InfoconDB

DerbyCon 6.0 Recharge took place Sept. 21, 2016 through Sept. 25, 2016 (8 years, 9 months ago) at Hyatt Regency Hotel in Louisville, Kentucky, USA.

Presentations

Friday, Sept. 23, 2016

09:15 - Opening Ceremonies
10:00 - Vulnerability disclosure, cloudy clouds, and million dollar shopping trips. This industry sucks. And is awesome.
12:00 - Go with the Flow: Get Started with Flow Analysis Quickly and Cheaply
12:00 - Data Obfuscation: How to hide data and payloads to make them “not exist” (in a mathematically optimal way)
12:00 - Metasploit Townhall
12:00 - Internet of Things, Voice Control, AI, and Office Automation: BUILDING YOUR VERY OWN J.A.R.V.I.S.
12:00 - Thinking Purple
12:30 - Abusing RTF: Exploitation, Evasion and Exfiltration
13:00 - Mind Reading for Fun and Profit using DISC
13:00 - Information Security Proposed Solutions Series - 1. Talent
13:00 - Top 10 2015-2016 compromise patterns observed & how to use non-traditional Internet datasets to detect & avoid them
13:00 - Writing malware while the blue team is staring at you
13:00 - Stagefright: An Android Exploitation Case Study
13:30 - DNSSUX: Why DNSSEC Makes Us Weaker
14:00 - +1,000,000 -0: Cloning a Game Using Game Hacking and Terabytes of Data
14:00 - Macs Get Sick Too
14:00 - Hunting for Exploit Kits
14:00 - Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM
14:00 - Nose Breathing 101: A Guide to Infosec Interviewing
14:30 - Android Patchwork: Convincing Apps to Do What You Want Them To
15:00 - To Catch a Penetration Tester: Top SIEM Use Cases
15:00 - DevOops Redux
15:00 - Next Gen Web Pen Testing: Handling modern applications in a penetration test
15:00 - A Year in the Empire
15:00 - Is that a penguin in my Windows?
15:30 - Real World Attacks VS Check-box Security
16:00 - .... and bad mistakes I’ve made a few.....
16:00 - PowerShell Secrets and Tactics
16:00 - Beyond The ‘Cript: Practical iOS Reverse Engineering
16:00 - No Easy Breach: Challenges and Lessons from an Epic Investigation
16:00 - ARRR Maties! A map to the legal hack-back
16:30 - Project MVP - Hacking and Protecting SharePoint
17:00 - CrackMapExec - Owning Active Directory by using Active Directory
17:00 - Better Network Defense Through Threat Injection and Hunting
17:00 - Adaptation of the Security Sub-Culture
17:00 - Hacking Lync (or, ‘The Weakest Lync’)
17:00 - Responder for Purple Teams
17:30 - Metaprogramming in Ruby and doing it wrong.
18:00 - Outlook and Exchange for the Bad Guys
18:00 - It’s Never So Bad That It Can’t Get Worse
18:00 - Exploiting First Hop Protocols to Own the Network
18:00 - Evolving your Office’s Security Culture
18:00 - AWShit. Pay-as-you-go Mobile Penetration Testing
18:30 - Confronting Obesity in Infosec
19:00 - From Commodity to Advanced (APT) malware, are automated malware analysis sandboxes as useful as your own basic manual analysis?
19:00 - Defeating The Latest Advances in Script Obfuscation
19:00 - BurpSmartBuster - A smart way to find hidden treasures
19:30 - Advanced Persistent Thirst (APT)

Saturday, Sept. 24, 2016

09:00 - Breaking Credit Card Tokenization Without Cryptanalysisk
09:00 - We’re a Shooting Gallery, Now What?
09:00 - Tool Drop 2.0 - Free As In Pizzak
09:00 - Deploying PAWs as Part of a Strategy to Limit Credential Theft and Lateral Movement
09:00 - Business Developement: The best non-four letter dirty word in infosec.
09:30 - Malicious Office Doc Analysis for EVERYONE!
10:00 - Attacking EvilCorp: Anatomy of a Corporate Hack
10:00 - The Art of War, Attacking the Organization and Raising the Defense
10:00 - The 1337 Gods of Geek Mythology
10:00 - Point of Sale Voyuer- Threat Actor Attribution Through POS Honeypots
10:00 - Living Off the Land 2: A Minimalist’s Guide to Windows Defense
10:30 - Open Source Intelligence- What I learned by being an OSINT creeper
12:00 - Phishing without Failure and Frustration
12:00 - I don’t give one IoTA: Introducing the Internet of Things Attack Methodology.
12:00 - Anti-Forensics AF
12:00 - Managed to Mangled: Exploitation of Enterprise Network Management Systems
12:00 - Finding Your Balance
12:30 - Hashcat State of the Union
13:00 - Five year checkup: the state of insulin pump security
13:00 - New Shiny in Metasploit Framework
13:00 - Establishing A Foothold With JavaScript
13:00 - Penetration Testing Trends
13:00 - Garbage in, garbage out: generating useful log data in complex environments
13:30 - Overcoming Imposter Syndrome (even if you’re totally faking it)
14:00 - Using Binary Ninja for Modern Malware Analysis
14:00 - Introducing DeepBlueCLI, a PowerShell module for hunt teaming via Windows event logs
14:00 - Fuzzing basics...how to break software
14:00 - Embrace the Bogeyman: Tactical Fear Mongering for Those Who Penetrate
14:00 - Security v. Ops: Bridging the Gap
14:30 - From Gaming to Hacking The Planet
15:00 - Attackers Hunt Sysadmins - It’s time to fight back
15:00 - SQL Server Hacking on Scale using PowerShell
15:00 - Hacking for Homeschoolers: STEM projects for under $20
15:00 - How to Social Engineer your way into your dream job!
15:00 - Scripting Myself Out of a Job - Automating the Penetration Test with APT2
15:30 - Dive into DSL: Digital Response Analysis with Elasticsearch
16:00 - Making Our Profession More Professional
16:00 - Medical Devices: Pwnage and Honeypots Make STEHM Great Again
16:00 - Need More Sleep? REST Could Help
16:00 - Python 3: It’s Time
16:00 - DNS in Enterprise IR: Collection, Analysis and Response
16:30 - How are tickets paid for?
17:00 - Breaking Android Apps for Fun and Profit
17:00 - Reverse engineering all the malware...and why you should stop.
17:00 - Body Hacking 101 (or a Healthy Lifestyle for Security Pros)
17:00 - Security Automation in your Continuous Integration Pipeline
17:00 - So You’ve Inherited a Security Department, Now What…
17:30 - “Cruise Ship Security OR Hacking the High Seas
18:00 - Attacking ADFS Endpoints with PowerShell
18:00 - The 90’s called, they want their technology back
18:00 - Web Security for Dummies
18:30 - I Love myBFF (Brute Force Framework)
19:00 - Nobody gets fired by choosing IBM... but maybe they should.
19:30 - Shackles, Shims, and Shivs - Understanding Bypass Techniques

Sunday, Sept. 25, 2016

10:00 - Recharging Penetration Testing to Maximize Value
10:00 - Poetically Opaque (or other John Updike Quotes)
10:00 - Abusing Linux Trust Relationships: Authentication Back Alleys and Forgotten Features
10:00 - Hack Yourself: Building A Pentesting Lab
10:00 - Introducing PowerShell into your Arsenal with PS>Attack
10:30 - Samsung Pay: Tokenized Numbers, Flaws and Issues
11:00 - Hardening AWS Environments and Automating Incident Response for AWS Compromises
11:00 - Java RATS: Not even your Macs are safe
11:00 - Yara Rule QA: Can’t I Write Code to do This for Me?
11:00 - Fire Away! Sinking the Next Gen Firewall
11:00 - The Advanced Persistent Pentester (All Your Networks Are Belong 2 Us)
12:00 - Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D””e`Tec`T ‘Th’+’em’
12:00 - Hashview, a new tool aimed to improve your password cracking endeavors.
12:00 - PacketKO - Data Exfiltration Via Port Knocking
12:00 - Hardware Hacking the Easyware Way
12:00 - Mobile Device Forensics
12:30 - Ransomware: An overview
13:00 - IoT Defenses - Software, Hardware, Wireless and Cloud
13:00 - The Beginner’s Guide to ICS: How to Never Sleep Soundly Again
13:00 - MariaDB: Lock it down like a chastity belt
13:00 - Finding a Weak Link: Attacking Windows OEM Kernel Drivers
13:00 - Static PIE: How and Why
14:30 - Closing Ceremony

DerbyCon 6.0 Recharge (2016)

Presentations

Presenters