InfoconDB

DerbyCon 7.0 Legacy took place Sept. 22, 2017 through Sept. 24, 2017 (6 years, 10 months ago) at Hyatt Regency Hotel in Louisville, Kentucky, USA.

Presentations

Friday, Sept. 22, 2017

08:30 - DerbyCon Team
09:00 - Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research
10:00 - I had my mom break into a prison, then we had pie.
12:00 - Further Adventures in Smart Home Automation: Honey, Please Don't Burn Down Your Office
12:00 - Eye on the Prize
12:00 - So you want to be a Social Engineer
12:00 - How to Measure Your Security: Holding Security Vendors Accountable
12:00 - When to Test, and How to Test It
12:30 - Building Better Backdoors with WMI
13:00 - How we accidentally created our own RAT/C2/Distributed Computing Network
13:00 - Here Be Dragons: The Unexplored Land of Active Directory ACLs
13:00 - Securing Windows with Group Policy
13:00 - A New Take at Payload Generation: Empty-Nest
13:00 - Beyond xp_cmdshell
13:30 - Bots, Trolls, and Warriors
14:00 - TBD
14:00 - VMware Escapology: How to Houdini The Hypervisor
14:00 - DFIR Redefined
14:00 - Defending against PowerShell Attacks
14:00 - Active Defense for web apps
14:30 - Building Google for Criminal Enterprises
15:00 - V!4GR4: Cyber-Crime, Enlarged
15:00 - CredDefense Toolkit
15:00 - 3rd Annual Metasploit Townhall
15:00 - Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niques') -Join'')
15:00 - IoT Security - Executing an Effective Security Testing Process
16:00 - Fileless Malware - The New "Cyber"
16:00 - The skills gap: how can we fix it?
16:00 - PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
16:00 - Purpose Driven Hunt: What do I do with all this data?
16:00 - Steel Sharpens Steel: Using Red Teams to improve Blue Teams
16:30 - Extending Burp
17:00 - Lateral Movement for the Blue Team
17:00 - An ACE in the Hole: Stealthy Host Persistence via Security Descriptors
17:00 - Shellcode Via VBScript/JScript Implications
17:00 - Introducing DeepBlueCLI v2, now available in PowerShell and Python
17:00 - DanderSpritz: How the Equation Group's 2013 tools pwn in 2017
17:30 - Retail Store/POS Penetration Testing
18:00 - Introducing Bruiser: A Small and Sneaky Backdoor for Windows
18:00 - Run your security program like a boss / practical governance advice
18:00 - Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
18:00 - Improv Comedy as a Social Engineering Tool
18:00 - (Mostly) Free Defenses Against the Phishing Kill Chain
18:30 - How to safely conduct shenanigans
19:00 - War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
19:00 - The .NET Inter-Operability Operation
19:00 - Digital Vengeance: Exploiting the Most Notorious C&C Toolkits

Saturday, Sept. 23, 2017

09:00 - Advanced Threat Hunting
09:00 - Return From The Underworld - The Future Of Red Team Kerberos
09:00 - JReFrameworker: One Year Later
09:00 - To Catch a Spy
09:00 - Personalities disorders in the infosec community
09:30 - Purple team FAIL!
10:00 - Hidden Treasure: Detecting Intrusions with ETW
10:00 - Memory-Based Library Loading: Someone Did That Already.
10:00 - CHIRON - Home based ML IDS
10:00 - Architecture at Scale - Save time. Reduce spend. Increase security.
10:00 - Rapid Incident Response with PowerShell
10:30 - Building a full size CNC for under $500
12:00 - How to Hunt for Lateral Movement on Your Network
12:00 - Python Static Analysis
12:00 - Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)
12:00 - Windows Rootkit Development: Python prototyping to kernel level C2
12:00 - Blue Team Keeping Tempo with Offense
12:30 - The Trap House
13:00 - Hunting for Memory-Resident Malware
13:00 - Data Mining Wireless Survey Data with ELK
13:00 - Kali Linux?
13:00 - Modern Evasion Techniques
13:00 - Peekaboo! I Own You. Owning Hundreds of Thousands Vulnerable Devices with only two HTTP packets
13:30 - C2 Channels - Creative Evasion
14:00 - Common Assessment Mistakes Pen Testers and Clients Should Avoid
14:00 - Scrumy Security: Getting stuff done
14:00 - Burping for Joy and Financial Gain
14:00 - Reaching Across the Isle: Improving Security Through Partnership
14:00 - FM, and Bluetooth, and Wifi... Oh My!
14:30 - Out With the Old, In With the GNU
15:00 - Detect Me If You Can
15:00 - Web Application testing - approach and cheating to win
15:00 - POP POP RETN ; An Introduction to Writing Win32 Shellcode
15:00 - Everything I Need To Know About Security I Learned From Watching Kung Fu Movies
15:00 - Tracing Adversaries: Detecting Attacks with ETW
15:30 - The Current State of Security, an Improv-spection
16:00 - Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
16:00 - When IoT Research Matters
16:00 - What A Long Strange Trip It's Been
16:00 - Full-Contact Recon
16:00 - I Survived Ransomware . . . TWICE
16:30 - Drone Delivered Attack Platform (DDAP)
17:00 - Mobile APTs: A look at nation-state attacks and techniques
17:00 - Reverse Engineering Hardware via the HRES
17:00 - I want my EIP
17:00 - Not a Security Boundary: Bypassing User Account Control
17:00 - Game On! Using Red Team to Rapidly Evolve Your Defenses
17:30 - MacOS host monitoring - the open source way
18:00 - Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match
18:00 - Statistics on 100 million secrets: A look at recent password dumps
18:00 - Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.
18:30 - Hacking VDI, Recon and Attack Methods
19:00 - Smart toys ain't that Smart, when Insecure!

Sunday, Sept. 24, 2017

10:00 - Introducing SpyDir - a BurpSuite Extension
10:00 - Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences
10:00 - IDAPython: The Wonder Woman of Embedded Device Reversing
10:00 - Atombombing and Other Obfuscation - Your EDR may be broken
10:00 - Windows Event Logs -- Zero 2 Hero
10:30 - Phishing for You and Your Grandma!
11:00 - Love is in the Air - DFIR and IDS for WiFi Networks
11:00 - Regular Expressions (Regex) Overview
11:00 - Kinetic to Digital: Terrorism in the Digital Age
11:00 - Gone In 59 Seconds - High Speed Backdoor Injection via Bootable USB
11:00 - Evading Autoruns
11:30 - Securing Your Network
12:00 - MitM Digital Subscriber Lines
12:00 - Hacking Blockchains
12:00 - SniffAir - An Open-Source Framework for Wireless Security Assessments
12:00 - Going Deep and Empowering Users - PCAP Utilities and Combating Phishing in a new way
12:00 - Diary of a Security Noob
12:30 - Spy vs. Spy - Tip from the trenches for red and blue teams
13:00 - Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools
13:00 - Become the Puppet Master - the battle of cognition between man and machine
13:00 - We're going on a Threat Hunt, Gonna find a bad-guy.
13:00 - Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags
13:00 - changeme: A better tool for hunting default creds

DerbyCon 7.0 Legacy (2017)

Presentations

Presenters