A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Derbycon 2019 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2019 Videos

These are the videos of the presentations from Derbycon 2019. Big thanks to my video jockeys AlexGatti, nightcarnage, securid, theglennbarrett, LenIsham, someninjamaster, SciaticNerd CoryJ1983, Skiboy941, livebeef, buccaneeris, mjnbrn, sfzombie13, kandi3kan3, ZTC1980, soc_analyst, m3l1e, primestick, dmmeurdebitcard, Mel  and TeaPartyTechie.

Friday

TIME Track 1 upstairs marriott I II III IV Track 2 upstairs marriott VII VIII IX X Track 3 downstairs kentucky E
8:30 - 8:55 Opening Ceremony - DerbyCon Team  
9:00 - 9:50 Opening Keynote - Presented by Ed Skoudis  
10:00 - 10:50 Derbycon Story Time Panel - Presented by Dustin Heywood (Evil Mog) and others  
11:00 - 11:50 Lunch - on your own
12:00 - 12:50 Dynamic Risk Taking and Social Engineering - Chris Hadnagy Metasploit Town Hall Finale - Brent Cook, Aaron Soto, Jeffrey Martin, Matthew Kienow
(Almost all noise, sorry)
Well, what have we here? A year of cyber deception, attribution and making attackers rethink their life choices. - John Strand
1:00 - 1:50 Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory Corruption Exploits - Dr. Jared DeMott, John Stigerwalt I PWN thee, I PWN thee not! - Jayson E Street
(Bad audio)
BloodHound From Red to Blue - Mathieu Saulnier
2:00 - 2:50 "How do I detect technique X in Windows?" Applied Methodology to Definitively Answer this Question - Matt Graeber Scientific computing for information security - forging the missing link - Ryan Elkins Azure Sentinel - A first look at Microsoft's SIEM Solution - Carl Hertz
3:00 - 3:50 To CORS! The cause of, and solution to, your SPA problems! - Tim (lanmaster53) Tomes, Kevin Cody Defeating Next-Gen AV and EDR: Using Old (And New) Tricks on New Dogs - Nick Lehman (Graph-X), Steve Eisen (Rum Twinkies) Behavioral Security and Offensive Psychology at Scale - Samantha Davison, Josh Schwartz
4:00 - 4:50 Not A Security Boundary: Breaking Forest Trusts - Will Schroeder, Lee Christensen The Hackers Apprentice - Mark Baggett PowerShell Security: Looking Back from the Inside - Lee Holmes
5:00 - 5:50 Enabling The Future (Panel) - Dave Kennedy, Jess Walpole, Scott Angelo, Kevin Baker How to Tell the C-Level Their Baby is Ugly - Heather Smith Cyber false flags and adversarial counterintelligence, oh..  - Jacob Williams
6:00 - 6:50
Concert setup
Hacker Jeopardy Setup
7:00 - 7:50
       
TIME Talks downstairs B, C, & D
   
12:00 - 12:25 Bypassing MacOS Detections With Swift - Cedric Owens
12:30 -12:55 IPv6 Security Considerations - For When "Just Turn It Off" Isn't Good Enough - Jason Lewis
1:00 -1:25 Last Minute Offensive Machine Learning James Bower
1:30 - 1:55 SCADA: What the next Stuxnet will look like and how to prevent it - Joseph Bingham
2:00 - 2:25 Designing & building a stealth C2 LDAP channel - Rindert Kramer
2:30 - 2:55 There's No Place like (DUAL)Homed. - David E Young Jr
3:00 - 3:25 Modlishka - Is a Mantis Eating 2FA's Lunch? - Lance Peterman
3:30 - 3:55 Hacking Humans: Addressing Vulnerabilities in the Advancing Medical Device Landscape - Gabrielle Hempel
4:00 - 4:25 It Must Be Fancy Bear! - Xena Olsen
4:30 - 4:55 Getting the most out of your covert physical security assessment - A Client’s Guide - Brent White, Tim Roberts
5:00 - 5:25 Getting dirty on the CANBUS - Justin Herman
5:30 - 5:55 Automated Dylib Hijacking - Jimi Sebree
6:00 - 6:25 Phishing past Mail Protection Controls using Azure Information Protection (AIP) - Oddvar Moe, Hans Lakhan

 

Saturday

TIME Track 1 upstairs marriott I II III IV Track 2 upstairs marriott VII VIII IX X Track 3 downstairs kentucky E
9:00 - 9:50 42: The answer to life, the universe, and everything offensive security - Will Pearce, Nick Landers Collect All the Data - Protect All the Things - Aaron Rosenmund Catching Cyber Criminals – Investigative techniques to identify modern threat actors and the clues they leave behind during data breaches - Vinny Troia
10:00 - 10:50 kubered - Recipes for C2 Operations on Kubernetes - Larry Suto, Jeff Holden Lying in Wait: Discovering and Exploiting Weaknesses in Automated Discovery Actions - Timothy Wright, Jacob Griffith COM Hijacking Techniques - David Tulis
11:00 - 12:00 Lunch - on your own
12:00 - 12:50 Testing Endpoint Protection: How Anyone Can Bypass Next Gen AV - Kevin Gennuso Inter-chip communication - Testing end-to-end security on IoT - Deral Heiland Assumed Breach: A Better Model for Penetration Testing - Mike Saunders
1:00 - 1:50 Adventures in Azure Privilege Escalation - Karl Fosaaen REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure - Matthew Szymanski StringSifter: Learning to Rank Strings Output for Speedier Malware Analysis - Philip Tully, Matthew Haigh, Jay Gibble, Michael Sikorski
2:00 - 2:50 Breaking & Entering via SDR, or How I defeated Wiegend over UHF/VHF, or your apartment isn't safe... - Tim Shelton The "Art" of The BEC - What Three Years of Fighting Has Taught Us - Ronnie Tokazowski Practical Heuristic Exploitation - Kelly Villanueva
3:00 - 3:50 Assessing IoT Surveillance - Arlo - Jimi Sebree BloodHound: Head to Tail - Andy Robbins, Rohan Vazarkar Full Steam Ahead: Serverless Hacking 101 - Tal Melamed
4:00 - 4:50 Next-gen IoT botnets - leveraging cloud implementations for shells on 500k IoTs - Alex "Jay" Balan Red Team Methodology: A Naked Look - Jason Lang Five Mistakes We Wish Users Would Stop Making - Lesley Carhart, Chelle Clements, April C. Wright, Amanda Berlin, Lee Neely (moderator)
5:00 - 5:50 Attacking with Automation: How Office 365 automation provides another new risk to the cloud - Trent Lo API Keys, Now What? Taking the Pen Test Into the Amazon Cloud - Jim Shaver
Whose Slide is it Anyway setup
6:00 - 6:50 Concert setup
       
TIME Stable Talks downstairs B, C, & D
9:00 - 9:25 The $19.95 anonymous cyber profile - Patrick Matthews
9:30 - 9:55 Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty - James Condon
10:00 - 10:25 Build your own multi-user password manager using open source software - Michael Vieau, Kevin Bong
10:30 - 10:55 No class, Low Tech, High damage - Tom Ruff
11:00 - 11:25
Lunch - on your own
11:30 - 11:55
12:00 - 12:25 Early Detection Through Deception - Jason Nester
12:30 -12:55 The quest for 10g IDS - Harold Tabellion
1:00 -1:25 Swagger Defense - Mick Douglas, Pete Petersen
1:30 - 1:55 Kerberoasting Revisited - Will Schroeder
2:00 - 2:25 Hacking While Blind. - Joe B (TheBlindHacker)
2:30 - 2:55 Choose Your Own TTX: Redefining the Incident Response Table Top Exercise - Jamison Budacki
3:00 - 3:25 Hunting Phish Kits - Josh Rickard
3:30 - 3:55 One woman's journey to CISO leveraging Social Engineering - Kate Mullin
4:00 - 4:25 SharPersist: Windows Persistence Toolkit in C# - Brett Hawkins
4:30 - 4:55 Are you ready to leverage DevSecOps? Get ready and use it for good. - Nicole Schwartz aka CircuitSwan formerly AmazonV
5:00 - 5:25 Shadow IT in the Cloud - Marisa Dyer, Jessica Hazelrigg
5:30 - 5:55 .NET Manifesto - Win Friends and Influence the Loader - Casey Smith
6:00 - 6:25 Confessions of an IT / OT Marriage Counselor - Lesley Carhart

 

Sunday

TIME Track 1 upstairs marriott I II III IV Track 2 upstairs marriott VII VIII IX X Track 3 downstairs kentucky E
9:00 - 9:50 Quiet time :) Rise of the Machines // using machine learning with GRC - Justin Leapline, Rick Yocum Unix: the Other White Meat - Adam Compton, David Boyd
10:00 - 10:50 I sim(ulate), therefore i catch: enhancing detection engineering with adversary simulation - Mauricio Velazco How to Give the Gift That Keeps on Giving - Your Knowledge - Jason Blanchard RFID sniffing, under your nose and in your face! - Rich Rumble
11:00 - 11:50 Active Directory Security: Beyond the Easy Button - Sean Metcalf The Backup Operators Guide to the Galaxy - Dave Mayer Product Security Shouldn't be Painful - Wim Remes
12:00 - 12:50 Incident response on macOS - Thomas Reed SS7 for INFOSEC - Paul Coggin Hunting Webshells: Tracking TwoFace - Josh Bryant, Robert Falcone
1:00 - 1:50 Red Team Level over 9000! Fusing the powah of .NET with a scripting language of your choosing: introducing BYOI (Bring Your own Interpreter) payloads. - Marcello Salvati Empathy as a Service to Create a Culture of Security - Tracy Z. Maleeff Improving CACTUSTORCH payloads - Ryan Linn
2:00 - 2:50 Adversarial Emulation - Bryson Bort Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting - Emilio Gonzalez, Francis Labelle Quiet time :)
3:00 - 3:30 Closing Ceremony Setup  
3:30 - 4:30 Closing Ceremony  
       
TIME Stable Talks downstairs B, C, & D
9:00 - 9:25 Python Two birds with one stone - Andy Cooper
9:30 - 9:55 Invoke-GreatBirdOfCommonKnowledge - Gathering what is scattered with ATT&CK, an Atomic Bird, and a bit of homegrown PowerShell... - Walter Legowski
10:00 - 10:25 Adventures in systemd injection - Stuart McMurray
10:30 - 10:55 Frag, You're It - Hacking Laser Tag - Eric Escobar
11:00 - 11:25 Waking up the data engineer in you! - Jared Atkinson
11:30 - 11:55 Old Tools, New Tricks: Hacking WebSockets - Michael Fowl, Nick Defoe
12:00 - 12:25 Endpoint Detection Super Powers on the cheap, with Sysmon - Olaf Hartong
12:30 -12:55 Quiet time :)
1:00 -1:25 Automating Hashtopolis - EvilMog
1:30 - 1:55 Social Engineering in Non-Linear Warfare - Bill Gardner
2:00 - 2:25 How to cook a five star meal from the convenience of your hotel room - Micah K Brown
2:30 - 3:00 Virtual Smart Cards for Lab Environments - Eddie David

Downloads:
https://archive.org/details/derbycon9

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast