A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:




            Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.


News/Change Log


Central Ohio Infosec Summit 2015 Videos
These are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record.


We're At War - Why Aren't You Wearing A Helmet?
Bill Sieglein

Ghost In The Shadows - Identifying Hidden Threats Lurking On Our Networks
Deral Heiland

Rebuilding and Transforming and Information Security Function
Susan Koski

InfoSec’s Midlife Crisis & Your Future...
Tsion Gonen

Current Cyber Threats: An Ever-Changing Landscape
Kevin Rojek

Tech 1

IT Isn't Rocket Science
David Mortman

Mind On My Money, Money On My Malware
Dustin Hutchison

Private Cloud Security Best Practices
Mike Greer

Cyber Espianoge - Attack & Defense
Michael Mimoso

Three Years of Phishing - What We've Learned
Mike Morabito

Piercing Your Perimeter, Dodging Detection, and Other Mayhem! a.k.a. Pen Tester Voodoo 101
Mick Douglas

Physical Penetration Testing: You Keep a Knockin' But You Can't Come In!
Phil Grimes

Tech 2

Honeypots for Active Defense - A Practical Guide to Deploying Honeynets Within the Enterprise
Greg Foss

Building Security Awareness Through Social Engineering
Valerie Thomas & Harry Regan

Open Source Threat Intelligence: Building A Threat Intelligence Program Using Public Sources & Open Source Tools
Edward McCabe

Modern Approach to Incident Response
James Carder and Jessica Hebenstreit

Having your cake and eating it too! Deploying DLP services in a Next Generation Firewall Environment
Mike Spaulding

Using Machine Learning Solutions to Solve Serious Security Problems
Ryan Sevy & Jason Montgomery

Electronic Safe Fail
Jeff Popio

Emerging Trends in Identity & Access Management
Robert Block

Building a Successful Insider Threat Program
Daniel Velez

A New Mindset Is Needed – Data Is Really the New Perimeter!
Jack Varney


Software Security Cryptography
Aaron Bedra

Threat Analytics 101: Designing A "Big Data" Platform For Threat Analytics
Michael Schiebel

Developers Guide to Pen Testing (Hack Thyself First)
Bill Sempf

OWASP 2014 - Top 10 Proactive Web Application Controls
Jason Montgomery


IAM Case Study: Implementing A User Provisioning System
Keith Fricke

Measuring the Maturity of Your Security Operations Capabilities
Clarke Cummings

Exploring the Relationship between Compliance and Risk Management
Mark Curto

Data Loss Prevention - Are You Prepared?
Jason Samide

Compliance vs. Security - How to Build a Secure Compliance Program
Jeff Foresman

Overview and Analysis of NIST Cybersecurity Framework
Sarah Ackerman

The Explosion of Cybercrime - The 5 Ways IT May Be an Accomplice
Mark Villinski

GRC: Governance, Ruses & Confusion
Shawn Sines

Security Directions and Best Practices
Kevin Dempsey


Data Breach: If You're Not Prepared, You Can't Be Responsive
John Landolfi

Ten Practical Ideas For Creating An Attentive and Supportive Organization: Sales & Marketing For the Security Team
Glenn Miller

Strengthening Your Security Program
Chad Robertson

Presenting Security Metrics to the Board
Nancy Edwards

DREAMR - Obtain Business Partnerships
Jessica Hebenstreit

Security Talent In Ohio - A Discussion
Helen Patton

Silos to Seamless: Creating a Comprehensive Security Program
Jeremy Wittkop

Ascending Everest: Managing Third-Party Risk in the Modern Enterprise
Thomas Eck

And Then The World Changed…Again
Jason Harrell

Corporate Uses for Anonymity Networks
Adam Luck

Going To The Dark Side: A Look Into My Transition From Technologist To Salesman
Aaron Ansari

Building An Industrial Controls Cybersecurity Framework (Critical Infrastructure)
Ernie Hayden

Panel Discussion Insourcing Outsourcing and Hybrid
Helen Patton, Louis Lyons, Greg Franz, Jeffery Sweet, Sassan Attari, Carla Donev, Kent King


02/28/2015 Louisville Lock Picking And Bypass Class Hosted At LVL1
Hackers For Charity donation class taught by @irongeek_adc and @essobi. Hosted at the LVL1 Hackerspace.
02/22/2015 BSides Tampa 2015 Videos
These are the videos from the BSides Tampa conference. Thanks to @PolarBill and all of the BSides Crew for having me out to help record and render the videos.

Track 1

Bug Bounties and Security Research
Kevin Johnson

Securing The Cloud
Alan Zukowski

Chris Berberich

Vendor Induced Security Issues
Dave Chronister

Pentest Apocalypse
Beau Bullock

Kippo and Bits and Bits
Chris Teodorski

The Art of Post-infection Response & Mitigation
Caleb Crable

The Need for Pro-active Defense and Threat Hunting Within Organizations
Andrew Case

Track 2

Finding Common Ground within the Industry and Beyond
David Shearer

Ways to Identify Malware on a System
Ryan Irving

Android Malware and Analysis
Shane Hartman

Teaching Kids (and Even Some Adults) Security Through Gaming
Le Grecs

Evaluating Commercial Cyber Threat Intelligence
John Berger

Track 3

Cyber Geography and the Manifest Destiny of the 21st Century
Joe Blankenship

Mitigating Brand Damage From A Cyber Attack
Guy Hagen

What is a security analyst and what job role will they perform
James Risler

Live Forensic Acquisition Techniques
Joe Partlow

Cyber Security Awareness for Healthcare Professionals
Marco Polizzi

02/08/2015 BSides Huntsville 2015 Videos Posted
These are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon, Brian, @GRMrGecko and all of the BSides Crew for having me out to help record and render the videos.

Track 1

Real World Threats
Russ Ward

Lock picking, but bypass is easier
Adrian Crenshaw (@irongeek_adc)

The Dark Side Of PowerShell
Joshua Smith

Give me your data!
Dave Chronister

Gods and Monsters: A tale of the dark side of the web
Aamir Lakhani

Sensory Perception: A DIY approach to building a sensor network
Tim Fowler

Hijacking Label Switched Networks in the Cloud
Paul Coggin (@PaulCoggin)

Reverse Engineering Network Device APIs
Dan Nagle (@NagleCode)

Track 2

So Easy A High-Schooler Could Do It: Static malware analysis using function-level signatures
James Brahm, Matthew Rogers, and Morgan Wagner

Pragmatic Cloud Security: What InfoSec Practitioners Have Been Waiting For
Josh Danielson (@JoshGDanielson) and Arthur Andrieu

Developing and Open Source Threat Intelligence Program
Edward McCabe (@edwardmccabe)

Applying User-Centered Design Techniques for Augmenting Human Perception in Cyber Warfare
Frank Cohee

The Great Trojan Demo
Ben Miller

A Virtual SCADA Laboratory for Cybersecurity Pedagogy and Research
Zach Thornton

PlagueScanner: An Open Source Multiple AV Scanner Framework

01/28/2015 Circle City Con, Indianapolis Indiana 06-12-2015 - 06-14-2015
Come join us for Circle City Con in Indianapolis Indiana this June 12th-14th. I had a great time last year, and will be staffing again this year (video of course, and some time in the lock pick village). Call for presentations and call for trainers is currently open. More information at https://circlecitycon.com
01/21/2015 BSides Columbus Ohio 2015 Videos

These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and the guys who manned video rigs.


Breaking Bad
Jayson Street

Cloud and Virtualization Theory
Grauben Guevara



User Behavior Analysis
Matt Bianco

Plunder, Pillage and Print - The art of leverage multifunction printers during penetration testing
Deral Heiland

Common Sense Security Framework
Jerod Brennen

OWASP Mobile Top Ten - Why They Matter and What We Can Do
Ricky Rickard


Got software? Need a security test plan? Got you covered.
Bill Sempf

Corporate Wide SSL Interception and Inspection
Frank Shaw

How to Rapidly Prototype Machine Learning Solutions to Solve Security Problems
Jason Montgomery

A Basic Guide to Advanced Incident Response
Scott Roberts

Supply and Demand: Solving the InfoSec Talent Shortage
Brandon Allen

Special Teams

Do We Still Need Pen Testing?
Jeff Man

Trolling Attackers for Fun & Profit
Stephen Hosom

Inurl:robots.txt-What are YOU hiding?
David Young

Malware Development as the Evolution of Parasites
Adam Hogan

Snort Beyond IDS: Open Source Application and File Control
Adam Hogan


Shmoocon Firetalks 2015 Videos

Opening - @grecs

PlagueScanner: An Open Source Multiple AV Scanner Framework - Robert Simmons (@MalwareUtkonos)

I Hunt Sys Admins - Will Schroeder (@harmj0y)

Collaborative Scanning with Minions: Sharing is Caring - Justin Warner (@sixdub)

Chronicles of a Malware Hunter - Tony Robinson (@da_667)

SSH-Ranking - Justin Brand (@moo_pronto)

Resource Public Key Infrastructure - Andrew Gallo (@akg1330)

12/6/2014 WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated
Uploaded version 0.97. Now uses HTTPS for connecting to WiGLE since they have a properly signed cert. I also added code contributions from njd who updated for WiGLE changes (WiGLE now supports more encryption types). Folders are broken down into WAPs that a Open, WEP, WPA, WPA2 and Unknown.
11/22/2014 DerbyCon 2014 Higher Education Panel for Hackers Irongeek’s Thoughts
Just my thoughts on the state of infosec education at universities.
11/17/2014 Hack3rcon 5 Videos
Here are the videos from Hack3rcon^5 Enjoy.

Bash Scripting for Penetration Testers
Lee Baird

Intro to PowerShell Scripting for Security

ISLET: An Attempt to Improve Linux-based Software Training
Jon Schipp

Remote Phys Pen: Spooky Action at a Distance
Brian Martin

Introducing Network-Scout: Defending The Soft Center of Your Network

Using the techniques of propaganda to instill a culture of security
Justin Rogosky

Identify Your Web Attack Surface: RAWR!
Tom Moore, Adam Byers

Gone in 60 minutes _ Practical Approach to Hacking an Enterprise with Yasuo
Saurabh Harit, Stephen Hall

Check Your Privilege(s): Futzing with File Shares for low hanging fruit
Adrian Crenshaw

DERP - Dangerous Electronic Redteam Practices
Luis Santana

When Zombies take to the Airwaves

I Am Nation State (And So Can You!)
tothehilt, SynAckPwn


GrrCON 2014 Videos
These are the videos of the presentations from GrrCON 2014. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Steve, Ian, Justine, and other Chris) for recording.


Around the world in 80 Cons (A tale of perspectives)
Jayson E Street

Infosec in the 21st century
Tim Crothers

Securing our Ethics: Ethics and Privacy in a Target-Rich Environment
Kevin Johnson

Social Engineering Can Kill Me, But It Can’t Make Me Care
Gavin ‘Jac0byterebel’ Ewan

Finding Our Way – From Pwned to Strategy 
David Kennedy (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Emulate SandBox and VMs to avoid malware infections
Jordi Vazquez (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Security Hopscotch
Chris Roberts (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Email DLP: Simple concept, often poorly implemented
c0rrup7_R3x (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Look Observe Link (LOL) – How I learned to love OSINT
NinjaSl0th (Half lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

ZitMo NoM
David “HealWHans” Schwartzberg

Bigger Boys Made Us
Mike Kemp

Full Douchesclosure
Duncan Manuts

Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Odditie
Arron ‘Finux’ Finnon



Beating the Infosec Learning Curve Without Burning Out
Scott ‘secureholio’ Thomas

Picking Blackberries
Thomas 'G13' Richards

Exercising with Threat Models
J Wolfgang Goerlich

Seeing Purple: Hybrid Security Teams for the Enterprise

CryptoRush – Rising from the Ashes
King Dragon

Autonomous Remote Hacking Drones
Dr. Phil Polstra

Proof That Windows Computer Forensics is Sexy
Kyle ‘Chaoticflaws’ Andrus

BioHacking: Becoming the Best Me I Can Be

Vulnerable By Design – The Backdoor That Came Through the Front
Matthew ‘mandatory’ Bryant

OAuth2.0 – It’s the Implementation Stupid!!
Tony Miller

Breach Stains
Matt ‘The Streaker’ Johnson

Are you a janitor, or a cleaner?
John ‘geekspeed’ Stauffacher & Matthew ‘Mattrix’ Hoy

PCI and Crypto: The Good, The Bad, and The Frankly Ugly
Robert Former



Advanced Threats and Lateral Movement 
Terrance Davis

Adopting a Risk-based Threat Model to Secure Your Defenses and Regain Control of Your Critical Data
Todd Bursch

New World, New Realities: Endpoint threat Detection, Response and Prevention
Brian Orr

Reducing Your Organization’s Social Engineering Attack Surface
Jen Fox

Memory Forensics with Hyper-V Virtual Machines
Wyatt Roersma

$#!T My Industry Says. . .
Kellman Meghu

Bringing PWNED To You: Interesting Honeypot Trends
Elliott Brink

The Security Implications of Software Defined Networks
Shane Praay

Lessons from the front lines: Top focus areas for information security leaders
Shogo Cottrell

How to budget IDS’s
Brian ‘Arcane’ Heitzman

LEVIATHAN: Command and Control Communications on Planet Earth
Kevin Thompson

Red Teaming: Back and Forth, 5ever

Intelligence Driven Security
Shane Harsch

Security for the People: End-User Authentication Security on the Internet
Mark Stanislav

Hackers Are People Too

Vaccinating APK’s
Milan Gabor



Hack the Hustle! Career Strategies For Information Security Professionals
Eve Adams

The Challenge of Natural Security Systems
Rockie Brockway

Application Pen Testing
Chris Pfoutz

Advanced Breaches of 2013 vs. Behavioral Detection
Charles Herring

Security On The Cheap
Joel Cardella

Hacking Android
Godfrey Nolan

Cyber Security Incidents: Red Blue Team
Unc13 Fuck3r


Board Breaking Challenge

GrrCON Talent Accelerator Program
Abe Jones


Louisville Infosec 2014 Videos
Below are the videos from the Louisville Infosec 2014 conference. Thanks to @theglennbarrett, @f0zziehakz and @bridwellc for helping me record.

Opening Ceremony

All of Your Compliance Needs with One Methodolgy
Jim Czerwonka

Lockade: Electronic Games for Locksport
Adrian Crenshaw

Mining Data from the Windows Registry
Jason Hale

Identity Theft: Who's in YOUR Wallet?
Richard Starnes & Rick Nord

Mobile Telephony for InfoSec Practitioners
Daniel Helton

A Crosswalk of the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP)
John McLain

Building an Enterprise DDoS Mitigation Strategy
Mitchell Greenfield

Practical interception of mobile device traffic
Jeremy Druin

Changing What Game- One Future for Information Security
Michael Losavio

Trash Talkin - IT Audit Guide to Dumpster Diving
John Liestman

Linking Users to Social Media Usage on Android Mobile Devices
Ryan Ferreira

Origin of CyberSecurity Laws - An Insider's Story
Steve Riggs

A Place at the Table
Kristen Sullivan

What your Web Vulnerability Scanners Aren't Telling You
Greg Patton

ISSA Awards

Creating the Department of How: Security Awareness that makes your company like you.
Ira Winkler

Are You Really PCI DSS Compliant? Case Studies of PCI DSS Failure!
Jeff Foresman

Where does Data Security fit into the Data Quality strategy?
Michael Vincent

Closing Ceremony

10/01/2014 Derbycon 4 Videos
These are the videos of the presentations from Derbycon 2014. Big thanks to my video jockeys Skydog, Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Steven, Branden Miller, Joe, Greg and Night Carnage (and maybe the speakers too I guess).

Welcome to the Family – Intro

Johnny Long (Keynote) – Hackers saving the world from the zombie apocalypse

How to Give the Best Pen Test of Your Life (Keynote) – Ed Skoudis

Adaptive Pentesting Part Two (Keynote) – Kevin Mitnick and Dave Kennedy

If it fits – it sniffs: Adventures in WarShipping – Larry Pesce

Abusing Active Directory in Post-Exploitation – Carlos Perez

Quantifying the Adversary: Introducing GuerillaSearch and GuerillaPivot -Dave Marcus

A Year in the (Backdoor) Factory – Joshua Pitts

Ball and Chain (A New Paradigm in Stored Password Security) – Benjamin Donnelly and Tim Tomes

Et tu – Kerberos? – Christopher Campbell

Advanced Red Teaming: All Your Badges Are Belong To Us – Eric Smith

Bypassing Internet Explorer's XSS Filter – Carlos Munoz

 Threat Modeling for Realz – Bruce Potter

A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services – Brent Huston

Red Teaming: Back and Forth – 5ever – Fuzzynop

How not to suck at pen testing – John Strand

Mainframes – Mopeds and Mischief; A PenTesters Year in Review – Tyler Wrightson

The Multibillion Dollar Industry That's Ignored – Jason Montgomery and Ryan Sevey

Code Insecurity or Code in Security – Mano 'dash4rk' Paul

C3CM: Defeating the Command – Control – and Communications of Digital Assailants – Russ McRee

So You Want To Murder a Software Patent – Jason Scott

Leonard Isham – Patching the Human Vulns

Burp For All Languages – Tom Steele

Passing the Torch: Old School Red Teaming – New School Tactics – David McGuire and Will Schroeder

I Am The Cavalry: Year [0] – Space Rogue and Beau Woods

University Education In Security Panel – Bill Gardner (@oncee) – Ray Davidson – Adrian Crenshaw – Sam Liles – Rob Jorgensen

What happened to the 'A'? – How to leverage BCP/DR for your Info Sec Program – Moey

Securing Your Assets from Espionage – Stacey Banks

Subverting ML Detections for Fun and Profit – Ram Shankar Siva Kumar – John Walton

Secrets of DNS – Ron Bowes

Snort & OpenAppID: How to Build an Open Source Next Generation Firewall – Adam Hogan

GET A Grip on Your Hustle: Glassdoor Exfil Toolkit – Parker Schmitt – Kyle Stone (essobi) – Chris Hodges (g11tch)

DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model? – Tony Cargile

Exploiting Browsers Like A Boss w/ WhiteLightning! – Bryce Kunz

Real World Intrusion Response – Lessons from the Trenches – Katherine Trame and David Sharpe

Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed – David McCartney

NeXpose For Automated Compromise Detection – Luis "connection" Santana

A girl – some passion – and some tech stuff – Branden Miller and Emily Miller

InfoSec – from the mouth of babes (or an 8 year old) – Reuben A. Paul (RAPstar) and Mano Paul

Why Aim for the Ground? – Teaching Our School Kids All of the Right Computer Skills – Phillip Fitzpatrick

NoSQL Injections: Moving Beyond 'or '1'='1' – Matt Bromiley

SWF Seeking Lazy Admin for Cross Domain Action – Seth Art

Planning for Failure – Noah Beddome

The Social Engineering Savants – The Psychopathic Profile – Kevin Miller

Hiding the breadcrumbs: Forensics and anti-forensics on SAP systems – Juan Perez-Etchegoyen

You're in the butter zone now baby. – Chris Scott

Making BadUSB Work For You – Adam Caudill – Brandon Wilson

PassCrackNet: When everything else fails – just crack hashes. – Adam Ringwood

Vulnerability Assessment 2.0 – John Askew

Social Engineering your progeny to be hackers – Sydney Liles

A Brief History of Exploitation – Devin Cook

Hunting Malware on Linux Production Servers: The Windigo Backstory – Olivier Bilodeau

Interceptor: A PowerShell SSL MITM Script – Casey Smith

Egypt – More New Shiny in the Metasploit Framework

The Human Buffer Overflow aka Amygdala Hijacking – Christopher Hadnagy

Shellcode Time: Come on Grab Your Friends – Wartortell

The Internet Of Insecure Things: 10 Most Wanted List – Paul Asadoorian

DDoS Botnet: 1000 Knives and a Scalpel! – Josh Abraham

wifu^2 – Cameron Maerz

Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades – Tim Medin

Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields – Eve Adams and Johnny Xmas

How to Secure and Sys Admin Windows like a Boss. – Jim Kennedy

Red white and blue. Making sense of Red Teaming for good. – Ian Amit

Around the world in 80 Cons – Jayson E. Street

Mirage – Next Gen Honeyports – Adam Crompton and Mick Douglas

Active Directory: Real Defense for Domain Admins – Jason Lang

The Wireless World of the Internet of Things – JP Dunning ".ronin"

Hackers Are People Too – Amanda Berlin (Infosystir)

Ethical Control: Ethics and Privacy in a Target-Rich Environment – Kevin Johnson and James Jardine

The Road to Compliancy Success Plus Plus – James Arlen

Are You a Janitor – Or a Cleaner – "John Stauffacher and Matt Hoy

Practical PowerShell Programming for Professional People – Ben Ten (Ben0xA)

GROK – atlas

How building a better hacker accidentally built a better defender – Casey Ellis

Exploring Layer 2 Network Security in Virtualized Environments – Ronny L. Bull – Dr. Jeanna N. Matthews

Hardware Tamper Resistance: Why and How? – Ryan Lackey

Making Mongo Cry-Attacking NoSQL for Pen Testers – Russell Butturini

Step On In – The Waters Fine! – An Introduction To Security Testing Within A Virtualized Environment – Tom Moore

Give me your data! Obtaining sensitive data without breaking in – Dave Chronister

Third Party Code: FIX ALL THE THINGS – Kymberlee Price – Jake Kouns

Just What The Doctor Ordered? – Scott Erven

Powershell Drink the Kool-Aid – Wayne Pruitt – Zack Wojton

powercat – Mick Douglas

Macro Malware Lives! – Putting the sexy back into MS-Office document macros – Joff Thyer

Girl… Fault Interrupted – Maggie Jauregui

Human Trafficking in the Digital Age – Chris Jenks

Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP – Nathaniel Husted

How to Stop a Hack – Jason Samide

We don't need no stinking Internet. – Greg Simo

Hacking the media for fame and profit - Jen Ellis and Steve Ragan

Rafal Los – Things Being a New Parent of Twins Teaches You About Security

ZitMo NoM – David Schwartzberg

Penetrate your OWA – Nate Power

RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours – Lucas Morris – Adam Zamora

Interns Down for What? – Tony Turner

i r web app hacking (and so can you!) – Brandon Perry

Building a Modern Security Engineering Organization – Zane Lackey

Information Security Team Management: How to keep your edge while embracing the dark side – Stephen C Gay

5min web audit: Security in the startup world – Evan Johnson

Project SCEVRON: SCan EVrything with ruby RONin – Derek Callaway

Soft Skills for a Technical World - Justin Herman

Gone in 60 minutes a Practical Approach to Hacking an Enterprise with Yasuo – Saurabh Harit and Stephen Hall

Snarf – Capitalizing on Man-in-the-Middle – Victor Mata – Josh Stone

Electronic locks in firearms – Oh My! – Travis Hartman

The Achilles Heel Of The American Banking System - Brandon Henery and Andy Robins

It's Not Easy Being Purple – Bill Gardner – Valerie Thomas – Amanda Berlin – Eric Milam – Brandon McCann – Royce Davis

Control Flow Graph Based Virus Scanning – Douglas Goddard

Ok – so you've been pwned – now what? – Jim Wojno

Everybody gets clickjacked: Hard knock lessons on bug bounties – Jonathan Cran

Are you a Beefeater – focused on protecting your crown jewels? – Jack Nichelson

Dolla Dolla Bump Key – Chris Sistrunk

What Dungeons & Dragons Taught Me About INFOSEC – Joey Maresca (l0stkn0wledge)

Gender Differences in Social Engineering: Does Sex Matter? – Shannon Sistrunk – Will Tarkington

Introduction to System Hardening – Eddie David

 Hacking your way into the APRS Network on the Cheap – Mark Lenigan

Building a Web Application Vulnerability Management Program – Jason Pubal

Fighting Back Against SSL Inspection – or How SSL Should Work – Jacob Thompson

Physical Security: From Locks to Dox – Jess Hires

Am I an Imposter? – Warren Kopp

Call of Community: Modern Warfare – Ben Ten and Matt Johnson

The Canary in the Cloud – Scot Bernerv



BSides Augusta 2014 Videos
These are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail for manning a capture rig.


Defeating Cognitive Bias and Developing Analytic Technique
Chris Sanders

Chris Sistrunk

Scaling Security Onion to the Enterprise
Mike Reeves

Techniques for Fast Windows Investigations
Tim Crothers

Using Microsoft’s Incident Response Language
Chris Campbell

Is that hardware in your toolkit, or are you just glad you’re keeping up?
Jeff Murri

Chris Truncer

The Adobe Guide to Keyless Decryption
Tim Tomes

App Wrapping: What does that even mean
David Dewey

Adventures in Asymmetric Warfare
Will Schroeder

When Zombies take to the Airwaves
Tim Fowler

Spying on your employees using memory
Jacob Williams

Crazy Sexy Hacking
Mark Baggett

08/21/2014 Passwordscon 2014 Videos
These are the videos from the Passwordscon 2014 conference. Thanks for having me out to help record and render the videos.

Track 1

How we deciphered millions of users’ encrypted passwords without the decryption keys. - Josh Dustin (Canceled)

Is Pavlovian Password Management The Answer? - Lance James

DoCatsLikeLemon? – Advanced phrase attacks and analysis - Marco Preuß

Tradeoff cryptanalysis of password hashing schemes - Dmitry Khovratovich, Alex Biryukov, Johann Großschädl

Using cryptanalysis to speed-up password cracking - Christian Rechberger

Password Security in the PCI DSS - Jarred White

Defense with 2FA - Steve Thomas

I have the #cat so I make the rules - Yiannis Chrysanthou

Penetrate your OWA - Nate Power

Surprise talk + advisory release - Dominique Bongard

All your SAP P@$$w0ЯdZ belong to us - Dmitry Chastuhin, Alex Polyakov

Target specific automated dictionary generation - Matt Marx

Bitslice DES with LOP3.LUT - Steve Thomas

Net hashes: a review of many network protocols - Robert Graham

Energy-efficient bcrypt cracking - Katja Malvoni

The problem with the real world - Michal Špaček

Password Topology Histogram Wear-Leveling, a.k.a. PathWell - Rick Redman

Beam Me Up Scotty! – Passwords in the Enterprise - Dimitri Fousekis

Track 2

Welcome & Announcements - Jeremi Gosney, Per Thorsheim

Opening Keynote - Julia Angwin

Secure your email – Secure your password - Per Thorsheim

Highlights of CMU’s Recent Work in Preventing Bad Passwords - Sean Segreti, Blase Ur

Password Hashing Competition: the Candidates - Jean-Philippe Aumasson

What Microsoft would like from the Password Hashing Competition - Marsh Ray, Greg Zaverucha

How Forced Password Expiration Affects Password Choice - Bruce K. Marshall

Security for the People: End-User Authentication Security on the Internet - Mark Stanislav

Authentication in the Cloud – Building Service - Dan Cvrcek

How EFF is Making STARTTLS Resistant to Active Attacks - Jacob Hoffman-Andrews, Yan Zhu

Proof of work as an additional factor of authentication - Phillippe Paquet, Jason Nehrboss

The future of mobile authentication is here - Sam Crowther

Password hashing delegation: how to get clients work for you - Thomas Pornin

Throw the User ID Down the Well - Daniel Reich

Password Generators & Extended Character Set Passwords - Stephen Lombardo, William Gray

Encryption and Authentication: Passwords for all reasons. - Jeffrey Goldberg

Enhancing Password Based Key Derivation Techniques - Stephen Lombardo, Nick Parker

Capturing Passwords into the Secure Desktop - Marcio Almeida de Macedo, Bruno Gonçalves de Oliveira

08/20/2014 TakeDownCon Rocket City 2014 Videos
These are the videos from the TakeDownCon Rocket City 2014. Thanks to Devona Valdez and Paul Coggin for having me out to record.

Hacking Industrial Control Systems - Ray Vaughn (Not Recorded)

Dropping Docs on Darknets: How People Got Caught - Adrian Crenshaw

How Networks are Getting Hacked: The Evolution of Network Security - Omar Santos

Building on Device Vulnerabilities: Attack Modes for ICS - Bryan Singer

Survival in an Evolving Threat Landscape - David Hobbs

Practical Side Channel Attacks On Modern Browsers - Angelo Prado

IPv6 Attack tools - Soctt Hogg

Mobile Forensics and Its App Analysis - Dr. Charline Nixon

Keynote – How Not to do Security - Kellman Meghu

Baseball, Apple Pies, and Big Data Security Analytics: Shorten the Kill Chain Window - Aamir Lakani

Hijacking Label Switched Networks in the Cloud - Paul Coggin

Shepherd’s Pi – Herding Sheep with a Raspberry Pi - Timothy Mulligan

Radio Hack Shack – Security Analysis of the Radio Transmission - Paula Januszkiewicz

IT Security Myths - "How you are helping your enemy" - Joe Vest

Splinter the RAT Attack: Creating Custom RATs to Exploit the Network - Solomon Sonja

Policy Defined Segmentation with Metadata - Scott Kirby

Cyber Attack Mitigation - Christopher Elisan

08/12/2014 Defcon Wireless Village 2014 (Defcon 22) Videos
These are the videos from the Defcon Wireless Village 2014 (Defcon 22). Thanks to the Village People for putting on the event, especially Maeltac for recording.


So ya wanna get into SDR? - Russell Handorf

Pentoo Primer - Village People

802.11ac Evolution: Data rates and Beamforming - Eric Johnson

Practical Foxhunting 101 - SimonJ

Pwn Phone: gg next map - Timothy Mossey

Hacking 802.11 Basics - Benjamin Smith

UAV-Assisted Three-Dimensional Wireless Assessments - Scott Pack & Dale Rowe

Manna from Heaven; Improving the state of wireless rogue AP attacks - Dominic White & Ian de Villiers

ApiMote: a tool for speaking 802.15.4 dialects and frame injection - Ryan Speers & Sergey Bratus

Pineapple Abductions - Craig Young

Choosing your next antenna, types, power, sizes, the truth. - Raul J Plà

Introduction to the Nordic nRF24L01+ - Larry Pesce

Driver-less Wireless Devices - Dominic Spill & Dragorn

Hacking the Wireless World with Software Defined Radio - 2.0 - Balint Seeber

The NSA Playset: Bluetooth Smart Attack Tools - Mike Ryan

PortaPack: Is that a HackRF in your pocket? - Jared Boone

PHYs, MACs, and SDRs - Robert Ghilduta

SDR Tricks with HackRF - Michael Ossmann

SDR Unicorns Panel - Robert Ghilduta & Michael Ossmann & Balint Seeber

Inside The Atheros WiFi Chipset - Adrian Chadd

08/11/2014 BSides Las Vegas 2014 Videos
These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.

@bsideslv, @banasidhe, @jack_daniel, @SciaticNerd and all my video crew

Breaking Ground

Opening Keynote -- Beyond Good and Evil: Towards Effective Security - Adam Shostack

USB write blocking with USBProxy - Dominic Spill

Allow myself to encrypt...myself! - Evan Davison

What reaction to packet loss reveals about a VPN - Anna Shubina • Sergey Bratus

Untwisting the Mersenne Twister: How I killed the PRNG - moloch

Anatomy of memory scraping, credit card stealing POS malware - Amol Sarwate

Cluck Cluck: On Intel's Broken Promises - Jacob Torrey

A Better Way to Get Intelligent About Threats - Adam Vincent

Bring your own Risky Apps - Michael Raggo • Kevin Watkins

Invasive Roots of Anti-Cheat Software - Alissa Torres

Vaccinating Android - Milan Gabor • Danijel Grah

Security testing for Smart Metering Infrastructure - Steve Vandenberg • Robert Hawk

The Savage Curtain - Tony Trummer • Tushar Dalvi

We Hacked the Gibson! Now what? - Philip Young

Closing Keynote It\'s A S3kr37  (Not recorded :( )

Proving Ground

#edsec: Hacking for Education - Jessy Irwin

So, you want to be a pentester? - Heather Pilkington (Not Recorded)

Securing Sensitive Data: A Strange Game - Jeff Elliot

Brick in the Wall vs Hole in the Wall - Caroline D Hardin

Cut the sh**: How to reign in your IDS. - Tony Robinson/da_667

Geek Welfare -- Confessions of a Convention Swag Hoarder - Rachel Keslensky

No InfoSec Staff? No Problem. - Anthony Czarnik

Can I Code Against an API to Learn a Product? - Adrienne Merrick-Tagore

Bridging the Air Gap: Cross Domain Solutions - Patrick Orzechowski

Back Dooring the Digital Home - David Lister

iOS URL Schemes: omg:// - Guillaume K. Ross

Oops, That Wasn't Suppossed To Happen: Bypassing Internet Explorer's Cross Site Scripting Filter - Carlos Munoz

What I've Learned As A Con-Man - MasterChen

Training with Raspberry Pi - Nathaniel Davis

Black Magic and Secrets: How Certificates Influence You! - Robert Lucero

Attacking Drupal  -Greg Foss

Hackers vs Auditors - Dan Anderson

Third-Party Service Provider Diligence: Why are we doing it all wrong? - Patrice Coles

Pwning the hapless or How to Make Your Security Program Not Suck - Casey Dunham • Emily Pience

Teach a man to Phish... - Vinny Lariza

The Lore shows the Way - Eric Rand

Common Ground

SHA-1 backdooring and exploitation - Jean-Philippe Aumasson

Evading code emulation: Writing ridiculously obvious malware that bypasses AV - Kyle Adams

Security Management Without the Suck - Tony Turner • Tim Krabec

Vulnerability Assessments on SCADA: How i 'owned' the Power Grid. - Fadli B. Sidek (not posted)

Malware Analysis 101 - N00b to Ninja in 60 Minutes - grecs

Travel Hacking With The Telecom Informer - TProphet

The untold story about ATM Malware - Daniel Regalado

Using Superpowers for Hardware Reverse Engineering - Joe Grand

Why am I surrounded by friggin' idiots?!? (Because you hired them!) - Stephen Heath

Demystiphying and Fingerprinting the 802.15.4/ZigBee PHY - Ira Ray Jenkins • Sergey Bratus

Insider Threat Kill Chain: Human Indicators of Compromise - Ken Westin

A Place to Hang Our Hats: Security Community and Culture - Domenic Rizzolo

Booze, Devil's Advocate, and Hugs: the Best Debates Panel You'll See at BSidesLV 2014 - David Mortman • Joshua Corman • Jay Radcliffe • Zach Lanier • David Kennedy

Pwning the Pawns with WiHawk - Santhosh Kumar • Anamika Singh (Missing?)

Ground Truth

The Power Law of Information - Michael Roytman

Measuring the IQ of your Threat Intelligence feeds - Alex Pinto • Kyle Maxwell

Strategies Without Frontiers - Meredith L. Patterson

ClusterF*ck - Actionable Intelligence from Machine Learning - Mike Sconzo

Know thy operator - Misty Blowers

Improving security by avoiding traffic and still get what you want in data transfers - Art Conklin

The Semantic Age - or - A Young Ontologist's Primer

I Am The Cavalry Q&As

07/20/2014 BSides Cleveland 2014 Videos
These are the videos from the Bsides Cleveland conference. Thanks to  &  as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.

Keynote: Destroying Education and Awareness - David Kennedy

Track 1

APT2 – Building a Resiliency Program to Protect Business - Edward McCabe

Threat Models that Exercise your SIEM and Incident Response - J. Wolfgang Goerlich and Nick Jacob

Fun with Dr. Brown - Spencer McIntyre

Malware Evolution & Epidemiology - Adam Hogan

Plunder, Pillage and Print – The art of leverage multifunction printers during penetration testing - Deral Heiland

Seeing Purple: Hybrid Security Teams for the Enterprise - Mark Kikta (Not posted)

Attacking and Defending Full Disk Encryption - Tom Kopchak

Track 2

Phishing Like a Monarch With King Phisher - Brandon Geise and Spencer McIntyre

The importance of threat intel in your information security program - Jamie Murdock

Lockade: Locksport Electronic Games - Adrian Crenshaw

Pentesting Layers 2 and 3 - Kevin Gennuso and Eric Mikulas

Cleveland Locksport - Jeff Moss, Doug Hiwiller, and Damon Ramsey

Hacking Diversity - Gregorie Thomas

PowerShell: cool $h!t - Zach Wojton

Thinking Outside the Bunker: Security as a practice, not a target - Steven Legg

Password Defense: Controls your users won’t hate - Nathaniel Maier

Am I an Imposter? - Warren Kopp



OISF 2014 Videos
These are the videos from the OISF Anniversary Event


For the Love of God, DEFEND YOUR MOBILE APPS! Part 2 - Jerod Brennen

Destroying Education and Awareness - Dave Kennedy

Lockade: Electronic Games for Locksport - Adrian Crenshaw

Modern Times: Passwords - Tom Webster

Praeda to PraedaSploit: The embedded device data Harvesting tool for the masses - Deral Heiland “Percent_X”

06/15/2014 Circle City Con 2014 Videos

These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Oddjob, Glenn, James, Mike, Nathan, Chris and Branden for helping set up AV and record.


Conference Opening

Keynote - Beau Woods

Containing Privileged Processes with SELinux and PaX and Attacking Hardened Systems - Parker Schmitt

Whitelist is the New Black - Damian Profancik

Developing a Open Source Threat Intelligence Program - Edward McCabe

Blurred Lines- When Digital Attacks Get Physical - Phil Grimes

Hackers, Attack Anatomy and Security Trends - Ted Harrington

Exploring the Target Exfiltration Malware with Sandbox Tools - Adam Hogan

Day 2

From Grunt to Operator – Tom Gorup

Moving the Industry Forward – The Purple Team - David Kennedy

Software Assurance Marketplace (SWAMP) - Von Welch

OWASP Top 10 of 2013- It’s Still a Thing and We’re Still Not Getting It - Barry Schatz

Tape Loops for Industrial Control Protocols - K. Reid Wightman

OpenAppID- Open Source Next Gen Firewall with Snort - Adam Hogan

Challenge of Natural Security Systems - Rockie Brockway

InfoSec Big Joke – 3rd Party Assessments - Moey (Not recorded)

How to create an attack path threat model - Wolfgang Goerlich

Day 3

Are You a Janitor or a Cleaner - John Stauffacher / Matt Hoy

Ain’t No Half-Steppin’ - Martin Bos

Track 2

Competitive Hacking- why you should capture the flag - Steve Vittitoe

3 Is a Magic Number (or your Reality Check is About to Bounce) - Edward McCabe

The TrueCrypt audit- How it happened and what we found - Kenneth White

Seeing Purple- Hybrid Security Teams for the Enterprise - Mark Kikta (Beltface)

Eyes on IZON- Surveilling IP Camera Security - Mark Stanislav

Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT) - Benjamin Brown

Day 2

Hackers Are People Too - Amanda Berlin

gitDigger- Creating useful wordlists and hashes from GitHub repositories - Jaime Filson

Retrocomputing And You – Machines that made the ‘net - Pete Friedman

Doge Safes- Very Electronic, Much Fail, WOW! - Jeff Popio

Human Trafficking in the Digital Age - Chris Jenks

Keys That Go *Bump* In The Night - Loak

How Hackers for Charity (Possibly) Saved Me a LOT of Money - Branden Miller & Emily Miller

Ten Commandments of Incident Response (For Hackers) - Lesley Carhart

Threat Modeling- Fear, Fun, and Operational - James Robinson

Decrypting Communication- Getting Your Point Across to the Masses - Katherine Cook Frye

How often should you perform a Penetration Test - Jason Samide

Proactive Defense – Eliminating the Low Hanging Fruit - Matt Kelly

Active Directory- Real Defense for Domain Admins - Jason Lang

Day 3

Profiling Campus Crime - Chris J., Jason J., Katelyn C.,Alex H.

Proper Seasoning Improves Taste - James Siegel

Executive Management Manaing the Executives Beau Woods & Engaging the Media API Steve Ragan

06/06/2014 And We're Back!
Looks my account is reinstated. Let me know if any videos seem to be deleted.
Hi there,

After a review of your account, we have confirmed that your YouTube account is not in violation of our Terms of Service. As such, we have unsuspended your account. This means your account is once again active and operational.

If you forgot your password, please visit this link to reset it:


The YouTube Team

©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066




Google & Youtube

I woke up today to find a bunch of Facebook/Twitter messages that said my Youtube account was suspended. If you know someone at Google who can directly help me, let me know (their email support fails the Turing test). These are the messages I got from them.

YouTube | Broadcast Yourself™

Regarding your account: Adrian Crenshaw

The YouTube Community has flagged one or more of your videos as inappropriate. Once a video is flagged, it is reviewed by the YouTube Team against our Community Guidelines. Upon review, we have determined that the following video(s) contain content in violation of these guidelines, and have been disabled:

Your account has received one Community Guidelines warning strike, which will expire in six months. Additional violations may result in the temporary disabling of your ability to post content to YouTube and/or the permanent termination of your account.

For more information on YouTube's Community Guidelines and how they are enforced, please visit the help center.

Please note that deleting this video will not resolve the strike on your account. For more information about how to appeal a strike, please visit this page in the help center.


The YouTube Team

Copyright © 2014 YouTube, LLC


We'd like to inform you that due to repeated or severe violations of our Community Guidelines (http://www.youtube.com/t/community_guidelines) your YouTube account Adrian Crenshaw has been suspended. After review we determined that activity in your account violated our Community Guidelines, which prohibit spam, scams or commercially deceptive content. Please be aware that you are prohibited from accessing, possessing or creating any other YouTube accounts. For more information about account terminations and how our Community Guidelines are enforced, please visit our Help Center at https://support.google.com/youtube/bin/answer.py?answer=92486&hl=en.
©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066


Come on Guys! is it just because of viagra in the title? Please get our InfoSec videos back up! (pun intended)


BSides Nashville 2014 Videos
These are the videos BSides Nashville 2014 Videos. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Don Baham, Gabe Bassett and Some Ninja Master for helping set up AV and record.

Main Hall

Welcome to BSides Nashville
BSides, Harmonicas, and Communication Skills - Jack Daniel
Closing Ceremonies

INFOSEC 101 Track

Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields - Eve Adams
Learn From Your Mistakes - Adam Len Compton
Beating the Infosec Learning Curve Without Burning Out - Scott Thomas
Sun Tzu was a punk! Confucius was an InfoSec rockstar! - Branden Miller
Around the world in 80 Cons - Jayson E Street Not Recorded

INFOSEC 418 Track

Making Mongo Cry: Automated NoSQL exploitation with NoSQLMap - Russell Butturini
Buy Viagra! - Matt Smith
How do I hack thee? Let me count the ways - Stewart Fey
Healthcare Security, which protocal? - Adam John
Why you can't prove you're PWND, but you are! - Ben Miller

INFOSEC 429 Track

Bending and Twisting Networks - Paul Coggin
Succeeding with Enterprise Software Security Key Performance Indicators - Rafal Los
Scaling Security in the Enterprise: Making People a Stronger Link - Kevin Riggs
Closing the time to protection gap with Cyber Resiliency - John Pirc Did not happen, replaced with:
Applying analog thinking to digial networks Winn Schwartau (@winnschwartau)
Seeing Purple: Hybrid Security Teams for the Enterprise - Mark Kikta

05/11/2014 Nmap Class for Hackers For Charity
This is the Nmap class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin @webpwnized, Martin Bos @purehate_ and me @irongeek_adc. If you like the videos, please consider donating to Hackers For Charity.

ShowMeCon 2014 Videos
These are the videos ShowMeCon 2014. Thanks to Renee & Dave Chronister (@bagomojo), Ben Miller (@Securithid) and others for having me out to record and speak. Also thanks to my video crew Josh Tepen, Robert Young, Kali Baker, Andrew Metzger & Brian Wahoff.

Introduction - Parameter
Hacking Hollywood - Ralph Echemendia
Give Me Your Data - Dave Chronister
Terminal Cornucopia: Demystifying The Mullet - Evan Booth
Thinking Outside The (Sand)Box - Kyle Adams
Protecting The Seams: Military Doctrine Applied To Application And Network Security - Paul Vencill
Start With The BPT Then Worry About The APT! - Kevin Cardwel
Introduction - Parameter (Rolled in with next talk)
Cognitive Injection - Andy Ellis
Inside The World’S Most Dangerous Search Engine - John Matherly
Hacking To Get Caught: A Concept For Adversary Replication And Penetration Testing - Raphael Mudge
Power-Ups And Princesses: What Video Games Taught Me About Building A Security Awareness Program - Aamir Lakhani
Powershell And You: Using Microsoft’S Post-Exploitation Language - Chris Campbell
Dropping Docs On Darknets: How People Got Caught - Adrian Crenshaw
Around The World In 80 Cons - Jayson E Street (not recorded)
Threat Modeling In The C-Suite, A Practical Guide - Erick Rudiak (pending review)
The Call Of Community: Modern Warfare - Ben0xa 
Physical (In)Security – It’S Not All About Cyber - Inbar Raz
Bending And Twisting Networks - Paul Coggin
Here, Let Me Hold That For You. Consumer Metadata And Its Dangers - Robert Reed

04/28/2014 BSides Chicago 2014 Videos
These are the videos from the BSides Chicago conference. Thanks to all of the BSides organizers @elizmmartin and  @securitymoey for having me out to help record and render the videos. Also big thanks to the @BSidesChicago A/V crew Chris Hawkins
@Lickitysplitted, Todd Haverkos @phoobar, Jason Kendall @coolacid and Asim.

Aligning Threats and Allies through Stories - J Wolfgang Goerlich and Steven Fox - @jwgoerlich @securelexicon

The Ultimate INFOSEC Interview: "Why must I be surrounded by frickin' idiots?" -- Dr. Evil, 1997 - Stephen Heath - @dilisnya

Call of Community: Modern Warfare - Matt Johnson & Ben Ten - @mwjcomputing @Ben0xA

How To Win Friends and Influence Hackers - Jimmy Vo - @JimmyVo

Checklist Pentesting; Not checklist hacking - Trenton Ivey - @trentonivey

Seeing Purple: Hybrid Security Teams for the Enterprise - Belt - @b31tf4c325

Looking for the Weird - Charles Herring - @charlesherring

InfoSec Big Joke: 3rd Party Assessments - moey - @securitymoey

Bypassing EMET 4.1 - Jared DeMott - @jareddemott

Comparing Risks to Risks - Why Asset Management Is Broken and How to Fix It. - Michael Roytman - @mroytman

Bioinformatics: Erasing the line between biology and hacking - Krystal Thomas-White and Patrick Thomas - @coffeetocode

Building an AppSec Program from Scratch - Chris Pfoutz - @cpfoutz

Minecraft Security - Riese Goerlich

The SMB Security Gap - Mike Kavka - @SiliconShecky

Everything I Ever Needed to Know About Infosec, I Learned from Hollywood - Tom Ervin - @TechByTom

Sit, stay, proxy. Good beagle. Why I love the beaglebone black and why you should too. - Colin Vallance - @_CRV

Hacking Diversity in InfoSec - Greg Thomas - @minossec

04/13/2014 Notacon 11 (2014) Videos
These are the videos from the 11th Notacon conference held April 10th-13st, 2014. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: Securi-D, Ross, KP, Jeff and myself (Let me know who else to add).

Track 1

Big Data Technology – The Real World ‘Minority Report’ - Brian Foster

Naisho DeNusumu (Stealing Secretly) – Exfiltration Tool/Framework - Adam Crompton

Wireless Mesh Protocols - Alex Kot

MDM is gone, MAM is come. New Challenges on mobile security - Yury Chemerkin

Moving the Industry Forward – The Purple Team - David Kennedy

Pwning the POS! - Mick Douglas

Nindroid: Pentesting Apps for your Android device - Michael Palumbo

Building a private data storage cloud - Michael Meffie

Lessons Learned Implementing SDLC – and How To Do It Better - Sarah Clarke

Plunder, Pillage and Print - Deral Heiland & Peter Arzamendi

Microsoft Vulnerability Research: How to be a finder as a vendor - Jeremy Brown & David Seidman

SMalware Analysis 101 – N00b to Ninja in 60 Minutes - grecs

Omega – A Universe Over IP - Mo Morsi

IRS, Identity Theft, and You (or Someone Pretending to Be You). - 123-45-6789

Track 2

All About the Notacon Badge -Sam Harmon

Collaboration between Artificial Intelligence and Humans: How to cure every disease within 50 years - Joe O’Donnell

Science “Fair” - The Nomad Clan

Hacking Your Way Into the APRS Network on the Cheap - Mark Lenigan

Dominate! (Or let your computer do it for you.) - Paul Jarc

Wearable Technology as Art for Countersurveillance, Cinemaveillance, and Sousveillance - Ross Bochnek

3D Printing for Work and Fun (temp title) - Mirabela Rusu

Comparing “Go Green” With “Common Sense” - Suellen Walker

Living in the Future: It seems to be in Beta - Jeff Goeke-Smith

A Brief Introduction to Game Theory - Charlotte DeKoning - Beyond Using The Buddy System - Holly Moyseenko & Kris Perch


03/27/2014 Lockade: Locksport Electronic Games
This page is mostly going to be a place holder till I get all the games up. Gamification can make learning more fun, and some people are inspired and motivated by competition. This talk will be on integrating hobbyist electronics with lock picking games. We will show rough schematics, release code, and invite people to play the games at cons.
03/10/2014 ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python) Updated
Mostly updated for longer timeouts and to use "more system:run" so you can save passwords in the configs too. You should now just have to edit the commandonall and prefixonall to set the script up to run a given command on a series of Cisco ASAs in every context.


So does IU Southeast and Indiana University take Linda Christiansen's plagiarism seriously?
The answer is apparently no. I've includes my emails with IU officials on the matter. Apparently, plagiarism is ok at IU/Indiana University Southeast if you are tenured faculty and it's only a business law and ethics syllabus.
02/10/2014 BSides Huntsville 2014 Videos
These are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon and all of the BSides Crew for having me out to help record and render the videos. Sorry for the bad sound, we had to go ambient in a crowded room.

BSides Huntsville 2014 - Intro

Building The Future of P-12 Cyber Education - Dr. Casey Wardynski

Cyber Security Program At HAH - Dr. Ray Vaughn

1337 in the Library: Obtaining your information security education on the cheap - Adrian Crenshaw @irongeek_adc

Zero to Hero: Breaking into the security Field - Jeremy Conway

Certifications in Cybersecurity - Adam Wade Lewis

Trojans – The Forgotten Enemy - Dave Chronister

The Amazing Cybermen - Ben McGee

Why you are pwn’d and don’t know it! - Ben Miller

Cyber Security, What's The Fuss? - Deborah William

HTTPS: Now You See Me - Tim Mullican

Introduction to hacking with PowerShell - Scott Busby

All You Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches - Valerie Thomas - @hacktress09

Digital Energy BPT - Paul Coggin
02/01/014 Intro to Darknets: Tor and I2P Workshop
This class introduces students to the I2P and Tor Darknets. We cover setting up Tor & I2P, the basics of use, and how to make hidden services. We also go over case examples like Eldo Kim Harvard & the Harvard Bomb Threat, Hector Xavier Monsegur (Sabu)/Jeremy Hammond (sup_g) & LulzSec, Freedom Hosting & Eric Eoin Marques and finally Ross William Ulbricht/“Dread Pirate Roberts” of the SilkRoad, to explain how people have been caught and how it could have been avoided.
01/30/2014 10 Years Of Irongeek.com
Today marks the 10th anniversary of Irongeek.com's existence. Also, the Intro to I2P/Tor Workshop Notes have been updated.

ShmooCon Firetalks 2014
These are the videos for the ShmooCon Firetalks 2014. Day 2 I overslept, but Squidly1 got me copies from Ted's recordings ( http://www.MediaArchives.tv ).

Thanks to:

Day 1

Welcome grecs
Eyes on IZON: Surveilling IP Camera Security - Mark “@markstanislav” Stanislav
Get Out of Jail Free Cards? What Aviation Can Teach Us About Information Sharing - Bob “@strat” Stratton
Crossing the Streams with State Machines in IDS Signature Languages - Michael “@michaelrash” Rash
Another Log to Analyze – Utilizing DNS to Discover Malware in Your Network - Nathan “@HackHunger” Magniez
Windows Attacks: AT is the New Black - Rob “@mubix” Fuller
Weaponizing Your Pets: War Kitteh and the Denial of Service Dog - Gene “@gbransfield” Bransfield
Women's Tech Collective, and Gender Equality in Tech - Sarah “@dystonica” Clarke

Day 2

Welcome grecs
You Name It, We Analyze It - Jim “@JimGilsinn” Gilsinn
Having Your Cake and Eating It Too: FOIA, Surveillance, and Privacy - Michael “@theprez98? Schearer
Building An Information Security Awareness Program From Scratch - Bill “@oncee” Gardner
TrendCoins: Making Money on the Bitcoin/Altcoin Trends - Zac “@ph3n0? Hinkel
Writing Your Own Disassembler in 15 Minutes - Jay “@computerality” Little

01/17/2014 Installing Nessus on Kali Linux and Doing a Credentialed Scan
I recorded this video twice. First time, the sound was hideous when the fan came on. I decided to re-record it and post both versions. I cover installing Nessus on Kali Linux and doing Nessus credentialed scans using Windows passwords and Linux SSH keys.
01/13/2014 Update of the Linda Christiansen Plagiarism case in the article Critically Plagiarizing?: Ideas On Spotting Plagiarism
Just a small update after I got some data back from my open records request.

SkyDogCon 2013 Videos
Here are the videos from SkyDogCon 3. Thanks to all of the SkyDogCon crew, especially @pentestfail who was in charge of video (I just spoke at this con, and killed my brain and liver cells). @pentestfail may still be working on some of the missing videos, so I plan to update this page later

Opening Remarks & Hack the Badge

Curtis Koenig: Hacking Your Career

Nathan Magniez: Alice in Exploit Redirection Land: A Trip Down the Rabbit Hole

Explanation of Contests

Security Phreak & SkyDog: The Dark Arts of OSINT

G. Mark Hardy: How the West was Pwned

Winn Schwartau: I Survived Rock and Roll!

Jon Callas: Do You Want to Know a Secret?

Billy Hoffman: Start Ups and Lessons Learned

Panel Talk: Building and Growing a Hacker Space With: l0stkn0wledge, Dave Marcus, and SkyDog

IronGeek & SkyDog: Con Video Rig Enhancements

Evan Booth: Terminal Cornucopia

Deviant Ollam: Android Phones Can Do That?!?: Custom Tweaking for Power Security Users

Branson Matheson: Hacking Your Minds & Emotions

Billy Hoffman: Inside the Hacker’s Studio Interviews Dave Marcus: Director and Chief Architect of Threat Research and Intelligence for McAfee®'s Federal Advanced Programs Group

Josh Schroeder: CCTV: Setup Attack Vectors and Laws

Travis Goodspeed: Building an Actively Antiforensic iPod

Branden Miller: NSA Wiretaps Are Legal and Other Annoying Facts


Vivek Shandilya: Lightning Talks

Charline Nixon: Lightning Talks

Chris Anderson: Operational Security and Your Mental Health

Michael Raggo: Data Hiding and Steganography

Closing Remarks / Good-Byes

12/26/2013 Intro to I2P/Tor Workshop Notes Updated
I'm working on updating my I2P/Tor Workshop Notes for a class I'll be doing soon. Please look at them and offer suggestions on extra topics I should cover.
12/26/2013 IU Southeast School of Business to offer an MIS (Management Information Systems) Masters degree? Yes, same people behind the IUS MBA.
I recently heard that IU Southeast is planning to offer an MIS (Management Information Systems) Masters degree. While I think their Computer Science and Informatics Schools seem good, since the degree would be co-ran by the School of Business I would not recommend it to anyone in the Louisville area under its current leadership. Anyplace where an IU Southeast Business Law & Ethics instructor appears to plagiarize on her own syllabus that warns that students will be instantly failed for plagiarism, and asking simple questions about laws as it relates to technology is considered "excessive us of jargon", is not a good place for IT people (and especially security people concerned with integrity) to be. While the School of Business at IUS has its current leadership, I strongly recommend that you steer clear if you really want to learn. Just figured I'd help others not go through the same things I did there.
12/14/2013 Intro to Metasploit Class at IU Southeast
This is a class we did to introduce students to Metasploit at IU Southeast. Special guest lecturer Jeremy Druin (@webpwnize). To follow along, I recommend downloading Kali Linux.
12/02/2013 Critically Plagiarizing?: Ideas On Spotting Plagiarism
Just a few tips for how to find plagiarism online, thanks to my old IU Southeast Business Law & Ethics teacher Linda Christiansen for giving me the example material.

BSides Delaware 2013 Videos
These are the videos from the BSides Delaware conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.

@bsidesde, @kickfroggy, @quadling

110 Years of Vulnerabilities 
Brian Martin, aka Jericho
HTML 5 Security
Justin Klein Keane @madirish2600

Cloud - Business and Academia - Bringing it all together
Cloud Security Alliance - Delaware Valley Board

Uncloaking IP Addresses on IRC
Derek Callaway @decalresponds

Baking, even more, Clam(AV)s for Fun & Profit.
Nathan Gibbs @Christ_Media

Introducing Intelligence Into Your Malware Analysis
Brian Baskin
ANOTHER Log to Analyze - Utilizing DNS to detect Malware in Your Network
Nathan Magniez @HackHunger

Software Security: Game Day.
Evan Oslick @eoslick

Winning isn't Everything: How Trolling can be as much Fun
Joey @l0stkn0wledge
Antipwny: A Windows Based IDS/IPS for Metasploit
Rohan Vazarkar & David Bitner

Playing the Forensics Game: Forensic Analysis of Gaming Applications For Fun and Profit
Peter Clemenko III

Project.Phree: Phucking the NSA
BTS (square-r00t)

Hacking Benjamins (Intro to Bitcoin)
Bob Weiss @pwcrack

Wireless Penetration Testing For Realz

How to Become an Unwitting Accomplice in a Phishing Attack
Mark Hufe @hufemj

LinkedAllUpIn Your Email

Growing Up In The Information Security Community 
11/01/2013 ISSA Kentuckiana - RESTful Web Services - Jeremy Druin - @webpwnized
Jeremy Druin (@webpwnize) gave the following presentation at the Nov 2013 meeting of the Kentuckiana ISSA.
10/30/2013 Circle City Con (http://circlecitycon.com) Hacker/Security Conference happening on June 13-15, 2014, Hyatt Regency, Indianapolis Indiana
Looks like I have another almost local con to go to, Circle City Con in Indy! I'll be doing video baring unforeseen circumstances, and may toss something into their CFP (please consider sending something in). More info at http://circlecitycon.com or Twitter stalk them at @CircleCityCon.


The Rest of the Hack3rcon^4 Videos
Here are there rest of the videos from Hack3rcon^4

ANOTHER Log to Analyze - Utilizing DNS to Identify Malware - Nathan Magniez

Netsniff-NG - Jon Schipp

SDRadio: Playing with your Dongle – An Introduction to Software Defined Radio Using Cheap TV Tuner Cards - Justin Rogosky

10/20/2013 Hack3rcon^4 Videos
As I post them, they will be at the link above. So far we have:

Advanced Evasion Techniques - Pwning the Next Generation Security Products - David Kennedy

Imaging a Skyscraper - Brian Martin

Character Assassination: Fun and Games with Unicode - Adrian Crenshaw

MS08-067 Under the Hood - John Degruyter

NSA Wiretaps are Legal and Other Annoying Facts - Branden Miller

Red Teaming Your Bug-Out Bag - Tom Moore

Making it Rain and Breaching the Levees - K.C. Yerrid

10/07/2013 Louisville InfoSec 2013 Videos Mostly Up

These are the videos from Louisville Infosec 2013 conference. There are not all up yet, but this is my place holder.

Mobile Security and the Changing Workforce - Matthew Witten

Burn it Down! Rebuilding an Information Security Program - Dave Kennedy (Pending review)

Weaponized Security - Kellman Meghu

Information Security in University Campus and Open Environments - Adrian Crenshaw

Past Due: Practical Web Service Vulnerability Assessment for Pen-Testers, Developers, and QA - Jeremy Druin (Pending finished upload)

STRC: The Security Training and Research Cloud - Jimmy Murphy

Assessing Mobile Applications with the MobiSec Live Environment - Nathan Sweeney

Attacking iOS Applications - Karl Fosaaen

Can cloud and security be used in the same sentence? - Joshua Bartley

Breaking SCADA Communications - Mehdi Sabraoui

FBI – InfraGard - Current Cyber Trends

How Do I Get There from Here? Security-to-Privacy Career Migration - Michael Carr

Assessing the Risk of Unmanaged Devices (BYOD) - Pete Lindstrom

Acquisitions…your latest zero day - Mitch Greenfield/Scott MacArthur

NIST and your risky application - Conrad Reynolds

Convergence: Configurations, Vulnerabilities and Unexpected Changes - Brian Cusack

What Healthcare Can Learn from the Banking Industry - Jim Czerwonka

Eliminating Data Security Threats And BYOS - David Braun


10/04/2013  Derbycon 3.0 Videos Tracks 3, 4, 5 & Stable Talks Posted

Track 3 (Teach Me)
It's Only a Game: Learning Security through Gaming – Bruce Potter
Ooops – Now What? :: The Stolen Data Impact Model (SDIM) – Brent Huston
Anti-Forensics: Memory or something – I forget. – int0x80
The Mysterious Mister Hokum – Jason Scott
Appsec Tl;dr – Gillis Jones
DIY Command & Control For Fun And *No* Profit – David Schwartzberg
IPv6 is here (kind of) – what can I do with it? – Dan Wilkins
Dancing With Dalvik – Thomas Richards
Big Hugs for Big Data – Davi Ottenheimer
Antivirus Evasion: Lessons Learned – thelightcosine
Jared DeMott – Is Auditing C/C++ Different Nowadays?
Getting Schooled: Security with no budget in a hostile environment – Jim Kennedy
Browser Pivoting (FU2FA) – Raphael Mudge
Taking the BDSM out of PCI-DSS Through Open-Source Solutions – Zack Fasel & Erin “SecBarbie” Jacobs
John Strand – Hacking Back – Active Defense and Internet Tough Guys
An Encyclpwnia of Persistence – Skip Duckwall & Will Peteroy
Your Turn! – Johnny Long – HFC
Practical File Format Fuzzing – Jared Allar
Surviving the Dead – Christopher ‘EggDropX’ Payne
How can I do that? Intro to hardware hacking with an RFID badge reader – Kevin Bong
A SysCall to ARMs – Brendan Watters
The Netsniff-NG Toolkit – Jon Schipp
Why Dumpster Dive when I can pwn right in? – Terry Gold

Track 4 (The 3-Way)     
Pigs Don’t Fly – Why owning a typical network is so easy – and how to build a secure one. – Matt “scriptjunkie” Weeks
Finding The Signal in the Noise: Quantifying Advanced Malware – Dave Marcus
Applying the 32 Zombieland Rules to IT Security – Larry Pesce
Windows 0wn3d By Default – Mark Baggett
Android 4.0: Ice Cream “Sudo Make Me a” Sandwich – Max Sobell
Attacking the Next Generation Air Traffic Control System; Hackers – liquor and commercial airliners. – Renderman
Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) – Trenton Iveys
Hello ASM World: A Painless and Contextual Introduction to x86 Assembly – nicolle neulist (rogueclown)
SQL injection with sqlmap – Conrad Reynolds CISA
The Internet of Things: Vulns – Botnets and Detection – Kyle Stone (@essobi) – Liam Randall
The Malware Management Framework – a process you can use to find advanced malware. We found WinNTI with it! – Michael Gough and Ian Robertson
Hack the Hustle! – Eve Adams
Operationalizing Security Intelligence in the Enterprise- Rafal Los
New Shiny in the Metasploit Framework – egypt
Everything you ever wanted to know on how to start a Credit Union – but were afraid to ask. – Jordan Modell
A developer’s guide to pentesting – Bill Sempf
Steal All of the Databases. – Alejandro Caceres
Sandboxes from a pen tester’s view – Rahul Kashyap
iOS Reverse #=> iPWn Apps – Mano ‘dash4rk’ Paul
Terminal Cornucopia – Evan “treefort” Booth
Wait; How is All This Stuff Free?!? – Gene Bransfield

Track 5 – Hybrid Room     
Building An Information Security Awareness Program from Scratch – Bill Gardner – Valerie Thomas
Malware : testing malware scenarios on your network – Tony Huffman (@myne_us) – Juan Cortes (@kongo_86)
Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies – John Moore “Rabid Security”
Tizen Security: Hacking the new mobile OS – Mark Manning (AntiTree)
RAWR – Rapid Assessment of Web Resources – Adam Byers – Tom Moore
Decoding Bug Bounty Programs – Jon Rose
Patching Windows Executables with the Backdoor Factory – Joshua Pitts
Jason Scott – Defcon Documentary Q&A
Panel: Building and Growing a Hacker Space – Joey Maresca – Dave Marcus – Nick Farr – SkyDog
SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. – Jacob Holcomb
Put Me In Coach: How We Got Started In Infosec – pr1me – Chris “g11tch” Hodges – Frank Hackett – Dave “ReL1K” Kennedy
Alice Goes Deeper (Down the Rabbit Hole) – Redirection 2.0 – Nathan Magniez
Emergent Vulnerabilities: What ant colonies – schools of fish – and security have in common. – Nathaniel “Dr. Whom” Husted
Why Your IT Bytes – Frank J. Hackett
Using Facial Recognition Software In Digital Forensics And Information Security – Brian Lockrey
How to Fight a War Without Actually Starting One – Brendan O’Connor
Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography – Nancy Snoke

Stable Talks
Gen Y:Getting Them to Talk Rather than Text at Work – Nancy Kovanic
Battle Scars And Friendly Fire: Threat Research Team War Stories – Will Gragido and Seth Geftic
Unmasking Miscreants – Allixon Nixon – Brandon Levene
gitDigger: Creating useful wordlists from public GitHub repositories – Jaime Filson (WiK)
PowerShell and Windows Throw the Best Shell Parties – Piotr Marszalik
Owning Computers Without Shell Access – Royce Davis
Sixnet Tools: for poking at Sixnet Things – Mehdi Sabraoui
Hardening Windows 8 apps for the Windows Store – Bill Sempf
Intro to Dynamic Access Control in Windows Server 2012 – Evan Anderson
Evolutionary Security – Embracing Failure to Attain “Good Enough” – Josh More
DIY Forensics: When Incident Response Morphs into Digital Forensics – John Sammons
ANOTHER Log to Analyze – Utilizing DNS to Discover Malware in Your Network – Nathan Magniez
Phishing Frenzy: 7 seconds from hook to sinker – Brandon <zeknox> McCann
Electronic Safe Fail: Common Vulnerabilities in Electronic Safes – Jeff Popio
The Good Samaritan Identity Protection Project  www.thegsipp.org – Zack Hibbard – Chris Brown and Jon Sternstein
Some defensive ideas from offensive guys. – Justin Elze and Robert Chuvala
Grim Trigger – Jeff “ghostnomad” Kirsch
A n00bie’s perspective on Pentesting… – Brandon Edmunds
My Security is a Graph – Your Argument is Invalid – Gabriel Bassett
Follow the Foolish Zebras: Finding Threats in Your Logs – Chris Larsen
Security Training and Research Cloud (STRC) – Jimmy Murphy
Passive Aggressive Defense – Jason Clark
So you want to be a pentester? – Raymond Gabler
Digital Energy – BPT – Paul Coggin
An Anti-Forensics Primer – Jason Andress
What if Petraeus was a hacker? Email privacy for the rest of us – Phil Cryer (@faker)

09/30/2013 Derbycon 3.0 Videos Tracks 1 & 2

I think I have all of tracks 1 and 2 posted:, more to come

Scanning Darkly - HD Moore (keynote)
Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World - Ed Skoudis (keynote)
Look Ma - No Exploits! - The Recon-ng Framework - Tim “LaNMaSteR53? Tomes
Practical Exploitation Using A Malicious Service Set Identifier (SSID) - Deral Heiland
JTAGulator: Assisted discovery of on-chip debug interfaces - Joe Grand
Seeing red in your future? - Ian Iamit
TMI: How to attack SharePoint servers and tools to make it easier - Kevin Johnson and James Jardine
The High Risk of Low Risk Applications - conrad reynolds
It’s Okay to Touch Yourself - Ben Ten (Ben0xA)
Collaborative Penetration Testing With Lair - Tom Steele and Dan Kottmann
Malware Automation - Christopher Elisan
What’s common in Oracle and Samsung? They tried to think differently about crypto. - L·szlÛ TÛth - Ferenc Spala
Burning the Enterprise with BYOD - Georgia Weidman
Getting the goods with smbexec - Eric Milam(brav0hax) and Martin Bos (purehate)
Shattering the Glass: Crafting Post Exploitation Tools with PowerShell - Matt Johnson
Cheat Codez: Level UP Your SE Game - Eric Smith
My Experiments with truth: a different route to bug-hunting - Devesh Bhatt
The Art and Science of Hacking Any Organization - Tyler Wrightson
Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation - Christopher Campbell & Matthew Graeber
Cracking Corporate Passwords - Exploiting Password Policy Weaknesses - Minga / Rick Redman
Ownage From Userland: Process Puppeteering - Nick Cano
) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniquesí)%00 - Roberto Salgado
Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network - SOLOMON SONYA and NICK KULESZA
Phishing Like The Pros - Luis “Connection” Santana
Raspberry Pi - Media Centers - and AppleTV - David Schuetz
Cognitive Injection: Reprogramming the Situation-Oriented Human OS - Andy Ellis
IOCAware - Actively Collect Compromise Indicators and Test Your Entire Enterprise - Matt Jezorek and Dennis Kuntz
Cash is King: Who’s Wearing Your Crown? - Tom Eston and Spencer McIntyre
Security Sucks - and You’re Wearing a Nursing Bra - Paul Asadoorian
Windows Attacks: AT is the new black - Rob Fuller and Chris Gates
How Good is Your Phish - @sonofshirt
Identifying Evil: An introduction to Reverse Engineering Malware and other software - Bart ‘d4ncind4n’ Hopper
How Im going to own your organization in just a few days. - RazorEQX
Pass-The-Hash 2: The Admin’s Revenge - Skip Duckwall and Chris Campbell
The Cavalry Is Us: Protecting the public good and our profession - Josh Corman
Love letters to Frank Abagnale (How do I pwn thee let me count the ways) - Jayson E. Street
The Message and The Messenger - James Arlen
50 Shades of RED: Stories from the "Playroom" - Chris Nickerson
Beyond Information Warfare “You Ain’t Seen Nothing Yet” - Winn Schwartau
Stop Fighting Anti-Virus - Integgroll
How the Grid Will Be Hacked - Josh Axelrod and Matt Davis
help for the helpdesk - Mick Douglas
Weaponizing your Coffee Pot - Daniel Buentello
Practical OSINT - Shane MacDougall (NOTE THAT THIS IS AN ADULT ONLY TALK - 18+ or older)
Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) - Jack D. Nichelson
Uncloaking IP Addresses on IRC - Derek Callaway

09/29/2013 Derbycon 3.0 Videos
As I get them up, you can find them here. Big thanks to my video jockeys Robin, ladymerlin, Jennifer, Sabrina, Reid, Skydog, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, MadMex, Joey, Steven, Sara, Branden Miller and Night Carnage
09/18/2013 Unicode Security Notes Page
This page has notes for my HackerHalted and Hack3rCon talk.
08/24/2013 Unicode Text Steganography Encoders/Decoders
The idea of this page is to demo different ways of using Unicode in steganography, mostly I'm using it for Twitter. :) I have some notes on the bottom about how these Unicode characters show up or get filtered by some apps. Most of the algorithms should work ok on Twitter, Facebook however seems to strip out more characters. There seems to be no perfect character set.
08/09/2013 Every Unicode Character For Fuzzing and Research
I will be doing a talk on Unicode and security at Hacker Halted, as prep work I've generated some files with ever Unicode character. I'd be interested in knowing if any of them crash apps on you. Open with care.

Every Unicode Character Blob Page or TXT file
Every Unicode Character 80 Column Page or TXT file
Every Unicode Character With Hex Page or TXT file


BSidesLV 2013 Videos
These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. @bsideslv, @banasidhe, @kickfroggy, @quadling, @jack_daniel 

"The Security Industry - How to Survive Becoming Management" - Christien Rioux

Discovering Dark Matter: Towards better Android Malware Heuristics - Jimmy Shah, David Shaw, Matt Dewitt

Mom! I Broke My Insulin Pump... Again! - Jay "Rad" Radcliffe

Dungeons & Dragons, Siege Warfare, and Fantasy Defense in Depth - Evan Davidson and Noah Schiffman

HiveMind: Distributed File Storage Using JavaScript Botnets - Sean Malone

gitDigger: Creating useful wordlists from public GitHub repositories - WiK and Mubix

Collaborative Penetration Testing With Lair - Tom Steele and Dan Kottmann

Social Aftermath Responding to Social Pwnage - Steven F. Fox

Silence Equals Death - Violet Blue

The Cavalry Isn't Coming: Starting the Revolution to Fsck it All! - Nicholas J. Percoco and Joshua Corman

A Fire In The Eye - Olli-Pekka Niemi and Antti Levomaki

Defense Evasion Modeling - Frank Artes

"Malware Management Framework" - We detected WinNTI with it! - Michael Gough

Crunching the Top 10,000 Websites' Password Policies and Controls - Steve Werby

Governments and UFOs: A Historical Analysis of Disinformation and Deception - Richard Thieme

Strange interactions in personal data: Brokers and the CFAA - Christine Dudley

Diamonds, Fitness and Cults: Manipulation for Fun and Profit - Katie Rodzon

Vulnerability & Exploit Trends: A Deep Look Inside The Data - Ed Bellis, Michael Roytman

EC2 or Bust - How to Build Your Own Pen Testing Lab in Amazon EC2 - Grecs

Techniques for Escaping the AppSec Labyrinth - Andrew Hay

The Erudite Inebriate's Guide to Life, Liberty, and the Purfuit of Happinefs - Jack Daniel

Hack the Hustle! Career Strategies for Information Security Professionals - Eve Adams

Information Sharing, or "I've got 99 problems and they're probably pretty similar to yours" - Chris Mills

Convincing Your Management, Your Peers, and Yourself That Risk Management Doesn't Suck - Josh Sokol

How embracing social media helped me stop the hackers, save the world and get the girl! - Javvad Malik

Malware Automation - Christopher Elisan

Popping the Penguin: An Introduction to the Principles of Linux Persistence - Mark Kita

Network Survival WCS - James Costello

The Slings and Arrows of Open Source Security - Tod Beardsley and Mister X

What if Petraeus was a hacker' Email privacy for the rest of us - Fak3r

Never Mind Your Diet, Cut the Crap From Your Vocabulary - Keli Hay (Brian Martin)

The 7 habits of highly effective CISOs - Franklin Tallah (Wendy Nather)

The Little Dutch Boy - D0n Quix0te (Bill E. Ghote)

Stop Shooting Blanks: No magic bullets in your arsenal - Renegade6 (Nicolle Neulist)

Flameout - Burnout Supernova - Dan Ward (Ally Miller)

The Sensual Side of 3D Printing - Kat Sweet (Javvad Malik)

Fun with WebSockets using Socket Puppet - Mister Glass (Weasel)

Using Machine Learning to Support Information Security - Alex Pinto (Joel Wilbanks)

The Truth, You Thought We Wouldn't Know' - Wolf Flight (Terry Gold)

Vulnerabilities in Application Whitelisting: Malware Case Studies - Jared Sperli and Joe Kovacic (J0hnny Brav0)

The Goodness is Baked In: Baking Assurance into Software - Ebony (Davi Ottenheimer)

Matriux Leandros:An Open Source Penetration Testing and Forensic Distribution - Prajwal Panchmahalkar (Savant42)

Sixteen Colors: Archiving the Evolution of ANSI and ASCII Art - Doug Moore (Brendan O'Connor)

You Are Being Watched! - Bharat Jogi

Calling All Researchers: A Discussion on Building a Security Research Framework - Michael "DrBearSec" Smith

Evil Empire: SIEM FTW - EggDropX and Tha CheezMan

Attribution Shmatribution! FIX YOUR SHIT! - Krypt3ia

Breach Panel - Davi Ottenheimer, Raymond Umerley, Jack Daniel, Steve Werby, David Mortman & George V. Hulme

Roll-your-own Lightning Talks

Attacking and Defending Full Disk Encryption - Tom Kopchak

Say It to My Face - Shannon Sistrunk

Alex Dreams of Risk: How the Concept of Being a Craftsman can Help you Find Meaning and Avoid Burnout - Alex Hutton

You can't make people act more securely, you can help them want to. - Ivan Campbell and Twyla Campbell

08/02/2013 BSidesLV 2013 Videos
Putting these up at the link above as I get them together. This will take a bit, 5 tracks takes time. Follow @bsideslv for more.
07/14/2013 OISF 2013 Videos

These are the videos from the OISF Anniversary Event

Webshells History, Techniques, Obfuscation and Automated Collection - Adrian Crenshaw

Kali Linux Backtrack Linux reborn - Martin Bos

Locks & Physical Security - Deviant Ollam

Leveraging Mobile Devices on Pentests - Georgia Weidman

Reverse Engineering Demystified (a little maybe) - Chris Eagle

07/04/2013 Web Shells Collection Page Updated
I'm prepping to give my Webshells talk again at OISF and TakeDownCon Rocket City. I like to update things if I give a talk more than once, so I enhanced my script to save an archived copy of the webshells in a zip file so even if the infected host cleans it up (which they really should), it can be examined later.
07/04/2013 NQSFW Free CISSP Study Guide
I'm working on studying for a CISSP, so I figured I should record my notes. As I do them, I plan to post them here. @gozes also pointed me to http://www.opensecuritytraining.info/CISSP-Main.html which looks like a damn good resource.
06/21/2013 BSides Boston Videos
While at BSidesRI I met a bunch of folks from BSidesBoston. Roy asked me to put up a link to their videos:
Next year I hope to be able to make it out there.
06/15/2013 All BSides Rhode Island Videos

Friday pre-con:

Large-scale application security - Charlie Eriksen
SMB SRMF for identifying top 10 risks - Jim Peeler
How I Do a Weekly Podcast (or Three) - Paul Asadoorian
Show and Tell: Super-Minipwner - James Edge
Opening the Treasure Chest-Attacking Network Attached Storage on a Pen Test - Russell Butturini

BSidesRI Track:

Hacking Your Neighbors for Fun! - Josh Wright
Public cloud PCI compliance or a sharp stick in the eye, which to choose? - Chris Brenton
Bite the Wax Tadpole - The importance of culture in user security - Kati Rodzon and Mike Murray
Exploiting the Top Ten Database Vulnerabilities and Misconfigurations - Josh Shaul
Exploit Development for Mere Mortals - Joe McCray
Future Trends in IT security - Ron Gula
The Freaky Economics Of Cybersecurity - Robert David Graham

PaulDotCom Track:

Booting the Booters, Stressing the Stressors - Allison Nixon and Brandon Levene
Talk More Better - Jack Daniel
Security Sucks, and You're Wearing The Nursing Bra - Paul Asadoorian (Not Recorded)
So, you want to compute post-apocalypse? - Larry Pesce & Darren Wigley
Feeling Sick? Healthcare Information Security - Roy Wattanasin
Blitzing with Your Defense - Ben Jackson
Lessons Learned: Why I became a PaulDotCom Intern and why you should become an Intern too. - Mike Perez
Learning Security on the Cheap (30 min) - Patrick Laverty

Download link coming later.

06/15/2013 BSides Rhode Island Videos
As I get them up, I'm putting them on this page above.


ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python) Updated
Updated the code to make it easier to maintain and to fix a timeout issue. Also, Arne Lovius told me about a tool called Rancid (http://www.shrubbery.net/rancid) that can do the same thing as my script and more, but I figured the sample code is still of help to some.

Indiana University (IU, IUS, IU*, Etc) Salaries
I noticed the someone visited my IU Southeast School of Business (MBA) Review page from a search for something like "IU Salaries". This made me curious as I knew Indystar had the information. Seems Indystar's page is having errors, another newspaper hides it behind a pay wall, and IU makes you login with an account AND use an on campus IP. My understanding is this information is suppose to be public, but it seem somewhat hard to find. As a public service, here is the 2012/2013 Salary information in HTML (Just for IUS) and Excel formats (all campuses) for easier parsing. Hopefully it helps alumni and the like consider if it is really a fruitful place to donate to (and how to earmark donations). For some of the pay levels, it really is a shameful waste.


Kali Linux Live Boot USB Flash Drive - Jeremy Druin
Jeremy Druin (@webpwnize) gave the following presentation on creating a persistent Kali Linux thumbdrive install for the June 2013 meeting of the Kentuckiana ISSA.

05/27/2013 Webshell Demos And Notes
This is a page I'm putting together for my TakeDownCon and OISF talks on webshells. My slides are pretty text, link, command and code heavy, so this way I can just point the attendees to this page for all the notes and links.


Webshell Collection Page Updated With Source Code
I have a script I run against my web logs periodically to see if anyone is trying to use a Remote File Include Webshell against my site. I've done some more filter work, and can now find more webshells with it. If you spot bugs in the code, please let me know. I'll also be speaking at TakeDownCon St. Louis and the OISF Anniversary Event on webshells, this is part of that project.
05/23/2013 About page and CV updated
I finished my Master of Science in Security Informatics, so I've update my "about" page and CV. Unfortunately, I did not maintain the straight A average I had in my Informatics courses (I made a B in Machine Learning, which equals calculus, linear algebra, matrix mathematics and pain), so I had to change a blurb in my IU Southeast School of Bussiness/MBA review about being a straight A student in my new program. I just wanted to have more integrity than the people at the IUS MBA program who still boast about being the 9th rated part time MBA from the Business Week ratings in 2009, forgetting to mention that they have fallen to 74th since then (University of Louisville is at 35 by the way). Now, I know my readers think I'm a little OCD about this subject, which I admit I am, but I think integrity and ethics are important in both business and infosec, especially in those who are supposed to be educating the future workforce and leadership. I don't want others looking for a Master degree in the Louisville area to go through the same things I did, at least then something good would have come from what happened to me. There is some reason to think that IUS may get better, Gil Atnip, Ruth Garvey-Nix, and Sandra R. Patterson-Randles are all either retired or retiring from their positions of power. Still, the kinds of people who seem to gravitate toward academic administration positions have a tenancy to be less than caring towards student concerns in my experience. They may be better now, one VC seems to care at least a little considering his visits to the page and another VC seemed to be a decent person in the one Philosophy class I had with him, but the current student affairs person refuses to even respond to questions. Also, people like Jay White, Jon Bingham, and Linda Christiansen are still in their positions of power in the school of business, not even chastised for their behavior. With that in mind, I still can't recommend IUS to the people I know in IT around the Louisville area. I'm really sort of torn about it, as I think the IUS Informatics and Comp-Sci programs are pretty good, and I know there a good professors out there in business, but I don't think most people are willing to speak out unless they are personally involved. If you go there for Informatics or Comp-Sci, I recommend going with one of the math science options instead of business.


ISSA Kentuckiana Web Pen-Testing Workshop
Below are the videos form the Kentuckiana ISSA's Web Pen-Testing Workshop. It was put on in part to raise funds for Hackers For Charity. A few of theses are still uploading, but should be available shortly.
Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy Druin
Part 2: SQL Injection Conrad Reynolds
Part 3: Uploading a web shell via SQLi Jeremy Druin
Part 4: Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin
Part 5: Intro to Kentuckiana ISSA Jeremy Druin
Part 6: Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin
Part 7: Webshells Demo Adrian Crenshaw
Part 8: Intros to Speakers
Part 9: HTML & Javasript Injection XSS Jeremy Druin
Part 10: XSS & BeEF Conrad Reynolds
Part 11: What we have of CSRF (Camera ran out of space, slides kept going) Jeremy Druin
Part 12: JSON injection Jeremy Druin
04/21/2013 AIDE 2013: The rest of the videos
At this point I had to leave for Notacon to record their talk and was not there to run the slide capture rig for AIDE. I shanghaied some volunteers into recording, and while they did not get the slide rig working, we have the presenter and slides on camera. Thanks for filling in.

Boring eForensic Science Items - Brian Martin

Hackers in Unganda: A Documentary (Kickstarter Project) - Jeremy Zerechak

Small Businesses Deserve Security Too - Frank Hackett

Help from the helpdesk - Mick Douglas (@bettersafetynet)

Malware Analysis Triage for n00bs - Grecs (@Grecs)

CCDC and Industry - James L. Siegel Jr. (WolfFlight)

Building an Engaging and Effective Information Security Awareness and Training Program - Bill Gardner



Notacon 10 Videos
These are the videos from the 10th Notacon conference held April 18th-21st, 2013. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, Bunsen, Fry Steve and myself (at least that is who it was last year, if you got he names for 2013 let me know).

Track 1

Model Integrated Computing (Code Generation) and how it loves you and deserves love back - Michael Walker

Guns & Privacy - Deviant Ollam

Domestic Preparedness (the zombie Apocalypse is nigh upon us) - Illustrious Niteshad & megalos

DIY Neuroscience, EMGs, EEGs, and other recordings - meecie

Hacking Your Ability to Communicate - kadiera

Lasers for Fun! Lasers for Science. Lasers for Security! - Ethan Dicks

Video Everywhere! aka The Personal Distributed HD Video Network - Woz

Esolangs - Daniel Temkin

How We Learned Security from Steve - ghostnomad, ghostnomadjr, knuckles & micronomad

Are we getting better? - Hacking Todays Technology - David Kennedy

Critical Making - Garnet Hertz

DC to Daylight: A whirlwind tour of the radio spectrum, and why it matters. - Stormgren

Skeleton Key: Transforming Medical Discussions Through 3D Printing - KK Pandya

Youthful Exploits of an early ISP - Dop & KevN

Whose Slide Is It Anyway? - nicolle @rogueclown neulist

Track 2

I Forked the Law and We All Won - Fork The Law

Make me Babyproof! - Gina “the kat” Hoang

The Maru Architecture Design: A proposed BYOD architecture for an evolving threat landscape - Michael Smith

You Keep A-Knockin’ But You Can’t Come In - grap3_ap3

Encryption for Everyone - Dru Streicher (_node)

How I Became an iOS Developer for Fun and Debt - Mark Stanilav

AR_GRAF.OBJ: a darknet for the nuEra ?? - kevin carey, shawne michaelain holloway & brian peterson

Creating professional glitch art with PoxParty - Jon Satrom & Ben Syverson

Let’s Go CSRF’n Now! - grap3_ap3

Bad Games Arcade - Jake Eliott

The Winamp Imperative - Yoz (sorry, audio died at 6:09)

04/18/2013 AIDE 2013
I got to record and put up a few videos from AIDE. I had to head to Notacon before I could record them all, but I left some gear so hopefully I'll have more to come. Recorded at AIDE 2013. Big thanks to Bill Gardner (@oncee) for having me out to record.

Network King Of The Hill (NetKotH): A hacker wargame for organizers who are lazy - Adrian Crenshaw (Irongeek)

Can You Hear Me Now? Leveraging Mobile Devices on Pentests - Georgia Weidman

RAWR (Rapid Assessment of Web Resources) - @al14s and @c0ncealed

04/11/2013 Hacker Swap Meet: Don't Let That Old Junk Go To Waste!
Many of us are tech pack rats, we have old gear laying around we don't use but don't want to just throw away. Got something you want to trade with other hacker/maker types? Too expensive to ship but you can drive it to a con you will be at anyway? Set up the trade at the new forums I put up. One man's treasure is another man's hazmat. If you don't see a con/meet spot listed here, let me know and I can add it.
I should have some old gear at Notacon I want to get rid of.
04/08/2013 Outerz0ne 9 (2013) Videos
These are most of the videos from the Outerz0ne 9 conference. I have a few more I have to get clearances on before I post them. Big thanks to Joey and Evan on the video crew.
SkyDog Kicks Off Year NINE! (Number Nine)
Gursev Kalra - Impersonating CAPTCHA Providers
Tuttle/Brimstone - State of the BitCoin Address; Pizza, Pirates, and Profiteers.
Halfjack - Living to the Singularity: Geeks Guide to a Healthy Lifestyle
Chad Ramey - Hacking the Atom
Jeremy Schmeichel & Brian Wilson - IPv6? Ain't Nobody Got Time For That!
Chris Silvers - Weapons of Miniature Destruction
Hacker Movie Challenge
Inside the Hacker's Studio - Billy Hoffman and IronGeek
Contest Prize Giveaway, Awards, Closing Ceremonies
Lightning Talks and such:
Andy Green - The Southeast Collegiate Cyber Defense Competition Lightning Talk
Lilyjade-v2.com - Why You Are Not Safe Lightning Talk
Presentation Karaoke


15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2015, IronGeek
Louisville / Kentuckiana Information Security Enthusiast