Derbycon 2017 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

Derbycon 2017 Videos

These are the videos of the presentations from Derbycon 2017. Big thanks to my video jockeys Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, nightcarnage, Evan Davison, Tim Sayre, Morgan, Ben Pendygraft, Steven (SciaticNerd), Cory Hurst, Sam Bradstreet, MadMex, Curtis Koenig, Jonathan Zentgraf, James Hurst, Paint27, Chris, Lenard.

Keynotes and Such

Opening

Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research

Matt Graeber

I had my mom break into a prison, then we had pie.

John Strand

Closing Ceremonies

Track 1

So you wanna be a Social Engineer?

Christopher Hadnagy

Here Be Dragons: The Unexplored Land of Active Directory ACLs

Andy Robbins & Will Schroeder & Rohan Vazarkar

Game of Meat

John Cramb (ceyx) & Josh Schwartz (FuzzyNop)

Invoke-CradleCrafter: Moar PowerShell obFUsk8tion &a Detection (@('Tech','niques') -Join'')

Daniel Bohannon

PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10

Ryan Cobb

An ACE in the Hole: Stealthy Host Persistence via Security Descriptors

Lee Christensen & Matt Nelson & Will Schroeder

War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better

Dr. Jared DeMott

Return From The Underworld - The Future Of Red Team Kerberos

Jim Shaver & Mitchell Hennigan

Memory-Based Library Loading: Someone Did That Already.

Casey Rosini

Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)

Marcello Salvati

Modern Evasion Techniques

Jason Lang

FM, and Bluetooth, and Wifi... Oh My!

Aaron Lafferty

Detect Me If You Can

Ben Ten

Full-Contact Recon

int0x80 (of Dual Core) & savant

Not a Security Boundary: Bypassing User Account Control

Matt Nelson

Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.

Stephen Hilt & Lord Alfred Remorin

Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences

John Toterhi

Evading Autoruns

Kyle Hanslovan & Chris Bisnett

MitM Digital Subscriber Lines

Marcus Gruber & Marco Lux

Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools

John Dunlap

Track 2

Further Adventures in Smart Home Automation: Honey, Please Don’t Burn Down Your Office

Ed Skoudis

Securing Windows with Group Policy

Josh Rickard

Defending against PowerShell Attacks

Lee Holmes

CredDefense Toolkit

Beau Bullock & Brian Fehrman & Derek Banks

Steel Sharpens Steel: Using Red Teams to improve Blue Teams

Christopher Payne

(Not recorded)

Introducing DeepBlueCLI v2, now available in PowerShell and Python

Eric Conrad

Run your security program like a boss / practical governance advice

Justin Leapline & Rockie Brockway

JReFrameworker: One Year Later

Benjamin Holland

Hidden Treasure: Detecting Intrusions with ETW

Zac Brown

How to Hunt for Lateral Movement on Your Network

Ryan Nolette

Kali Linux?

Johnny Long

Common Assessment Mistakes Pen Testers and Clients Should Avoid

Brent White & Tim Roberts

Everything I Need To Know About Security I Learned From Watching Kung Fu Movies

Paul Asadoorian

Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science

Lee Holmes & Daniel Bohannon

Reverse Engineering Hardware via the HRES

Timothy Wright

IDAPython: The Wonder Woman of Embedded Device Reversing

Maddie Stone

Love is in the Air - DFIR and IDS for WiFi Networks

Lennart Koopmann

Going Deep and Empowering Users - PCAP Utilities and Combating Phishing in a new way

Joseph M Siegmann

We're going on a Threat Hunt, Gonna find a bad-guy.

Todd Sanders

Track 3

When to Test, and How to Test It

Bruce Potter

A New Take at Payload Generation: Empty-Nest

James Cook, Tom Steele

VMware Escapology: How to Houdini The Hypervisor

AbdulAziz Hariri & Joshua Smith

3rd Annual Metasploit Townhall

David "thelightcosine" Maloney & Spencer "ZeroSteiner" McIntyre & Brent Cook & James "Egyp7" Lee

Purpose Driven Hunt: What do I do with all this data?

Jared Atkinson & Robby Winchester

DanderSpritz: How the Equation Group's 2013 tools pwn in 2017

Francisco Donoso

Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online

Matt Swann

Digital Vengeance: Exploiting the Most Notorious C&C Toolkits

Waylon Grange

To Catch a Spy

Tyler Hudak

Rapid Incident Response with PowerShell

Mick Douglas

Windows Rootkit Development: Python prototyping to kernel level C2

R.J. McDown

Peekaboo! I Own You. Owning Hundreds of Thousands Vulnerable Devices with only two HTTP packets

Amit Serper

Burping for Joy and Financial Gain

Tim "lanmaster53" Tomes

POP POP RETN ; An Introduction to Writing Win32 Shellcode

Christopher Maddalena

What A Long Strange Trip It’s Been

Jim Nitterauer

Game On! Using Red Team to Rapidly Evolve Your Defenses

Joff Thyer & Pete Petersen

Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match

Joshua Corman & Christian Dameff MD MS & Jeff Tully MD & Beau Woods

Windows Event Logs -- Zero 2 Hero

Nate Guagenti & Adam Swan

Gone In 59 Seconds - High Speed Backdoor Injection via Bootable USB

Piotr Marszalik & Michael Wrzesniak

SniffAir - An Open-Source Framework for Wireless Security Assessments

Matthew Eidelberg

Become the Puppet Master - the battle of cognition between man and machine

Michael Robinson & Joseph Oney

Track 4

How to Measure Your Security: Holding Security Vendors Accountable

Winn Schwartau & Mark Carney

How we accidentally created our own RAT/C2/Distributed Computing Network

Adam Compton & Bill Harshbarger

Active Defense for web apps

Grid (aka Scott M)

IoT Security -" Executing an Effective Security Testing Process

Deral Heiland

Fileless Malware - The New "Cyber"

Edmund Brumaghin & Colin Grady

Hunting Lateral Movement for Fun and Profit

Mauricio Velazco

(Mostly) Free Defenses Against the Phishing Kill Chain

Schuyler Dorsey

Advanced Threat Hunting

Robert Simmons

CHIRON - Home based ML IDS

Rod Soto & Joseph Zadeh

Blue Team Keeping Tempo with Offense

Casey Smith & Keith McCammon

Data Mining Wireless Survey Data with ELK

Matthew Verrette

How to KickStart a Drone Jailbreaking Scene

by Kevin Finisterre

Web Application testing - approach and cheating to win

Jim McMurry & Lee Neely & Chelle Clements

When IoT Research Matters

Mark Loveless

I want my EIP

Mike Saunders

Would You Like To Play A Game: A Post Exploitation Journey in to z/OS

Philip Young aka Soldier of FORTRAN

EDR, ETDR, Next Gen AV is all the rage, so why am I enraged?

Michael Gough

Kinetic to Digital: Terrorism in the Digital Age

Kyle Wilhoit

Hacking Blockchains

Aaron Hnatiw

Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags

Tim MalcomVetter

Stable Talks

Eye on the Prize - a Proposal for the Legalization of Hacking Back

Adam Hogan

Building Better Backdoors with WMI

Alexander Leary

Beyond xp_cmdshell: Owning the Empire through SQL Server

Alexander Leary & Scott Sutherland

Bots, Trolls, and Warriors: The Modern Adversary Playbook

Andrea Little Limbago

DFIR Redefined

Russ McRee

Building Google for Criminal Enterprises

Anthony Russell

V!4GR4: Cyber-Crime, Enlarged

Koby Kilimnik

The skills gap: how can we fix it?

Bill Gardner

Extending Burp

Carl Sampson

Shellcode Via VBScript/JScript Implications

Casey Smith

(Missing?)

Retail Store/POS Penetration Testing

Daniel Brown

Improv Comedy as a Social Engineering Tool

Dave Mattingly

How to safely conduct shenanigans

Evil_Mog & Renderman

The .NET Inter-Operability Operation

James Forshaw

A presentation or presentations because... presenting

Jason Blanchard

Personalities disorders in the infosec community

Jenny Maresca

Purple team FAIL!

Jason Morrow

Architecture at Scale - Save time. Reduce spend. Increase security.

Ryan Elkins

Building a full size CNC for under $500

Justin Herman

Python Static Analysis

Spencer J McIntyre

The Trap House: Making your house as paranoid as you are.

Jonathan Echavarria & David E. Switzer

Hunting for Memory-Resident Malware

Joe Desimone

C2 Channels - Creative Evasion

Justin Wilson

Reaching Across the Isle: Improving Security Through Partnership

Kevin Gennuso

Out With the Old, In With the GNU

Lsly

Tracing Adversaries: Detecting Attacks with ETW

Matt Hastings & Dave Hull

The Current State of Security, an Improv-spection

Sean Metcalf & Nick Carr

I Survived Ransomware . . . TWICE

Matthew Perry

Drone Delivered Attack Platform (DDAP)

Michael Collins

Mobile APTs: A look at nation-state attacks and techniques for gathering intelligence from military and civilian devices

Michael Flossman

MacOS host monitoring - the open source way

Michael George

Statistics on 100 million secrets: A look at recent password dumps

Nyxgeek

Hacking VDI, Recon and Attack Methods

Patrick Coble

Smart toys ain't that Smart, when Insecure!

Reuben Paul

Introducing SpyDir - a BurpSuite Extension

Ryan Reid

Phishing for You and Your Grandma!

Sarah Norris

Regular Expressions (Regex) Overview

Matt Scheurer

Securing Your Network: How to Prevent Ransomware Infection

Jonathan Broche & Alton Johnson

Diary of a Security Noob

TJ Toterhi

Spy vs. Spy - Tip from the trenches for red and blue teams

Tom McBee & Jeff McCutchan

changeme: A better tool for hunting default creds

Zach Grace



15 most recent posts on Irongeek.com:

