DerbyCon 2013 Sept. 25, 2013 to Sept. 29, 2013, Louisville,Kentucky

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Attacking the Next Generation Air Traffic Control System; Hackers? liquor and commercial airliners. Renderman Most everyone fly’s commercially. You probably flew to this conference. Have you ever thought about ...
Evolutionary Security – Embracing Failure to Attain “Good Enough” Josh More “Security is splintering, Organizations splitting along complexity. Attackers are splitting into tiers focused on stealing ...
Gen Y—Getting Them to Talk Rather than Text at Work Nancy Kovanic If your primary means of communication at work is talking, NOT texting, then this session ...
Getting the goods with smbexec Martin Bos , Eric Milam “Individuals often upload and execute a payload to a remote system during penetration tests for ...
gitDigger: Creating useful wordlists from public GitHub repositories Jaime Filson This presentation intends to cover the thought process and logistics behind building a better wordlist ...
Grim Trigger Jeff “ghostnomad” Kirsch “There is almost nothing more frightening than a audit. Someone is going to look at ...
Hacking Back, Active Defense and Internet Tough Guys John Strand In this presentation John Strand will demonstrate the Active Defense Harbinger Distribution, a DARPA funded, ...
Hardening Windows 8 apps for the Windows Store Bill Sempf Security and privacy in mobile development has been a topic in the iOS and Android ...
Hello ASM World: A Painless and Contextual Introduction to x86 Assembly Nicolle ( rogueclown ) Neulist Familiarity with assembly language is essential if you are interested in writing custom exploits, performing ...
help for the helpdesk Mick Douglas The helpdesk automation tool (hat) is like the nicer kid brother of set. It’s a ...
Hiding @ Depth – Exploring & Subverting NAND Flash memory Josh “m0nk” Thomas “In the world of digital storage, gone are the days of spinning platters and magnetic ...
How Im going to own your organization in just a few days. Razoreqx` “How Im going to own your organization in just a few days. So many organizations ...
How the Grid Will Be Hacked Josh Axelrod , Matt Davis Regarding the security of the grid, our most Critical Infrastructure, there a marked increase in ...
How to Fight a War Without Actually Starting One Brendan O’connor A NATO affiliate spent three years with some of the finest academic lawyers on the ...
Identifying Evil: An introduction to Reverse Engineering Malware and other software Bart ‘d4ncind4n’ Hopper “You just discovered a piece of suspicious software. What are your next steps? This talk ...
Intro to Dynamic Access Control in Windows Server 2012 Evan Anderson Windows Server 2012 ushers in a new type of resource access control mechanism, Dynamic Access ...
IOCAware – Actively Collect Compromise Indicators and Test Your Entire Enterprise Matt Jezorek , Dennis Kuntz A/V avoidance is pitifully easy. Even when you know what to look for, most compromise ...
It’s Okay to Touch Yourself Ben Ten It takes a company an average of 35 days to detect when they have been ...
JTAGulator: Assisted discovery of on-chip debug interfaces Joe ( Kingpin ) Grand “On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a ...
Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation Christopher Campbell , Matthew Graeber Two of the biggest challenges of long-term penetration tests are advanced security products and active ...
Look Ma, No Exploits! – The Recon-ng Framework Tim “lanmaster53″ Tomes I’ve been on the conference circuit for the last year preaching the importance of thorough ...
Malware : testing malware scenarios on your network Tony Huffman , Juan Cortes People get Penetration tests and vulnerability assessments to find if they have vulnerabilities that would ...
Malware Automation Christopher Elisan Automation is key when it comes to production. The same is true for malware. Malware ...
My Experiments with truth: a different route to bug-hunting Devesh Bhatt “The Best way to improve the security of your systems is to hire hackers. Unfortunately, ...
My Security is a Graph – Your Arguement is Invalid Gabriel Bassett Google has super graph power and so should you! We’ll give you a primer on ...
New Shiny in the Metasploit Framework Egypt “The Metasploit Framework is constantly evolving, in no small part due to contributions from people ...
Offensive Forensics – CSI For Badguys Benjamin Caudill “As a pentester, when was the last time you ‘recovered’ deleted files from the MFT ...
OPSEC Penetration: Threat mitigation through Intelligence Robb Driscoll I’ve identified some gaps in the civilian/public information security industry with regards to threat intelligence. ...
Ownage From Userland: Process Puppeteering Nick Cano This offensive talk highlights a myriad of sneaky methods for manipulating processes on owned boxes. ...
Owning Computers Without Shell Access Royce Davis “For many years Penetration Testers have relied on gaining shell access to remote systems in ...
Panel: Building and Growing a Hacker Space Nick Farr , Dave Marcus , Joey Maresca , Skydog Whether you have a loose group of friends who have similar making or hacking interests, ...
Passive Aggressive Defense Jason Clark “As an industry, we’re still fighting amongst ourselves about whether or not we should hack ...
Pass-The-Hash 2: The Admin’s Revenge Chris Campbell , Skip Duckwall some vulnerabilities just can’t be patched. Pass-The-Hash attacks against Windows enterprises are are still successful ...
Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies John Moore Think about all the passwords we use to access information every day. Whether it is ...
Patching Windows Executables with the Backdoor Factory Joshua Pitts Patching or modifying binaries have been a common practice for security professionals and malicious actors ...
Peoject CANCER: Bringing VX Back Mohamed Saher “Project CANCER is a proof-of-concept – ZOO – virus that tries to take the bar ...
Phishing Frenzy: 7 seconds from hook to sinker Brandon Mccann “Email Phishing attacks are a prevalent threat against any organization large or small. As professionals ...
Phishing Like The Pros Luis “connection” Santana This talk will discuss phishing techniques used by professionals during phishing campaigns and introduce “PhishPoll”, ...
Pigs Don’t Fly – Why owning a typical network is so easy, and how to build a secure one. Matt “scriptjunkie” Weeks “As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the ...
PowerShell and Windows Throw the Best Shell Parties Piotr Marszalik Something that every penetration tester runs into at some point is a dead shell or ...
Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland How easily we overlook a simple wireless SSID and think nothing of it or its ...
Practical OSINT Shane Macdougall There’s more to life to OSINT than google scraping and social media harvesting. Learn some ...
Principles of Patrolling Patrick Tatro Presentation Army Ranger School is a leading school on developing leaders’ ability to make decisions, ...
Put Me In Coach: How We Got Started In Infosec Frank j. Hackett , Pr1me , Chris “g11tch” Hodges , Dave “rel1k” Kennedy So, you’re interested in Infosec and curious where to begin… Come listen to four Infosec ...
Raising Hacker Kids: For Good or for Awesome Joseph Shaw “An early, rough version of this talk was given at BSides DFW 2012, but this ...
RAWR – Rapid Assessment of Web Resources Adam Byers , Tom Moore One of the highest threats to organizations today is also one of their most prevalent ...
Sandboxes from a pen tester’s view Rahul Kashyap In this talk we’ll do an architectural decomposition of application sandboxing technology from a security ...
Security Sucks, and You’re Wearing A Nursing Bra Paul Asadoorian Lets face it, security sucks. I’ve been covering the security industry for the past several ...
Shattering the Glass: Crafting Post Exploitation Tools with PowerShell Matt Johnson You have achieved your first goal. Shell on a Windows machine. Good. Now the real ...
Sixnet Tools: for poking at Sixnet Things Mehdi Sabraoui Its no secret that security of SCADA devices on industrial networks is at best a ...
SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. Jacob Holcomb “ISE discovered and identified NEW critical security vulnerabilities in numerous small office/home office (SOHO) routers ...
Some defensive ideas from offensive guys. Robert Chuvala , Justin Elze “As offensive security consultants, we see on a daily basis many of the same trends ...
Steal All of the Databases. Alejandro Caceres “Ever wondered what it would take to conduct a fully automated attack on an entire ...
Stealth servers need Stealth Packets Jaime Sanchez “Sun Tzu once said “”Know your enemy and know yourself, and in a hundred battles ...
Stop Fighting Anti-Virus Integgroll “As security professionals we all have a different feel on how things roll when it ...
Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) Jack D. Nichelson ““I’ve been MS08-067’ed two years in a row…now what?” Most systems are insecure, not because ...
Terminal Cornucopia Evan “treefort” Booth In this talk, I explore a seldom-discussed facet of airport security: what happens *after* the ...
The Art and Science of Hacking Any Organization Tyler Wrightson In this talk Tyler confronts a fact that is staring us all in the face; ...
The Good Samaritan Identity Protection Project – www.thegsipp.org Chris Brown , Zack Hibbard , Jon Sternstein If you haven’t found somebody else’s personal information on the internet you aren’t trying. For ...
The High Risk of Low Risk Applications Conrad Reynolds Is your network being hacked by agents of foreign governments? That’s a shame. But your ...
The Internet of Things: Vulns, Botnets and Detection Liam Randall , Kyle Stone Does the ‘internet of things’ scare you? It probably should. We’re going to be discussing ...
The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it! Ian Robertson , Michael Gough “Both CXO’s and technical staff should attend this talk. You can throw lots of time ...
The Mysterious Mister Hokum Jason Scott A man is found dead in his luxury home, a beloved member of his community ...
Tizen Security: Hacking the new mobile OS Mark Manning Tizen is a new mobile operating system that companies like Samsung, Intel/McAfee are investing in. ...
TMI: How to attack SharePoint servers and tools to make it easier James Jardine , Jevin Johnson SharePoint has become one of the most common platforms in organizations today. Originally designed for ...
TMI: Testing and Exploiting SharePoint Kevin Johnson , James Jardine SharePoint has become one of the most common platforms in organizations today. Originally designed for ...
Unmasking Miscreants Brandon Levene , Allixon Nixon To the low hanging fruit of the hacker community, the script kiddies, operational security (OpSec, ...
Using Facial Recognition Software In Digital Forensics And Information Security Brian Lockrey “This talk describes various applications that assist digital forensics investigators and law enforcement during the ...
Wait; How is All This Stuff Free?!? Gene Bransfield So as I was trying to describe to a layperson (Alice) how anyone can download ...
Weaponizing your Coffee Pot Daniel Buentello “As SoC price continue to drop and their implementation continues to rise, connected “”appliances”" (Internet ...
What if Petraeus was a hacker? Email privacy for the rest of us Phil Cryer Almost every day there are new revelations about violations of user’s online privacy. Usually these ...
What’s common in Oracle and Samsung? They tried to think differently about crypto. Ferenc Spala , László Tóth “The Android phone makers do everything to customize their devices just make sure they are ...
Why Dumpster Dive when I can pwn right in? Terry Gold “Securing access to buildings, internal access points, and assets is typically handled by a corporate ...
Why Your IT Bytes Frank j. Hackett Why your IT can’t – won’t – and doesn’t win – AKA Why Your IT ...
Windows 0wn3d By Default Mark Baggett “In this talk we will discuss API Hooking, Process Execution Redirection, Hiding Registry keys and ...
Windows Attacks: AT is the new black Chris Gates , Mubix “rob” Fuller A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon ...
Zombies in your browser Aditya Gupta , Prakhar Prasad “Botnets have got a lot of popularity during the recent time. And we have also ...
Enter the Stolen Data Impact Model (SDIM) Project Brent Huston There are plenty of ways to analyze a breach. There are models for the recon, ...
IPv6 is here (kind of), what can I do with it? Dan Wilkins In this talk, we will look at some of the fundamental differences between IPv4 and ...
SQL injection with sqlmap Conrad Reynolds When hacking websites, SQL injection is a very popular way read or change data that ...
Practical File Format Fuzzing Jared Allar File format fuzzing has been very fruitful at discovering exploitable vulnerabilities. Adversaries take advantage of ...
DIY Command & Control For Fun And *No* Profit David healwhans Schwartzberg Many security professionals have heard about Command & Control botnets, even more have been infected ...
Surviving the Dead Christopher ‘eggdropx’ Payne One thing is for certain, surviving the inevitable Zombie Apocalypse will not be easy. Many ...
How can I do that? Intro to hardware hacking with an RFID badge reader Kevin Bong Hardware hacking can be intimidating for hobbyist hackers, but it doesn’t need to be. This ...
Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network Solomon Sonya , Nick Kulesza Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards ...
A SysCall to ARMs Brendan Watters ARM processors are growing more and more prevalent in the world; ARM itself claims that ...
iOS.reverse #=> iPwn Apps Mano ‘dash4rk’ Paul While iOS apps downloaded from the AppStore are packaged in binary format and usually encrypted, ...
The Netsniff-NG Toolkit Jon Schipp The Netsniff-NG toolkit is a suite of high performance networking tools. Its two major players ...
Raspberry Pi, Media Centers, and AppleTV David Schuetz I have three kids. We take a few reasonably-long car trips each year. Until now, ...
Follow the Foolish Zebras: Finding Threats in Your Logs Chris Larsen We all know that our users do foolish things. Our normal response is to try ...
Security Training and Research Cloud (STRC) Jimmy Murphy STRC is the result of a Masters project done at the University of Louisville, Computer ...
So you want to be a pentester? Raymond Gabler When many pen testers, myself included, are just starting out they focus their testing efforts ...
Digital Energy – BPT Paul Coggin There are a great deal of conversations today regarding APT and critical infrastructure networks for ...
Is Auditing C/C++ Different Nowadays? Jared Demott C/C++ has been around for a long time. As you may know, it has issues; ...
An Anti-Forensics Primer Jason Andress This talk will cover the basics of anti-forensics, the tools and techniques that can be ...
Decoding Bug Bounty Programs Jon Rose Let’s deconstruct the world of digital bounty hunters. Amid the growing trend to “crowd source” ...
Promoting Your Security Program Like A Lobbyist. Jerry Gamblin I have spent the last 8 years watching lobbyist successfully promote their goals and visions ...
Building An Information Security Awareness Program from Scratch Valerie Thomas , Bill Gardner Most organization’s Security Awareness Programs suck: they involved ‘canned’ video presentations or someone is HR ...
Applying the 32 Zombieland Rules to IT Security Larry Pesce OMG ZOMBIES!!! Did that get your attention? I’m a big fan of preparing for the ...
Finding The Signal in the Noise: Quantifying Advanced Malware Dave Marcus How the #APG is using Yara and other hotness against one of the biggest malware ...
Hack the Hustle! Eve Adams While information security is widely considered a negative-unemployment industry (it’s actually closer to 3%), most ...
Anti-Forensics: Memory or something, I forget. Int0x80 The anti-forensics lulz continue. Let’s see how many memes I can pack in and we ...
Operationalizing Security Intelligence in the Enterprise Rafal wh1t3rabbit Los Many organizations say they acquire and use security intelligence for the benefit of their organizations ...
The Message and The Messenger James Arlen You are a great person – a unique and special snowflake – you have many ...
Love letters to Frank Abagnale (How do I pwn thee let me count the ways) Jayson E. Stree In previous talks I have shown how I have used emails to gain entry into ...
Burning the Enterprise with BYOD Georgia Weidman Abstract: “We’ve got Mobile Device Management, BYOD is not a risk for us!” “Our proxy ...
Beyond Information Warfare “You Ain’t Seen Nothing Yet” Winn Schwartau In 1993, his influential hit book, Information Warfare, redefined warfare in the 21 Century, but ...
Taking the BDSM out of PCI-DSS Through Open-Source Solutions Zack Fasel , Erin “secbarbie” Jacobs At some point as information security practitioners, we all face those god-awful three letters. PCI. ...
Seeing red in your future? Ian Amit This talk is designed to complement the “Red Team X” talk tomorrow, and provide context ...
Defcon Documentary – Jason Scott DEFCON is the world’s largest hacking conference, held in Las Vegas, Nevada. In 2012 it ...
Getting Schooled: Security with no budget in a hostile environment. Jim Kennedy Everyone talks about hostile users….the occasional rogue employee…..but few System Engineers truly live that environment ...
Browser Pivoting (FU2FA) Raphael Mudge Let’s do a magic trick. Take one proxy server, make it fulfill requests through a ...
It’s Only a Game: Learning Security through Gaming Bruce Potter Whether you’re a hard core information security professional or someone in a large corp who ...
Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World Ed Skoudis The infosec industry has spent decades struggling to secure computers and the vital data they ...
The Cavalry Is Us: Protecting the public good and our profession Joshua Corman The Cavalry Isn’t Coming. Our fate falls to us or to no one. At BSidesLV ...
Dancing with Dalvik Thomas Richards So you’ve reversed you’re first Android APK; now what? Java pseduocode is nice, but how ...
50 Shades of RED: Stories from the “Playroom” Chris Nickerson Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have ...
Uncloaking IP Addresses on IRC Derek Callaway Ever wanted to find out someone’s IP address online? Of course you have! Tracing “calls” ...
DIY Forensics: When Incident Response Morphs into Digital Forensics John Sammons There may come a day when you have to “get your CSI on.” Cyber crime ...
Emergent Vulnerabilities: What ant colonies, schools of fish, and security have in common. Nathaniel Husted The ubiquity of mobile devices has quickly thinned the walls separating the digital and physical ...
Cracking Corporate Passwords – Exploiting Password Policy Weaknesses Rick Redman , Minga “Cracking corporate passwords is no different than cracking public MD5 leaks off of pastebin. Except, ...
Creating your own Threat Intelligence Reporting Jamie Murdock Many companies follow threat reports from Verizon, Websense, Symantec, and others, but what do you ...
Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography Nancy Snoke The crypto-exploit exercises virtual machine (VM) is a learning tool that teaches concepts via giving ...
Collaborative Penetration Testing With Lair Tom Steele , Dan Kottmann Lair is an open-source project developed for and by penetration testers. Built on Meteor and ...
Cognitive Injection: Reprogramming the Situation-Oriented Human OS Andy Ellis “It’s a trope among security professionals that other humans – mere mundanes – don’t “”get”" ...
Cash is King: Who’s Wearing Your Crown? Tom Eston , Spencer Mcintyre Show me the money. If hackers were able to manipulate the world’s accounting systems, governments ...
Cheat Codez: Level UP Your SE Game Eric Smith Everyone knows what phishing is. Everyone realizes Java applets lead to massive storms of shells. ...
Battle Scars And Friendly Fire: Threat Research Team War Stories Will Gragido , Seth Geftic Building A Threat Research Team And Making That Team An Effective Part Of Your Organization ...
Big Hugs for Big Data Davi Ottenheimer Security professionals must protect more data in more places than ever before. Big Data has ...
Appsec Tl;dr Gillis Jones Have you ever wondered what it takes to get one of those “Elusive” bug bounties ...
ANOTHER Log to Analyze – Utilizing DNS to Discover Malware in Your Network Nathan Magniez DNS logs are an often overlooked asset in identifying malware in your network. The purpose ...
Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) Trenton Ivey , Neal Bridges Think of the last time you got sick. Your immune system is an amazing piece ...
Android 4.0: Ice Cream “Sudo Make Me a” Sandwich Max Sobell “With the advent of Android 4.0+, we have seen the rooting landscape shift dramatically. This ...
An Encyclpwnia of Persistence Skip Duckwall , Will Peteroy While I was working on a Linux boot CD for Red Team operations I started ...
Alice Goes Deeper (Down the Rabbit Hole) – Redirection 2.0 Nathan Magniez “At DerbyCon 2.0, we learned to keep yourself anonymous and out of your target’s logs. ...
After SS7 its LTE Ankit Gupta Gsm was cracked last decade. Now the Telecom came up with new NGN, LTE with ...
A n00bie’s perspective on Pentesting… Brandon Edmunds The description was a dream: “Have you ever wanted to hack a Car or an ...
Abusing LFI-RFI for Fun,Profit and Shells Francis Alexander “This talk is about exploiting the much less discussed Local File Inclusion and Remote File ...
A developer’s guide to pentesting Bill Sempf “For the last several months, Bill has taken his twenty years of web development experience ...
“Electronic Safe Fail: Common Vulnerabilities in Electronic Safes” Jeff Popio “Commonly safes are used in IT to secure backup tapes, certificate roots, and other sensitive ...
New Exploitation and Obfuscation Techniques Roberto Salgado “This talk will present some of the newest and most advanced optimization and obfuscation techniques ...