DerbyCon 2013 Sept. 25, 2013 to Sept. 29, 2013, Louisville,Kentucky
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Attacking the Next Generation Air Traffic Control System; Hackers? liquor and commercial airliners. | Renderman | Most everyone fly’s commercially. You probably flew to this conference. Have you ever thought about ... | |
Evolutionary Security – Embracing Failure to Attain “Good Enough” | Josh More | “Security is splintering, Organizations splitting along complexity. Attackers are splitting into tiers focused on stealing ... | |
Gen Y—Getting Them to Talk Rather than Text at Work | Nancy Kovanic | If your primary means of communication at work is talking, NOT texting, then this session ... | |
Getting the goods with smbexec | Martin Bos , Eric Milam | “Individuals often upload and execute a payload to a remote system during penetration tests for ... | |
gitDigger: Creating useful wordlists from public GitHub repositories | Jaime Filson | This presentation intends to cover the thought process and logistics behind building a better wordlist ... | |
Grim Trigger | Jeff “ghostnomad” Kirsch | “There is almost nothing more frightening than a audit. Someone is going to look at ... | |
Hacking Back, Active Defense and Internet Tough Guys | John Strand | In this presentation John Strand will demonstrate the Active Defense Harbinger Distribution, a DARPA funded, ... | |
Hardening Windows 8 apps for the Windows Store | Bill Sempf | Security and privacy in mobile development has been a topic in the iOS and Android ... | |
Hello ASM World: A Painless and Contextual Introduction to x86 Assembly | Nicolle ( rogueclown ) Neulist | Familiarity with assembly language is essential if you are interested in writing custom exploits, performing ... | |
help for the helpdesk | Mick Douglas | The helpdesk automation tool (hat) is like the nicer kid brother of set. It’s a ... | |
Hiding @ Depth – Exploring & Subverting NAND Flash memory | Josh “m0nk” Thomas | “In the world of digital storage, gone are the days of spinning platters and magnetic ... | |
How Im going to own your organization in just a few days. | Razoreqx` | “How Im going to own your organization in just a few days. So many organizations ... | |
How the Grid Will Be Hacked | Josh Axelrod , Matt Davis | Regarding the security of the grid, our most Critical Infrastructure, there a marked increase in ... | |
How to Fight a War Without Actually Starting One | Brendan O’connor | A NATO affiliate spent three years with some of the finest academic lawyers on the ... | |
Identifying Evil: An introduction to Reverse Engineering Malware and other software | Bart ‘d4ncind4n’ Hopper | “You just discovered a piece of suspicious software. What are your next steps? This talk ... | |
Intro to Dynamic Access Control in Windows Server 2012 | Evan Anderson | Windows Server 2012 ushers in a new type of resource access control mechanism, Dynamic Access ... | |
IOCAware – Actively Collect Compromise Indicators and Test Your Entire Enterprise | Matt Jezorek , Dennis Kuntz | A/V avoidance is pitifully easy. Even when you know what to look for, most compromise ... | |
It’s Okay to Touch Yourself | Ben Ten | It takes a company an average of 35 days to detect when they have been ... | |
JTAGulator: Assisted discovery of on-chip debug interfaces | Joe ( Kingpin ) Grand | “On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a ... | |
Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation | Christopher Campbell , Matthew Graeber | Two of the biggest challenges of long-term penetration tests are advanced security products and active ... | |
Look Ma, No Exploits! – The Recon-ng Framework | Tim “lanmaster53″ Tomes | I’ve been on the conference circuit for the last year preaching the importance of thorough ... | |
Malware : testing malware scenarios on your network | Tony Huffman , Juan Cortes | People get Penetration tests and vulnerability assessments to find if they have vulnerabilities that would ... | |
Malware Automation | Christopher Elisan | Automation is key when it comes to production. The same is true for malware. Malware ... | |
My Experiments with truth: a different route to bug-hunting | Devesh Bhatt | “The Best way to improve the security of your systems is to hire hackers. Unfortunately, ... | |
My Security is a Graph – Your Arguement is Invalid | Gabriel Bassett | Google has super graph power and so should you! We’ll give you a primer on ... | |
New Shiny in the Metasploit Framework | Egypt | “The Metasploit Framework is constantly evolving, in no small part due to contributions from people ... | |
Offensive Forensics – CSI For Badguys | Benjamin Caudill | “As a pentester, when was the last time you ‘recovered’ deleted files from the MFT ... | |
OPSEC Penetration: Threat mitigation through Intelligence | Robb Driscoll | I’ve identified some gaps in the civilian/public information security industry with regards to threat intelligence. ... | |
Ownage From Userland: Process Puppeteering | Nick Cano | This offensive talk highlights a myriad of sneaky methods for manipulating processes on owned boxes. ... | |
Owning Computers Without Shell Access | Royce Davis | “For many years Penetration Testers have relied on gaining shell access to remote systems in ... | |
Panel: Building and Growing a Hacker Space | Nick Farr , Dave Marcus , Joey Maresca , Skydog | Whether you have a loose group of friends who have similar making or hacking interests, ... | |
Passive Aggressive Defense | Jason Clark | “As an industry, we’re still fighting amongst ourselves about whether or not we should hack ... | |
Pass-The-Hash 2: The Admin’s Revenge | Chris Campbell , Skip Duckwall | some vulnerabilities just can’t be patched. Pass-The-Hash attacks against Windows enterprises are are still successful ... | |
Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies | John Moore | Think about all the passwords we use to access information every day. Whether it is ... | |
Patching Windows Executables with the Backdoor Factory | Joshua Pitts | Patching or modifying binaries have been a common practice for security professionals and malicious actors ... | |
Peoject CANCER: Bringing VX Back | Mohamed Saher | “Project CANCER is a proof-of-concept – ZOO – virus that tries to take the bar ... | |
Phishing Frenzy: 7 seconds from hook to sinker | Brandon Mccann | “Email Phishing attacks are a prevalent threat against any organization large or small. As professionals ... | |
Phishing Like The Pros | Luis “connection” Santana | This talk will discuss phishing techniques used by professionals during phishing campaigns and introduce “PhishPoll”, ... | |
Pigs Don’t Fly – Why owning a typical network is so easy, and how to build a secure one. | Matt “scriptjunkie” Weeks | “As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the ... | |
PowerShell and Windows Throw the Best Shell Parties | Piotr Marszalik | Something that every penetration tester runs into at some point is a dead shell or ... | |
Practical Exploitation Using A Malicious Service Set Identifier (SSID) | Deral Heiland | How easily we overlook a simple wireless SSID and think nothing of it or its ... | |
Practical OSINT | Shane Macdougall | There’s more to life to OSINT than google scraping and social media harvesting. Learn some ... | |
Principles of Patrolling | Patrick Tatro | Presentation Army Ranger School is a leading school on developing leaders’ ability to make decisions, ... | |
Put Me In Coach: How We Got Started In Infosec | Frank j. Hackett , Pr1me , Chris “g11tch” Hodges , Dave “rel1k” Kennedy | So, you’re interested in Infosec and curious where to begin… Come listen to four Infosec ... | |
Raising Hacker Kids: For Good or for Awesome | Joseph Shaw | “An early, rough version of this talk was given at BSides DFW 2012, but this ... | |
RAWR – Rapid Assessment of Web Resources | Adam Byers , Tom Moore | One of the highest threats to organizations today is also one of their most prevalent ... | |
Sandboxes from a pen tester’s view | Rahul Kashyap | In this talk we’ll do an architectural decomposition of application sandboxing technology from a security ... | |
Security Sucks, and You’re Wearing A Nursing Bra | Paul Asadoorian | Lets face it, security sucks. I’ve been covering the security industry for the past several ... | |
Shattering the Glass: Crafting Post Exploitation Tools with PowerShell | Matt Johnson | You have achieved your first goal. Shell on a Windows machine. Good. Now the real ... | |
Sixnet Tools: for poking at Sixnet Things | Mehdi Sabraoui | Its no secret that security of SCADA devices on industrial networks is at best a ... | |
SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. | Jacob Holcomb | “ISE discovered and identified NEW critical security vulnerabilities in numerous small office/home office (SOHO) routers ... | |
Some defensive ideas from offensive guys. | Robert Chuvala , Justin Elze | “As offensive security consultants, we see on a daily basis many of the same trends ... | |
Steal All of the Databases. | Alejandro Caceres | “Ever wondered what it would take to conduct a fully automated attack on an entire ... | |
Stealth servers need Stealth Packets | Jaime Sanchez | “Sun Tzu once said “”Know your enemy and know yourself, and in a hundred battles ... | |
Stop Fighting Anti-Virus | Integgroll | “As security professionals we all have a different feel on how things roll when it ... | |
Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) | Jack D. Nichelson | ““I’ve been MS08-067’ed two years in a row…now what?” Most systems are insecure, not because ... | |
Terminal Cornucopia | Evan “treefort” Booth | In this talk, I explore a seldom-discussed facet of airport security: what happens *after* the ... | |
The Art and Science of Hacking Any Organization | Tyler Wrightson | In this talk Tyler confronts a fact that is staring us all in the face; ... | |
The Good Samaritan Identity Protection Project – www.thegsipp.org | Chris Brown , Zack Hibbard , Jon Sternstein | If you haven’t found somebody else’s personal information on the internet you aren’t trying. For ... | |
The High Risk of Low Risk Applications | Conrad Reynolds | Is your network being hacked by agents of foreign governments? That’s a shame. But your ... | |
The Internet of Things: Vulns, Botnets and Detection | Liam Randall , Kyle Stone | Does the ‘internet of things’ scare you? It probably should. We’re going to be discussing ... | |
The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it! | Ian Robertson , Michael Gough | “Both CXO’s and technical staff should attend this talk. You can throw lots of time ... | |
The Mysterious Mister Hokum | Jason Scott | A man is found dead in his luxury home, a beloved member of his community ... | |
Tizen Security: Hacking the new mobile OS | Mark Manning | Tizen is a new mobile operating system that companies like Samsung, Intel/McAfee are investing in. ... | |
TMI: How to attack SharePoint servers and tools to make it easier | James Jardine , Jevin Johnson | SharePoint has become one of the most common platforms in organizations today. Originally designed for ... | |
TMI: Testing and Exploiting SharePoint | Kevin Johnson , James Jardine | SharePoint has become one of the most common platforms in organizations today. Originally designed for ... | |
Unmasking Miscreants | Brandon Levene , Allixon Nixon | To the low hanging fruit of the hacker community, the script kiddies, operational security (OpSec, ... | |
Using Facial Recognition Software In Digital Forensics And Information Security | Brian Lockrey | “This talk describes various applications that assist digital forensics investigators and law enforcement during the ... | |
Wait; How is All This Stuff Free?!? | Gene Bransfield | So as I was trying to describe to a layperson (Alice) how anyone can download ... | |
Weaponizing your Coffee Pot | Daniel Buentello | “As SoC price continue to drop and their implementation continues to rise, connected “”appliances”" (Internet ... | |
What if Petraeus was a hacker? Email privacy for the rest of us | Phil Cryer | Almost every day there are new revelations about violations of user’s online privacy. Usually these ... | |
What’s common in Oracle and Samsung? They tried to think differently about crypto. | Ferenc Spala , László Tóth | “The Android phone makers do everything to customize their devices just make sure they are ... | |
Why Dumpster Dive when I can pwn right in? | Terry Gold | “Securing access to buildings, internal access points, and assets is typically handled by a corporate ... | |
Why Your IT Bytes | Frank j. Hackett | Why your IT can’t – won’t – and doesn’t win – AKA Why Your IT ... | |
Windows 0wn3d By Default | Mark Baggett | “In this talk we will discuss API Hooking, Process Execution Redirection, Hiding Registry keys and ... | |
Windows Attacks: AT is the new black | Chris Gates , Mubix “rob” Fuller | A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon ... | |
Zombies in your browser | Aditya Gupta , Prakhar Prasad | “Botnets have got a lot of popularity during the recent time. And we have also ... | |
Enter the Stolen Data Impact Model (SDIM) Project | Brent Huston | There are plenty of ways to analyze a breach. There are models for the recon, ... | |
IPv6 is here (kind of), what can I do with it? | Dan Wilkins | In this talk, we will look at some of the fundamental differences between IPv4 and ... | |
SQL injection with sqlmap | Conrad Reynolds | When hacking websites, SQL injection is a very popular way read or change data that ... | |
Practical File Format Fuzzing | Jared Allar | File format fuzzing has been very fruitful at discovering exploitable vulnerabilities. Adversaries take advantage of ... | |
DIY Command & Control For Fun And *No* Profit | David healwhans Schwartzberg | Many security professionals have heard about Command & Control botnets, even more have been infected ... | |
Surviving the Dead | Christopher ‘eggdropx’ Payne | One thing is for certain, surviving the inevitable Zombie Apocalypse will not be easy. Many ... | |
How can I do that? Intro to hardware hacking with an RFID badge reader | Kevin Bong | Hardware hacking can be intimidating for hobbyist hackers, but it doesn’t need to be. This ... | |
Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network | Solomon Sonya , Nick Kulesza | Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards ... | |
A SysCall to ARMs | Brendan Watters | ARM processors are growing more and more prevalent in the world; ARM itself claims that ... | |
iOS.reverse #=> iPwn Apps | Mano ‘dash4rk’ Paul | While iOS apps downloaded from the AppStore are packaged in binary format and usually encrypted, ... | |
The Netsniff-NG Toolkit | Jon Schipp | The Netsniff-NG toolkit is a suite of high performance networking tools. Its two major players ... | |
Raspberry Pi, Media Centers, and AppleTV | David Schuetz | I have three kids. We take a few reasonably-long car trips each year. Until now, ... | |
Follow the Foolish Zebras: Finding Threats in Your Logs | Chris Larsen | We all know that our users do foolish things. Our normal response is to try ... | |
Security Training and Research Cloud (STRC) | Jimmy Murphy | STRC is the result of a Masters project done at the University of Louisville, Computer ... | |
So you want to be a pentester? | Raymond Gabler | When many pen testers, myself included, are just starting out they focus their testing efforts ... | |
Digital Energy – BPT | Paul Coggin | There are a great deal of conversations today regarding APT and critical infrastructure networks for ... | |
Is Auditing C/C++ Different Nowadays? | Jared Demott | C/C++ has been around for a long time. As you may know, it has issues; ... | |
An Anti-Forensics Primer | Jason Andress | This talk will cover the basics of anti-forensics, the tools and techniques that can be ... | |
Decoding Bug Bounty Programs | Jon Rose | Let’s deconstruct the world of digital bounty hunters. Amid the growing trend to “crowd source” ... | |
Promoting Your Security Program Like A Lobbyist. | Jerry Gamblin | I have spent the last 8 years watching lobbyist successfully promote their goals and visions ... | |
Building An Information Security Awareness Program from Scratch | Valerie Thomas , Bill Gardner | Most organization’s Security Awareness Programs suck: they involved ‘canned’ video presentations or someone is HR ... | |
Applying the 32 Zombieland Rules to IT Security | Larry Pesce | OMG ZOMBIES!!! Did that get your attention? I’m a big fan of preparing for the ... | |
Finding The Signal in the Noise: Quantifying Advanced Malware | Dave Marcus | How the #APG is using Yara and other hotness against one of the biggest malware ... | |
Hack the Hustle! | Eve Adams | While information security is widely considered a negative-unemployment industry (it’s actually closer to 3%), most ... | |
Anti-Forensics: Memory or something, I forget. | Int0x80 | The anti-forensics lulz continue. Let’s see how many memes I can pack in and we ... | |
Operationalizing Security Intelligence in the Enterprise | Rafal wh1t3rabbit Los | Many organizations say they acquire and use security intelligence for the benefit of their organizations ... | |
The Message and The Messenger | James Arlen | You are a great person – a unique and special snowflake – you have many ... | |
Love letters to Frank Abagnale (How do I pwn thee let me count the ways) | Jayson E. Stree | In previous talks I have shown how I have used emails to gain entry into ... | |
Burning the Enterprise with BYOD | Georgia Weidman | Abstract: “We’ve got Mobile Device Management, BYOD is not a risk for us!” “Our proxy ... | |
Beyond Information Warfare “You Ain’t Seen Nothing Yet” | Winn Schwartau | In 1993, his influential hit book, Information Warfare, redefined warfare in the 21 Century, but ... | |
Taking the BDSM out of PCI-DSS Through Open-Source Solutions | Zack Fasel , Erin “secbarbie” Jacobs | At some point as information security practitioners, we all face those god-awful three letters. PCI. ... | |
Seeing red in your future? | Ian Amit | This talk is designed to complement the “Red Team X” talk tomorrow, and provide context ... | |
Defcon Documentary – | Jason Scott | DEFCON is the world’s largest hacking conference, held in Las Vegas, Nevada. In 2012 it ... | |
Getting Schooled: Security with no budget in a hostile environment. | Jim Kennedy | Everyone talks about hostile users….the occasional rogue employee…..but few System Engineers truly live that environment ... | |
Browser Pivoting (FU2FA) | Raphael Mudge | Let’s do a magic trick. Take one proxy server, make it fulfill requests through a ... | |
It’s Only a Game: Learning Security through Gaming | Bruce Potter | Whether you’re a hard core information security professional or someone in a large corp who ... | |
Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World | Ed Skoudis | The infosec industry has spent decades struggling to secure computers and the vital data they ... | |
The Cavalry Is Us: Protecting the public good and our profession | Joshua Corman | The Cavalry Isn’t Coming. Our fate falls to us or to no one. At BSidesLV ... | |
Dancing with Dalvik | Thomas Richards | So you’ve reversed you’re first Android APK; now what? Java pseduocode is nice, but how ... | |
50 Shades of RED: Stories from the “Playroom” | Chris Nickerson | Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have ... | |
Uncloaking IP Addresses on IRC | Derek Callaway | Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” ... | |
DIY Forensics: When Incident Response Morphs into Digital Forensics | John Sammons | There may come a day when you have to “get your CSI on.” Cyber crime ... | |
Emergent Vulnerabilities: What ant colonies, schools of fish, and security have in common. | Nathaniel Husted | The ubiquity of mobile devices has quickly thinned the walls separating the digital and physical ... | |
Cracking Corporate Passwords – Exploiting Password Policy Weaknesses | Rick Redman , Minga | “Cracking corporate passwords is no different than cracking public MD5 leaks off of pastebin. Except, ... | |
Creating your own Threat Intelligence Reporting | Jamie Murdock | Many companies follow threat reports from Verizon, Websense, Symantec, and others, but what do you ... | |
Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography | Nancy Snoke | The crypto-exploit exercises virtual machine (VM) is a learning tool that teaches concepts via giving ... | |
Collaborative Penetration Testing With Lair | Tom Steele , Dan Kottmann | Lair is an open-source project developed for and by penetration testers. Built on Meteor and ... | |
Cognitive Injection: Reprogramming the Situation-Oriented Human OS | Andy Ellis | “It’s a trope among security professionals that other humans – mere mundanes – don’t “”get”" ... | |
Cash is King: Who’s Wearing Your Crown? | Tom Eston , Spencer Mcintyre | Show me the money. If hackers were able to manipulate the world’s accounting systems, governments ... | |
Cheat Codez: Level UP Your SE Game | Eric Smith | Everyone knows what phishing is. Everyone realizes Java applets lead to massive storms of shells. ... | |
Battle Scars And Friendly Fire: Threat Research Team War Stories | Will Gragido , Seth Geftic | Building A Threat Research Team And Making That Team An Effective Part Of Your Organization ... | |
Big Hugs for Big Data | Davi Ottenheimer | Security professionals must protect more data in more places than ever before. Big Data has ... | |
Appsec Tl;dr | Gillis Jones | Have you ever wondered what it takes to get one of those “Elusive” bug bounties ... | |
ANOTHER Log to Analyze – Utilizing DNS to Discover Malware in Your Network | Nathan Magniez | DNS logs are an often overlooked asset in identifying malware in your network. The purpose ... | |
Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) | Trenton Ivey , Neal Bridges | Think of the last time you got sick. Your immune system is an amazing piece ... | |
Android 4.0: Ice Cream “Sudo Make Me a” Sandwich | Max Sobell | “With the advent of Android 4.0+, we have seen the rooting landscape shift dramatically. This ... | |
An Encyclpwnia of Persistence | Skip Duckwall , Will Peteroy | While I was working on a Linux boot CD for Red Team operations I started ... | |
Alice Goes Deeper (Down the Rabbit Hole) – Redirection 2.0 | Nathan Magniez | “At DerbyCon 2.0, we learned to keep yourself anonymous and out of your target’s logs. ... | |
After SS7 its LTE | Ankit Gupta | Gsm was cracked last decade. Now the Telecom came up with new NGN, LTE with ... | |
A n00bie’s perspective on Pentesting… | Brandon Edmunds | The description was a dream: “Have you ever wanted to hack a Car or an ... | |
Abusing LFI-RFI for Fun,Profit and Shells | Francis Alexander | “This talk is about exploiting the much less discussed Local File Inclusion and Remote File ... | |
A developer’s guide to pentesting | Bill Sempf | “For the last several months, Bill has taken his twenty years of web development experience ... | |
“Electronic Safe Fail: Common Vulnerabilities in Electronic Safes” | Jeff Popio | “Commonly safes are used in IT to secure backup tapes, certificate roots, and other sensitive ... | |
New Exploitation and Obfuscation Techniques | Roberto Salgado | “This talk will present some of the newest and most advanced optimization and obfuscation techniques ... |