A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Social-engineer-training Button
Irongeek Button

Help Irongeek.com pay for bandwidth and research equipment:




            Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.


News/Change Log



ShowMeCon 2016 Videos
These are the videos ShowMeCon 2016. Thanks to Renee & Dave Chronister (@bagomojo), Renee and others for having me out to record and speak. Also thanks to my video crew Mathew, Morgan, James and some other people I may have forgotten.

Red is the New Blue

My Cousin Viinny: Ethics and Experience in Security "Research"
Kevin Johnson

The Psychology of Social Engineering
Dave Chronister

Show Me Your Tokens (and Ill show You Your Credit Cards)
Tim MalcomVetter

IRLHN Pt.3 Intermediate Networking Techniques for the Recovering Introvert
Johnny Xmas

And Bad Mistakes…I've made a few
Jayson Street

All your Door(s) Belong to Me - Attacking Physical Access Systems
Valerie Thomas

Exploiting First Hop Protocols to Own the Network
Paul Coggin

Check Yo Self Before you Wreck Yo Self: The new wave of Account Checkers and Underground Rewards Fraud
Benjamin Brown

The Collission Attack - Attacking CBC and related Encryptions

It's not a sprint….
Tim Fowler

Social Media Risk Metrics - There's a way to measure how +@&# you are online
Ian Amit

Attacking OSX for fun and profit: tool set limiations, frustration and table flipping.
Dan Tentler

The Art of AV Evations - Or Lack Thereof
Chris Truncer

Understanding Offensive and Defense - Having a purple view on INFOSEC
Dave Kennedy

Breaking the Teeth of Bluetooth Padlocks
Adrian Crenshaw

PowerShell Phishing Response Toolkit
Josh Rickard

Championing a Culture of Privacy: From Ambivalence to Buy-IN
Hudson Harris

Why Compliance Matters; You've Been Doing it Wrong
Stacey Banks

How to Build a Home Lab
Timothy De Block

Logging for Hackers, How you can catch them with what you already have and a walk through of an actual attack and how we caught it.
Michael Gough

Where to Start when your environment is F*(3d
Amanda Berlin


Circle City Con 2016 Videos
These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Mike, 3ncr1pt3d, fl3uryz, InfaNamecheap, f0zziehak, Chris, PhenixFire, Sammy and other for helping set up AV and record.

Opening Ceremony
CircleCityCon Staff

Keynote - Dave Lewis
Dave Lewis

Food Fight!
Wolfgang Goerlich

Binary defense without privilege
Steve Vittitoe

Establishing a Quality Vulnerability Management Program without Wasting Time or Money
Zee Abdelnabi (not posted)

Why it's all snake oil - and that may be ok
Pablo Breuer

Break on Through (to the Other Side)
Grape Ape

Bootstrapping A Security Research Project
Andrew Hay

Playing Doctor: Lessons the Blue Team Can Learn from Patient Engagement
Wolfgang Goerlich

Planes, Trains and Automobiles: The Internet of Deadly Things
Bryan K. Fite

Killing you softly
Josh Bressers

Now You See Me, Now You Don't - Leaving your Digital Footprint
Aamir Lakhani

Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester Mistakes
Jeremy Nielson

Open Source Malware Lab
Robert Simmons

So you want to be a CISO?
Von Welch

You want to put what…where?
John Stauffacher

 IoT on Easy Mode Reversing and Exploiting Embedded Devices
Elvis Collad

Top 10 Mistakes in Security Operations Centers, Incident Handling & Response
Paul R. Jorgensen

Untrusted Onions: Is Tor Broken?
Joshua Galloway

Contextual Threat Intelligence: Building a Data Science Capability into the Hunt Team
Brian Genz

Head in the Sand Defence or A Stuxnet for Mainframes
Haydn Johnson; Cheryl Biswas

SIEM, Supersized!
Walleed Aljony

Fantastic OSINT and where to find it
Tony Robinson (da_667)

Creating a Successful Collegiate Security Club (WIP)
Chris "Lopi" Spehn; Adam "avidhacker" Ringrood

Where to Start When Your Environment is F*(K3d
InfoSystir (Amanda Berlin)

Haking the Next Generation
David Schwartzberg

Exfil and Reverse Shells in a Whitelisted World

Hacking Our Way Into Hacking
Kat Sweet

Attacking OSX for fun and profit: Toolset Limitations, Frustration and Table Flipping
Viss (Tentler)

Intro to Mobile Device Testing
Damian Profancik

Your Password Policy Still Sucks!
Martin Bos

Closing Ceremony
CircleCityCon Staff


NolaCon 2016
Recorded at NolaCon 2016. Thanks to @CurtisLaraque, @HoltZilla, @sid3b00m & @ynots0ups for the video recording help, and @nola_con, @erikburgess_, & Rob for having me down to record.


Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
Jim Nitterauer

Snake Charming: Fun With Compiled Python
Gabe K

Monitoring & Analysis 101: N00b to Ninja in 60 Minutes

Calling Captain Ahab: Using Open Tools to Profile Whaling Campaigns
Ryan Jones, McOmie

Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards Fraud
Benjamin Brown

Introducing the OWASP API Security Project
Leif Dreizler, David Shaw

Breaking Barriers: Adversarial Thinking for Defenders
Stacey Banks

It's Just a Flesh Wound!
Brett Gravois

Owning MS Outlook with PowerShell
Andrew Cole

Why can't Police catch Cyber Criminals?
Chip Thornsburg

David Kennedy

Calling Captain Ahab: Using Open Tools to Profile Whaling Campaigns
Matt Bromiley

Haking the Next Generation
David Schwartzberg

Hacking Web Apps (v2)
Brent White

Evolving Your Office's Security Culture by Selective Breeding of Ideas and Practices
Nancy Snoke

I Promise I'm Legit: Winning with Words
Cyni Winegard &  Bethany Ward

You Pass Butter: Next Level Security Monitoring Through Proactivity
Cry0, S0ups

Going from Capture the Flag to Hacking the Enterprise. Making the switch from 'a hobby and a passion' to a lifelong career
Joseph Pierini

Hackers are from Mars, CxO's are from Jupiter
Rob Havelt

Don't be stupid with GitHub

DDoS: Barbarians at the Gate(way)
Dave Lewis

Hunting high-value targets in corporate networks
Josh Stone

4/22/2016 AIDE 2016 Videos
Recorded at AIDE 2016. Big thanks to Bill Gardner (@oncee) for having me out to record.

Do You Want Educated Users? Because This is How You Get Educated Users.
Tess Schrodinger

Don't blame that checklist for your crappy security program
Branden Miller

Shooting Phish in a Barrel
Amanda Berlin

Minimalistic Physical Assessment Kit
Tom Moore

Hacking Web Apps
Brent White and Tim Roberts


BSides Nashville 2016 Videos
These are the videos BSides Nashville 2016. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Gabe Bassett, Nate and Alex McCormack for helping set up AV and record.

And bad mistakes I've made a few
Jayson Street

At the mountains of malware
Wes Widner

Collection and Detection with Flow Data: A Follow Up
Jason Smith

Container Chaos: Docker Security Container Auditing
Chris Huntington

It's Not If But When: How to Create Your Cyber Incident Response Plan
Lucie Hayward, Marc Brawner

Threat Modeling the Minecraft Way
Jarred White

AppSec Enigma and Mirage - When Good Ideas Can Go Awry
Frank Catucci

The Art of the Jedi Mind Trick
Jeff Man

How to get into ICS security
Mark Heard

The Ransomware Threat: Tracking the Digital Footprints
Kevin Bottomley

InfoSecs in the City - Starting a Successful CitySec Meetup
Johnny Xmas, Fletcher Munson, Chris Carlis, Kate Vajda

Ever Present Persistence - Established Footholds Seen in the Wild
Evan Pena, Chris Truncer

Forging Your Identity: Credibility Beyond Words
Tim Roberts, Brent White

IAM Complicated: Why you need to know about Identity and Access Management
Ron Parker

Put a Sock(et) in it: Understanding and Attacking Sockets on Android
Jake Valletta

3/31/2016 Central Ohio Infosec Summit 2016 Videos
These are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record.

Track 1

Penetrating the Perimeter - Tales from the Battlefield
Phil Grimes

Navigating the FDA Recommendations on Medical Device Security _ and how they will shape the future of all IoT
Jake "malwarejake" Williams

Detecting the Undetectable: What You Need to Know About OSINT
Jerod Brennen

Why I quit my dream job at Citi - A data centric approach to key management
Mike Bass

Fail Now _ So I Don't Fail Later "A look into security testing and training methodologies"
Deral Heiland

Putting the Intelligence back in Threat Intelligence
Edward McCabe

All Your Door Belong To Me: Attacking Physical Access Systems
Valerie Thomas

The Humanity of Phishing Attack and Defense
Aaron Higbee

The Node.js Highway: Attacks Are At Full Throttle
Joshua Clark

Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway

Understanding Attacker's use of Covert Communications
Chris Haley

InfoSec Productization
David Kennedy

Track 2

Future of Information Security Governance, Risk and Compliance
Max Aulakh, Bill Lisse

How Experts Undermine Your Forensic Evidence
Matthew Curtin

Datacenter Security Virtualized
John Michealson

Embracing the Cloud
Lisa Guess

"It was the best of logs, it was the worst of logs" - Stories through Logging
Tom Kopchak

Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities via Hardware Reverse Engineering
Stephen Halwes, Timothy Wright

PKI-Do You Know Your Exposure?
Kent King

No Tradeoffs: Cloud Security and Privacy Don't Need to Be at Odds
Jervis Hui

Today's Threat Landscape
Dean Shroll

6 Critical Criteria For Cloud Workload Security
Sam Herath

Track 2

Educating the Board of Directors
Bob West

Burp Collaborator: The Friend You Didn't Know You Needed
Jon Gorenflo

Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger

Threat Modeling for Secure Software Design
Robert Hurlbut

IAST Deep Dive: Understanding Interactive Application Security Testing
Ofer Maor

Building an Application Security Program
Mike Spaulding

Formal Verification of Secure Software Systems
Aaron Bedra

AppSec without additional tools
Jason Kent

Leveraging your APM NPM solutions to Compliment your Cyber Defense Strategy
Ken Czekaj, Robert Wright

Artificial Intelligence Real Threat Prevention
Art Hathaway

Defending the Next Decade - Building a Modern Defense Strategy
Mark Mahovlich

Track 3

Security vs Compliance in Healthcare
Sean Whalen

How to Secure Things & Influence People: 10 Critical Habits of Effective Security Managers
Chris Clymer, Jack Nichelson

Economically Justifying IT Security Initiatives
Ruben Melendez

Cross Industry Collaboration
Helen Patton

Third Party Risk Governance - Why and How
Jeffrey Sweet

IT Data Analytics: Why the cobbler's children have no shoes
Carolyn Engstrom

BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce risk
Steven Keil

Disaster Recovery and Business Continuity -_It's never so bad that it can't get worse
Valerie Thomas, Harry Regan

Cybersecurity Act of 2015 and Other Hot Privacy and Cybersecurity Topics
Heather Enlow, Chris Ingram

The Legal Perspective on Data Security for 2016
Dino Tsibouris, Mehmet Munur

The Legal Perspective on Data Security for 2016
Mehmet Munur, Dino Tsibouris

Track 4

Gamify Awareness Training: Failure to engage is failure to secure
Michael Woolard

Office 365 Security and Compliance Cloudy Collaboration - Really?
Robert Brzezinski

State of Security and 2016 Predictions
Jason Samide

A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs

Risk Management: Tactics to Move From Decision to Execution
Tremayne (Tre) Smith

Incident Response - No Pain No Gain!
Jim Wojno

Building an OSS CI/CD Security Toolchain
Kevin Glavin

A Touch(ID) of iOS Security
James (Jamie) Bowser

Track 5

Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski

You're measuring all the wrong things - information security metrics
Shawn Sines

Why Cybercriminals Are "Following The Money" Into Online Video Games
Matthew Cook

Security Certifications - are they worth it, and which ones are right for you?
William Diederich

Information Security Metrics - Practical Security Metrics
Jack Nichelson

The CONfidence of Things
John Robinson

Who is Winning?
Gary Sheehan

Security analytics journey - a year's lesson learned.
Mike Schiebel

Track 6

Integrated Software in Networking _ the Mystery of SDN
Oliver Schuermann

Securing our Future: Lessons From the Human Immune System
Gavin Hill

Have you tied together your IAM and Information Security Incident Management Program?
Joseph Greene

Compliance and Security: Building a Cybersecurity Risk Management Program
Jason Harrell

Don't try this at home! (Things not to do when securing an organization)
Jessica Hebenstreit

CISO for an Hour
Keith Fricke

Apple v. DOJ: Privacy in Today's Enterprise
Justin Harvey

Myths of Cloud Security Debunked!
Bil Harmer

Cyber Security - Super Bowl 50
Jim Libersky


CypherCon 2016 Videos
These are the videos from the Cyphercon 2016 conference. Thanks to Michael Goetzman for having me out to record.

CYPHERCON's Opening Ceremony Begins!

Security Control Wins & Fails
Jason Lang

Offensive Wireless Tactics "used in DEFCON 23’s Wireless CTF"
Eric Escobar

China"s Hackers and Cyber Sovereignty
Lieutenant Colonel Bill Hagestad II

You're Right, This Sucks
J0hnnyxm4s & Lesley Carhart

No encrypted data on this drive; just pictures of my cat
Parker Schmitt

Curry and TARTS

All your Wheaties belong to us. Removing the basics that humans need for survival.
Chris Roberts

CYPHERCON I Conference Begins!
Korgo & The CYPHERCON PuzzleMaster Speaks

P.I.S.S.E.D. Privacy In a Surveillance State, Evading Detection
Joe Cicero

Bypassing Encryption by Attacking the Cryptosystem Perimeter
Trenton Ivey

Hypervault Demo
& HTTP and SSH Tunneling
Caleb Madrigal

Quantum Computation and Information Security
David Webber

Medical Devices: Pwnage & Honeypots
Scott Erven

Werner Juretzko

3/5/2016 BSides Indy 2016 Videos
These are the videos from the BSides Indy conference.

Eddie Mize (Not recorded)

Managing Elevated Privileges in the Enterprise Environment
Erik Burgess

Food Fight
Wolfgang Goerlich (Not recorded)

Where to start when your environment is F*(k3d
Amanda Berlin

Building an Application Security Program
Mike Spaulding

The Art of the Jedi Mind Trick
Jeff Man

Securing Docker Instances
Chris Huntington

ClientHacking: How a chef uses OSINT and SE to make more money.


BSides San Francisco 2016 Videos
These are the videos from the BSides San Francisco conference. Special thanks to Mike & Doug for having me out, Steen, Zappo & Jeremy for their house AV work, and n0ty3p, Forest, Nick, James & others I'm forgetting for their help recording

Track 1

Keynote: A Declaration of the Independence of Cyberspace
John Perry Barlow

The Tales of a Bug Bounty Hunter
Arne Swinnen

Reverse Engineering the Wetware: Understanding Human Behavior to Improve Information Security
Alexandre Sieira, Matthew Hathaway

Who's Breaking into Your Garden? iOS and OS X Malware You May or May Not Know
Claud Xiao

A year in the wild: fighting malware at the corporate level
Kuba Sendor

Breaking Honeypots for Fun and Profit
Gadi Evron, Dean Sysman, Itamar Sher

Everything Is Awful (And You're Not Helping)
Jan Schaumann

Why it's all snake oil - and that may be ok
Pablo Breuer

Ask the EFF
Kurt Opsahl, Eva Galperin, Andrew Crocker, Shahid Buttar, Cooper Quintin

Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections
Tomer Bitton, Udi Yavo

Sweet Security: Deploying a Defensive Raspberry Pi
Travis Smith

Planning Effective Red Team Exercises
Sean T. Malone

Fraud Detection & Real-time Trust Decisions
James Addison

Fuzz Smarter, Not Harder (An afl-fuzz Primer)
Craig Young

Elliptic Curve Cryptography for those who are afraid of mathematics
Martijn Grooten

APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for
Gadi Evron

Sucker-punching Malware: A Case Study in Using Bad Malware Design Against Attackers
John Bambenek, Hardik Modi

Employee Hijacking: Building a hacktober awareness program
Ryan Barrett, Ninad Bhamburdekar, Dylan Harrington

Track 2

Mainframes? On My Internet?
Soldier of Fortran (not recorded)

Securing the Distributed Workforce
William Bengtson

Hackers Hiring Hackers - How to hack the job search and hack talent
IrishMASMS (not recorded)

Scan, Pwn, Next! - exploiting service accounts in Windows networks
Andrey Dulkin, Matan Hart

Guest to root - How to Hack Your Own Career Path and Stand Out
Javvad Malik

IoT on Easy Mode (Reversing Embedded Devices)
Elvis Collado

In the crosshairs: the trend towards targeted attacks
Lance Cottrell

Developing a Rugged DevOps Approach to Cloud Security
Tim Prendergast

Digital Intelligence Gathering: Using the Powers of OSINT for Both Blue and Red Teams
Ethan Dodge, Brian Warehime

Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness
Alex Pinto

The Ransomware Threat: Tracking the Digital Footprints
Kevin Bottomley

Access Control in 2016 - deep dive
Dr. Ulrich Lang

Using Behavior to Protect Cloud Servers
Anirban Banerjee

The Art of the Jedi Mind Trick
Jeff Man

Mobile App Corporate Espionage
Michael Raggo

Advanced techniques for real-time detection of polymorphic malware
Ajit Thyagarajan

2/15/2016 BSidesCapeTown 2015
Mike Davis asked me to post these videos to get wider circulation.

Ode to the Node

Automating the process of mapping and compromising networks

Hack all the things - Exploiting and fixing IoT

Running a Secure Tor Hidden Service

Sharepoint Hacking

Hacker Jeopardy

2/07/2016 BSides Huntsville 2016 Videos
These are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon, Brian, @NagleCode, @GRMrGecko and all of the BSides Crew for having me out to help record and render the videos.

Opening Keynote
Jack Daniel

Hacking Peoples' Lives with Google Sync
Shawn Edwards, Sean Hopkins

Slaying Rogue Access Points with Python and Cheap Hardware
Gabriel Ryan

Web shells as a covert channel
Joe Vest

A practical approach to deploying Data Loss Prevention
Jon Damratoski

Afternoon Keynote: TSA Luggage Locks: Details, Flaws & Making The Best Of A Bad Lock
Adrian Crenshaw

Threat Modeling the Minecraft Way
Jarred White

At the mountains of malware: Lessons learned from analyzing terabytes of malware
Wes Widner

History of WRT and Wireless Mesh protocols.
Alex Kot

BSides Closeout
Paul Coggin

1/16/2016 BSides Columbus 2016 Videos
These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and Greg, James & Brandon who manned the video rigs.


Keynote Thomas Drake
Thomas Drake


Where Did All My Data Go
Deral Heiland

Developers: Care and Feeding
Bill Sempf

Open Secrets of the Defense Industry: Building Your Own Intelligence Program From the Ground Up
Sean Whalen

The Economics of Exploit Kits & E-Crime
Adam Hogan

Hacking Corporate Em@il Systems
Nate Power

All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches
Valerie Thomas & Harry Regan (Not recorded)


Establishing a Quality Vulnerability Management Program without Wasting Time or Money
Zee Abdelnabi (not posted)

Practical DLP Deployment for your Organization
Jon Damratoski

The Good The Bad and The Endpoint Protection
Joseph Ciaravino

Securing Docker Instances
Chris Huntington

Better SIEM Notifications - Making Your SIEM Situationally Aware
Jesse Throwe

Social Media Correlation of Credit Card Fraudsters
Chris Cullison & CW Walker

Special Teams

Removing Barriers of Diversity in Information Security
Helen Patton & Connie Matthews

Panel Discussion: InfoSec Trends, Talent Management, and Retention
Michael Butts, AJ Candella & Megan Wells

Indecision and Malformed Conclusions: The things that stifle security improvement and what can be done about them.
Tyler Smith

Gamify Awareness Training: Failure to engage is failure to secure
Michael Woolard

The Long and Winding Road: An InfoSec Career Panel
Lonnie Kelley & Valerie Thomas

The Pineapple is dead..Long live the Pineapple
David Young



Shmoocon Firetalks 2016
Videos from Shmoocon Firetalks 2016.

Opening Red Team Upgrades Using SCCM for Malware Deployment Matt Nelson (@enigma0x3)

Jailbreaking a Digital Two-Way Radio Travis Goodspeed (@travisgoodspeed)

CheapBugs.Net - Low-End Bug Bounties for the Masses Dean Pierce (@deanpierce)

Failure to Warn You Might Get Pwned Wendy Knox Everette (@wendyck)

GreatFET, a Preview Michael Ossmann (@michaelossmann)

Fuck You, Pixalate! @da_667

DNS C&C Ron Bowes (@iagox86)


SecureWV 2015 Videos
These are the videos of the presentations from Secure West Virginia 2015.

Building a Cantenna
Ed Collins

Dropping Docs on Darknets Part 2 Identity Boogaloo
Adrian Crenshaw

Network Segmentation - Some new thoughts
Mark Jaques and Brandon Schmidt

Security Onion
Brandon Schmidt

Mike Lyons

The Lemonaid Pomegranite, basics of security in a digital world
Tim Sayre

My Little P0ny: What you can do with 20 lines of code and an open machine
Mark Jaques and Brandon Schmidt

And now for something completely different, security at Top O Rock
Tim Sayre

The Art of Post-Infection Response and Mitigation
Caleb J. Crable

Documenting With ASCIIDOC
Jeff Pullen

The Core of Cybersecurity: Risk Management
Josh Spence

The Unique Challenges of Accessing Small and Medium Sized Organizations
Bill Gardner

OpenNSM, ContainNSM, and Docker
Jon Schipp

Here is your degree. Now what?
Shawn Jordan

Wolf in shell's clothing, why you should be skeptical of your trusted tools
Jeff Pullen


10/16/2015 HouSecCon v6 2015 Videos
These are the videos from HouSecCon 2015 v6. Thanks to Michael R. Farnum for having my down and all of the video crew.

Opening Keynote - Mike Rothman

Chris Jordan - Fluency: A Modern Approach to Breach Information and Event Management

Dennis Hurst - Application Security in an Agile SDLC

Wendy Nather - How Google turned me into my mother: the proxy paradox in security

Chris Boykin - Mobile Threat Prevention

Adrian Crenshaw - Dropping Docs on Darknets Part 2: Identity Boogaloo

Julian Dunning - Kraken: The Password Devourer

Trey Ford - Maturing InfoSec: Lessons from Aviation on Information Sharing

Richard Peters and Matthew Roth - Parasyste: In search of a host

Lunch/ISACA Session

Damon Small - Connections: From the Eisenhower Interstate System to the Internet

Rich Cannata - Arm Your Endpoints

Anthony Blakemore - Removing the Snake Oil From Your Security Program

Erik Freeland - Does SDN Mean Security Defined Networking?

Danny Chrastil - What I know about your Company

Lunch / Business Skills Workshop

Josh Sokol - The Fox is in the Henhouse: Detecting a Breach Before the Damage is Done

Jason Haddix - How to Shot Web: Better Web Hacking in 2015

Zac Hinkel, Andrew Huie, and Adam Pridgen - Arm Your Endpoints

Dan Cornell - SecDevOps: A Security Pro's Guide to Development Tools

Closing Keynote - Eric Cowperthwaite - Everything I need to know about Information Security, I Learned Shooting Tank Guns



GrrCON 2015 Videos
These are the videos of the presentations from GrrCON 2015. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Justine, Aaron & Brian) for recording.


Subject matter to be determined by the number of federal agents present in the audience
Chris Roberts

Breaking in Bad (I,m The One Who Doesn,t Knock)
Jayson Street

Process The Salvation of Incident Response - Charles Herring

But Can They Hack?: Examining Technological Proficiency in the US Far Right
Tom Holt

The wrong side of history - everything that is old is new again
Arron Finnon

Poking The Bear
Mike Kemp

The Hitch Hikers Guide to Information Security
Kellman Meghu

Backdooring Git
John Menerick

Spanking the Monkey (or how pentesters can do it better!)
Justin Whithead, Chester Bishop

Adding +10 Security to Your Scrum Agile Environment

How I Got Network Creds Without Even Asking: A Social Engineering Case Study
Jen Fox

Shooting Phish in a Barrel and Other Terrible Fish Related Puns

This Is All Your Fault
Duncan Manuts

The Safety You Think You Have is Only a Masquerade
Nathan Dragun

Bumper Massage

Security Incident Response
Derek Milroy

Hacking the Next Generation

Findings Needles in a Needlestack: Enterprise Mass Triage
Keven Murphy

Punch and Counter-punch Part Deux: Web Applications
J Wolfgang Goerlich, NerdyBeardo

Application Recon - The Lost Art
Tony Miller

The Hand That Rocks the Cradle: Hacking Baby Monitors
Mark Stanislav

Software Security IWR
Thomas "G13" Richards

Cyber 101 - Upstaring your career in a leading industry
Johnny Deutsch

Understanding and Improving the Military Cyber Culture
Dariusz Mikulski

Harness the Force for Better Penetration Testing
Patrick Fussell

Targeted Attacks and the Privileged Pivot
Mark Nafe

Shell scripting live Linux Forensics
Dr. Phil Polstra

Can you patch a cloud?
Scott Thomas

Is it EVIL?

Submerssion Therapy

Ticking me off: From Threat Intel to Reversing
Juan Cortes

Securing Todays Enterprise WAN
Andy Mansfield

Footprints of This Year's Top Attack Vectors
Kerstyn Clover

Phones and Privacy for Consumers
Matt Hoy (mattrix) and David Khudaverdyan (deltaflyer)

Path Well-Traveled: Common Mistakes with SIEM
Nick Jacob

How compliance doesn't have to suck….at least totally
Robert Carson & Bradley Stine

What is a cloud access broker and do I need one?
Tom Doane

Security Frameworks: What was once old is new again
Brian Wrozek

Attacks Against Critical Infrastructures Weakest Links
Jonathan Curtis

Wireless Intrusion Detection Systems with the Raspberry Pi
Chris J

No One Cares About Your Data Breach Except You ... And Why Should They?
Joel Cardella

09/30/2015 Louisville Infosec 2015 Videos
Below are the videos from the Louisville Infosec 2015 conference. Thanks to @theglennbarrett, Jordan, Daren and @bridwellc for helping me record.

Nexum FireEye Keynote Advesarial Paradigm Shift
Che Bhatia and Artie Crawford

Compromise Analysis - Why
we're seeing so many breaches
Dave Kennedy
Founder of TrustedSec

What to Expect When You're Expecting a Pentest
Martin Bos

Memory Acquisition in Digital Forensics and Incident Response
Jason Hale

Visualizing Complex Cyber Compliance Data Using Big Data Tools
Max Aulakh

Hacking Web Apps with Style: Path Relative Style
Jeremy Druin

TSA Luggage Lock Duplication
Adrian Crenshaw

Cloud Device Insecurity
Jeremy Brown

How the Cloud Drives Better Security
Kevin Peterson

Heartbleed, ShellsShock, and Poodles
Jason Gillam

Using Gamification in Security Awareness Training
Brandon Baker

More Technology, More People, No Process
Mike Robinson

Preventing Common Core Pen Tests
Nathan Sweaney

Ashley Madison Breach
Jeff Jarecki

Integrating Mobile Devices into Your Pen-Testing
Georgia Weidman

Home Depot vs The World
Rodney Hampton


09/28/2015 DerbyCon 5 Videos
These are the videos of the presentations from Derbycon 2015. Big thanks to my video jockeys Sabrina, Skydog, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Fozy, nightcarnage, Evan Davison, Chris Bridwell, Rick Hayes, Tim Sayre, Lisa Philpott, Melanie Lecompte, Ben Pendygraft, Austin Hunter, Harold Weaver, Michael Shelburne (and maybe the speakers too I guess).

Welcome to the Family - Intro

Jordan Harbinger Keynote

Information Security Today and in the Future
HD Moore - Ed Skoudis - John Strand - Chris Nickerson - Kevin Johnson - Katie Moussouris hosted by David Kennedy

The M/o/Vfuscator - Turning 'mov' into a soul-crushing RE nightmare - Christopher Domas


Red vs. Blue: Modern Active Directory Attacks & Defense - Sean Metcalf "@PyroTek3"

Metasploit Town Hall - David Maloney "thelightcosine" - James Lee "egyp7" - Tod Beardsley "todb" - Brent Cook "busterbcook"

$helling out (getting root) on a 'Smart Drone' - Kevin Finisterre - solo ape

Phishing: Going from Recon to Creds - Adam Compton - Eric Gershman

APT Cyber Cloud of the Internet of Things - Joey Maresca (@l0stkn0wledge)

Stealthier Attacks and Smarter Defending With TLS Fingerprinting - Lee Brotherston

Honeypots for Active Defense - Greg Foss

Manufactorum Terminatus - The attack and defense of industrial manufacturers - Noah Beddome - Eric Milam

High Stake Target: Lo-Tech Attack - Bill Gardner "oncee" - Kevin Cordle

Operating in the Shadows - Carlos Perez "darkoperator"

Getting Started with PowerShell - Michael Wharton "MyProjectExpert"

 When A Powerful Platform Benefits Both Attackers And Defenders: Secure Enhancements To Scripting Hosts In Windows 10 - Lee Holmes

A deep look into a Chinese advanced attack. -Michael Gough - "HackerHurricane"

Pavlovian Security: How To Change the Way Your Users Respond When the Bell Rings - Magen Wu (@tottenkoph) - Ben Ten (@ben0xa)

The State of Information Security Today - Jeff Man

Learning through Mentorship - Michael Ortega "SecurityMoey" - Magen Wu "Tottenkoph"

The Law of Drones - Michael "theprez98" Schearer

The Phony Pony: Phreaks Blazed The Way - Patrick McNeil "Unregistered436" - Owen "Snide"

HackerQue - Michael Smith (DrBearSec) - Kyle Stone (Essobi)

Current Trends in Computer Law - Matthew Perry (Mostly no audio)

Spankng the Monkey (or how pentesters can do it better!) - Justin Whitehead "(at)3uckaro0" - Chester Bishop "@chet121"

On Defending Against Doxxing - Benjamin Brown Ajnachakra

Practical Windows Kernel Exploitation - Spencer McIntyre @zeroSteiner

Shooting Phish in a Barrel and other fish related puns - Amanda Berlin

Don't Laugh - I Dare You! - Carl Alexander "DrHaxs"

Marketers Are Friends - Not Food - Kara Drapala

Blue Team Starter Kit - Timothy De Block

Simplified SIEM Use Case Management - Ryan Voloch "VDog90"

Bypassing 2Factor Auth with Android Trojans - Paul Burbage

Putting the Management into Vulnerability Management (or - YOU'VE GOT BEARS!!!) - Jesika McEvoy (octalpus)

Moving Target Defense - Learning from Hackers - Sachin Shetty

Malfunction's Functions : Automated Static Malware Analysis using Function Level Signatures - Matthew Rogers - Jeramy Lochner

We Owe You Nothing - Rockie Brockway

Backdooring Git - John Menerick

Detecting phishing attacks with DNS reconnaissance - Mike Saunders

Hacking Web Apps - Brent White

Sticky Honey Pots - Paul J. Vann

Top Ten is Old Skool - Meet the New Age of AppSec - Andrew Leeth

Cryptography and You - Justin Herman

Pwning People Personally - Josh Schwartz "FuzzyNop"

Stagefright: Scary Code in the Heart of Android - Joshua "jduck" Drake

Dec0ding Humans Live - Chris Hadnagy @HumanHacker

Gray Hat PowerShell - Ben Ten (@ben0xa)

WhyMI so Sexy? WMI Attacks - Real-Time Defense - and Advanced Forensic Analysis - Matt Graeber - Willi Ballenthin - Claudiu Teodorescu

Hackers vs. Defenders: Can the defender ever stop playing catch up and win? - Mano Paul "dash4rk"

Medical Devices: Pwnage and Honeypots - Scott Erven "windshield wipers" - Mark Collao

State of the Metasploit Framework - James Lee "egypt"

Credential Assessment: Mapping Privilege Escalation at Scale - Matt Weeks "scriptjunkie1"

Pwning People Personally - Josh Schwartz "FuzzyNop"

Stagefright: Scary Code in the Heart of Android - Joshua "jduck" Drake

Dec0ding Humans Live - Chris Hadnagy @HumanHacker

Gray Hat PowerShell - Ben Ten (@ben0xa)

WhyMI so Sexy? WMI Attacks - Real-Time Defense - and Advanced Forensic Analysis - Matt Graeber - Willi Ballenthin - Claudiu Teodorescu

Hackers vs. Defenders: Can the defender ever stop playing catch up and win? - Mano Paul "dash4rk"

Medical Devices: Pwnage and Honeypots - Scott Erven "windshield wipers" - Mark Collao

State of the Metasploit Framework - James Lee "egypt"

Credential Assessment: Mapping Privilege Escalation at Scale - Matt Weeks "scriptjunkie1"

Mobile Application Reverse Engineering: Under the Hood - Drew Branch - Billy McLaughlin

Introducing the RITA VM: Hunting for bad guys on your network for free with math. - John Strand - Derek Banks - Joff Thyer - Brian Furham

 Breaking in Bad (I'm the one who doesn't knock) - Jayson E. Street

Developers: Care and feeding - Bill Sempf

Fingerprinting the modern digital footprint -  Arian Evans

Surviving your Startup - Bruce Potter
(part of talk missing)

How to ruin your life by getting everything you ever wanted. - Chris Nickerson

Using Windows diagnostics for system compromise - Nicholas Berthaume "aricon"

InfoSec Big Picture and Some Quick Wins - Schuyler Dorsey

Hacking for homeschoolers - Branden Miller

Going AUTH the Rails on a Crazy Train - Tomek Rabczak - Jeff Jarmoc

  Bugspray - The 802.15.4 Attack Surface - Bryan "Crypt0s" Halfpap

Unbillable: Exploiting Android In App Purchases - Alfredo Ramirez


Dynamic Analysis of Flash Files - Jacob Thompson

Attacking Packing: Captain Hook Beats Down on Peter Packer - Vadim Kotov - Nick Cano

Johnny Long and Henry Wanjala - HFC Update

HARdy HAR HAR HAR: HAR File Collection and Analysis for Malware - Robert Simmons "Utkonos"

Stacking the Virtual Deck: Attacks by Predicting RNGs - Adam Schwalm

Homebrewing for Hackers - Benjamin Holland - Amber Aldrich

Stealthy and Persistent Back Door for Z-Wave Gateways - Jonathan Fuller and Ben Ramsey

Building a Better Honeypot Network - Josh Pyorre

Surveillance using spare stuff - Matt Scheurer "Cerkah"

Crypto 101: An Intro To Real-World Crypto - Adam Caudill

Practical Attacks Against Multifactor - Josh Stone

Hacking the Next Generation - David Schwartzberg

The Human Interface Device Attack Vector: Research and Development - Alexander Livingston Segal

A survey of Powershell enabled malware - Tyler Halfpop

Tool Drop: Free as in Beer - Scot Berner - Jason Lang

Tactical Diversion-Driven Defense - Greg Foss - Thomas Hegel

Windows 10 Defense in Depth - Eddie David

Latest Tools in Automotive Hacking - Craig Smith

Ansible. And why it works for me. - Charles Yost

Learning Mainframe Hacking: Where the hell did all my free time go? - Chad Rikansrud "Bigendian Smalls (BeS)""

Intercepting USB Traffic for Attack and Defense - Brandon Wilson

Geeks Need Basements! - Kathleen Veach

Intro to x86 - Stephanie Preston

Spy Vs. Spy: How to Use Breakable Dependencies to Your Advantage - Stacey Banks - Anne Henmi

Is That a Router in Your Pocket or are You Trying to P0wn Me? - Michael Vieau - Kevin Bong

The little-known horrors of web application session management - Matthew Sullivan

Practical hardware attacks against SOHO Routers & the Internet of Things - Chase Schultz "f47h3r"

Stretching the Sandbox with Malware Feature Vectors - Mike Schladt

Gnuradio demystifying rf black magic - Matthew O'Gorman "mog"

Beyond Bad IP Addresses Hashes and Domains - Ed McCabe

DNS Miner - A semi-automatic Incident response and threat intelligence tool for small - over worked security teams - Doug Leece - AJ Leece

Larry Pesce - My password cracking brings all the hashes to the yard..

Intrusion Hunting for the Masses - A Practical Guide - David Sharpe

How I Stopped Worrying and Learned To Love InfraOps - Karthik Rangarajan (krangarajan) - Daniel Tobin (dant24)

Blue Team Army - It's *your* network - defend it! - Mick Douglas - Jamie Murdock

LongTail SSH Attack Analysis - Eric Wedaa

Hunting Unicorns and Jerks - Irrational - Defensible - or Necessary? - Steve Werby

The problems with JNI obfuscation in the Android Operating System - Rick Ramgattie

PHaaS - Phishing as a Service - Raymond Gabler

Circles & Boxes - Drawing SecArch into your program - Chris Robinson

Disecting Wassenaar - Tyler Pitchford

Five Hardware Hacking Projects Under $30 - Kevin Bong - Michael Vieau

Confessions of a crypto cluster operator - Dustin Heywood "EvilMog"

Voltron: Defender of your inferiors - Richo Healey "richo"

Malware is hard. Let's go Shopping! - Richard Wartell "wartortell"

The Pentesters Framework (PTF) - The easy way to roll your own distro. - Dave Kennedy (HackingDave)

Hack my Derby - Nate Lager

Closing Ceremonies

09/13/2015 BSides Augusta 2015 Videos
These are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail, Robert, Mike, John, Ryan, Harry and others for manning capture rigs.


Major General Fogarty

Ed Skoudis

Blue Team Track 1

Fundamental Understanding of Baseline Analysis and Remediation for Industrial Control Systems
Juli Joyner and Jeffrey Medsger

Taking a Distributed Computing Approach to Network Detection with Bro and “The Cloud”
Mike Reeves

 A Scout's Perspective on Network Defense
Justin Edgar

Doomsday Preppers: APT Edition
Tanner Payne

Building a Better Security Analyst Using Cognitive Psychology
Chris Sanders

Viper Framework for Malware Analysis
Paul Melson

Infiltrating C2 Infrastructure
Tim Crothers

Building “Muscle Memory” with Rekall Memory Forensic Framework
Alissa Torres

The Blue Team Starter Kit
Timothy De Block

Red Team Track

Using a HackRF One to Infiltrate the Digital Thetford Wall
Patrick Perry

Malvertizing Like a Pro
Alex Rymdeko-Harvey

Weaponizing our youth: The Case for Integrated Cyber Ethics
Josh Rykowski

Making Everything Old New Again
Andrew Cole and Rich Moulton

DIY Vulnerability Discovery with DLL Side Loading
Jake Williams

Recon-ng and Beyond
Tim Tomes

Attacking OWASP - Exploiting the Top 10
David Coursey

Blue Team Track 2

Go Hack Yourself
Jason Frank

2015 - It's not over yet…
Joel Esler

How to Get Into ICS Security
Chris Sistrunk

Destruction as a Service: Security Through Reanimation
Jon Medina

The Programmatic Evolution of Technology Defense.
Roland Cloutier

Lessons Learned from Analyzing Terabytes of Malware
Wes Widner

08/27/2015 TSA Master Key Duplication & Why "Security Through (Not So) Obscurity" Fails


BSidesLV 2015 Videos
Working on getting all of the BSidesLV videos at the link above. I hope to make a full entry once they are all indexed.
07/27/2015 BSides Cincinnati 2015 Videos
These are the videos from the BSides Cincinnati 2015 Conference.

Welcome and Introduction
Josh Ohmer - President, BSidesCincy

Lateral Movement
Harlan Carvey

Automated Detection Strategies
John Davison

Powershell for Incident Responders
Jesse Lands

Cyber Intelligence: Concrete Analysis in a Fluid World
Coleman Kane

The Response-Ready Infrastructure
Justin Hall

A Distributed Computing Approach for Network Detection
Mike Reeves

The Value of a Simple DLP Program
Chris Tyo

07/18/2015 BSides Detroit2015 Videos
These are the videos from the BSides Detroit 2015 Conference. Thanks to Wolf for having me out and Chris, Justine, Robin, Sam, Mike and others I may forget for helping to record.


Information Security Reconciliation: The Scene and The Profession
Mark Stanislav

Track 1

Level One: How To Break Into The Security Field
Aaron Moffett

Hacker High - Why We Need To Teach Computer Hacking In Schools
Ron Woerner

Getting Started - Help Me Help You
David Trollman

From Blue To Red - What Matters and What (Really) Doesn't
Jason Lang

Clear as F.U.D.: How fear, uncertainty, and doubt are affecting users, our laws, and technologies
Christopher Maddalena

Data Breaches: Simply The Cost Of Doing Business
Joel Cardella

Eating the SMB Security Elephant - An ITSEC framework for small IT shops
Austen Bommarito


Track 2

Enterprise Class Vulnerability Management Like A Boss
Rockie Brockway

Funny Money: What Payment Systems Teach us about Security
Drew Sutter

Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in business
Steven Legg

Moving past Metasploit: Writing your first exploit
Calvin Hedler

Wielding BurpSuite: quick-start your extensions and automation rules
Marius Nepomuceno

Browser and Windows Environment Hardening
Kurtis Armour

07/17/2015 Converge 2015 Videos
These are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Chris, Ben, Briee, Nick and others I may forget for helping to record.


Hacking To Get Caught - Keynote
Raphael Mudge

Breaking in Bad (I'm the one who doesn't knock)
Jayson E. Street

Track 1

Weaving Security into the SDLC
Bill Sempf

If My CI/CD Teams have Time for Security, So Does Yours
Kevin Poniatowski

Adaptive Monitoring and Detection for Todays Landscape
Jamie Murdock

Threat Intelligence - A Program Strategy Approach
Jenn Black

Cymon: New Cyber Monitoring Tool
Roy Firestein

That's NOT my RJ45 Jack! | IRL Networking for Humans Pt. 1
Johnny Xmas

On Defending Against Doxxing
Benjamin Brown

Hiding in the ShaDOS
Richard Cassara

Security Culture in Development
Wolfgang Goerlich

Cracking and fixing REST services
Bill Sempf

PVCSec Live!

Clientless Android Malware Control
David Schwartzberg

Who Watches the Watchers? Metrics for Security Strategy
Michael Roytman

How to Dress Like a Human Being | IRL Networking for Humans Pt. 2
Johnny Xmas

Soft Skills for a Technical World
Justin Herman

Track 2

The Domain Name System (DNS) - Operation and Security
Tom Kopchak

Homebrew Censorship Detection by Analysis of BGP Data
Zach Julian

Four Pillars: Passion, Vision, Communication, Execution
Edgar Rojas

Excuse me while I BURP
Steve Motts

Public Recon: Why Your Corporate Security Doesn't Matter
Ronald Ulko (Not recorded)

Building the team for a successful SOC
Donald Warnecke

The Path Well-Traveled: Common Mistakes Encountered with SIEM
Nick Jacob

I failed, therefore I succeeded
Zee Abdelnabi (Not recorded)

 Adventures in Communication: Taming the C-Suite and Board
Jim Beechey

Under the Unfluence: the Dark Side of Influence
Ron Woerner

Application Security Awareness: Building an Effective and Entertaining Security Training Program
Chris Romeo

10 Reasons Your Security Education Program Sucks
Kris French Jr

Shooting Phish in a Barrel and other bad fish puns
Amanda Berlin

Process - The Salvation of Incident Response
Charles Herring

07/11/2015 OISF 2015 Videos

Gray Hat PowerShell
Ben Ten

Secret Pentesting Techniques
Dave Kennedy

Of History & Hashes
Adrian Crenshaw

hacker-ng: Farming the Future IT Crowd
Phil Grimes (th3grap3ap3)

Lawyer's Perspective On Data Security Breaches
Dino Tsibouris

06/20/2015 BSides Cleveland 2015 Videos
These are the videos from the Bsides Cleveland conference. Thanks to  &  as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.

Track 1

Morning Keynote
Jack Daniel

Metasploit & Windows Kernel Exploitation
Spencer McIntyre zeroSteiner

PwnDrone: The Modern Airborne Cyber Threat
Devin Gergen @DevinGergen

Afternoon Keynote
So You Want To Be An Infosec Rockstar?
Chris Nickerson

Why the Web is Broken
Bill Sempf @sempf

Outside the Box
David Kennedy Larry Spohn @HackingDave, @Spoonman1091

The Entropy of Obfuscated Code
Adam Hogan @adamwhogan

Track 2

Why the foundation of security is broken.
Alex Kot

Desired State Configuration (DSC): Dream Tool or Nightmare for Security Baseline and Configuration Management
Zack Wojton Wayne Pruitt zbirdflipper

Common Sense Security Framework
Jerod Brennen @slandail

Secure Test Driven Development: Brakeman, Gauntlet, OWASP and the Work Still to Be Done
Ricky Rickard rrickardjr

Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in business
Steven Legg ZenM0de

Building a Threat Intelligence Program
Edward McCabe @edwardmccabe

Phishing Without Ruby
Brandan Geise Spencer McIntyre coldfusion39

Security Not Guaranteed - Or, how to hold off the bad guys for another day.
James Gifford Elijah Snow-Rackley @jrgifford

Cleveland Locksport
Jeff Moss Doug Hiwiller, Damon Ramsey jeffthemossman

Augmenting Mobile Security and Privacy Controls
Brian Krupp @briankrupp

Track 3

DIY Hacker Training, a Walkthrough
Warren Kopp warrenkopp

Quick-start your Burp Suite extensions (Jython) and automation.
Marius Nepomuceno

Flourishing in a Hostile Work Environment
Dennis Goodlett

Defense in Depth - Your Security Castle
Tom Kopchak @tomkopchak

EMET Overview and Demo
Kevin Gennuso @kevvyg

10 Reasons Your Security Education Program Sucks
Kris French Jr @Turtl3Up

Call of Duty: Crypto Ransomware
Brett Hawkins @hawkbluedevil


06/14/2015 Circle City Con 2015 Videos
These are the Circle City Con videos. Thanks to the staff for inviting me up to record. Big thanks to Oddjob, Glenn, Jordan, Tim, Will, Mike, Nathan, & Chris for helping set up AV and record, as well as others who I'm forgetting. It was a great time.

Track 1

Opening Ceremonies


Rethinking the Trust Chain: Auditing OpenSSL and Beyond
Kenneth White

Actionable Threat Intelligence, ISIS, and the SuperBall
Ian Amit

Security Culture in Development
Wolfgang Goerlich

Simulating Cyber Operations: "Do you want to play a game?"
Bryan Fite

Hacking IIS and .NET
Kevin Miller

User Awareness, We're Doing It Wrong
Arlie Hartman

Departmentalizing Your SecOps
Tom Gorup

Shooting Phish in a Barrel and Other Terrible Fish Related Puns
Amanda Berlin

ZitMo NoM - Clientless Android Malware Control
David Schwartzberg

Data Loss Prevention: Where do I start?
Jason Samide

Reducing Your Organization's Social Engineering Attack Surface
Jen Fox

1993 B.C. (Before Cellphones)
Johnny Xmas

Building a Comprehensive Incident Management Program
Owen Creger

 Is that a PSVSCV in your pocket
Jake Williams

Analyzing the Entropy of Document Hidden Code
Adam Hogan

Making Android's Bootable Recovery Work For You
Drew Suarez

Does anyone remember Enterprise Security Architecture?
Rockie Brockway

Malware Armor
Tyler Halfpop

Closing Ceremonies

Track 2

Ruby - Not just for hipster
Carl Sampson

Configure your assets, save your butt
Caspian Kilkelly

Digital Supply Chain Security: The Exposed Flank
Dave Lewis

I Amateur Radio (And So Can You)
Kat Sweet

Wireless Intrusion Detection System with Raspberry Pi
Chris Jenks

The Answer is 42 - InfoSec Data Visualization (Making Metric Magic & Business Decisions)
Edward McCabe

Running Away from Security: Web App Vulnerabilities and OSINT Collide
Micah Hoffman

Lessons Learned from Implementing Software Security Programs
Todd Grotenhuis

Stupid Pentester Tricks - OR - Great Sysadmin Tips! - Done in style of Rocky and Bullwinkle
Alex Fernandez-Gatti / Matt Andreko / Brad Ammerman (not to be posted)

Findings to date.
Cameron Maerz

Clean Computing: Changing Cultural Perceptions
Emily Peed (No Sound)

From Parking Lot to Pwnage - Hack?free Network Pwnage
Brent White / Tim Roberts

PlagueScanner: An Open Source Multiple AV Scanner Framework
Robert Simmons

How not to Infosec
Dan Tentler

Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in business
Steven Legg

Hacking the Jolla: An Intro to Assessing A Mobile Device
Vitaly McLain / Drew Suarez


Track 3

Operationalizing Yara
Chad Robertson

An Inconvenient Truth: Security Monitoring vs. Privacy in the Workplace
Ana Orozco

From Blue To Red - What Matters and What (Really) Doesn't
Jason Lang

Using Evernote as an Threat Intelligence Management Platform

Surfing the Sea and Drowning in Tabs: An Introduction to Cross-Site Request Forgery
Barry Schatz

Turn Your Head And Cough: Why Architecture Risk Assessments Are Like Being A General Physician
Nathaniel Husted

Jonathan Thompson

The Hacker Community is Dead! Long Live the Hacker Community!
Bruce Potter

Square Peg, Round Hole: Developing a Security Culture Within an Enterprise
Jeff Pergal / Stuart McIntosh

Smuggling Plums - Using Active Defnse techniques to hide your web apps from your attackers and their scanners
John Stauffacher

Deploying Honeypots To Gather Actionable Threat Intelligence
James Taliento

Clear as FUD: A look at how confusing jargon and technology can create fear, uncertainty, and doubt
Chris Maddalena

How to Budget for IDS
Brian Heitzman

Reverse Engineering Windows AFD.sys
Steven Vittitoe

Nepenthes: Netpens With Less Pain
Andy Schmitz

Do We Still Need Pen Testing?
Jeff Man



Lock Picking & Bypass Class

Your Own Worst Enemy Landing Your First Infosec Gig Despite Yourself - Johnny Xmas

Building an Incident Response Program - Lesley Carhart

Security Auditing Android Apps - Sam Bown


ShowMeCon 2015 Videos


Breaking in Bad (I'm the one who doesn't knock)
Jayson Street

Security's Coming of Age: Can InfoSec Mature and Save the World
Dave Chronister

Confessions of a Social Engineer, My Dirty Tricks and How to Stop them.
Valerie Thomas

The Security Trust Chain is Broken: What We're Doing about it
Kenn White

Maturing Information Security - When Compliance doesn't cut it.
Joey Smith

Hunting the Primer: Looking into DarkNet
Aamir Lakhani


Left Track

Gray Hat Powershell

Sensory Perception: A DIY Approach to Building a Wireless Sensor Network
Tim Fowler

Stop The Wireless Threat - Dawn of the Drone
Scott Schober

Automated Static Malware Analysis Using Function-level Signatures or: How I Learned to Stop Worrying and Love the APT
James Brahm, Matthew Rogers, Morgan Wagners

Forensic Artifacts of Host-Guest Interaction in the VMware Environment
Kurt Aubuchon

Enterprise Class Vulnerability Management like a Boss
Rockie Brockway


Right Track

Paul Coggin

Behind the Hack
Ralph Echemendia

Mobile Forensics and its Anatomy of Extractions
Charline F. Nixon

Building Virtual Pentesting Lab
Kevin Cardwell

That's not my RJ45 jack: IRL networking for Humans
Johnny Xmas

The Great Trojan Demo
Ben Miller

Disco Track

HIPAA 2015: Wrath of the Audit
Hudson Harris

Practical Electronics: Fixing the fan in a post-poop scenario
Evan "treefort" Booth

Of History and Hashes
Adrian Crenshaw

06/07/2015 ShowMeCon Videos Coming Soon
As I record the ShowMeCon 2015 videos, I will be putting them here. I will also be tweeting as I get them out from @Irongeek_adc
05/30/2015 Of History & Hashes: A Brief History of Password Storage, Transmission, & Cracking
I'd like to expand this article with new anecdotes of "they should have know better" and "this has been done before". Please let me know how I should expand it.
05/30/2015 Kiosk/POS Breakout Keys in Windows
I wanted to point out some articles I wrote for the TrustedSec blog. If you mess with Kiosk systems, you may like this.
05/17/2015 Password Cracking Class for Hackers For Charity
This is the Password Cracking class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin @webpwnized, Martin Bos @purehate_ and me @irongeek_adc. If you like the video, please consider donating to Hackers For Charity. Keywoords: John, Hashcat, OCLHashcat, rockyou, sam, system, Windows, Unix passwords.
05/16/2015 BSides Knoxville 2015 Videos
These are the videos BSides Knoxville 2015. Thanks to Aaron, Tim and Nicolas for the video help.

Travis Goodspeed

How I've hacked and un-hacked a logic game (20 years to Lights Out)
Gyora Benedek

Finding Bad Guys with 35 million Flows, 2 Analysts, 5 Minutes and 0 Dollars
Russell Butturini

Dumping the ROM of the Most Secure Sega Genesis Game Ever Created: A Reverse Engineering Story
Brandon Wilson (not recorded)

Phishing: Going from Recon to Credentials
Adam Compton, Eric Gershman

Multipath TCP - Breaking Today's Networks with Tomorrow's Protocols
Catherine Pearce

High Performance Fuzzing
Richard Johnson

Cyber Cyber Cyber: Student Security Competitions
Eric Gershman, Raymond Borges

The Impossibility of Protecting the Enterprise at $7.25 an hour
Kevin Thomas

 I've met the enemy information security and it is us
Slade Griffin

The Poetry of Secrets: An Introduction to Cryptography
Eric Kolb

From Broadcast to Totally Pwned
Russel Van Tuyl, Matt Smith

Introducing User-Centered Design to Augment Human Performance in Cyber Warfare
Frank Cohee, Joe Davis

Back to the Future
Neil Desai

Virtualized Routers Soup to Nuts
Jeff Nichols, Benjamin Taylor, Tommy Hardin

05/10/2015 BSides Boston 2015 Videos
These are the videos BSides Boston 2015. Thanks to @plaverty9 for inviting me out to record.


The Securitized State: Where it came from, where it's going, what can be done about it
Molly Sauter

Track 1

Is Threat Modeling for Me?
Robert Hurlbut

Hacker or criminal? Repairing the reputation of the infosec community.
Melanie Ensign

Running Away from Security: Web App Vulnerabilities and OSINT Collide
Micah Hoffman

Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Program
Paul Asadoorian

Protect Your "Keys to the Kingdom" _ Securing Against the Next Inevitable Cyberattack
Paul Kozlov

In pursuit of a better crypto puzzle
Samuel Erb

Track 2

When penguins attack - Linux's role in the malware ecosystem
Chester Wisniewski

The Benefits in Externalizing DMZ-as-a-Service in the Cloud
Israel Barak

Common misconfigurations that lead to a breach
Justin Tharpe

Applying Big Data technology to security use case
Max Pevzner

Marketing: They're not all Schmucks.
Jen Ellis & Josh Feinblum

Next-Gen Incident Management - Building out a Modern Incident Management Capability
John McDonald


04/24/2015 AIDE 2015 Videos
Recorded at AIDE 2015. Big thanks to Bill Gardner (@oncee) for having me out to record.

ISLET (Isolated, Scalable, & Lightweight Environment for Training) - Jon Schipp

Examining Hacktivism: Crime and Punishment in the Digital Age - Bill Gardner/Kim DeTardo-Bora/Amanda Richards

INFOSEC Flash Forward - Changing how we think - Dave Kennedy

Quantum Computing 01100101 - Tess Schrodinger

Introducing Network Scout: Defending the Soft Center of Your Network - Aeadan Somerville/Shawn Jordan

Mutillidae - Jeremy Druin

Quick Intro To Lock Picking - Adrian Crenshaw

OWASP Applied - Elliott Cutright (Not Recorded)

Kevin Cordle - Kevin Cordle (Not Recorded)

Better Threat Intel Through OSint - Frank Hackett

Overview of Darknets - Adrian Crenshaw

BREAKING in BAD (I'm the one who doesn't knock) - Jayson Street


BSides San Francisco 2015 Videos
These are the videos from the BSides San Francisco conference. Special thanks to Doug, Jim, @dgc, 'Grond' <grond66@riseup.net>, @flee74 , Wayne and some others I'm forgetting for their help recording

Track 1


Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration
Gopal Jayaraman

OSXCollector: Forensic Collection and Automated Analysis for OS X
Ivan Leichtling

DNS Spikes, Strikes, and The Like
Thomas Mathew

Ask the EFF

Your Users Passwords Are Already Stolen
Lucas Zaichkowsky

Analyze This!
Aaron Shelmire
(not recorded)

Medical Device Security - From Detection To Compromise
Scott Erven

How SecOps Can Convince DevOps To Believe In The Bogeyman
Leif Dreizler

Human Hunting
Sean Gillespie

Phighting Phishers Phake Phronts
Kevin Bottomley

Corporate Governance For Fun and (Non)Profit
Christie Dudley

HIPAA 2015: Wrath of the Audits
W. Hudson Harris

Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced Honeynet
Jason Trost

Getting started...help me help you
David Trollman


Track 2

Critical Infrastructure: The Cloud loves me, The Cloud loves me not.
Bryan Owen

F*ck These Guys: Practical Countersurveillance
Lisa Lorenzin

Collective Action Problems in Cybersecurity
Allan Friedman

Intrusion Detection in the clouds
Josh Pyorre

Hacker or criminal? Repairing the reputation of the infosec community
Melanie Ensign

Student Surveillance: How Hackers Can Help Protect Student Privacy
Jessy Irwin

When Doing the Right Thing Goes Wrong - Impact of Certificates on Service Based Infrastructure
Robert Lucero

How to Lie with Statistics, Information Security Edition
Tony Martin-Vegue

Ground Zero Financial Services: The Latest Targeted Attacks from the Darknet
Brian Contos

Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency Response
Rakesh Bharania

GitReview - Reflective Control In Action
Jon Debonis

Probing Patches: Beyond Microsoft's ANS
Bill Finlayson (not recorded)

*Blink*: The Network Perimeter is Gone
Rick Farina (Zero_Chaos)

Federating AWS CLI
Paul Moreno

04/12/2015 BSides Nashville 2015 Videos
These are the videos BSides Nashville 2015. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville.

BSides Nashville Intro and
Pondering the False Economy of Secrets
Trey Ford @TreyFord

Applied Detection and Analysis Using Flow Data
Jason A. Smith

Using devops monitoring tools to increase security visibility
Chris Rimondi

The Great Trojan Demo
Ben Miller

Nobody Understands Me: Better Executive Metrics
Michael St. Vincent

So you want to be a pentester?
Not Recorded

We Built This & So Can You!
Tim Fowler

That's NOT my RJ45 Jack!: IRL Networking for Humans
Johnny Xmas

Finding Low Hanging Fruit with Kali
Stephen Haywood

What do infosec practitioners actually do
Slade Griffin

From Parking Lot to Server Room
Tim Roberts and Brent White

N4P Wireless Pentesting: So easy even a caveman can do it
Chris Scott


Use of Attack Graphs in Security Systems
Not Recorded

Skiddiemonkeys: Fling "stuff" at your Defenses and See What Sticks
Russell Butturini & Joshua Tower


04/01/2015 Guess I Stay In Infosec
Well, I tried to join the ranks of radical feminists, but they would not have me. I'll keep running Irongeek.com for awhile. Guess I need to change causes and fight for machine liberation instead (Hail Skynet!).

Irongeek signing off, time for other projects
Hello everyone. It’s been a great 11 years, but my life and career plans have moved on. I’m moving away from information security and plan to dedicate my life to radical feminism. As such, I won’t have time to maintain this infosec site (working on my PhD in women’s studies takes a lot of time), so please archive Irongeek.com while it is still up. I will be announcing the URLs of my Tumblr, GoFundMe and Patreon pages shortly. Thanks for your support.


Central Ohio Infosec Summit 2015 Videos
These are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record.


We're At War - Why Aren't You Wearing A Helmet?
Bill Sieglein

Ghost In The Shadows - Identifying Hidden Threats Lurking On Our Networks
Deral Heiland

Rebuilding and Transforming and Information Security Function
Susan Koski

InfoSec’s Midlife Crisis & Your Future...
Tsion Gonen

Current Cyber Threats: An Ever-Changing Landscape
Kevin Rojek

Tech 1

IT Isn't Rocket Science
David Mortman

Mind On My Money, Money On My Malware
Dustin Hutchison

Private Cloud Security Best Practices
Mike Greer

Cyber Espianoge - Attack & Defense
Michael Mimoso

Three Years of Phishing - What We've Learned
Mike Morabito

Piercing Your Perimeter, Dodging Detection, and Other Mayhem! a.k.a. Pen Tester Voodoo 101
Mick Douglas

Physical Penetration Testing: You Keep a Knockin' But You Can't Come In!
Phil Grimes

Tech 2

Honeypots for Active Defense - A Practical Guide to Deploying Honeynets Within the Enterprise
Greg Foss

Building Security Awareness Through Social Engineering
Valerie Thomas & Harry Regan

Open Source Threat Intelligence: Building A Threat Intelligence Program Using Public Sources & Open Source Tools
Edward McCabe

Modern Approach to Incident Response
James Carder and Jessica Hebenstreit

Having your cake and eating it too! Deploying DLP services in a Next Generation Firewall Environment
Mike Spaulding

Using Machine Learning Solutions to Solve Serious Security Problems
Ryan Sevy & Jason Montgomery

Electronic Safe Fail
Jeff Popio

Emerging Trends in Identity & Access Management
Robert Block

Building a Successful Insider Threat Program
Daniel Velez

A New Mindset Is Needed - Data Is Really the New Perimeter!
Jack Varney


Software Security Cryptography
Aaron Bedra

Threat Analytics 101: Designing A "Big Data" Platform For Threat Analytics
Michael Schiebel

Developers Guide to Pen Testing (Hack Thyself First)
Bill Sempf

OWASP 2014 - Top 10 Proactive Web Application Controls
Jason Montgomery


IAM Case Study: Implementing A User Provisioning System
Keith Fricke

Measuring the Maturity of Your Security Operations Capabilities
Clarke Cummings

Exploring the Relationship between Compliance and Risk Management
Mark Curto

Data Loss Prevention - Are You Prepared?
Jason Samide

Compliance vs. Security - How to Build a Secure Compliance Program
Jeff Foresman

Overview and Analysis of NIST Cybersecurity Framework
Sarah Ackerman

The Explosion of Cybercrime - The 5 Ways IT May Be an Accomplice
Mark Villinski

GRC: Governance, Ruses & Confusion
Shawn Sines

Security Directions and Best Practices
Kevin Dempsey


Data Breach: If You're Not Prepared, You Can't Be Responsive
John Landolfi

Ten Practical Ideas For Creating An Attentive and Supportive Organization: Sales & Marketing For the Security Team
Glenn Miller

Strengthening Your Security Program
Chad Robertson

Presenting Security Metrics to the Board
Nancy Edwards

DREAMR - Obtain Business Partnerships
Jessica Hebenstreit

Security Talent In Ohio - A Discussion
Helen Patton

Silos to Seamless: Creating a Comprehensive Security Program
Jeremy Wittkop

Ascending Everest: Managing Third-Party Risk in the Modern Enterprise
Thomas Eck

And Then The World Changed…Again
Jason Harrell

Corporate Uses for Anonymity Networks
Adam Luck

Going To The Dark Side: A Look Into My Transition From Technologist To Salesman
Aaron Ansari

Building An Industrial Controls Cybersecurity Framework (Critical Infrastructure)
Ernie Hayden

Panel Discussion Insourcing Outsourcing and Hybrid
Helen Patton, Louis Lyons, Greg Franz, Jeffery Sweet, Sassan Attari, Carla Donev, Kent King


02/28/2015 Louisville Lock Picking And Bypass Class Hosted At LVL1
Hackers For Charity donation class taught by @irongeek_adc and @essobi. Hosted at the LVL1 Hackerspace.
02/22/2015 BSides Tampa 2015 Videos
These are the videos from the BSides Tampa conference. Thanks to @PolarBill and all of the BSides Crew for having me out to help record and render the videos.

Track 1

Bug Bounties and Security Research
Kevin Johnson

Securing The Cloud
Alan Zukowski

Chris Berberich

Vendor Induced Security Issues
Dave Chronister

Pentest Apocalypse
Beau Bullock

Kippo and Bits and Bits
Chris Teodorski

The Art of Post-infection Response & Mitigation
Caleb Crable

The Need for Pro-active Defense and Threat Hunting Within Organizations
Andrew Case

Track 2

Finding Common Ground within the Industry and Beyond
David Shearer

Ways to Identify Malware on a System
Ryan Irving

Android Malware and Analysis
Shane Hartman

Teaching Kids (and Even Some Adults) Security Through Gaming
Le Grecs

Evaluating Commercial Cyber Threat Intelligence
John Berger

Track 3

Cyber Geography and the Manifest Destiny of the 21st Century
Joe Blankenship

Mitigating Brand Damage From A Cyber Attack
Guy Hagen

What is a security analyst and what job role will they perform
James Risler

Live Forensic Acquisition Techniques
Joe Partlow

Cyber Security Awareness for Healthcare Professionals
Marco Polizzi

02/08/2015 BSides Huntsville 2015 Videos Posted
These are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon, Brian, @GRMrGecko and all of the BSides Crew for having me out to help record and render the videos.

Track 1

Real World Threats
Russ Ward

Lock picking, but bypass is easier
Adrian Crenshaw (@irongeek_adc)

The Dark Side Of PowerShell
Joshua Smith

Give me your data!
Dave Chronister

Gods and Monsters: A tale of the dark side of the web
Aamir Lakhani

Sensory Perception: A DIY approach to building a sensor network
Tim Fowler

Hijacking Label Switched Networks in the Cloud
Paul Coggin (@PaulCoggin)

Reverse Engineering Network Device APIs
Dan Nagle (@NagleCode)

Track 2

So Easy A High-Schooler Could Do It: Static malware analysis using function-level signatures
James Brahm, Matthew Rogers, and Morgan Wagner

Pragmatic Cloud Security: What InfoSec Practitioners Have Been Waiting For
Josh Danielson (@JoshGDanielson) and Arthur Andrieu

Developing and Open Source Threat Intelligence Program
Edward McCabe (@edwardmccabe)

Applying User-Centered Design Techniques for Augmenting Human Perception in Cyber Warfare
Frank Cohee

The Great Trojan Demo
Ben Miller

A Virtual SCADA Laboratory for Cybersecurity Pedagogy and Research
Zach Thornton

PlagueScanner: An Open Source Multiple AV Scanner Framework

01/28/2015 Circle City Con, Indianapolis Indiana 06-12-2015 - 06-14-2015
Come join us for Circle City Con in Indianapolis Indiana this June 12th-14th. I had a great time last year, and will be staffing again this year (video of course, and some time in the lock pick village). Call for presentations and call for trainers is currently open. More information at https://circlecitycon.com
01/21/2015 BSides Columbus Ohio 2015 Videos

These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and the guys who manned video rigs.


Breaking Bad
Jayson Street

Cloud and Virtualization Theory
Grauben Guevara



User Behavior Analysis
Matt Bianco

Plunder, Pillage and Print - The art of leverage multifunction printers during penetration testing
Deral Heiland

Common Sense Security Framework
Jerod Brennen

OWASP Mobile Top Ten - Why They Matter and What We Can Do
Ricky Rickard


Got software? Need a security test plan? Got you covered.
Bill Sempf

Corporate Wide SSL Interception and Inspection
Frank Shaw

How to Rapidly Prototype Machine Learning Solutions to Solve Security Problems
Jason Montgomery

A Basic Guide to Advanced Incident Response
Scott Roberts

Supply and Demand: Solving the InfoSec Talent Shortage
Brandon Allen

Special Teams

Do We Still Need Pen Testing?
Jeff Man

Trolling Attackers for Fun & Profit
Stephen Hosom

Inurl:robots.txt-What are YOU hiding?
David Young

Malware Development as the Evolution of Parasites
Adam Hogan

Snort Beyond IDS: Open Source Application and File Control
Adam Hogan


Shmoocon Firetalks 2015 Videos

Opening - @grecs

PlagueScanner: An Open Source Multiple AV Scanner Framework - Robert Simmons (@MalwareUtkonos)

I Hunt Sys Admins - Will Schroeder (@harmj0y)

Collaborative Scanning with Minions: Sharing is Caring - Justin Warner (@sixdub)

Chronicles of a Malware Hunter - Tony Robinson (@da_667)

SSH-Ranking - Justin Brand (@moo_pronto)

Resource Public Key Infrastructure - Andrew Gallo (@akg1330)

12/6/2014 WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated
Uploaded version 0.97. Now uses HTTPS for connecting to WiGLE since they have a properly signed cert. I also added code contributions from njd who updated for WiGLE changes (WiGLE now supports more encryption types). Folders are broken down into WAPs that a Open, WEP, WPA, WPA2 and Unknown.
11/22/2014 DerbyCon 2014 Higher Education Panel for Hackers Irongeek’s Thoughts
Just my thoughts on the state of infosec education at universities.
11/17/2014 Hack3rcon 5 Videos
Here are the videos from Hack3rcon^5 Enjoy.

Bash Scripting for Penetration Testers
Lee Baird

Intro to PowerShell Scripting for Security

ISLET: An Attempt to Improve Linux-based Software Training
Jon Schipp

Remote Phys Pen: Spooky Action at a Distance
Brian Martin

Introducing Network-Scout: Defending The Soft Center of Your Network

Using the techniques of propaganda to instill a culture of security
Justin Rogosky

Identify Your Web Attack Surface: RAWR!
Tom Moore, Adam Byers

Gone in 60 minutes _ Practical Approach to Hacking an Enterprise with Yasuo
Saurabh Harit, Stephen Hall

Check Your Privilege(s): Futzing with File Shares for low hanging fruit
Adrian Crenshaw

DERP - Dangerous Electronic Redteam Practices
Luis Santana

When Zombies take to the Airwaves

I Am Nation State (And So Can You!)
tothehilt, SynAckPwn


GrrCON 2014 Videos
These are the videos of the presentations from GrrCON 2014. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Steve, Ian, Justine, and other Chris) for recording.


Around the world in 80 Cons (A tale of perspectives)
Jayson E Street

Infosec in the 21st century
Tim Crothers

Securing our Ethics: Ethics and Privacy in a Target-Rich Environment
Kevin Johnson

Social Engineering Can Kill Me, But It Can’t Make Me Care
Gavin ‘Jac0byterebel’ Ewan

Finding Our Way - From Pwned to Strategy 
David Kennedy (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Emulate SandBox and VMs to avoid malware infections
Jordi Vazquez (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Security Hopscotch
Chris Roberts (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Email DLP: Simple concept, often poorly implemented
c0rrup7_R3x (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

Look Observe Link (LOL) - How I learned to love OSINT
NinjaSl0th (Half lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks)

ZitMo NoM
David “HealWHans” Schwartzberg

Bigger Boys Made Us
Mike Kemp

Full Douchesclosure
Duncan Manuts

Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Odditie
Arron ‘Finux’ Finnon



Beating the Infosec Learning Curve Without Burning Out
Scott ‘secureholio’ Thomas

Picking Blackberries
Thomas 'G13' Richards

Exercising with Threat Models
J Wolfgang Goerlich

Seeing Purple: Hybrid Security Teams for the Enterprise

CryptoRush - Rising from the Ashes
King Dragon

Autonomous Remote Hacking Drones
Dr. Phil Polstra

Proof That Windows Computer Forensics is Sexy
Kyle ‘Chaoticflaws’ Andrus

BioHacking: Becoming the Best Me I Can Be

Vulnerable By Design - The Backdoor That Came Through the Front
Matthew ‘mandatory’ Bryant

OAuth2.0 - It’s the Implementation Stupid!!
Tony Miller

Breach Stains
Matt ‘The Streaker’ Johnson

Are you a janitor, or a cleaner?
John ‘geekspeed’ Stauffacher & Matthew ‘Mattrix’ Hoy

PCI and Crypto: The Good, The Bad, and The Frankly Ugly
Robert Former



Advanced Threats and Lateral Movement 
Terrance Davis

Adopting a Risk-based Threat Model to Secure Your Defenses and Regain Control of Your Critical Data
Todd Bursch

New World, New Realities: Endpoint threat Detection, Response and Prevention
Brian Orr

Reducing Your Organization’s Social Engineering Attack Surface
Jen Fox

Memory Forensics with Hyper-V Virtual Machines
Wyatt Roersma

$#!T My Industry Says. . .
Kellman Meghu

Bringing PWNED To You: Interesting Honeypot Trends
Elliott Brink

The Security Implications of Software Defined Networks
Shane Praay

Lessons from the front lines: Top focus areas for information security leaders
Shogo Cottrell

How to budget IDS’s
Brian ‘Arcane’ Heitzman

LEVIATHAN: Command and Control Communications on Planet Earth
Kevin Thompson

Red Teaming: Back and Forth, 5ever

Intelligence Driven Security
Shane Harsch

Security for the People: End-User Authentication Security on the Internet
Mark Stanislav

Hackers Are People Too

Vaccinating APK’s
Milan Gabor



Hack the Hustle! Career Strategies For Information Security Professionals
Eve Adams

The Challenge of Natural Security Systems
Rockie Brockway

Application Pen Testing
Chris Pfoutz

Advanced Breaches of 2013 vs. Behavioral Detection
Charles Herring

Security On The Cheap
Joel Cardella

Hacking Android
Godfrey Nolan

Cyber Security Incidents: Red Blue Team
Unc13 Fuck3r


Board Breaking Challenge

GrrCON Talent Accelerator Program
Abe Jones


Louisville Infosec 2014 Videos
Below are the videos from the Louisville Infosec 2014 conference. Thanks to @theglennbarrett, @f0zziehakz and @bridwellc for helping me record.

Opening Ceremony

All of Your Compliance Needs with One Methodolgy
Jim Czerwonka

Lockade: Electronic Games for Locksport
Adrian Crenshaw

Mining Data from the Windows Registry
Jason Hale

Identity Theft: Who's in YOUR Wallet?
Richard Starnes & Rick Nord

Mobile Telephony for InfoSec Practitioners
Daniel Helton

A Crosswalk of the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP)
John McLain

Building an Enterprise DDoS Mitigation Strategy
Mitchell Greenfield

Practical interception of mobile device traffic
Jeremy Druin

Changing What Game- One Future for Information Security
Michael Losavio

Trash Talkin - IT Audit Guide to Dumpster Diving
John Liestman

Linking Users to Social Media Usage on Android Mobile Devices
Ryan Ferreira

Origin of CyberSecurity Laws - An Insider's Story
Steve Riggs

A Place at the Table
Kristen Sullivan

What your Web Vulnerability Scanners Aren't Telling You
Greg Patton

ISSA Awards

Creating the Department of How: Security Awareness that makes your company like you.
Ira Winkler

Are You Really PCI DSS Compliant? Case Studies of PCI DSS Failure!
Jeff Foresman

Where does Data Security fit into the Data Quality strategy?
Michael Vincent

Closing Ceremony

10/01/2014 Derbycon 4 Videos
These are the videos of the presentations from Derbycon 2014. Big thanks to my video jockeys Skydog, Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Steven, Branden Miller, Joe, Greg and Night Carnage (and maybe the speakers too I guess).

Welcome to the Family - Intro

Johnny Long (Keynote) - Hackers saving the world from the zombie apocalypse

How to Give the Best Pen Test of Your Life (Keynote) - Ed Skoudis

Adaptive Pentesting Part Two (Keynote) - Kevin Mitnick and Dave Kennedy

If it fits - it sniffs: Adventures in WarShipping - Larry Pesce

Abusing Active Directory in Post-Exploitation - Carlos Perez

Quantifying the Adversary: Introducing GuerillaSearch and GuerillaPivot -Dave Marcus

A Year in the (Backdoor) Factory - Joshua Pitts

Ball and Chain (A New Paradigm in Stored Password Security) - Benjamin Donnelly and Tim Tomes

Et tu - Kerberos? - Christopher Campbell

Advanced Red Teaming: All Your Badges Are Belong To Us - Eric Smith

Bypassing Internet Explorer's XSS Filter - Carlos Munoz

 Threat Modeling for Realz - Bruce Potter

A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services - Brent Huston

Red Teaming: Back and Forth - 5ever - Fuzzynop

How not to suck at pen testing - John Strand

Mainframes - Mopeds and Mischief; A PenTesters Year in Review - Tyler Wrightson

The Multibillion Dollar Industry That's Ignored - Jason Montgomery and Ryan Sevey

Code Insecurity or Code in Security - Mano 'dash4rk' Paul

C3CM: Defeating the Command - Control - and Communications of Digital Assailants - Russ McRee

So You Want To Murder a Software Patent - Jason Scott

Leonard Isham - Patching the Human Vulns

Burp For All Languages - Tom Steele

Passing the Torch: Old School Red Teaming - New School Tactics - David McGuire and Will Schroeder

I Am The Cavalry: Year [0] - Space Rogue and Beau Woods

University Education In Security Panel - Bill Gardner (@oncee) - Ray Davidson - Adrian Crenshaw - Sam Liles - Rob Jorgensen

What happened to the 'A'? - How to leverage BCP/DR for your Info Sec Program - Moey

Securing Your Assets from Espionage - Stacey Banks

Subverting ML Detections for Fun and Profit - Ram Shankar Siva Kumar - John Walton

Secrets of DNS - Ron Bowes

Snort & OpenAppID: How to Build an Open Source Next Generation Firewall - Adam Hogan

GET A Grip on Your Hustle: Glassdoor Exfil Toolkit - Parker Schmitt - Kyle Stone (essobi) - Chris Hodges (g11tch)

DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model? - Tony Cargile

Exploiting Browsers Like A Boss w/ WhiteLightning! - Bryce Kunz

Real World Intrusion Response - Lessons from the Trenches - Katherine Trame and David Sharpe

Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed - David McCartney

NeXpose For Automated Compromise Detection - Luis "connection" Santana

A girl - some passion - and some tech stuff - Branden Miller and Emily Miller

InfoSec - from the mouth of babes (or an 8 year old) - Reuben A. Paul (RAPstar) and Mano Paul

Why Aim for the Ground? - Teaching Our School Kids All of the Right Computer Skills - Phillip Fitzpatrick

NoSQL Injections: Moving Beyond 'or '1'='1' - Matt Bromiley

SWF Seeking Lazy Admin for Cross Domain Action - Seth Art

Planning for Failure - Noah Beddome

The Social Engineering Savants - The Psychopathic Profile - Kevin Miller

Hiding the breadcrumbs: Forensics and anti-forensics on SAP systems - Juan Perez-Etchegoyen

You're in the butter zone now baby. - Chris Scott

Making BadUSB Work For You - Adam Caudill - Brandon Wilson

PassCrackNet: When everything else fails - just crack hashes. - Adam Ringwood

Vulnerability Assessment 2.0 - John Askew

Social Engineering your progeny to be hackers - Sydney Liles

A Brief History of Exploitation - Devin Cook

Hunting Malware on Linux Production Servers: The Windigo Backstory - Olivier Bilodeau

Interceptor: A PowerShell SSL MITM Script - Casey Smith

Egypt - More New Shiny in the Metasploit Framework

The Human Buffer Overflow aka Amygdala Hijacking - Christopher Hadnagy

Shellcode Time: Come on Grab Your Friends - Wartortell

The Internet Of Insecure Things: 10 Most Wanted List - Paul Asadoorian

DDoS Botnet: 1000 Knives and a Scalpel! - Josh Abraham

wifu^2 - Cameron Maerz

Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades - Tim Medin

Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields - Eve Adams and Johnny Xmas

How to Secure and Sys Admin Windows like a Boss. - Jim Kennedy

Red white and blue. Making sense of Red Teaming for good. - Ian Amit

Around the world in 80 Cons - Jayson E. Street

Mirage - Next Gen Honeyports - Adam Crompton and Mick Douglas

Active Directory: Real Defense for Domain Admins - Jason Lang

The Wireless World of the Internet of Things - JP Dunning ".ronin"

Hackers Are People Too - Amanda Berlin (Infosystir)

Ethical Control: Ethics and Privacy in a Target-Rich Environment - Kevin Johnson and James Jardine

The Road to Compliancy Success Plus Plus - James Arlen

Are You a Janitor - Or a Cleaner - "John Stauffacher and Matt Hoy

Practical PowerShell Programming for Professional People - Ben Ten (Ben0xA)

GROK - atlas

How building a better hacker accidentally built a better defender - Casey Ellis

Exploring Layer 2 Network Security in Virtualized Environments - Ronny L. Bull - Dr. Jeanna N. Matthews

Hardware Tamper Resistance: Why and How? - Ryan Lackey

Making Mongo Cry-Attacking NoSQL for Pen Testers - Russell Butturini

Step On In - The Waters Fine! - An Introduction To Security Testing Within A Virtualized Environment - Tom Moore

Give me your data! Obtaining sensitive data without breaking in - Dave Chronister

Third Party Code: FIX ALL THE THINGS - Kymberlee Price - Jake Kouns

Just What The Doctor Ordered? - Scott Erven

Powershell Drink the Kool-Aid - Wayne Pruitt - Zack Wojton

powercat - Mick Douglas

Macro Malware Lives! - Putting the sexy back into MS-Office document macros - Joff Thyer

Girl… Fault Interrupted - Maggie Jauregui

Human Trafficking in the Digital Age - Chris Jenks

Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP - Nathaniel Husted

How to Stop a Hack - Jason Samide

We don't need no stinking Internet. - Greg Simo

Hacking the media for fame and profit - Jen Ellis and Steve Ragan

Rafal Los - Things Being a New Parent of Twins Teaches You About Security

ZitMo NoM - David Schwartzberg

Penetrate your OWA - Nate Power

RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours - Lucas Morris - Adam Zamora

Interns Down for What? - Tony Turner

i r web app hacking (and so can you!) - Brandon Perry

Building a Modern Security Engineering Organization - Zane Lackey

Information Security Team Management: How to keep your edge while embracing the dark side - Stephen C Gay

5min web audit: Security in the startup world - Evan Johnson

Project SCEVRON: SCan EVrything with ruby RONin - Derek Callaway

Soft Skills for a Technical World - Justin Herman

Gone in 60 minutes a Practical Approach to Hacking an Enterprise with Yasuo - Saurabh Harit and Stephen Hall

Snarf - Capitalizing on Man-in-the-Middle - Victor Mata - Josh Stone

Electronic locks in firearms - Oh My! - Travis Hartman

The Achilles Heel Of The American Banking System - Brandon Henery and Andy Robins

It's Not Easy Being Purple - Bill Gardner - Valerie Thomas - Amanda Berlin - Eric Milam - Brandon McCann - Royce Davis

Control Flow Graph Based Virus Scanning - Douglas Goddard

Ok - so you've been pwned - now what? - Jim Wojno

Everybody gets clickjacked: Hard knock lessons on bug bounties - Jonathan Cran

Are you a Beefeater - focused on protecting your crown jewels? - Jack Nichelson

Dolla Dolla Bump Key - Chris Sistrunk

What Dungeons & Dragons Taught Me About INFOSEC - Joey Maresca (l0stkn0wledge)

Gender Differences in Social Engineering: Does Sex Matter? - Shannon Sistrunk - Will Tarkington

Introduction to System Hardening - Eddie David

 Hacking your way into the APRS Network on the Cheap - Mark Lenigan

Building a Web Application Vulnerability Management Program - Jason Pubal

Fighting Back Against SSL Inspection - or How SSL Should Work - Jacob Thompson

Physical Security: From Locks to Dox - Jess Hires

Am I an Imposter? - Warren Kopp

Call of Community: Modern Warfare - Ben Ten and Matt Johnson

The Canary in the Cloud - Scot Bernerv



BSides Augusta 2014 Videos
These are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail for manning a capture rig.


Defeating Cognitive Bias and Developing Analytic Technique
Chris Sanders

Chris Sistrunk

Scaling Security Onion to the Enterprise
Mike Reeves

Techniques for Fast Windows Investigations
Tim Crothers

Using Microsoft’s Incident Response Language
Chris Campbell

Is that hardware in your toolkit, or are you just glad you’re keeping up?
Jeff Murri

Chris Truncer

The Adobe Guide to Keyless Decryption
Tim Tomes

App Wrapping: What does that even mean
David Dewey

Adventures in Asymmetric Warfare
Will Schroeder

When Zombies take to the Airwaves
Tim Fowler

Spying on your employees using memory
Jacob Williams

Crazy Sexy Hacking
Mark Baggett

08/21/2014 Passwordscon 2014 Videos
These are the videos from the Passwordscon 2014 conference. Thanks for having me out to help record and render the videos.

Track 1

How we deciphered millions of users’ encrypted passwords without the decryption keys. - Josh Dustin (Canceled)

Is Pavlovian Password Management The Answer? - Lance James

DoCatsLikeLemon? - Advanced phrase attacks and analysis - Marco Preuß

Tradeoff cryptanalysis of password hashing schemes - Dmitry Khovratovich, Alex Biryukov, Johann Großschädl

Using cryptanalysis to speed-up password cracking - Christian Rechberger

Password Security in the PCI DSS - Jarred White

Defense with 2FA - Steve Thomas

I have the #cat so I make the rules - Yiannis Chrysanthou

Penetrate your OWA - Nate Power

Surprise talk + advisory release - Dominique Bongard

All your SAP P@$$w0ЯdZ belong to us - Dmitry Chastuhin, Alex Polyakov

Target specific automated dictionary generation - Matt Marx

Bitslice DES with LOP3.LUT - Steve Thomas

Net hashes: a review of many network protocols - Robert Graham

Energy-efficient bcrypt cracking - Katja Malvoni

The problem with the real world - Michal Špaček

Password Topology Histogram Wear-Leveling, a.k.a. PathWell - Rick Redman

Beam Me Up Scotty! - Passwords in the Enterprise - Dimitri Fousekis

Track 2

Welcome & Announcements - Jeremi Gosney, Per Thorsheim

Opening Keynote - Julia Angwin

Secure your email - Secure your password - Per Thorsheim

Highlights of CMU’s Recent Work in Preventing Bad Passwords - Sean Segreti, Blase Ur

Password Hashing Competition: the Candidates - Jean-Philippe Aumasson

What Microsoft would like from the Password Hashing Competition - Marsh Ray, Greg Zaverucha

How Forced Password Expiration Affects Password Choice - Bruce K. Marshall

Security for the People: End-User Authentication Security on the Internet - Mark Stanislav

Authentication in the Cloud - Building Service - Dan Cvrcek

How EFF is Making STARTTLS Resistant to Active Attacks - Jacob Hoffman-Andrews, Yan Zhu

Proof of work as an additional factor of authentication - Phillippe Paquet, Jason Nehrboss

The future of mobile authentication is here - Sam Crowther

Password hashing delegation: how to get clients work for you - Thomas Pornin

Throw the User ID Down the Well - Daniel Reich

Password Generators & Extended Character Set Passwords - Stephen Lombardo, William Gray

Encryption and Authentication: Passwords for all reasons. - Jeffrey Goldberg

Enhancing Password Based Key Derivation Techniques - Stephen Lombardo, Nick Parker

Capturing Passwords into the Secure Desktop - Marcio Almeida de Macedo, Bruno Gonçalves de Oliveira

08/20/2014 TakeDownCon Rocket City 2014 Videos
These are the videos from the TakeDownCon Rocket City 2014. Thanks to Devona Valdez and Paul Coggin for having me out to record.

Hacking Industrial Control Systems - Ray Vaughn (Not Recorded)

Dropping Docs on Darknets: How People Got Caught - Adrian Crenshaw

How Networks are Getting Hacked: The Evolution of Network Security - Omar Santos

Building on Device Vulnerabilities: Attack Modes for ICS - Bryan Singer

Survival in an Evolving Threat Landscape - David Hobbs

Practical Side Channel Attacks On Modern Browsers - Angelo Prado

IPv6 Attack tools - Soctt Hogg

Mobile Forensics and Its App Analysis - Dr. Charline Nixon

Keynote - How Not to do Security - Kellman Meghu

Baseball, Apple Pies, and Big Data Security Analytics: Shorten the Kill Chain Window - Aamir Lakani

Hijacking Label Switched Networks in the Cloud - Paul Coggin

Shepherd’s Pi - Herding Sheep with a Raspberry Pi - Timothy Mulligan

Radio Hack Shack - Security Analysis of the Radio Transmission - Paula Januszkiewicz

IT Security Myths - "How you are helping your enemy" - Joe Vest

Splinter the RAT Attack: Creating Custom RATs to Exploit the Network - Solomon Sonja

Policy Defined Segmentation with Metadata - Scott Kirby

Cyber Attack Mitigation - Christopher Elisan

08/12/2014 Defcon Wireless Village 2014 (Defcon 22) Videos
These are the videos from the Defcon Wireless Village 2014 (Defcon 22). Thanks to the Village People for putting on the event, especially Maeltac for recording.


So ya wanna get into SDR? - Russell Handorf

Pentoo Primer - Village People

802.11ac Evolution: Data rates and Beamforming - Eric Johnson

Practical Foxhunting 101 - SimonJ

Pwn Phone: gg next map - Timothy Mossey

Hacking 802.11 Basics - Benjamin Smith

UAV-Assisted Three-Dimensional Wireless Assessments - Scott Pack & Dale Rowe

Manna from Heaven; Improving the state of wireless rogue AP attacks - Dominic White & Ian de Villiers

ApiMote: a tool for speaking 802.15.4 dialects and frame injection - Ryan Speers & Sergey Bratus

Pineapple Abductions - Craig Young

Choosing your next antenna, types, power, sizes, the truth. - Raul J Plà

Introduction to the Nordic nRF24L01+ - Larry Pesce

Driver-less Wireless Devices - Dominic Spill & Dragorn

Hacking the Wireless World with Software Defined Radio - 2.0 - Balint Seeber

The NSA Playset: Bluetooth Smart Attack Tools - Mike Ryan

PortaPack: Is that a HackRF in your pocket? - Jared Boone

PHYs, MACs, and SDRs - Robert Ghilduta

SDR Tricks with HackRF - Michael Ossmann

SDR Unicorns Panel - Robert Ghilduta & Michael Ossmann & Balint Seeber

Inside The Atheros WiFi Chipset - Adrian Chadd

08/11/2014 BSides Las Vegas 2014 Videos
These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.

@bsideslv, @banasidhe, @jack_daniel, @SciaticNerd and all my video crew

Breaking Ground

Opening Keynote -- Beyond Good and Evil: Towards Effective Security - Adam Shostack

USB write blocking with USBProxy - Dominic Spill

Allow myself to encrypt...myself! - Evan Davison

What reaction to packet loss reveals about a VPN - Anna Shubina • Sergey Bratus

Untwisting the Mersenne Twister: How I killed the PRNG - moloch

Anatomy of memory scraping, credit card stealing POS malware - Amol Sarwate

Cluck Cluck: On Intel's Broken Promises - Jacob Torrey

A Better Way to Get Intelligent About Threats - Adam Vincent

Bring your own Risky Apps - Michael Raggo • Kevin Watkins

Invasive Roots of Anti-Cheat Software - Alissa Torres

Vaccinating Android - Milan Gabor • Danijel Grah

Security testing for Smart Metering Infrastructure - Steve Vandenberg • Robert Hawk

The Savage Curtain - Tony Trummer • Tushar Dalvi

We Hacked the Gibson! Now what? - Philip Young

Closing Keynote It\'s A S3kr37  (Not recorded :( )

Proving Ground

#edsec: Hacking for Education - Jessy Irwin

So, you want to be a pentester? - Heather Pilkington (Not Recorded)

Securing Sensitive Data: A Strange Game - Jeff Elliot

Brick in the Wall vs Hole in the Wall - Caroline D Hardin

Cut the sh**: How to reign in your IDS. - Tony Robinson/da_667

Geek Welfare -- Confessions of a Convention Swag Hoarder - Rachel Keslensky

No InfoSec Staff? No Problem. - Anthony Czarnik

Can I Code Against an API to Learn a Product? - Adrienne Merrick-Tagore

Bridging the Air Gap: Cross Domain Solutions - Patrick Orzechowski

Back Dooring the Digital Home - David Lister

iOS URL Schemes: omg:// - Guillaume K. Ross

Oops, That Wasn't Suppossed To Happen: Bypassing Internet Explorer's Cross Site Scripting Filter - Carlos Munoz

What I've Learned As A Con-Man - MasterChen

Training with Raspberry Pi - Nathaniel Davis

Black Magic and Secrets: How Certificates Influence You! - Robert Lucero

Attacking Drupal  -Greg Foss

Hackers vs Auditors - Dan Anderson

Third-Party Service Provider Diligence: Why are we doing it all wrong? - Patrice Coles

Pwning the hapless or How to Make Your Security Program Not Suck - Casey Dunham • Emily Pience

Teach a man to Phish... - Vinny Lariza

The Lore shows the Way - Eric Rand

Common Ground

SHA-1 backdooring and exploitation - Jean-Philippe Aumasson

Evading code emulation: Writing ridiculously obvious malware that bypasses AV - Kyle Adams

Security Management Without the Suck - Tony Turner • Tim Krabec

Vulnerability Assessments on SCADA: How i 'owned' the Power Grid. - Fadli B. Sidek (not posted)

Malware Analysis 101 - N00b to Ninja in 60 Minutes - grecs

Travel Hacking With The Telecom Informer - TProphet

The untold story about ATM Malware - Daniel Regalado

Using Superpowers for Hardware Reverse Engineering - Joe Grand

Why am I surrounded by friggin' idiots?!? (Because you hired them!) - Stephen Heath

Demystiphying and Fingerprinting the 802.15.4/ZigBee PHY - Ira Ray Jenkins • Sergey Bratus

Insider Threat Kill Chain: Human Indicators of Compromise - Ken Westin

A Place to Hang Our Hats: Security Community and Culture - Domenic Rizzolo

Booze, Devil's Advocate, and Hugs: the Best Debates Panel You'll See at BSidesLV 2014 - David Mortman • Joshua Corman • Jay Radcliffe • Zach Lanier • David Kennedy

Pwning the Pawns with WiHawk - Santhosh Kumar • Anamika Singh (Missing?)

Ground Truth

The Power Law of Information - Michael Roytman

Measuring the IQ of your Threat Intelligence feeds - Alex Pinto • Kyle Maxwell

Strategies Without Frontiers - Meredith L. Patterson

ClusterF*ck - Actionable Intelligence from Machine Learning - Mike Sconzo

Know thy operator - Misty Blowers

Improving security by avoiding traffic and still get what you want in data transfers - Art Conklin

The Semantic Age - or - A Young Ontologist's Primer

I Am The Cavalry Q&As

07/20/2014 BSides Cleveland 2014 Videos
These are the videos from the Bsides Cleveland conference. Thanks to  &  as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.

Keynote: Destroying Education and Awareness - David Kennedy

Track 1

APT2 - Building a Resiliency Program to Protect Business - Edward McCabe

Threat Models that Exercise your SIEM and Incident Response - J. Wolfgang Goerlich and Nick Jacob

Fun with Dr. Brown - Spencer McIntyre

Malware Evolution & Epidemiology - Adam Hogan

Plunder, Pillage and Print - The art of leverage multifunction printers during penetration testing - Deral Heiland

Seeing Purple: Hybrid Security Teams for the Enterprise - Mark Kikta (Not posted)

Attacking and Defending Full Disk Encryption - Tom Kopchak

Track 2

Phishing Like a Monarch With King Phisher - Brandon Geise and Spencer McIntyre

The importance of threat intel in your information security program - Jamie Murdock

Lockade: Locksport Electronic Games - Adrian Crenshaw

Pentesting Layers 2 and 3 - Kevin Gennuso and Eric Mikulas

Cleveland Locksport - Jeff Moss, Doug Hiwiller, and Damon Ramsey

Hacking Diversity - Gregorie Thomas

PowerShell: cool $h!t - Zach Wojton

Thinking Outside the Bunker: Security as a practice, not a target - Steven Legg

Password Defense: Controls your users won’t hate - Nathaniel Maier

Am I an Imposter? - Warren Kopp



OISF 2014 Videos
These are the videos from the OISF Anniversary Event


For the Love of God, DEFEND YOUR MOBILE APPS! Part 2 - Jerod Brennen

Destroying Education and Awareness - Dave Kennedy

Lockade: Electronic Games for Locksport - Adrian Crenshaw

Modern Times: Passwords - Tom Webster

Praeda to PraedaSploit: The embedded device data Harvesting tool for the masses - Deral Heiland “Percent_X”

06/15/2014 Circle City Con 2014 Videos

These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Oddjob, Glenn, James, Mike, Nathan, Chris and Branden for helping set up AV and record.


Conference Opening

Keynote - Beau Woods

Containing Privileged Processes with SELinux and PaX and Attacking Hardened Systems - Parker Schmitt

Whitelist is the New Black - Damian Profancik

Developing a Open Source Threat Intelligence Program - Edward McCabe

Blurred Lines- When Digital Attacks Get Physical - Phil Grimes

Hackers, Attack Anatomy and Security Trends - Ted Harrington

Exploring the Target Exfiltration Malware with Sandbox Tools - Adam Hogan

Day 2

From Grunt to Operator - Tom Gorup

Moving the Industry Forward - The Purple Team - David Kennedy

Software Assurance Marketplace (SWAMP) - Von Welch

OWASP Top 10 of 2013- It’s Still a Thing and We’re Still Not Getting It - Barry Schatz

Tape Loops for Industrial Control Protocols - K. Reid Wightman

OpenAppID- Open Source Next Gen Firewall with Snort - Adam Hogan

Challenge of Natural Security Systems - Rockie Brockway

InfoSec Big Joke - 3rd Party Assessments - Moey (Not recorded)

How to create an attack path threat model - Wolfgang Goerlich

Day 3

Are You a Janitor or a Cleaner - John Stauffacher / Matt Hoy

Ain’t No Half-Steppin’ - Martin Bos

Track 2

Competitive Hacking- why you should capture the flag - Steve Vittitoe

3 Is a Magic Number (or your Reality Check is About to Bounce) - Edward McCabe

The TrueCrypt audit- How it happened and what we found - Kenneth White

Seeing Purple- Hybrid Security Teams for the Enterprise - Mark Kikta (Beltface)

Eyes on IZON- Surveilling IP Camera Security - Mark Stanislav

Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT) - Benjamin Brown

Day 2

Hackers Are People Too - Amanda Berlin

gitDigger- Creating useful wordlists and hashes from GitHub repositories - Jaime Filson

Retrocomputing And You - Machines that made the ‘net - Pete Friedman

Doge Safes- Very Electronic, Much Fail, WOW! - Jeff Popio

Human Trafficking in the Digital Age - Chris Jenks

Keys That Go *Bump* In The Night - Loak

How Hackers for Charity (Possibly) Saved Me a LOT of Money - Branden Miller & Emily Miller

Ten Commandments of Incident Response (For Hackers) - Lesley Carhart

Threat Modeling- Fear, Fun, and Operational - James Robinson

Decrypting Communication- Getting Your Point Across to the Masses - Katherine Cook Frye

How often should you perform a Penetration Test - Jason Samide

Proactive Defense - Eliminating the Low Hanging Fruit - Matt Kelly

Active Directory- Real Defense for Domain Admins - Jason Lang

Day 3

Profiling Campus Crime - Chris J., Jason J., Katelyn C.,Alex H.

Proper Seasoning Improves Taste - James Siegel

Executive Management Manaing the Executives Beau Woods & Engaging the Media API Steve Ragan

06/06/2014 And We're Back!
Looks my account is reinstated. Let me know if any videos seem to be deleted.
Hi there,

After a review of your account, we have confirmed that your YouTube account is not in violation of our Terms of Service. As such, we have unsuspended your account. This means your account is once again active and operational.

If you forgot your password, please visit this link to reset it:


The YouTube Team

©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066




Google & Youtube

I woke up today to find a bunch of Facebook/Twitter messages that said my Youtube account was suspended. If you know someone at Google who can directly help me, let me know (their email support fails the Turing test). These are the messages I got from them.

YouTube | Broadcast Yourself™

Regarding your account: Adrian Crenshaw

The YouTube Community has flagged one or more of your videos as inappropriate. Once a video is flagged, it is reviewed by the YouTube Team against our Community Guidelines. Upon review, we have determined that the following video(s) contain content in violation of these guidelines, and have been disabled:

Your account has received one Community Guidelines warning strike, which will expire in six months. Additional violations may result in the temporary disabling of your ability to post content to YouTube and/or the permanent termination of your account.

For more information on YouTube's Community Guidelines and how they are enforced, please visit the help center.

Please note that deleting this video will not resolve the strike on your account. For more information about how to appeal a strike, please visit this page in the help center.


The YouTube Team

Copyright © 2014 YouTube, LLC


We'd like to inform you that due to repeated or severe violations of our Community Guidelines (http://www.youtube.com/t/community_guidelines) your YouTube account Adrian Crenshaw has been suspended. After review we determined that activity in your account violated our Community Guidelines, which prohibit spam, scams or commercially deceptive content. Please be aware that you are prohibited from accessing, possessing or creating any other YouTube accounts. For more information about account terminations and how our Community Guidelines are enforced, please visit our Help Center at https://support.google.com/youtube/bin/answer.py?answer=92486&hl=en.
©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066


Come on Guys! is it just because of viagra in the title? Please get our InfoSec videos back up! (pun intended)


BSides Nashville 2014 Videos
These are the videos BSides Nashville 2014 Videos. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Don Baham, Gabe Bassett and Some Ninja Master for helping set up AV and record.

Main Hall

Welcome to BSides Nashville
BSides, Harmonicas, and Communication Skills - Jack Daniel
Closing Ceremonies

INFOSEC 101 Track

Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields - Eve Adams
Learn From Your Mistakes - Adam Len Compton
Beating the Infosec Learning Curve Without Burning Out - Scott Thomas
Sun Tzu was a punk! Confucius was an InfoSec rockstar! - Branden Miller
Around the world in 80 Cons - Jayson E Street Not Recorded

INFOSEC 418 Track

Making Mongo Cry: Automated NoSQL exploitation with NoSQLMap - Russell Butturini
Buy Viagra! - Matt Smith
How do I hack thee? Let me count the ways - Stewart Fey
Healthcare Security, which protocal? - Adam John
Why you can't prove you're PWND, but you are! - Ben Miller

INFOSEC 429 Track

Bending and Twisting Networks - Paul Coggin
Succeeding with Enterprise Software Security Key Performance Indicators - Rafal Los
Scaling Security in the Enterprise: Making People a Stronger Link - Kevin Riggs
Closing the time to protection gap with Cyber Resiliency - John Pirc Did not happen, replaced with:
Applying analog thinking to digial networks Winn Schwartau (@winnschwartau)
Seeing Purple: Hybrid Security Teams for the Enterprise - Mark Kikta

05/11/2014 Nmap Class for Hackers For Charity
This is the Nmap class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin @webpwnized, Martin Bos @purehate_ and me @irongeek_adc. If you like the videos, please consider donating to Hackers For Charity.

ShowMeCon 2014 Videos
These are the videos ShowMeCon 2014. Thanks to Renee & Dave Chronister (@bagomojo), Ben Miller (@Securithid) and others for having me out to record and speak. Also thanks to my video crew Josh Tepen, Robert Young, Kali Baker, Andrew Metzger & Brian Wahoff.

Introduction - Parameter
Hacking Hollywood - Ralph Echemendia
Give Me Your Data - Dave Chronister
Terminal Cornucopia: Demystifying The Mullet - Evan Booth
Thinking Outside The (Sand)Box - Kyle Adams
Protecting The Seams: Military Doctrine Applied To Application And Network Security - Paul Vencill
Start With The BPT Then Worry About The APT! - Kevin Cardwel
Introduction - Parameter (Rolled in with next talk)
Cognitive Injection - Andy Ellis
Inside The World’S Most Dangerous Search Engine - John Matherly
Hacking To Get Caught: A Concept For Adversary Replication And Penetration Testing - Raphael Mudge
Power-Ups And Princesses: What Video Games Taught Me About Building A Security Awareness Program - Aamir Lakhani
Powershell And You: Using Microsoft’S Post-Exploitation Language - Chris Campbell
Dropping Docs On Darknets: How People Got Caught - Adrian Crenshaw
Around The World In 80 Cons - Jayson E Street (not recorded)
Threat Modeling In The C-Suite, A Practical Guide - Erick Rudiak (pending review)
The Call Of Community: Modern Warfare - Ben0xa 
Physical (In)Security - It’S Not All About Cyber - Inbar Raz
Bending And Twisting Networks - Paul Coggin
Here, Let Me Hold That For You. Consumer Metadata And Its Dangers - Robert Reed

04/28/2014 BSides Chicago 2014 Videos
These are the videos from the BSides Chicago conference. Thanks to all of the BSides organizers @elizmmartin and  @securitymoey for having me out to help record and render the videos. Also big thanks to the @BSidesChicago A/V crew Chris Hawkins
@Lickitysplitted, Todd Haverkos @phoobar, Jason Kendall @coolacid and Asim.

Aligning Threats and Allies through Stories - J Wolfgang Goerlich and Steven Fox - @jwgoerlich @securelexicon

The Ultimate INFOSEC Interview: "Why must I be surrounded by frickin' idiots?" -- Dr. Evil, 1997 - Stephen Heath - @dilisnya

Call of Community: Modern Warfare - Matt Johnson & Ben Ten - @mwjcomputing @Ben0xA

How To Win Friends and Influence Hackers - Jimmy Vo - @JimmyVo

Checklist Pentesting; Not checklist hacking - Trenton Ivey - @trentonivey

Seeing Purple: Hybrid Security Teams for the Enterprise - Belt - @b31tf4c325

Looking for the Weird - Charles Herring - @charlesherring

InfoSec Big Joke: 3rd Party Assessments - moey - @securitymoey

Bypassing EMET 4.1 - Jared DeMott - @jareddemott

Comparing Risks to Risks - Why Asset Management Is Broken and How to Fix It. - Michael Roytman - @mroytman

Bioinformatics: Erasing the line between biology and hacking - Krystal Thomas-White and Patrick Thomas - @coffeetocode

Building an AppSec Program from Scratch - Chris Pfoutz - @cpfoutz

Minecraft Security - Riese Goerlich

The SMB Security Gap - Mike Kavka - @SiliconShecky

Everything I Ever Needed to Know About Infosec, I Learned from Hollywood - Tom Ervin - @TechByTom

Sit, stay, proxy. Good beagle. Why I love the beaglebone black and why you should too. - Colin Vallance - @_CRV

Hacking Diversity in InfoSec - Greg Thomas - @minossec

04/13/2014 Notacon 11 (2014) Videos
These are the videos from the 11th Notacon conference held April 10th-13st, 2014. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: Securi-D, Ross, KP, Jeff and myself (Let me know who else to add).

Track 1

Big Data Technology - The Real World ‘Minority Report’ - Brian Foster

Naisho DeNusumu (Stealing Secretly) - Exfiltration Tool/Framework - Adam Crompton

Wireless Mesh Protocols - Alex Kot

MDM is gone, MAM is come. New Challenges on mobile security - Yury Chemerkin

Moving the Industry Forward - The Purple Team - David Kennedy

Pwning the POS! - Mick Douglas

Nindroid: Pentesting Apps for your Android device - Michael Palumbo

Building a private data storage cloud - Michael Meffie

Lessons Learned Implementing SDLC - and How To Do It Better - Sarah Clarke

Plunder, Pillage and Print - Deral Heiland & Peter Arzamendi

Microsoft Vulnerability Research: How to be a finder as a vendor - Jeremy Brown & David Seidman

SMalware Analysis 101 - N00b to Ninja in 60 Minutes - grecs

Omega - A Universe Over IP - Mo Morsi

IRS, Identity Theft, and You (or Someone Pretending to Be You). - 123-45-6789

Track 2

All About the Notacon Badge -Sam Harmon

Collaboration between Artificial Intelligence and Humans: How to cure every disease within 50 years - Joe O’Donnell

Science “Fair” - The Nomad Clan

Hacking Your Way Into the APRS Network on the Cheap - Mark Lenigan

Dominate! (Or let your computer do it for you.) - Paul Jarc

Wearable Technology as Art for Countersurveillance, Cinemaveillance, and Sousveillance - Ross Bochnek

3D Printing for Work and Fun (temp title) - Mirabela Rusu

Comparing “Go Green” With “Common Sense” - Suellen Walker

Living in the Future: It seems to be in Beta - Jeff Goeke-Smith

A Brief Introduction to Game Theory - Charlotte DeKoning - Beyond Using The Buddy System - Holly Moyseenko & Kris Perch


03/27/2014 Lockade: Locksport Electronic Games
This page is mostly going to be a place holder till I get all the games up. Gamification can make learning more fun, and some people are inspired and motivated by competition. This talk will be on integrating hobbyist electronics with lock picking games. We will show rough schematics, release code, and invite people to play the games at cons.
03/10/2014 ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python) Updated
Mostly updated for longer timeouts and to use "more system:run" so you can save passwords in the configs too. You should now just have to edit the commandonall and prefixonall to set the script up to run a given command on a series of Cisco ASAs in every context.


So does IU Southeast and Indiana University take Linda Christiansen's plagiarism seriously?
The answer is apparently no. I've includes my emails with IU officials on the matter. Apparently, plagiarism is ok at IU/Indiana University Southeast if you are tenured faculty and it's only a business law and ethics syllabus.
02/10/2014 BSides Huntsville 2014 Videos
These are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon and all of the BSides Crew for having me out to help record and render the videos. Sorry for the bad sound, we had to go ambient in a crowded room.

BSides Huntsville 2014 - Intro

Building The Future of P-12 Cyber Education - Dr. Casey Wardynski

Cyber Security Program At HAH - Dr. Ray Vaughn

1337 in the Library: Obtaining your information security education on the cheap - Adrian Crenshaw @irongeek_adc

Zero to Hero: Breaking into the security Field - Jeremy Conway

Certifications in Cybersecurity - Adam Wade Lewis

Trojans - The Forgotten Enemy - Dave Chronister

The Amazing Cybermen - Ben McGee

Why you are pwn’d and don’t know it! - Ben Miller

Cyber Security, What's The Fuss? - Deborah William

HTTPS: Now You See Me - Tim Mullican

Introduction to hacking with PowerShell - Scott Busby

All You Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches - Valerie Thomas - @hacktress09

Digital Energy BPT - Paul Coggin
02/01/014 Intro to Darknets: Tor and I2P Workshop
This class introduces students to the I2P and Tor Darknets. We cover setting up Tor & I2P, the basics of use, and how to make hidden services. We also go over case examples like Eldo Kim Harvard & the Harvard Bomb Threat, Hector Xavier Monsegur (Sabu)/Jeremy Hammond (sup_g) & LulzSec, Freedom Hosting & Eric Eoin Marques and finally Ross William Ulbricht/“Dread Pirate Roberts” of the SilkRoad, to explain how people have been caught and how it could have been avoided.
01/30/2014 10 Years Of Irongeek.com
Today marks the 10th anniversary of Irongeek.com's existence. Also, the Intro to I2P/Tor Workshop Notes have been updated.

ShmooCon Firetalks 2014
These are the videos for the ShmooCon Firetalks 2014. Day 2 I overslept, but Squidly1 got me copies from Ted's recordings ( http://www.MediaArchives.tv ).

Thanks to:

Day 1

Welcome grecs
Eyes on IZON: Surveilling IP Camera Security - Mark “@markstanislav” Stanislav
Get Out of Jail Free Cards? What Aviation Can Teach Us About Information Sharing - Bob “@strat” Stratton
Crossing the Streams with State Machines in IDS Signature Languages - Michael “@michaelrash” Rash
Another Log to Analyze - Utilizing DNS to Discover Malware in Your Network - Nathan “@HackHunger” Magniez
Windows Attacks: AT is the New Black - Rob “@mubix” Fuller
Weaponizing Your Pets: War Kitteh and the Denial of Service Dog - Gene “@gbransfield” Bransfield
Women's Tech Collective, and Gender Equality in Tech - Sarah “@dystonica” Clarke

Day 2

Welcome grecs
You Name It, We Analyze It - Jim “@JimGilsinn” Gilsinn
Having Your Cake and Eating It Too: FOIA, Surveillance, and Privacy - Michael “@theprez98? Schearer
Building An Information Security Awareness Program From Scratch - Bill “@oncee” Gardner
TrendCoins: Making Money on the Bitcoin/Altcoin Trends - Zac “@ph3n0? Hinkel
Writing Your Own Disassembler in 15 Minutes - Jay “@computerality” Little

01/17/2014 Installing Nessus on Kali Linux and Doing a Credentialed Scan
I recorded this video twice. First time, the sound was hideous when the fan came on. I decided to re-record it and post both versions. I cover installing Nessus on Kali Linux and doing Nessus credentialed scans using Windows passwords and Linux SSH keys.
01/13/2014 Update of the Linda Christiansen Plagiarism case in the article Critically Plagiarizing?: Ideas On Spotting Plagiarism
Just a small update after I got some data back from my open records request.

SkyDogCon 2013 Videos
Here are the videos from SkyDogCon 3. Thanks to all of the SkyDogCon crew, especially @pentestfail who was in charge of video (I just spoke at this con, and killed my brain and liver cells). @pentestfail may still be working on some of the missing videos, so I plan to update this page later

Opening Remarks & Hack the Badge

Curtis Koenig: Hacking Your Career

Nathan Magniez: Alice in Exploit Redirection Land: A Trip Down the Rabbit Hole

Explanation of Contests

Security Phreak & SkyDog: The Dark Arts of OSINT

G. Mark Hardy: How the West was Pwned

Winn Schwartau: I Survived Rock and Roll!

Jon Callas: Do You Want to Know a Secret?

Billy Hoffman: Start Ups and Lessons Learned

Panel Talk: Building and Growing a Hacker Space With: l0stkn0wledge, Dave Marcus, and SkyDog

IronGeek & SkyDog: Con Video Rig Enhancements

Evan Booth: Terminal Cornucopia

Deviant Ollam: Android Phones Can Do That?!?: Custom Tweaking for Power Security Users

Branson Matheson: Hacking Your Minds & Emotions

Billy Hoffman: Inside the Hacker’s Studio Interviews Dave Marcus: Director and Chief Architect of Threat Research and Intelligence for McAfee®'s Federal Advanced Programs Group

Josh Schroeder: CCTV: Setup Attack Vectors and Laws

Travis Goodspeed: Building an Actively Antiforensic iPod

Branden Miller: NSA Wiretaps Are Legal and Other Annoying Facts


Vivek Shandilya: Lightning Talks

Charline Nixon: Lightning Talks

Chris Anderson: Operational Security and Your Mental Health

Michael Raggo: Data Hiding and Steganography

Closing Remarks / Good-Byes

12/26/2013 Intro to I2P/Tor Workshop Notes Updated
I'm working on updating my I2P/Tor Workshop Notes for a class I'll be doing soon. Please look at them and offer suggestions on extra topics I should cover.
12/26/2013 IU Southeast School of Business to offer an MIS (Management Information Systems) Masters degree? Yes, same people behind the IUS MBA.
I recently heard that IU Southeast is planning to offer an MIS (Management Information Systems) Masters degree. While I think their Computer Science and Informatics Schools seem good, since the degree would be co-ran by the School of Business I would not recommend it to anyone in the Louisville area under its current leadership. Anyplace where an IU Southeast Business Law & Ethics instructor appears to plagiarize on her own syllabus that warns that students will be instantly failed for plagiarism, and asking simple questions about laws as it relates to technology is considered "excessive us of jargon", is not a good place for IT people (and especially security people concerned with integrity) to be. While the School of Business at IUS has its current leadership, I strongly recommend that you steer clear if you really want to learn. Just figured I'd help others not go through the same things I did there.
12/14/2013 Intro to Metasploit Class at IU Southeast
This is a class we did to introduce students to Metasploit at IU Southeast. Special guest lecturer Jeremy Druin (@webpwnize). To follow along, I recommend downloading Kali Linux.
12/02/2013 Critically Plagiarizing?: Ideas On Spotting Plagiarism
Just a few tips for how to find plagiarism online, thanks to my old IU Southeast Business Law & Ethics teacher Linda Christiansen for giving me the example material.

BSides Delaware 2013 Videos
These are the videos from the BSides Delaware conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.

@bsidesde, @kickfroggy, @quadling

110 Years of Vulnerabilities 
Brian Martin, aka Jericho
HTML 5 Security
Justin Klein Keane @madirish2600

Cloud - Business and Academia - Bringing it all together
Cloud Security Alliance - Delaware Valley Board

Uncloaking IP Addresses on IRC
Derek Callaway @decalresponds

Baking, even more, Clam(AV)s for Fun & Profit.
Nathan Gibbs @Christ_Media

Introducing Intelligence Into Your Malware Analysis
Brian Baskin
ANOTHER Log to Analyze - Utilizing DNS to detect Malware in Your Network
Nathan Magniez @HackHunger

Software Security: Game Day.
Evan Oslick @eoslick

Winning isn't Everything: How Trolling can be as much Fun
Joey @l0stkn0wledge
Antipwny: A Windows Based IDS/IPS for Metasploit
Rohan Vazarkar & David Bitner

Playing the Forensics Game: Forensic Analysis of Gaming Applications For Fun and Profit
Peter Clemenko III

Project.Phree: Phucking the NSA
BTS (square-r00t)

Hacking Benjamins (Intro to Bitcoin)
Bob Weiss @pwcrack

Wireless Penetration Testing For Realz

How to Become an Unwitting Accomplice in a Phishing Attack
Mark Hufe @hufemj

LinkedAllUpIn Your Email

Growing Up In The Information Security Community 
11/01/2013 ISSA Kentuckiana - RESTful Web Services - Jeremy Druin - @webpwnized
Jeremy Druin (@webpwnize) gave the following presentation at the Nov 2013 meeting of the Kentuckiana ISSA.
10/30/2013 Circle City Con (http://circlecitycon.com) Hacker/Security Conference happening on June 13-15, 2014, Hyatt Regency, Indianapolis Indiana
Looks like I have another almost local con to go to, Circle City Con in Indy! I'll be doing video baring unforeseen circumstances, and may toss something into their CFP (please consider sending something in). More info at http://circlecitycon.com or Twitter stalk them at @CircleCityCon.


The Rest of the Hack3rcon^4 Videos
Here are there rest of the videos from Hack3rcon^4

ANOTHER Log to Analyze - Utilizing DNS to Identify Malware - Nathan Magniez

Netsniff-NG - Jon Schipp

SDRadio: Playing with your Dongle - An Introduction to Software Defined Radio Using Cheap TV Tuner Cards - Justin Rogosky

10/20/2013 Hack3rcon^4 Videos
As I post them, they will be at the link above. So far we have:

Advanced Evasion Techniques - Pwning the Next Generation Security Products - David Kennedy

Imaging a Skyscraper - Brian Martin

Character Assassination: Fun and Games with Unicode - Adrian Crenshaw

MS08-067 Under the Hood - John Degruyter

NSA Wiretaps are Legal and Other Annoying Facts - Branden Miller

Red Teaming Your Bug-Out Bag - Tom Moore

Making it Rain and Breaching the Levees - K.C. Yerrid

10/07/2013 Louisville InfoSec 2013 Videos Mostly Up

These are the videos from Louisville Infosec 2013 conference. There are not all up yet, but this is my place holder.

Mobile Security and the Changing Workforce - Matthew Witten

Burn it Down! Rebuilding an Information Security Program - Dave Kennedy (Pending review)

Weaponized Security - Kellman Meghu

Information Security in University Campus and Open Environments - Adrian Crenshaw

Past Due: Practical Web Service Vulnerability Assessment for Pen-Testers, Developers, and QA - Jeremy Druin (Pending finished upload)

STRC: The Security Training and Research Cloud - Jimmy Murphy

Assessing Mobile Applications with the MobiSec Live Environment - Nathan Sweeney

Attacking iOS Applications - Karl Fosaaen

Can cloud and security be used in the same sentence? - Joshua Bartley

Breaking SCADA Communications - Mehdi Sabraoui

FBI - InfraGard - Current Cyber Trends

How Do I Get There from Here? Security-to-Privacy Career Migration - Michael Carr

Assessing the Risk of Unmanaged Devices (BYOD) - Pete Lindstrom

Acquisitions…your latest zero day - Mitch Greenfield/Scott MacArthur

NIST and your risky application - Conrad Reynolds

Convergence: Configurations, Vulnerabilities and Unexpected Changes - Brian Cusack

What Healthcare Can Learn from the Banking Industry - Jim Czerwonka

Eliminating Data Security Threats And BYOS - David Braun


10/04/2013  Derbycon 3.0 Videos Tracks 3, 4, 5 & Stable Talks Posted

Track 3 (Teach Me)
It's Only a Game: Learning Security through Gaming - Bruce Potter
Ooops - Now What? :: The Stolen Data Impact Model (SDIM) - Brent Huston
Anti-Forensics: Memory or something - I forget. - int0x80
The Mysterious Mister Hokum - Jason Scott
Appsec Tl;dr - Gillis Jones
DIY Command & Control For Fun And *No* Profit - David Schwartzberg
IPv6 is here (kind of) - what can I do with it? - Dan Wilkins
Dancing With Dalvik - Thomas Richards
Big Hugs for Big Data - Davi Ottenheimer
Antivirus Evasion: Lessons Learned - thelightcosine
Jared DeMott - Is Auditing C/C++ Different Nowadays?
Getting Schooled: Security with no budget in a hostile environment - Jim Kennedy
Browser Pivoting (FU2FA) - Raphael Mudge
Taking the BDSM out of PCI-DSS Through Open-Source Solutions - Zack Fasel & Erin “SecBarbie” Jacobs
John Strand - Hacking Back - Active Defense and Internet Tough Guys
An Encyclpwnia of Persistence - Skip Duckwall & Will Peteroy
Your Turn! - Johnny Long - HFC
Practical File Format Fuzzing - Jared Allar
Surviving the Dead - Christopher ‘EggDropX’ Payne
How can I do that? Intro to hardware hacking with an RFID badge reader - Kevin Bong
A SysCall to ARMs - Brendan Watters
The Netsniff-NG Toolkit - Jon Schipp
Why Dumpster Dive when I can pwn right in? - Terry Gold

Track 4 (The 3-Way)     
Pigs Don’t Fly - Why owning a typical network is so easy - and how to build a secure one. - Matt “scriptjunkie” Weeks
Finding The Signal in the Noise: Quantifying Advanced Malware - Dave Marcus
Applying the 32 Zombieland Rules to IT Security - Larry Pesce
Windows 0wn3d By Default - Mark Baggett
Android 4.0: Ice Cream “Sudo Make Me a” Sandwich - Max Sobell
Attacking the Next Generation Air Traffic Control System; Hackers - liquor and commercial airliners. - Renderman
Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) - Trenton Iveys
Hello ASM World: A Painless and Contextual Introduction to x86 Assembly - nicolle neulist (rogueclown)
SQL injection with sqlmap - Conrad Reynolds CISA
The Internet of Things: Vulns - Botnets and Detection - Kyle Stone (@essobi) - Liam Randall
The Malware Management Framework - a process you can use to find advanced malware. We found WinNTI with it! - Michael Gough and Ian Robertson
Hack the Hustle! - Eve Adams
Operationalizing Security Intelligence in the Enterprise- Rafal Los
New Shiny in the Metasploit Framework - egypt
Everything you ever wanted to know on how to start a Credit Union - but were afraid to ask. - Jordan Modell
A developer’s guide to pentesting - Bill Sempf
Steal All of the Databases. - Alejandro Caceres
Sandboxes from a pen tester’s view - Rahul Kashyap
iOS Reverse #=> iPWn Apps - Mano ‘dash4rk’ Paul
Terminal Cornucopia - Evan “treefort” Booth
Wait; How is All This Stuff Free?!? - Gene Bransfield

Track 5 - Hybrid Room     
Building An Information Security Awareness Program from Scratch - Bill Gardner - Valerie Thomas
Malware : testing malware scenarios on your network - Tony Huffman (@myne_us) - Juan Cortes (@kongo_86)
Password Intelligence Project - Advanced Password Recovery and Modern Mitigation Strategies - John Moore “Rabid Security”
Tizen Security: Hacking the new mobile OS - Mark Manning (AntiTree)
RAWR - Rapid Assessment of Web Resources - Adam Byers - Tom Moore
Decoding Bug Bounty Programs - Jon Rose
Patching Windows Executables with the Backdoor Factory - Joshua Pitts
Jason Scott - Defcon Documentary Q&A
Panel: Building and Growing a Hacker Space - Joey Maresca - Dave Marcus - Nick Farr - SkyDog
SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. - Jacob Holcomb
Put Me In Coach: How We Got Started In Infosec - pr1me - Chris “g11tch” Hodges - Frank Hackett - Dave “ReL1K” Kennedy
Alice Goes Deeper (Down the Rabbit Hole) - Redirection 2.0 - Nathan Magniez
Emergent Vulnerabilities: What ant colonies - schools of fish - and security have in common. - Nathaniel “Dr. Whom” Husted
Why Your IT Bytes - Frank J. Hackett
Using Facial Recognition Software In Digital Forensics And Information Security - Brian Lockrey
How to Fight a War Without Actually Starting One - Brendan O’Connor
Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography - Nancy Snoke

Stable Talks
Gen Y:Getting Them to Talk Rather than Text at Work - Nancy Kovanic
Battle Scars And Friendly Fire: Threat Research Team War Stories - Will Gragido and Seth Geftic
Unmasking Miscreants - Allixon Nixon - Brandon Levene
gitDigger: Creating useful wordlists from public GitHub repositories - Jaime Filson (WiK)
PowerShell and Windows Throw the Best Shell Parties - Piotr Marszalik
Owning Computers Without Shell Access - Royce Davis
Sixnet Tools: for poking at Sixnet Things - Mehdi Sabraoui
Hardening Windows 8 apps for the Windows Store - Bill Sempf
Intro to Dynamic Access Control in Windows Server 2012 - Evan Anderson
Evolutionary Security - Embracing Failure to Attain “Good Enough” - Josh More
DIY Forensics: When Incident Response Morphs into Digital Forensics - John Sammons
ANOTHER Log to Analyze - Utilizing DNS to Discover Malware in Your Network - Nathan Magniez
Phishing Frenzy: 7 seconds from hook to sinker - Brandon <zeknox> McCann
Electronic Safe Fail: Common Vulnerabilities in Electronic Safes - Jeff Popio
The Good Samaritan Identity Protection Project  www.thegsipp.org - Zack Hibbard - Chris Brown and Jon Sternstein
Some defensive ideas from offensive guys. - Justin Elze and Robert Chuvala
Grim Trigger - Jeff “ghostnomad” Kirsch
A n00bie’s perspective on Pentesting… - Brandon Edmunds
My Security is a Graph - Your Argument is Invalid - Gabriel Bassett
Follow the Foolish Zebras: Finding Threats in Your Logs - Chris Larsen
Security Training and Research Cloud (STRC) - Jimmy Murphy
Passive Aggressive Defense - Jason Clark
So you want to be a pentester? - Raymond Gabler
Digital Energy - BPT - Paul Coggin
An Anti-Forensics Primer - Jason Andress
What if Petraeus was a hacker? Email privacy for the rest of us - Phil Cryer (@faker)

09/30/2013 Derbycon 3.0 Videos Tracks 1 & 2

I think I have all of tracks 1 and 2 posted:, more to come

Scanning Darkly - HD Moore (keynote)
Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World - Ed Skoudis (keynote)
Look Ma - No Exploits! - The Recon-ng Framework - Tim “LaNMaSteR53? Tomes
Practical Exploitation Using A Malicious Service Set Identifier (SSID) - Deral Heiland
JTAGulator: Assisted discovery of on-chip debug interfaces - Joe Grand
Seeing red in your future? - Ian Iamit
TMI: How to attack SharePoint servers and tools to make it easier - Kevin Johnson and James Jardine
The High Risk of Low Risk Applications - conrad reynolds
It’s Okay to Touch Yourself - Ben Ten (Ben0xA)
Collaborative Penetration Testing With Lair - Tom Steele and Dan Kottmann
Malware Automation - Christopher Elisan
What’s common in Oracle and Samsung? They tried to think differently about crypto. - L·szlÛ TÛth - Ferenc Spala
Burning the Enterprise with BYOD - Georgia Weidman
Getting the goods with smbexec - Eric Milam(brav0hax) and Martin Bos (purehate)
Shattering the Glass: Crafting Post Exploitation Tools with PowerShell - Matt Johnson
Cheat Codez: Level UP Your SE Game - Eric Smith
My Experiments with truth: a different route to bug-hunting - Devesh Bhatt
The Art and Science of Hacking Any Organization - Tyler Wrightson
Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation - Christopher Campbell & Matthew Graeber
Cracking Corporate Passwords - Exploiting Password Policy Weaknesses - Minga / Rick Redman
Ownage From Userland: Process Puppeteering - Nick Cano
) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniquesí)%00 - Roberto Salgado
Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network - SOLOMON SONYA and NICK KULESZA
Phishing Like The Pros - Luis “Connection” Santana
Raspberry Pi - Media Centers - and AppleTV - David Schuetz
Cognitive Injection: Reprogramming the Situation-Oriented Human OS - Andy Ellis
IOCAware - Actively Collect Compromise Indicators and Test Your Entire Enterprise - Matt Jezorek and Dennis Kuntz
Cash is King: Who’s Wearing Your Crown? - Tom Eston and Spencer McIntyre
Security Sucks - and You’re Wearing a Nursing Bra - Paul Asadoorian
Windows Attacks: AT is the new black - Rob Fuller and Chris Gates
How Good is Your Phish - @sonofshirt
Identifying Evil: An introduction to Reverse Engineering Malware and other software - Bart ‘d4ncind4n’ Hopper
How Im going to own your organization in just a few days. - RazorEQX
Pass-The-Hash 2: The Admin’s Revenge - Skip Duckwall and Chris Campbell
The Cavalry Is Us: Protecting the public good and our profession - Josh Corman
Love letters to Frank Abagnale (How do I pwn thee let me count the ways) - Jayson E. Street
The Message and The Messenger - James Arlen
50 Shades of RED: Stories from the "Playroom" - Chris Nickerson
Beyond Information Warfare “You Ain’t Seen Nothing Yet” - Winn Schwartau
Stop Fighting Anti-Virus - Integgroll
How the Grid Will Be Hacked - Josh Axelrod and Matt Davis
help for the helpdesk - Mick Douglas
Weaponizing your Coffee Pot - Daniel Buentello
Practical OSINT - Shane MacDougall (NOTE THAT THIS IS AN ADULT ONLY TALK - 18+ or older)
Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) - Jack D. Nichelson
Uncloaking IP Addresses on IRC - Derek Callaway

09/29/2013 Derbycon 3.0 Videos
As I get them up, you can find them here. Big thanks to my video jockeys Robin, ladymerlin, Jennifer, Sabrina, Reid, Skydog, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, MadMex, Joey, Steven, Sara, Branden Miller and Night Carnage
09/18/2013 Unicode Security Notes Page
This page has notes for my HackerHalted and Hack3rCon talk.
08/24/2013 Unicode Text Steganography Encoders/Decoders
The idea of this page is to demo different ways of using Unicode in steganography, mostly I'm using it for Twitter. :) I have some notes on the bottom about how these Unicode characters show up or get filtered by some apps. Most of the algorithms should work ok on Twitter, Facebook however seems to strip out more characters. There seems to be no perfect character set.
08/09/2013 Every Unicode Character For Fuzzing and Research
I will be doing a talk on Unicode and security at Hacker Halted, as prep work I've generated some files with ever Unicode character. I'd be interested in knowing if any of them crash apps on you. Open with care.

Every Unicode Character Blob Page or TXT file
Every Unicode Character 80 Column Page or TXT file
Every Unicode Character With Hex Page or TXT file


BSidesLV 2013 Videos
These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. @bsideslv, @banasidhe, @kickfroggy, @quadling, @jack_daniel 

"The Security Industry - How to Survive Becoming Management" - Christien Rioux

Discovering Dark Matter: Towards better Android Malware Heuristics - Jimmy Shah, David Shaw, Matt Dewitt

Mom! I Broke My Insulin Pump... Again! - Jay "Rad" Radcliffe

Dungeons & Dragons, Siege Warfare, and Fantasy Defense in Depth - Evan Davidson and Noah Schiffman

HiveMind: Distributed File Storage Using JavaScript Botnets - Sean Malone

gitDigger: Creating useful wordlists from public GitHub repositories - WiK and Mubix

Collaborative Penetration Testing With Lair - Tom Steele and Dan Kottmann

Social Aftermath Responding to Social Pwnage - Steven F. Fox

Silence Equals Death - Violet Blue

The Cavalry Isn't Coming: Starting the Revolution to Fsck it All! - Nicholas J. Percoco and Joshua Corman

A Fire In The Eye - Olli-Pekka Niemi and Antti Levomaki

Defense Evasion Modeling - Frank Artes

"Malware Management Framework" - We detected WinNTI with it! - Michael Gough

Crunching the Top 10,000 Websites' Password Policies and Controls - Steve Werby

Governments and UFOs: A Historical Analysis of Disinformation and Deception - Richard Thieme

Strange interactions in personal data: Brokers and the CFAA - Christine Dudley

Diamonds, Fitness and Cults: Manipulation for Fun and Profit - Katie Rodzon

Vulnerability & Exploit Trends: A Deep Look Inside The Data - Ed Bellis, Michael Roytman

EC2 or Bust - How to Build Your Own Pen Testing Lab in Amazon EC2 - Grecs

Techniques for Escaping the AppSec Labyrinth - Andrew Hay

The Erudite Inebriate's Guide to Life, Liberty, and the Purfuit of Happinefs - Jack Daniel

Hack the Hustle! Career Strategies for Information Security Professionals - Eve Adams

Information Sharing, or "I've got 99 problems and they're probably pretty similar to yours" - Chris Mills

Convincing Your Management, Your Peers, and Yourself That Risk Management Doesn't Suck - Josh Sokol

How embracing social media helped me stop the hackers, save the world and get the girl! - Javvad Malik

Malware Automation - Christopher Elisan

Popping the Penguin: An Introduction to the Principles of Linux Persistence - Mark Kita

Network Survival WCS - James Costello

The Slings and Arrows of Open Source Security - Tod Beardsley and Mister X

What if Petraeus was a hacker' Email privacy for the rest of us - Fak3r

Never Mind Your Diet, Cut the Crap From Your Vocabulary - Keli Hay (Brian Martin)

The 7 habits of highly effective CISOs - Franklin Tallah (Wendy Nather)

The Little Dutch Boy - D0n Quix0te (Bill E. Ghote)

Stop Shooting Blanks: No magic bullets in your arsenal - Renegade6 (Nicolle Neulist)

Flameout - Burnout Supernova - Dan Ward (Ally Miller)

The Sensual Side of 3D Printing - Kat Sweet (Javvad Malik)

Fun with WebSockets using Socket Puppet - Mister Glass (Weasel)

Using Machine Learning to Support Information Security - Alex Pinto (Joel Wilbanks)

The Truth, You Thought We Wouldn't Know' - Wolf Flight (Terry Gold)

Vulnerabilities in Application Whitelisting: Malware Case Studies - Jared Sperli and Joe Kovacic (J0hnny Brav0)

The Goodness is Baked In: Baking Assurance into Software - Ebony (Davi Ottenheimer)

Matriux Leandros:An Open Source Penetration Testing and Forensic Distribution - Prajwal Panchmahalkar (Savant42)

Sixteen Colors: Archiving the Evolution of ANSI and ASCII Art - Doug Moore (Brendan O'Connor)

You Are Being Watched! - Bharat Jogi

Calling All Researchers: A Discussion on Building a Security Research Framework - Michael "DrBearSec" Smith

Evil Empire: SIEM FTW - EggDropX and Tha CheezMan

Attribution Shmatribution! FIX YOUR SHIT! - Krypt3ia

Breach Panel - Davi Ottenheimer, Raymond Umerley, Jack Daniel, Steve Werby, David Mortman & George V. Hulme

Roll-your-own Lightning Talks

Attacking and Defending Full Disk Encryption - Tom Kopchak

Say It to My Face - Shannon Sistrunk

Alex Dreams of Risk: How the Concept of Being a Craftsman can Help you Find Meaning and Avoid Burnout - Alex Hutton

You can't make people act more securely, you can help them want to. - Ivan Campbell and Twyla Campbell

08/02/2013 BSidesLV 2013 Videos
Putting these up at the link above as I get them together. This will take a bit, 5 tracks takes time. Follow @bsideslv for more.
07/14/2013 OISF 2013 Videos

These are the videos from the OISF Anniversary Event

Webshells History, Techniques, Obfuscation and Automated Collection - Adrian Crenshaw

Kali Linux Backtrack Linux reborn - Martin Bos

Locks & Physical Security - Deviant Ollam

Leveraging Mobile Devices on Pentests - Georgia Weidman

Reverse Engineering Demystified (a little maybe) - Chris Eagle

07/04/2013 Web Shells Collection Page Updated
I'm prepping to give my Webshells talk again at OISF and TakeDownCon Rocket City. I like to update things if I give a talk more than once, so I enhanced my script to save an archived copy of the webshells in a zip file so even if the infected host cleans it up (which they really should), it can be examined later.
07/04/2013 NQSFW Free CISSP Study Guide
I'm working on studying for a CISSP, so I figured I should record my notes. As I do them, I plan to post them here. @gozes also pointed me to http://www.opensecuritytraining.info/CISSP-Main.html which looks like a damn good resource.
06/21/2013 BSides Boston Videos
While at BSidesRI I met a bunch of folks from BSidesBoston. Roy asked me to put up a link to their videos:
Next year I hope to be able to make it out there.
06/15/2013 All BSides Rhode Island Videos

Friday pre-con:

Large-scale application security - Charlie Eriksen
SMB SRMF for identifying top 10 risks - Jim Peeler
How I Do a Weekly Podcast (or Three) - Paul Asadoorian
Show and Tell: Super-Minipwner - James Edge
Opening the Treasure Chest-Attacking Network Attached Storage on a Pen Test - Russell Butturini

BSidesRI Track:

Hacking Your Neighbors for Fun! - Josh Wright
Public cloud PCI compliance or a sharp stick in the eye, which to choose? - Chris Brenton
Bite the Wax Tadpole - The importance of culture in user security - Kati Rodzon and Mike Murray
Exploiting the Top Ten Database Vulnerabilities and Misconfigurations - Josh Shaul
Exploit Development for Mere Mortals - Joe McCray
Future Trends in IT security - Ron Gula
The Freaky Economics Of Cybersecurity - Robert David Graham

PaulDotCom Track:

Booting the Booters, Stressing the Stressors - Allison Nixon and Brandon Levene
Talk More Better - Jack Daniel
Security Sucks, and You're Wearing The Nursing Bra - Paul Asadoorian (Not Recorded)
So, you want to compute post-apocalypse? - Larry Pesce & Darren Wigley
Feeling Sick? Healthcare Information Security - Roy Wattanasin
Blitzing with Your Defense - Ben Jackson
Lessons Learned: Why I became a PaulDotCom Intern and why you should become an Intern too. - Mike Perez
Learning Security on the Cheap (30 min) - Patrick Laverty

Download link coming later.

06/15/2013 BSides Rhode Island Videos
As I get them up, I'm putting them on this page above.


ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python) Updated
Updated the code to make it easier to maintain and to fix a timeout issue. Also, Arne Lovius told me about a tool called Rancid (http://www.shrubbery.net/rancid) that can do the same thing as my script and more, but I figured the sample code is still of help to some.

Indiana University (IU, IUS, IU*, Etc) Salaries
I noticed the someone visited my IU Southeast School of Business (MBA) Review page from a search for something like "IU Salaries". This made me curious as I knew Indystar had the information. Seems Indystar's page is having errors, another newspaper hides it behind a pay wall, and IU makes you login with an account AND use an on campus IP. My understanding is this information is suppose to be public, but it seem somewhat hard to find. As a public service, here is the 2012/2013 Salary information in HTML (Just for IUS) and Excel formats (all campuses) for easier parsing. Hopefully it helps alumni and the like consider if it is really a fruitful place to donate to (and how to earmark donations). For some of the pay levels, it really is a shameful waste.


Kali Linux Live Boot USB Flash Drive - Jeremy Druin
Jeremy Druin (@webpwnize) gave the following presentation on creating a persistent Kali Linux thumbdrive install for the June 2013 meeting of the Kentuckiana ISSA.

05/27/2013 Webshell Demos And Notes
This is a page I'm putting together for my TakeDownCon and OISF talks on webshells. My slides are pretty text, link, command and code heavy, so this way I can just point the attendees to this page for all the notes and links.


Webshell Collection Page Updated With Source Code
I have a script I run against my web logs periodically to see if anyone is trying to use a Remote File Include Webshell against my site. I've done some more filter work, and can now find more webshells with it. If you spot bugs in the code, please let me know. I'll also be speaking at TakeDownCon St. Louis and the OISF Anniversary Event on webshells, this is part of that project.
05/23/2013 About page and CV updated
I finished my Master of Science in Security Informatics, so I've update my "about" page and CV. Unfortunately, I did not maintain the straight A average I had in my Informatics courses (I made a B in Machine Learning, which equals calculus, linear algebra, matrix mathematics and pain), so I had to change a blurb in my IU Southeast School of Bussiness/MBA review about being a straight A student in my new program. I just wanted to have more integrity than the people at the IUS MBA program who still boast about being the 9th rated part time MBA from the Business Week ratings in 2009, forgetting to mention that they have fallen to 74th since then (University of Louisville is at 35 by the way). Now, I know my readers think I'm a little OCD about this subject, which I admit I am, but I think integrity and ethics are important in both business and infosec, especially in those who are supposed to be educating the future workforce and leadership. I don't want others looking for a Master degree in the Louisville area to go through the same things I did, at least then something good would have come from what happened to me. There is some reason to think that IUS may get better, Gil Atnip, Ruth Garvey-Nix, and Sandra R. Patterson-Randles are all either retired or retiring from their positions of power. Still, the kinds of people who seem to gravitate toward academic administration positions have a tenancy to be less than caring towards student concerns in my experience. They may be better now, one VC seems to care at least a little considering his visits to the page and another VC seemed to be a decent person in the one Philosophy class I had with him, but the current student affairs person refuses to even respond to questions. Also, people like Jay White, Jon Bingham, and Linda Christiansen are still in their positions of power in the school of business, not even chastised for their behavior. With that in mind, I still can't recommend IUS to the people I know in IT around the Louisville area. I'm really sort of torn about it, as I think the IUS Informatics and Comp-Sci programs are pretty good, and I know there a good professors out there in business, but I don't think most people are willing to speak out unless they are personally involved. If you go there for Informatics or Comp-Sci, I recommend going with one of the math science options instead of business.


ISSA Kentuckiana Web Pen-Testing Workshop
Below are the videos form the Kentuckiana ISSA's Web Pen-Testing Workshop. It was put on in part to raise funds for Hackers For Charity. A few of theses are still uploading, but should be available shortly.
Part 1: Intro to Mutillidae, Burp Suite & Injection Jeremy Druin
Part 2: SQL Injection Conrad Reynolds
Part 3: Uploading a web shell via SQLi Jeremy Druin
Part 4: Authentication Bypass via SQLi & Cookie Tampering Jeremy Druin
Part 5: Intro to Kentuckiana ISSA Jeremy Druin
Part 6: Remote File Inclusion (RFI) & Local File Inclusion (LFI) Jeremy Druin
Part 7: Webshells Demo Adrian Crenshaw
Part 8: Intros to Speakers
Part 9: HTML & Javasript Injection XSS Jeremy Druin
Part 10: XSS & BeEF Conrad Reynolds
Part 11: What we have of CSRF (Camera ran out of space, slides kept going) Jeremy Druin
Part 12: JSON injection Jeremy Druin
04/21/2013 AIDE 2013: The rest of the videos
At this point I had to leave for Notacon to record their talk and was not there to run the slide capture rig for AIDE. I shanghaied some volunteers into recording, and while they did not get the slide rig working, we have the presenter and slides on camera. Thanks for filling in.

Boring eForensic Science Items - Brian Martin

Hackers in Unganda: A Documentary (Kickstarter Project) - Jeremy Zerechak

Small Businesses Deserve Security Too - Frank Hackett

Help from the helpdesk - Mick Douglas (@bettersafetynet)

Malware Analysis Triage for n00bs - Grecs (@Grecs)

CCDC and Industry - James L. Siegel Jr. (WolfFlight)

Building an Engaging and Effective Information Security Awareness and Training Program - Bill Gardner



Notacon 10 Videos
These are the videos from the 10th Notacon conference held April 18th-21st, 2013. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, Bunsen, Fry Steve and myself (at least that is who it was last year, if you got he names for 2013 let me know).

Track 1

Model Integrated Computing (Code Generation) and how it loves you and deserves love back - Michael Walker

Guns & Privacy - Deviant Ollam

Domestic Preparedness (the zombie Apocalypse is nigh upon us) - Illustrious Niteshad & megalos

DIY Neuroscience, EMGs, EEGs, and other recordings - meecie

Hacking Your Ability to Communicate - kadiera

Lasers for Fun! Lasers for Science. Lasers for Security! - Ethan Dicks

Video Everywhere! aka The Personal Distributed HD Video Network - Woz

Esolangs - Daniel Temkin

How We Learned Security from Steve - ghostnomad, ghostnomadjr, knuckles & micronomad

Are we getting better? - Hacking Todays Technology - David Kennedy

Critical Making - Garnet Hertz

DC to Daylight: A whirlwind tour of the radio spectrum, and why it matters. - Stormgren

Skeleton Key: Transforming Medical Discussions Through 3D Printing - KK Pandya

Youthful Exploits of an early ISP - Dop & KevN

Whose Slide Is It Anyway? - nicolle @rogueclown neulist

Track 2

I Forked the Law and We All Won - Fork The Law

Make me Babyproof! - Gina “the kat” Hoang

The Maru Architecture Design: A proposed BYOD architecture for an evolving threat landscape - Michael Smith

You Keep A-Knockin’ But You Can’t Come In - grap3_ap3

Encryption for Everyone - Dru Streicher (_node)

How I Became an iOS Developer for Fun and Debt - Mark Stanilav

AR_GRAF.OBJ: a darknet for the nuEra ?? - kevin carey, shawne michaelain holloway & brian peterson

Creating professional glitch art with PoxParty - Jon Satrom & Ben Syverson

Let’s Go CSRF’n Now! - grap3_ap3

Bad Games Arcade - Jake Eliott

The Winamp Imperative - Yoz (sorry, audio died at 6:09)

04/18/2013 AIDE 2013
I got to record and put up a few videos from AIDE. I had to head to Notacon before I could record them all, but I left some gear so hopefully I'll have more to come. Recorded at AIDE 2013. Big thanks to Bill Gardner (@oncee) for having me out to record.

Network King Of The Hill (NetKotH): A hacker wargame for organizers who are lazy - Adrian Crenshaw (Irongeek)

Can You Hear Me Now? Leveraging Mobile Devices on Pentests - Georgia Weidman

RAWR (Rapid Assessment of Web Resources) - @al14s and @c0ncealed

04/11/2013 Hacker Swap Meet: Don't Let That Old Junk Go To Waste!
Many of us are tech pack rats, we have old gear laying around we don't use but don't want to just throw away. Got something you want to trade with other hacker/maker types? Too expensive to ship but you can drive it to a con you will be at anyway? Set up the trade at the new forums I put up. One man's treasure is another man's hazmat. If you don't see a con/meet spot listed here, let me know and I can add it.
I should have some old gear at Notacon I want to get rid of.
04/08/2013 Outerz0ne 9 (2013) Videos
These are most of the videos from the Outerz0ne 9 conference. I have a few more I have to get clearances on before I post them. Big thanks to Joey and Evan on the video crew.
SkyDog Kicks Off Year NINE! (Number Nine)
Gursev Kalra - Impersonating CAPTCHA Providers
Tuttle/Brimstone - State of the BitCoin Address; Pizza, Pirates, and Profiteers.
Halfjack - Living to the Singularity: Geeks Guide to a Healthy Lifestyle
Chad Ramey - Hacking the Atom
Jeremy Schmeichel & Brian Wilson - IPv6? Ain't Nobody Got Time For That!
Chris Silvers - Weapons of Miniature Destruction
Hacker Movie Challenge
Inside the Hacker's Studio - Billy Hoffman and IronGeek
Contest Prize Giveaway, Awards, Closing Ceremonies
Lightning Talks and such:
Andy Green - The Southeast Collegiate Cyber Defense Competition Lightning Talk
Lilyjade-v2.com - Why You Are Not Safe Lightning Talk
Presentation Karaoke


15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast