A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Irongeek.com

            Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.

Adrian

News/Change Log

9/8/2018 GrrCON 2018 Videos
These are the videos of the presentations from GrrCON 2018. Big thanks to EggDropX and Jaime for having me out, and my video crew  (paint27, Erick, Jason, brettahansen, Angela, Luke & others) for recording.

Keynote
Dave Kennedy

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

The Abyss is Waving Back - The four paths that human evolution is charging down, and how we choose which one's right
Chris Roberts

Crypto Gone Rogue: A Tale of Ransomware, Key Management and the CryptoAPI
Pranshu Bajpai & Dr. Richard Enbody

You're right, this talk isn't really about you!
Jayson E Street

Analyzing Pwned Passwords with Apache Spark
Kelley Robinson

How to rob a bank over the phone
Joshua "Naga" Crumbaugh
(Posting Later Maybe)

Vibing Your Way Through an Enterprise: How Attackers are Becoming More Sneaky
Matthew Eidelberg

PwnBook: Penetrating with Google's Chromebook
Corey Batiuk

Life, Death + the Nematodes: Long live Cyber Resilience!
Chad Calease

Data Data Everywhere but No One Stops to Think
Scott Thomas, Carl Hertz & Robert Wagner

Automation and Open Source: Turning the Tide on Attackers
John Grigg

w.e w.e Internet Explorer Does What It Wants
Aaron Heikkila

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

Hacker Tools, Compliments of Microsoft
David Fletcher & Sally Vandeven

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Dr. Jared DeMott

Over the Phone Authentication
Spencer Brown

Designing a Cloud Security Blueprint
Sarah Elie

To Fail is Divine
Danny Akacki

Zero to Owned in 1 Hour: Securing Privilege in Cloud, DevOps, On-Prem Workflows
Brandon Traffanstedt

Malware Mitigation Sample Detonation Intelligence Automation: Make Your Binaries Work for You
Adam Hogan

emulacra and emulation: an intro to emulating binary code with Vivisect
Atlas of D00m

SniffAir - An Open-Source Framework for Wireless Security Assessments
Matthew Eidelberg & Steven Daracott

Threat Hunting: the macOS edition
Megan Carney

The Hybrid Analyst: How Phishing Created A New Type of Intel Analyst
Rachel Giacobozzi

Dragnet: Your Social Engineering Sidekick
Truman Kain

Intelligence Creating Intelligence: Leveraging what you know to improve finding what you don,t
Tomasz Bania

Guaranteed Failure: Awareness The Greatest Cyber Insanity
Joshua "Naga" Crumbaugh

Threat Modeling: How to actually do it and make it useful
Derek Milroy

Structuring your incident response could be one of the most important things you do to bolster Security
Matt Reid

How this 20 Year Old Changed the Security Industry
James O'Neill

Stop Boiling The Ocean! How To Succeed With Small Gains
Joel Cardella

Do I have a signature to detect that malware?
Ken Donze

2018 SIEM Trends: What is my Mean Time to Value?
Bill Lampe

Advanced Attackers Hiding Inside Encrypted Traffic at the Endpoint
Jared Phipps

More Tales from the Crypt-Analyst
Jeff Man

My First year in Application Security
Whitney Phillips

Career Risk Management: 10 tips to keep you employed
Chris Burrows

Red vs Blue: The Untold Chapter
Aaron Herndon & Thomas Somerville

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Analyzing Multi-Dimensional Malware Dataset
Ankur Tyagi

Physicals, Badges, and why it matters
Alex Fernandez-Gatti

InSpec: Compliance as Code
Kent picat, Gruber

Bounty Hunters
J Wolfgang Goerlich

8/9/2018 Patreon, Bitchute, etc.
Hi all, I've set up a Patreon for those that want to help me increase the number of cons I can record each year. As a reminder, the videos I record appear on YouYube, Archive.org and BitChute for free, so don't complain about what I put on my site if you can't figure out how to get to the same content elsewhere. 😜
7/14/2018 OISF 2018 Videos
These are the videos from the OISF Anniversary Event.

Introduction
Dr. John Carls

Catching the Social Engineer
Robert Stewart

Hacking Identity, A Pen Tester’s guide to IAM
Jerod Brennen

Active Defense: Helping the Threat Actors Hack Themselves
Matt Scheurer

Planning & Executing A Red Team Engagement
Tim Wright

6/23/2018 BSides Cleveland 2018 Videos
These are the videos from the Bsides Cleveland conference. Thanks to Rich, Nekko, justinschmitt &  as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.


Hacking Your Happiness
Chris Gates

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Reflective PE Unloading
Spencer McIntyre

One Puzzle Piece at a Time: Logging Quick Wins
Celeste Hall

GO HACK YOURSELF: MOVING BEYOND ASSUMPTION-BASED SECURITY
Christine Stevenson

Using Technology to Defend Digital Privacy & Human Rights
Tom Eston

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

Abandoned Spaces: Reconstructing APT Campaigns From Lapsed Domains
Daniel Nagy

What's Changed In The New OWASP Top 10?
Bill Sempf

Raindance: Raining Recon from the Microsoft Cloud
Michael Stringer

Tools and Procedures for Securing .Net Applications
Sam Nasr

Hacking Identity: A Pen Tester's Guide to IAM
Jerod Brennen

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Securing Code - The Basics
Michael Mendez

The Marriage of Threat Intelligence and Incident Response or... Threat Hunting for the Rest of Us
Jamie Murdock

Wacky and Wild Security - Getting things under CIS Controls V7
Jeremy Mio

Interdisciplinary Infosec: Equifax, Individuation, and the Modern State
Thomas Pieragastini

Mobile Application Privacy and Analytics
Kevin Cody

Evolving the Teaching of Pen Testing in Higher Ed
Robert Olson

Go back to the basics with your processes: Improving operations without technology.
Mark Abrams

Anatomy of an Attack
John Fatten

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

6/14/2018 A Digital Handbook for the Recently Deceased
Article on dealing with a deceased person's financial and Internet accounts, and making it easier for others to do so when you pass.
6/8/2018 ShowMeCon 2018 Videos
These are the videos ShowMeCon 2018. Thanks to Renee & Dave Chronister (@bagomojo) and others for having me out to record and speak. Also thanks to my video crew @r3tr0_cod3x, James, Aaron, Jon and some other people I may have forgotten.

Opening

The Insecure Software Development Lifecycle: How to find, fix, and manage deficiencies within an existing methodology.
April C. Wright

The Sky Isn't Falling, But the Earth May be Shifting: How GDPR Could Change the Face of InfoSec
Cliff Smith

Gulliver's Travels: Security Exploits and Vulnerabilities Around the Globe
Kevin Johnson

From DDoS to Mining: Chinese Cybercriminals Set Their Sights on Monero
David Liebenberg

ANTI-OSINT AF: How to become untouchable
Michael James

Who's Watching the Watchers?
Nathan Sweaney

We don't have to worry about that, It's in the cloud
Arnar Gunnarsson

SS7 for INFOSEC
Paul Coggin

Getting Newcomers into Infosec: The Tribulations of the Auburn University Hacking Club
Matthew Rogers

Exploring Information Security Q&A Panel
Timothy De Block

Securing Windows with Group Policy
Josh Rickard

ATAT: How to take on the entire rebellion with 2-3 stormtroopers
ll3nigmall

How Hyperbolic Discounting is keeping your security program from succeeding
Jon Clark

Hijacking the Boot Process - Ransomware Style
Raul Alvarez

Building a Cyber Training Range on a Budget
Robert Guiler

Lessons Learned from Development and Release of Blacksmith (The Meltdown Defense Tool For Linux)
Jared Phipps

How to Train Your Kraken - Creating a Monster Out of Necessity
Sean Peterson

PowerShell exploitation, PowerSploit, Bloodhound, PowerShellMafia, Obfuscation, PowerShell Empire, the Empire has fallen, you CAN detect PowerShell exploitation
Michael Gough

Offensive Cartography
Trenton Ivey

The Wrong Kind of DevOps Talk - Now with Extra Badness!
Bobby Kuzma

This Job is Making Me Fat!
Thomas Smith

You'll understand when you are older
Amanda Berlin & David Cybuck

Bitcoin - The generation of private keys based on public keys, a live demonstration
Richard Dennis

6/3/2018 Circle City Con 2018 Videos
These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to @irishjack, @0DDJ0BB, @Ajediday, Jim, @securesomething, @AnarchistDalek, @KitWessendorf, @m3ch4n15m, @Valacia, @songsthatsaved, @mchandleraz, @christinemobes and other for helping set up AV and record.

Opening Ceremonies
Circle City Con Staff

Espionage In The Modern Age of Information Warfare
Scot Terban

The Never Ending Hack: Mental Health in InfoSec Community
Danny Akacki

The Network Night Watch
Eric Rand & Lesley Cahart

Held for Ransom with a Toy Gun
Brian Baskin

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

CTF Tips and Tricks
Aaron Lintile

Classic Cons in Cryptocurrency
Wolfgang Goerlich & Zachary Sarakun

Enterprise Vulnerability Management (Assessing, Implementing, and Maintaining)
Derek Milroy

Security Beyond the Security Team: Getting Everyone Involved
Luka Trbojevic

The consequences of lack of security in the Healthcare and how to handle it
Jelena Milosevic

Stealing Cycles, Mining Coin: An introduction to Malicious Cryptomining
Edmund Brumaghin & Nick Biasini

Applying Thermodynamic Principles to Threat Intelligence
Kyle Ehmke

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

How to Lie with Statistics, Information Security Edition
Tony Martin-Vegue

IoT 4n6: The Growing Impact of the Internet of Things on Digital Forensics
Jessica Hyde

A Very Particular Set of Skills: Geolocation Techniques For OSINT and Investigation
Chris Kindig

Rise of the Machines
Aamir Lakhani

Backdooring with Metadata
Itzik Kotler

Automahack - Automate going from zero to domain admin with 2 tools
Dan McInerney

Patching - It's Complicated
Cheryl Biswas

Containers: Exploits, Surprises and Security
Elissa Shevinsky

Playing Russian Troll Whack-a-Mole
Courtney Falk

The FaaS and the Curious - AWS Lambda Threat Modeling
Bryan McAninch

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

Quick Retooling in .Net for Red Teams
Dimitry Snezhkov

(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)
Jeff Man

Carrot vs. Stick: Motivation, Metrics, and Awareness
Magen Wu

Securing without Slowing: DevOps
Wolfgang Goerlich

Operator: The Well-Rounded Hacker
Matthew Curtin

Abuse Case Testing in DevOps
Stephen Deck

GreatSCT: Gotta Catch 'Em AWL
Chris Spehn

5/20/2018 NolaCon 2018 Videos
Recorded at NolaCon 2018. Thanks to @CurtisLaraque, @mikearbrouet, @openbayou, Cole & @klulue for the video recording help, and @nola_con, @erikburgess_, @NolaConYvonne & Rob for having me down to record.

Chasing the Adder... A Tale from the APT world
Stefano Maccaglia

Aww Ship! Navigating the vulnerabilities and attack surface of the maritime industry
John Sonnenschein

Hacking Dumberly, Just Like the Bad Guys
Tim Medin, Derek Banks

Automahack - Python toolchain for automated domain admin
Dan McInerney

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

You'll Understand When You're Older
Amanda Berlin

Skills For A Red-Teamer
Brent White, Tim Roberts

Hacking Smart Contracts--A Methodology
Konstantinos Karagiannis

Fighting Child Exploitation with Oculum
Andrew Hay, Mikhail Sudakov

How to tell cajun doctors they have bad cyber-hygiene and live
Joshua Tannehill

What Infosec in Oil & Gas can Teach us About Infosec in Healthcare
Damon J. Small

On the Hunt: Hacking the Hunt Group
Chris Silvers, Taylor Banks

Your Mac Defenestrated. Post OSXploitation Elevated.
FuzzyNop & Noncetonic

Keynote: Follow The Yellow Brick Road
Marcus J. Carey

We are the Enemy of the Good
Stephen Heath

Taking out the Power Grid's Middleman
Nathan Wallace, Luke Hebert

Privacy for Safety- How can we help vulnerable groups with privacy?
Stella

Cash in the aisles: How gift cards are easily exploited
Will Caput

Mind Games: Exploring Mental Health through Games
Todd Carr

Jump into IOT Hacking with Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

The Future of Digital Forensics
Imani Palmer

Changing the Game: The Impact of TRISIS (TRITON) on Defending ICS/SCADA/IIoT
Paul W. Brager Jr M.Sci, CISSP, GICSP, CISM

Ducky-in-the-middle: Injecting keystrokes into plaintext protocols
Esteban Rodriguez

Gamifying Developer Education with CTFs
John Sonnenschein & Max Feldman

Active Directory Security: The Journey
Sean Metcalf

HTTP2 and You
Brett Gravois

5/12/2018 BSides Detroit 2018 Videos
These are the videos from the BSides Detroit 2017 Conference.  Thanks to Ryan Harp (@th3b00st), Dan Falk (@dnfalk), Wolfgang Goerlich (@jwgoerlich), Matt Johnson (@mwjcomputing), Kyle Andrus (@chaoticflaws), Kate Vajda (@vajkat) and Chris Maddalena (@cmaddalena) for having me out and Samuel Bradstreet (@TeaPartyTechie), Leah Bradstreet,  Xavier Johnson, Ali Faraj, Camilla Martins, Ben Valentine, James Green, David Sornig, Steven Balagna,  Nick Papa, Lucas Gorczyca, J Parker Galbraith and others I may forget for helping to record.

Opening

Yes, You're an Impostor; now get back to work
Johnny Xmas

GRC - "What Would You Say You Do Here?"
Brian Martinez

Protecting Phalanges from Processor Pressure Points
Matthew Clapham

A Reporter's Look at OSINT
Hilary Louise
(Sorry, mic was off, but here is a longer version from GrrCon)

Nowhere to hide
Lucas Gorczyca

Know the Enemy - How to make threat intelligence work!
Nir Yosha

Hack like a Gohper
Kent Gruber

@taco_pirate's Art of Woo
Ben Carroll

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Practical Incident Response in Heterogenous Environment
Kevin Murphy & Stefano Maccaglia

Security KPIs - Measuring Improvement in Your Security Program
Steven Aiello

5/11/2018 Converge 2018 Videos
These are the videos from the Converge Information Security Conference. Thanks to Ryan Harp (@th3b00st), Dan Falk (@dnfalk), Wolfgang Goerlich (@jwgoerlich), Matt Johnson (@mwjcomputing), Kyle Andrus (@chaoticflaws), Kate Vajda (@vajkat) and Chris Maddalena (@cmaddalena) for having me out and Samuel Bradstreet (@TeaPartyTechie), Leah Bradstreet,  Xavier Johnson, Camilla Martins, Ben Valentine, James Green, David Sornig, Steven Balagna,  Nick Papa, J Parker Galbraith and others I may forget for helping to record.

Opening

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Winning the cybers by measuring all the things
Jim Beechey

Social Engineering for the Blue Team
Timothy De Block

The Emerging Product Security Leader Discipline
Matthew Clapham

Server Message Block Worms: The gift that keeps on giving
Matthew Aubert

Don't Fear the Cloud: Secure Solutions at Lower Cost
Matt Newell

DevSecOps: Security Testing with CI/CD Automation Servers
Ed Arnold

Backdooring With Metadata
Itzik Kotler

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Nick Defoe

Securing ASP.NET Core Web Apps
Dustin Kingen

All the Bacon: How Lesley Knope and Ron Swanson encourage community growth
Kevin Johnson

ATT&CK Like an Adversary for Defense Hardening
Steve Motts & Christian Kopacsi

Unblockable Chains – Is Blockchain the ultimate malicious infrastructure?
Omer Zohar
(may post later)

DADSEC 102
Richard Cassara

The Things You Should Be Doing Defensively Right Now
Joel Cardella

Held Hostage: A Ransomware Primer
Nick Hyatt

Prowling: Better Penetration Testing
J Wolfgang Goerlich

Automating Web App security in AWS
Luther Hill

Finding the Money to Run an Effective Security Program
Matt Topper

Cryptocurrency- The Internetwide Bug Bounty Program
Brian Laskowski

Hacking Identity: A Pen Tester,s Guide to IAM
Jerod Brennen

4/29/2018 BSidesCharm 2018 Videos
These are the videos BSidesCharm (Baltimore) 2018. Thanks for inviting me down to record. Thanks to my video team Shawn Thomas, Cory, Terry Holman, Thomas Moses, Jason Presmy and Martin Veloso.

Keynote
Jessica Payne

To AI or Not to AI? What the US Military Needs for Fighting Cyber Wars
Ernest Wong

Preparing for Incident Handling and Response within Industrial Control Networks
Mark Stacey

FailTime:​ ​ Failing​ ​ towards​ ​ Success
Sean Metcalf

Getting Saucy with APFS! - The State of Apple’s New File System
Sarah Edwards

Basic Offensive Application of MOF Files in WMI Scripting
Devon Bordonaro

An Open Source Malware Classifier and Dataset
Phil Roth

Counting Down to Skynet
Nolan Hedglin

How we reverse engineered OSX/Pirrit, got legal threats and survived
Amit Serper

Threat Activity Attribution: Diferentiatinn the Who from the How
Joe Slowik

Quantify your hunt: not your parents’ red teaming
Devon Kerr

Internet Anarchy & The Global March toward Data Localization
Andrea Little Limbago

Powershell Deobfuscation: Putting the toothpaste back in the tube
Daniel Grant

Effective Monitoring for Operational Security
Russell Mosley Ryan St. Germain

Plight at the end of the Tunnel
Anjum Ahuja

Rise of the Miners
Josh Grunzweig

Malware Analysis and Automation using Binary Ninja
Erika Noerenberg

Between a SOC and a Hard Place
Shawn Thomas Andrew Marini James Callahan Dustin Shirley

Using Atomic Red Team to Test Endpoint Solutions
Adam Mathis

Exercise Your SOC: How to run an effective SOC response simulation
Brian Andrzejewski

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers Barrett Adams

Building a Predictive Pipeline to Rapidly Detect Phishing Domains
Wes Connell

Closing Ceremonies

4/14/2018 BSides Nashville 2018 Videos
These are the videos BSides Nashville 2018. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Gabe Basset, Geoff Collins, Cameron and others for helping set up AV and record.

Intro

Know Your Why
Oladipupo (Ladi) Adefala

Deploying Microsoft Advanced Threat Analytics in the Real World
Russell Butturini

An Oral History of Bug Bounty Programs
Dustin Childs

Blue Cloud of Death: Red Teaming Azure
Bryce Kunz

SECURITY INSTRUMENTATION: BE THE HERO GETTING VALUE FROM SECURITY
Brian Contos

Changing Who Writes the Queries: High-Leverage IR with Visual Playbooks & Visual Graph Analysis
Leo Meyerovich

Learning to Hack the IOT with the Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

Hacking the Users: Developing the Human Sensor and Firewall
Erich Kron

Community Based Career Activities or How Having Fun Can Help You with Your Career
Kathleen Smith, Cindy Jones,Doug Munro, Magen Wu

Hillbilly Storytime - Pentest Fails
Adam Compton

See the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How?
Bruce Wilson

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

Growing Up to be a Infosec Policy Driven Organization
Frank Rietta

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers, Barrett Adams

Hacking VDI 101
Patrick Coble

Evaluating Injection Attack Tools Through Quasi-Natural Experimentation
John O'Keefe-Odom

Social Engineering for the Blue Team
Timothy De Block

4/6/2018 AIDE 2018 Videos
Recorded at AIDE 2018. Big thanks to Bill Gardner (@oncee) for having me out to record.

On Business Etiquette and Professionalism in the Workplace
Tess Schrodinger

InfoSec by the Numbers
Bill Gardner

Practical OSINT - Tools of the trade
Tom Moore

Potentially unnecessary and unwanted programs (a.k.a. PUPs)
Josh Brunty

How To Test A Security Awareness Program
Matt Perry

Disrupting the Killchain
Amanda Berlin

I have this piece of paper, now what?
Brandon Miller

Statistics Lie...Except About Passwords
Jeremy Druin

3/24/2018 BSides Chattanooga 2018 Videos
These are the videos from the BSides Chattanooga conference. Thanks to Ron and Kevin for having me out, and John for helping record.

Intro

Red vs Blue and why We are doing it wrong
Chris Roberts

The Semi-Comprehensive Guide to Setting Up a Home Lab
Andrew Williams

Lessons learned from a OWASP Top 10 Datacall
Brian Glas

Attacker vs. Defender: Observations on the Human Side of Security
Todd O'Boyle

The Gilligan Phenomenon: Fixing The Holes In the Ransomware And Phishing Boats
Eric Kron

Machine Learning and Cyber Security: How Smart is Can it Be?
Shayne Champion

Closing

3/10/2018 BSides Indy 2018 Videos
These are the videos from the BSides Indy conference. Thanks to Frank, MzBat for having me up, and Nate for helping with AC.

Intro

Lessons Learned - A 15 year Retrospective
Price McDonald

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

The Pillars of Continuous Incident Response
Brad Garnett

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Social Engineering for the Blue Team
Timothy De Block

Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail
Chris Reed

Creating a Cyber Volunteer Department
Ray Davidson

Closing
Frank Diaz

3/2/2018 BSides Columbus 2018 Videos
These are the videos from the BSides Columbus Ohio conference. Thanks to Mitch & Michael Spaulding for having me up and those who manned the video rigs.

Keynote
Dave Kennedy

Automating Security Testing with the OWTF
Jerod Brennen

Looks Like Rain Again: Secure Development in the Cloud
Bill Sempf

How Stuxnet Ruined My Life For 6 Months (But I Got To Fly 1st Class A Lot)
Chris Raiter, Jeremy Smith

Emotet - Banking Malware With A Bite
Bradley Duncan

Keynote
Kevin Burkart

Cryptology: It’s a Scalpel, not a Hammer
Mikhail Sudakov

Pass the Apple Sauce: Mac OS X Security Automation for Windows-focused Blue Teams
Brian Satira

Why People Suck at Delivery: How to get your security projects off the ground and into production!
Nick d'Amato

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Are you ready for my call? Security researcher insights into Responsible Disclosure.
Jason Kent

Everything you always wanted to ask a hiring manager, but were afraid to ask!
Mike Spaulding

 

Deep Learning for Enterprise: Solving Business Problems with AI
Christian Nicholson

Building Jarvis
Stephen Hosom

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Shifting Application Security Left
Craig Stuntz

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

Security and Networking: Dual Purpose Tools
Cody Smith

Cybereason's Jim VanDeRyt - Fileless Malware Breakout Session
Jim VanDeRyt

The Quieter You Become, the More You’re Able to (H)ELK
Nate Guagenti, Roberto Rodriquez

2/24/2018 BSides NOVA 2018 Videos
These are the videos from BSides NOVA 2018. Thanks to those who manned the video rigs and helped set u

AM Keynote
Matt Devos

Deep Dive in the Dark Web (OSINT Style)
Kirby Plessas

PM Keynote
Jack Daniel

Adding Pentest Sauce to your Vulnerability Management Recipe
Luke Hudson, Andrew McNicol

The Value of Design in Cyber Threat Intelligence
Devon Rollins

DNC Hacked Data in the Hands of a Trained Intelligence Professional
Wally Prather, Dave Marcus

Your Facts Are Not Safe With Us: Russian Information Operations as Social Engineering
Meagan Keim

DECEPTICON: Deceptive Techniques to Derail OSINT attempts
Joe Gray

I Thought Renewing the Domain Name Was Your Job?
Allan Liska

Automating Unstructured Data Classification
Malek Ben Salem

Vulnerability Patched in Democratic Donor Database
Josh Lospinoso

Living in a world with insecure Internet of Things (IoT)
Marc Schneider

Vulnerability Accountability Levers and How You Can Use Them
Amelie Koran

Cyber Mutual Assistance - A New Model for Preparing and Responding to Cyber Attack
David Batz

Rethinking Threat Intelligence
Tim Gallo

What Color Is Your Cyber Parachute?
Cliff Neve, Candace King, Kazi Islam, Trey Maxam, Amelie Koran

Feds Meet Hackers
Ariel Robinson, Alyssa, Feola, Gray Loftin, Beau Woods, Amélie E. Koran

Recruiting in Cyber
Dan Waddel, Kathleen Smith, Suzie Grieco, Sabrina Iacarus, Kirsten Renner, Karen Stied

How to get started in Cybersecurity
John Stoner

Improving Technical Interviewing
Forgotten Sec

Ask An Expert: Cyber Career Guidance and Advice
Micah Hoffman, Bob Gourley, John TerBush, Chris Gates, Kirby Plessas, Lea Hurley, Neal Mcloughlin, Ovie Carroll, Sarah Edwards, Tigran Terpandjian, Willie Lumpkin

2/17/2018 BSides Tampa 2018
These are the videos from the BSides Tampa conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. Special thanks to my video crew: Julian, Andrew Schiro, Austin Ford, John Mejia, Michael Iglesias, Micheal Milford, Mike Ziolkowski,  Patty Morris, Robin Noyes

Cyber Assurance - Testing for Success
Col. John Burger

You Can Run..but you cant hide!
Bruce Anderson

Red Team Apocalypse
Beau Bullock and Derek Banks

Advanced Persistent Security
Ira Winkler

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers and Barrett Adams

The Shoulders of InfoSec
Jack Daniels

Blockchain: The New Digital Swiss Army Knife?
G. Mark Hardy

Modern Day Vandals and Thieves: Wireless Edition
David Switzer and Jonathan Echavarria

Fraud; Should you worry?
Greg Hanis

A Security Look at Voice-Based Assistants
David Vargas

Hackers Interrupted
Alex Holden

Insane in the Mainframe: Taking Control of Azure Security
Jeremy Rassmusen

MiFare lady Teaching an old RFID new tricks
Daniel Reilly

Medical Device Security: State of the Art in 2018
Shawn Merdinger
(not recorded)

Weaponizing IoT - NOT!
Kat Fitzgerald
(not recorded)

Blue Team's tool dump. Stop using them term NeXt-Gen this isn't XX_Call of Duty_XX.
Alex Kot

Exploiting Zillow "Zestimate" for Reckless Profit
Robert "RJ" Burney

Self Healing Cyber Weapons
Logan Hicks

Ransomware: A Declining Force in Today's Threat Landscape
Brad Duncan

Modern web application security
Julien Vehent

Advanced Social Engineering and OSINT for Penetration Testing
Joe Gray

Critical Infrastructure & SCADA Security 101 for Cybersecurity Professionals
Juan Lopez

Exothermic Data Destruction: Defeating Drive Recovery Forensics
Nikita Mazurov and Kenneth Brown

Derrick's Thank Yous
12/08/2017 BSidesPhilly 2017 Videos
These are the videos from BSides Philadelphia 2017. Thanks to Mark, Mike, Austin, John, David and others I'm forgetting for helping with the video.

Innovating for 21st Century Warfare
Ernest "Cozy Panda" Wong

MFA, It's 2017 and You're Still Doing Wrong
Presented by Dan Astor and Chris Salerno.

Out With the Old, In With the GNU
Lsly

IoT devices are one of the biggest challenges
Charles @libertyunix Sgrillo

Evading C2 Detection with Asymmetry
By Brandon Arvanaghi and Andrew Johnston

Abusing Normality: Data Exfiltration in Plain Site
Aelon Porat

Smarter ways to gain skills, or as the DoD puts it
Dr. P. Shane Gallagher, Institute for Defense Analyses, and Evan Dornbush, co-founder, Point3 Security, Inc.

Game of the SE: Improv comedy as a tool in Social Engineering
Danny Akacki - Security Monkey

File Polyglottery; or, This Proof of Concept is Also a Picture of Cats
Evan Sultanik

Your Facts Are Not Safe With Us: Russian Information Operations As Social Engineering
Meagan Dunham Keim

Supercharge Your SOC with Sysmon
Chris Lee & Matthew Giannetto

Threat Hunting: Defining the Process While Circumventing Corporate Obstacles
Kevin Foster, Matt Schneck, Ryan Andress

Put up a CryptoWall and Locky the Key - Stopping the Explosion of Ransomware
Erich Kron, CISSP-ISSAP

Web Hacking 101 Hands-on with Burp Suite
David Rhoades of MavenSecurity.com

Hacker Mindset
David Brown: CISSP, CISM, IAM

11/29/2017 SecureWV/Hack3rcon2017
These are the videos of the presentations from Secure West Virginia 2017. Thanks to Justine, Tim, Morgan, Kevin, Todd & Roy for helping record.

Intro
Benny Karnes

Fighting Advanced Persistent Threats with Advanced Persistent Security
Ira Winkler

Coming Up with the Next Wave of Cyber Innovations-Start by Thinking 1ns1d3 th3 B0x
Ernest Wong

I survived Ransomeware.... Twice
Matt Perry

Value of threat intelligence
Stealthcare

SDR & RF Hacking Primer
Andrew Bindner

Digital Forensic Analysis: Planning and Execution
John Sammons

Intro to WireShark
Josh Brunty

Secrets of Superspies
Ira Winkler

Total Recall: Using Implicit Memory as a Cryptographic Primitive
Tess Schrodinger

IoT Panel
RCBI

Hillbilly Storytime - Pentest Fails
Adam Compton

Hackers, Hugs and Drugs
Amanda Berlin

FLDigi - E-mail over Packet Radio
Aaron West and Rob West

From junk to jewels: Destruction is the key to building
Branden Miller & Audrey Miller

SCAP: A Primer and Customization
Scott Keener

Security Through Ansible Automation
Adam Vincent

Vehicle Forensics: An Emerging Source of Evidence
John Sammons

Network Forensics using Kali Linux and/or SANS Sift
Josh Brunty

911 DDOS
Dianiel Efaw

Pi's, Pi's and wifi
Steve Truax

Technical Testimony: Doing the Heavy Lifting for the Jury
John Sammons

Emergent Gameplay
Ron Moyer

Closing

10/28/2017

GrrCON 2017 Videos
These are the videos of the presentations from GrrCON 2017. Big thanks to EggDropX and Jaime for having me out, and my video crew  (paint27, Erick, & brettahansen) for recording.

Ghast

STRATEGIES ON SECURING YOU BANKS & ENTERPRISES. (FROM SOMEONE WHO ROBS BANKS & ENTERPRISES FOR A LIVING!)
Jayson E Street

Population Control Through The Advances In Technology…
Chris Roberts

(sorry for the music in back ground)

You Got Your SQL Attacks In My Honeypot
Andrew Brandt

3rd Party Data Burns
Arron "Finux" Finnon

Morphing to Legitimate Behavior Attack Patterns
Dave Kennedy

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF
Jerod Brennen

Oops! Was that your pacemaker?
Charles Parker, II

10 Cent Beer Night: The World we now Live In
Johnny Xmas

Realizing Software Security Maturity: The Growing Pains & Gains
Mark Stanislav & Kelby Ludwig

Cyber, Cyber, Cyber - Using the killchain to accomplish something
Amanda Berlin

An Employee, their Laptop and a Hacker walk into a Bar
Shannon Fritz

Eye on the Prize - a Proposal for Legalizing Hacking Back
Adam Hogan

I've got a (Pocket) Bone to pick with you
Dr Phil Postra

Gig

Topic depends on number of federal agents in audience
Atlas of Doom

Embedding Security in Embedded Systems
Dr. Jared DeMott

National Guard for Cyber? How about a Volunteer Cyber Department?
Ray Davidson

Red Team Yourself
Thomas Richards

An Attack Pathway Into Your Organization? Reducing risk without reducing operational efficiency
David Adamczyk

Pen Test War Stories - Why my job is so easy, and how you can make it harder
Aaron Herndon

Skills For A Red-Teamer
Brent White & Tim Roberts

ProbeSpy: Tracking your past, predicting your future
stumblebot

vAp0r and the Blooming Onion
Justin Whitehead & Jim Allee

A GRReat New Way of Thinking about Innovating for Cyber Defense (and even Cyber Offense)
Ernest "Cozy Panda" Wong

Threat Intelligence: Zero to Basics in presentation
Chris J

Learning from InfoSec Fails
Derek Milroy

A Reporter's Look at Open Source Intelligence
Hilary Louise

Hidden Treasure: Detecting Intrusions with ETW
Zac Brown

The Black Art of Wireless Post-Exploitation
Gabriel "solstice" Ryan

Mi Go

Change is Simply an Act of Survival: Predicting the future while shackled to the past
Bil Harmer

Dissecting Destructive Malware and Recovering from Catastrophe
Bryan York

Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm Gladwel
Jim Wojno & Dan Kieta

How do you POC? Are you really testing a product
Ken Donze

Tales From The Trenches: Practical Information Security Lessons
Michael Belton

Securing the Internet of Things (IoT) -Through Security Research and Vulnerability Analysis
Deral Heiland

The Future of Cyber Security
Anthony Sabaj

Building a Usable Mobile Data Protection Strategy
David "Heal" Schwartzberg

Software Defined Segmentation
Matt Hendrickson

The Shuttle Columbia Disaster: Lessons That Were Not Learned
Joel "I love it when they call me Big Poppa" Cardella

Infrastructure Based Security
Chris Barnes

Defending The De-funded
Keith Wilson

Real-World Red Teaming
spartan

We got it wrong
Wolfgang Goerlich

Critical Incident: Surviving my first layoff by applying BCP/DRP Principles
Tom Mead

9/25/2017 Derbycon 7 Videos
I still have a lot of work to do, but here are the Derbycon 2017 videos. Working on fixing major audio sync issues as I can. Big thanks to my video jockeys Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, nightcarnage, Evan Davison, Tim Sayre, Morgan, Ben Pendygraft, Steven (SciaticNerd), Cory Hurst, Sam Bradstreet, MadMex, Curtis Koenig, Jonathan Zentgraf, James Hurst, Paint27, Chris, Lenard.
9/21/2017 Derbycon Streams
This page links to the streams for the different tracks when we start streaming Friday from Derbycon.

More.........

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast