DerbyCon 2014 Sept. 24, 2014 to Sept. 28, 2014, kentucky,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
The Canary in the Cloud Scot Berner This talk delves into utilizing cloud infrastructure to host canary honeypots that protect your on ...
Ball and Chain (A New Paradigm in Stored Password Security) Tim “lanmaster53″ Tomes , Benjamin Donnelly Weak security architectures have led us into a world of massive password breaches occurring at ...
NeXpose For Automated Compromise Detection Luis “connection”” Santana NeXpose is an incredibly useful tool for Vulnerability Management as well as Network Assessments but ...
A girl, some passion, and some tech stuff Johnny Long , Branden Miller , Emily Miller , Sam Kinch. Give a girl a computer and she will play; make her build one and she ...
Introducting Network-Socut: Defending The Soft Center of Your Network “bill “oncee” Gardner , Aedan Somerville , Shawn Jordan Everyone is watching the edge of their network. We have installed firewalls, IDS, IPS, and ...
Interceptor: A PowerShell SSL MITM Script Casey Smith This talk will take you line by line through creating an SSL Man-In-The-Middle Powershell script. ...
Attack Paths – Breaking Into Infosec From IT Or Other Totally Different Fields Eve Adams , Johnny Xmas “So you think you want a career in information security, but you work in an ...
Open Source Threat Intelligence: Developing a Threat intelligence program using open source tools and public sources – “Overview of building a threat intelligence program outlining the processes, task Edward Mccabe Developing an Open Source Threat Intelligence Program from Open Source Tools and Public Sources is ...
Active Directory: Real Defense for Domain Admins Jason Lang Did your AD recently get owned on a pentest? It’s always fun to see an ...
All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches Harry Regan , Valerie Thomas Each year companies spend thousands of dollars on sophisticated security systems to ensure their secrets ...
Making Mongo Cry-Attacking NoSQL for Pen Testers Russell Butturini “NoSQL databases continue to grow in popularity due to their scalability, dynamic data structures, ease ...
Bending and Twisting Networks Paul Coggins Learn about network attack vectors that an adversary can use to control, and influence network ...
Hackers Are People Too Amanda Berlin The world and popular culture mostly see hackers as criminals. We should all make it ...
Give me your data! Obtaining sensitive data without breaking in Dave Chronister We hear new stories daily about a malicious hacker compromising the sensitive data of corporations, ...
Analyzing Weak Areas of the Federal Cloud Security Program Vinny Troia As businesses continue to move their infrastructure to the cloud, FedRAMP has become the standard ...
Patching the Human Vulns Leonard Isham , Moey You are a hacker, you learn, you play, and you break. The very nature of ...
Red Teaming: Back and Forth, 5ever Josh ‘fuzzynop’ Schwartz Whether you are on the red team, the blue team, or aspiring to either, you ...
Single Chip Microcontrollers: Beyond Arduino Tharon Hall The world of Arduino has introduced many to the world of embedded controls. What does ...
Human Trafficking in the Digital Age Chris Jenks “Lightening talk on tracking Human Trafficking using social media, and open source intelligence techniques, tracking ...
Shellcode Time: Come on Grab Your Friends Wartortell “Packed shellcode is a common deterrent against reverse engineering. Mainstream software will use it in ...
Getting Windows to Play with Itself: A Pen Tester’s Guide to Windows API Abuse Brady Bloxham Windows APIs are often a blackbox with poor documentation, taking input and spewing output with ...
The Human Buffer Overflow aka Amygdala Hijacking Christopher Hadnagy “Imagine if there was a way to interject “”code”” into a persons mind that overwrites ...
GROK Atlas many critical aspects of our lives as ‘security professionals’ are directly related to how well ...
Simple Network Management Pwnd Deral Heiland , Matt Kienow As a large number of embedded devices are deployed throughout home and industry worldwide. We ...
Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP Nathaniel Husted It’s not often you hear what goes on behind the scenes when a group of ...
InfoSec – from the mouth of babes (or an 8 year old) Reuben A. Paul “I am an eight year old kid and I have learned a thing or two, ...
Code Insecurity or Code in Security Mano ‘dash4rk’ Paul “Attendees of this talk will benefit from learning about what constitutes insecure code and the ...
Ethical Control: Ethics and Privacy in a Target-Rich Environment Kevin Johnson , James Jardine “Companies can’t seem to secure their stuff, do you think you can do better? Security ...
Physical Security: From Locks to Dox Jess Hires This talk is an introduction to Physical Penetration Testing. I briefly cover the Penetration Testing ...
Step On In, The Waters Fine! Tom Moore An Introduction To Security Testing Within A Virtualized Environment – Often when I meet individuals ...
Hiding the breadcrumbs: Forensics and anti-forensics on SAP systems Juan Perez-etchegoyen The largest organizations in the world rely on SAP platforms to run their critical processes ...
Chicken of the APT: Understanding Targeted Attackers with Incubation! Kyle Wilhoit “Attribution of attackers and motives is often difficult. Trying to understand what tactics they use, ...
Just What The Doctor Ordered? Scott Erven You have heard the stories of security researchers delivering lethal doses of insulin to a ...
How to Stop a Hack Jason Samide How do you stop a hack? A hack consists of four parts, the attack or ...
A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services Brent Huston Following on the heels of my last set of talks about the underground value chain ...
Burp For All Languages Tom Steele This talk will mark the an official release and demonstration a new tool which exposes ...
Why Aim for the Ground? Phillip Fitzpatrick Teaching Our School Kids All of the Right Computer Skills – We are raising technologically ...
SWF Seeking Lazy Admin for Cross Domain Action Seth Art Security misconfiguration is #5 on the OWASP 2013 Top 10. This talk shows how the ...
How not to suck at pen testing John Strand Godamitsomuch. How did printing a report from a vuln scanner qualify as a “”pen test””? ...
Snort & OpenAppID: How to Build an Open Source Next Generation Firewall Adam Hogan The Snort team has recently released OpenAppID – the open source implementation of application identification ...
Red white and blue. Making sense of Red Teaming for good. Ian Amit “Say red team one more time. I dare you. I double dare you. The term ...
Around the world in 80 cons Jayson E. Street “After spending 15 years in the hacker / InfoSec community, I thought it was time ...
The Internet of Things Paul Asadoorian (IoT) aims to makes our lives better, yet there is still no foundation for security ...
We don’t need no stinking Internet. Greg Simo When, not if the Internet goes down, how will you keep in contact with all ...
Protocol Me Maybe? How to Date SCADA Stephen Hilt Industrial Protocols have functions that allow for enumeration of device information. A walk though how ...
What Dungeons & Dragons Taught Me About INFOSEC Joey Maresca What can anyone possible learn about working in the information security world from a library ...
So You Want To Murder a Software Patent Jason Scott Software patents are a huge source of controversy and discussion in the tech world. Jason ...
Once upon a time… (InfoSec History 101) Jack Daniel “We all know our hacker history, right? Or at least we pretend we do. And ...
Practical PowerShell Programming for Professional People Ben Ten The best hackers are those that can write their own tools or modify existing ones. ...
Surviving until Dawn Bart Hopper Traditional malware defenses have a detection gap between a new piece of malware and the ...
A Bug or Malware? Catastrophic consequences either way. Benjamin Holland , Kothari We live in an age of software problems with catastrophic consequences. An extra goto in ...
The Multibillion Dollar Industry That’s Ignored Ryan Sevey , Jason Montgomery Video games are something that a lot of us enjoy playing to escape the realities ...
Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 Dominic White IBM System Z Mainframes are in regular use in Fortune 500 companies. Far from being ...
If it fits- it sniffs: Adventures in WarShipping Larry “@haxorthematrix” Pesce There are plenty of ways to leverage known wireless attacks against our chosen victims. We‰Ûªve ...
Abusing Active Directory in Post-Exploitation Carlos Perez The talk will cover Active Directory basics- how to query it and how to abuse ...
DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model? Tony Cargile In this talk we take an exploratory look at DNS-Based Authentication by Named Entities (DANE)- ...
University Education In Security Panel Bill Gardner A university education in security – is it right for you? And what does university ...
Real World Intrusion Response – Lessons from the Trenches David Sharpe , Katherine Trame Two battle-scarred- sleep-deprived GE-CIRT incident responders share lessons learned from the trenches- from their daily ...