A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:




            Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links.


News/Change Log

3/25/2017 Bloomcon 2017 Videos
These are the videos from the Bloomcon conference.

Strange times we live in:
Alexander Muentz

Real World Examples of IT Risks
Fred Reck

The first 48: All your data are belong to us
Chad Gough & Molody Haase & Jared Sikorski

Deleted Evidence: Fill in the Map to Luke Skywalker
David Pany

The Cox Fight and Beyond: Kodi, the Brave New World of Copyright Infringement, and ISP Liability
Alex Urbelis

What is the size of a sparse file in NTFS
John Riley

Black Box Mac OSX Forensics
Brian Martin

Math and Cryptography
Sam Gross

Road Ahead
Ben Tice

Honey, I Stole Your C2 Server: A dive into attacker infrastructure
Andrew Rector

Building a Scalable Vulnerability Management Program for Effective Risk Management
Katie Perry

New results in password hash reversal
Mark Sanders

Lessons Learned from Pwning my University Aaron Thomas
Aaron Thomas

Windows Event Logs - Zero to Hero
Nate Guagenti & Adam Swan

What Can my Logs Tell me?
Art Petrochenko

A POS Breach Investigation
Kevin Strickland

Abusing Google Dorking and Robots.txt
Dave Comstock

APT-What the heck is an APT?
Bill Barnes

Technological Changes that Affect Forensic Investigations
Diane Barrett

Deceptive Defence
Daniel Negron

Cryptography 0-128
Ben Tice

Sometimes They Are Innocent!
Scott Inch

Securely Deleting Data from SSDs
Stephen Larson

3/11/2017 BSides Indy 2017 Videos

These are the videos from the BSides Indy conference.


Strategies on Securing you banks & enterprises. (From someone who robs banks & enterprises for a living!)
Jayson Street

Crypto defenses for real-world system threats
Kenneth White

Hardware Hacking: Abusing the Things
Price McDonald

Kick starting an application security program
Timothy De Block

OSINT For The Win - Tools & Techniques to Maximize Effectiveness of Your Social Engineering Attacks
Joe Gray

Physical Phishing, Way Beyond USB Drops!
Rich Rumble

Weaponizing Nanotechnology and hacking humans; 2017 updates :)
Chris Roberts

Make STEHM Great Again
David Schwartzberg

2/25/2017 BSides NOVA 2017 Videos
These are the videos from BSides NOVA 2017.. Thanks to those who manned the video rigs.

AM Key Note
Ron Gula

Using Software Defined Radio for IoT Analysis
Samantha Palazzolo

Imposter Syndrome: I Don't Feel Like Who You Think I Am.
Micah Hoffman

PM Keynote - Tarah Wheeler

How the Smart-City becomes stupid
Denis Makrushin

Won't Get Fooled Again: The expected future of IoT malware and what to do about it.
Blaine Mulugeta

Software Supply Chains and the Illusion of Control
Derek Weeks

"Humans, right?" Soft Skills in Security
Ariel Robinson

Panel | Local Community Cyber Groups in NoVA
Jeremy Duncan

Networking with Humans to Create a Culture of Security
Tracy Maleeff

Why the NTP Security Problem Is Worse than You Think
Allan Liska

Bro, I Can See You Moving Laterally
Richie Cyrus

Panel | Parlaying Education and Experience into an Infosec Career
Forgotten Sec

So you want to be a "Cyber Threat Analyst" eh?
Anthony Melfi

0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge
Blaine Stancill

Finding a Companies BreakPoint
Zachary Meyers

Challenges and Opportunities: Application Containers and Microservices
Andrew Wild

Cyber Hunt Challenge - Develop and Test your Threat Hunting skills
Darryl Taylor

Anti-Virus & Firewall Bypass Techniques BY Candan B-LÜKBAS
Candan Bolukbas

I'm Cuckoo for Malware: Cuckoo Sandbox and Dynamic Malware Analysis
Lane Huff

2/12/2017 BSides Tampa 2017 Videos
These are the videos from the BSides Tampa conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. Special thanks to my video crew.

Keynote Talk : - Cyber Security in the Age of Espionage
Eric O'Neill (Not posted)

Advanced Targeted Attack.
Andy Thompson

Phishing Pholks Phor Phun and Prophit
Erich Kron

Alert All the Things! (Network Baselines/Alerts with Bro Scripts)
Matthew Domko

Intro to Fuzzing for Fun and Profit
Brian Beaudry

Kevin Poulsen (Not Recorded)

Build Your Own Physical Pentesting Go-Bag
Beau Bullock, Derek Banks

NFC Your Smartphone's Best Friend or Worst Nightmare
Shane Hartman

e-Extortion Trends and Defense
Erik Iker

HIPAA for Infosec Professionals
Michael Brown

Deconstructing 100% JavaScript-based Ransomware
Jeremy Rasmussen & Paolo Soto

Mozilla's tips on strong HTTPS
Julien Vehent

Redefining Security in a Cloud-Centric Future
Mike Spaulding & Mitch Spaulding

Securing The Electrical Grid From Modern Threats
Christopher Williams

Securing Agile Development
Alan Zukowski

What I've Learned Writing CTF Challenges
Vito Genoese

Build the capability to Detect, Triage And Respond
Scott Sattler

What the Hell is ICS Security?
Brandon Workentin

Protecting Third-Party Risk From Plundering
Stacey Banks

Protecting Visual Assets: Digital Image Counter-Surveillance Strategies
Nikita Mazurov & Kenneth Brown

ArchStrike Linux
Chad Seaman

Hacking The Sabbath
Jonathan Singer

Chaining The Future: Block Chains and Security
Joe Blankenship

1/16/2017 BSides Columbus 2017 Videos
These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and those who manned the video rigs.

Learning From Pirates of the Late 1600s - The first APT
Adam Hogan

What I Learned About Cybersecurity by Training With US Navy SEALs
Matthew Curtin

Cross Origin Resource Sharing Kung fu
Aditya Balapure

Redefining Security in a Cloud Centric Future
Mike Spaulding

Automating Security in Building Software
Warner Moore

Planning and Executing a Red Team Engagement
Timothy Wright

DNSSec Explained!
Dan Benway

Midwestern Nice - Stereotype or Enterprise Threat?
Valerie Thomas

Information Security Talent Trends to expect in 2017
Megan Wells AJ Candella

12/03/2016 BSides Philadelphia 2016
These are the videos from BSides Philadelphia 2016.

Attacker's Perspective: A Technical Demonstration of an Email Phishing Attack
Zac Davis

Crashing Android phones via hostile networks
Yakov Shafranovich

I'm Cuckoo for Malware: Cuckoo Sandbox and Dynamic Malware Analysis
Lane Huff

How to Find a Company's BreakPoint
Andrew McNicol

What the deuce? Strategies for splitting your alerts.
John T. Myers

Red Team Yourself
Thomas Richards

Matt Blaze

Solar Flare - Pulling apart SolarWinds ORION
Rob Fuller

Staying Afloat in a Tsunami of Security Information
Tracy Z. Maleeff

Hunting: Defense Against The Dark Arts
Danny Akacki

Every day is a Zero Day: Building an in-house Secure SDLC program
Tony Reinert

Owning MS Outlook with Powershell
Andrew Cole

A tour through the magical wonderful world of crypto land
Ben Agre

Remote attacks against IoT
Alex Balan

Hacking the Human: Social Engineering Basics
Dave Comstock (sten0)

Where do I start?
Charles Sgrillo II

Top 10 Mistakes Made In Active Directory That Can Lead To Being Compromised
Adam Steed

So you want to beat the Red Team?
Cameron Moore

Hacking Your Way into the APRS Network on the Cheap -- Extended Edition
Mark Lenigan

Threat Intel Analysis of Ukrainian's Power Grid Hack
Nir Yosha

Cryptography Pitfalls
John Downey

Information security and the law
Alex Muentz

Getting Permission to Break Things
William Bailey

"Knowing the Enemy"- Creating a Cyber Threat Actor Attribution Program
Jack Johnson

Red Teaming your Risk Management Framework
Keith Pachulski

Web Application Exploit 101 : Breaking Access Control and Business Logic
Tomohisa Ishikawa

Size Doesn't Matter : Metrics and Other Four Letter Security Words
Jim Menkevich

10/20/2016 SecureWV/Hack3rcon 2016 Videos

These are the videos of the presentations from Secure West Virginia 2016. Thanks to Dave, Justine and Tim for helping record. Sorry for the off audio timings, this is the first time I've used OBS Studio for a con and I was testing new capture gear.

Benny Karnes

Dave Kennedy

SHALL WE PLAY A GAME. How to make an two player bartop arcade machine with a Raspberry Pi.
Steven Truax

Maker/Hacker Space Panel - RCBI

So You Wanted to Work in Infosec
Joey Maresca

Making Our Profession More Professional
Bill Gardner

Special Agent Michelle Pirtle
(not recorded)

So You've Inherited a Security Department, Now What?
Amanda Berlin

SUSpect - A powershell based tool to provide early detection of ransomware and other attack techniques.
Mick Douglas

Building an Infosec Program from Ground Zero: From the Coat Closet to the Data Center
David Albaugh

How to Not Cheat on Your Spouse: What Ashley Madison Can Teach Us About OpSec
Joey Maresca

Windows Timelines in Minutes
Dr. Philip Polstra

Scripting Myself Out of a Job - Automating the Penetration Test with APT2
Adam Compton

WTF? Srsly? Oh FFS! - IR Responses
Mark Boltz-Robinson

Women in Infosec Panel
Adrian Crenshaw
Amanda Berlin
Blair Gardner
(not posted)

Securing The Secure Shell, The Automated Way
Adam Vincent

Bitcoin: From Zero to "I get it."
Luke Brumfield

How to hack all the bug bounty things automagically & reap the rewards (profit)!
Mike Baker

Giving Back - Submitting to PTES 101
Jeremy Mio

Benny Karnes


Intro to Linux
Benny Karnes

BASH Scripting
Justin Rogosky
(not recorded)

Python Scripting
Adam Byers

Intro to Kali
Wyatt Nutter


Evidence Collection
John Sammons

Intro to WireShark
Josh Brunty

Intro to Digital Forensics
John Sammons

Network Forensics using Kali Linux and/or SANS Sift
Josh Brunty

Mobile Forensics An Introduction
Josh Brunty

10/08/2016 GrrCON 2016 Videos
These are the videos of the presentations from GrrCON 2016. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Erick, & Cooper) for recording.


Act Three, The Evolution of Privacy

Weaponizing Nanotechnology and hacking humans; defining the boundaries
Chris Roberts

Becoming a Cyborg: The First Step Into Implantable Technology
Michael Vieau

Abnormal Behavior Detection in Large Environments
Dave Kennedy

Secure Dicks
Michael Kemp

and bad mistakes I've made a few...
Jayson Street (Only first 30 min)

Predator to Prey: Tracking Criminals with Trojans and Data Mining for Fun and Profit
Ken Westin

Guarding Dinner
J Wolfgang Goerlich

Back to the Future: Understanding our future but following the past
Kevin Johnson

Breaking Android Apps for Fun and Profit
Bill Sempf

Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years
Matt Bromiley & Preston Lewis

Security Guards -- LOL! Brent White & Tim Roberts


Internet of Things (IoT) radio frequency (RF) Analysis With Software Defined Radio
Kevin Bong

So You Want to Be a Pentester

What do you mean I'm pwn'd! I turned on automatic updates!
Scott Thomas & Jeff Baruth

Surreal Paradigms: Automotive Culture Crash
D0xt0r Z3r0

Reversing and Exploiting Embedded Devices (Walking the software and hardware stack)
Elvis Collado

Threat Detection & Response with Hipara
J. Brett Cunningham

Still Broken After All These Years Aka Utility Security For Smarties
Doug Nibbelink

Threat Detection Response with Hipara
J Brett Cunningham

Quick and Easy Windows Timelines with Pyhon, MySQL, and Shell Scripting
Dr. Phil Polstra

Cruise Ship Pentesting OR Hacking the High Seas
Chad M. Dewey

Using Virus Total Intelligence to track the latest Phishing Document campaigns
Wyatt Roersma

Encryption, Mobility & Cloud Oh My!
Bill Harmer

Magnetic Stripes 101
Tyler Keeton

Machine Duping: Pwning Deep Learning Systems
Clarence Chio

Money, Fame, Power - Build your success as a security professional
Nathan Dragun

Tales from the Crypt...(analyst)
Jeff Man

What's in your Top Ten? Intelligent Application Security Prioritization
Tony Miller

Binary Ninja
Jared Demott

Phish your employees for fun!
Kristoffer Marshall

Mad Scientists

Securing Trust - Defending Against Next-generation Attacks
John Muirhead-Gould

Five Nights At Freddys: What We Can Learn About Security From Possessed Bears
Nick Jacob

Make STEHM Great Again
David "HealWHans" Schwartzberg

Pentester-to-customer:I will 0wn your network! - Customer-to-pentester:No, I will make you cry!
David Fletcher & Sally Vandeven

How Do You Secure What You Don't Control
Dimitri Vlachos

Fighting the Enemy Within
Matt Crowe

Getting to the Root of Advanced Threats Before Impact
Josh Fazio

Reality-Checking Your AppSec Program
Darren Meyer

How to Implement Crypto Poorly
Sean Cassidy

Stop attacking your mother's car!
Charles Parker, II

Contracting: Privacy Security and 3rd Party
Nathan Steed & Kenneth Coleman

Alignment of business and IT Security
Shane Harsch

So You've Inherited a Security Department, Now What?
Amanda Berlin

Piercing the Air Gap: Network Steganography for Everyone
John Ventura

On being an Eeyore in Infosec
Stefan Edwards

Welcome to The World of Yesterday, Tomorrow!
Joel Cardella

Board Breaking


Derbycon 2016 Videos
The link above is where I will be putting presentations from Derbycon 2016 (it will take a few days). Big thanks to my video jockeys Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Fozy, nightcarnage, Evan Davison, Chris Bridwell, Rick Hayes, Tim Sayre, Lisa Philpott, Ben Pendygraft, Sarah Clarke, Steven (SciaticNerd), Cory Hurst, Sam Remington, Barbie, Chris Bissle (and maybe the speakers too I guess).


Louisville Infosec 2016 Videos
Below are the videos from the Louisville Infosec 2016 conference. Thanks to all the video volunteers for helping me record. 

Morning Keynote
Chandler Howell
Ryan J. Murphy
John Pollack

The Domain Name System (DNS) - Operation, Threats, and Security Intelligence
Tom Kopchak

Insiders are the New Malware
Brian Vecci

Cloud Security; Introduction To FedRAMP
Sese Bennet

Cloud Access Security Broker - 6 Steps To Addressing Your Cloud Risks
Matt Bianco

Not One Thin Dime: Just Say No to Ransomware!
Mick Douglas

Securing Docker Containers
Chris Huntington

Emerging Governance Frameworks for Healthcare Security
Max Aulakh

Building Our Workforce
Kristen Bell

The Art of Offense and Defense
Mark Loveless

The Current State of Memory Forensics
Jason Hale

Understanding Attacker's use of Covert Communications
Chris Haley

How to Talk to Executives about Security
Harlen Compton

Pen Testing; Red and Blue Working Together
Martin Bos

Data Loss Prevention - How to get the most for your buck
Brandon Baker

The Transition: Risk Assessment > Risk Management
Mike Neal

Darwinism vs. Forensics
Bill Dean



9/11/2016 BSides Augusta 2016 Videos
These are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail and everybody that staffed a recording rig.


Keynote - Robert Joyce

Super Bad

Mobile Hacking
Aaron Guzman

Incident Response Awakens
Tom Webb

Dr. Pentester or: How I Learned To Stop Worrying and Love the Blue Team
Ryan O'Horo

Exploit Kits/ Machine Learning
Patrick Perry

Detection of malicious capabilities using YARA
Brian Bell

Owning MS Outlook with Powershell
Andrew Cole

RAT Reusing Adversary Tradecraft
Alexander Rymdeko-Harvey

Internet of Terrible
Brandon McCrillis

I Got You

Using Honeypots for Network Security Monitoring
Chris Sanders

This one weird trick will secure your web server!
David Coursey

This is not your Momma's Threat Intelligence
Rob Gresham

Moving Target Defense: Evasive Maneuvers in Cyberspace
Adam Duby

Beyond Math: Practical Security Analytics
Martin Holste

Exploit Kits and Indicators of Compromise
Brad Duncan

ICS/SCADA Threat Hunting
Robert M. Lee and Jon Lavender

Agilely Compliant yet Insecure
Tom Ruff

It's Too Funky In Here

Gamification for the Win
Josh Rykowski and Scott Hamilton

IDS/IPS Choices: Benefits, Drawback and Configurations

Micro-segmentation and Security: The Way Forward
Jack Koons

Adventures in RAT dev
Hunter Hardman

Linux privilege escalation for fun, profit, and all around mischief
Jake Williams

How About a Piece of Pi - Experiences with Robots and Raspberry Pi Hacking
John Krautheim

Flaying out the Blockchain Ledger for Fun, Profit, and Hip Hop
Andrew Morris

Network Situational Awareness with Flow Data
Jason Smith

Living In A America

A worm in the Apple - examining OSX malware
Wes Widner

You TOO can defend against MILLIONS of cyber attacks
Michael Banks

Finding Evil in DNS Traffic
Keelyn Roberts

Ransomware Threats to the Healthcare Industry
Tim Gurganis

Using Ransomware Against Itself
Tim Crothers and Ryan Borres

Hunting: Defense Against The Dark Arts
Jacqueline Stokes, Danny Akacki, and Stephen Hinck

Automating Malware Analysis for Threat Intelligence
Paul Melson

Hide and Seek with EMET
Jonathan Creekmore and Michael Edie

7/17/2016 BSides Detroit 2016 Videos
These are the videos from the BSides Detroit 2016 Conference. Thanks to Wolf for having me out and Chris, Daniel, Daniel, Ed, Ben, Emi, Sam, Adam & Eric and others I may forget for helping to record.


BSides Keynote
Atlas Of D00m

Car Hacking 0x05
Robert Leale

Learning Security the Hard Way: Going from Student to Professional
Benjamin Carroll

So You Want to Be a Pentester
Calvin Hedler

Sheep, the Shepard, History, and Eugenics - A historical reminder on why personal privacy matters when it comes to the government and corporations in the digital age.
David Schaefer

Emerging Threats
Tazz Tazz (Not posted)

I Have Been to The Future and I Did Not Want to Come Back
Garrett McManaway

How to Build a Home Lab
Chris Maddalena

Vulnerability Management Systems Flawed - Leaving your Enterprise at High Risk
Gordon MacKay

Bootstrapping A Security Research Project
Andrew Hay


Converge 2016
These are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Chris, Daniel, Daniel, Ed, Ben, Sam, Adam & Eric and others I may forget for helping to record.


Keynote 1
Steve Werby

So You've Inherited a Security Department, Now What?!?!
Amanda Berlin

Violating Trust: Social Engineering Past and Present
Paul Blonsky

AppSec Awareness: A Blue Print for Security Culture Change
Chris Romeo

Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester Mistakes
Jeremy Nielson

Threat Modeling for Secure Software Design
Robert Hurlbut

Not Even One Shade of Gray: Stop Tolerating Compromise in Security
Rich Boyer

MySQL 5.7 Security
Dave Stokes

Evolving the Noise out InfoSec using Law Enforcement Paradigms
Charles Herring

Game of Hacks - Play, Hack, and Track
Igor Matlin

Red is the new Blue - Defensive Tips & Tricks from a Defender turned Pentester
Ben Ten

Building a better user: Developing a security-fluent society
Rich Cassara

Food Fight
J Wolfgang Goerlich

Maneuvering Management Madness
Andrew Hay

Enterprise Class Threat Management Like A Boss
Rockie Brockway

Compliant, Secure, Simple. Pick two.
Joshua Marpet

Sentry on the Wall
Reid Brosko

Expanding Your Toolbox the DIY Way
Chris Maddalena

Surreal Paradigms: Automotive Culture Crash
Dave Schaefer

Haking the Next Generation
David Schwartzberg

Malware Magnets: A practical walkthrough in developing threat intelligence
Tazz Tazz

Still broken after all these years aka Utility Security for Smarties
Doug Nibbelink

7/09/2016 OISF 2016 Videos
These are the videos from the OISF Anniversary Event

Tom Webster

Breaking The Teeth Of Bluetooth Padlocks
Adrian Crenshaw

Identifying and Exploiting Hardware Vulnerabilities: Demo of the HRES Process
Tim Wright

2016 Predictions and How History repeats itself
Jason Samide

A Lawyer's Perspective on Data Security
Dino Tsibouris and Mehmet Munur

The Attacker's Dictionary
Joel Cardella


BSides Cleveland 2016 Videos
These are the videos from the BSides Cleveland conference. Thanks to djaj9, , Kevin, f0zziehakz &  as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad.

Morning Keynote
Ian Amit

Elementary, my dear Watson - A story of indicators
Nir Yosha

Preventing credential theft & lateral movement after initial compromise.
Cameron Moore

Ask a CISO
Jamie Murdock

Crime Prevention Through Environmental Design
Michael Mendez

Fun with One Line of Powershell
Matthew Turner

Learning From Pirates of the Late 1600s - The first APT
Adam Hogan

Food Fight!
Wolfgang Goerlic

Afternoon Keynote
Chris Roberts

The Art of Bit-Banging: Gaining Full Control of (Nearly) Any Bus Protocol
Aaron Waibel

Playing Doctor: Lessons the Blue Team can Learn from Patient Engagement
J Wolfgang Goerlich & Stefani Shaffer-Pond

Security Automation in your Continuous Integration Pipeline
Jimmy Byrd

The WiX Toolset, How to Make Your Own MSIs
Charles Yost

A Rookie PoV: The Hollywood Fallacy
Raquel Milligan

Port Scanning the Hermit Kingdom: Or What NMAP Can Teach Us About Geopolitics
Thomas Pieragastini

Responder for Purple Teams
Kevin Gennuso

Splunk for IR and Forensics
Tony Iacobelli

Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers
Eric Mikulas

SafeCracking on a Budget Redux
David Hunt and Zack Nagaich

Process Ventriloquism
Spencer McIntyre

The Digital Beginning of the Analog End
Brad Hegrat

Gamify Security Awareness: Failure to Engage is Failure to Secure
Michael Woolard

Cons and Conjurers: Lessons for Infiltration
Paul Blonsky

Closing Keynote
David Kennedy



ShowMeCon 2016 Videos
These are the videos ShowMeCon 2016. Thanks to Renee & Dave Chronister (@bagomojo), Renee and others for having me out to record and speak. Also thanks to my video crew Mathew, Morgan, James and some other people I may have forgotten.

Red is the New Blue

My Cousin Viinny: Ethics and Experience in Security "Research"
Kevin Johnson

The Psychology of Social Engineering
Dave Chronister

Show Me Your Tokens (and Ill show You Your Credit Cards)
Tim MalcomVetter

IRLHN Pt.3 Intermediate Networking Techniques for the Recovering Introvert
Johnny Xmas

And Bad MistakesI've made a few
Jayson Street

All your Door(s) Belong to Me - Attacking Physical Access Systems
Valerie Thomas

Exploiting First Hop Protocols to Own the Network
Paul Coggin

Check Yo Self Before you Wreck Yo Self: The new wave of Account Checkers and Underground Rewards Fraud
Benjamin Brown

The Collission Attack - Attacking CBC and related Encryptions

It's not a sprint.
Tim Fowler

Social Media Risk Metrics - There's a way to measure how +@&# you are online
Ian Amit

Attacking OSX for fun and profit: tool set limiations, frustration and table flipping.
Dan Tentler

The Art of AV Evations - Or Lack Thereof
Chris Truncer

Understanding Offensive and Defense - Having a purple view on INFOSEC
Dave Kennedy

Breaking the Teeth of Bluetooth Padlocks
Adrian Crenshaw

PowerShell Phishing Response Toolkit
Josh Rickard

Championing a Culture of Privacy: From Ambivalence to Buy-IN
Hudson Harris

Why Compliance Matters; You've Been Doing it Wrong
Stacey Banks

How to Build a Home Lab
Timothy De Block

Logging for Hackers, How you can catch them with what you already have and a walk through of an actual attack and how we caught it.
Michael Gough

Where to Start when your environment is F*(3d
Amanda Berlin


Circle City Con 2016 Videos
These are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Mike, 3ncr1pt3d, fl3uryz, InfaNamecheap, f0zziehak, Chris, PhenixFire, Sammy and other for helping set up AV and record.

Opening Ceremony
CircleCityCon Staff

Keynote - Dave Lewis
Dave Lewis

Food Fight!
Wolfgang Goerlich

Binary defense without privilege
Steve Vittitoe

Establishing a Quality Vulnerability Management Program without Wasting Time or Money
Zee Abdelnabi (not posted)

Why it's all snake oil - and that may be ok
Pablo Breuer

Break on Through (to the Other Side)
Grape Ape

Bootstrapping A Security Research Project
Andrew Hay

Playing Doctor: Lessons the Blue Team Can Learn from Patient Engagement
Wolfgang Goerlich

Planes, Trains and Automobiles: The Internet of Deadly Things
Bryan K. Fite

Killing you softly
Josh Bressers

Now You See Me, Now You Don't - Leaving your Digital Footprint
Aamir Lakhani

Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester Mistakes
Jeremy Nielson

Open Source Malware Lab
Robert Simmons

So you want to be a CISO?
Von Welch

You want to put whatwhere?
John Stauffacher

 IoT on Easy Mode Reversing and Exploiting Embedded Devices
Elvis Collad

Top 10 Mistakes in Security Operations Centers, Incident Handling & Response
Paul R. Jorgensen

Untrusted Onions: Is Tor Broken?
Joshua Galloway

Contextual Threat Intelligence: Building a Data Science Capability into the Hunt Team
Brian Genz

Head in the Sand Defence or A Stuxnet for Mainframes
Haydn Johnson; Cheryl Biswas

SIEM, Supersized!
Walleed Aljony

Fantastic OSINT and where to find it
Tony Robinson (da_667)

Creating a Successful Collegiate Security Club (WIP)
Chris "Lopi" Spehn; Adam "avidhacker" Ringrood

Where to Start When Your Environment is F*(K3d
InfoSystir (Amanda Berlin)

Haking the Next Generation
David Schwartzberg

Exfil and Reverse Shells in a Whitelisted World

Hacking Our Way Into Hacking
Kat Sweet

Attacking OSX for fun and profit: Toolset Limitations, Frustration and Table Flipping
Viss (Tentler)

Intro to Mobile Device Testing
Damian Profancik

Your Password Policy Still Sucks!
Martin Bos

Closing Ceremony
CircleCityCon Staff


NolaCon 2016
Recorded at NolaCon 2016. Thanks to @CurtisLaraque, @HoltZilla, @sid3b00m & @ynots0ups for the video recording help, and @nola_con, @erikburgess_, & Rob for having me down to record.


Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
Jim Nitterauer

Snake Charming: Fun With Compiled Python
Gabe K

Monitoring & Analysis 101: N00b to Ninja in 60 Minutes

Calling Captain Ahab: Using Open Tools to Profile Whaling Campaigns
Ryan Jones, McOmie

Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards Fraud
Benjamin Brown

Introducing the OWASP API Security Project
Leif Dreizler, David Shaw

Breaking Barriers: Adversarial Thinking for Defenders
Stacey Banks

It's Just a Flesh Wound!
Brett Gravois

Owning MS Outlook with PowerShell
Andrew Cole

Why can't Police catch Cyber Criminals?
Chip Thornsburg

David Kennedy

Calling Captain Ahab: Using Open Tools to Profile Whaling Campaigns
Matt Bromiley

Haking the Next Generation
David Schwartzberg

Hacking Web Apps (v2)
Brent White

Evolving Your Office's Security Culture by Selective Breeding of Ideas and Practices
Nancy Snoke

I Promise I'm Legit: Winning with Words
Cyni Winegard &  Bethany Ward

You Pass Butter: Next Level Security Monitoring Through Proactivity
Cry0, S0ups

Going from Capture the Flag to Hacking the Enterprise. Making the switch from 'a hobby and a passion' to a lifelong career
Joseph Pierini

Hackers are from Mars, CxO's are from Jupiter
Rob Havelt

Don't be stupid with GitHub

DDoS: Barbarians at the Gate(way)
Dave Lewis

Hunting high-value targets in corporate networks
Josh Stone

4/22/2016 AIDE 2016 Videos
Recorded at AIDE 2016. Big thanks to Bill Gardner (@oncee) for having me out to record.

Do You Want Educated Users? Because This is How You Get Educated Users.
Tess Schrodinger

Don't blame that checklist for your crappy security program
Branden Miller

Shooting Phish in a Barrel
Amanda Berlin

Minimalistic Physical Assessment Kit
Tom Moore

Hacking Web Apps
Brent White and Tim Roberts


BSides Nashville 2016 Videos
These are the videos BSides Nashville 2016. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Gabe Bassett, Nate and Alex McCormack for helping set up AV and record.

And bad mistakes I've made a few
Jayson Street

At the mountains of malware
Wes Widner

Collection and Detection with Flow Data: A Follow Up
Jason Smith

Container Chaos: Docker Security Container Auditing
Chris Huntington

It's Not If But When: How to Create Your Cyber Incident Response Plan
Lucie Hayward, Marc Brawner

Threat Modeling the Minecraft Way
Jarred White

AppSec Enigma and Mirage - When Good Ideas Can Go Awry
Frank Catucci

The Art of the Jedi Mind Trick
Jeff Man

How to get into ICS security
Mark Heard

The Ransomware Threat: Tracking the Digital Footprints
Kevin Bottomley

InfoSecs in the City - Starting a Successful CitySec Meetup
Johnny Xmas, Fletcher Munson, Chris Carlis, Kate Vajda

Ever Present Persistence - Established Footholds Seen in the Wild
Evan Pena, Chris Truncer

Forging Your Identity: Credibility Beyond Words
Tim Roberts, Brent White

IAM Complicated: Why you need to know about Identity and Access Management
Ron Parker

Put a Sock(et) in it: Understanding and Attacking Sockets on Android
Jake Valletta

3/31/2016 Central Ohio Infosec Summit 2016 Videos
These are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record.

Track 1

Penetrating the Perimeter - Tales from the Battlefield
Phil Grimes

Navigating the FDA Recommendations on Medical Device Security _ and how they will shape the future of all IoT
Jake "malwarejake" Williams

Detecting the Undetectable: What You Need to Know About OSINT
Jerod Brennen

Why I quit my dream job at Citi - A data centric approach to key management
Mike Bass

Fail Now _ So I Don't Fail Later "A look into security testing and training methodologies"
Deral Heiland

Putting the Intelligence back in Threat Intelligence
Edward McCabe

All Your Door Belong To Me: Attacking Physical Access Systems
Valerie Thomas

The Humanity of Phishing Attack and Defense
Aaron Higbee

The Node.js Highway: Attacks Are At Full Throttle
Joshua Clark

Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway

Understanding Attacker's use of Covert Communications
Chris Haley

InfoSec Productization
David Kennedy

Track 2

Future of Information Security Governance, Risk and Compliance
Max Aulakh, Bill Lisse

How Experts Undermine Your Forensic Evidence
Matthew Curtin

Datacenter Security Virtualized
John Michealson

Embracing the Cloud
Lisa Guess

"It was the best of logs, it was the worst of logs" - Stories through Logging
Tom Kopchak

Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities via Hardware Reverse Engineering
Stephen Halwes, Timothy Wright

PKI-Do You Know Your Exposure?
Kent King

No Tradeoffs: Cloud Security and Privacy Don't Need to Be at Odds
Jervis Hui

Today's Threat Landscape
Dean Shroll

6 Critical Criteria For Cloud Workload Security
Sam Herath

Track 2

Educating the Board of Directors
Bob West

Burp Collaborator: The Friend You Didn't Know You Needed
Jon Gorenflo

Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger

Threat Modeling for Secure Software Design
Robert Hurlbut

IAST Deep Dive: Understanding Interactive Application Security Testing
Ofer Maor

Building an Application Security Program
Mike Spaulding

Formal Verification of Secure Software Systems
Aaron Bedra

AppSec without additional tools
Jason Kent

Leveraging your APM NPM solutions to Compliment your Cyber Defense Strategy
Ken Czekaj, Robert Wright

Artificial Intelligence Real Threat Prevention
Art Hathaway

Defending the Next Decade - Building a Modern Defense Strategy
Mark Mahovlich

Track 3

Security vs Compliance in Healthcare
Sean Whalen

How to Secure Things & Influence People: 10 Critical Habits of Effective Security Managers
Chris Clymer, Jack Nichelson

Economically Justifying IT Security Initiatives
Ruben Melendez

Cross Industry Collaboration
Helen Patton

Third Party Risk Governance - Why and How
Jeffrey Sweet

IT Data Analytics: Why the cobbler's children have no shoes
Carolyn Engstrom

BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce risk
Steven Keil

Disaster Recovery and Business Continuity -_It's never so bad that it can't get worse
Valerie Thomas, Harry Regan

Cybersecurity Act of 2015 and Other Hot Privacy and Cybersecurity Topics
Heather Enlow, Chris Ingram

The Legal Perspective on Data Security for 2016
Dino Tsibouris, Mehmet Munur

The Legal Perspective on Data Security for 2016
Mehmet Munur, Dino Tsibouris

Track 4

Gamify Awareness Training: Failure to engage is failure to secure
Michael Woolard

Office 365 Security and Compliance Cloudy Collaboration - Really?
Robert Brzezinski

State of Security and 2016 Predictions
Jason Samide

A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs

Risk Management: Tactics to Move From Decision to Execution
Tremayne (Tre) Smith

Incident Response - No Pain No Gain!
Jim Wojno

Building an OSS CI/CD Security Toolchain
Kevin Glavin

A Touch(ID) of iOS Security
James (Jamie) Bowser

Track 5

Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski

You're measuring all the wrong things - information security metrics
Shawn Sines

Why Cybercriminals Are "Following The Money" Into Online Video Games
Matthew Cook

Security Certifications - are they worth it, and which ones are right for you?
William Diederich

Information Security Metrics - Practical Security Metrics
Jack Nichelson

The CONfidence of Things
John Robinson

Who is Winning?
Gary Sheehan

Security analytics journey - a year's lesson learned.
Mike Schiebel

Track 6

Integrated Software in Networking _ the Mystery of SDN
Oliver Schuermann

Securing our Future: Lessons From the Human Immune System
Gavin Hill

Have you tied together your IAM and Information Security Incident Management Program?
Joseph Greene

Compliance and Security: Building a Cybersecurity Risk Management Program
Jason Harrell

Don't try this at home! (Things not to do when securing an organization)
Jessica Hebenstreit

CISO for an Hour
Keith Fricke

Apple v. DOJ: Privacy in Today's Enterprise
Justin Harvey

Myths of Cloud Security Debunked!
Bil Harmer

Cyber Security - Super Bowl 50
Jim Libersky


CypherCon 2016 Videos
These are the videos from the Cyphercon 2016 conference. Thanks to Michael Goetzman for having me out to record.

CYPHERCON's Opening Ceremony Begins!

Security Control Wins & Fails
Jason Lang

Offensive Wireless Tactics "used in DEFCON 23s Wireless CTF"
Eric Escobar

China"s Hackers and Cyber Sovereignty
Lieutenant Colonel Bill Hagestad II

You're Right, This Sucks
J0hnnyxm4s & Lesley Carhart

No encrypted data on this drive; just pictures of my cat
Parker Schmitt

Curry and TARTS

All your Wheaties belong to us. Removing the basics that humans need for survival.
Chris Roberts

CYPHERCON I Conference Begins!
Korgo & The CYPHERCON PuzzleMaster Speaks

P.I.S.S.E.D. Privacy In a Surveillance State, Evading Detection
Joe Cicero

Bypassing Encryption by Attacking the Cryptosystem Perimeter
Trenton Ivey

Hypervault Demo
& HTTP and SSH Tunneling
Caleb Madrigal

Quantum Computation and Information Security
David Webber

Medical Devices: Pwnage & Honeypots
Scott Erven

Werner Juretzko

3/5/2016 BSides Indy 2016 Videos
These are the videos from the BSides Indy conference.

Eddie Mize (Not recorded)

Managing Elevated Privileges in the Enterprise Environment
Erik Burgess

Food Fight
Wolfgang Goerlich (Not recorded)

Where to start when your environment is F*(k3d
Amanda Berlin

Building an Application Security Program
Mike Spaulding

The Art of the Jedi Mind Trick
Jeff Man

Securing Docker Instances
Chris Huntington

ClientHacking: How a chef uses OSINT and SE to make more money.


BSides San Francisco 2016 Videos
These are the videos from the BSides San Francisco conference. Special thanks to Mike & Doug for having me out, Steen, Zappo & Jeremy for their house AV work, and n0ty3p, Forest, Nick, James & others I'm forgetting for their help recording

Track 1

Keynote: A Declaration of the Independence of Cyberspace
John Perry Barlow

The Tales of a Bug Bounty Hunter
Arne Swinnen

Reverse Engineering the Wetware: Understanding Human Behavior to Improve Information Security
Alexandre Sieira, Matthew Hathaway

Who's Breaking into Your Garden? iOS and OS X Malware You May or May Not Know
Claud Xiao

A year in the wild: fighting malware at the corporate level
Kuba Sendor

Breaking Honeypots for Fun and Profit
Gadi Evron, Dean Sysman, Itamar Sher

Everything Is Awful (And You're Not Helping)
Jan Schaumann

Why it's all snake oil - and that may be ok
Pablo Breuer

Ask the EFF
Kurt Opsahl, Eva Galperin, Andrew Crocker, Shahid Buttar, Cooper Quintin

Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections
Tomer Bitton, Udi Yavo

Sweet Security: Deploying a Defensive Raspberry Pi
Travis Smith

Planning Effective Red Team Exercises
Sean T. Malone

Fraud Detection & Real-time Trust Decisions
James Addison

Fuzz Smarter, Not Harder (An afl-fuzz Primer)
Craig Young

Elliptic Curve Cryptography for those who are afraid of mathematics
Martijn Grooten

APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for
Gadi Evron

Sucker-punching Malware: A Case Study in Using Bad Malware Design Against Attackers
John Bambenek, Hardik Modi

Employee Hijacking: Building a hacktober awareness program
Ryan Barrett, Ninad Bhamburdekar, Dylan Harrington

Track 2

Mainframes? On My Internet?
Soldier of Fortran (not recorded)

Securing the Distributed Workforce
William Bengtson

Hackers Hiring Hackers - How to hack the job search and hack talent
IrishMASMS (not recorded)

Scan, Pwn, Next! - exploiting service accounts in Windows networks
Andrey Dulkin, Matan Hart

Guest to root - How to Hack Your Own Career Path and Stand Out
Javvad Malik

IoT on Easy Mode (Reversing Embedded Devices)
Elvis Collado

In the crosshairs: the trend towards targeted attacks
Lance Cottrell

Developing a Rugged DevOps Approach to Cloud Security
Tim Prendergast

Digital Intelligence Gathering: Using the Powers of OSINT for Both Blue and Red Teams
Ethan Dodge, Brian Warehime

Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness
Alex Pinto

The Ransomware Threat: Tracking the Digital Footprints
Kevin Bottomley

Access Control in 2016 - deep dive
Dr. Ulrich Lang

Using Behavior to Protect Cloud Servers
Anirban Banerjee

The Art of the Jedi Mind Trick
Jeff Man

Mobile App Corporate Espionage
Michael Raggo

Advanced techniques for real-time detection of polymorphic malware
Ajit Thyagarajan

2/15/2016 BSidesCapeTown 2015
Mike Davis asked me to post these videos to get wider circulation.

Ode to the Node

Automating the process of mapping and compromising networks

Hack all the things - Exploiting and fixing IoT

Running a Secure Tor Hidden Service

Sharepoint Hacking

Hacker Jeopardy

2/07/2016 BSides Huntsville 2016 Videos
These are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon, Brian, @NagleCode, @GRMrGecko and all of the BSides Crew for having me out to help record and render the videos.

Opening Keynote
Jack Daniel

Hacking Peoples' Lives with Google Sync
Shawn Edwards, Sean Hopkins

Slaying Rogue Access Points with Python and Cheap Hardware
Gabriel Ryan

Web shells as a covert channel
Joe Vest

A practical approach to deploying Data Loss Prevention
Jon Damratoski

Afternoon Keynote: TSA Luggage Locks: Details, Flaws & Making The Best Of A Bad Lock
Adrian Crenshaw

Threat Modeling the Minecraft Way
Jarred White

At the mountains of malware: Lessons learned from analyzing terabytes of malware
Wes Widner

History of WRT and Wireless Mesh protocols.
Alex Kot

BSides Closeout
Paul Coggin

1/16/2016 BSides Columbus 2016 Videos
These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and Greg, James & Brandon who manned the video rigs.


Keynote Thomas Drake
Thomas Drake


Where Did All My Data Go
Deral Heiland

Developers: Care and Feeding
Bill Sempf

Open Secrets of the Defense Industry: Building Your Own Intelligence Program From the Ground Up
Sean Whalen

The Economics of Exploit Kits & E-Crime
Adam Hogan

Hacking Corporate Em@il Systems
Nate Power

All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches
Valerie Thomas & Harry Regan (Not recorded)


Establishing a Quality Vulnerability Management Program without Wasting Time or Money
Zee Abdelnabi (not posted)

Practical DLP Deployment for your Organization
Jon Damratoski

The Good The Bad and The Endpoint Protection
Joseph Ciaravino

Securing Docker Instances
Chris Huntington

Better SIEM Notifications - Making Your SIEM Situationally Aware
Jesse Throwe

Social Media Correlation of Credit Card Fraudsters
Chris Cullison & CW Walker

Special Teams

Removing Barriers of Diversity in Information Security
Helen Patton & Connie Matthews

Panel Discussion: InfoSec Trends, Talent Management, and Retention
Michael Butts, AJ Candella & Megan Wells

Indecision and Malformed Conclusions: The things that stifle security improvement and what can be done about them.
Tyler Smith

Gamify Awareness Training: Failure to engage is failure to secure
Michael Woolard

The Long and Winding Road: An InfoSec Career Panel
Lonnie Kelley & Valerie Thomas

The Pineapple is dead..Long live the Pineapple
David Young



Shmoocon Firetalks 2016
Videos from Shmoocon Firetalks 2016.

Opening Red Team Upgrades Using SCCM for Malware Deployment Matt Nelson (@enigma0x3)

Jailbreaking a Digital Two-Way Radio Travis Goodspeed (@travisgoodspeed)

CheapBugs.Net - Low-End Bug Bounties for the Masses Dean Pierce (@deanpierce)

Failure to Warn You Might Get Pwned Wendy Knox Everette (@wendyck)

GreatFET, a Preview Michael Ossmann (@michaelossmann)

Fuck You, Pixalate! @da_667

DNS C&C Ron Bowes (@iagox86)


SecureWV 2015 Videos
These are the videos of the presentations from Secure West Virginia 2015.

Building a Cantenna
Ed Collins

Dropping Docs on Darknets Part 2 Identity Boogaloo
Adrian Crenshaw

Network Segmentation - Some new thoughts
Mark Jaques and Brandon Schmidt

Security Onion
Brandon Schmidt

Mike Lyons

The Lemonaid Pomegranite, basics of security in a digital world
Tim Sayre

My Little P0ny: What you can do with 20 lines of code and an open machine
Mark Jaques and Brandon Schmidt

And now for something completely different, security at Top O Rock
Tim Sayre

The Art of Post-Infection Response and Mitigation
Caleb J. Crable

Documenting With ASCIIDOC
Jeff Pullen

The Core of Cybersecurity: Risk Management
Josh Spence

The Unique Challenges of Accessing Small and Medium Sized Organizations
Bill Gardner

OpenNSM, ContainNSM, and Docker
Jon Schipp

Here is your degree. Now what?
Shawn Jordan

Wolf in shell's clothing, why you should be skeptical of your trusted tools
Jeff Pullen


10/16/2015 HouSecCon v6 2015 Videos
These are the videos from HouSecCon 2015 v6. Thanks to Michael R. Farnum for having my down and all of the video crew.

Opening Keynote - Mike Rothman

Chris Jordan - Fluency: A Modern Approach to Breach Information and Event Management

Dennis Hurst - Application Security in an Agile SDLC

Wendy Nather - How Google turned me into my mother: the proxy paradox in security

Chris Boykin - Mobile Threat Prevention

Adrian Crenshaw - Dropping Docs on Darknets Part 2: Identity Boogaloo

Julian Dunning - Kraken: The Password Devourer

Trey Ford - Maturing InfoSec: Lessons from Aviation on Information Sharing

Richard Peters and Matthew Roth - Parasyste: In search of a host

Lunch/ISACA Session

Damon Small - Connections: From the Eisenhower Interstate System to the Internet

Rich Cannata - Arm Your Endpoints

Anthony Blakemore - Removing the Snake Oil From Your Security Program

Erik Freeland - Does SDN Mean Security Defined Networking?

Danny Chrastil - What I know about your Company

Lunch / Business Skills Workshop

Josh Sokol - The Fox is in the Henhouse: Detecting a Breach Before the Damage is Done

Jason Haddix - How to Shot Web: Better Web Hacking in 2015

Zac Hinkel, Andrew Huie, and Adam Pridgen - Arm Your Endpoints

Dan Cornell - SecDevOps: A Security Pro's Guide to Development Tools

Closing Keynote - Eric Cowperthwaite - Everything I need to know about Information Security, I Learned Shooting Tank Guns



15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast