A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Derbycon 2018 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2018 Videos

These are the videos of the presentations from Derbycon 2018. Big thanks to my video jockeys @nightcarnage, @securid, @theglennbarrett, @LenIsham, @curtisko, @bsdbandit, @someninjamaster, @Simpo13, @primestick, @SciaticNerd, @CoryJ1983, @SDC_GodFix, @Skiboy941, @TeaPartyTechie, @livebeef, @buccaneeris, @mjnbrn, @sfzombie13, @kandi3kan3, @paint27, @AlexGatti


How to influence security technology in kiwi underpants
Benjamin Delpy

Panel Discussion - At a Glance: Information Security
Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy

Red Teaming gaps and musings
Samuel Sayen

A Process is No One: Hunting for Token Manipulation
Jared Atkinson, Robby Winchester

Fuzz your smartphone from 4G base station side
Tso-Jen Liu

Clippy for the Dark Web: Looks Like You're Trying to Buy Some Dank Kush, Can I Help You With That?
Emma Zaballos

Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
Joe Rozner

Escoteric Hashcat Attacks

NOOb OSINT in 30 Minutes or less!
Greg Simo and Guest Speaker
(Not Public)

RFID Luggage Tags, IATA vs Real Life
Daniel Lagos

#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection
Carl Alexander

Maintaining post-exploitation opsec in a world with EDR
Michael Roberts, Martin Roberts

Hey! I found a vulnerability - now what?
Lisa Bradley, CRob

Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov

Kaleb Brown

IRS, HR, Microsoft and your Grandma: What they all have in common
Christopher Hadnagy, Cat Murdock

#LOLBins - Nothing to LOL about!
Oddvar Moe

Everything Else I Learned About Security I Learned From Hip-Hop
Paul Asadoorian

Hackers, Hugs, & Drugs: Mental Health in Infosec
Amanda Berlin

Android App Penetration Testing 101
Joff Thyer, Derek Banks

Draw a Bigger Circle: InfoSec Evolves
Cheryl Biswas

I Can Be Apple, and So Can You
Josh Pitts

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
Sean Metcalf


The Unintended Risks of Trusting Active Directory
Lee Christensen, Will Schroeder, Matt Nelson

Lessons Learned by the WordPress Security Team
Aaron D. Campbell

IronPython... omfg
Marcello Salvati

Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow
Walter Legowski

When Macs Come Under ATT&CK
Richie Cyrus

Abusing IoT Medical Devices For Your Precious Health Records
Saurabh Harit, Nick Delewski

Detecting WMI exploitation
Michael Gough

Gryffindor | Pure JavaScript, Covert Exploitation
Matthew Toussain

Instant Response: Making IR faster than you thought possible!
Mick Douglas, Josh Johnson

The History of the Future of Cyber-Education
Winn Schwartau

State of Win32k Security: Revisiting Insecure design
Vishal Chauhan

Offensive Browser Extension Development
Michael Weber

Protect Your Payloads: Modern Keying Techniques
Leo Loobeek

Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device
Nancy Snoke, Phoenix Snoke

In-Memory Persistence: Terminate & Stay Resident Redux
Scott Lundgren
(Not Recorded or Missing)

Tales From the Bug Mine - Highlights from the Android VRP
Brian Claire Young

Decision Analysis Applications in Threat Analysis Frameworks
Emily Shawgo

How Russian Cyber Propaganda Really Works
Jonathan Nichols
(No Show)

Threat Intel On The Fly

Make Me Your Dark Web Personal Shopper!
Emma Zaballos

Driving Away Social Anxiety
Joey Maresca

Off-grid coms and power
Justin Herman

CTFs: Leveling Up Through Competition
Alex Flores

Mapping wifi networks and triggering on interesting traffic patterns
Caleb Madrigal
(Not Recorded)

Extending Burp to Find Struts and XXE Vulnerabilities
Chris Elgee

Introduction to x86 Assembly

Pacu: Attack and Post-Exploitation in AWS
Spencer Gietzen

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
Soya Aoyama

Brutal Blogging - Go for the Jugular
Kate Brew

RID Hijacking: Maintaining Access on Windows Machines
Sebastian Castro

Your Training Data is Bad and You Should Feel Bad
Ryan J. O'Grady

So many pentesting tools from a $4 Arduino
Kevin Bong, Michael Vieau

Building an Empire with (Iron)Python
Jim Shaver

SAEDY: Subversion and Espionage Directed Against You
Judy Towers

OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
Amit Serper, Niv Yona, Yuval Chuddy

How to test Network Investigative Techniques(NITs) used by the FBI
Dr. Matthew Miller

Cloud Computing Therapy Session
Cara Marie, Andy Cooper

Silent Compromise: Social Engineering Fortune 500 Businesses
Joe Gray

Dexter: the friendly forensics expert on the Coinbase security team
Hayden Parker

Going on a Printer Safari - Hunting Zebra Printers
James Edge

Hardware Slashing, Smashing, and Reconstructing for Root access
Deral Heiland

App-o-Lockalypse now!
Oddvar Moe

Web App 101: Getting the lay of the land
Mike Saunders

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Daniel Bohannon

WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids
Chris Sistrunk, Krypt3ia, SynAckPwn

Just Let Yourself In
David Boyd

A "Crash" Course in Exploiting Buffer Overflows (Live Demos!)
Parker Garrison

Living in a Secure Container, Down by the River
Jack Mannino

VBA Stomping - Advanced Malware Techniques
Carrie Roberts, Kirk Sayre, Harold Ogden

Media hacks: an Infosec guide to dealing with journalists
Sean Gallagher, Steve Ragan, Paul Wagenseil

Deploying Deceptive Systems: Luring Attackers from the Shadows
Kevin Gennuso

The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs
Arian Evans

Perfect Storm: Taking the Helm of Kubernetes
Ian Coldwater

How to put on a Con for Fun and (Non) Profit
Benny Karnes, John Moore, Rick Hayes, Matt Perry, Bill Gardner, Justin Rogosky, Mike Fry, Steve Truax

Web app testing classroom in a box - the good, the bad and the ugly
Lee Neely, Chelle Clements, James McMurry

Metasploit Town Hall 0x4
Brent Cook, Aaron Soto, Adam Cammack, Cody Pierce

Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community
Kathleen Smith, Magen Wu, Cindy Jones, Kathryn Seymour, Kirsten Renner

Disaster Strikes: A Hacker's Cook book
Jose Quinones, Carlos Perez

Ninja Looting Like a Pirate

Hacking Mobile Applications with Frida
David Coursey

Victor or Victim? Strategies for Avoiding an InfoSec Cold War
Jason Lang, Stuart McIntosh

Ubiquitous Shells
Jon Gorenflo

99 Reasons Your Perimeter Is Leaking - Evolution of C&C
John Askew

Ship Hacking: a Primer for Today's Pirate
Brian Satira, Brian Olson

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
Brett Hawkins

PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget
Mark Milhouse

Patching: Show me where it hurts
Cheryl Biswas

Advanced Deception Technology Through Behavioral Biometrics
Curt Barnard, Dawud Gordon

We are all on the spectrum: What my 10-year-old taught me about leading teams
Carla A Raisler

No Place Like Home: Real Estate OSINT and OPSec Fails
John Bullinger

The Layer2 Nightmare
Chris Mallz

Attacking Azure Environments with PowerShell
Karl Fosaaen

Blue Blood Injection: Transitioning Red to Purple
Lsly Ayyy

Mirai, Satori, OMG, and Owari - IoT Botnets Oh My
Peter Arzamendi

Comparing apples to Apple
Adam Mathis

How online dating made me better at threat modeling
Isaiah Sarju

Threat Hunting with a Raspberry Pi
Jamie Murdock

M&A Defense and Integration - All that Glitters is not Gold
Sara Leal, Jason Morrow

Social Engineering At Work - How to use positive influence to gain management buy-in for anything
April Wright

Ham Radio 4 Hackers
Eric Watkins, Devin Noel

Getting Control of Your Vendors Before They Take You Down
Dan Browder

Cyber Intelligence: There Are No Rules, and No Certainties
Coleman Kane

Getting Started in CCDC
Russell Nielsen

Changing Our Mindset From Technical To Psychological Defenses
Andrew Kalat

Red Mirror: Bringing Telemetry to Red Teaming
Zach Grace

Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes
Austin Baker, Doug Bienstock

IoT: Not Even Your Bed Is Safe
Darby Mullen

Fingerprinting Encrypted Channels for Detection
John Althouse

On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone
Nick Stephens

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Gabriel Ryan

Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight
Omer Yair

Cloud Forensics: Putting The Bits Back Together
Brandon Sherman

Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil
Francisco Donoso

The MS Office Magic Show
Stan Hegt, Pieter Ceelen

Living off the land: enterprise post-exploitation
Adam Reiser

Hillbilly Storytime: Pentest Fails
Adam Compton

Bug Hunting in RouterOS
Jacob Baines

Breaking Into Your Building: A Hackers Guide to Unauthorized Access
Tim Roberts, Brent White

The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.
Bryce "soen" Bearchell

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel

Pwning in the Sandbox: OSX Macro Exploitation & Beyond
Adam Gold, Danny Chrastil

IOCs Today, Intelligence-Led Security Tomorrow
Katie Kusjanovic, Matthew Shelton

Closing Ceremonies


15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast