DerbyCon Videos

Had a great time at DerbyCon VII this year. I’ve been in the industry for a while now, and I still learn really cool techniques here.  I had fun and learned a lot.  Not to mention Dual Core was here again!!!  Below are all of the videos that Adrian Crenshaw recorded, all clicks will go to irongeek.com

Keynotes

• Opening Ceremony
• Matt Graeber – Subverting Trust in Windows – A Case Study of the “How” and “Why” of Engaging in Security Research
• Closing Ceremonies

Powershell

• Ryan Cobb – PSAmsi – An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
• Daniel Bohannon – Invoke-CradleCrafter: Moar PowerShell obFUsk8tion &a Detection (@(‘Tech’,’niques’) -Join”)
• Lee Holmes – Defending against PowerShell Attacks
• Eric Conrad – Introducing DeepBlueCLI v2, now available in PowerShell and Python
• Lee Holmes and Daniel Bohannon – Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
• Mick Douglas – Rapid Incident Response with PowerShell

Python

• Eric Conrad – Introducing DeepBlueCLI v2, now available in PowerShell and Python
• Maddie Stone – IDAPython: The Wonder Woman of Embedded Device Reversing
• R.J. McDown – Windows Rootkit Development: Python prototyping to kernel level C2
• Spencer J McIntyre – Python Static Analysis

Penetration Testing and Red Teams

• int0x80 (a.k.a. Dave from Dual Core) and savant – Full-Contact Recon
• Dr. Jared DeMott – War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
• Brent White & Tim Roberts – Common Assessment Mistakes Pen Testers and Clients Should Avoid
• Daniel Brown – Retail Store/POS Penetration Testing
• Deral Heiland – IoT Security- Executing an Effective Security Testing Process
• Jim Shaver and Mitchell Hennigan – Return From The Underworld – The Future Of Red Team Kerberos
• Joff Thyer and Pete Petersen – Game On! Using Red Team to Rapidly Evolve Your Defenses
• Alexander Leary – Building Better Backdoors with WMI
• Lee Christensen, Matt Nelson, and Will Schroeder – An ACE in the Hole: Stealthy Host Persistence via Security Descriptors
• Jason Lang – Modern Evasion Techniques
• Piotr Marszalikand Michael Wrzesniak – Gone In 59 Seconds – High Speed Backdoor Injection via Bootable USB
• Ben Ten – Detect Me If You Can
• Edmund Brumaghin and Colin Grady – Fileless Malware – The New “Cyber”
• Johnny Long – Kali Linux?
• David “thelightcosine” Maloney, Spencer “ZeroSteiner” McIntyre, Brent Cook, and James “Egyp7” Lee – 3rd Annual Metasploit Townhall
• Francisco Donoso – DanderSpritz: How the Equation Group’s 2013 tools pwn in 2017
• Nyxgeek – Statistics on 100 million secrets: A look at recent password dumps
• Tom McBee and Jeff McCutchan – Spy vs. Spy – Tip from the trenches for red and blue teams
• Zach Grace – changeme: A better tool for hunting default creds
• John Cramb (ceyx) and Josh Schwartz (FuzzyNop) – Game of Meat
• Casey Rosini – Memory-Based Library Loading: Someone Did That Already.
• Kyle Hanslovan and Chris Bisnett – Evading Autoruns
• Benjamin Holland – JReFrameworker: One Year Later
• Bruce Potter – When to Test, and How to Test It
• Jason Morrow – Purple team FAIL!

Threat Hunting and Blue Teams

• Justin Leapline and Rockie Brockway – Run your security program like a boss / practical governance advice
• Todd Sanders – We’re going on a Threat Hunt, Gonna find a bad-guy.
• Ryan Nolette – How to Hunt for Lateral Movement on Your Network
• Jared Atkinson & Robby Winchester – Purpose Driven Hunt: What do I do with all this data?
• Mauricio Velazco – Hunting Lateral Movement for Fun and Profit
• Nate Guagenti and Adam Swan – Windows Event Logs — Zero 2 Hero
• Casey Smith and Keith McCammon – Blue Team Keeping Tempo with Offense
• Joseph M Siegmann – Going Deep and Empowering Users – PCAP Utilities and Combating Phishing in a new way
• Zac Brown – Hidden Treasure: Detecting Intrusions with ETW
• Matt Swann – Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
• Schuyler Dorsey – (Mostly) Free Defenses Against the Phishing Kill Chain
• Winn Schwartau and Mark Carney – How to Measure Your Security: Holding Security Vendors Accountable
• Adam Hogan – Eye on the Prize – a Proposal for the Legalization of Hacking Back
• Bill Gardner – The skills gap: how can we fix it?
• Joe Desimone – Hunting for Memory-Resident Malware
• Kevin Gennuso – Reaching Across the Isle: Improving Security Through Partnership
• Matt Hastings and Dave Hull – Tracing Adversaries: Detecting Attacks with ETW
• Matthew Perry – I Survived Ransomware . . . TWICE
• Michael George – MacOS host monitoring – the open source way
• Nyxgeek – Statistics on 100 million secrets: A look at recent password dumps
• Jonathan Broche and Alton Johnson – Securing Your Network: How to Prevent Ransomware Infection
• Tom McBee and Jeff McCutchan – Spy vs. Spy – Tip from the trenches for red and blue teams
• TJ Toterhi – Diary of a Security Noob
• Tyler Hudak – To Catch a Spy
• Kyle Hanslovan and Chris Bisnett – Evading Autoruns
• Beau Bullock, Brian Fehrman, and Derek Banks – CredDefense Toolkit
• Michael Gough – EDR, ETDR, Next Gen AV is all the rage, so why am I enraged?
• Jason Morrow – Purple team FAIL!
• Ryan Elkins – Architecture at Scale – Save time. Reduce spend. Increase security.

Microsoft Windows and Active Directory

• Andy Robbins, Will Schroeder, and Rohan Vazarkar – Here Be Dragons: The Unexplored Land of Active Directory ACLs
• Jim Shaver and Mitchell Hennigan – Return From The Underworld – The Future Of Red Team Kerberos
• Marcello Salvati – Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)
• Josh Rickard – Securing Windows with Group Policy
• Christopher Maddalena – POP POP RETN ; An Introduction to Writing Win32 Shellcode
• Alexander Leary – Building Better Backdoors with WMI
• Matt Swann – Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
• Alexander Leary and Scott Sutherland – Beyond xp_cmdshell: Owning the Empire through SQL Server
• James Forshaw – The .NET Inter-Operability Operation
• Matt Nelson – Not a Security Boundary: Bypassing User Account Control
• Kyle Hanslovan and Chris Bisnett – Evading Autoruns

Wifi, Bluetooth, and Mobile

• Aaron Lafferty – FM, and Bluetooth, and Wifi… Oh My!
• Lennart Koopmann – Love is in the Air – DFIR and IDS for WiFi Networks
• Matthew Eidelberg – SniffAir – An Open-Source Framework for Wireless Security Assessments
• Matthew Verrette – Data Mining Wireless Survey Data with ELK
• Michael Flossman – Mobile APTs: A look at nation-state attacks and techniques for gathering intelligence from military and civilian devices

Web Applications and AppSec

• Tim “lanmaster53” Tomes – Burping for Joy and Financial Gain
• Carl Sampson – Extending Burp
• Jim McMurry, Lee Neely, and Chelle Clements – Web Application testing – approach and cheating to win
• Grid (aka Scott M) – Active Defense for web apps
• Ryan Reid – Introducing SpyDir – a BurpSuite Extension

Command and Control

• Stephen Hilt and Lord Alfred Remorin – Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.
• Adam Compton and Bill Harshbarger – How we accidentally created our own RAT/C2/Distributed Computing Network
• Justin Herman – Building a full size CNC for under $500
• Justin Wilson – C2 Channels – Creative Evasion
• Waylon Grange – Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
• John Cramb (ceyx) and Josh Schwartz (FuzzyNop) – Game of Meat
• James Cook, Tom Steele – A New Take at Payload Generation: Empty-Nest

Physical Security

• Piotr Marszalikand Michael Wrzesniak – Gone In 59 Seconds – High Speed Backdoor Injection via Bootable USB
• Christopher Hadnagy – So you wanna be a Social Engineer?
• Dave Mattingly – Improv Comedy as a Social Engineering Tool
• Timothy Wright – Reverse Engineering Hardware via the HRES
• John Strand – I had my mom break into a prison, then we had pie.

IoT and Home Automation

• Ed Skoudis – Further Adventures in Smart Home Automation: Honey, Please Don’t Burn Down Your Office
• Mark Loveless – When IoT Research Matters
• Jonathan Echavarria and David E. Switzer – The Trap House: Making your house as paranoid as you are.
• Reuben Paul – Smart toys ain’t that Smart, when Insecure!

Hacker Tools

• Johnny Long – Kali Linux?
• David “thelightcosine” Maloney, Spencer “ZeroSteiner” McIntyre, Brent Cook, and James “Egyp7” Lee – 3rd Annual Metasploit Townhall
• Francisco Donoso – DanderSpritz: How the Equation Group’s 2013 tools pwn in 2017

Creating Malware

• Mike Saunders – I want my EIP (buffer overflows 101)

Reverse Engineering Malware

• John Toterhi – Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences

Virtual Machine Escape

• AbdulAziz Hariri and Joshua Smith – VMware Escapology: How to Houdini The Hypervisor

History

• Jim Nitterauer – What A Long Strange Trip It’s Been

Medical

• Joshua Corman, Christian Dameff MD MS, Jeff Tully MD,and Beau Woods – Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match

AI and Machine Learning

• Michael Robinson and Joseph Oney – Become the Puppet Master – the battle of cognition between man and machine
• Rod Soto and Joseph Zadeh – CHIRON – Home based ML IDS

Drones

• Kevin Finisterre – How to KickStart a Drone Jailbreaking Scene
• Michael Collins – Drone Delivered Attack Platform (DDAP)

Cyber Terrorism and Hacktivism

• Kyle Wilhoit – Kinetic to Digital: Terrorism in the Digital Age
  
• Andrea Little Limbago – Bots, Trolls, and Warriors: The Modern Adversary Playbook

Block Chains and Crypto Currency

• Aaron Hnatiw – Hacking Blockchains
  

Privacy

• Tim MalcomVetter – Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags
  

Cybercrime

• Anthony Russell – Building Google for Criminal Enterprises
  
• Koby Kilimnik – V!4GR4: Cyber-Crime, Enlarged

Giving Presentations

• Jason Blanchard – A presentation or presentations because… presenting
  

Reuben Paul – Smart toys ain’t that Smart, when Insecure!

Lsly – Out With the Old, In With the GNU

Sean Metcalf and Nick Carr – The Current State of Security, an Improv-spection

 

Patrick Coble – Hacking VDI, Recon and Attack Methods

Sarah Norris – Phishing for You and Your Grandma!

Matt Scheurer – Regular Expressions (Regex) Overview

Still Don’t know

Paul Asadoorian – Everything I Need To Know About Security I Learned From Watching Kung Fu Movies

Evil_Mog and Renderman – How to safely conduct shenanigans

Jenny Maresca – Personalities disorders in the infosec community