Derbycon 2019 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)
Derbycon 2019 Videos
These are the videos of the presentations from Derbycon 2019.
Big thanks to my video jockeys
AlexGatti,
nightcarnage,
securid,
theglennbarrett,
LenIsham,
someninjamaster,
SciaticNerd,
CoryJ1983,
Skiboy941,
livebeef,
buccaneeris,
mjnbrn,
sfzombie13,
kandi3kan3,
ZTC1980,
soc_analyst,
m3l1e,
primestick,
dmmeurdebitcard, Mel and
TeaPartyTechie.
Friday
TIME |
Track 1 upstairs marriott I II III IV |
Track 2 upstairs marriott VII VIII IX X |
Track 3 downstairs kentucky E |
8:30 - 8:55 |
Opening Ceremony - DerbyCon Team |
|
9:00 - 9:50 |
Opening Keynote - Presented by Ed Skoudis |
|
10:00 - 10:50 |
Derbycon Story Time Panel - Presented by Dustin Heywood (Evil Mog) and
others |
|
11:00 - 11:50 |
Lunch - on your own |
12:00 - 12:50 |
Dynamic Risk Taking and Social Engineering - Chris Hadnagy |
Metasploit Town Hall Finale - Brent Cook, Aaron Soto, Jeffrey Martin,
Matthew Kienow
(Almost all noise, sorry) |
Well, what have we here? A year of cyber deception, attribution and
making attackers rethink their life choices. - John Strand |
1:00 - 1:50 |
Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory
Corruption Exploits - Dr. Jared DeMott, John Stigerwalt |
I PWN thee, I PWN thee not! - Jayson E Street
(Bad audio) |
BloodHound From Red to Blue - Mathieu Saulnier |
2:00 - 2:50 |
"How do I detect technique X in Windows?" Applied Methodology to
Definitively Answer this Question - Matt Graeber |
Scientific computing for information security
- forging the missing link
- Ryan Elkins |
Azure Sentinel - A first look at Microsoft's SIEM Solution - Carl Hertz |
3:00 - 3:50 |
To CORS! The cause of, and solution to, your SPA problems! - Tim
(lanmaster53) Tomes, Kevin Cody |
Defeating Next-Gen AV and EDR: Using Old (And New) Tricks on New Dogs -
Nick Lehman (Graph-X), Steve Eisen (Rum Twinkies) |
Behavioral Security and Offensive Psychology at Scale - Samantha
Davison, Josh Schwartz |
4:00 - 4:50 |
Not A Security Boundary: Breaking Forest Trusts - Will Schroeder, Lee
Christensen |
The Hackers Apprentice - Mark Baggett |
PowerShell Security: Looking Back from the Inside - Lee Holmes |
5:00 - 5:50 |
Enabling The Future (Panel) - Dave Kennedy, Jess Walpole, Scott Angelo,
Kevin Baker |
How to Tell the C-Level Their Baby is Ugly - Heather Smith |
Cyber false flags and adversarial counterintelligence, oh.. - Jacob
Williams |
6:00 - 6:50 |
Concert setup
|
Hacker Jeopardy Setup
|
7:00 - 7:50 |
|
|
|
|
Saturday
TIME |
Track 1 upstairs marriott I II III IV |
Track 2 upstairs marriott VII VIII IX X |
Track 3 downstairs kentucky E |
9:00 - 9:50 |
42: The answer to life, the universe, and everything offensive security
- Will Pearce, Nick Landers |
Collect All the Data - Protect All the Things - Aaron Rosenmund |
Catching Cyber Criminals – Investigative techniques to identify modern
threat actors and the clues they leave behind during data breaches -
Vinny Troia |
10:00 - 10:50 |
kubered - Recipes for C2 Operations on Kubernetes - Larry Suto, Jeff
Holden |
Lying in Wait: Discovering and Exploiting Weaknesses in Automated
Discovery Actions - Timothy Wright, Jacob Griffith |
COM Hijacking Techniques - David Tulis |
11:00 - 12:00 |
Lunch - on your own |
12:00 - 12:50 |
Testing Endpoint Protection: How Anyone Can Bypass Next Gen AV - Kevin
Gennuso |
Inter-chip communication - Testing end-to-end security on IoT - Deral
Heiland |
Assumed Breach: A Better Model for Penetration Testing - Mike Saunders |
1:00 - 1:50 |
Adventures in Azure Privilege Escalation - Karl Fosaaen |
REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure -
Matthew Szymanski |
StringSifter: Learning to Rank Strings Output for Speedier Malware
Analysis - Philip Tully, Matthew Haigh, Jay Gibble, Michael Sikorski |
2:00 - 2:50 |
Breaking & Entering via SDR, or How I defeated Wiegend over UHF/VHF, or
your apartment isn't safe... - Tim Shelton |
The
"Art" of The BEC - What Three Years of Fighting Has Taught Us -
Ronnie Tokazowski |
Practical Heuristic Exploitation - Kelly Villanueva |
3:00 - 3:50 |
Assessing IoT Surveillance - Arlo - Jimi Sebree |
BloodHound: Head to Tail - Andy Robbins, Rohan Vazarkar |
Full Steam Ahead: Serverless Hacking 101 - Tal Melamed |
4:00 - 4:50 |
Next-gen IoT botnets - leveraging cloud implementations for shells on
500k IoTs - Alex "Jay" Balan |
Red Team Methodology: A Naked Look - Jason Lang |
Five Mistakes We Wish Users Would Stop Making - Lesley Carhart, Chelle
Clements, April C. Wright, Amanda Berlin, Lee Neely (moderator) |
5:00 - 5:50 |
Attacking with Automation: How Office 365 automation provides another
new risk to the cloud - Trent Lo |
API Keys, Now What? Taking the Pen Test Into the Amazon Cloud - Jim
Shaver |
Whose Slide is it Anyway setup
|
6:00 - 6:50 |
Concert setup |
|
|
|
|
Sunday
15 most recent posts on Irongeek.com: