A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Derbycon 2014 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2014 Videos

These are the videos of the presentations from Derbycon 2014. Big thanks to my video jockeys Skydog, Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Steven, Branden Miller, Joe, Greg and Night Carnage (and maybe the speakers too I guess).

Track 1 - Track 4 Schedule on Friday, September 26th, 2014
Time Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way)
8:30 – 9:00 Welcome to the Family – Intro      
9:00 – 9:40 Johnny Long (Keynote) – Hackers saving the world from the zombie apocalypse      
9:45 – 10:25 How to Give the Best Pen Test of Your Life (Keynote) – Ed Skoudis      
10:30 – 11:10 Adaptive Pentesting Part Two (Keynote) – Kevin Mitnick and Dave Kennedy      
11:10 – 12:00 Lunch        
12:00 – 12:50 If it fits – it sniffs: Adventures in WarShipping – Larry Pesce Threat Modeling for Realz – Bruce Potter So You Want To Murder a Software Patent – Jason Scott Subverting ML Detections for Fun and Profit – Ram Shankar Siva Kumar – John Walton
1:00 – 1:50 Abusing Active Directory in Post-Exploitation – Carlos Perez A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services – Brent Huston Leonard Isham – Patching the Human Vulns Secrets of DNS – Ron Bowes
2:00 – 2:50 Quantifying the Adversary: Introducing GuerillaSearch and GuerillaPivot -Dave Marcus Red Teaming: Back and Forth – 5ever – Fuzzynop Burp For All Languages – Tom Steele Snort & OpenAppID: How to Build an Open Source Next Generation Firewall – Adam Hogan
3:00 – 3:50 A Year in the (Backdoor) Factory – Joshua Pitts How not to suck at pen testing – John Strand Passing the Torch: Old School Red Teaming – New School Tactics – David McGuire and Will Schroeder GET A Grip on Your Hustle: Glassdoor Exfil Toolkit – Parker Schmitt – Kyle Stone (essobi) – Chris Hodges (g11tch)
4:00 – 4:50 Ball and Chain (A New Paradigm in Stored Password Security) – Benjamin Donnelly and Tim Tomes Mainframes – Mopeds and Mischief; A PenTesters Year in Review – Tyler Wrightson I Am The Cavalry: Year [0] – Space Rogue and Beau Woods DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model? – Tony Cargile
5:00 – 5:50 Et tu – Kerberos? – Christopher Campbell The Multibillion Dollar Industry That's Ignored – Jason Montgomery and Ryan Sevey University Education In Security Panel – Bill Gardner (@oncee) – Ray Davidson – Adrian Crenshaw – Sam Liles – Rob Jorgensen Exploiting Browsers Like A Boss w/ WhiteLightning! – Bryce Kunz
6:00 – 6:50 Advanced Red Teaming: All Your Badges Are Belong To Us – Eric Smith Code Insecurity or Code in Security – Mano 'dash4rk' Paul What happened to the 'A'? – How to leverage BCP/DR for your Info Sec Program – Moey Real World Intrusion Response – Lessons from the Trenches – Katherine Trame and David Sharpe
7:00 – 7:50 Bypassing Internet Explorer's XSS Filter – Carlos Munoz C3CM: Defeating the Command – Control – and Communications of Digital Assailants – Russ McRee Securing Your Assets from Espionage – Stacey Banks Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed – David McCartney
Track 1 - Track 4 Schedule on Saturday, September 27th, 2014
Time Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way)
9:00 – 9:50 Interceptor: A PowerShell SSL MITM Script – Casey Smith Attack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields – Eve Adams and Johnny Xmas Hackers Are People Too – Amanda Berlin (Infosystir) Making Mongo Cry-Attacking NoSQL for Pen Testers – Russell Butturini
10:00 – 10:50 Egypt – More New Shiny in the Metasploit Framework How to Secure and Sys Admin Windows like a Boss. – Jim Kennedy Ethical Control: Ethics and Privacy in a Target-Rich Environment – Kevin Johnson and James Jardine Step On In – The Waters Fine! – An Introduction To Security Testing Within A Virtualized Environment – Tom Moore
11:00 – 12:00 LUNCH BREAK!      
12:00 – 12:50 All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches – Valerie Thomas and Harry Regan Red white and blue. Making sense of Red Teaming for good. – Ian Amit The Road to Compliancy Success Plus Plus – James Arlen Give me your data! Obtaining sensitive data without breaking in – Dave Chronister
1:00 – 1:50 The Human Buffer Overflow aka Amygdala Hijacking – Christopher Hadnagy Around the world in 80 Cons – Jayson E. Street Are You a Janitor – Or a Cleaner – "John Stauffacher and Matt Hoy Third Party Code: FIX ALL THE THINGS – Kymberlee Price – Jake Kouns
2:00 – 2:50 Shellcode Time: Come on Grab Your Friends – Wartortell Mirage – Next Gen Honeyports – Adam Crompton and Mick Douglas Practical PowerShell Programming for Professional People – Ben Ten (Ben0xA) Just What The Doctor Ordered? – Scott Erven
3:00 – 3:50 The Internet Of Insecure Things: 10 Most Wanted List – Paul Asadoorian They touched you WHERE? When trusting a security questionnaire isn't enough! – Erin Jacobs & Zack Fasel (not posted) GROK – atlas Powershell Drink the Kool-Aid – Wayne Pruitt – Zack Wojton
4:00 – 4:50 DDoS Botnet: 1000 Knives and a Scalpel! – Josh Abraham Active Directory: Real Defense for Domain Admins – Jason Lang How building a better hacker accidentally built a better defender – Casey Ellis powercat – Mick Douglas
5:00 – 5:50 wifu^2 – Cameron Maerz The Wireless World of the Internet of Things – JP Dunning ".ronin" Exploring Layer 2 Network Security in Virtualized Environments – Ronny L. Bull – Dr. Jeanna N. Matthews Macro Malware Lives! – Putting the sexy back into MS-Office document macros – Joff Thyer
6:00 – 6:50 Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades – Tim Medin NO TALK (SETUP) Hardware Tamper Resistance: Why and How? – Ryan Lackey Girl… Fault Interrupted – Maggie Jauregui
Stable Talks on Saturday, September 27th, 2014
Time Stable Talks
9:00 – 9:25 Human Trafficking in the Digital Age – Chris Jenks
9:30 – 9:55 Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP – Nathaniel Husted
10:00 – 10:25 How to Stop a Hack – Jason Samide
10:30 – 10:55 We don't need no stinking Internet. – Greg Simo
11:00 – 11:25 Lunch
11:30 – 11:55 Lunch
12:00 – 12:25 Hacking the media for fame and profit - Jen Ellis and Steve Ragan
12:30 – 12:55 Rafal Los – Things Being a New Parent of Twins Teaches You About Security
1:00 – 1:25 ZitMo NoM – David Schwartzberg
1:30 – 1:55 Penetrate your OWA – Nate Power
2:00 – 2:25 RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours – Lucas Morris – Adam Zamora
2:30 – 2:55 Interns Down for What? – Tony Turner
3:00 – 3:25 i r web app hacking (and so can you!) – Brandon Perry
3:30 – 3:55 Building a Modern Security Engineering Organization – Zane Lackey
4:00 – 4:25 Information Security Team Management: How to keep your edge while embracing the dark side – Stephen C Gay
4:30 – 4:55 5min web audit: Security in the startup world – Evan Johnson
5:00 – 5:25 Project SCEVRON: SCan EVrything with ruby RONin – Derek Callaway
5:30 – 5:55 Soft Skills for a Technical World - Justin Herman
6:00 – 6:25 Gone in 60 minutes a Practical Approach to Hacking an Enterprise with Yasuo – Saurabh Harit and Stephen Hall
6:30 – 6:55 Snarf – Capitalizing on Man-in-the-Middle – Victor Mata – Josh Stone
7:00 – 7:25 Electronic locks in firearms – Oh My! – Travis Hartman
7:30 – 7:55  
Extra The Achilles Heel Of The American Banking System - Brandon Henery and Andy Robins
Track 1 - Track 4 Schedule on Sunday, September 28th, 2014
Time Track 1 (Break Me) Track 2 (Fix Me) Track 3 (Teach Me) Track 4 (The 3-Way)
9:00 – 9:50 Introducing Network-Scout: Defending The Soft Center of Your Network – Bill "oncee" Gardner – Aaedan SomerVille – Shawn Jordan Open Source Threat Intelligence: Developing a Threat intelligence program using open source tools and public sources – Edward McCabe Analyzing Weak Areas of the Federal Cloud Security Program – Vinny Troia Surviving until Dawn – Bart Hopper (Microphone was off, Bart recorded a new version for me)
10:00 – 10:50 Getting Windows to Play with Itself: A Pen Testers Guide to Windows API Abuse – Brady Bloxham Once upon a time… (InfoSec History 101) – Jack Daniel Proactive Application Security – Karthik Rangarajan A Bug or Malware? Catastrophic consequences either way. – Benjamin Holland and Suresh Kothari
11:00 – 12:00 Lunch      
12:00 – 12:50 (Offensive) Safe Words – Exploiting a Bad Dom(admins) – Nathan Magniez (Not recorded) Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 – Dominic White Chicken of the APT: Understanding Targeted Attackers with Incubation! – Kyle Wilhoit It's Not Easy Being Purple – Bill Gardner – Valerie Thomas – Amanda Berlin – Eric Milam – Brandon McCann – Royce Davis
1:00 – 1:50 Protocol Me Maybe? How to Date SCADA – Stephen Hilt Single Chip Microcontrollers: Beyond Arduino – Tharon Hall Bending and Twisting Networks – Paul Coggins Control Flow Graph Based Virus Scanning – Douglas Goddard
2:00 – 2:50 Attacks and Countermeasures: Advanced Network Traffic Manipulation – Matt Kelly and Ryan Reynolds Building Better Botnets with IPv6 – Code24 Bridging the gap between red and blue – Dave Kennedy and Jamie Murdock Ok – so you've been pwned – now what? – Jim Wojno
3:00 – 3:50 What to expect when you're expecting…a pentest – Martin Bos and Eric Milam Bad Advice – Unintended Consequences and Broken Paradigms. Think && Act Different! – Steve Werby CMS Hacking Tricks – Greg Foss Everybody gets clickjacked: Hard knock lessons on bug bounties – Jonathan Cran
4:00 – 4:50 Rafal Los – Things Being a New Parent of Twins Teaches You About Security -> Moved to Stable Simple Network Management Pwnd – Deral Heiland and Matthew Kienow Advanced Incident Response with Bro – Liam Randall (@hectaman) Are you a Beefeater – focused on protecting your crown jewels? – Jack Nichelson
5:00 – 5:30 Closing Ceremonies      
Stable Talks on Sunday, September 28th, 2014
Time Stable Talks
9:00 – 9:25 Dolla Dolla Bump Key – Chris Sistrunk
9:30 – 9:55 What Dungeons & Dragons Taught Me About INFOSEC – Joey Maresca (l0stkn0wledge)
10:00 – 10:25 Gender Differences in Social Engineering: Does Sex Matter? – Shannon Sistrunk – Will Tarkington
10:30 – 10:55 Introduction to System Hardening – Eddie David
11:00 – 11:25 Lunch
11:30 – 11:55 Lunch
12:00 – 12:25 Hacking your way into the APRS Network on the Cheap – Mark Lenigan
12:30 – 12:55 Building a Web Application Vulnerability Management Program – Jason Pubal
1:00 – 1:25 Fighting Back Against SSL Inspection – or How SSL Should Work – Jacob Thompson
1:30 – 1:55 Physical Security: From Locks to Dox – Jess Hires
2:00 – 2:25 Am I an Imposter? – Warren Kopp
2:30 – 2:55 Call of Community: Modern Warfare – Ben Ten and Matt Johnson
3:00 – 3:25 The Canary in the Cloud – Scot Bernerv
3:30 – 3:55 Defensive talks NOT sexy? Whats sexier than catching an attack like Target – APT – SET or your Pen Tester? Let me show you some sexy logging – Michael Gough (did not happen?)

 

 

Download videos from:
https://archive.org/details/derbycon4

 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast