A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Derbycon 2013 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2013 Videos

Videos of presentations from Derbycon 2013. Big thanks to my video jockeys Robin, ladymerlin, Jennifer, Sabrina, Reid, Skydog, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, MadMex, Joey, Steven, Sara, Branden Miller and Night Carnage (and maybe the speakers too I guess).

Intro

 

Track 1 - Track 5 Schedule on Friday, September 27th, 2013
Time Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way) Track 5 – Hybrid Room
8:30 – 9:00 Intro (see above)        
9:00 – 9:50 Scanning Darkly – HD Moore (keynote)        
10:00 – 10:50 Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World – Ed Skoudis (keynote)        
11:00 – 12:00 Lunch        
12:00 – 12:50 Look Ma – No Exploits! – The Recon-ng Framework – Tim “LaNMaSteR53? Tomes Cognitive Injection: Reprogramming the Situation-Oriented Human OS – Andy Ellis It's Only a Game: Learning Security through Gaming – Bruce Potter Pigs Don’t Fly – Why owning a typical network is so easy – and how to build a secure one. – Matt “scriptjunkie” Weeks Building An Information Security Awareness Program from Scratch – Bill Gardner – Valerie Thomas
1:00 – 1:50 Practical Exploitation Using A Malicious Service Set Identifier (SSID) – Deral Heiland IOCAware – Actively Collect Compromise Indicators and Test Your Entire Enterprise – Matt Jezorek and Dennis Kuntz Ooops – Now What? :: The Stolen Data Impact Model (SDIM) – Brent Huston Finding The Signal in the Noise: Quantifying Advanced Malware – Dave Marcus Malware : testing malware scenarios on your network – Tony Huffman (@myne_us) – Juan Cortes (@kongo_86)
2:00 – 2:50 JTAGulator: Assisted discovery of on-chip debug interfaces – Joe Grand Cash is King: Who’s Wearing Your Crown? – Tom Eston and Spencer McIntyre Anti-Forensics: Memory or something – I forget. – int0x80 Applying the 32 Zombieland Rules to IT Security – Larry Pesce Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies – John Moore “Rabid Security”
3:00 – 3:50 Seeing red in your future? – Ian Iamit Security Sucks – and You’re Wearing a Nursing Bra – Paul Asadoorian The Mysterious Mister Hokum – Jason Scott Windows 0wn3d By Default – Mark Baggett Tizen Security: Hacking the new mobile OS – Mark Manning (AntiTree)
4:00 – 4:50 TMI: How to attack SharePoint servers and tools to make it easier – Kevin Johnson and James Jardine Windows Attacks: AT is the new black – Rob Fuller and Chris Gates Appsec Tl;dr – Gillis Jones Android 4.0: Ice Cream “Sudo Make Me a” Sandwich – Max Sobell RAWR – Rapid Assessment of Web Resources – Adam Byers – Tom Moore
5:00 – 5:50 The High Risk of Low Risk Applications – conrad reynolds How Good is Your Phish – @sonofshirt DIY Command & Control For Fun And *No* Profit – David Schwartzberg Hiding @ Depth – Exploring – Subverting and Breaking NAND Flash memory – Josh “m0nk” Thomas (seems to have been lost, sorry) Decoding Bug Bounty Programs – Jon Rose
6:00 – 6:50 It’s Okay to Touch Yourself – Ben Ten (Ben0xA) Identifying Evil: An introduction to Reverse Engineering Malware and other software – Bart ‘d4ncind4n’ Hopper IPv6 is here (kind of) – what can I do with it? – Dan Wilkins Attacking the Next Generation Air Traffic Control System; Hackers – liquor and commercial airliners. – Renderman Patching Windows Executables with the Backdoor Factory – Joshua Pitts
7:00 – 7:50 Collaborative Penetration Testing With Lair – Tom Steele and Dan Kottmann How Im going to own your organization in just a few days. – RazorEQX Dancing With Dalvik – Thomas Richards Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) – Trenton Iveys Jason Scott – Defcon Documentary Q&A
7:50-Whenever          

 

Stable Talks on Friday, September 27th, 2013
Time Stable Talks
12:00 – 12:25 Gen Y:Getting Them to Talk Rather than Text at Work – Nancy Kovanic
12:30 -12:55 Battle Scars And Friendly Fire: Threat Research Team War Stories – Will Gragido and Seth Geftic
1:00 -1:25 Unmasking Miscreants – Allixon Nixon – Brandon Levene
1:30 – 1:55 gitDigger: Creating useful wordlists from public GitHub repositories – Jaime Filson (WiK)
2:00 – 2:25 PowerShell and Windows Throw the Best Shell Parties – Piotr Marszalik
2:30 – 2:55 Owning Computers Without Shell Access – Royce Davis
3:00 – 3:25 Sixnet Tools: for poking at Sixnet Things – Mehdi Sabraoui
3:30 – 3:55 Promoting Your Security Program Like A Lobbyist. – Jerry Gamblin (Did not take place?)
4:00 – 4:25 Abusing LFI-RFI for Fun – Profit and Shells – Francis Alexander  (Did not take place?)
4:30 – 4:55 Hardening Windows 8 apps for the Windows Store – Bill Sempf
5:00 – 5:25 Intro to Dynamic Access Control in Windows Server 2012 – Evan Anderson
5:30 – 5:55 Evolutionary Security – Embracing Failure to Attain “Good Enough” – Josh More
6:00 – 6:25 DIY Forensics: When Incident Response Morphs into Digital Forensics – John Sammons
6:30 – 6:55 ANOTHER Log to Analyze – Utilizing DNS to Discover Malware in Your Network – Nathan Magniez
7:00 – 7:25  
7:30 – 7:55  

 

Track 1 - Track 5 Schedule on Saturday, September 28th, 2013
Time Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way) Track 5 – Hybrid Room
9:00 – 9:50 Malware Automation – Christopher Elisan Pass-The-Hash 2: The Admin’s Revenge – Skip Duckwall and Chris Campbell Big Hugs for Big Data – Davi Ottenheimer Hello ASM World: A Painless and Contextual Introduction to x86 Assembly – nicolle neulist (rogueclown) Panel: Building and Growing a Hacker Space – Joey Maresca – Dave Marcus – Nick Farr – SkyDog
10:00 – 10:50 What’s common in Oracle and Samsung? They tried to think differently about crypto. – L·szlÛ TÛth – Ferenc Spala The Cavalry Is Us: Protecting the public good and our profession – Josh Corman Antivirus Evasion: Lessons Learned – thelightcosine SQL injection with sqlmap – Conrad Reynolds CISA SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. – Jacob Holcomb
11:00 – 12:00 Lunch        
12:00 – 12:50 Burning the Enterprise with BYOD – Georgia Weidman Love letters to Frank Abagnale (How do I pwn thee let me count the ways) – Jayson E. Street Jared DeMott – Is Auditing C/C++ Different Nowadays? The Internet of Things: Vulns – Botnets and Detection – Kyle Stone (@essobi) – Liam Randall Put Me In Coach: How We Got Started In Infosec – pr1me – Chris “g11tch” Hodges – Frank Hackett – Dave “ReL1K” Kennedy
1:00 – 1:50 Getting the goods with smbexec – Eric Milam(brav0hax) and Martin Bos (purehate) The Message and The Messenger – James Arlen Getting Schooled: Security with no budget in a hostile environment – Jim Kennedy The Malware Management Framework – a process you can use to find advanced malware. We found WinNTI with it! – Michael Gough and Ian Robertson Alice Goes Deeper (Down the Rabbit Hole) – Redirection 2.0 – Nathan Magniez
2:00 – 2:50 Shattering the Glass: Crafting Post Exploitation Tools with PowerShell – Matt Johnson 50 Shades of RED: Stories from the "Playroom" – Chris Nickerson Browser Pivoting (FU2FA) – Raphael Mudge Hack the Hustle! – Eve Adams Emergent Vulnerabilities: What ant colonies – schools of fish – and security have in common. – Nathaniel “Dr. Whom” Husted
3:00 – 3:50 Cheat Codez: Level UP Your SE Game – Eric Smith Beyond Information Warfare “You Ain’t Seen Nothing Yet” – Winn Schwartau Taking the BDSM out of PCI-DSS Through Open-Source Solutions – Zack Fasel & Erin “SecBarbie” Jacobs Operationalizing Security Intelligence in the Enterprise- Rafal Los Why Your IT Bytes – Frank J. Hackett
4:00 – 4:50 My Experiments with truth: a different route to bug-hunting – Devesh Bhatt (seems to have been lost, sorry) Stop Fighting Anti-Virus – Integgroll John Strand – Hacking Back – Active Defense and Internet Tough Guys New Shiny in the Metasploit Framework – egypt Using Facial Recognition Software In Digital Forensics And Information Security – Brian Lockrey
5:00 – 5:50 The Art and Science of Hacking Any Organization – Tyler Wrightson Setup An Encyclpwnia of Persistence – Skip Duckwall & Will Peteroy Everything you ever wanted to know on how to start a Credit Union – but were afraid to ask. – Jordan Modell How to Fight a War Without Actually Starting One – Brendan O’Connor
6:00 – 6:50 Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation – Christopher Campbell & Matthew Graeber Setup Your Turn! – Johnny Long – HFC A developer’s guide to pentesting – Bill Sempf Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography – Nancy Snoke
8:00PM – TBD DerbyCon Cake Contest – Kentucky Room
Other events: The Cavalry Meetup "Constitutional Congress"- starts at 12PM at the Bellmonte and runs until Sunday (all day)
 

Stable Talks on Saturday, September 28th, 2013

Time Stable Talks
9:00 – 9:25 Phishing Frenzy: 7 seconds from hook to sinker – Brandon <zeknox> McCann
9:30 – 9:55 Electronic Safe Fail: Common Vulnerabilities in Electronic Safes – Jeff Popio
10:00 – 10:25 The Good Samaritan Identity Protection Project ñ www.thegsipp.org – Zack Hibbard – Chris Brown and Jon Sternstein
10:30 – 10:55 Some defensive ideas from offensive guys. – Justin Elze and Robert Chuvala
11:00 – 11:25 Lunch
11:30 – 11:55 Lunch
12:00 – 12:25 Raising Hacker Kids: For Good or for Awesome – Joseph Shaw (Did not take place?)
12:30 -12:55 OPEN
1:00 -1:25 Grim Trigger – Jeff “ghostnomad” Kirsch
1:30 – 1:55 Stealth servers need Stealth Packets – Jaime Sanchez (Did not take place?)
2:00 – 2:25 A n00bie’s perspective on Pentesting… – Brandon Edmunds
2:30 – 2:55 My Security is a Graph – Your Argument is Invalid – Gabriel Bassett
3:00 – 3:25 Follow the Foolish Zebras: Finding Threats in Your Logs – Chris Larsen
3:30 – 3:55 Security Training and Research Cloud (STRC) – Jimmy Murphy
4:00 – 4:25 Passive Aggressive Defense – Jason Clark
4:30 – 4:55 So you want to be a pentester? – Raymond Gabler
5:00 – 5:25 Digital Energy – BPT – Paul Coggin
5:30 – 5:55 An Anti-Forensics Primer – Jason Andress
6:00 – 6:25 What if Petraeus was a hacker? Email privacy for the rest of us – Phil Cryer (@faker)
6:30 – 6:55 First line of defense – Greg Simo (Did not take place?)
7:00 – 7:25  
7:30 – 7:55  
Track 1 - Track 5 Schedule on Sunday, September 29th, 2013
Time Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way)
9:00 – 9:50 Cracking Corporate Passwords – Exploiting Password Policy Weaknesses – Minga / Rick Redman How the Grid Will Be Hacked – Josh Axelrod and Matt Davis Practical File Format Fuzzing – Jared Allar Steal All of the Databases. – Alejandro Caceres
10:00 – 10:50 Ownage From Userland: Process Puppeteering – Nick Cano help for the helpdesk – Mick Douglas   After SS7 its LTE – Ankit Gupta (Did not take place?)
11:00 – 12:00 Lunch        
12:00 – 12:50 ) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniquesí)%00 – Roberto Salgado Weaponizing your Coffee Pot – Daniel Buentello How can I do that? Intro to hardware hacking with an RFID badge reader – Kevin Bong Sandboxes from a pen tester’s view – Rahul Kashyap
1:00 – 1:50 Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network – SOLOMON SONYA and NICK KULESZA Practical OSINT – Shane MacDougall (NOTE THAT THIS IS AN ADULT ONLY TALK – 18+ or older) A SysCall to ARMs – Brendan Watters iOS Reverse #=> iPWn Apps – Mano ‘dash4rk’ Paul
2:00 – 2:50 Phishing Like The Pros – Luis “Connection” Santana Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) – Jack D. Nichelson The Netsniff-NG Toolkit – Jon Schipp Terminal Cornucopia – Evan “treefort” Booth
3:00 – 3:50 Raspberry Pi – Media Centers – and AppleTV – David Schuetz Uncloaking IP Addresses on IRC – Derek Callaway Why Dumpster Dive when I can pwn right in? – Terry Gold Wait; How is All This Stuff Free?!? – Gene Bransfield
4:00 – 4:50 Closing Ceremonies (See Below)        

Closing

 

Extras:
Are You Smarter Than A CISSP?

Pwn Pad Class (Sorry, tons of AV problems)

Download videos from:
https://archive.org/details/DerbyCon3.01101Intro
Re-Muxed so they work with more devices and Archive.org will transcode them:
https://archive.org/details/DerbyCon3.0FixedMux

 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast