelligence Real Threat Prevention
Art Hathaway

Defending the Next Decade - Building a Modern Defense Strategy
Mark Mahovlich

Track 3

Security vs Compliance in Healthcare
Sean Whalen

How to Secure Things & Influence People: 10 Critical Habits of Effective Security Managers
Chris Clymer, Jack Nichelson

Economically Justifying IT Security Initiatives
Ruben Melendez

Cross Industry Collaboration
Helen Patton

Third Party Risk Governance - Why and How
Jeffrey Sweet

IT Data Analytics: Why the cobbler's children have no shoes
Carolyn Engstrom

BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce risk
Steven Keil

Disaster Recovery and Business Continuity -_It'�s never so bad that it can'�t get worse
Valerie Thomas, Harry Regan

Cybersecurity Act of 2015 and Other Hot Privacy and Cybersecurity Topics
Heather Enlow, Chris Ingram

The Legal Perspective on Data Security for 2016
Dino Tsibouris, Mehmet Munur

The Legal Perspective on Data Security for 2016
Mehmet Munur, Dino Tsibouris

Track 4

Gamify Awareness Training: Failure to engage is failure to secure
Michael Woolard

Office 365 Security and Compliance Cloudy Collaboration - Really?
Robert Brzezinski

State of Security and 2016 Predictions
Jason Samide

A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs

Risk Management: Tactics to Move From Decision to Execution
Tremayne (Tre) Smith

Incident Response - No Pain No Gain!
Jim Wojno

Building an OSS CI/CD Security Toolchain
Kevin Glavin

A Touch(ID) of iOS Security
James (Jamie) Bowser

Track 5

Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski

You're measuring all the wrong things - information security metrics
Shawn Sines

Why Cybercriminals Are "Following The Money" Into Online Video Games
Matthew Cook

Security Certifications - are they worth it, and which ones are right for you?
William Diederich

Information Security Metrics - Practical Security Metrics
Jack Nichelson

The CONfidence of Things
John Robinson

Who is Winning?
Gary Sheehan

Security analytics journey - a year's lesson learned.
Mike Schiebel

Track 6

Integrated Software in Networking _ the Mystery of SDN
Oliver Schuermann

Securing our Future: Lessons From the Human Immune System
Gavin Hill

Have you tied together your IAM and Information Security Incident Management Program?
Joseph Greene

Compliance and Security: Building a Cybersecurity Risk Management Program
Jason Harrell

Don't try this at home! (Things not to do when securing an organization)
Jessica Hebenstreit

CISO for an Hour
Keith Fricke

Apple v. DOJ: Privacy in Today's Enterprise
Justin Harvey

Myths of Cloud Security Debunked!
Bil Harmer

Cyber Security - Super Bowl 50
Jim Libersky

CypherCon 2016 Videos
These are the videos from the Cyphercon 2016 conference. Thanks to Michael Goetzman for having me out to record.

CYPHERCON's Opening Ceremony Begins!
Korgo

Security Control Wins & Fails
Jason Lang

Offensive Wireless Tactics "used in DEFCON 23�s Wireless CTF"
Eric Escobar

China"s Hackers and Cyber Sovereignty
Lieutenant Colonel Bill Hagestad II

You're Right, This Sucks
J0hnnyxm4s & Lesley Carhart

No encrypted data on this drive; just pictures of my cat
Parker Schmitt

Curry and TARTS
JP SMITH

All your Wheaties belong to us. Removing the basics that humans need for survival.
Chris Roberts

CYPHERCON I Conference Begins!
Korgo & The CYPHERCON PuzzleMaster Speaks
BeLouve

P.I.S.S.E.D. Privacy In a Surveillance State, Evading Detection
Joe Cicero

Bypassing Encryption by Attacking the Cryptosystem Perimeter
Trenton Ivey

Hypervault Demo
& HTTP and SSH Tunneling
Caleb Madrigal

Quantum Computation and Information Security
David Webber

Medical Devices: Pwnage & Honeypots
Scott Erven

ESPIONAGE - A WEAPON DURING THE COLD WAR
Werner Juretzko

Keynote
Eddie Mize (Not recorded)

Managing Elevated Privileges in the Enterprise Environment
Erik Burgess

Food Fight
Wolfgang Goerlich (Not recorded)

Where to start when your environment is F*(k3d
Amanda Berlin

Building an Application Security Program
Mike Spaulding

The Art of the Jedi Mind Trick
Jeff Man

Securing Docker Instances
Chris Huntington

ClientHacking: How a chef uses OSINT and SE to make more money.
OneManicNinja

BSides San Francisco 2016 Videos
These are the videos from the BSides San Francisco conference. Special thanks to Mike & Doug for having me out, Steen, Zappo & Jeremy for their house AV work, and n0ty3p, Forest, Nick, James & others I'm forgetting for their help recording

Track 1

Keynote: A Declaration of the Independence of Cyberspace
John Perry Barlow

The Tales of a Bug Bounty Hunter
Arne Swinnen

Reverse Engineering the Wetware: Understanding Human Behavior to Improve Information Security
Alexandre Sieira, Matthew Hathaway

Who's Breaking into Your Garden? iOS and OS X Malware You May or May Not Know
Claud Xiao

A year in the wild: fighting malware at the corporate level
Kuba Sendor

Breaking Honeypots for Fun and Profit
Gadi Evron, Dean Sysman, Itamar Sher

Everything Is Awful (And You're Not Helping)
Jan Schaumann

Why it's all snake oil - and that may be ok
Pablo Breuer

Ask the EFF
Kurt Opsahl, Eva Galperin, Andrew Crocker, Shahid Buttar, Cooper Quintin

Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections
Tomer Bitton, Udi Yavo

Sweet Security: Deploying a Defensive Raspberry Pi
Travis Smith

Planning Effective Red Team Exercises
Sean T. Malone

Fraud Detection & Real-time Trust Decisions
James Addison

Fuzz Smarter, Not Harder (An afl-fuzz Primer)
Craig Young

Elliptic Curve Cryptography for those who are afraid of mathematics
Martijn Grooten

APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for
Gadi Evron

Sucker-punching Malware: A Case Study in Using Bad Malware Design Against Attackers
John Bambenek, Hardik Modi

Employee Hijacking: Building a hacktober awareness program
Ryan Barrett, Ninad Bhamburdekar, Dylan Harrington

Track 2

Mainframes? On My Internet?
Soldier of Fortran (not recorded)

Securing the Distributed Workforce
William Bengtson

Hackers Hiring Hackers - How to hack the job search and hack talent
IrishMASMS (not recorded)

Scan, Pwn, Next! - exploiting service accounts in Windows networks
Andrey Dulkin, Matan Hart

Guest to root - How to Hack Your Own Career Path and Stand Out
Javvad Malik

IoT on Easy Mode (Reversing Embedded Devices)
Elvis Collado

In the crosshairs: the trend towards targeted attacks
Lance Cottrell

Developing a Rugged DevOps Approach to Cloud Security
Tim Prendergast

Digital Intelligence Gathering: Using the Powers of OSINT for Both Blue and Red Teams
Ethan Dodge, Brian Warehime

Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness
Alex Pinto

The Ransomware Threat: Tracking the Digital Footprints
Kevin Bottomley

Access Control in 2016 - deep dive
Dr. Ulrich Lang

Using Behavior to Protect Cloud Servers
Anirban Banerjee

The Art of the Jedi Mind Trick
Jeff Man

Mobile App Corporate Espionage
Michael Raggo

Advanced techniques for real-time detection of polymorphic malware
Ajit Thyagarajan

Ode to the Node

Hack all the things - Exploiting and fixing IoT

Sharepoint Hacking

Hacker Jeopardy

Opening Keynote
Jack Daniel

Hacking Peoples' Lives with Google Sync
Shawn Edwards, Sean Hopkins

Slaying Rogue Access Points with Python and Cheap Hardware
Gabriel Ryan

Web shells as a covert channel
Joe Vest

A practical approach to deploying Data Loss Prevention
Jon Damratoski

Afternoon Keynote: TSA Luggage Locks: Details, Flaws & Making The Best Of A Bad Lock
Adrian Crenshaw

Threat Modeling the Minecraft Way
Jarred White

At the mountains of malware: Lessons learned from analyzing terabytes of malware
Wes Widner

History of WRT and Wireless Mesh protocols.
Alex Kot

BSides Closeout
Paul Coggin

Keynotes

Keynote Thomas Drake
Thomas Drake

Offence

Where Did All My Data Go
Deral Heiland

Developers: Care and Feeding
Bill Sempf

Open Secrets of the Defense Industry: Building Your Own Intelligence Program From the Ground Up
Sean Whalen

The Economics of Exploit Kits & E-Crime
Adam Hogan

Hacking Corporate Em@il Systems
Nate Power

All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches
Valerie Thomas & Harry Regan (Not recorded)

Defense

Establishing a Quality Vulnerability Management Program without Wasting Time or Money
Zee Abdelnabi (not posted)

Practical DLP Deployment for your Organization
Jon Damratoski

The Good The Bad and The Endpoint Protection
Joseph Ciaravino

Securing Docker Instances
Chris Huntington

Better SIEM Notifications - Making Your SIEM Situationally Aware
Jesse Throwe

Social Media Correlation of Credit Card Fraudsters
Chris Cullison & CW Walker

Special Teams

Removing Barriers of Diversity in Information Security
Helen Patton & Connie Matthews

Panel Discussion: InfoSec Trends, Talent Management, and Retention
Michael Butts, AJ Candella & Megan Wells

Indecision and Malformed Conclusions: The things that stifle security improvement and what can be done about them.
Tyler Smith

Gamify Awareness Training: Failure to engage is failure to secure
Michael Woolard

The Long and Winding Road: An InfoSec Career Panel
Lonnie Kelley & Valerie Thomas

The Pineapple is dead..Long live the Pineapple
David Young

Opening Red Team Upgrades Using SCCM for Malware Deployment Matt Nelson (@enigma0x3)

Jailbreaking a Digital Two-Way Radio Travis Goodspeed (@travisgoodspeed)

CheapBugs.Net - Low-End Bug Bounties for the Masses Dean Pierce (@deanpierce)

Failure to Warn You Might Get Pwned Wendy Knox Everette (@wendyck)

GreatFET, a Preview Michael Ossmann (@michaelossmann)

Fuck You, Pixalate! @da_667

DNS C&C Ron Bowes (@iagox86)

SecureWV 2015 Videos
These are the videos of the presentations from Secure West Virginia 2015.

Building a Cantenna
Ed Collins

Dropping Docs on Darknets Part 2 Identity Boogaloo
Adrian Crenshaw

Network Segmentation - Some new thoughts
Mark Jaques and Brandon Schmidt

Security Onion
Brandon Schmidt

Drones
Mike Lyons

The Lemonaid Pomegranite, basics of security in a digital world
Tim Sayre

My Little P0ny: What you can do with 20 lines of code and an open machine
Mark Jaques and Brandon Schmidt

And now for something completely different, security at Top O Rock
Tim Sayre

The Art of Post-Infection Response and Mitigation
Caleb J. Crable

Documenting With ASCIIDOC
Jeff Pullen

The Core of Cybersecurity: Risk Management
Josh Spence

The Unique Challenges of Accessing Small and Medium Sized Organizations
Bill Gardner

OpenNSM, ContainNSM, and Docker
Jon Schipp

Here is your degree. Now what?
Shawn Jordan

Wolf in shell's clothing, why you should be skeptical of your trusted tools
Jeff Pullen

Opening Keynote - Mike Rothman

Dennis Hurst - Application Security in an Agile SDLC

Wendy Nather - How Google turned me into my mother: the proxy paradox in security

Chris Boykin - Mobile Threat Prevention

Adrian Crenshaw - Dropping Docs on Darknets Part 2: Identity Boogaloo

Julian Dunning - Kraken: The Password Devourer

Trey Ford - Maturing InfoSec: Lessons from Aviation on Information Sharing

Richard Peters and Matthew Roth - Parasyste: In search of a host

Lunch/ISACA Session

Damon Small - Connections: From the Eisenhower Interstate System to the Internet

Rich Cannata - Arm Your Endpoints

Anthony Blakemore - Removing the Snake Oil From Your Security Program

Erik Freeland - Does SDN Mean Security Defined Networking?

Danny Chrastil - What I know about your Company

Lunch / Business Skills Workshop

Josh Sokol - The Fox is in the Henhouse: Detecting a Breach Before the Damage is Done

Jason Haddix - How to Shot Web: Better Web Hacking in 2015

Zac Hinkel, Andrew Huie, and Adam Pridgen - Arm Your Endpoints

Dan Cornell - SecDevOps: A Security Pro's Guide to Development Tools

Closing Keynote - Eric Cowperthwaite - Everything I need to know about Information Security, I Learned Shooting Tank Guns

Closing

GrrCON 2015 Videos
These are the videos of the presentations from GrrCON 2015. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Justine, Aaron & Brian) for recording.

Subject matter to be determined by the number of federal agents present in the audience
Chris Roberts

Breaking in Bad (I,m The One Who Doesn,t Knock)
Jayson Street

Process The Salvation of Incident Response - Charles Herring

But Can They Hack?: Examining Technological Proficiency in the US Far Right
Tom Holt

The wrong side of history - everything that is old is new again
Arron Finnon

Poking The Bear
Mike Kemp

The Hitch Hikers Guide to Information Security
Kellman Meghu

Backdooring Git
John Menerick

Spanking the Monkey (or how pentesters can do it better!)
Justin Whithead, Chester Bishop

Adding +10 Security to Your Scrum Agile Environment
tehEx0dus

How I Got Network Creds Without Even Asking: A Social Engineering Case Study
Jen Fox

Shooting Phish in a Barrel and Other Terrible Fish Related Puns
infosystir

This Is All Your Fault
Duncan Manuts

The Safety You Think You Have is Only a Masquerade
Nathan Dragun

Bumper Massage

Security Incident Response
Derek Milroy

Hacking the Next Generation
HealWHans

Findings Needles in a Needlestack: Enterprise Mass Triage
Keven Murphy

Punch and Counter-punch Part Deux: Web Applications
J Wolfgang Goerlich, NerdyBeardo

Application Recon - The Lost Art
Tony Miller

The Hand That Rocks the Cradle: Hacking Baby Monitors
Mark Stanislav

Software Security IWR
Thomas "G13" Richards

Cyber 101 - Upstaring your career in a leading industry
Johnny Deutsch

Understanding and Improving the Military Cyber Culture
Dariusz Mikulski

Harness the Force for Better Penetration Testing
Patrick Fussell

Targeted Attacks and the Privileged Pivot
Mark Nafe

Shell scripting live Linux Forensics
Dr. Phil Polstra

Can you patch a cloud?
Scott Thomas

Is it EVIL?
Chaoticflaws 

Submerssion Therapy

Ticking me off: From Threat Intel to Reversing
Juan Cortes

Securing Todays Enterprise WAN
Andy Mansfield

Footprints of This Year's Top Attack Vectors
Kerstyn Clover

Phones and Privacy for Consumers
Matt Hoy (mattrix) and David Khudaverdyan (deltaflyer)

Path Well-Traveled: Common Mistakes with SIEM
Nick Jacob

How compliance doesn't have to suck�.at least totally
Robert Carson & Bradley Stine

What is a cloud access broker and do I need one?
Tom Doane

Security Frameworks: What was once old is new again
Brian Wrozek

Attacks Against Critical Infrastructures Weakest Links
Jonathan Curtis

Wireless Intrusion Detection Systems with the Raspberry Pi
Chris J

No One Cares About Your Data Breach Except You ... And Why Should They?
Joel Cardella

Nexum FireEye Keynote Advesarial Paradigm Shift
Che Bhatia and Artie Crawford

Compromise Analysis - Why
we're seeing so many breaches
Dave Kennedy
Founder of TrustedSec

What to Expect When You're Expecting a Pentest
Martin Bos

Memory Acquisition in Digital Forensics and Incident Response
Jason Hale

Visualizing Complex Cyber Compliance Data Using Big Data Tools
Max Aulakh

Hacking Web Apps with Style: Path Relative Style
Jeremy Druin

TSA Luggage Lock Duplication
Adrian Crenshaw

Cloud Device Insecurity
Jeremy Brown

How the Cloud Drives Better Security
Kevin Peterson

Heartbleed, ShellsShock, and Poodles
Jason Gillam

Using Gamification in Security Awareness Training
Brandon Baker

More Technology, More People, No Process
Mike Robinson

Preventing Common Core Pen Tests
Nathan Sweaney

Ashley Madison Breach
Jeff Jarecki

Integrating Mobile Devices into Your Pen-Testing
Georgia Weidman

Home Depot vs The World
Rodney Hampton
 

Welcome to the Family - Intro

Jordan Harbinger Keynote

Information Security Today and in the Future
HD Moore - Ed Skoudis - John Strand - Chris Nickerson - Kevin Johnson - Katie Moussouris hosted by David Kennedy

The M/o/Vfuscator - Turning 'mov' into a soul-crushing RE nightmare - Christopher Domas

AND YOU SHALL KNOW ME BY MY TRAIL OF DOCUMENTATION - Jason Scott

Red vs. Blue: Modern Active Directory Attacks & Defense - Sean Metcalf "@PyroTek3"

Metasploit Town Hall - David Maloney "thelightcosine" - James Lee "egyp7" - Tod Beardsley "todb" - Brent Cook "busterbcook"

$helling out (getting root) on a 'Smart Drone' - Kevin Finisterre - solo ape

Phishing: Going from Recon to Creds - Adam Compton - Eric Gershman

APT Cyber Cloud of the Internet of Things - Joey Maresca (@l0stkn0wledge)

Stealthier Attacks and Smarter Defending With TLS Fingerprinting - Lee Brotherston

Honeypots for Active Defense - Greg Foss

Manufactorum Terminatus - The attack and defense of industrial manufacturers - Noah Beddome - Eric Milam

High Stake Target: Lo-Tech Attack - Bill Gardner "oncee" - Kevin Cordle

Operating in the Shadows - Carlos Perez "darkoperator"

Getting Started with PowerShell - Michael Wharton "MyProjectExpert"

 When A Powerful Platform Benefits Both Attackers And Defenders: Secure Enhancements To Scripting Hosts In Windows 10 - Lee Holmes

A deep look into a Chinese advanced attack. -Michael Gough - "HackerHurricane"

Pavlovian Security: How To Change the Way Your Users Respond When the Bell Rings - Magen Wu (@tottenkoph) - Ben Ten (@ben0xa)

The State of Information Security Today - Jeff Man

Learning through Mentorship - Michael Ortega "SecurityMoey" - Magen Wu "Tottenkoph"

The Law of Drones - Michael "theprez98" Schearer

The Phony Pony: Phreaks Blazed The Way - Patrick McNeil "Unregistered436" - Owen "Snide"

HackerQue - Michael Smith (DrBearSec) - Kyle Stone (Essobi)

Current Trends in Computer Law - Matthew Perry (Mostly no audio)

Spankng the Monkey (or how pentesters can do it better!) - Justin Whitehead "(at)3uckaro0" - Chester Bishop "@chet121"

On Defending Against Doxxing - Benjamin Brown Ajnachakra

Practical Windows Kernel Exploitation - Spencer McIntyre @zeroSteiner

Shooting Phish in a Barrel and other fish related puns - Amanda Berlin

Don't Laugh - I Dare You! - Carl Alexander "DrHaxs"

Marketers Are Friends - Not Food - Kara Drapala

Blue Team Starter Kit - Timothy De Block

Simplified SIEM Use Case Management - Ryan Voloch "VDog90"

Bypassing 2Factor Auth with Android Trojans - Paul Burbage

Putting the Management� into Vulnerability Management� (or - YOU'VE GOT BEARS!!!) - Jesika McEvoy (octalpus)

Moving Target Defense - Learning from Hackers - Sachin Shetty

Malfunction's Functions : Automated Static Malware Analysis using Function Level Signatures - Matthew Rogers - Jeramy Lochner

We Owe You Nothing - Rockie Brockway

Backdooring Git - John Menerick

Detecting phishing attacks with DNS reconnaissance - Mike Saunders

Hacking Web Apps - Brent White

Sticky Honey Pots - Paul J. Vann

Top Ten is Old Skool - Meet the New Age of AppSec - Andrew Leeth

Cryptography and You - Justin Herman

Pwning People Personally - Josh Schwartz "FuzzyNop"

Stagefright: Scary Code in the Heart of Android - Joshua "jduck" Drake

Dec0ding Humans Live - Chris Hadnagy @HumanHacker

Gray Hat PowerShell - Ben Ten (@ben0xa)

WhyMI so Sexy? WMI Attacks - Real-Time Defense - and Advanced Forensic Analysis - Matt Graeber - Willi Ballenthin - Claudiu Teodorescu

Hackers vs. Defenders: Can the defender ever stop playing catch up and win? - Mano Paul "dash4rk"

Medical Devices: Pwnage and Honeypots - Scott Erven "windshield wipers" - Mark Collao

State of the Metasploit Framework - James Lee "egypt"

Credential Assessment: Mapping Privilege Escalation at Scale - Matt Weeks "scriptjunkie1"

Pwning People Personally - Josh Schwartz "FuzzyNop"

Stagefright: Scary Code in the Heart of Android - Joshua "jduck" Drake

Dec0ding Humans Live - Chris Hadnagy @HumanHacker

Gray Hat PowerShell - Ben Ten (@ben0xa)

WhyMI so Sexy? WMI Attacks - Real-Time Defense - and Advanced Forensic Analysis - Matt Graeber - Willi Ballenthin - Claudiu Teodorescu

Hackers vs. Defenders: Can the defender ever stop playing catch up and win? - Mano Paul "dash4rk"

Medical Devices: Pwnage and Honeypots - Scott Erven "windshield wipers" - Mark Collao

State of the Metasploit Framework - James Lee "egypt"

Credential Assessment: Mapping Privilege Escalation at Scale - Matt Weeks "scriptjunkie1"

Mobile Application Reverse Engineering: Under the Hood - Drew Branch - Billy McLaughlin

Introducing the RITA VM: Hunting for bad guys on your network for free with math. - John Strand - Derek Banks - Joff Thyer - Brian Furham

 Breaking in Bad (I'm the one who doesn't knock) - Jayson E. Street

Developers: Care and feeding - Bill Sempf

Fingerprinting the modern digital footprint -  Arian Evans

Surviving your Startup - Bruce Potter
(part of talk missing)

How to ruin your life by getting everything you ever wanted. - Chris Nickerson

Using Windows diagnostics for system compromise - Nicholas Berthaume "aricon"

InfoSec Big Picture and Some Quick Wins - Schuyler Dorsey

Hacking for homeschoolers - Branden Miller

Going AUTH the Rails on a Crazy Train - Tomek Rabczak - Jeff Jarmoc

  Bugspray - The 802.15.4 Attack Surface - Bryan "Crypt0s" Halfpap

Unbillable: Exploiting Android In App Purchases - Alfredo Ramirez

BYPASS SURGERY ABUSING CONTENT DELIVERY NETWORKS WITH SERVER-SIDE-REQUEST FORGERY (SSRF) FLASH AND DNS - Matthew Bryant (mandatory) - Michael Brooks (rook)

Dynamic Analysis of Flash Files - Jacob Thompson

Attacking Packing: Captain Hook Beats Down on Peter Packer - Vadim Kotov - Nick Cano

Johnny Long and Henry Wanjala - HFC Update

HARdy HAR HAR HAR: HAR File Collection and Analysis for Malware - Robert Simmons "Utkonos"

Stacking the Virtual Deck: Attacks by Predicting RNGs - Adam Schwalm

Homebrewing for Hackers - Benjamin Holland - Amber Aldrich

Stealthy and Persistent Back Door for Z-Wave Gateways - Jonathan Fuller and Ben Ramsey

Building a Better Honeypot Network - Josh Pyorre

Surveillance using spare stuff - Matt Scheurer "Cerkah"

Crypto 101: An Intro To Real-World Crypto - Adam Caudill

Practical Attacks Against Multifactor - Josh Stone

Hacking the Next Generation - David Schwartzberg

The Human Interface Device Attack Vector: Research and Development - Alexander Livingston Segal

A survey of Powershell enabled malware - Tyler Halfpop

Tool Drop: Free as in Beer - Scot Berner - Jason Lang

Tactical Diversion-Driven Defense - Greg Foss - Thomas Hegel

Windows 10 Defense in Depth - Eddie David

Latest Tools in Automotive Hacking - Craig Smith

Ansible. And why it works for me. - Charles Yost

Learning Mainframe Hacking: Where the hell did all my free time go? - Chad Rikansrud "Bigendian Smalls (BeS)""

Intercepting USB Traffic for Attack and Defense - Brandon Wilson

Geeks Need Basements! - Kathleen Veach

Intro to x86 - Stephanie Preston

Spy Vs. Spy: How to Use Breakable Dependencies to Your Advantage - Stacey Banks - Anne Henmi

Is That a Router in Your Pocket or are You Trying to P0wn Me? - Michael Vieau - Kevin Bong

The little-known horrors of web application session management - Matthew Sullivan

Practical hardware attacks against SOHO Routers & the Internet of Things - Chase Schultz "f47h3r"

Stretching the Sandbox with Malware Feature Vectors - Mike Schladt

Gnuradio demystifying rf black magic - Matthew O'Gorman "mog"

Beyond Bad IP Addresses Hashes and Domains - Ed McCabe

DNS Miner - A semi-automatic Incident response and threat intelligence tool for small - over worked security teams - Doug Leece - AJ Leece

Larry Pesce - My password cracking brings all the hashes to the yard..

Intrusion Hunting for the Masses - A Practical Guide - David Sharpe

How I Stopped Worrying and Learned To Love InfraOps - Karthik Rangarajan (krangarajan) - Daniel Tobin (dant24)

Blue Team Army - It's *your* network - defend it! - Mick Douglas - Jamie Murdock

LongTail SSH Attack Analysis - Eric Wedaa

Hunting Unicorns and Jerks - Irrational - Defensible - or Necessary? - Steve Werby

The problems with JNI obfuscation in the Android Operating System - Rick Ramgattie

PHaaS - Phishing as a Service - Raymond Gabler

Circles & Boxes - Drawing SecArch into your program - Chris Robinson

Disecting Wassenaar - Tyler Pitchford

Five Hardware Hacking Projects Under $30 - Kevin Bong - Michael Vieau

Confessions of a crypto cluster operator - Dustin Heywood "EvilMog"

Voltron: Defender of your inferiors - Richo Healey "richo"

Malware is hard. Let's go Shopping! - Richard Wartell "wartortell"

The Pentesters Framework (PTF) - The easy way to roll your own distro. - Dave Kennedy (HackingDave)

Hack my Derby - Nate Lager

Closing Ceremonies

Keynotes

Welcome
Major General Fogarty

Keynote
Ed Skoudis

Blue Team Track 1

Fundamental Understanding of Baseline Analysis and Remediation for Industrial Control Systems
Juli Joyner and Jeffrey Medsger

Taking a Distributed Computing Approach to Network Detection with Bro and �The Cloud�
Mike Reeves

 A Scout's Perspective on Network Defense
Justin Edgar

Doomsday Preppers: APT Edition
Tanner Payne

Building a Better Security Analyst Using Cognitive Psychology
Chris Sanders

Viper Framework for Malware Analysis
Paul Melson

Infiltrating C2 Infrastructure
Tim Crothers

Building �Muscle Memory� with Rekall Memory Forensic Framework
Alissa Torres

The Blue Team Starter Kit
Timothy De Block

Red Team Track

Using a HackRF One to Infiltrate the Digital Thetford Wall
Patrick Perry

Malvertizing Like a Pro
Alex Rymdeko-Harvey

Weaponizing our youth: The Case for Integrated Cyber Ethics
Josh Rykowski

Making Everything Old New Again
Andrew Cole and Rich Moulton

DIY Vulnerability Discovery with DLL Side Loading
Jake Williams

Recon-ng and Beyond
Tim Tomes

Attacking OWASP - Exploiting the Top 10
David Coursey

Blue Team Track 2

Go Hack Yourself
Jason Frank

2015 - It's not over yet�
Joel Esler

How to Get Into ICS Security
Chris Sistrunk

Destruction as a Service: Security Through Reanimation
Jon Medina

The Programmatic Evolution of Technology Defense.
Roland Cloutier

Lessons Learned from Analyzing Terabytes of Malware
Wes Widner

Welcome and Introduction
Josh Ohmer - President, BSidesCincy

Lateral Movement
Harlan Carvey

Automated Detection Strategies
John Davison

Powershell for Incident Responders
Jesse Lands

Cyber Intelligence: Concrete Analysis in a Fluid World
Coleman Kane

The Response-Ready Infrastructure
Justin Hall

A Distributed Computing Approach for Network Detection
Mike Reeves

The Value of a Simple DLP Program
Chris Tyo

Keynote

Information Security Reconciliation: The Scene and The Profession
Mark Stanislav

Track 1

Level One: How To Break Into The Security Field
Aaron Moffett

Hacker High - Why We Need To Teach Computer Hacking In Schools
Ron Woerner

Getting Started - Help Me Help You
David Trollman

From Blue To Red - What Matters and What (Really) Doesn't
Jason Lang

Clear as F.U.D.: How fear, uncertainty, and doubt are affecting users, our laws, and technologies
Christopher Maddalena

Data Breaches: Simply The Cost Of Doing Business
Joel Cardella

Eating the SMB Security Elephant - An ITSEC framework for small IT shops
Austen Bommarito
 

Track 2

Enterprise Class Vulnerability Management Like A Boss
Rockie Brockway

Funny Money: What Payment Systems Teach us about Security
Drew Sutter

Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in business
Steven Legg

Moving past Metasploit: Writing your first exploit
Calvin Hedler

Wielding BurpSuite: quick-start your extensions and automation rules
Marius Nepomuceno

Browser and Windows Environment Hardening
Kurtis Armour

Keynotes

Hacking To Get Caught - Keynote
Raphael Mudge

Breaking in Bad (I'm the one who doesn't knock)
Jayson E. Street

Track 1

Weaving Security into the SDLC
Bill Sempf

If My CI/CD Teams have Time for Security, So Does Yours
Kevin Poniatowski

Adaptive Monitoring and Detection for Todays Landscape
Jamie Murdock

Threat Intelligence - A Program Strategy Approach
Jenn Black

Cymon: New Cyber Monitoring Tool
Roy Firestein

That's NOT my RJ45 Jack! | IRL Networking for Humans Pt. 1
Johnny Xmas

On Defending Against Doxxing
Benjamin Brown

Hiding in the ShaDOS
Richard Cassara

Security Culture in Development
Wolfgang Goerlich

Cracking and fixing REST services
Bill Sempf

PVCSec Live!

Clientless Android Malware Control
David Schwartzberg

Who Watches the Watchers? Metrics for Security Strategy
Michael Roytman

How to Dress Like a Human Being | IRL Networking for Humans Pt. 2
Johnny Xmas

Soft Skills for a Technical World
Justin Herman

The Domain Name System (DNS) - Operation and Security
Tom Kopchak

Homebrew Censorship Detection by Analysis of BGP Data
Zach Julian

Four Pillars: Passion, Vision, Communication, Execution
Edgar Rojas

Excuse me while I BURP
Steve Motts

Public Recon: Why Your Corporate Security Doesn't Matter
Ronald Ulko (Not recorded)

Building the team for a successful SOC
Donald Warnecke

The Path Well-Traveled: Common Mistakes Encountered with SIEM
Nick Jacob

I failed, therefore I succeeded
Zee Abdelnabi (Not recorded)

 Adventures in Communication: Taming the C-Suite and Board
Jim Beechey

Under the Unfluence: the Dark Side of Influence
Ron Woerner

Application Security Awareness: Building an Effective and Entertaining Security Training Program
Chris Romeo

10 Reasons Your Security Education Program Sucks
Kris French Jr

Shooting Phish in a Barrel and other bad fish puns
Amanda Berlin

Process - The Salvation of Incident Response
Charles Herring

Gray Hat PowerShell
Ben Ten

Secret Pentesting Techniques
Dave Kennedy

Of History & Hashes
Adrian Crenshaw

hacker-ng: Farming the Future IT Crowd
Phil Grimes (th3grap3ap3)

Lawyer's Perspective On Data Security Breaches
Dino Tsibouris

Track 1

Morning Keynote
Jack Daniel

Metasploit & Windows Kernel Exploitation
Spencer McIntyre zeroSteiner

PwnDrone: The Modern Airborne Cyber Threat
Devin Gergen @DevinGergen

Afternoon Keynote
So You Want To Be An Infosec Rockstar?
Chris Nickerson

Why the Web is Broken
Bill Sempf @sempf

Outside the Box
David Kennedy Larry Spohn @HackingDave, @Spoonman1091

The Entropy of Obfuscated Code
Adam Hogan @adamwhogan

Track 2

Why the foundation of security is broken.
Alex Kot

Desired State Configuration (DSC): Dream Tool or Nightmare for Security Baseline and Configuration Management
Zack Wojton Wayne Pruitt zbirdflipper

Common Sense Security Framework
Jerod Brennen @slandail

Secure Test Driven Development: Brakeman, Gauntlet, OWASP and the Work Still to Be Done
Ricky Rickard rrickardjr

Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in business
Steven Legg ZenM0de

Building a Threat Intelligence Program
Edward McCabe @edwardmccabe

Phishing Without Ruby
Brandan Geise Spencer McIntyre coldfusion39

Security Not Guaranteed - Or, how to hold off the bad guys for another day.
James Gifford Elijah Snow-Rackley @jrgifford

Cleveland Locksport
Jeff Moss Doug Hiwiller, Damon Ramsey jeffthemossman

Augmenting Mobile Security and Privacy Controls
Brian Krupp @briankrupp

Track 3

DIY Hacker Training, a Walkthrough
Warren Kopp warrenkopp

Quick-start your Burp Suite extensions (Jython) and automation.
Marius Nepomuceno

Flourishing in a Hostile Work Environment
Dennis Goodlett

Defense in Depth - Your Security Castle
Tom Kopchak @tomkopchak

EMET Overview and Demo
Kevin Gennuso @kevvyg

10 Reasons Your Security Education Program Sucks
Kris French Jr @Turtl3Up

Call of Duty: Crypto Ransomware
Brett Hawkins @hawkbluedevil

Closing

Track 1

Opening Ceremonies

Keynote
SpaceRogue

Rethinking the Trust Chain: Auditing OpenSSL and Beyond
Kenneth White

Actionable Threat Intelligence, ISIS, and the SuperBall
Ian Amit

Security Culture in Development
Wolfgang Goerlich

Simulating Cyber Operations: "Do you want to play a game?"
Bryan Fite

Hacking IIS and .NET
Kevin Miller

User Awareness, We're Doing It Wrong
Arlie Hartman

Departmentalizing Your SecOps
Tom Gorup

Shooting Phish in a Barrel and Other Terrible Fish Related Puns
Amanda Berlin

ZitMo NoM - Clientless Android Malware Control
David Schwartzberg

Data Loss Prevention: Where do I start?
Jason Samide

Reducing Your Organization's Social Engineering Attack Surface
Jen Fox

1993 B.C. (Before Cellphones)
Johnny Xmas

Building a Comprehensive Incident Management Program
Owen Creger

 Is that a PSVSCV in your pocket
Jake Williams

Analyzing the Entropy of Document Hidden Code
Adam Hogan

Making Android's Bootable Recovery Work For You
Drew Suarez

Does anyone remember Enterprise Security Architecture?
Rockie Brockway

Malware Armor
Tyler Halfpop

Closing Ceremonies

Track 2

Ruby - Not just for hipster
Carl Sampson

Configure your assets, save your butt
Caspian Kilkelly

Digital Supply Chain Security: The Exposed Flank
Dave Lewis

I Amateur Radio (And So Can You)
Kat Sweet

Wireless Intrusion Detection System with Raspberry Pi
Chris Jenks

The Answer is 42 - InfoSec Data Visualization (Making Metric Magic & Business Decisions)
Edward McCabe

Running Away from Security: Web App Vulnerabilities and OSINT Collide
Micah Hoffman

Lessons Learned from Implementing Software Security Programs
Todd Grotenhuis

Stupid Pentester Tricks - OR - Great Sysadmin Tips! - Done in style of Rocky and Bullwinkle
Alex Fernandez-Gatti / Matt Andreko / Brad Ammerman (not to be posted)

Findings to date.
Cameron Maerz

Clean Computing: Changing Cultural Perceptions
Emily Peed (No Sound)

From Parking Lot to Pwnage - Hack?free Network Pwnage
Brent White / Tim Roberts

PlagueScanner: An Open Source Multiple AV Scanner Framework
Robert Simmons

How not to Infosec
Dan Tentler

Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in business
Steven Legg

Hacking the Jolla: An Intro to Assessing A Mobile Device
Vitaly McLain / Drew Suarez
 

Track 3

Operationalizing Yara
Chad Robertson

An Inconvenient Truth: Security Monitoring vs. Privacy in the Workplace
Ana Orozco

From Blue To Red - What Matters and What (Really) Doesn't
Jason Lang

Using Evernote as an Threat Intelligence Management Platform
Grecs

Surfing the Sea and Drowning in Tabs: An Introduction to Cross-Site Request Forgery
Barry Schatz

Turn Your Head And Cough: Why Architecture Risk Assessments Are Like Being A General Physician
Nathaniel Husted

OBAMAS CYBER SECURITY PLAN DISSECTED
Jonathan Thompson

The Hacker Community is Dead! Long Live the Hacker Community!
Bruce Potter

Square Peg, Round Hole: Developing a Security Culture Within an Enterprise
Jeff Pergal / Stuart McIntosh

Smuggling Plums - Using Active Defnse techniques to hide your web apps from your attackers and their scanners
John Stauffacher

Deploying Honeypots To Gather Actionable Threat Intelligence
James Taliento

Clear as FUD: A look at how confusing jargon and technology can create fear, uncertainty, and doubt
Chris Maddalena

How to Budget for IDS
Brian Heitzman

Reverse Engineering Windows AFD.sys
Steven Vittitoe

Nepenthes: Netpens With Less Pain
Andy Schmitz

Do We Still Need Pen Testing?
Jeff Man
 

Workshops

Lock Picking & Bypass Class

Your Own Worst Enemy Landing Your First Infosec Gig Despite Yourself - Johnny Xmas

Building an Incident Response Program - Lesley Carhart

Security Auditing Android Apps - Sam Bown

ShowMeCon 2015 Videos

Keynotes

Breaking in Bad (I'm the one who doesn't knock)
Jayson Street

Security's Coming of Age: Can InfoSec Mature and Save the World
Dave Chronister

Confessions of a Social Engineer, My Dirty Tricks and How to Stop them.
Valerie Thomas

The Security Trust Chain is Broken: What We're Doing about it
Kenn White

Maturing Information Security - When Compliance doesn't cut it.
Joey Smith

Hunting the Primer: Looking into DarkNet
Aamir Lakhani
 

Left Track

Gray Hat Powershell
Ben0xA

Sensory Perception: A DIY Approach to Building a Wireless Sensor Network
Tim Fowler

Stop The Wireless Threat - Dawn of the Drone
Scott Schober

Automated Static Malware Analysis Using Function-level Signatures or: How I Learned to Stop Worrying and Love the APT
James Brahm, Matthew Rogers, Morgan Wagners

Forensic Artifacts of Host-Guest Interaction in the VMware Environment
Kurt Aubuchon

Enterprise Class Vulnerability Management like a Boss
Rockie Brockway
 

Right Track

HIJACKING LABEL SWITCHED NETWORKS IN THE CLOUD
Paul Coggin

Behind the Hack
Ralph Echemendia

Mobile Forensics and its Anatomy of Extractions
Charline F. Nixon

Building Virtual Pentesting Lab
Kevin Cardwell

That's not my RJ45 jack: IRL networking for Humans
Johnny Xmas

The Great Trojan Demo
Ben Miller

Disco Track

HIPAA 2015: Wrath of the Audit
Hudson Harris

Practical Electronics: Fixing the fan in a post-poop scenario
Evan "treefort" Booth

Of History and Hashes
Adrian Crenshaw

Keynote
Travis Goodspeed

How I've hacked and un-hacked a logic game (20 years to Lights Out)
Gyora Benedek

Finding Bad Guys with 35 million Flows, 2 Analysts, 5 Minutes and 0 Dollars
Russell Butturini

Dumping the ROM of the Most Secure Sega Genesis Game Ever Created: A Reverse Engineering Story
Brandon Wilson (not recorded)

Phishing: Going from Recon to Credentials
Adam Compton, Eric Gershman

Multipath TCP - Breaking Today's Networks with Tomorrow's Protocols
Catherine Pearce

High Performance Fuzzing
Richard Johnson

Cyber Cyber Cyber: Student Security Competitions
Eric Gershman, Raymond Borges

The Impossibility of Protecting the Enterprise at $7.25 an hour
Kevin Thomas

 I've met the enemy information security and it is us
Slade Griffin

The Poetry of Secrets: An Introduction to Cryptography
Eric Kolb

From Broadcast to Totally Pwned
Russel Van Tuyl, Matt Smith

Introducing User-Centered Design to Augment Human Performance in Cyber Warfare
Frank Cohee, Joe Davis

Back to the Future
Neil Desai

Virtualized Routers Soup to Nuts
Jeff Nichols, Benjamin Taylor, Tommy Hardin

Keynote

The Securitized State: Where it came from, where it's going, what can be done about it
Molly Sauter

Track 1

Is Threat Modeling for Me?
Robert Hurlbut

Hacker or criminal? Repairing the reputation of the infosec community.
Melanie Ensign

Running Away from Security: Web App Vulnerabilities and OSINT Collide
Micah Hoffman

Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Program
Paul Asadoorian

Protect Your "Keys to the Kingdom" _ Securing Against the Next Inevitable Cyberattack
Paul Kozlov

In pursuit of a better crypto puzzle
Samuel Erb

Track 2

When penguins attack - Linux's role in the malware ecosystem
Chester Wisniewski

The Benefits in Externalizing DMZ-as-a-Service in the Cloud
Israel Barak

Common misconfigurations that lead to a breach
Justin Tharpe

Applying Big Data technology to security use case
Max Pevzner

Marketing: They're not all Schmucks.
Jen Ellis & Josh Feinblum

Next-Gen Incident Management - Building out a Modern Incident Management Capability
John McDonald

Closing

ISLET (Isolated, Scalable, & Lightweight Environment for Training) - Jon Schipp

Examining Hacktivism: Crime and Punishment in the Digital Age - Bill Gardner/Kim DeTardo-Bora/Amanda Richards

INFOSEC Flash Forward - Changing how we think - Dave Kennedy

Quantum Computing 01100101 - Tess Schrodinger

Introducing Network Scout: Defending the Soft Center of Your Network - Aeadan Somerville/Shawn Jordan

Mutillidae - Jeremy Druin

Quick Intro To Lock Picking - Adrian Crenshaw

OWASP Applied - Elliott Cutright (Not Recorded)

Kevin Cordle - Kevin Cordle (Not Recorded)

Better Threat Intel Through OSint - Frank Hackett

Overview of Darknets - Adrian Crenshaw

BREAKING in BAD (I'm the one who doesn't knock) - Jayson Street

BSides San Francisco 2015 Videos
These are the videos from the BSides San Francisco conference. Special thanks to Doug, Jim, @dgc, 'Grond' <grond66@riseup.net>, @flee74 , Wayne and some others I'm forgetting for their help recording

Track 1

Intro

Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration
Gopal Jayaraman

OSXCollector: Forensic Collection and Automated Analysis for OS X
Ivan Leichtling

DNS Spikes, Strikes, and The Like
Thomas Mathew

Ask the EFF

Your Users Passwords Are Already Stolen
Lucas Zaichkowsky

Analyze This!
Aaron Shelmire
(not recorded)

Medical Device Security - From Detection To Compromise
Scott Erven

How SecOps Can Convince DevOps To Believe In The Bogeyman
Leif Dreizler

Human Hunting
Sean Gillespie

Phighting Phishers Phake Phronts
Kevin Bottomley

Corporate Governance For Fun and (Non)Profit
Christie Dudley

HIPAA 2015: Wrath of the Audits
W. Hudson Harris

Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced Honeynet
Jason Trost

Getting started...help me help you
David Trollman

 

Track 2

Critical Infrastructure: The Cloud loves me, The Cloud loves me not.
Bryan Owen

F*ck These Guys: Practical Countersurveillance
Lisa Lorenzin

Collective Action Problems in Cybersecurity
Allan Friedman

Intrusion Detection in the clouds
Josh Pyorre

Hacker or criminal? Repairing the reputation of the infosec community
Melanie Ensign

Student Surveillance: How Hackers Can Help Protect Student Privacy
Jessy Irwin

When Doing the Right Thing Goes Wrong - Impact of Certificates on Service Based Infrastructure
Robert Lucero

How to Lie with Statistics, Information Security Edition
Tony Martin-Vegue

Ground Zero Financial Services: The Latest Targeted Attacks from the Darknet
Brian Contos

Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency Response
Rakesh Bharania

GitReview - Reflective Control In Action
Jon Debonis

Probing Patches: Beyond Microsoft's ANS
Bill Finlayson (not recorded)

*Blink*: The Network Perimeter is Gone
Rick Farina (Zero_Chaos)

Federating AWS CLI
Paul Moreno

BSides Nashville Intro and
Pondering the False Economy of Secrets
Trey Ford @TreyFord

Applied Detection and Analysis Using Flow Data
Jason A. Smith

Using devops monitoring tools to increase security visibility
Chris Rimondi

The Great Trojan Demo
Ben Miller

Nobody Understands Me: Better Executive Metrics
Michael St. Vincent

So you want to be a pentester?
Not Recorded

We Built This & So Can You!
Tim Fowler

That's NOT my RJ45 Jack!: IRL Networking for Humans
Johnny Xmas

Finding Low Hanging Fruit with Kali
Stephen Haywood

What do infosec practitioners actually do
Slade Griffin

From Parking Lot to Server Room
Tim Roberts and Brent White

N4P Wireless Pentesting: So easy even a caveman can do it
Chris Scott

hashcat
_NSAKEY

Use of Attack Graphs in Security Systems
Not Recorded

Skiddiemonkeys: Fling "stuff" at your Defenses and See What Sticks
Russell Butturini & Joshua Tower
 

Irongeek signing off, time for other projects
Hello everyone. It�s been a great 11 years, but my life and career plans have moved on. I�m moving away from information security and plan to dedicate my life to radical feminism. As such, I won�t have time to maintain this infosec site (working on my PhD in women�s studies takes a lot of time), so please archive Irongeek.com while it is still up. I will be announcing the URLs of my Tumblr, GoFundMe and Patreon pages shortly. Thanks for your support.

Central Ohio Infosec Summit 2015 Videos
These are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record.

Keynotes

We're At War - Why Aren't You Wearing A Helmet?
Bill Sieglein

Ghost In The Shadows - Identifying Hidden Threats Lurking On Our Networks
Deral Heiland

Rebuilding and Transforming and Information Security Function
Susan Koski

InfoSec�s Midlife Crisis & Your Future...
Tsion Gonen

Current Cyber Threats: An Ever-Changing Landscape
Kevin Rojek

Tech 1

IT Isn't Rocket Science
David Mortman

Mind On My Money, Money On My Malware
Dustin Hutchison

Private Cloud Security Best Practices
Mike Greer

Cyber Espianoge - Attack & Defense
Michael Mimoso

Three Years of Phishing - What We've Learned
Mike Morabito

Piercing Your Perimeter, Dodging Detection, and Other Mayhem! a.k.a. Pen Tester Voodoo 101
Mick Douglas

Physical Penetration Testing: You Keep a Knockin' But You Can't Come In!
Phil Grimes

Tech 2

Honeypots for Active Defense - A Practical Guide to Deploying Honeynets Within the Enterprise
Greg Foss

Building Security Awareness Through Social Engineering
Valerie Thomas & Harry Regan

Open Source Threat Intelligence: Building A Threat Intelligence Program Using Public Sources & Open Source Tools
Edward McCabe

Modern Approach to Incident Response
James Carder and Jessica Hebenstreit

Having your cake and eating it too! Deploying DLP services in a Next Generation Firewall Environment
Mike Spaulding

Using Machine Learning Solutions to Solve Serious Security Problems
Ryan Sevy & Jason Montgomery

Electronic Safe Fail
Jeff Popio

Emerging Trends in Identity & Access Management
Robert Block

Building a Successful Insider Threat Program
Daniel Velez

A New Mindset Is Needed - Data Is Really the New Perimeter!
Jack Varney

OWASP

Software Security Cryptography
Aaron Bedra

Threat Analytics 101: Designing A "Big Data" Platform For Threat Analytics
Michael Schiebel

Developers Guide to Pen Testing (Hack Thyself First)
Bill Sempf f

OWASP 2014 - Top 10 Proactive Web Application Controls
Jason Montgomery

GRC

IAM Case Study: Implementing A User Provisioning System
Keith Fricke

Measuring the Maturity of Your Security Operations Capabilities
Clarke Cummings

Exploring the Relationship between Compliance and Risk Management
Mark Curto

Data Loss Prevention - Are You Prepared?
Jason Samide

Compliance vs. Security - How to Build a Secure Compliance Program
Jeff Foresman

Overview and Analysis of NIST Cybersecurity Framework
Sarah Ackerman

The Explosion of Cybercrime - The 5 Ways IT May Be an Accomplice
Mark Villinski

GRC: Governance, Ruses & Confusion
Shawn Sines

Security Directions and Best Practices
Kevin Dempsey

Executive

Data Breach: If You're Not Prepared, You Can't Be Responsive
John Landolfi

Ten Practical Ideas For Creating An Attentive and Supportive Organization: Sales & Marketing For the Security Team
Glenn Miller

Strengthening Your Security Program
Chad Robertson

Presenting Security Metrics to the Board
Nancy Edwards

DREAMR - Obtain Business Partnerships
Jessica Hebenstreit

Security Talent In Ohio - A Discussion
Helen Patton

Silos to Seamless: Creating a Comprehensive Security Program
Jeremy Wittkop

Ascending Everest: Managing Third-Party Risk in the Modern Enterprise
Thomas Eck

And Then The World Changed�Again
Jason Harrell

Corporate Uses for Anonymity Networks
Adam Luck

Going To The Dark Side: A Look Into My Transition From Technologist To Salesman
Aaron Ansari

Building An Industrial Controls Cybersecurity Framework (Critical Infrastructure)
Ernie Hayden

Panel Discussion Insourcing Outsourcing and Hybrid
Helen Patton, Louis Lyons, Greg Franz, Jeffery Sweet, Sassan Attari, Carla Donev, Kent King

Closing

Track 1

Securing The Cloud
Alan Zukowski

Hacking
Chris Berberich

Vendor Induced Security Issues
Dave Chronister

Pentest Apocalypse
Beau Bullock

Kippo and Bits and Bits
Chris Teodorski

The Art of Post-infection Response & Mitigation
Caleb Crable

The Need for Pro-active Defense and Threat Hunting Within Organizations
Andrew Case

Track 2

Ways to Identify Malware on a System
Ryan Irving

Android Malware and Analysis
Shane Hartman

Teaching Kids (and Even Some Adults) Security Through Gaming
Le Grecs

Evaluating Commercial Cyber Threat Intelligence
John Berger

Track 3

Cyber Geography and the Manifest Destiny of the 21st Century
Joe Blankenship

Mitigating Brand Damage From A Cyber Attack
Guy Hagen

What is a security analyst and what job role will they perform
James Risler

Live Forensic Acquisition Techniques
Joe Partlow

Cyber Security Awareness for Healthcare Professionals
Marco Polizzi

Track 1

Real World Threats
Russ Ward

Lock picking, but bypass is easier
Adrian Crenshaw (@irongeek_adc)

The Dark Side Of PowerShell
Joshua Smith

Give me your data!
Dave Chronister

Gods and Monsters: A tale of the dark side of the web
Aamir Lakhani

Sensory Perception: A DIY approach to building a sensor network
Tim Fowler

Hijacking Label Switched Networks in the Cloud
Paul Coggin (@PaulCoggin)

Reverse Engineering Network Device APIs
Dan Nagle (@NagleCode)

Track 2

So Easy A High-Schooler Could Do It: Static malware analysis using function-level signatures
James Brahm, Matthew Rogers, and Morgan Wagner

Pragmatic Cloud Security: What InfoSec Practitioners Have Been Waiting For
Josh Danielson (@JoshGDanielson) and Arthur Andrieu

Developing and Open Source Threat Intelligence Program
Edward McCabe (@edwardmccabe)

Applying User-Centered Design Techniques for Augmenting Human Perception in Cyber Warfare
Frank Cohee

The Great Trojan Demo
Ben Miller

A Virtual SCADA Laboratory for Cybersecurity Pedagogy and Research
Zach Thornton

PlagueScanner: An Open Source Multiple AV Scanner Framework
Utkonos

These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and the guys who manned video rigs.

Keynotes

Breaking Bad
Jayson Street

Cloud and Virtualization Theory
Grauben Guevara
 

Offence

User Behavior Analysis
Matt Bianco

Plunder, Pillage and Print - The art of leverage multifunction printers during penetration testing
Deral Heiland

Common Sense Security Framework
Jerod Brennen

OWASP Mobile Top Ten - Why They Matter and What We Can Do
Ricky Rickard

Defense

Got software? Need a security test plan? Got you covered.
Bill Sempf

Corporate Wide SSL Interception and Inspection
Frank Shaw

How to Rapidly Prototype Machine Learning Solutions to Solve Security Problems
Jason Montgomery

A Basic Guide to Advanced Incident Response
Scott Roberts

Supply and Demand: Solving the InfoSec Talent Shortage
Brandon Allen

Special Teams

Do We Still Need Pen Testing?
Jeff Man

Trolling Attackers for Fun & Profit
Stephen Hosom

Inurl:robots.txt-What are YOU hiding?
David Young

Malware Development as the Evolution of Parasites
Adam Hogan

Snort Beyond IDS: Open Source Application and File Control
Adam Hogan

Shmoocon Firetalks 2015 Videos

Opening - @grecs

PlagueScanner: An Open Source Multiple AV Scanner Framework - Robert Simmons (@MalwareUtkonos)

I Hunt Sys Admins - Will Schroeder (@harmj0y)

Collaborative Scanning with Minions: Sharing is Caring - Justin Warner (@sixdub)

Chronicles of a Malware Hunter - Tony Robinson (@da_667)

SSH-Ranking - Justin Brand (@moo_pronto)

Resource Public Key Infrastructure - Andrew Gallo (@akg1330)

Bash Scripting for Penetration Testers
Lee Baird

Intro to PowerShell Scripting for Security

ISLET: An Attempt to Improve Linux-based Software Training
Jon Schipp

Remote Phys Pen: Spooky Action at a Distance
Brian Martin

Introducing Network-Scout: Defending The Soft Center of Your Network

Using the techniques of propaganda to instill a culture of security
Justin Rogosky

Identify Your Web Attack Surface: RAWR!
Tom Moore, Adam Byers

Gone in 60 minutes _ Practical Approach to Hacking an Enterprise with Yasuo
Saurabh Harit, Stephen Hall

Check Your Privilege(s): Futzing with File Shares for low hanging fruit
Adrian Crenshaw

DERP - Dangerous Electronic Redteam Practices
Luis Santana

When Zombies take to the Airwaves

I Am Nation State (And So Can You!)
tothehilt, SynAckPwn

GrrCON 2014 Videos
These are the videos of the presentations from GrrCON 2014. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Steve, Ian, Justine, and other Chris) for recording.

T-Rex

Around the world in 80 Cons (A tale of perspectives)
Jayson E Street

Infosec in the 21st century
Tim Crothers

Securing our Ethics: Ethics and Privacy in a Target-Rich Environment
Kevin Johnson

Social Engineering Can Kill Me, But It Can�t Make Me Care
Gavin �Jac0byterebel� Ewan

Finding Our Way - From Pwned to Strategy 
David Kennedy (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Emulate SandBox and VMs to avoid malware infections
Jordi Vazquez (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Security Hopscotch
Chris Roberts (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Email DLP: Simple concept, often poorly implemented
c0rrup7_R3x (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Look Observe Link (LOL) - How I learned to love OSINT
NinjaSl0th (Half lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

ZitMo NoM
David �HealWHans� Schwartzberg

Bigger Boys Made Us
Mike Kemp

Full Douchesclosure
Duncan Manuts

Finux�s Historical Tour Of IDS Evasion, Insertions, and Other Odditie
Arron �Finux� Finnon
 

Velociraptor

Beating the Infosec Learning Curve Without Burning Out
Scott �secureholio� Thomas

Picking Blackberries
Thomas 'G13' Richards

Exercising with Threat Models
J Wolfgang Goerlich

Seeing Purple: Hybrid Security Teams for the Enterprise
B31tf4c3

CryptoRush - Rising from the Ashes
King Dragon

Autonomous Remote Hacking Drones
Dr. Phil Polstra

Proof That Windows Computer Forensics is Sexy
Kyle �Chaoticflaws� Andrus

BioHacking: Becoming the Best Me I Can Be
Leonard

Vulnerable By Design - The Backdoor That Came Through the Front
Matthew �mandatory� Bryant

OAuth2.0 - It�s the Implementation Stupid!!
Tony Miller

Breach Stains
Matt �The Streaker� Johnson

Are you a janitor, or a cleaner?
John �geekspeed� Stauffacher & Matthew �Mattrix� Hoy

PCI and Crypto: The Good, The Bad, and The Frankly Ugly
Robert Former
 

Stegosaurus

Advanced Threats and Lateral Movement 
Terrance Davis

Adopting a Risk-based Threat Model to Secure Your Defenses and Regain Control of Your Critical Data
Todd Bursch

New World, New Realities: Endpoint threat Detection, Response and Prevention
Brian Orr

Reducing Your Organization�s Social Engineering Attack Surface
Jen Fox

Memory Forensics with Hyper-V Virtual Machines
Wyatt Roersma