A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:



            Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.


News/Change Log

05/19/2019 NolaCon 2019 Videos
Recorded at NolaCon 2019. Thanks to @CurtisLaraque, @mikearbrouet, @openbayou, @takanola, @therealmacjeezy, Jason, Cole & @klulue for the video recording help, and @nola_con, @erikburgess_, @NolaConYvonne & Rob for having me down to record.

One Random Insecure Wep Application Please (ORIWAP)
Nancy Snoke

Understanding XSS
Christina Mitchell

Social Engineering At Work - How to use positive influence to gain management buy-in for anything
April C. Wright

DNS - Strategies for Reducing Data Leakage & Protecting Online Privacy
Jim Nitterauer

Automating Hashtopolis
Evil Mog

"It's Malware Time" - A Bar Crawl from Skunked Homebrew to Rotten Apples
Erika Noerenberg

Breaking into Cyber: How the hell are you supposed to get started?
Josh Millsap

After Mirai: Cyber Security Implications of IoT Botnet Proliferation Against Critical Infrastructure
Paul W. Brager Jr M.Sci, CISSP, GICSP, CISM

Making an internal Let's Encrypt relay server
Josh Harvey

Keynote - I PWN thee, I PWN thee not!
Jayson E. Street

Breaking Into Your Building: A Hacker's Guide to Unauthorized Physical Access
Brent White. Tim Roberts

Formula for a Bug Bounty Program
Chris Holt

Forensics Phish Tank: Breaking Down Analysis of Advanced Phishing Emails
Joe Gray & Sophia Fadli

Baking Your Anomalous Cookies
Jim Allee

Waiter, there's a compiler in my shellcode!
Josh Stone

Empathy for the (Devel)oper: Lessons Learned Building An Application Security Module
Yolonda Smith

MORE Tales From the Crypt...Analyst
Jeff Man

IR with Volatility Framework
Evan Wagner

Let's Talk About WAF (Bypass) Baby
Brett Gravois

Behavioral Security and Offensive Psychology at Scale
Josh Schwartz. Samantha Davison

My making of a Metasploit Module
Aaron Ringo

Don't Panic! A Beginner's Guide To Hardware Hacking
Phoenix Snoke

The Jazz Improv of Infosec
Damon J. Small

Elliptic Curve Cryptography: What it is and who needs it
Michele Bousquet

04/28/2019 BSidesCharm 2019 Videos
These are the videos BSidesCharm (Baltimore) 2019. Thanks for inviting me down to record. Thanks to my video team Robert, Ethan, Cory, Tim Steven, Trevor, Tom, Menachem and Josh.


Matt Blaze

Embrace the Red: Enhancing detection capabilities with adversary simulation
Mauricio Velazco

I'lll Complete My Threat Model Later Mom!: Infosec in Middle School
Ashley Benitez Smith

Cleaning the Apple Orchard - Using Venator to Detect macOS Compromise
Richie Cyrus

More Tales From the Crypt...Analyst
Jeffrey Man

Anatomy & Evolution of a Fast Flux Malware Campaign
Emily Crose

COM Under The Radar: Circumventing Application Control Solutions
Jimmy Bayne

On The Line: What Phishing Really Impacts
Steven Becker

Automated Adversary Emulation
David Hunt

Comparing Malicious Files
Robert Simmons

How to Start a Cyber War: Lessons from Brussels
Chris Kubecka

You Moved to Office 365, Now What?
Sean Metcalf

You're Not as Safe as You Think: Clearing Up Common Security Misconceptions
Joshua Meyer

Keynote: The Declarative Future
Liam Randall

Exploring Community Volunteering Through a Career Development Lens
Kathleen Smith and Doug Munro

Defense in Depth Against DDoS Diminishes Dollars Destroyed
Daniel Gordon

Reasonable Rapid Recognition and Response to Rogues
Craig Bowser

BloodHound From Red to Blue
Mathieu Saulnier

A Code Pirate's Cutlass: Recovering Software Architecture from Embedded Binaries

Technical Leadership: It's Not All Ones and Zeros
Timothy Schulz

Hunting for Threats in Industrial Environments and Other Scary Places
Nick Tsamis

It's Malware Time - A Bar Crawl from Skunked Homebrew to Rotten Apples
Erika Noerenberg

J-J-J-JEA Power
James Honeycutt

What did the SIEM Say?
JR Presmy and Shawn Thomas

Using Bashfuscator to Generate Bash Obfuscation


04/05/2019 Hacker/Infosec Con Types & Getting More Out Of Hacker/Infosec Conferences
03/01/2019 BSides Columbus 2019 Video
These are the videos from the BSides Columbus Ohio conference. Thanks to Mitch & Mike Spaulding for having me up and those who manned the video rigs such as Cody, Matt, Dillon, Nick, Cole Chris and others whose name I can't seem to remember in my old age..


Morning Keynote Featuring Runa Sandvik
Runa Sandvik

Brian Contos

Scrapping for Pennies: How to implement security without a budget
Ryan Wisniewski

Check Your Privilege (Escalation)
Kate Broussard

Wow, it really is always DNS! Becoming a Part of the DDoS Problem ( on purpose ).
Cody Smith

Unix: The Other White Meat
Adam Compton and David Boyd

Puppet Masters: How Social Engineers Continue to Pull Our Strings
Erich Kron

E-ZHack: An Update on SDR and Toll Booth Reverse Engineering
Kyle Westhaus

Mobile App Vulnerabilities - The Bad, The Worse And The Ugly
Ray Kelly

Mixing and Baking a New AppSec Person
Bill Sempf

(Some Missing Audio)

How Online Dating Made Me Better at Threat Modeling
Isaiah Sarju

What On Earth Is Quantum Computing?!? (And will it break all my encryption?)
Craig Stuntz

Battling Magecart: The Risks of Third-Party Scripts
Kevin Gennuso

Ship Hacking: Data on the Open Seas
Brian Olson

Common Developer Crypto Mistakes (with illustrations in Java)
Kevin Wall

The Overlooked Cyber Security Risk: 3rd Party Risk Management
Rose Songer

The Path to IAM Maturity
Jerod Brennan

Assumed Breach Testing
Brendan O'Connor

API Security: Tokens, Flows and the Big Bad Wolf
Ingy Youssef

Demystifying DMARC: A guide to preventing email spoofing
Sean Whalen

Afternoon Keynote Featuring Craig Hoffman
Craig Hoffman

02/03/2019 BSides Tampa 2019 Videos
These are the videos from the BSides Tampa conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. Special thanks to my video crew: Matthew, Bridget, Patrick, Dan, Mike, Audrey and Chris


Doesn't It make You WannaCry: Mitigating Ransomware on a Windows Network
David Branscome

RegEx for Incident Response
Daniel Nutting Bryan Turner

Intermediate Physical Security
Justin Wynn

Security Analytics in the Cloud
Marc Baker

How to use 400+M endpoints to build strong AI detection systems
Filip Chytry

20/20 Enterprise Security Monitoring: Seeing clearly with Security Onion
Wes Lambert

Beyond Lockpicking
Brian Etchieson

Social Forensication: A Multidisciplinary Approach to Successful Social Engineering
Joe Gray

Phishing U2F-Protected Accounts
Nikita Mazurov Kenny Brown

Election Hacking: Getting Ready for the Russian Onslaught in 2020
Jeremy Rasmussen

Logging Pitfalls and How to Abuse Them
Kevin Kaminski Michael Music

Personal security while on travel with additional pro-tips from seasoned travellers.
Derek Banks Beau Bullock

Securing Shadow IT
Gene Cronk

Day When Quantum Computers Breaks Crypto
Roger Grimes

An Inside Look At Stopping Unauthorized Sellers & Counterfeiters On Amazon
Bruce Anderson

The Sound of Evil
Wes Widner

Serverless Security Top 10
Tal Melamed

Hacking IoT devices by chaining application security vulnerabilities
Rick Ramgattie

Becoming a Human nMAP! Cultivating a Renaissance Approach for the Social Engineer
Tigran Terpandjian

vCISO Is That the Right Answer
Mike Brooks

12/02/2018 SecureWV/Hack3rcon 2018 Videos
These are the videos of the presentations from Secure West Virginia 2018. Thanks to Justin, Tim, Lacy, Dave, Katie, Kevin, Todd, Alice, Brian, Brandon & Jon for helping record.

Intro/Welcome to SecureWV / Hack3rCon

Keynote - Hackers, Hugs, & Drugs.... Part II
Amanda Berlin

Why The Legal System Needs Your Help
Brian Martin

Mobile devices and you.
Detective Jeremy M. Thompson

The New Age of Ransomware: Cybercriminals Adopt Nation State Techniques
Allan Liska

Outside the Box: How the Internet of Things Poses New Cybersecurity Risks and Challenges the Law
Evan Kime

Applying the principles of Dodgeball: A True Underdog Story to CTFs
Branden Miller

Gun Safety Class
Branden Miller

Python Scripting
Justin Rogosky

Red Hat Enterprise Linux Security Technologies Lab
Lucy Kerner and Roy Williams

Automating Security Operations - on a budget
Jeremy Mio

Security Automation for the Blue Team
Eric Waters

Home Alone: A Pentester Perspective
Craig Vincent & Derek Banks

Simplified Red Hat Enterprise Linux Identity, Authentication, and Authorization management with Microsoft Active Directory and Red Hat Identity Management Trust
Roy Williams

Simple Attribution in Social Media and Websites
Brian Martin

Offensive and Defensive Security with Ansible
Lucy Kerner

High School Competitive Robotics and why you should care.
Charleston Area Robotics Team (CART)

Guaranteed Failure - Awareness The Greatest Cyber Insanity
Joshua Crumbaugh

Developing a Cloud Based Cyber Security Simulation Portal
David Krovich

The Hybrid Home Lab: From Laptop to Cloud
Holden Fenner

Securing your networks with Ansible
Adam Vincent

A deep look at Stack Buffer Overflows and Format String Vulnerabilities
Philip Polstra

Advanced threat hunting with open-source tools and no budget
Joseph DePlato

What's in a Domain Name?
Collin Meadows

Monitoring your home LAN with Python
Zach Tackett

Left of Boom
Ted Corbeill

Your Dead! Now what. How to help your family after your gone.
Steven Truax

A Brief Introduction to Metasploit
Joey Maresca

SecureWV / Hack3rCon Closing / Awards
Benny Karnes

10/19/2018 BSidesRDU 2018 Videos
These are the videos of the presentations from BSidesRDU. Thanks to Cyrus, Brian, James Carl and others for all the work.

Welcome & Opening Remarks
BsidesRDU Staff

Keynote from Shahid Buttar, EFF Director Of Grassroots Advocacy
Shahid Buttar

Approaching Parity: Considerations for adapting enterprise monitoring and incident response (IR) capabilities for efficacy in cloud environments, and how to operationalize these capabilities with a playbook.

Movement After Initial Compromise
SleepZ3R0 and HA12TL3Y

Our Docker app got hacked. Now what?
Joel Lathrop

Sky-high IR - IR at Cloud Scale

When it rains it pours
Sam Granger

Rise of the Advisor
Neal Humphrey

No Network Needed?!?!
Ron Burkett

Justin Hoeckle

10/8/2018 Derbycon 2018 Videos
These are the videos of the presentations from Derbycon 2018. Big thanks to my video jockeys @nightcarnage, @securid, @theglennbarrett, @LenIsham, @curtisko, @bsdbandit, @someninjamaster, @Simpo13, @primestick, @SciaticNerd, @CoryJ1983, @SDC_GodFix, @Skiboy941, @TeaPartyTechie, @livebeef, @buccaneeris, @mjnbrn, @sfzombie13, @kandi3kan3, @paint27, @AlexGatti


How to influence security technology in kiwi underpants
Benjamin Delpy

Panel Discussion - At a Glance: Information Security
Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy

Red Teaming gaps and musings
Samuel Sayen

A Process is No One: Hunting for Token Manipulation
Jared Atkinson, Robby Winchester

Fuzz your smartphone from 4G base station side
Tso-Jen Liu

Clippy for the Dark Web: Looks Like You're Trying to Buy Some Dank Kush, Can I Help You With That?
Emma Zaballos

Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
Joe Rozner

Escoteric Hashcat Attacks

RFID Luggage Tags, IATA vs Real Life
Daniel Lagos

#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection
Carl Alexander

Maintaining post-exploitation opsec in a world with EDR
Michael Roberts, Martin Roberts

Hey! I found a vulnerability - now what?
Lisa Bradley, CRob

Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov

Kaleb Brown

IRS, HR, Microsoft and your Grandma: What they all have in common
Christopher Hadnagy, Cat Murdock

#LOLBins - Nothing to LOL about!
Oddvar Moe

Everything Else I Learned About Security I Learned From Hip-Hop
Paul Asadoorian

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Android App Penetration Testing 101
Joff Thyer, Derek Banks

Draw a Bigger Circle: InfoSec Evolves
Cheryl Biswas

I Can Be Apple, and So Can You
Josh Pitts

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
Sean Metcalf


The Unintended Risks of Trusting Active Directory
Lee Christensen, Will Schroeder, Matt Nelson

Lessons Learned by the WordPress Security Team
Aaron D. Campbell

IronPython... omfg
Marcello Salvati

Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow
Walter Legowski

When Macs Come Under ATT&CK
Richie Cyrus

Abusing IoT Medical Devices For Your Precious Health Records
Saurabh Harit, Nick Delewski

Detecting WMI exploitation
Michael Gough

Gryffindor | Pure JavaScript, Covert Exploitation
Matthew Toussain

Instant Response: Making IR faster than you thought possible!
Mick Douglas, Josh Johnson

The History of the Future of Cyber-Education
Winn Schwartau

State of Win32k Security: Revisiting Insecure design
Vishal Chauhan

Offensive Browser Extension Development
Michael Weber

Protect Your Payloads: Modern Keying Techniques
Leo Loobeek

Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device
Nancy Snoke, Phoenix Snoke

Tales From the Bug Mine - Highlights from the Android VRP
Brian Claire Young

Decision Analysis Applications in Threat Analysis Frameworks
Emily Shawgo

Threat Intel On The Fly

Make Me Your Dark Web Personal Shopper!
Emma Zaballos

Driving Away Social Anxiety
Joey Maresca

Off-grid coms and power
Justin Herman

CTFs: Leveling Up Through Competition
Alex Flores

Extending Burp to Find Struts and XXE Vulnerabilities
Chris Elgee

Introduction to x86 Assembly

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

Brutal Blogging - Go for the Jugular
Kate Brew

RID Hijacking: Maintaining Access on Windows Machines
Sebastian Castro

Your Training Data is Bad and You Should Feel Bad
Ryan J. O'Grady

So many pentesting tools from a $4 Arduino
Kevin Bong, Michael Vieau

Building an Empire with (Iron)Python
Jim Shaver

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
Amit Serper, Niv Yona, Yuval Chuddy

How to test Network Investigative Techniques(NITs) used by the FBI
Dr. Matthew Miller

Cloud Computing Therapy Session
Cara Marie, Andy Cooper

Silent Compromise: Social Engineering Fortune 500 Businesses
Joe Gray

Dexter: the friendly forensics expert on the Coinbase security team
Hayden Parker

Going on a Printer Safari - Hunting Zebra Printers
James Edge

Hardware Slashing, Smashing, and Reconstructing for Root access
Deral Heiland

App-o-Lockalypse now!
Oddvar Moe

Web App 101: Getting the lay of the land
Mike Saunders

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Daniel Bohannon

WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids
Chris Sistrunk, Krypt3ia, SynAckPwn

Just Let Yourself In
David Boyd

A "Crash" Course in Exploiting Buffer Overflows (Live Demos!)
Parker Garrison

Living in a Secure Container, Down by the River
Jack Mannino

VBA Stomping - Advanced Malware Techniques
Carrie Roberts, Kirk Sayre, Harold Ogden

Media hacks: an Infosec guide to dealing with journalists
Sean Gallagher, Steve Ragan, Paul Wagenseil

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs
Arian Evans

Perfect Storm: Taking the Helm of Kubernetes
Ian Coldwater

How to put on a Con for Fun and (Non) Profit
Benny Karnes, John Moore, Rick Hayes, Matt Perry, Bill Gardner, Justin Rogosky, Mike Fry, Steve Truax

Web app testing classroom in a box - the good, the bad and the ugly
Lee Neely, Chelle Clements, James McMurry

Metasploit Town Hall 0x4
Brent Cook, Aaron Soto, Adam Cammack, Cody Pierce

Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community
Kathleen Smith, Magen Wu, Cindy Jones, Kathryn Seymour, Kirsten Renner

Disaster Strikes: A Hacker's Cook book
Jose Quinones, Carlos Perez

Ninja Looting Like a Pirate

Hacking Mobile Applications with Frida
David Coursey

Victor or Victim? Strategies for Avoiding an InfoSec Cold War
Jason Lang, Stuart McIntosh

Ubiquitous Shells
Jon Gorenflo

99 Reasons Your Perimeter Is Leaking - Evolution of C&C
John Askew

Ship Hacking: a Primer for Today's Pirate
Brian Satira, Brian Olson

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget
Mark Milhouse

Patching: Show me where it hurts
Cheryl Biswas

Advanced Deception Technology Through Behavioral Biometrics
Curt Barnard, Dawud Gordon

We are all on the spectrum: What my 10-year-old taught me about leading teams
Carla A Raisler

No Place Like Home: Real Estate OSINT and OPSec Fails
John Bullinger

The Layer2 Nightmare
Chris Mallz

Attacking Azure Environments with PowerShell
Karl Fosaaen

Blue Blood Injection: Transitioning Red to Purple
Lsly Ayyy

Mirai, Satori, OMG, and Owari - IoT Botnets Oh My
Peter Arzamendi

Comparing apples to Apple
Adam Mathis

How online dating made me better at threat modeling
Isaiah Sarju

Threat Hunting with a Raspberry Pi
Jamie Murdock

M&A Defense and Integration - All that Glitters is not Gold
Sara Leal, Jason Morrow

Social Engineering At Work - How to use positive influence to gain management buy-in for anything
April Wright

Ham Radio 4 Hackers
Eric Watkins, Devin Noel

Getting Control of Your Vendors Before They Take You Down
Dan Browder

Cyber Intelligence: There Are No Rules, and No Certainties
Coleman Kane

Getting Started in CCDC
Russell Nielsen

Changing Our Mindset From Technical To Psychological Defenses
Andrew Kalat

Red Mirror: Bringing Telemetry to Red Teaming
Zach Grace

Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes
Austin Baker, Doug Bienstock

IoT: Not Even Your Bed Is Safe
Darby Mullen

Fingerprinting Encrypted Channels for Detection
John Althouse

On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone
Nick Stephens

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Gabriel Ryan

Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight
Omer Yair

Cloud Forensics: Putting The Bits Back Together
Brandon Sherman

Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil
Francisco Donoso

The MS Office Magic Show
Stan Hegt, Pieter Ceelen

Living off the land: enterprise post-exploitation
Adam Reiser

Hillbilly Storytime: Pentest Fails
Adam Compton

Bug Hunting in RouterOS
Jacob Baines

Breaking Into Your Building: A Hackers Guide to Unauthorized Access
Tim Roberts, Brent White

The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.
Bryce "soen" Bearchell

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel

Pwning in the Sandbox: OSX Macro Exploitation & Beyond
Adam Gold, Danny Chrastil

IOCs Today, Intelligence-Led Security Tomorrow
Katie Kusjanovic, Matthew Shelton

Closing Ceremonies

9/8/2018 GrrCON 2018 Videos
These are the videos of the presentations from GrrCON 2018. Big thanks to EggDropX and Jaime for having me out, and my video crew  (paint27, Erick, Jason, brettahansen, Angela, Luke & others) for recording.

Dave Kennedy

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

The Abyss is Waving Back - The four paths that human evolution is charging down, and how we choose which one's right
Chris Roberts

Crypto Gone Rogue: A Tale of Ransomware, Key Management and the CryptoAPI
Pranshu Bajpai & Dr. Richard Enbody

You're right, this talk isn't really about you!
Jayson E Street

Analyzing Pwned Passwords with Apache Spark
Kelley Robinson

How to rob a bank over the phone
Joshua "Naga" Crumbaugh
(Posting Later Maybe)

Vibing Your Way Through an Enterprise: How Attackers are Becoming More Sneaky
Matthew Eidelberg

PwnBook: Penetrating with Google's Chromebook
Corey Batiuk

Life, Death + the Nematodes: Long live Cyber Resilience!
Chad Calease

Data Data Everywhere but No One Stops to Think
Scott Thomas, Carl Hertz & Robert Wagner

Automation and Open Source: Turning the Tide on Attackers
John Grigg

w.e w.e Internet Explorer Does What It Wants
Aaron Heikkila

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

Hacker Tools, Compliments of Microsoft
David Fletcher & Sally Vandeven

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Dr. Jared DeMott

Over the Phone Authentication
Spencer Brown

Designing a Cloud Security Blueprint
Sarah Elie

To Fail is Divine
Danny Akacki

Zero to Owned in 1 Hour: Securing Privilege in Cloud, DevOps, On-Prem Workflows
Brandon Traffanstedt

Malware Mitigation Sample Detonation Intelligence Automation: Make Your Binaries Work for You
Adam Hogan

emulacra and emulation: an intro to emulating binary code with Vivisect
Atlas of D00m

SniffAir - An Open-Source Framework for Wireless Security Assessments
Matthew Eidelberg & Steven Daracott

Threat Hunting: the macOS edition
Megan Carney

The Hybrid Analyst: How Phishing Created A New Type of Intel Analyst
Rachel Giacobozzi

Dragnet: Your Social Engineering Sidekick
Truman Kain

Intelligence Creating Intelligence: Leveraging what you know to improve finding what you don,t
Tomasz Bania

Guaranteed Failure: Awareness The Greatest Cyber Insanity
Joshua "Naga" Crumbaugh

Threat Modeling: How to actually do it and make it useful
Derek Milroy

Structuring your incident response could be one of the most important things you do to bolster Security
Matt Reid

How this 20 Year Old Changed the Security Industry
James O'Neill

Stop Boiling The Ocean! How To Succeed With Small Gains
Joel Cardella

Do I have a signature to detect that malware?
Ken Donze

2018 SIEM Trends: What is my Mean Time to Value?
Bill Lampe

Advanced Attackers Hiding Inside Encrypted Traffic at the Endpoint
Jared Phipps

More Tales from the Crypt-Analyst
Jeff Man

My First year in Application Security
Whitney Phillips

Career Risk Management: 10 tips to keep you employed
Chris Burrows

Red vs Blue: The Untold Chapter
Aaron Herndon & Thomas Somerville

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Analyzing Multi-Dimensional Malware Dataset
Ankur Tyagi

Physicals, Badges, and why it matters
Alex Fernandez-Gatti

InSpec: Compliance as Code
Kent picat, Gruber

Bounty Hunters
J Wolfgang Goerlich

8/9/2018 Patreon, Bitchute, etc.
Hi all, I've set up a Patreon for those that want to help me increase the number of cons I can record each year. As a reminder, the videos I record appear on YouYube, Archive.org and BitChute for free, so don't complain about what I put on my site if you can't figure out how to get to the same content elsewhere. 😜
7/14/2018 OISF 2018 Videos
These are the videos from the OISF Anniversary Event.

Dr. John Carls

Catching the Social Engineer
Robert Stewart

Hacking Identity, A Pen Tester’s guide to IAM
Jerod Brennen

Active Defense: Helping the Threat Actors Hack Themselves
Matt Scheurer

Planning & Executing A Red Team Engagement
Tim Wright

6/23/2018 BSides Cleveland 2018 Videos
These are the videos from the Bsides Cleveland conference. Thanks to Rich, Nekko, justinschmitt &  as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.

Hacking Your Happiness
Chris Gates

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Reflective PE Unloading
Spencer McIntyre

One Puzzle Piece at a Time: Logging Quick Wins
Celeste Hall

Christine Stevenson

Using Technology to Defend Digital Privacy & Human Rights
Tom Eston

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

Abandoned Spaces: Reconstructing APT Campaigns From Lapsed Domains
Daniel Nagy

What's Changed In The New OWASP Top 10?
Bill Sempf

Raindance: Raining Recon from the Microsoft Cloud
Michael Stringer

Tools and Procedures for Securing .Net Applications
Sam Nasr

Hacking Identity: A Pen Tester's Guide to IAM
Jerod Brennen

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Securing Code - The Basics
Michael Mendez

The Marriage of Threat Intelligence and Incident Response or... Threat Hunting for the Rest of Us
Jamie Murdock

Wacky and Wild Security - Getting things under CIS Controls V7
Jeremy Mio

Interdisciplinary Infosec: Equifax, Individuation, and the Modern State
Thomas Pieragastini

Mobile Application Privacy and Analytics
Kevin Cody

Evolving the Teaching of Pen Testing in Higher Ed
Robert Olson

Go back to the basics with your processes: Improving operations without technology.
Mark Abrams

Anatomy of an Attack
John Fatten

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

6/14/2018 A Digital Handbook for the Recently Deceased
Article on dealing with a deceased person's financial and Internet accounts, and making it easier for others to do so when you pass.
6/8/2018 ShowMeCon 2018 Videos
These are the videos ShowMeCon 2018. Thanks to Renee & Dave Chronister (@bagomojo) and others for having me out to record and speak. Also thanks to my video crew @r3tr0_cod3x, James, Aaron, Jon and some other people I may have forgotten.


The Insecure Software Development Lifecycle: How to find, fix, and manage deficiencies within an existing methodology.
April C. Wright

The Sky Isn't Falling, But the Earth May be Shifting: How GDPR Could Change the Face of InfoSec
Cliff Smith

Gulliver's Travels: Security Exploits and Vulnerabilities Around the Globe
Kevin Johnson

From DDoS to Mining: Chinese Cybercriminals Set Their Sights on Monero
David Liebenberg

ANTI-OSINT AF: How to become untouchable
Michael James

Who's Watching the Watchers?
Nathan Sweaney

We don't have to worry about that, It's in the cloud
Arnar Gunnarsson

Paul Coggin

Getting Newcomers into Infosec: The Tribulations of the Auburn University Hacking Club
Matthew Rogers

Exploring Information Security Q&A Panel
Timothy De Block

Securing Windows with Group Policy
Josh Rickard

ATAT: How to take on the entire rebellion with 2-3 stormtroopers

How Hyperbolic Discounting is keeping your security program from succeeding
Jon Clark

Hijacking the Boot Process - Ransomware Style
Raul Alvarez

Building a Cyber Training Range on a Budget
Robert Guiler

Lessons Learned from Development and Release of Blacksmith (The Meltdown Defense Tool For Linux)
Jared Phipps

How to Train Your Kraken - Creating a Monster Out of Necessity
Sean Peterson

PowerShell exploitation, PowerSploit, Bloodhound, PowerShellMafia, Obfuscation, PowerShell Empire, the Empire has fallen, you CAN detect PowerShell exploitation
Michael Gough

Offensive Cartography
Trenton Ivey

The Wrong Kind of DevOps Talk - Now with Extra Badness!
Bobby Kuzma

This Job is Making Me Fat!
Thomas Smith

You'll understand when you are older
Amanda Berlin & David Cybuck

Bitcoin - The generation of private keys based on public keys, a live demonstration
Richard Dennis

6/3/2018 Circle City Con 2018 Videos
These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to @irishjack, @0DDJ0BB, @Ajediday, Jim, @securesomething, @AnarchistDalek, @KitWessendorf, @m3ch4n15m, @Valacia, @songsthatsaved, @mchandleraz, @christinemobes and other for helping set up AV and record.

Opening Ceremonies
Circle City Con Staff

Espionage In The Modern Age of Information Warfare
Scot Terban

The Never Ending Hack: Mental Health in InfoSec Community
Danny Akacki

The Network Night Watch
Eric Rand & Lesley Cahart

Held for Ransom with a Toy Gun
Brian Baskin

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

CTF Tips and Tricks
Aaron Lintile

Classic Cons in Cryptocurrency
Wolfgang Goerlich & Zachary Sarakun

Enterprise Vulnerability Management (Assessing, Implementing, and Maintaining)
Derek Milroy

Security Beyond the Security Team: Getting Everyone Involved
Luka Trbojevic

The consequences of lack of security in the Healthcare and how to handle it
Jelena Milosevic

Stealing Cycles, Mining Coin: An introduction to Malicious Cryptomining
Edmund Brumaghin & Nick Biasini

Applying Thermodynamic Principles to Threat Intelligence
Kyle Ehmke

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

How to Lie with Statistics, Information Security Edition
Tony Martin-Vegue

IoT 4n6: The Growing Impact of the Internet of Things on Digital Forensics
Jessica Hyde

A Very Particular Set of Skills: Geolocation Techniques For OSINT and Investigation
Chris Kindig

Rise of the Machines
Aamir Lakhani

Backdooring with Metadata
Itzik Kotler

Automahack - Automate going from zero to domain admin with 2 tools
Dan McInerney

Patching - It's Complicated
Cheryl Biswas

Containers: Exploits, Surprises and Security
Elissa Shevinsky

Playing Russian Troll Whack-a-Mole
Courtney Falk

The FaaS and the Curious - AWS Lambda Threat Modeling
Bryan McAninch

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

Quick Retooling in .Net for Red Teams
Dimitry Snezhkov

(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)
Jeff Man

Carrot vs. Stick: Motivation, Metrics, and Awareness
Magen Wu

Securing without Slowing: DevOps
Wolfgang Goerlich

Operator: The Well-Rounded Hacker
Matthew Curtin

Abuse Case Testing in DevOps
Stephen Deck

GreatSCT: Gotta Catch 'Em AWL
Chris Spehn

5/20/2018 NolaCon 2018 Videos
Recorded at NolaCon 2018. Thanks to @CurtisLaraque, @mikearbrouet, @openbayou, Cole & @klulue for the video recording help, and @nola_con, @erikburgess_, @NolaConYvonne & Rob for having me down to record.

Chasing the Adder... A Tale from the APT world
Stefano Maccaglia

Aww Ship! Navigating the vulnerabilities and attack surface of the maritime industry
John Sonnenschein

Hacking Dumberly, Just Like the Bad Guys
Tim Medin, Derek Banks

Automahack - Python toolchain for automated domain admin
Dan McInerney

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

You'll Understand When You're Older
Amanda Berlin

Skills For A Red-Teamer
Brent White, Tim Roberts

Hacking Smart Contracts--A Methodology
Konstantinos Karagiannis

Fighting Child Exploitation with Oculum
Andrew Hay, Mikhail Sudakov

How to tell cajun doctors they have bad cyber-hygiene and live
Joshua Tannehill

What Infosec in Oil & Gas can Teach us About Infosec in Healthcare
Damon J. Small

On the Hunt: Hacking the Hunt Group
Chris Silvers, Taylor Banks

Your Mac Defenestrated. Post OSXploitation Elevated.
FuzzyNop & Noncetonic

Keynote: Follow The Yellow Brick Road
Marcus J. Carey

We are the Enemy of the Good
Stephen Heath

Taking out the Power Grid's Middleman
Nathan Wallace, Luke Hebert

Privacy for Safety- How can we help vulnerable groups with privacy?

Cash in the aisles: How gift cards are easily exploited
Will Caput

Mind Games: Exploring Mental Health through Games
Todd Carr

Jump into IOT Hacking with Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

The Future of Digital Forensics
Imani Palmer

Changing the Game: The Impact of TRISIS (TRITON) on Defending ICS/SCADA/IIoT
Paul W. Brager Jr M.Sci, CISSP, GICSP, CISM

Ducky-in-the-middle: Injecting keystrokes into plaintext protocols
Esteban Rodriguez

Gamifying Developer Education with CTFs
John Sonnenschein & Max Feldman

Active Directory Security: The Journey
Sean Metcalf

HTTP2 and You
Brett Gravois

5/12/2018 BSides Detroit 2018 Videos
These are the videos from the BSides Detroit 2017 Conference.  Thanks to Ryan Harp (@th3b00st), Dan Falk (@dnfalk), Wolfgang Goerlich (@jwgoerlich), Matt Johnson (@mwjcomputing), Kyle Andrus (@chaoticflaws), Kate Vajda (@vajkat) and Chris Maddalena (@cmaddalena) for having me out and Samuel Bradstreet (@TeaPartyTechie), Leah Bradstreet,  Xavier Johnson, Ali Faraj, Camilla Martins, Ben Valentine, James Green, David Sornig, Steven Balagna,  Nick Papa, Lucas Gorczyca, J Parker Galbraith and others I may forget for helping to record.


Yes, You're an Impostor; now get back to work
Johnny Xmas

GRC - "What Would You Say You Do Here?"
Brian Martinez

Protecting Phalanges from Processor Pressure Points
Matthew Clapham

A Reporter's Look at OSINT
Hilary Louise
(Sorry, mic was off, but here is a longer version from GrrCon)

Nowhere to hide
Lucas Gorczyca

Know the Enemy - How to make threat intelligence work!
Nir Yosha

Hack like a Gohper
Kent Gruber

@taco_pirate's Art of Woo
Ben Carroll

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Practical Incident Response in Heterogenous Environment
Kevin Murphy & Stefano Maccaglia

Security KPIs - Measuring Improvement in Your Security Program
Steven Aiello

5/11/2018 Converge 2018 Videos
These are the videos from the Converge Information Security Conference. Thanks to Ryan Harp (@th3b00st), Dan Falk (@dnfalk), Wolfgang Goerlich (@jwgoerlich), Matt Johnson (@mwjcomputing), Kyle Andrus (@chaoticflaws), Kate Vajda (@vajkat) and Chris Maddalena (@cmaddalena) for having me out and Samuel Bradstreet (@TeaPartyTechie), Leah Bradstreet,  Xavier Johnson, Camilla Martins, Ben Valentine, James Green, David Sornig, Steven Balagna,  Nick Papa, J Parker Galbraith and others I may forget for helping to record.


Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Winning the cybers by measuring all the things
Jim Beechey

Social Engineering for the Blue Team
Timothy De Block

The Emerging Product Security Leader Discipline
Matthew Clapham

Server Message Block Worms: The gift that keeps on giving
Matthew Aubert

Don't Fear the Cloud: Secure Solutions at Lower Cost
Matt Newell

DevSecOps: Security Testing with CI/CD Automation Servers
Ed Arnold

Backdooring With Metadata
Itzik Kotler

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Nick Defoe

Securing ASP.NET Core Web Apps
Dustin Kingen

All the Bacon: How Lesley Knope and Ron Swanson encourage community growth
Kevin Johnson

ATT&CK Like an Adversary for Defense Hardening
Steve Motts & Christian Kopacsi

Unblockable Chains – Is Blockchain the ultimate malicious infrastructure?
Omer Zohar
(may post later)

Richard Cassara

The Things You Should Be Doing Defensively Right Now
Joel Cardella

Held Hostage: A Ransomware Primer
Nick Hyatt

Prowling: Better Penetration Testing
J Wolfgang Goerlich

Automating Web App security in AWS
Luther Hill

Finding the Money to Run an Effective Security Program
Matt Topper

Cryptocurrency- The Internetwide Bug Bounty Program
Brian Laskowski

Hacking Identity: A Pen Tester,s Guide to IAM
Jerod Brennen

4/29/2018 BSidesCharm 2018 Videos
These are the videos BSidesCharm (Baltimore) 2018. Thanks for inviting me down to record. Thanks to my video team Shawn Thomas, Cory, Terry Holman, Thomas Moses, Jason Presmy and Martin Veloso.

Jessica Payne

To AI or Not to AI? What the US Military Needs for Fighting Cyber Wars
Ernest Wong

Preparing for Incident Handling and Response within Industrial Control Networks
Mark Stacey

FailTime:​ ​ Failing​ ​ towards​ ​ Success
Sean Metcalf

Getting Saucy with APFS! - The State of Apple’s New File System
Sarah Edwards

Basic Offensive Application of MOF Files in WMI Scripting
Devon Bordonaro

An Open Source Malware Classifier and Dataset
Phil Roth

Counting Down to Skynet
Nolan Hedglin

How we reverse engineered OSX/Pirrit, got legal threats and survived
Amit Serper

Threat Activity Attribution: Diferentiatinn the Who from the How
Joe Slowik

Quantify your hunt: not your parents’ red teaming
Devon Kerr

Internet Anarchy & The Global March toward Data Localization
Andrea Little Limbago

Powershell Deobfuscation: Putting the toothpaste back in the tube
Daniel Grant

Effective Monitoring for Operational Security
Russell Mosley Ryan St. Germain

Plight at the end of the Tunnel
Anjum Ahuja

Rise of the Miners
Josh Grunzweig

Malware Analysis and Automation using Binary Ninja
Erika Noerenberg

Between a SOC and a Hard Place
Shawn Thomas Andrew Marini James Callahan Dustin Shirley

Using Atomic Red Team to Test Endpoint Solutions
Adam Mathis

Exercise Your SOC: How to run an effective SOC response simulation
Brian Andrzejewski

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers Barrett Adams

Building a Predictive Pipeline to Rapidly Detect Phishing Domains
Wes Connell

Closing Ceremonies

4/14/2018 BSides Nashville 2018 Videos
These are the videos BSides Nashville 2018. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Gabe Basset, Geoff Collins, Cameron and others for helping set up AV and record.


Know Your Why
Oladipupo (Ladi) Adefala

Deploying Microsoft Advanced Threat Analytics in the Real World
Russell Butturini

An Oral History of Bug Bounty Programs
Dustin Childs

Blue Cloud of Death: Red Teaming Azure
Bryce Kunz

Brian Contos

Changing Who Writes the Queries: High-Leverage IR with Visual Playbooks & Visual Graph Analysis
Leo Meyerovich

Learning to Hack the IOT with the Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

Hacking the Users: Developing the Human Sensor and Firewall
Erich Kron

Community Based Career Activities or How Having Fun Can Help You with Your Career
Kathleen Smith, Cindy Jones,Doug Munro, Magen Wu

Hillbilly Storytime - Pentest Fails
Adam Compton

See the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How?
Bruce Wilson

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

Growing Up to be a Infosec Policy Driven Organization
Frank Rietta

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers, Barrett Adams

Hacking VDI 101
Patrick Coble

Evaluating Injection Attack Tools Through Quasi-Natural Experimentation
John O'Keefe-Odom

Social Engineering for the Blue Team
Timothy De Block

4/6/2018 AIDE 2018 Videos
Recorded at AIDE 2018. Big thanks to Bill Gardner (@oncee) for having me out to record.

On Business Etiquette and Professionalism in the Workplace
Tess Schrodinger

InfoSec by the Numbers
Bill Gardner

Practical OSINT - Tools of the trade
Tom Moore

Potentially unnecessary and unwanted programs (a.k.a. PUPs)
Josh Brunty

How To Test A Security Awareness Program
Matt Perry

Disrupting the Killchain
Amanda Berlin

I have this piece of paper, now what?
Brandon Miller

Statistics Lie...Except About Passwords
Jeremy Druin

3/24/2018 BSides Chattanooga 2018 Videos
These are the videos from the BSides Chattanooga conference. Thanks to Ron and Kevin for having me out, and John for helping record.


Red vs Blue and why We are doing it wrong
Chris Roberts

The Semi-Comprehensive Guide to Setting Up a Home Lab
Andrew Williams

Lessons learned from a OWASP Top 10 Datacall
Brian Glas

Attacker vs. Defender: Observations on the Human Side of Security
Todd O'Boyle

The Gilligan Phenomenon: Fixing The Holes In the Ransomware And Phishing Boats
Eric Kron

Machine Learning and Cyber Security: How Smart is Can it Be?
Shayne Champion


3/10/2018 BSides Indy 2018 Videos
These are the videos from the BSides Indy conference. Thanks to Frank, MzBat for having me up, and Nate for helping with AC.


Lessons Learned - A 15 year Retrospective
Price McDonald

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

The Pillars of Continuous Incident Response
Brad Garnett

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Social Engineering for the Blue Team
Timothy De Block

Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail
Chris Reed

Creating a Cyber Volunteer Department
Ray Davidson

Frank Diaz

3/2/2018 BSides Columbus 2018 Videos
These are the videos from the BSides Columbus Ohio conference. Thanks to Mitch & Michael Spaulding for having me up and those who manned the video rigs.

Dave Kennedy

Automating Security Testing with the OWTF
Jerod Brennen

Looks Like Rain Again: Secure Development in the Cloud
Bill Sempf

How Stuxnet Ruined My Life For 6 Months (But I Got To Fly 1st Class A Lot)
Chris Raiter, Jeremy Smith

Emotet - Banking Malware With A Bite
Bradley Duncan

Kevin Burkart

Cryptology: It’s a Scalpel, not a Hammer
Mikhail Sudakov

Pass the Apple Sauce: Mac OS X Security Automation for Windows-focused Blue Teams
Brian Satira

Why People Suck at Delivery: How to get your security projects off the ground and into production!
Nick d'Amato

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Are you ready for my call? Security researcher insights into Responsible Disclosure.
Jason Kent

Everything you always wanted to ask a hiring manager, but were afraid to ask!
Mike Spaulding


Deep Learning for Enterprise: Solving Business Problems with AI
Christian Nicholson

Building Jarvis
Stephen Hosom

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Shifting Application Security Left
Craig Stuntz

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

Security and Networking: Dual Purpose Tools
Cody Smith

Cybereason's Jim VanDeRyt - Fileless Malware Breakout Session
Jim VanDeRyt

The Quieter You Become, the More You’re Able to (H)ELK
Nate Guagenti, Roberto Rodriquez

2/24/2018 BSides NOVA 2018 Videos
These are the videos from BSides NOVA 2018. Thanks to those who manned the video rigs and helped set u

AM Keynote
Matt Devos

Deep Dive in the Dark Web (OSINT Style)
Kirby Plessas

PM Keynote
Jack Daniel

Adding Pentest Sauce to your Vulnerability Management Recipe
Luke Hudson, Andrew McNicol

The Value of Design in Cyber Threat Intelligence
Devon Rollins

DNC Hacked Data in the Hands of a Trained Intelligence Professional
Wally Prather, Dave Marcus

Your Facts Are Not Safe With Us: Russian Information Operations as Social Engineering
Meagan Keim

DECEPTICON: Deceptive Techniques to Derail OSINT attempts
Joe Gray

I Thought Renewing the Domain Name Was Your Job?
Allan Liska

Automating Unstructured Data Classification
Malek Ben Salem

Vulnerability Patched in Democratic Donor Database
Josh Lospinoso

Living in a world with insecure Internet of Things (IoT)
Marc Schneider

Vulnerability Accountability Levers and How You Can Use Them
Amelie Koran

Cyber Mutual Assistance - A New Model for Preparing and Responding to Cyber Attack
David Batz

Rethinking Threat Intelligence
Tim Gallo

What Color Is Your Cyber Parachute?
Cliff Neve, Candace King, Kazi Islam, Trey Maxam, Amelie Koran

Feds Meet Hackers
Ariel Robinson, Alyssa, Feola, Gray Loftin, Beau Woods, Amélie E. Koran

Recruiting in Cyber
Dan Waddel, Kathleen Smith, Suzie Grieco, Sabrina Iacarus, Kirsten Renner, Karen Stied

How to get started in Cybersecurity
John Stoner

Improving Technical Interviewing
Forgotten Sec

Ask An Expert: Cyber Career Guidance and Advice
Micah Hoffman, Bob Gourley, John TerBush, Chris Gates, Kirby Plessas, Lea Hurley, Neal Mcloughlin, Ovie Carroll, Sarah Edwards, Tigran Terpandjian, Willie Lumpkin

2/17/2018 BSides Tampa 2018
These are the videos from the BSides Tampa conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. Special thanks to my video crew: Julian, Andrew Schiro, Austin Ford, John Mejia, Michael Iglesias, Micheal Milford, Mike Ziolkowski,  Patty Morris, Robin Noyes

Cyber Assurance - Testing for Success
Col. John Burger

You Can Run..but you cant hide!
Bruce Anderson

Red Team Apocalypse
Beau Bullock and Derek Banks

Advanced Persistent Security
Ira Winkler

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers and Barrett Adams

The Shoulders of InfoSec
Jack Daniels

Blockchain: The New Digital Swiss Army Knife?
G. Mark Hardy

Modern Day Vandals and Thieves: Wireless Edition
David Switzer and Jonathan Echavarria

Fraud; Should you worry?
Greg Hanis

A Security Look at Voice-Based Assistants
David Vargas

Hackers Interrupted
Alex Holden

Insane in the Mainframe: Taking Control of Azure Security
Jeremy Rassmusen

MiFare lady Teaching an old RFID new tricks
Daniel Reilly

Medical Device Security: State of the Art in 2018
Shawn Merdinger
(not recorded)

Weaponizing IoT - NOT!
Kat Fitzgerald
(not recorded)

Blue Team's tool dump. Stop using them term NeXt-Gen this isn't XX_Call of Duty_XX.
Alex Kot

Exploiting Zillow "Zestimate" for Reckless Profit
Robert "RJ" Burney

Self Healing Cyber Weapons
Logan Hicks

Ransomware: A Declining Force in Today's Threat Landscape
Brad Duncan

Modern web application security
Julien Vehent

Advanced Social Engineering and OSINT for Penetration Testing
Joe Gray

Critical Infrastructure & SCADA Security 101 for Cybersecurity Professionals
Juan Lopez

Exothermic Data Destruction: Defeating Drive Recovery Forensics
Nikita Mazurov and Kenneth Brown

Derrick's Thank Yous
12/08/2017 BSidesPhilly 2017 Videos
These are the videos from BSides Philadelphia 2017. Thanks to Mark, Mike, Austin, John, David and others I'm forgetting for helping with the video.

Innovating for 21st Century Warfare
Ernest "Cozy Panda" Wong

MFA, It's 2017 and You're Still Doing Wrong
Presented by Dan Astor and Chris Salerno.

Out With the Old, In With the GNU

IoT devices are one of the biggest challenges
Charles @libertyunix Sgrillo

Evading C2 Detection with Asymmetry
By Brandon Arvanaghi and Andrew Johnston

Abusing Normality: Data Exfiltration in Plain Site
Aelon Porat

Smarter ways to gain skills, or as the DoD puts it
Dr. P. Shane Gallagher, Institute for Defense Analyses, and Evan Dornbush, co-founder, Point3 Security, Inc.

Game of the SE: Improv comedy as a tool in Social Engineering
Danny Akacki - Security Monkey

File Polyglottery; or, This Proof of Concept is Also a Picture of Cats
Evan Sultanik

Your Facts Are Not Safe With Us: Russian Information Operations As Social Engineering
Meagan Dunham Keim

Supercharge Your SOC with Sysmon
Chris Lee & Matthew Giannetto

Threat Hunting: Defining the Process While Circumventing Corporate Obstacles
Kevin Foster, Matt Schneck, Ryan Andress

Put up a CryptoWall and Locky the Key - Stopping the Explosion of Ransomware

Web Hacking 101 Hands-on with Burp Suite
David Rhoades of MavenSecurity.com

Hacker Mindset
David Brown: CISSP, CISM, IAM

11/29/2017 SecureWV/Hack3rcon2017
These are the videos of the presentations from Secure West Virginia 2017. Thanks to Justine, Tim, Morgan, Kevin, Todd & Roy for helping record.

Benny Karnes

Fighting Advanced Persistent Threats with Advanced Persistent Security
Ira Winkler

Coming Up with the Next Wave of Cyber Innovations-Start by Thinking 1ns1d3 th3 B0x
Ernest Wong

I survived Ransomeware.... Twice
Matt Perry

Value of threat intelligence

SDR & RF Hacking Primer
Andrew Bindner

Digital Forensic Analysis: Planning and Execution
John Sammons

Intro to WireShark
Josh Brunty

Secrets of Superspies
Ira Winkler

Total Recall: Using Implicit Memory as a Cryptographic Primitive
Tess Schrodinger

IoT Panel

Hillbilly Storytime - Pentest Fails
Adam Compton

Hackers, Hugs and Drugs
Amanda Berlin

FLDigi - E-mail over Packet Radio
Aaron West and Rob West

From junk to jewels: Destruction is the key to building
Branden Miller & Audrey Miller

SCAP: A Primer and Customization
Scott Keener

Security Through Ansible Automation
Adam Vincent

Vehicle Forensics: An Emerging Source of Evidence
John Sammons

Network Forensics using Kali Linux and/or SANS Sift
Josh Brunty

911 DDOS
Dianiel Efaw

Pi's, Pi's and wifi
Steve Truax

Technical Testimony: Doing the Heavy Lifting for the Jury
John Sammons

Emergent Gameplay
Ron Moyer



GrrCON 2017 Videos
These are the videos of the presentations from GrrCON 2017. Big thanks to EggDropX and Jaime for having me out, and my video crew  (paint27, Erick, & brettahansen) for recording.


Jayson E Street

Population Control Through The Advances In Technology…
Chris Roberts

(sorry for the music in back ground)

You Got Your SQL Attacks In My Honeypot
Andrew Brandt

3rd Party Data Burns
Arron "Finux" Finnon

Morphing to Legitimate Behavior Attack Patterns
Dave Kennedy

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF
Jerod Brennen

Oops! Was that your pacemaker?
Charles Parker, II

10 Cent Beer Night: The World we now Live In
Johnny Xmas

Realizing Software Security Maturity: The Growing Pains & Gains
Mark Stanislav & Kelby Ludwig

Cyber, Cyber, Cyber - Using the killchain to accomplish something
Amanda Berlin

An Employee, their Laptop and a Hacker walk into a Bar
Shannon Fritz

Eye on the Prize - a Proposal for Legalizing Hacking Back
Adam Hogan

I've got a (Pocket) Bone to pick with you
Dr Phil Postra


Topic depends on number of federal agents in audience
Atlas of Doom

Embedding Security in Embedded Systems
Dr. Jared DeMott

National Guard for Cyber? How about a Volunteer Cyber Department?
Ray Davidson

Red Team Yourself
Thomas Richards

An Attack Pathway Into Your Organization? Reducing risk without reducing operational efficiency
David Adamczyk

Pen Test War Stories - Why my job is so easy, and how you can make it harder
Aaron Herndon

Skills For A Red-Teamer
Brent White & Tim Roberts

ProbeSpy: Tracking your past, predicting your future

vAp0r and the Blooming Onion
Justin Whitehead & Jim Allee

A GRReat New Way of Thinking about Innovating for Cyber Defense (and even Cyber Offense)
Ernest "Cozy Panda" Wong

Threat Intelligence: Zero to Basics in presentation
Chris J

Learning from InfoSec Fails
Derek Milroy

A Reporter's Look at Open Source Intelligence
Hilary Louise

Hidden Treasure: Detecting Intrusions with ETW
Zac Brown

The Black Art of Wireless Post-Exploitation
Gabriel "solstice" Ryan

Mi Go

Change is Simply an Act of Survival: Predicting the future while shackled to the past
Bil Harmer

Dissecting Destructive Malware and Recovering from Catastrophe
Bryan York

Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm Gladwel
Jim Wojno & Dan Kieta

How do you POC? Are you really testing a product
Ken Donze

Tales From The Trenches: Practical Information Security Lessons
Michael Belton

Securing the Internet of Things (IoT) -Through Security Research and Vulnerability Analysis
Deral Heiland

The Future of Cyber Security
Anthony Sabaj

Building a Usable Mobile Data Protection Strategy
David "Heal" Schwartzberg

Software Defined Segmentation
Matt Hendrickson

The Shuttle Columbia Disaster: Lessons That Were Not Learned
Joel "I love it when they call me Big Poppa" Cardella

Infrastructure Based Security
Chris Barnes

Defending The De-funded
Keith Wilson

Real-World Red Teaming

We got it wrong
Wolfgang Goerlich

Critical Incident: Surviving my first layoff by applying BCP/DRP Principles
Tom Mead

9/25/2017 Derbycon 7 Videos
I still have a lot of work to do, but here are the Derbycon 2017 videos. Working on fixing major audio sync issues as I can. Big thanks to my video jockeys Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, nightcarnage, Evan Davison, Tim Sayre, Morgan, Ben Pendygraft, Steven (SciaticNerd), Cory Hurst, Sam Bradstreet, MadMex, Curtis Koenig, Jonathan Zentgraf, James Hurst, Paint27, Chris, Lenard.
9/21/2017 Derbycon Streams
This page links to the streams for the different tracks when we start streaming Friday from Derbycon.


15 most recent posts on Irongeek.com:

    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast