Derbycon 2018 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2018 Videos

These are the videos of the presentations from Derbycon 2018. Big thanks to my video jockeys @nightcarnage, @securid, @theglennbarrett, @LenIsham, @curtisko, @bsdbandit, @someninjamaster, @Simpo13, @primestick, @SciaticNerd, @CoryJ1983, @SDC_GodFix, @Skiboy941, @TeaPartyTechie, @livebeef, @buccaneeris, @mjnbrn, @sfzombie13, @kandi3kan3, @paint27, @AlexGatti

Opening

How to influence security technology in kiwi underpants

Benjamin Delpy

Panel Discussion - At a Glance: Information Security

Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy

Red Teaming gaps and musings

Samuel Sayen

A Process is No One: Hunting for Token Manipulation

Jared Atkinson, Robby Winchester

Fuzz your smartphone from 4G base station side

Tso-Jen Liu

Clippy for the Dark Web: Looks Like You're Trying to Buy Some Dank Kush, Can I Help You With That?

Emma Zaballos

Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework

Joe Rozner

Escoteric Hashcat Attacks

Evilmog

NOOb OSINT in 30 Minutes or less!

Greg Simo and Guest Speaker

(Not Public)

RFID Luggage Tags, IATA vs Real Life

Daniel Lagos

#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection

Carl Alexander

Maintaining post-exploitation opsec in a world with EDR

Michael Roberts, Martin Roberts

Hey! I found a vulnerability - now what?

Lisa Bradley, CRob

Foxtrot C2: A Journey of Payload Delivery

Dimitry Snezhkov

Ridesharks

Kaleb Brown

IRS, HR, Microsoft and your Grandma: What they all have in common

Christopher Hadnagy, Cat Murdock

#LOLBins - Nothing to LOL about!

Oddvar Moe

Everything Else I Learned About Security I Learned From Hip-Hop

Paul Asadoorian

Hackers, Hugs, & Drugs: Mental Health in Infosec

Amanda Berlin

Android App Penetration Testing 101

Joff Thyer, Derek Banks

Draw a Bigger Circle: InfoSec Evolves

Cheryl Biswas

I Can Be Apple, and So Can You

Josh Pitts

From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It

Sean Metcalf

MS17-010?

zerosum0x0

The Unintended Risks of Trusting Active Directory

Lee Christensen, Will Schroeder, Matt Nelson

Lessons Learned by the WordPress Security Team

Aaron D. Campbell

IronPython... omfg

Marcello Salvati

Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow

Walter Legowski

When Macs Come Under ATT&CK

Richie Cyrus

Abusing IoT Medical Devices For Your Precious Health Records

Saurabh Harit, Nick Delewski

Detecting WMI exploitation

Michael Gough

Gryffindor | Pure JavaScript, Covert Exploitation

Matthew Toussain

Instant Response: Making IR faster than you thought possible!

Mick Douglas, Josh Johnson

The History of the Future of Cyber-Education

Winn Schwartau

State of Win32k Security: Revisiting Insecure design

Vishal Chauhan

Offensive Browser Extension Development

Michael Weber

Protect Your Payloads: Modern Keying Techniques

Leo Loobeek

Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device

Nancy Snoke, Phoenix Snoke

In-Memory Persistence: Terminate & Stay Resident Redux

Scott Lundgren

(Not Recorded or Missing)

Tales From the Bug Mine - Highlights from the Android VRP

Brian Claire Young

Decision Analysis Applications in Threat Analysis Frameworks

Emily Shawgo

How Russian Cyber Propaganda Really Works

Jonathan Nichols

(No Show)

Threat Intel On The Fly

Tazz

Make Me Your Dark Web Personal Shopper!

Emma Zaballos

Driving Away Social Anxiety

Joey Maresca

Off-grid coms and power

Justin Herman

CTFs: Leveling Up Through Competition

Alex Flores

Mapping wifi networks and triggering on interesting traffic patterns

Caleb Madrigal

(Not Recorded)

Extending Burp to Find Struts and XXE Vulnerabilities

Chris Elgee

Introduction to x86 Assembly

DazzleCatDuo

Pacu: Attack and Post-Exploitation in AWS

Spencer Gietzen

An Inconvenient Truth: Evading the Ransomware Protection in Windows 10

Soya Aoyama

Brutal Blogging - Go for the Jugular

Kate Brew

RID Hijacking: Maintaining Access on Windows Machines

Sebastian Castro

Your Training Data is Bad and You Should Feel Bad

Ryan J. O'Grady

So many pentesting tools from a $4 Arduino

Kevin Bong, Michael Vieau

Building an Empire with (Iron)Python

Jim Shaver

SAEDY: Subversion and Espionage Directed Against You

Judy Towers

OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it

Amit Serper, Niv Yona, Yuval Chuddy

How to test Network Investigative Techniques(NITs) used by the FBI

Dr. Matthew Miller

Cloud Computing Therapy Session

Cara Marie, Andy Cooper

Silent Compromise: Social Engineering Fortune 500 Businesses

Joe Gray

Dexter: the friendly forensics expert on the Coinbase security team

Hayden Parker

Going on a Printer Safari - Hunting Zebra Printers

James Edge

Hardware Slashing, Smashing, and Reconstructing for Root access

Deral Heiland

App-o-Lockalypse now!

Oddvar Moe

Web App 101: Getting the lay of the land

Mike Saunders

Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)

Daniel Bohannon

WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids

Chris Sistrunk, Krypt3ia, SynAckPwn

Just Let Yourself In

David Boyd

A "Crash" Course in Exploiting Buffer Overflows (Live Demos!)

Parker Garrison

Living in a Secure Container, Down by the River

Jack Mannino

VBA Stomping - Advanced Malware Techniques

Carrie Roberts, Kirk Sayre, Harold Ogden

Media hacks: an Infosec guide to dealing with journalists

Sean Gallagher, Steve Ragan, Paul Wagenseil

Deploying Deceptive Systems: Luring Attackers from the Shadows

Kevin Gennuso

The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs

Arian Evans

Perfect Storm: Taking the Helm of Kubernetes

Ian Coldwater

How to put on a Con for Fun and (Non) Profit

Benny Karnes, John Moore, Rick Hayes, Matt Perry, Bill Gardner, Justin Rogosky, Mike Fry, Steve Truax

Web app testing classroom in a box - the good, the bad and the ugly

Lee Neely, Chelle Clements, James McMurry

Metasploit Town Hall 0x4

Brent Cook, Aaron Soto, Adam Cammack, Cody Pierce

Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community

Kathleen Smith, Magen Wu, Cindy Jones, Kathryn Seymour, Kirsten Renner

Disaster Strikes: A Hacker's Cook book

Jose Quinones, Carlos Perez

Ninja Looting Like a Pirate

Infojanitor

Hacking Mobile Applications with Frida

David Coursey

Victor or Victim? Strategies for Avoiding an InfoSec Cold War

Jason Lang, Stuart McIntosh

Ubiquitous Shells

Jon Gorenflo

99 Reasons Your Perimeter Is Leaking - Evolution of C&C

John Askew

Ship Hacking: a Primer for Today's Pirate

Brian Satira, Brian Olson

Code Execution with JDK Scripting Tools & Nashorn Javascript Engine

Brett Hawkins

PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget

Mark Milhouse

Patching: Show me where it hurts

Cheryl Biswas

Advanced Deception Technology Through Behavioral Biometrics

Curt Barnard, Dawud Gordon

We are all on the spectrum: What my 10-year-old taught me about leading teams

Carla A Raisler

No Place Like Home: Real Estate OSINT and OPSec Fails

John Bullinger

The Layer2 Nightmare

Chris Mallz

Attacking Azure Environments with PowerShell

Karl Fosaaen

Blue Blood Injection: Transitioning Red to Purple

Lsly Ayyy

Mirai, Satori, OMG, and Owari - IoT Botnets Oh My

Peter Arzamendi

Comparing apples to Apple

Adam Mathis

How online dating made me better at threat modeling

Isaiah Sarju

Threat Hunting with a Raspberry Pi

Jamie Murdock

M&A Defense and Integration - All that Glitters is not Gold

Sara Leal, Jason Morrow

Social Engineering At Work - How to use positive influence to gain management buy-in for anything

April Wright

Ham Radio 4 Hackers

Eric Watkins, Devin Noel

Getting Control of Your Vendors Before They Take You Down

Dan Browder

Cyber Intelligence: There Are No Rules, and No Certainties

Coleman Kane

Getting Started in CCDC

Russell Nielsen

Changing Our Mindset From Technical To Psychological Defenses

Andrew Kalat

Red Mirror: Bringing Telemetry to Red Teaming

Zach Grace

Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes

Austin Baker, Doug Bienstock

IoT: Not Even Your Bed Is Safe

Darby Mullen

Fingerprinting Encrypted Channels for Detection

John Althouse

On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone

Nick Stephens

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Gabriel Ryan

Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight

Omer Yair

Cloud Forensics: Putting The Bits Back Together

Brandon Sherman

Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil

Francisco Donoso

The MS Office Magic Show

Stan Hegt, Pieter Ceelen

Living off the land: enterprise post-exploitation

Adam Reiser

Hillbilly Storytime: Pentest Fails

Adam Compton

Bug Hunting in RouterOS

Jacob Baines

Breaking Into Your Building: A Hackers Guide to Unauthorized Access

Tim Roberts, Brent White

The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.

Bryce "soen" Bearchell

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests

Tomasz Tuzel

Pwning in the Sandbox: OSX Macro Exploitation & Beyond

Adam Gold, Danny Chrastil

IOCs Today, Intelligence-Led Security Tomorrow

Katie Kusjanovic, Matthew Shelton

Closing Ceremonies