A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Derbycon 2012 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)


Derbycon 2012 Videos

Hope you enjoyed the con! Here are the videos from Derbycon 2012. We had a few recording SNAFUs, but all in all it went very well. For the descriptions of the talks click a talk link below or  go to the Derbycon page. Feel free to link or embed elsewhere, but I'd appreciate it if you link back to the Derbycon and Irongeek.com sites. Hope you make it to the con next year! Also, I've uploaded the large AVI version to Archive.org, which will convert them to other smaller formats shortly. See the bottom of the page for a download link.

Track 1 - Track 4 Schedule on Friday, September 28th, 2012
Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way)
Opening Ceremony      
HD Moore – The Wild West      
Dan Kaminsky – Black Ops      
Mudge – Cyber Fast Track; from the trenches      
Jayson E. Street – Securing the Internet: YOU’re doing it wrong (An INFOSEC Intervention) Jason Scott – Rescuing The Prince of Persia from the sands of time Dave Marcus – 2FA-Enabled Fraud: Dissecting Operation High Roller Rafal Los – House of Cards
Rob Fuller / Chris Gates – Dirty Little Secrets Part 2 Chris Hadnagy – Nonverbal Human Hacking Rick Farina: The Hacker Ethos meets the FOSS ethostd> Brent Huston – Info overload..Future shock.. IBM & nature of modern crime
Ian Amit – SexyDefense – the red team tore you a new one. Now what? egyp7 – Privilege Escalation with the Metasploit Framework Larry Pesce / Darren Wigley – Hacking Survival: So. You want to compute post-apocalypse? James Arlen – Doubt – Deceit -Deficiency and Decency – a Decade of Disillusionment
Carlos Perez – DNS Reconnaissance Sam Gaudet: Pentesting for non-pentesters…through virtual machines Ryan Linn – Collecting Underpants To Win Your Network Jerry Gamblin: is it time for another firewall or a security awareness program?


Track 1 - Track 4 Schedule on Saturday, September 29th, 2012
Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way)
Skip Duckwall / Chris Campbell – Puff Puff Pass – Getting the most out of your hash Johnny Long – The Evolution of HFC Michael Schearer – Flex your right constituion and political activism in the hacker community Christopher Domas – The future of RE: Dynamic Binary Visualization
Jordan Harbinger – Social Engineering Defense Contractors on LinkedIn and Facebook: Who's plugged into your employees? Dual Core (int0x80) – Moar Anti-Forensics – Moar Louise Eric Smith – Penetration testing from a Hot Tub Time Machine Tom Eston / Kevin Johnson – Social Zombies: Rise of the Mobile Dead
Paul Asadoorian / John Strand – Everything they told me about security was wrong. Bruce Potter – Security Epistemology: Beliefs – Truth – and Knowledge in the Infosec Community Chris Nickerson (ind303) – Tactical Surveillance: Look at me now! KC. Yerrid / Matt Jezorek / Boris Sverdlik (JadedSecurity)- It's not your perimenter. It's you
Zack Fasel – Pwned in 60 Seconds -From Network Guest to Windows Domain Admin Josh More – Pen Testing Security Vendors Jamie Murdock – How to create a one man SOC Deral Heiland -Format String Vulnerabilities 101
Ryan Elkins – Simple Security Defense to thwart an Army of Cyber Ninja Warriors Jason Gunnoe & Chris Centore -Building the next generation IDS with OSINT Branden Miller / Bill Gardner – Building an Awareness and training program Jack Daniel – How Screwed Are We?
atlas: RfCat-subghz or bust Babak Javadi / Keith Howell: 4140 Ways your alarm system can fail Dan Crowley / Chris Vinecombe – Vulnerability Spidey Sense Kellep Charles: Security Vulnerablity Assessments. – Process and best practices
Georgia Weidman – Introducing the Smartphone Pentest Framework Bart Hopper – Hunting Evil Nathaniel Husted –  Everything you always wanted to know about Security Academia (But were too afraid too ask) John Woods – So you got yourself an infosec manager job. Now what?
Gillis Jones – The Badmin Project Benjamin Mauch (Ben0xA) - Creating A Powerful User Defense Against Attackers Bill Sempf – What locksport can teach us about security K.C. Holland (DevAuto) - Personal Darknet or How to get pr0n @ work
Kyle (kos) Osborn – Physical Drive-By Downloads Doug Burks – Security Onion – Network Security monitoring in minutes JP Dunning (.ronin) - The Glitch: Hardware With Hacking Made Easy Tony DeLaGrange / Jason Wood:SH5ARK ATTACK- taking a byte out of HTML5!
Track 1 - Track 4 Schedule on Sunday, September 30th, 2012
Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way)
Matthew Sullivan: Cookie Cadger – taking cookie hijacking to a new level Matt Weeks: Ambush- Catching Intruders at Any Point Joshua Marpet: separating security intelligence from security FUD Steve Werby: Building dictionaries and destroying hashes w/amazon EC2
Stephen Haywood (AverageSecurityGuy) - Introduction to Metasploit Post Exploitation Modules Kevin Mitnick – Ghost in the Wires: The Unbelievable True Story of Kevin Mitnick’s Life as a the World’s Most Wanted Computer Hacker (Waiting For Approval) Raphael Mudge: Dirty Red Team Tricks II David Schuetz (Darth Null) – Slow down cowpoke – When enthusiasm outpaces common sense
Noah Beddome: The devils in the Details-A look at bad SE and how to do better Boris – You Can't Buy Security. Building an Open Sourced Information Security Program (Only got 2 seconds of live video with Boris making an odd noise) Nicolle Neulist: Write your own tools with Python David McGuire: Maturing the Pen Testing Professional
Jay James & Shane MacDougall: Usine McAfee secure/trustguard as attack tools Matt Presson: Building a database security program Chris Jenks: Intro to Linux system hardening Eric Milam: Becoming Mallory
Roamer and Deviant Ollam - Welcome to NinjaTel, press 2 to activate your device now Patrick Tatro: Why isn't everyone pulling security- this is combat Jason Frisvold: Taming Skynet-using the cloud to automate baseline scanning JP Dunning & Chris Silvers: Wielding Katana- A live security suite
Laszlo Toth & Ferenc Spala: Think differently about database hacking Mick Douglas – Sprinkler: IR Matthew Perry: Current trends in computer law Leonard Isham: SE me – SE you


Day 1 Downloads:

Day 2 Downloads:

Day 3 Downloads:


Stable Talks

We did not officially record the Stable Talks this year but Damian Profancik stepped up and volunteered to do it. Big thanks for the recording and editing!

Valerie Thomas: Appearance Hacking 101 - The Art of Everyday Camouflage

Tim Tomes "LanMaSteR53": Next Generation Web Reconnaissance

Thomas Hoffecker: Hack Your Way into a DoD Security Clearance

John Seely CounterSploit MSF as a defense platform

Chris Murrey "f8lerror" & Jake Garlie "jagar": Easy Passwords = Easy Break-Ins

Tyler Wrightson: The Art and Science of Hacking Any Target

Thomas Richards: Android in the Healthcare Workplace

Spencer McIntyre: How I Learned to Stop Worrying and Love the Smart Meter

Shawn Merdinger: Medical Device Security

Rockie Brockway: Business Ramifications of Internet's Unclean Conflicts

Nathan Magniez: Alice in Exploit Redirection Land

Magen Hughes: Are you HIPAA to the Jive

Justin Brown & Frank Hackett: Breaking into Security

Josh Thomas: Off Grid Communications with Android

Jennifer "savagejen" Savage & Daniel "unicorn Furnance": The Patsy Proxy

Jason Pubal: SQL Injection 101

James Siegel: Nice to Meet You

Brett Cunningham: Beyond Strings - Memory Analysis During Incident Response

Gus Fritschie & Nazia Khan: Hacked Hollywood

Evan Anderson: Active Directory Reconnaissance - Attacks and Post-Exploitation

David Young: ISO8583 or Pentesting with Abnormal Targets

David Cowen: Running a Successful Red Team

Damian Profancik: Managed Service Providers - Pwn One and Done

Ben Toews & Scott Behrens: Rapid Blind SQL Injection Exploitation with BBQSQL

Andy Cooper: Why Integgroll Sucks at Python..And You Can Too

Stable Talks can be downloaded from:

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast