Adrian

Welcome & Opening Remarks
BsidesRDU Staff

Keynote from Shahid Buttar, EFF Director Of Grassroots Advocacy
Shahid Buttar

Approaching Parity: Considerations for adapting enterprise monitoring and incident response (IR) capabilities for efficacy in cloud environments, and how to operationalize these capabilities with a playbook.
Matt

Movement After Initial Compromise
SleepZ3R0 and HA12TL3Y

Our Docker app got hacked. Now what?
Joel Lathrop

Sky-high IR - IR at Cloud Scale
@aarondlancaster

When it rains it pours
Sam Granger

Rise of the Advisor
Neal Humphrey

No Network Needed?!?!
Ron Burkett

WarGames
Justin Hoeckle

Opening

How to influence security technology in kiwi underpants
Benjamin Delpy

Panel Discussion - At a Glance: Information Security
Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy

Red Teaming gaps and musings
Samuel Sayen

A Process is No One: Hunting for Token Manipulation
Jared Atkinson, Robby Winchester

Fuzz your smartphone from 4G base station side
Tso-Jen Liu

Clippy for the Dark Web: Looks Like You're Trying to Buy Some Dank Kush, Can I Help You With That?
Emma Zaballos

Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
Joe Rozner

Escoteric Hashcat Attacks
Evilmog

RFID Luggage Tags, IATA vs Real Life
Daniel Lagos

#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection
Carl Alexander

Maintaining post-exploitation opsec in a world with EDR
Michael Roberts, Martin Roberts

Hey! I found a vulnerability - now what?
Lisa Bradley, CRob

Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov

Ridesharks
Kaleb Brown

IRS, HR, Microsoft and your Grandma: What they all have in common
Christopher Hadnagy, Cat Murdock

#LOLBins - Nothing to LOL about!
Oddvar Moe

Everything Else I Learned About Security I Learned From Hip-Hop
Paul Asadoorian

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Android App Penetration Testing 101
Joff Thyer, Derek Banks

Draw a Bigger Circle: InfoSec Evolves
Cheryl Biswas

I Can Be Apple, and So Can You
Josh Pitts

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
Sean Metcalf

MS17-010?
zerosum0x0

The Unintended Risks of Trusting Active Directory
Lee Christensen, Will Schroeder, Matt Nelson

Lessons Learned by the WordPress Security Team
Aaron D. Campbell

IronPython... omfg
Marcello Salvati

Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow
Walter Legowski

When Macs Come Under ATT&CK
Richie Cyrus

Abusing IoT Medical Devices For Your Precious Health Records
Saurabh Harit, Nick Delewski

Detecting WMI exploitation
Michael Gough

Gryffindor | Pure JavaScript, Covert Exploitation
Matthew Toussain

Instant Response: Making IR faster than you thought possible!
Mick Douglas, Josh Johnson

The History of the Future of Cyber-Education
Winn Schwartau

State of Win32k Security: Revisiting Insecure design
Vishal Chauhan

Offensive Browser Extension Development
Michael Weber

Protect Your Payloads: Modern Keying Techniques
Leo Loobeek

Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device
Nancy Snoke, Phoenix Snoke

Tales From the Bug Mine - Highlights from the Android VRP
Brian Claire Young

Decision Analysis Applications in Threat Analysis Frameworks
Emily Shawgo

Threat Intel On The Fly
Tazz

Make Me Your Dark Web Personal Shopper!
Emma Zaballos

Driving Away Social Anxiety
Joey Maresca

Off-grid coms and power
Justin Herman

CTFs: Leveling Up Through Competition
Alex Flores

Extending Burp to Find Struts and XXE Vulnerabilities
Chris Elgee

Introduction to x86 Assembly
DazzleCatDuo

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

Brutal Blogging - Go for the Jugular
Kate Brew

RID Hijacking: Maintaining Access on Windows Machines
Sebastian Castro

Your Training Data is Bad and You Should Feel Bad
Ryan J. O'Grady

So many pentesting tools from a $4 Arduino
Kevin Bong, Michael Vieau

Building an Empire with (Iron)Python
Jim Shaver

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
Amit Serper, Niv Yona, Yuval Chuddy

How to test Network Investigative Techniques(NITs) used by the FBI
Dr. Matthew Miller

Cloud Computing Therapy Session
Cara Marie, Andy Cooper

Silent Compromise: Social Engineering Fortune 500 Businesses
Joe Gray

Dexter: the friendly forensics expert on the Coinbase security team
Hayden Parker

Going on a Printer Safari - Hunting Zebra Printers
James Edge

Hardware Slashing, Smashing, and Reconstructing for Root access
Deral Heiland

App-o-Lockalypse now!
Oddvar Moe

Web App 101: Getting the lay of the land
Mike Saunders

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Daniel Bohannon

WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids
Chris Sistrunk, Krypt3ia, SynAckPwn

Just Let Yourself In
David Boyd

A "Crash" Course in Exploiting Buffer Overflows (Live Demos!)
Parker Garrison

Living in a Secure Container, Down by the River
Jack Mannino

VBA Stomping - Advanced Malware Techniques
Carrie Roberts, Kirk Sayre, Harold Ogden

Media hacks: an Infosec guide to dealing with journalists
Sean Gallagher, Steve Ragan, Paul Wagenseil

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs
Arian Evans

Perfect Storm: Taking the Helm of Kubernetes
Ian Coldwater

How to put on a Con for Fun and (Non) Profit
Benny Karnes, John Moore, Rick Hayes, Matt Perry, Bill Gardner, Justin Rogosky, Mike Fry, Steve Truax

Web app testing classroom in a box - the good, the bad and the ugly
Lee Neely, Chelle Clements, James McMurry

Metasploit Town Hall 0x4
Brent Cook, Aaron Soto, Adam Cammack, Cody Pierce

Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community
Kathleen Smith, Magen Wu, Cindy Jones, Kathryn Seymour, Kirsten Renner

Disaster Strikes: A Hacker's Cook book
Jose Quinones, Carlos Perez

Ninja Looting Like a Pirate
Infojanitor

Hacking Mobile Applications with Frida
David Coursey

Victor or Victim? Strategies for Avoiding an InfoSec Cold War
Jason Lang, Stuart McIntosh

Ubiquitous Shells
Jon Gorenflo

99 Reasons Your Perimeter Is Leaking - Evolution of C&C
John Askew

Ship Hacking: a Primer for Today's Pirate
Brian Satira, Brian Olson

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget
Mark Milhouse

Patching: Show me where it hurts
Cheryl Biswas

Advanced Deception Technology Through Behavioral Biometrics
Curt Barnard, Dawud Gordon

We are all on the spectrum: What my 10-year-old taught me about leading teams
Carla A Raisler

No Place Like Home: Real Estate OSINT and OPSec Fails
John Bullinger

The Layer2 Nightmare
Chris Mallz

Attacking Azure Environments with PowerShell
Karl Fosaaen

Blue Blood Injection: Transitioning Red to Purple
Lsly Ayyy

Mirai, Satori, OMG, and Owari - IoT Botnets Oh My
Peter Arzamendi

Comparing apples to Apple
Adam Mathis

How online dating made me better at threat modeling
Isaiah Sarju

Threat Hunting with a Raspberry Pi
Jamie Murdock

M&A Defense and Integration - All that Glitters is not Gold
Sara Leal, Jason Morrow

Social Engineering At Work - How to use positive influence to gain management buy-in for anything
April Wright

Ham Radio 4 Hackers
Eric Watkins, Devin Noel

Getting Control of Your Vendors Before They Take You Down
Dan Browder

Cyber Intelligence: There Are No Rules, and No Certainties
Coleman Kane

Getting Started in CCDC
Russell Nielsen

Changing Our Mindset From Technical To Psychological Defenses
Andrew Kalat

Red Mirror: Bringing Telemetry to Red Teaming
Zach Grace

Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes
Austin Baker, Doug Bienstock

IoT: Not Even Your Bed Is Safe
Darby Mullen

Fingerprinting Encrypted Channels for Detection
John Althouse

On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone
Nick Stephens

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Gabriel Ryan

Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight
Omer Yair

Cloud Forensics: Putting The Bits Back Together
Brandon Sherman

Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil
Francisco Donoso

The MS Office Magic Show
Stan Hegt, Pieter Ceelen

Living off the land: enterprise post-exploitation
Adam Reiser

Hillbilly Storytime: Pentest Fails
Adam Compton

Bug Hunting in RouterOS
Jacob Baines

Breaking Into Your Building: A Hackers Guide to Unauthorized Access
Tim Roberts, Brent White

The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.
Bryce "soen" Bearchell

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel

Pwning in the Sandbox: OSX Macro Exploitation & Beyond
Adam Gold, Danny Chrastil

IOCs Today, Intelligence-Led Security Tomorrow
Katie Kusjanovic, Matthew Shelton

Closing Ceremonies

Keynote
Dave Kennedy

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

The Abyss is Waving Back - The four paths that human evolution is charging down, and how we choose which one's right
Chris Roberts

Crypto Gone Rogue: A Tale of Ransomware, Key Management and the CryptoAPI
Pranshu Bajpai & Dr. Richard Enbody

You're right, this talk isn't really about you!
Jayson E Street

Analyzing Pwned Passwords with Apache Spark
Kelley Robinson

How to rob a bank over the phone
Joshua "Naga" Crumbaugh
(Posting Later Maybe)

Vibing Your Way Through an Enterprise: How Attackers are Becoming More Sneaky
Matthew Eidelberg

PwnBook: Penetrating with Google's Chromebook
Corey Batiuk

Life, Death + the Nematodes: Long live Cyber Resilience!
Chad Calease

Data Data Everywhere but No One Stops to Think
Scott Thomas, Carl Hertz & Robert Wagner

Automation and Open Source: Turning the Tide on Attackers
John Grigg

w.e w.e Internet Explorer Does What It Wants
Aaron Heikkila

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

Hacker Tools, Compliments of Microsoft
David Fletcher & Sally Vandeven

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Dr. Jared DeMott

Over the Phone Authentication
Spencer Brown

Designing a Cloud Security Blueprint
Sarah Elie

To Fail is Divine
Danny Akacki

Zero to Owned in 1 Hour: Securing Privilege in Cloud, DevOps, On-Prem Workflows
Brandon Traffanstedt

Malware Mitigation Sample Detonation Intelligence Automation: Make Your Binaries Work for You
Adam Hogan

emulacra and emulation: an intro to emulating binary code with Vivisect
Atlas of D00m
SniffAir - An Open-Source Framework for Wireless Security Assessments
Matthew Eidelberg & Steven Daracott

Threat Hunting: the macOS edition
Megan Carney

The Hybrid Analyst: How Phishing Created A New Type of Intel Analyst
Rachel Giacobozzi

Dragnet: Your Social Engineering Sidekick
Truman Kain

Intelligence Creating Intelligence: Leveraging what you know to improve finding what you don,t
Tomasz Bania

Guaranteed Failure: Awareness The Greatest Cyber Insanity
Joshua "Naga" Crumbaugh

Threat Modeling: How to actually do it and make it useful
Derek Milroy

Structuring your incident response could be one of the most important things you do to bolster Security
Matt Reid

How this 20 Year Old Changed the Security Industry
James O'Neill

Stop Boiling The Ocean! How To Succeed With Small Gains
Joel Cardella

Do I have a signature to detect that malware?
Ken Donze

2018 SIEM Trends: What is my Mean Time to Value?
Bill Lampe

Advanced Attackers Hiding Inside Encrypted Traffic at the Endpoint
Jared Phipps

More Tales from the Crypt-Analyst
Jeff Man

My First year in Application Security
Whitney Phillips

Career Risk Management: 10 tips to keep you employed
Chris Burrows

Red vs Blue: The Untold Chapter
Aaron Herndon & Thomas Somerville

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Analyzing Multi-Dimensional Malware Dataset
Ankur Tyagi

Physicals, Badges, and why it matters
Alex Fernandez-Gatti

InSpec: Compliance as Code
Kent picat, Gruber

Bounty Hunters
J Wolfgang Goerlich

Introduction
Dr. John Carls

Catching the Social Engineer
Robert Stewart

Hacking Identity, A Pen Tester’s guide to IAM
Jerod Brennen

Active Defense: Helping the Threat Actors Hack Themselves
Matt Scheurer

Planning & Executing A Red Team Engagement
Tim Wright

Hacking Your Happiness
Chris Gates

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Reflective PE Unloading
Spencer McIntyre

One Puzzle Piece at a Time: Logging Quick Wins
Celeste Hall

GO HACK YOURSELF: MOVING BEYOND ASSUMPTION-BASED SECURITY
Christine Stevenson

Using Technology to Defend Digital Privacy & Human Rights
Tom Eston

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

Abandoned Spaces: Reconstructing APT Campaigns From Lapsed Domains
Daniel Nagy

What's Changed In The New OWASP Top 10?
Bill Sempf

Raindance: Raining Recon from the Microsoft Cloud
Michael Stringer

Tools and Procedures for Securing .Net Applications
Sam Nasr

Hacking Identity: A Pen Tester's Guide to IAM
Jerod Brennen

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Securing Code - The Basics
Michael Mendez

The Marriage of Threat Intelligence and Incident Response or... Threat Hunting for the Rest of Us
Jamie Murdock

Wacky and Wild Security - Getting things under CIS Controls V7
Jeremy Mio

Interdisciplinary Infosec: Equifax, Individuation, and the Modern State
Thomas Pieragastini

Mobile Application Privacy and Analytics
Kevin Cody

Evolving the Teaching of Pen Testing in Higher Ed
Robert Olson

Go back to the basics with your processes: Improving operations without technology.
Mark Abrams

Anatomy of an Attack
John Fatten

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Opening

The Insecure Software Development Lifecycle: How to find, fix, and manage deficiencies within an existing methodology.
April C. Wright

The Sky Isn't Falling, But the Earth May be Shifting: How GDPR Could Change the Face of InfoSec
Cliff Smith

Gulliver's Travels: Security Exploits and Vulnerabilities Around the Globe
Kevin Johnson

From DDoS to Mining: Chinese Cybercriminals Set Their Sights on Monero
David Liebenberg

ANTI-OSINT AF: How to become untouchable
Michael James

Who's Watching the Watchers?
Nathan Sweaney

We don't have to worry about that, It's in the cloud
Arnar Gunnarsson

SS7 for INFOSEC
Paul Coggin

Getting Newcomers into Infosec: The Tribulations of the Auburn University Hacking Club
Matthew Rogers

Exploring Information Security Q&A Panel
Timothy De Block

Securing Windows with Group Policy
Josh Rickard

ATAT: How to take on the entire rebellion with 2-3 stormtroopers
ll3nigmall

How Hyperbolic Discounting is keeping your security program from succeeding
Jon Clark

Hijacking the Boot Process - Ransomware Style
Raul Alvarez

Building a Cyber Training Range on a Budget
Robert Guiler

Lessons Learned from Development and Release of Blacksmith (The Meltdown Defense Tool For Linux)
Jared Phipps

How to Train Your Kraken - Creating a Monster Out of Necessity
Sean Peterson

PowerShell exploitation, PowerSploit, Bloodhound, PowerShellMafia, Obfuscation, PowerShell Empire, the Empire has fallen, you CAN detect PowerShell exploitation
Michael Gough

Offensive Cartography
Trenton Ivey

The Wrong Kind of DevOps Talk - Now with Extra Badness!
Bobby Kuzma

This Job is Making Me Fat!
Thomas Smith

You'll understand when you are older
Amanda Berlin & David Cybuck

Bitcoin - The generation of private keys based on public keys, a live demonstration
Richard Dennis

Opening Ceremonies
Circle City Con Staff

Espionage In The Modern Age of Information Warfare
Scot Terban

The Never Ending Hack: Mental Health in InfoSec Community
Danny Akacki

The Network Night Watch
Eric Rand & Lesley Cahart

Held for Ransom with a Toy Gun
Brian Baskin

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

CTF Tips and Tricks
Aaron Lintile

Classic Cons in Cryptocurrency
Wolfgang Goerlich & Zachary Sarakun

Enterprise Vulnerability Management (Assessing, Implementing, and Maintaining)
Derek Milroy

Security Beyond the Security Team: Getting Everyone Involved
Luka Trbojevic

The consequences of lack of security in the Healthcare and how to handle it
Jelena Milosevic

Stealing Cycles, Mining Coin: An introduction to Malicious Cryptomining
Edmund Brumaghin & Nick Biasini

Applying Thermodynamic Principles to Threat Intelligence
Kyle Ehmke

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

How to Lie with Statistics, Information Security Edition
Tony Martin-Vegue

IoT 4n6: The Growing Impact of the Internet of Things on Digital Forensics
Jessica Hyde

A Very Particular Set of Skills: Geolocation Techniques For OSINT and Investigation
Chris Kindig

Rise of the Machines
Aamir Lakhani

Backdooring with Metadata
Itzik Kotler

Automahack - Automate going from zero to domain admin with 2 tools
Dan McInerney

Patching - It's Complicated
Cheryl Biswas

Containers: Exploits, Surprises and Security
Elissa Shevinsky

Playing Russian Troll Whack-a-Mole
Courtney Falk

The FaaS and the Curious - AWS Lambda Threat Modeling
Bryan McAninch

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

Quick Retooling in .Net for Red Teams
Dimitry Snezhkov

(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)
Jeff Man

Carrot vs. Stick: Motivation, Metrics, and Awareness
Magen Wu

Securing without Slowing: DevOps
Wolfgang Goerlich

Operator: The Well-Rounded Hacker
Matthew Curtin

Abuse Case Testing in DevOps
Stephen Deck

GreatSCT: Gotta Catch 'Em AWL
Chris Spehn

Chasing the Adder... A Tale from the APT world
Stefano Maccaglia

Aww Ship! Navigating the vulnerabilities and attack surface of the maritime industry
John Sonnenschein

Hacking Dumberly, Just Like the Bad Guys
Tim Medin, Derek Banks

Automahack - Python toolchain for automated domain admin
Dan McInerney

Dear Blue Team: Proactive Steps to Supercharge your IR
Joe Gray

You'll Understand When You're Older
Amanda Berlin

Skills For A Red-Teamer
Brent White, Tim Roberts

Hacking Smart Contracts--A Methodology
Konstantinos Karagiannis

Fighting Child Exploitation with Oculum
Andrew Hay, Mikhail Sudakov

How to tell cajun doctors they have bad cyber-hygiene and live
Joshua Tannehill

What Infosec in Oil & Gas can Teach us About Infosec in Healthcare
Damon J. Small

On the Hunt: Hacking the Hunt Group
Chris Silvers, Taylor Banks

Your Mac Defenestrated. Post OSXploitation Elevated.
FuzzyNop & Noncetonic

Keynote: Follow The Yellow Brick Road
Marcus J. Carey

We are the Enemy of the Good
Stephen Heath

Taking out the Power Grid's Middleman
Nathan Wallace, Luke Hebert

Privacy for Safety- How can we help vulnerable groups with privacy?
Stella

Cash in the aisles: How gift cards are easily exploited
Will Caput

Mind Games: Exploring Mental Health through Games
Todd Carr

Jump into IOT Hacking with Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

The Future of Digital Forensics
Imani Palmer

Changing the Game: The Impact of TRISIS (TRITON) on Defending ICS/SCADA/IIoT
Paul W. Brager Jr M.Sci, CISSP, GICSP, CISM

Ducky-in-the-middle: Injecting keystrokes into plaintext protocols
Esteban Rodriguez

Gamifying Developer Education with CTFs
John Sonnenschein & Max Feldman

Active Directory Security: The Journey
Sean Metcalf

HTTP2 and You
Brett Gravois

Opening

Yes, You're an Impostor; now get back to work
Johnny Xmas

GRC - "What Would You Say You Do Here?"
Brian Martinez

Protecting Phalanges from Processor Pressure Points
Matthew Clapham

A Reporter's Look at OSINT
Hilary Louise
(Sorry, mic was off, but here is a longer version from GrrCon)

Nowhere to hide
Lucas Gorczyca

Know the Enemy - How to make threat intelligence work!
Nir Yosha

Hack like a Gohper
Kent Gruber

@taco_pirate's Art of Woo
Ben Carroll

Saving All the Money to Buy All the Booze: Learning to Hack All the Things on a Budget
Michael Morgese

Practical Incident Response in Heterogenous Environment
Kevin Murphy & Stefano Maccaglia

Security KPIs - Measuring Improvement in Your Security Program
Steven Aiello

Opening

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Winning the cybers by measuring all the things
Jim Beechey

Social Engineering for the Blue Team
Timothy De Block

The Emerging Product Security Leader Discipline
Matthew Clapham

Server Message Block Worms: The gift that keeps on giving
Matthew Aubert

Don't Fear the Cloud: Secure Solutions at Lower Cost
Matt Newell

DevSecOps: Security Testing with CI/CD Automation Servers
Ed Arnold

Backdooring With Metadata
Itzik Kotler

How to Conduct a Product Security Test: And How it Fits Into the Larger Security Strategy
Nick Defoe

Securing ASP.NET Core Web Apps
Dustin Kingen

All the Bacon: How Lesley Knope and Ron Swanson encourage community growth
Kevin Johnson

ATT&CK Like an Adversary for Defense Hardening
Steve Motts & Christian Kopacsi

Unblockable Chains – Is Blockchain the ultimate malicious infrastructure?
Omer Zohar
(may post later)

DADSEC 102
Richard Cassara

The Things You Should Be Doing Defensively Right Now
Joel Cardella

Held Hostage: A Ransomware Primer
Nick Hyatt

Prowling: Better Penetration Testing
J Wolfgang Goerlich

Automating Web App security in AWS
Luther Hill

Finding the Money to Run an Effective Security Program
Matt Topper

Cryptocurrency- The Internetwide Bug Bounty Program
Brian Laskowski

Hacking Identity: A Pen Tester,s Guide to IAM
Jerod Brennen

Keynote
Jessica Payne

To AI or Not to AI? What the US Military Needs for Fighting Cyber Wars
Ernest Wong

Preparing for Incident Handling and Response within Industrial Control Networks
Mark Stacey

FailTime:​ ​ Failing​ ​ towards​ ​ Success
Sean Metcalf

Getting Saucy with APFS! - The State of Apple’s New File System
Sarah Edwards

Basic Offensive Application of MOF Files in WMI Scripting
Devon Bordonaro

An Open Source Malware Classifier and Dataset
Phil Roth

Counting Down to Skynet
Nolan Hedglin

How we reverse engineered OSX/Pirrit, got legal threats and survived
Amit Serper

Threat Activity Attribution: Diferentiatinn the Who from the How
Joe Slowik

Quantify your hunt: not your parents’ red teaming
Devon Kerr

Internet Anarchy & The Global March toward Data Localization
Andrea Little Limbago

Powershell Deobfuscation: Putting the toothpaste back in the tube
Daniel Grant

Effective Monitoring for Operational Security
Russell Mosley Ryan St. Germain

Plight at the end of the Tunnel
Anjum Ahuja

Rise of the Miners
Josh Grunzweig

Malware Analysis and Automation using Binary Ninja
Erika Noerenberg

Between a SOC and a Hard Place
Shawn Thomas Andrew Marini James Callahan Dustin Shirley

Using Atomic Red Team to Test Endpoint Solutions
Adam Mathis

Exercise Your SOC: How to run an effective SOC response simulation
Brian Andrzejewski

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers Barrett Adams

Building a Predictive Pipeline to Rapidly Detect Phishing Domains
Wes Connell

Closing Ceremonies

Intro

Know Your Why
Oladipupo (Ladi) Adefala

Deploying Microsoft Advanced Threat Analytics in the Real World
Russell Butturini

An Oral History of Bug Bounty Programs
Dustin Childs

Blue Cloud of Death: Red Teaming Azure
Bryce Kunz

SECURITY INSTRUMENTATION: BE THE HERO GETTING VALUE FROM SECURITY
Brian Contos

Changing Who Writes the Queries: High-Leverage IR with Visual Playbooks & Visual Graph Analysis
Leo Meyerovich

Learning to Hack the IOT with the Damn Vulnerable Habit Helper IOT Device
Nancy Snoke, Phoenix Snoke

Hacking the Users: Developing the Human Sensor and Firewall
Erich Kron

Community Based Career Activities or How Having Fun Can Help You with Your Career
Kathleen Smith, Cindy Jones,Doug Munro, Magen Wu

Hillbilly Storytime - Pentest Fails
Adam Compton

See the ID Rules Before Us: FAL IAL AAL eh? Aaaagh!!! How, How, How, How?
Bruce Wilson

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

Growing Up to be a Infosec Policy Driven Organization
Frank Rietta

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers, Barrett Adams

Hacking VDI 101
Patrick Coble

Evaluating Injection Attack Tools Through Quasi-Natural Experimentation
John O'Keefe-Odom

Social Engineering for the Blue Team
Timothy De Block

On Business Etiquette and Professionalism in the Workplace
Tess Schrodinger

InfoSec by the Numbers
Bill Gardner

Practical OSINT - Tools of the trade
Tom Moore

Potentially unnecessary and unwanted programs (a.k.a. PUPs)
Josh Brunty

How To Test A Security Awareness Program
Matt Perry

Disrupting the Killchain
Amanda Berlin

I have this piece of paper, now what?
Brandon Miller

Statistics Lie...Except About Passwords
Jeremy Druin

Intro

Red vs Blue and why We are doing it wrong
Chris Roberts

The Semi-Comprehensive Guide to Setting Up a Home Lab
Andrew Williams

Lessons learned from a OWASP Top 10 Datacall
Brian Glas

Attacker vs. Defender: Observations on the Human Side of Security
Todd O'Boyle

The Gilligan Phenomenon: Fixing The Holes In the Ransomware And Phishing Boats
Eric Kron

Machine Learning and Cyber Security: How Smart is Can it Be?
Shayne Champion

Closing

Intro

Lessons Learned - A 15 year Retrospective
Price McDonald

Phishing Forensics - Is it just suspicious or is it malicious?
Matt Scheurer

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

The Pillars of Continuous Incident Response
Brad Garnett

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Social Engineering for the Blue Team
Timothy De Block

Leveraging DevSecOps to Escape the Hamster Wheel of Never-ending Security Fail
Chris Reed

Creating a Cyber Volunteer Department
Ray Davidson

Closing
Frank Diaz

Keynote
Dave Kennedy

Automating Security Testing with the OWTF
Jerod Brennen

Looks Like Rain Again: Secure Development in the Cloud
Bill Sempf

How Stuxnet Ruined My Life For 6 Months (But I Got To Fly 1st Class A Lot)
Chris Raiter, Jeremy Smith

Emotet - Banking Malware With A Bite
Bradley Duncan

Keynote
Kevin Burkart

Cryptology: It’s a Scalpel, not a Hammer
Mikhail Sudakov

Pass the Apple Sauce: Mac OS X Security Automation for Windows-focused Blue Teams
Brian Satira

Why People Suck at Delivery: How to get your security projects off the ground and into production!
Nick d'Amato

Zero to Owned in 1 Hour: Securing Privilege in Cloud and DevOps Workflow
Brandon Traffanstedt

Are you ready for my call? Security researcher insights into Responsible Disclosure.
Jason Kent

Everything you always wanted to ask a hiring manager, but were afraid to ask!
Mike Spaulding
 

Deep Learning for Enterprise: Solving Business Problems with AI
Christian Nicholson

Building Jarvis
Stephen Hosom

Active Defense - Helping threat actors hack themselves!
Matt Scheurer

Shifting Application Security Left
Craig Stuntz

Presenting P@cketR@quet: An Auditory IDS
Killian Ditch

Security and Networking: Dual Purpose Tools
Cody Smith

Cybereason's Jim VanDeRyt - Fileless Malware Breakout Session
Jim VanDeRyt

The Quieter You Become, the More You’re Able to (H)ELK
Nate Guagenti, Roberto Rodriquez

AM Keynote
Matt Devos

Deep Dive in the Dark Web (OSINT Style)
Kirby Plessas

PM Keynote
Jack Daniel

Adding Pentest Sauce to your Vulnerability Management Recipe
Luke Hudson, Andrew McNicol

The Value of Design in Cyber Threat Intelligence
Devon Rollins

DNC Hacked Data in the Hands of a Trained Intelligence Professional
Wally Prather, Dave Marcus

Your Facts Are Not Safe With Us: Russian Information Operations as Social Engineering
Meagan Keim

DECEPTICON: Deceptive Techniques to Derail OSINT attempts
Joe Gray

I Thought Renewing the Domain Name Was Your Job?
Allan Liska

Automating Unstructured Data Classification
Malek Ben Salem

Vulnerability Patched in Democratic Donor Database
Josh Lospinoso

Living in a world with insecure Internet of Things (IoT)
Marc Schneider

Vulnerability Accountability Levers and How You Can Use Them
Amelie Koran

Cyber Mutual Assistance - A New Model for Preparing and Responding to Cyber Attack
David Batz

Rethinking Threat Intelligence
Tim Gallo

What Color Is Your Cyber Parachute?
Cliff Neve, Candace King, Kazi Islam, Trey Maxam, Amelie Koran

Feds Meet Hackers
Ariel Robinson, Alyssa, Feola, Gray Loftin, Beau Woods, Amélie E. Koran

Recruiting in Cyber
Dan Waddel, Kathleen Smith, Suzie Grieco, Sabrina Iacarus, Kirsten Renner, Karen Stied

How to get started in Cybersecurity
John Stoner

Improving Technical Interviewing
Forgotten Sec

Ask An Expert: Cyber Career Guidance and Advice
Micah Hoffman, Bob Gourley, John TerBush, Chris Gates, Kirby Plessas, Lea Hurley, Neal Mcloughlin, Ovie Carroll, Sarah Edwards, Tigran Terpandjian, Willie Lumpkin

Cyber Assurance - Testing for Success
Col. John Burger

You Can Run..but you cant hide!
Bruce Anderson

Red Team Apocalypse
Beau Bullock and Derek Banks

Advanced Persistent Security
Ira Winkler

Adding Simulated Users to Your Pentesting Lab with PowerShell
Chris Myers and Barrett Adams

The Shoulders of InfoSec
Jack Daniels

Blockchain: The New Digital Swiss Army Knife?
G. Mark Hardy

Modern Day Vandals and Thieves: Wireless Edition
David Switzer and Jonathan Echavarria

Fraud; Should you worry?
Greg Hanis

A Security Look at Voice-Based Assistants
David Vargas

Hackers Interrupted
Alex Holden

Insane in the Mainframe: Taking Control of Azure Security
Jeremy Rassmusen

MiFare lady Teaching an old RFID new tricks
Daniel Reilly

Medical Device Security: State of the Art in 2018
Shawn Merdinger
(not recorded)

Weaponizing IoT - NOT!
Kat Fitzgerald
(not recorded)

Blue Team's tool dump. Stop using them term NeXt-Gen this isn't XX_Call of Duty_XX.
Alex Kot

Exploiting Zillow "Zestimate" for Reckless Profit
Robert "RJ" Burney

Self Healing Cyber Weapons
Logan Hicks

Ransomware: A Declining Force in Today's Threat Landscape
Brad Duncan

Modern web application security
Julien Vehent

Advanced Social Engineering and OSINT for Penetration Testing
Joe Gray

Critical Infrastructure & SCADA Security 101 for Cybersecurity Professionals
Juan Lopez

Exothermic Data Destruction: Defeating Drive Recovery Forensics
Nikita Mazurov and Kenneth Brown

Innovating for 21st Century Warfare
Ernest "Cozy Panda" Wong

MFA, It's 2017 and You're Still Doing Wrong
Presented by Dan Astor and Chris Salerno.

Out With the Old, In With the GNU
Lsly

IoT devices are one of the biggest challenges
Charles @libertyunix Sgrillo

Evading C2 Detection with Asymmetry
By Brandon Arvanaghi and Andrew Johnston

Abusing Normality: Data Exfiltration in Plain Site
Aelon Porat

Smarter ways to gain skills, or as the DoD puts it
Dr. P. Shane Gallagher, Institute for Defense Analyses, and Evan Dornbush, co-founder, Point3 Security, Inc.

Game of the SE: Improv comedy as a tool in Social Engineering
Danny Akacki - Security Monkey

File Polyglottery; or, This Proof of Concept is Also a Picture of Cats
Evan Sultanik

Your Facts Are Not Safe With Us: Russian Information Operations As Social Engineering
Meagan Dunham Keim

Supercharge Your SOC with Sysmon
Chris Lee & Matthew Giannetto

Threat Hunting: Defining the Process While Circumventing Corporate Obstacles
Kevin Foster, Matt Schneck, Ryan Andress

Put up a CryptoWall and Locky the Key - Stopping the Explosion of Ransomware
Erich Kron, CISSP-ISSAP

Web Hacking 101 Hands-on with Burp Suite
David Rhoades of MavenSecurity.com

Hacker Mindset
David Brown: CISSP, CISM, IAM

Intro
Benny Karnes

Fighting Advanced Persistent Threats with Advanced Persistent Security
Ira Winkler

Coming Up with the Next Wave of Cyber Innovations-Start by Thinking 1ns1d3 th3 B0x
Ernest Wong

I survived Ransomeware.... Twice
Matt Perry

Value of threat intelligence
Stealthcare

SDR & RF Hacking Primer
Andrew Bindner

Digital Forensic Analysis: Planning and Execution
John Sammons

Intro to WireShark
Josh Brunty

Secrets of Superspies
Ira Winkler

Total Recall: Using Implicit Memory as a Cryptographic Primitive
Tess Schrodinger

IoT Panel
RCBI

Hillbilly Storytime - Pentest Fails
Adam Compton

Hackers, Hugs and Drugs
Amanda Berlin

FLDigi - E-mail over Packet Radio
Aaron West and Rob West

From junk to jewels: Destruction is the key to building
Branden Miller & Audrey Miller

SCAP: A Primer and Customization
Scott Keener

Security Through Ansible Automation
Adam Vincent

Vehicle Forensics: An Emerging Source of Evidence
John Sammons

Network Forensics using Kali Linux and/or SANS Sift
Josh Brunty

911 DDOS
Dianiel Efaw

Pi's, Pi's and wifi
Steve Truax

Technical Testimony: Doing the Heavy Lifting for the Jury
John Sammons

Emergent Gameplay
Ron Moyer

Closing

GrrCON 2017 Videos
These are the videos of the presentations from GrrCON 2017. Big thanks to EggDropX and Jaime for having me out, and my video crew  (paint27, Erick, & brettahansen) for recording.

Ghast

STRATEGIES ON SECURING YOU BANKS & ENTERPRISES. (FROM SOMEONE WHO ROBS BANKS & ENTERPRISES FOR A LIVING!)
Jayson E Street

Population Control Through The Advances In Technology…
Chris Roberts
(sorry for the music in back ground)

You Got Your SQL Attacks In My Honeypot
Andrew Brandt

3rd Party Data Burns
Arron "Finux" Finnon

Morphing to Legitimate Behavior Attack Patterns
Dave Kennedy

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF
Jerod Brennen

Oops! Was that your pacemaker?
Charles Parker, II

10 Cent Beer Night: The World we now Live In
Johnny Xmas

Realizing Software Security Maturity: The Growing Pains & Gains
Mark Stanislav & Kelby Ludwig

Cyber, Cyber, Cyber - Using the killchain to accomplish something
Amanda Berlin

An Employee, their Laptop and a Hacker walk into a Bar
Shannon Fritz

Eye on the Prize - a Proposal for Legalizing Hacking Back
Adam Hogan

I've got a (Pocket) Bone to pick with you
Dr Phil Postra

Gig

Topic depends on number of federal agents in audience
Atlas of Doom

Embedding Security in Embedded Systems
Dr. Jared DeMott

National Guard for Cyber? How about a Volunteer Cyber Department?
Ray Davidson

Red Team Yourself
Thomas Richards

An Attack Pathway Into Your Organization? Reducing risk without reducing operational efficiency
David Adamczyk

Pen Test War Stories - Why my job is so easy, and how you can make it harder
Aaron Herndon

Skills For A Red-Teamer
Brent White & Tim Roberts

ProbeSpy: Tracking your past, predicting your future
stumblebot

vAp0r and the Blooming Onion
Justin Whitehead & Jim Allee

A GRReat New Way of Thinking about Innovating for Cyber Defense (and even Cyber Offense)
Ernest "Cozy Panda" Wong

Threat Intelligence: Zero to Basics in presentation
Chris J

Learning from InfoSec Fails
Derek Milroy

A Reporter's Look at Open Source Intelligence
Hilary Louise

Hidden Treasure: Detecting Intrusions with ETW
Zac Brown

The Black Art of Wireless Post-Exploitation
Gabriel "solstice" Ryan

Mi Go

Change is Simply an Act of Survival: Predicting the future while shackled to the past
Bil Harmer

Dissecting Destructive Malware and Recovering from Catastrophe
Bryan York

Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm Gladwel
Jim Wojno & Dan Kieta

How do you POC? Are you really testing a product
Ken Donze

Tales From The Trenches: Practical Information Security Lessons
Michael Belton

Securing the Internet of Things (IoT) -Through Security Research and Vulnerability Analysis
Deral Heiland

The Future of Cyber Security
Anthony Sabaj

Building a Usable Mobile Data Protection Strategy
David "Heal" Schwartzberg

Software Defined Segmentation
Matt Hendrickson

The Shuttle Columbia Disaster: Lessons That Were Not Learned
Joel "I love it when they call me Big Poppa" Cardella

Infrastructure Based Security
Chris Barnes

Defending The De-funded
Keith Wilson

Real-World Red Teaming
spartan

We got it wrong
Wolfgang Goerlich

Critical Incident: Surviving my first layoff by applying BCP/DRP Principles
Tom Mead