A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Derbycon 2017 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2017 Videos

These are the videos of the presentations from Derbycon 2017. Big thanks to my video jockeys Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, nightcarnage, Evan Davison, Tim Sayre, Morgan, Ben Pendygraft, Steven (SciaticNerd), Cory Hurst, Sam Bradstreet, MadMex, Curtis Koenig, Jonathan Zentgraf, James Hurst, Paint27, Chris, Lenard.

Keynotes and Such


Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research
Matt Graeber

I had my mom break into a prison, then we had pie.
John Strand

Closing Ceremonies

Track 1

So you wanna be a Social Engineer?
Christopher Hadnagy

Here Be Dragons: The Unexplored Land of Active Directory ACLs
Andy Robbins & Will Schroeder & Rohan Vazarkar

Game of Meat
John Cramb (ceyx) & Josh Schwartz (FuzzyNop)

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion &a Detection (@('Tech','niques') -Join'')
Daniel Bohannon

PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
Ryan Cobb

An ACE in the Hole: Stealthy Host Persistence via Security Descriptors
Lee Christensen & Matt Nelson & Will Schroeder

War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
Dr. Jared DeMott

Return From The Underworld - The Future Of Red Team Kerberos
Jim Shaver & Mitchell Hennigan

Memory-Based Library Loading: Someone Did That Already.
Casey Rosini

Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)
Marcello Salvati

Modern Evasion Techniques
Jason Lang

FM, and Bluetooth, and Wifi... Oh My!
Aaron Lafferty

Detect Me If You Can
Ben Ten

Full-Contact Recon
int0x80 (of Dual Core) & savant

Not a Security Boundary: Bypassing User Account Control
Matt Nelson

Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.
Stephen Hilt & Lord Alfred Remorin

Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences
John Toterhi

Evading Autoruns
Kyle Hanslovan & Chris Bisnett

MitM Digital Subscriber Lines
Marcus Gruber & Marco Lux

Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools
John Dunlap

Track 2

Further Adventures in Smart Home Automation: Honey, Please Don’t Burn Down Your Office
Ed Skoudis

Securing Windows with Group Policy
Josh Rickard

Defending against PowerShell Attacks
Lee Holmes

CredDefense Toolkit
Beau Bullock & Brian Fehrman & Derek Banks

Steel Sharpens Steel: Using Red Teams to improve Blue Teams
Christopher Payne
(Not recorded)

Introducing DeepBlueCLI v2, now available in PowerShell and Python
Eric Conrad

Run your security program like a boss / practical governance advice
Justin Leapline & Rockie Brockway

JReFrameworker: One Year Later
Benjamin Holland

Hidden Treasure: Detecting Intrusions with ETW
Zac Brown

How to Hunt for Lateral Movement on Your Network
Ryan Nolette

Kali Linux?
Johnny Long

Common Assessment Mistakes Pen Testers and Clients Should Avoid
Brent White & Tim Roberts

Everything I Need To Know About Security I Learned From Watching Kung Fu Movies
Paul Asadoorian

Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Lee Holmes & Daniel Bohannon

Reverse Engineering Hardware via the HRES
Timothy Wright

IDAPython: The Wonder Woman of Embedded Device Reversing
Maddie Stone

Love is in the Air - DFIR and IDS for WiFi Networks
Lennart Koopmann

Going Deep and Empowering Users - PCAP Utilities and Combating Phishing in a new way
Joseph M Siegmann

We're going on a Threat Hunt, Gonna find a bad-guy.
Todd Sanders

Track 3

When to Test, and How to Test It
Bruce Potter

A New Take at Payload Generation: Empty-Nest
James Cook, Tom Steele

VMware Escapology: How to Houdini The Hypervisor
AbdulAziz Hariri & Joshua Smith

3rd Annual Metasploit Townhall
David "thelightcosine" Maloney & Spencer "ZeroSteiner" McIntyre & Brent Cook & James "Egyp7" Lee

Purpose Driven Hunt: What do I do with all this data?
Jared Atkinson & Robby Winchester

DanderSpritz: How the Equation Group's 2013 tools pwn in 2017
Francisco Donoso

Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
Matt Swann

Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
Waylon Grange

To Catch a Spy
Tyler Hudak

Rapid Incident Response with PowerShell
Mick Douglas

Windows Rootkit Development: Python prototyping to kernel level C2
R.J. McDown

Peekaboo! I Own You. Owning Hundreds of Thousands Vulnerable Devices with only two HTTP packets
Amit Serper

Burping for Joy and Financial Gain
Tim "lanmaster53" Tomes

POP POP RETN ; An Introduction to Writing Win32 Shellcode
Christopher Maddalena

What A Long Strange Trip It’s Been
Jim Nitterauer

Game On! Using Red Team to Rapidly Evolve Your Defenses
Joff Thyer & Pete Petersen

Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match
Joshua Corman & Christian Dameff MD MS & Jeff Tully MD & Beau Woods

Windows Event Logs -- Zero 2 Hero
Nate Guagenti & Adam Swan

Gone In 59 Seconds - High Speed Backdoor Injection via Bootable USB
Piotr Marszalik & Michael Wrzesniak

SniffAir - An Open-Source Framework for Wireless Security Assessments
Matthew Eidelberg

Become the Puppet Master - the battle of cognition between man and machine
Michael Robinson & Joseph Oney

Track 4

How to Measure Your Security: Holding Security Vendors Accountable
Winn Schwartau & Mark Carney

How we accidentally created our own RAT/C2/Distributed Computing Network
Adam Compton & Bill Harshbarger

Active Defense for web apps
Grid (aka Scott M)

IoT Security -" Executing an Effective Security Testing Process
Deral Heiland

Fileless Malware - The New "Cyber"
Edmund Brumaghin & Colin Grady

Hunting Lateral Movement for Fun and Profit
Mauricio Velazco

(Mostly) Free Defenses Against the Phishing Kill Chain
Schuyler Dorsey

Advanced Threat Hunting
Robert Simmons

CHIRON - Home based ML IDS
Rod Soto & Joseph Zadeh

Blue Team Keeping Tempo with Offense
Casey Smith & Keith McCammon

Data Mining Wireless Survey Data with ELK
Matthew Verrette

How to KickStart a Drone Jailbreaking Scene
by Kevin Finisterre

Web Application testing - approach and cheating to win
Jim McMurry & Lee Neely & Chelle Clements

When IoT Research Matters
Mark Loveless

I want my EIP
Mike Saunders

Would You Like To Play A Game: A Post Exploitation Journey in to z/OS
Philip Young aka Soldier of FORTRAN

EDR, ETDR, Next Gen AV is all the rage, so why am I enraged?
Michael Gough

Kinetic to Digital: Terrorism in the Digital Age
Kyle Wilhoit

Hacking Blockchains
Aaron Hnatiw

Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags
Tim MalcomVetter

Stable Talks

Eye on the Prize - a Proposal for the Legalization of Hacking Back
Adam Hogan

Building Better Backdoors with WMI
Alexander Leary

Beyond xp_cmdshell: Owning the Empire through SQL Server
Alexander Leary & Scott Sutherland

Bots, Trolls, and Warriors: The Modern Adversary Playbook
Andrea Little Limbago

DFIR Redefined
Russ McRee

Building Google for Criminal Enterprises
Anthony Russell

V!4GR4: Cyber-Crime, Enlarged
Koby Kilimnik

The skills gap: how can we fix it?
Bill Gardner

Extending Burp
Carl Sampson

Shellcode Via VBScript/JScript Implications
Casey Smith

Retail Store/POS Penetration Testing
Daniel Brown

Improv Comedy as a Social Engineering Tool
Dave Mattingly

How to safely conduct shenanigans
Evil_Mog & Renderman

The .NET Inter-Operability Operation
James Forshaw

A presentation or presentations because... presenting
Jason Blanchard

Personalities disorders in the infosec community
Jenny Maresca

Purple team FAIL!
Jason Morrow

Architecture at Scale - Save time. Reduce spend. Increase security.
Ryan Elkins

Building a full size CNC for under $500
Justin Herman

Python Static Analysis
Spencer J McIntyre

The Trap House: Making your house as paranoid as you are.
Jonathan Echavarria & David E. Switzer

Hunting for Memory-Resident Malware
Joe Desimone

C2 Channels - Creative Evasion
Justin Wilson

Reaching Across the Isle: Improving Security Through Partnership
Kevin Gennuso

Out With the Old, In With the GNU

Tracing Adversaries: Detecting Attacks with ETW
Matt Hastings & Dave Hull

The Current State of Security, an Improv-spection
Sean Metcalf & Nick Carr

I Survived Ransomware . . . TWICE
Matthew Perry

Drone Delivered Attack Platform (DDAP)
Michael Collins

Mobile APTs: A look at nation-state attacks and techniques for gathering intelligence from military and civilian devices
Michael Flossman

MacOS host monitoring - the open source way
Michael George

Statistics on 100 million secrets: A look at recent password dumps

Hacking VDI, Recon and Attack Methods
Patrick Coble

Smart toys ain't that Smart, when Insecure!
Reuben Paul

Introducing SpyDir - a BurpSuite Extension
Ryan Reid

Phishing for You and Your Grandma!
Sarah Norris

Regular Expressions (Regex) Overview
Matt Scheurer

Securing Your Network: How to Prevent Ransomware Infection
Jonathan Broche & Alton Johnson

Diary of a Security Noob
TJ Toterhi

Spy vs. Spy - Tip from the trenches for red and blue teams
Tom McBee & Jeff McCutchan

changeme: A better tool for hunting default creds
Zach Grace



15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast