Subscribe: Irongeek's Security Site
Added By: Feedage Forager Feedage Grade C rated
Language: English
bsides  irongeek page  irongeek  mainlistthese videos  page videos  page  record  security  videos irongeek  videos   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Irongeek's Security Site

Irongeek's Security Site, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy). Home of my articles and videos on computer security. As I write articles and tutorials I will be posting them here. If

Copyright: 2014 Irongeek (Adrian Crenshaw)

BSidesPhilly 2017 Videos

Fri, 8 Dec 2017 21:04:38 -0500

Link: These are the videos from BSides Philadelphia 2017. Thanks to Mark, Mike, Austin, John, David and others I'm forgetting for helping with the video. Innovating for 21st Century WarfareErnest "Cozy Panda" Wong MFA, It's 2017 and You're Still Doing WrongPresented by Dan Astor and Chris Salerno. Out With the Old, In With the GNULsly IoT devices are one of the biggest challengesCharles @libertyunix Sgrillo Evading C2 Detection with AsymmetryBy Brandon Arvanaghi and Andrew Johnston Abusing Normality: Data Exfiltration in Plain SiteAelon Porat Smarter ways to gain skills, or as the DoD puts itDr. P. Shane Gallagher, Institute for Defense Analyses, and Evan Dornbush, co-founder, Point3 Security, Inc. Game of the SE: Improv comedy as a tool in Social EngineeringDanny Akacki - Security Monkey File Polyglottery; or, This Proof of Concept is Also a Picture of CatsEvan Sultanik Your Facts Are Not Safe With Us: Russian Information Operations As Social EngineeringMeagan Dunham Keim Supercharge Your SOC with SysmonChris Lee & Matthew Giannetto Threat Hunting: Defining the Process While Circumventing Corporate ObstaclesKevin Foster, Matt Schneck, Ryan Andress Put up a CryptoWall and Locky the Key - Stopping the Explosion of RansomwareErich Kron, CISSP-ISSAP Web Hacking 101 Hands-on with Burp SuiteDavid Rhoades of Hacker Mindset David Brown: CISSP, CISM, IAM[...]


Sun, 19 Nov 2017 21:01:49 -0500

Link: These are the videos of the presentations from Secure West Virginia 2017. Thanks to Justine, Tim, Morgan, Kevin, Todd & Roy for helping record. IntroBenny Karnes Fighting Advanced Persistent Threats with Advanced Persistent SecurityIra Winkler Coming Up with the Next Wave of Cyber Innovations-Start by Thinking 1ns1d3 th3 B0xErnest Wong I survived Ransomeware.... TwiceMatt Perry Value of threat intelligenceStealthcare SDR & RF Hacking PrimerAndrew Bindner Digital Forensic Analysis: Planning and ExecutionJohn Sammons Intro to WireSharkJosh Brunty Secrets of SuperspiesIra Winkler Total Recall: Using Implicit Memory as a Cryptographic PrimitiveTess Schrodinger IoT PanelRCBI Hillbilly Storytime - Pentest FailsAdam Compton Hackers, Hugs and DrugsAmanda Berlin FLDigi - E-mail over Packet RadioAaron West and Rob West From junk to jewels: Destruction is the key to buildingBranden Miller & Audrey Miller SCAP: A Primer and CustomizationScott Keener Security Through Ansible AutomationAdam Vincent Vehicle Forensics: An Emerging Source of EvidenceJohn Sammons Network Forensics using Kali Linux and/or SANS SiftJosh Brunty 911 DDOSDianiel Efaw Pi's, Pi's and wifiSteve Truax Technical Testimony: Doing the Heavy Lifting for the JuryJohn Sammons Emergent GameplayRon Moyer Closing[...]

GrrCON 2017 Videos

Sat, 28 Oct 2017 08:25:42 -0500

Link: are the videos of the presentations from GrrCON 2017. Big thanks to EggDropX and Jaime for having me out, and my video crew  (paint27, Erick, & brettahansen) for recording. Ghast STRATEGIES ON SECURING YOU BANKS & ENTERPRISES. (FROM SOMEONE WHO ROBS BANKS & ENTERPRISES FOR A LIVING!)Jayson E Street Population Control Through The Advances In Technology…Chris Roberts(sorry for the music in back ground) You Got Your SQL Attacks In My HoneypotAndrew Brandt 3rd Party Data BurnsArron "Finux" Finnon Morphing to Legitimate Behavior Attack PatternsDave Kennedy Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSFJerod Brennen Oops! Was that your pacemaker?Charles Parker, II 10 Cent Beer Night: The World we now Live InJohnny Xmas Realizing Software Security Maturity: The Growing Pains & GainsMark Stanislav & Kelby Ludwig Cyber, Cyber, Cyber - Using the killchain to accomplish something Amanda Berlin An Employee, their Laptop and a Hacker walk into a Bar Shannon Fritz Eye on the Prize - a Proposal for Legalizing Hacking Back Adam Hogan I've got a (Pocket) Bone to pick with youDr Phil Postra Gig Topic depends on number of federal agents in audienceAtlas of Doom Embedding Security in Embedded SystemsDr. Jared DeMott National Guard for Cyber? How about a Volunteer Cyber Department?Ray Davidson Red Team YourselfThomas Richards An Attack Pathway Into Your Organization? Reducing risk without reducing operational efficiencyDavid Adamczyk Pen Test War Stories - Why my job is so easy, and how you can make it harderAaron Herndon Skills For A Red-TeamerBrent White & Tim Roberts ProbeSpy: Tracking your past, predicting your futurestumblebot vAp0r and the Blooming OnionJustin Whitehead & Jim Allee A GRReat New Way of Thinking about Innovating for Cyber Defense (and even Cyber Offense)Ernest "Cozy Panda" Wong Threat Intelligence: Zero to Basics in presentationChris J Learning from InfoSec FailsDerek Milroy A Reporter's Look at Open Source IntelligenceHilary Louise Hidden Treasure: Detecting Intrusions with ETWZac Brown The Black Art of Wireless Post-ExploitationGabriel "solstice" Ryan Mi Go Change is Simply an Act of Survival: Predicting the future while shackled to the pastBil Harmer Dissecting Destructive Malware and Recovering from CatastropheBryan York Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm GladwelJim Wojno & Dan Kieta How do you POC? Are you really testing a productKen Donze Tales From The Trenches: Practical Information Security LessonsMichael Belton Securing the Internet of Things (IoT) -Through Security Research and Vulnerability AnalysisDeral Heiland The Future of Cyber SecurityAnthony Sabaj Building a Usable Mobile Data Protection StrategyDavid "Heal" Schwartzberg Software Defined SegmentationMatt Hendrickson The Shuttle Columbia Disaster: Lessons That Were Not LearnedJoel "I love it when they call me Big Poppa" Cardella Infrastructure Based SecurityChris Barnes Defending The De-fundedKeith Wilson Real-World Red Teamingspartan We got it wrongWolfgang Goerlich Critical Incident: Surviving my first layoff by applying BCP/DRP PrinciplesTom Mead[...]

Derbycon 7 Videos

Mon, 25 Sep 2017 18:51:46 -0400

I still have a lot of work to do, but here are the Derbycon 2017 videos. Working on fixing major audio sync issues as I can. Big thanks to my video jockeys Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, nightcarnage, Evan Davison, Tim Sayre, Morgan, Ben Pendygraft, Steven (SciaticNerd), Cory Hurst, Sam Bradstreet, MadMex, Curtis Koenig, Jonathan Zentgraf, James Hurst, Paint27, Chris, Lenard.(image)

Derbycon Streams

Thu, 21 Sep 2017 12:11:00 -0400

This page links to the streams for the different tracks when we start streaming Friday from Derbycon.(image)

BSides Cleveland 2017 Videos

Sat, 24 Jun 2017 20:23:32 -0400

Link: are the videos from the Bsides Cleveland conference. Thanks to djaj9, JDogHerman, jayw0k, justinschmitt & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. Morning KeynoteWendy Nather Better manual web application testing through automationBrian Mead Blue-Teamin' on a Budget [of Zero]Kyle Bubp PANDA, walking loud in the cloudLogan Hicks, Seth Hall, Kelsey Hightower, Laura Taylor, Doug Burks Diary of a Security NoobTJ Toterhi Delete Yourself: Cognitive Bias during incidence responseDru Streicher Enterprise Monitoring From ZeroAndrew Johnson What They're Teaching Kids These DaysRob Olson, Chaim Sanders Mid-Day KeynoteBen Ten IoT Device PentestingErik Daguerre Cyber, Cyber, Cyber - Using the killchain to accomplish somethingAmanda Sullivan Berlin Decentralization For Security and Freedom: A Discussion of Asymmetric and Decentralized TechnologiesTom Pieragastini Getting back to the old schoolJamie Murdock The Python in the AppleSpencer McIntyre Quantifying Security's Value - It Can Be Done!Arianna Willett Building your Human FirewallChristopher Jones, John Winkler Spy vs. Spy - Tips from the trenches for red and blue teamsThomas McBee, Jeff McCutchan Eye on the Prize - a Proposal for Legalizing Hacking BackAdam Hogan Choose Django for Secure Web DevelopmentVince Salvino MacOS - An easy exploit 2-ways.Cody Smith Bypassing Next-Gen TechDavid Kennedy Hacking in Highschool: Inspiring the next generation of security professionalsMichael Benich Afternoon KeynoteJohn Strand[...]

ANYCon 2017 Videos

Sat, 17 Jun 2017 17:04:59 -0400

Link: are the ANYCon videos. Thanks to Tyler & Erin for inviting me down to record. Also thanks to the AV crew Chris, Bryan, Conner, Nigel, Ben, Dan & Joe. ANYCon: Year One Kick-OffTyler Wightson Keynote: Industry Of ChangeDave Kennedy The Changing Landscape of Cyber Security and Training the New Generation of Cyber WarriorsSanjay Goel OWASP Top 10: Hacking Web Applications with Burp SuiteChad Furman Hacking Politics: Infosec in Public PolicyJonathan Capra and Rashida Richardson and Shahid Buttar Sniffing SunlightErik Kamerling Noob 101: Practical Techniques for AV BypassJared Hoffman Jedi Mind Tricks: People Skills for Security ProsAlex DiPerna Red Team YourselfThomas Richards Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming ToolsJohn Dunlap The StufferSean Drzewiecki and Aaron Gudrian and Dr. Ronny L. Bull Big Data's Big ProblemsJeanna Neefe Matthews VLAN hopping, ARP Poisoning and Man-In-The-Middle Attacks in Virtualized EnvironmentsDr. Ronny L. Bull Bringing Home Big Brother: Personal Data Privacy in the Surveillance AgeTodd Brasel and Michele Warner Measuring the Efficacy of Real-Time Intrusion Detection SystemsJeffrey Richard Baez To SIEM or not to SIEM: an OverviewChris Maulding Let's Play Defense at Cyber SpeedDuncan Sparrell Real Security Incidents, Unusual SituationsAdam Dean Incident Response Evolved - A Preventative Approach to Incident ManagementAaron Goldstein Thinking 1nside-the-B0x: Cyber Defense and Deterrence via How Hackers ThinkLieutenant Colonel Ernest Y. Wong Making Friends for Better SecurityAlexander Muentz Does DoD Level Security Work in the Real World?Jeff Man The Road to Hiring is Paved in Good IntentionsTim O'Brien Whose Idea Was That? Comparing Security Curriculums and Accreditations to Industry NeedsRobert Olson and Chaim Sanders Hacks, Lies, & Nation StatesMario DiNatale Hold my Red Bull: Undergraduate Red TeamingJonathan Gaines Ermahgerd: LawrsProf. Robert Heverly So You Want To Be A H6x0r, Getting Started in CybersecurityDoug White and Russ Beauchemin DIY Spy Covert Channels With Scapy And PythonJen Allen InfoSec Career Building Through Reserve Military ServiceDan Van Wagenen A Day in the Life of a Security AnalystMarc Payzant and Ken Oliver and Aneesa Hussain Breaking is Bad: Why Everyone at This Conference Will be UnemployedReg Harnish[...]

Circle City Con 2017 Videos

Sun, 11 Jun 2017 18:30:25 -0400

Link: are the Circle City Con 2017 videos. Thanks to the staff for inviting me down to record. Big thanks to @irishjack, @0DDJ0BB, @Ajediday, Jim, @securesomething Mike, @KitWessendorf, fl3uryz, InfaNamecheap, Chris and other for helping set up AV and record. Opening Ceremonies Opening Keynote: Words Have MeaningsDan Tentler And the Clouds Break: Continuity in the 21st CenturyWolfgang Goerlich DNS Dark Matter Discovery - There's Evil In Those QueriesJim Nitterauer Tales from the Crypt...(analyst)Jeff Man Trials and Tribulations of setting up a Phishing Campaign - Insight into the howHaydn Johnson Everything is Not Awesome: How to Overcome Barriers to Proper Network SegmentationJason Beatty Talky Horror Picture Show: Overcoming CFP FearsKat Sweet Fuzzing with AFLAdam DC949 Cybersecurity for real life: Using the NIST Framework to protect your critical infrastructureRyan Koop Why is the Internet still working?James Troutman Effective Report Writing for Security PractitionersBenjamin Robinson The Decision Makers Guide To Managing RiskJoel Cardella Application Security MetricsCaroline Wong Security Training: Making Your Weakest Link The StrongestAaron Hnatiw Network Security? What About The Data?0ddj0bb 0ddj0bb Detecting DNS Anomalies with StatisticsJamie Buening It's A Disaster!Cheryl Biswas OSINT And Your World A Love StoryMichael James Network manipulation on video games.Alex Kot Threat Intelligence: Zero to BasicsChris J The Kids Aren't Alright: Security and K-12 Education in AmericaVivienne Pustell Ph'ing PhishersJAe How To Be CuriousBret Mattingly Of Flags Frogs 4chan OPSec vs Weaponized AutismAdrian Crenshaw The State of Security in the Medical IndustryCannibal (billy) Open SesameeMax Power See beyond the veil: Automating malicious javascript deobfuscationChad Robertson Changing our future with 3D PrintingEmily Peed You're not old enough for that: A TLS extension to put the past behind usFalcon Darkstar Momot We Don't Always Go Lights and SirensKendra Cooley Ichthyology: Phishing as a ScienceKarla Burnett Creating Your Own Customized Metamorphic AlgorithmRaul Alvarez Peakaboo - I own you: Owning hundreds of thousands of devices with a broken HTTP packetAmit Serper Ye Olde HackingJohnny Xmas Closing Keynote: Lectures or Life Experiences - Awareness Training that Works!Tottenkoph & Cindy Jones Closing Ceremonies[...]

ShowMeCon 2017 Videos

Fri, 9 Jun 2017 18:17:24 -0400

Links: are the videos ShowMeCon 2017. Thanks to Renee & Dave Chronister (@bagomojo) and others for having me out to record and speak. Also thanks to my video crew @r3tr0_cod3x Aaron, Jon and some other people I may have forgotten. Data Loss Prevention in a Social Media WorldPhllip Tully Royal Testing: Purple teaming to build and secure applications better!Kevin Johnson Dark Web Economies (...and you can too!)Johnny Christmas DIY CTF - How to gain momentum on your security awareness program by hosting a CTFMatt Thelan Deconstructing Chaos: …through "Behavioral Detection"Daniel Stiegman Something Died Inside Your Git Repo: Recognizing the Smell of Insecure CodeCliff Smith REVERSING A POLYMORPHIC FILE-INFECTING RANSOMWARERaul Alvarez The Beginner's Guide to ICS:  How to Never Sleep Soundly AgainDan Bougere Windows IR made easier and faster - Find the head of the snake using AutoRuns, Large Registry Keys, Logs, IP/WhoIs and NetflowMichael Gough Homebrew powershell: Where to begin with Data Sources and baseline data.Andrew Metzger Where Cypherpunk Meets Organized Crime: The Shifting Landscape of Underground Economies and Crypto-driven PrivacyBen Brown VR-Bleeding Edge of Development and Technology-But Are We Making Old Mistakes?Arnar Gunnarson F@$#IN Trojans! An Interactive Impromptu Talk on Our Most Dangerous ThreatParameter Kick starting an application security programTim De Block Of Flags, Frogs & 4chan: OPSec vs. Weaponized AutismAdrian Crenshaw Intro to Threat HuntingAaron Mog Panel Title: The Good, the Bad, and the Ugly: HIPAA in an InfoSec WorldHudson Harris How to Patch Stupid - A Modern Approach To Securing UsersJoshua Crumbaugh When Molehill Vulnerabilities Become Mountainous ExploitsIgor Matlin Dear Blue Team, This is why I always win. Love, A HackerDave Chronister How I Inadvertently Outsourced My IT Job to a Fancy BearTim MalcomVetter [...]

NolaCon 2017 Videos

Sun, 21 May 2017 13:06:20 -0400

Link: at NolaCon 2017. Thanks to @CurtisLaraque, Federico, Morgan, & Ken for the video recording help, and @nola_con, @erikburgess_, Yvonne & Rob for having me down to record. Does DoD Level Security Work in the Real World?Jeff Man Hacking the IoT: A Case StudyNancy Meares Snoke and Phoenix Snoke Going past the wire: Leveraging Social Engineering in physical security assessments"Snow" Stephanie Carruthers Hurt Me Plenty: The Design and Development of ArganiumTodd Carr Easy Indicators of Compromise: Creating a Deception InfrastructureDavid Kennedy Arming Small Security Programs: Network Baseline Matt Domko Make STEHM Great AgainDavid Schwartzberg Designing and Implementing a Universal Meterpreter PayloadBrent Cook EDNS Client Subnet (ECS) - DNS CDN Magic or SecurJim Nitterauer Rooting out evil: defend your data center like the Secret Service protects the PresidentNathaniel Gleicher Attacking Modern SaaS CompaniesSean Cassidy The Unbearable Lightness of FailureDave Lewis Phishing for Shellz: Setting up a Phishing CampaignHaydn Johnson Iron Sights for Your DataLeah Figueroa Security Guards -- LOL!Brent White & Tim Roberts Embrace the Bogeyman: Tactical Fear Mongering for Those Who PenetrateFuzzyNop Skynet Will Use PsExec: When SysInternals Go BadMatt Bromiley & Brian Marks The Devil's Bargain: Targeted Ransomware and Its CostsJoshua Galloway 22 Short Films About SecurityCharlie Vedaa Security is dead. Long live Infosec!David Shaw An Employee, their Laptop and a Hacker walk into a BarShannon Fritz Beyond OWASP Top 10Aaron Hnatiw Scamming the Scammers: Hacking scammers with pwnsNathan Clark [...]

BSides Detroit 2017 Videos

Sat, 13 May 2017 21:13:41 -0400

Link: are the videos from the BSides Detroit 2017 Conference. Thanks to Ryan Harp (@th3b00st), Dan Falk (@dnfalk), Wolfgang Goerlich (@jwgoerlich), Matt Johnson (@mwjcomputing), Kyle Andrus (@chaoticflaws), Kate Vajda (@vajkat) and Chris Maddalena (@cmaddalena) for having me out and Samuel Bradstreet, Daniel Ebbutt, Luke Gorczyca, James Green,  David Sornig, Steven Balagna, Brandon Robinson, Brett Hansen, Briee de Graaf, Nick Papa, Brandon Azer  and others I may forget for helping to record. Moving Towards Maturity: 5 Issues InfoSec Must AddressJim Beechey Plotting Hackers: Visualizing Attack PatternsKent Gruber STEHM is the new STEMDavid Schwartzberg Hacking with Ham Radios: What I have learned in 25 years of being a ham.Jay and Jerome Radcliff Navigating Career Choices in InfoSecFernando Montenegro Windows Event Logs - Zero to HeroNate Guagenti / Adam Swan Network Security? What about the Data?Jack Hatwick ProbeSpy: Tracking your past, predicting your futureIan Odette Playing in Memory: Examples of User Theivery and Hunting for MalwareKyle Andrus The AppSec Starter KitTimothy De Block An Employee, their Laptop and a Hacker walk into a BarShannon Fritz Estimating Development Security Maturity in About an HourMatt Clapham[...]

Converge 2017 Videos

Fri, 12 May 2017 18:01:52 -0400

Link: are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Sam, Samuel Bradstreet, Daniel Ebbutt, Luke Gorczyca, James Green,  David Sornig, Steven Balagna, Brandon Robinson, Brett Hansen, Amanda Ebbutt, Nick Papa, Brandon Azer  and others I may forget for helping to record. You Are Making Bad Decisions and You Should Feel BadJoel Cardella Violent Ruby: A Talk for Hackers, Forensic Analysts, Penetration Testers and Security EngineersKent Gruber Prioritize Vulnerability RemediationAmol Sarwate Stories through Logging: "It was the best of logs, it was the worst of logs"Tom Kopchak That Escalated QuicklyShaun Bertrand How to kick start and application security programTimothy De Block Vectors and Victims: Analyzing vulnerabilities through disease modelsRich Cassara Threat Modeling 101Matt Clapham Prioritizing IT Security Projects for the BusinessMartin Bally, Steve Barone, John Beeskow, David Derigiotis, Russ Gordon, John Scrivens Defending The De-fundedKeith Wilson How to Transform Developers into Security PeopleChris Romeo You have Updates!...A look at an old tool making a comeback 'Evilgrade'Reid Brosko Predicting ExploitabilityMichael Roytam Fast wins for the defense!Justin Herman How Much Security Do You Really Need?Wendy Nather Tarnished Silver BulletsWolfgang Goerlich A Top 10 List for Better AppSec (Hint: It's Not the OWASP Top Ten)Dave Ferguson AppSec Behaviors for DevOps Breed Security Culture ChangeChris Romeo The 4 Eyes of Information SecurityFernando Montenegro Practical Security Recommendations from an Incident ResponderMatthew Aubert You and Your Technical CommunityDavid Giard Panel - Cyber Security Hiring, Retention, and How to Get the Perfect Job in a Competitive Market Misbehaving Networks?Daniel Gregory Leveraging Vagrant to Quickly Deploy Forensics EnvironmentsJeff Williams New School Security: Combat MindsetMike Behrmann[...]

BSidesCharm 2017 Videos

Sun, 30 Apr 2017 19:17:41 -0400

Link: are the videos BSidesCharm (Baltimore) 2017. Thanks for inviting me down to record KeynoteRob M Lee Clean up on Aisle APTMark Parsons Frony Fronius - Exploring Zigbee signals from Solar CityJose Fernandez Weaponizing Splunk: Using Blue Teams for EvilRyan Hays Current State of Virtualizing Network MonitoringDaniel Lohin & Ed Sealing The Not So Same-Origin PolicyDavid Petty IoT Pressure Cooker What Could Go WrongBen Actis OPSEC for the Security PractictionerMichael Clayberg Automating Bulk Intelligence CollectionGita Ziabari I Went Phishing and Caught a Charge – Maryland Law for PentestersJoshua Rosenblatt Imposter Syndrome: I Don't Feel Like Who You Think I AmMicah Hoffman The Battle for OSINT - Are you Team GUI or Team Command Line?Tracy Z. Maleeff & Joe Gray SOC Panel Keynote KeynoteJim Christy Red Teaming the BoardRobert Wood The AVATAR Project and Youda_667 Threat Hunting - Thinking About TomorrowTazz Understanding the Cybersecurity Act of 2015Jeff Kosseff Detecting the Elusive: Active Directory Threat HuntingSean Metcalf Microsoft Patch Analysis for ExploitationStephen Sims Arming Small Security Programs: Network Baseline Generation and Alerts with BropyMatt Domko The Cryptography of Edgar Allan PoeRobert Weiss (pwcrack) Closing[...]

BSides Nashville 2017 Videos

Sat, 22 Apr 2017 21:52:16 -0400 are the videos BSides Nashville 2017. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Gabe Bassett, and others for helping set up AV and record. Mental Health in Infosec: Hackers, Hugs, & DrugsAmanda Berlin Got Vendors?Armin Smailhodzic and Willie Hight Emerging Legal Trends in CybersecurityRodney Hampton Trust, But Verify, Your SAML Service ProvidersBruce Wilson Does DoD Level Security Work in the Real World?Jeff Man Abstract Tools for Effective Threat HuntingChris Sanders Infosec Tools of the Trade: Getting Your Hands DirtyJason Smith and Tara Wink How to learn reverse engineering, kick ass at bug bounties, and being a bad ass SOC analystben actis A Pyrate looks at 40Adam John Springtime for code reviewsRyan Goltry Marrying Incident Response and Threat Intel Within Your EnterpriseJoe Gray and Ben Shipley Security Guards -- LOL!Brent White Windows Operating System ArchaeologyCasey Smithand Matt Nelson Intro to drone techRon Foster Weaponizing Splunk: Using Blue Team Tools for EvilRyan Hays Chunky Cookies: Smashing Application Aware DefensesRussell Butturini[...]

Cyphercon 2.0 Videos

Sat, 1 Apr 2017 01:24:09 -0400

Link: are the videos from the Cyphercon 2.0 conference. Thanks to Michael Goetzman for having me out to record, and Paul and Tom for helping record. Opening CeremonyCypherCon Organizors KEYNOTE: STEHM is the new STEMDavid "Heal" Schwartzberg Beyond the Fringe: Anomalies of Consciousness, Experience, and Scientific ResearchRichard Thieme Cluster Cracking Passwords & MDXfindRobert Reif A Look Behind the Scenes of DEFCON DarkNetEd Abrams (zeroaltitude), Demetrius Comes (cmdc0de) JavasCrypto: How we are using browsers as Cryptographic EnginesKat Traxler Can Cryptography Frustrate Fascism?Phillip Rogaway Threat Intelligence 101: Basics without BuzzwordsM4n_in_Bl4ck Explore Wisconsin Hacker HistoryBrad Swanson Brain Based AuthenticationMelanie Segado, Sydney Swaine-Simon The Upside Down: Going from NetSec to AppSecCody Florek Tracking/Monitoring WiFi devices without being connected to any networkCaleb Madrigal Wireless Capture the FlagEric Escobar KEYNOTE: The History of Video Game Console HackingDan Loosen Protecting Passwords with Oblivious CryptographyAdam Everspaugh A Look Behind the Scenes of DEFCON DarkNet - Part II - Part IIEd Abrams (zeroaltitude), Demetrius Comes (cmdc0de) Forensic Deconstruction of Databases through Direct Storage CarvingDr. Alexander Rasin Espionage & Soviet MiGsDave Roebke Naked and Vulnerable: A Cybersecurity Starter KitShannon Fritz Wasn't DLP supposed to fix this?Amit Riswadkar (FeMaven) IoT Security Privacy Weaknesses & RansomwareRick Ramgattie Predictive Analytics and Machine Learning: 'Real' Use Cases for IT/Security ProfessionalsJohn Platais From zero to Bender in 12 months, how a software guy turned hardwareZapp Badge Panel Does DoD Level Security Work in the Real World?Jeff Man Badges[...]

Bloomcon 2017 Videos

Sat, 25 Mar 2017 16:39:46 -0400

Link: are the videos from the Bloomcon conference. Strange times we live in:Alexander Muentz Real World Examples of IT RisksFred Reck The first 48: All your data are belong to usChad Gough & Molody Haase & Jared Sikorski Deleted Evidence: Fill in the Map to Luke SkywalkerDavid Pany The Cox Fight and Beyond: Kodi, the Brave New World of Copyright Infringement, and ISP LiabilityAlex Urbelis What is the size of a sparse file in NTFSJohn Riley Black Box Mac OSX ForensicsBrian Martin Math and CryptographySam Gross Road AheadBen Tice Honey, I Stole Your C2 Server: A dive into attacker infrastructureAndrew Rector Building a Scalable Vulnerability Management Program for Effective Risk ManagementKatie Perry New results in password hash reversalMark Sanders Lessons Learned from Pwning my University Aaron ThomasAaron Thomas Windows Event Logs - Zero to HeroNate Guagenti & Adam Swan What Can my Logs Tell me?Art Petrochenko A POS Breach InvestigationKevin Strickland Abusing Google Dorking and Robots.txtDave Comstock APT-What the heck is an APT?Bill Barnes Technological Changes that Affect Forensic InvestigationsDiane Barrett Deceptive DefenceDaniel Negron Cryptography 0-128Ben Tice Sometimes They Are Innocent!Scott Inch Securely Deleting Data from SSDsStephen Larson[...]

BSides NOVA 2017 Videos

Sat, 25 Feb 2017 18:57:00 -0500

Link: are the videos from BSides NOVA 2017.. Thanks to those who manned the video rigs. AM Key NoteRon Gula Using Software Defined Radio for IoT AnalysisSamantha Palazzolo Imposter Syndrome: I Don't Feel Like Who You Think I Am.Micah Hoffman PM Keynote - Tarah Wheeler How the Smart-City becomes stupidDenis Makrushin Won't Get Fooled Again: The expected future of IoT malware and what to do about it.Blaine Mulugeta Software Supply Chains and the Illusion of ControlDerek Weeks "Humans, right?" Soft Skills in SecurityAriel Robinson Panel | Local Community Cyber Groups in NoVAJeremy Duncan Networking with Humans to Create a Culture of SecurityTracy Maleeff Why the NTP Security Problem Is Worse than You ThinkAllan Liska Bro, I Can See You Moving LaterallyRichie Cyrus Panel | Parlaying Education and Experience into an Infosec CareerForgotten Sec So you want to be a "Cyber Threat Analyst" eh?Anthony Melfi 0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On ChallengeBlaine Stancill Finding a Companies BreakPointZachary Meyers Challenges and Opportunities: Application Containers and MicroservicesAndrew Wild Cyber Hunt Challenge - Develop and Test your Threat Hunting skillsDarryl Taylor Anti-Virus & Firewall Bypass Techniques BY Candan BÃ-LÃœKBASCandan Bolukbas I'm Cuckoo for Malware: Cuckoo Sandbox and Dynamic Malware AnalysisLane Huff[...]

BSides Tampa 2017 Videos

Sun, 12 Feb 2017 13:43:48 -0500

Link: are the videos from the BSides Tampa conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. Special thanks to my video crew. Keynote Talk : - Cyber Security in the Age of Espionage Eric O'Neill (Not posted) Advanced Targeted Attack. Andy Thompson Phishing Pholks Phor Phun and ProphitErich Kron Alert All the Things! (Network Baselines/Alerts with Bro Scripts)Matthew Domko Intro to Fuzzing for Fun and ProfitBrian Beaudry KeynoteKevin Poulsen (Not Recorded) Build Your Own Physical Pentesting Go-BagBeau Bullock, Derek Banks NFC Your Smartphone's Best Friend or Worst NightmareShane Hartman e-Extortion Trends and DefenseErik Iker HIPAA for Infosec Professionals Michael Brown Deconstructing 100% JavaScript-based RansomwareJeremy Rasmussen & Paolo Soto Mozilla's tips on strong HTTPSJulien Vehent Redefining Security in a Cloud-Centric FutureMike Spaulding & Mitch Spaulding Securing The Electrical Grid From Modern ThreatsChristopher Williams Securing Agile Development Alan Zukowski What I've Learned Writing CTF ChallengesVito Genoese Build the capability to Detect, Triage And RespondScott Sattler What the Hell is ICS Security?Brandon Workentin Protecting Third-Party Risk From PlunderingStacey Banks Protecting Visual Assets: Digital Image Counter-Surveillance StrategiesNikita Mazurov & Kenneth Brown ArchStrike LinuxChad Seaman Hacking The SabbathJonathan Singer Chaining The Future: Block Chains and SecurityJoe Blankenship[...]

BSides Philadelphia 2016

Sat, 3 Dec 2016 20:38:04 -0500

Videos: are the videos from BSides Philadelphia 2016. Attacker's Perspective: A Technical Demonstration of an Email Phishing AttackZac Davis Crashing Android phones via hostile networksYakov Shafranovich I'm Cuckoo for Malware: Cuckoo Sandbox and Dynamic Malware AnalysisLane Huff How to Find a Company's BreakPointAndrew McNicol What the deuce? Strategies for splitting your alerts.John T. Myers Red Team YourselfThomas Richards KeynoteMatt Blaze Solar Flare - Pulling apart SolarWinds ORIONRob Fuller Staying Afloat in a Tsunami of Security InformationTracy Z. Maleeff Hunting: Defense Against The Dark ArtsDanny Akacki Every day is a Zero Day: Building an in-house Secure SDLC programTony Reinert Owning MS Outlook with PowershellAndrew Cole A tour through the magical wonderful world of crypto landBen Agre Remote attacks against IoTAlex Balan Hacking the Human: Social Engineering BasicsDave Comstock (sten0) Where do I start?Charles Sgrillo II Top 10 Mistakes Made In Active Directory That Can Lead To Being CompromisedAdam Steed So you want to beat the Red Team?Cameron Moore Hacking Your Way into the APRS Network on the Cheap -- Extended EditionMark Lenigan Threat Intel Analysis of Ukrainian's Power Grid HackNir Yosha Cryptography PitfallsJohn Downey Information security and the lawAlex Muentz Getting Permission to Break ThingsWilliam Bailey "Knowing the Enemy"- Creating a Cyber Threat Actor Attribution ProgramJack Johnson Red Teaming your Risk Management FrameworkKeith Pachulski Web Application Exploit 101 : Breaking Access Control and Business LogicTomohisa Ishikawa[...]

SecureWV/Hack3rcon 2016 Videos

Sun, 20 Nov 2016 20:29:15 -0500

Link: These are the videos of the presentations from Secure West Virginia 2016. Thanks to Dave, Justine and Tim for helping record. Sorry for the off audio timings, this is the first time I've used OBS Studio for a con and I was testing new capture gear. WelcomeBenny Karnes KeynoteDave Kennedy SHALL WE PLAY A GAME. How to make an two player bartop arcade machine with a Raspberry Pi.Steven Truax Maker/Hacker Space Panel - RCBI  So You Wanted to Work in InfosecJoey Maresca Making Our Profession More ProfessionalBill Gardner Special Agent Michelle Pirtle(not recorded) So You've Inherited a Security Department, Now What?Amanda Berlin SUSpect - A powershell based tool to provide early detection of ransomware and other attack techniques.Mick Douglas Building an Infosec Program from Ground Zero: From the Coat Closet to the Data CenterDavid Albaugh How to Not Cheat on Your Spouse: What Ashley Madison Can Teach Us About OpSecJoey Maresca Windows Timelines in MinutesDr. Philip Polstra Scripting Myself Out of a Job - Automating the Penetration Test with APT2Adam Compton WTF? Srsly? Oh FFS! - IR ResponsesMark Boltz-Robinson Women in Infosec PanelAdrian CrenshawAmanda BerlinTaylorBlair Gardner(not posted) Securing The Secure Shell, The Automated WayAdam Vincent Bitcoin: From Zero to "I get it."Luke Brumfield How to hack all the bug bounty things automagically & reap the rewards (profit)!Mike Baker Giving Back - Submitting to PTES 101Jeremy Mio Closing/AwardsBenny Karnes Training Intro to LinuxBenny Karnes BASH ScriptingJustin Rogosky(not recorded) Python ScriptingAdam Byers Intro to KaliWyatt Nutter Forensics Evidence CollectionJohn Sammons Intro to WireSharkJosh Brunty Intro to Digital ForensicsJohn Sammons Network Forensics using Kali Linux and/or SANS SiftJosh Brunty Mobile Forensics An IntroductionJosh Brunty [...]

GrrCON 2016 Videos

Sat, 8 Oct 2016 19:35:43 -0500

Link: These are the videos of the presentations from GrrCON 2016. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Erick, & Cooper) for recording. Thieves Act Three, The Evolution of PrivacyFinux Weaponizing Nanotechnology and hacking humans; defining the boundariesChris Roberts Becoming a Cyborg: The First Step Into Implantable TechnologyMichael Vieau Abnormal Behavior Detection in Large EnvironmentsDave Kennedy Secure DicksMichael Kemp and bad mistakes I've made a few...Jayson Street (Only first 30 min) Predator to Prey: Tracking Criminals with Trojans and Data Mining for Fun and ProfitKen Westin Guarding DinnerJ Wolfgang Goerlich Back to the Future: Understanding our future but following the pastKevin Johnson Breaking Android Apps for Fun and ProfitBill Sempf Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 YearsMatt Bromiley & Preston LewisSecurity Guards -- LOL! Brent White & Tim Roberts Pirates Internet of Things (IoT) radio frequency (RF) Analysis With Software Defined RadioKevin Bong So You Want to Be a PentesterAbsolute0x0 What do you mean I'm pwn'd! I turned on automatic updates!Scott Thomas & Jeff Baruth Surreal Paradigms: Automotive Culture CrashD0xt0r Z3r0 Reversing and Exploiting Embedded Devices (Walking the software and hardware stack)Elvis Collado Threat Detection & Response with HiparaJ. Brett Cunningham Still Broken After All These Years Aka Utility Security For Smarties Doug Nibbelink Threat Detection Response with Hipara J Brett Cunningham Quick and Easy Windows Timelines with Pyhon, MySQL, and Shell ScriptingDr. Phil Polstra Cruise Ship Pentesting OR Hacking the High SeasChad M. Dewey Using Virus Total Intelligence to track the latest Phishing Document campaignsWyatt Roersma Encryption, Mobility & Cloud Oh My! Bill Harmer Magnetic Stripes 101Tyler Keeton Machine Duping: Pwning Deep Learning SystemsClarence Chio Money, Fame, Power - Build your success as a security professionalNathan Dragun Tales from the Crypt...(analyst)Jeff Man What's in your Top Ten? Intelligent Application Security PrioritizationTony Miller Binary NinjaJared Demott Phish your employees for fun!Kristoffer MarshallMad Scientists Securing Trust - Defending Against Next-generation AttacksJohn Muirhead-Gould Five Nights At Freddys: What We Can Learn About Security From Possessed BearsNick Jacob Make STEHM Great AgainDavid "HealWHans" Schwartzberg Pentester-to-customer:I will 0wn your network! - Customer-to-pentester:No, I will make you cry!David Fletcher & Sally Vandeven How Do You Secure What You Don't ControlDimitri Vlachos Fighting the Enemy WithinMatt Crowe Getting to the Root of Advanced Threats Before ImpactJosh Fazio Bad Guys Look Just Like You Justin Beard Reality-Checking Your AppSec ProgramDarren Meyer How to Implement Crypto PoorlySean Cassidy Stop attacking your mother's car! Charles Parker, II Contracting: Privacy Security and 3rd PartyNathan Steed & Kenneth Coleman Alignment of business and IT SecurityShane Harsch So You've Inherited a Security Department, Now What?Amanda Berlin Piercing the Air Gap: Network Steganography for EveryoneJohn Ventura On being an Eeyore in InfosecStefan Edwards Welcome to The World of Yesterday, Tomorrow!Joel Cardella Board Breaking[...]

Derbycon 2016 Videos

Mon, 26 Sep 2016 00:26:55 -0400

Link: Videos
The link above is where I will be putting presentations from Derbycon 2016 (it will take a few days). Big thanks to my video jockeys Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Fozy, nightcarnage, Evan Davison, Chris Bridwell, Rick Hayes, Tim Sayre, Lisa Philpott, Ben Pendygraft, Sarah Clarke, Steven (SciaticNerd), Cory Hurst, Sam Remington, Barbie, Chris Bissle (and maybe the speakers too I guess).(image)

Louisville Infosec 2016 Videos

Tue, 20 Sep 2016 21:51:52 -0400

Link: are the videos from the Louisville Infosec 2016 conference. Thanks to all the video volunteers for helping me record.  Morning KeynoteChandler HowellRyan J. MurphyJohn Pollack The Domain Name System (DNS) - Operation, Threats, and Security IntelligenceTom Kopchak Insiders are the New MalwareBrian Vecci Cloud Security; Introduction To FedRAMPSese Bennet Cloud Access Security Broker - 6 Steps To Addressing Your Cloud RisksMatt Bianco Not One Thin Dime: Just Say No to Ransomware!Mick Douglas Securing Docker ContainersChris Huntington Emerging Governance Frameworks for Healthcare SecurityMax Aulakh Building Our WorkforceKristen Bell The Art of Offense and DefenseMark Loveless The Current State of Memory ForensicsJason Hale Understanding Attacker's use of Covert CommunicationsChris Haley How to Talk to Executives about SecurityHarlen Compton Pen Testing; Red and Blue Working TogetherMartin Bos Data Loss Prevention - How to get the most for your buckBrandon Baker The Transition: Risk Assessment > Risk ManagementMike Neal Darwinism vs. ForensicsBill Dean Closing[...]

BSides Augusta 2016 Videos

Sun, 11 Sep 2016 14:56:11 -0400

Link: are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail and everybody that staffed a recording rig. Keynote Keynote - Robert Joyce Super Bad Mobile HackingAaron Guzman Incident Response AwakensTom Webb Dr. Pentester or: How I Learned To Stop Worrying and Love the Blue TeamRyan O'Horo Exploit Kits/ Machine LearningPatrick Perry Detection of malicious capabilities using YARABrian Bell Owning MS Outlook with PowershellAndrew Cole RAT Reusing Adversary TradecraftAlexander Rymdeko-Harvey Internet of TerribleBrandon McCrillis I Got You Using Honeypots for Network Security MonitoringChris Sanders This one weird trick will secure your web server!David Coursey This is not your Momma's Threat IntelligenceRob Gresham Moving Target Defense: Evasive Maneuvers in CyberspaceAdam Duby Beyond Math: Practical Security AnalyticsMartin Holste Exploit Kits and Indicators of CompromiseBrad Duncan ICS/SCADA Threat HuntingRobert M. Lee and Jon Lavender Agilely Compliant yet InsecureTom Ruff It's Too Funky In Here Gamification for the WinJosh Rykowski and Scott Hamilton IDS/IPS Choices: Benefits, Drawback and ConfigurationsForgottenSec Micro-segmentation and Security: The Way ForwardJack Koons Adventures in RAT devHunter Hardman Linux privilege escalation for fun, profit, and all around mischiefJake Williams How About a Piece of Pi - Experiences with Robots and Raspberry Pi HackingJohn Krautheim Flaying out the Blockchain Ledger for Fun, Profit, and Hip HopAndrew Morris Network Situational Awareness with Flow DataJason Smith Living In A America A worm in the Apple - examining OSX malwareWes Widner You TOO can defend against MILLIONS of cyber attacksMichael Banks Finding Evil in DNS TrafficKeelyn Roberts Ransomware Threats to the Healthcare IndustryTim Gurganis Using Ransomware Against ItselfTim Crothers and Ryan Borres Hunting: Defense Against The Dark ArtsJacqueline Stokes, Danny Akacki, and Stephen Hinck Automating Malware Analysis for Threat IntelligencePaul Melson Hide and Seek with EMETJonathan Creekmore and Michael Edie[...]

Converge 2016

Sat, 16 Jul 2016 09:45:15 -0400

Link: are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Chris, Daniel, Daniel, Ed, Ben, Sam, Adam & Eric and others I may forget for helping to record. Intro Keynote 1Steve Werby So You've Inherited a Security Department, Now What?!?!Amanda Berlin Violating Trust: Social Engineering Past and PresentPaul Blonsky AppSec Awareness: A Blue Print for Security Culture ChangeChris Romeo Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester Mistakes Jeremy Nielson Threat Modeling for Secure Software DesignRobert Hurlbut Not Even One Shade of Gray: Stop Tolerating Compromise in SecurityRich Boyer MySQL 5.7 SecurityDave Stokes Evolving the Noise out InfoSec using Law Enforcement ParadigmsCharles Herring Game of Hacks - Play, Hack, and TrackIgor Matlin Red is the new Blue - Defensive Tips & Tricks from a Defender turned PentesterBen Ten Building a better user: Developing a security-fluent societyRich Cassara Food FightJ Wolfgang Goerlich Maneuvering Management MadnessAndrew Hay Enterprise Class Threat Management Like A BossRockie Brockway Compliant, Secure, Simple. Pick two.Joshua Marpet Sentry on the WallReid Brosko Expanding Your Toolbox the DIY WayChris Maddalena Surreal Paradigms: Automotive Culture CrashDave Schaefer Haking the Next GenerationDavid Schwartzberg Malware Magnets: A practical walkthrough in developing threat intelligenceTazz Tazz Still broken after all these years aka Utility Security for SmartiesDoug Nibbelink[...]

BSides Cleveland 2016 Videos

Sat, 25 Jun 2016 21:22:32 -0400

Link: are the videos from the BSides Cleveland conference. Thanks to djaj9, JDogHerman, jayw0k, Kevin, f0zziehakz & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. Morning KeynoteIan Amit Elementary, my dear Watson - A story of indicatorsNir Yosha Preventing credential theft & lateral movement after initial compromise.Cameron Moore Ask a CISOJamie Murdock Crime Prevention Through Environmental DesignMichael Mendez Fun with One Line of PowershellMatthew Turner Learning From Pirates of the Late 1600s - The first APTAdam Hogan Food Fight!Wolfgang Goerlic Afternoon KeynoteChris Roberts The Art of Bit-Banging: Gaining Full Control of (Nearly) Any Bus ProtocolAaron Waibel Playing Doctor: Lessons the Blue Team can Learn from Patient EngagementJ Wolfgang Goerlich & Stefani Shaffer-Pond Security Automation in your Continuous Integration PipelineJimmy Byrd The WiX Toolset, How to Make Your Own MSIsCharles Yost A Rookie PoV: The Hollywood FallacyRaquel Milligan Port Scanning the Hermit Kingdom: Or What NMAP Can Teach Us About GeopoliticsThomas Pieragastini Responder for Purple Teams Kevin Gennuso Splunk for IR and ForensicsTony Iacobelli Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers Eric Mikulas SafeCracking on a Budget ReduxDavid Hunt and Zack Nagaich Process VentriloquismSpencer McIntyre The Digital Beginning of the Analog EndBrad Hegrat Gamify Security Awareness: Failure to Engage is Failure to SecureMichael Woolard Cons and Conjurers: Lessons for InfiltrationPaul Blonsky Closing KeynoteDavid Kennedy[...]

ShowMeCon 2016 Videos

Wed, 15 Jun 2016 00:36:49 -0400

Link: are the videos ShowMeCon 2016. Thanks to Renee & Dave Chronister (@bagomojo), Renee and others for having me out to record and speak. Also thanks to my video crew Mathew, Morgan, James and some other people I may have forgotten. Red is the New BlueBenOxa My Cousin Viinny: Ethics and Experience in Security "Research"Kevin Johnson The Psychology of Social EngineeringDave Chronister Show Me Your Tokens (and Ill show You Your Credit Cards)Tim MalcomVetter IRLHN Pt.3 Intermediate Networking Techniques for the Recovering IntrovertJohnny Xmas And Bad Mistakes…I've made a fewJayson Street All your Door(s) Belong to Me - Attacking Physical Access SystemsValerie Thomas Exploiting First Hop Protocols to Own the NetworkPaul Coggin Check Yo Self Before you Wreck Yo Self: The new wave of Account Checkers and Underground Rewards FraudBenjamin Brown The Collission Attack - Attacking CBC and related EncryptionsFontbonne It's not a sprint….Tim Fowler Social Media Risk Metrics - There's a way to measure how +@&# you are onlineIan Amit Attacking OSX for fun and profit: tool set limiations, frustration and table flipping.Dan Tentler The Art of AV Evations - Or Lack ThereofChris Truncer Understanding Offensive and Defense - Having a purple view on INFOSECDave Kennedy Breaking the Teeth of Bluetooth PadlocksAdrian Crenshaw PowerShell Phishing Response ToolkitJosh Rickard Championing a Culture of Privacy: From Ambivalence to Buy-INHudson Harris Why Compliance Matters; You've Been Doing it WrongStacey Banks How to Build a Home LabTimothy De Block Logging for Hackers, How you can catch them with what you already have and a walk through of an actual attack and how we caught it.Michael Gough Where to Start when your environment is F*(3dAmanda Berlin[...]

Circle City Con 2016 Videos

Sun, 12 Jun 2016 23:09:41 -0400

Link: are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Mike, 3ncr1pt3d, fl3uryz, InfaNamecheap, f0zziehak, Chris, PhenixFire, Sammy and other for helping set up AV and record. Opening CeremonyCircleCityCon Staff Keynote - Dave LewisDave Lewis Food Fight!Wolfgang Goerlich Binary defense without privilegeSteve Vittitoe Establishing a Quality Vulnerability Management Program without Wasting Time or MoneyZee Abdelnabi (not posted) Why it's all snake oil - and that may be okPablo Breuer Break on Through (to the Other Side)Grape Ape Bootstrapping A Security Research ProjectAndrew Hay Playing Doctor: Lessons the Blue Team Can Learn from Patient EngagementWolfgang Goerlich Planes, Trains and Automobiles: The Internet of Deadly ThingsBryan K. Fite Killing you softlyJosh Bressers Now You See Me, Now You Don't - Leaving your Digital FootprintAamir Lakhani Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester MistakesJeremy Nielson Open Source Malware LabRobert Simmons So you want to be a CISO?Von Welch You want to put what…where?John Stauffacher  IoT on Easy Mode Reversing and Exploiting Embedded Devices Elvis Collad Top 10 Mistakes in Security Operations Centers, Incident Handling & ResponsePaul R. Jorgensen Untrusted Onions: Is Tor Broken?Joshua Galloway Contextual Threat Intelligence: Building a Data Science Capability into the Hunt TeamBrian Genz Head in the Sand Defence or A Stuxnet for MainframesHaydn Johnson; Cheryl Biswas SIEM, Supersized!Walleed Aljony Fantastic OSINT and where to find itTony Robinson (da_667) Creating a Successful Collegiate Security Club (WIP)Chris "Lopi" Spehn; Adam "avidhacker" Ringrood Where to Start When Your Environment is F*(K3dInfoSystir (Amanda Berlin) Haking the Next GenerationDavid Schwartzberg Exfil and Reverse Shells in a Whitelisted World Hacking Our Way Into HackingKat Sweet Attacking OSX for fun and profit: Toolset Limitations, Frustration and Table FlippingViss (Tentler) Intro to Mobile Device TestingDamian Profancik Your Password Policy Still Sucks!Martin Bos Closing CeremonyCircleCityCon Staff[...]

NolaCon 2016

Sun, 22 May 2016 15:01:24 -0400

Link: at NolaCon 2016. Thanks to @CurtisLaraque, @HoltZilla, @sid3b00m & @ynots0ups for the video recording help, and @nola_con, @erikburgess_, & Rob for having me down to record. Intro Analyzing DNS Traffic for Malicious Activity Using Open Source Logging ToolsJim Nitterauer Snake Charming: Fun With Compiled PythonGabe K Monitoring & Analysis 101: N00b to Ninja in 60 MinutesGrecs Calling Captain Ahab: Using Open Tools to Profile Whaling CampaignsRyan Jones, McOmie Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards FraudBenjamin Brown Introducing the OWASP API Security ProjectLeif Dreizler, David Shaw Breaking Barriers: Adversarial Thinking for DefendersStacey Banks It's Just a Flesh Wound!Brett Gravois Owning MS Outlook with PowerShellAndrew Cole Why can't Police catch Cyber Criminals?Chip Thornsburg KeynoteDavid Kennedy Calling Captain Ahab: Using Open Tools to Profile Whaling CampaignsMatt Bromiley Haking the Next GenerationDavid Schwartzberg Hacking Web Apps (v2)Brent White Evolving Your Office's Security Culture by Selective Breeding of Ideas and PracticesNancy Snoke I Promise I'm Legit: Winning with WordsCyni Winegard &  Bethany Ward You Pass Butter: Next Level Security Monitoring Through ProactivityCry0, S0ups Going from Capture the Flag to Hacking the Enterprise. Making the switch from 'a hobby and a passion' to a lifelong career Joseph Pierini Hackers are from Mars, CxO's are from JupiterRob Havelt Don't be stupid with GitHubMetacortex DDoS: Barbarians at the Gate(way)Dave Lewis Hunting high-value targets in corporate networksJosh Stone[...]

BSides Nashville 2016 Videos

Sun, 17 Apr 2016 08:59:02 -0400

Link: are the videos BSides Nashville 2016. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Gabe Bassett, Nate and Alex McCormack for helping set up AV and record. And bad mistakes I've made a fewJayson Street At the mountains of malwareWes Widner Collection and Detection with Flow Data: A Follow UpJason Smith Container Chaos: Docker Security Container AuditingChris HuntingtonIt's Not If But When: How to Create Your Cyber Incident Response PlanLucie Hayward, Marc Brawner Threat Modeling the Minecraft WayJarred White AppSec Enigma and Mirage - When Good Ideas Can Go AwryFrank Catucci The Art of the Jedi Mind TrickJeff Man How to get into ICS securityMark Heard The Ransomware Threat: Tracking the Digital FootprintsKevin Bottomley InfoSecs in the City - Starting a Successful CitySec MeetupJohnny Xmas, Fletcher Munson, Chris Carlis, Kate Vajda Ever Present Persistence - Established Footholds Seen in the WildEvan Pena, Chris Truncer Forging Your Identity: Credibility Beyond WordsTim Roberts, Brent White IAM Complicated: Why you need to know about Identity and Access ManagementRon Parker Put a Sock(et) in it: Understanding and Attacking Sockets on AndroidJake Valletta[...]

Central Ohio Infosec Summit 2016 Videos

Thu, 31 Mar 2016 08:48:56 -0400

Link: are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record. Track 1 Penetrating the Perimeter - Tales from the BattlefieldPhil Grimes Navigating the FDA Recommendations on Medical Device Security _ and how they will shape the future of all IoTJake "malwarejake" Williams Detecting the Undetectable: What You Need to Know About OSINTJerod Brennen Why I quit my dream job at Citi - A data centric approach to key managementMike Bass Fail Now _ So I Don't Fail Later "A look into security testing and training methodologies"Deral Heiland Putting the Intelligence back in Threat IntelligenceEdward McCabe All Your Door Belong To Me: Attacking Physical Access SystemsValerie Thomas The Humanity of Phishing Attack and DefenseAaron Higbee The Node Highway: Attacks Are At Full ThrottleJoshua Clark Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway Understanding Attacker's use of Covert CommunicationsChris Haley InfoSec ProductizationDavid Kennedy Track 2 Future of Information Security Governance, Risk and ComplianceMax Aulakh, Bill Lisse How Experts Undermine Your Forensic EvidenceMatthew Curtin Datacenter Security VirtualizedJohn Michealson Embracing the CloudLisa Guess "It was the best of logs, it was the worst of logs" - Stories through LoggingTom Kopchak Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities via Hardware Reverse EngineeringStephen Halwes, Timothy Wright PKI-Do You Know Your Exposure?Kent King No Tradeoffs: Cloud Security and Privacy Don't Need to Be at OddsJervis Hui Today's Threat LandscapeDean Shroll 6 Critical Criteria For Cloud Workload SecuritySam Herath Track 2 Educating the Board of DirectorsBob West Burp Collaborator: The Friend You Didn't Know You NeededJon Gorenflo Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger Threat Modeling for Secure Software DesignRobert Hurlbut IAST Deep Dive: Understanding Interactive Application Security TestingOfer Maor Building an Application Security ProgramMike Spaulding Formal Verification of Secure Software SystemsAaron Bedra AppSec without additional toolsJason Kent Leveraging your APM NPM solutions to Compliment your Cyber Defense StrategyKen Czekaj, Robert Wright Artificial Intelligence Real Threat PreventionArt Hathaway Defending the Next Decade - Building a Modern Defense StrategyMark Mahovlich Track 3 Security vs Compliance in HealthcareSean Whalen How to Secure Things & Influence People: 10 Critical Habits of Effective Security ManagersChris Clymer, Jack Nichelson Economically Justifying IT Security InitiativesRuben Melendez Cross Industry CollaborationHelen Patton Third Party Risk Governance - Why and HowJeffrey Sweet IT Data Analytics: Why the cobbler's children have no shoesCarolyn Engstrom BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce riskSteven Keil Disaster Recovery and Business Continuit[...]

CypherCon 2016 Videos

Sat, 12 Mar 2016 23:10:43 -0400

Link: are the videos from the Cyphercon 2016 conference. Thanks to Michael Goetzman for having me out to record. CYPHERCON's Opening Ceremony Begins!Korgo Security Control Wins & FailsJason Lang Offensive Wireless Tactics “used in DEFCON 23’s Wireless CTF”Eric Escobar China’s Hackers and Cyber SovereigntyLieutenant Colonel Bill Hagestad II You’re Right, This SucksJ0hnnyxm4s & Lesley Carhart No encrypted data on this drive; just pictures of my catParker Schmitt Curry and TARTSJP SMITH All your Wheaties belong to us. Removing the basics that humans need for survival.Chris Roberts CYPHERCON I Conference Begins!Korgo & The CYPHERCON PuzzleMaster SpeaksBeLouve P.I.S.S.E.D. Privacy In a Surveillance State, Evading DetectionJoe Cicero Bypassing Encryption by Attacking the Cryptosystem PerimeterTrenton Ivey Hypervault Demo& HTTP and SSH TunnelingCaleb Madrigal Quantum Computation and Information SecurityDavid Webber Medical Devices: Pwnage & HoneypotsScott Erven ESPIONAGE • A WEAPON DURING THE COLD WARWerner Juretzko[...]

BSides San Francisco 2016 Videos

Tue, 1 Mar 2016 11:44:27 -0500

Link: These are the videos from the BSides San Francisco conference. Special thanks to Mike & Doug for having me out, Steen, Zappo & Jeremy for their house AV work, and n0ty3p, Forest, Nick, James & others I'm forgetting for their help recording Track 1 Keynote: A Declaration of the Independence of Cyberspace John Perry Barlow The Tales of a Bug Bounty Hunter Arne Swinnen Reverse Engineering the Wetware: Understanding Human Behavior to Improve Information Security Alexandre Sieira, Matthew Hathaway Who's Breaking into Your Garden? iOS and OS X Malware You May or May Not Know Claud Xiao A year in the wild: fighting malware at the corporate level Kuba Sendor Breaking Honeypots for Fun and Profit Gadi Evron, Dean Sysman, Itamar Sher Everything Is Awful (And You're Not Helping) Jan Schaumann Why it's all snake oil - and that may be ok Pablo Breuer Ask the EFF Kurt Opsahl, Eva Galperin, Andrew Crocker, Shahid Buttar, Cooper Quintin Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections Tomer Bitton, Udi Yavo Sweet Security: Deploying a Defensive Raspberry Pi Travis Smith Planning Effective Red Team Exercises Sean T. Malone Fraud Detection & Real-time Trust Decisions James Addison Fuzz Smarter, Not Harder (An afl-fuzz Primer) Craig Young Elliptic Curve Cryptography for those who are afraid of mathematics Martijn Grooten APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for Gadi Evron Sucker-punching Malware: A Case Study in Using Bad Malware Design Against Attackers John Bambenek, Hardik Modi Employee Hijacking: Building a hacktober awareness program Ryan Barrett, Ninad Bhamburdekar, Dylan Harrington Track 2 Mainframes? On My Internet? Soldier of Fortran (not recorded) Securing the Distributed Workforce William Bengtson Hackers Hiring Hackers - How to hack the job search and hack talent IrishMASMS (not recorded) Scan, Pwn, Next! - exploiting service accounts in Windows networks Andrey Dulkin, Matan Hart Guest to root - How to Hack Your Own Career Path and Stand Out Javvad Malik IoT on Easy Mode (Reversing Embedded Devices) Elvis Collado In the crosshairs: the trend towards targeted attacks Lance Cottrell Developing a Rugged DevOps Approach to Cloud Security Tim Prendergast Digital Intelligence Gathering: Using the Powers of OSINT for Both Blue and Red Teams Ethan Dodge, Brian Warehime Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness Alex Pinto The Ransomware Threat: Tracking the Digital Footprints Kevin Bottomley Access Control in 2016 - deep dive Dr. Ulrich Lang Using Behavior to Protect Cloud Servers Anirban Banerjee The Art of the Jedi Mind Trick Jeff Man Mobile App Corporate Espionage Michael Raggo Advanced techniques for real-time detection of polymorphic malware Ajit Thyagarajan[...]

BSides Columbus 2016 Videos

Tue, 19 Jan 2016 17:09:18 -0500

Link: are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and Greg, James & Brandon who manned the video rigs. Keynotes Keynote Thomas DrakeThomas Drake Offence Where Did All My Data GoDeral Heiland Developers: Care and FeedingBill Sempf Open Secrets of the Defense Industry: Building Your Own Intelligence Program From the Ground UpSean Whalen The Economics of Exploit Kits & E-CrimeAdam Hogan Hacking Corporate Em@il SystemsNate Power All Your Base Still Belong To Us: Physical Penetration Testing Tales From The TrenchesValerie Thomas & Harry Regan (Not recorded) Defense Establishing a Quality Vulnerability Management Program without Wasting Time or MoneyZee Abdelnabi (not posted) Practical DLP Deployment for your OrganizationJon Damratoski The Good The Bad and The Endpoint ProtectionJoseph Ciaravino Securing Docker InstancesChris Huntington Better SIEM Notifications - Making Your SIEM Situationally AwareJesse Throwe Social Media Correlation of Credit Card FraudstersChris Cullison & CW Walker Special Teams Removing Barriers of Diversity in Information SecurityHelen Patton & Connie Matthews Panel Discussion: InfoSec Trends, Talent Management, and RetentionMichael Butts, AJ Candella & Megan Wells Indecision and Malformed Conclusions: The things that stifle security improvement and what can be done about them.Tyler Smith Gamify Awareness Training: Failure to engage is failure to secureMichael Woolard The Long and Winding Road: An InfoSec Career PanelLonnie Kelley & Valerie Thomas The Pineapple is dead..Long live the PineappleDavid Young [...]

SecureWV 2015 Videos

Sun, 8 Nov 2015 16:40:40 -0500

Link: are the videos of the presentations from Secure West Virginia 2015. SecureWV IntroBenny Karnes Building a CantennaEd Collins Dropping Docs on Darknets Part 2 Identity BoogalooAdrian Crenshaw Network Segmentation - Some new thoughtsMark Jaques and Brandon Schmidt Security OnionBrandon Schmidt DronesMike Lyons The Lemonaid Pomegranite, basics of security in a digital worldTim Sayre My Little P0ny: What you can do with 20 lines of code and an open machineMark Jaques and Brandon Schmidt And now for something completely different, security at Top O RockTim Sayre The Art of Post-Infection Response and MitigationCaleb J. Crable Documenting With ASCIIDOCJeff Pullen The Core of Cybersecurity: Risk ManagementJosh Spence The Unique Challenges of Accessing Small and Medium Sized OrganizationsBill Gardner OpenNSM, ContainNSM, and DockerJon Schipp Here is your degree. Now what?Shawn Jordan Wolf in shell's clothing, why you should be skeptical of your trusted toolsJeff Pullen[...]

HouSecCon v6 2015 Videos

Fri, 16 Oct 2015 01:49:51 -0500

Link: These are the videos from HouSecCon 2015 v6. Thanks to Michael R. Farnum for having my down and all of the video crew. Opening Keynote - Mike RothmanChris Jordan - Fluency: A Modern Approach to Breach Information and Event Management Dennis Hurst - Application Security in an Agile SDLC Wendy Nather - How Google turned me into my mother: the proxy paradox in security Chris Boykin - Mobile Threat Prevention Adrian Crenshaw - Dropping Docs on Darknets Part 2: Identity Boogaloo Julian Dunning - Kraken: The Password Devourer Trey Ford - Maturing InfoSec: Lessons from Aviation on Information Sharing Richard Peters and Matthew Roth - Parasyste: In search of a host Lunch/ISACA Session Damon Small - Connections: From the Eisenhower Interstate System to the Internet Rich Cannata - Arm Your Endpoints Anthony Blakemore - Removing the Snake Oil From Your Security Program Erik Freeland - Does SDN Mean Security Defined Networking? Danny Chrastil - What I know about your Company Lunch / Business Skills Workshop Josh Sokol - The Fox is in the Henhouse: Detecting a Breach Before the Damage is Done Jason Haddix - How to Shot Web: Better Web Hacking in 2015 Zac Hinkel, Andrew Huie, and Adam Pridgen - Arm Your Endpoints Dan Cornell - SecDevOps: A Security Pro's Guide to Development Tools Closing Keynote - Eric Cowperthwaite - Everything I need to know about Information Security, I Learned Shooting Tank Guns Closing[...]

GrrCON 2015 Videos

Sun, 11 Oct 2015 16:19:45 -0400

Link: These are the videos of the presentations from GrrCON 2015. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Justine, Aaron & Brian) for recording. AntiFreeze Subject matter to be determined by the number of federal agents present in the audienceChris Roberts Breaking in Bad (I,m The One Who Doesn,t Knock)Jayson Street Process The Salvation of Incident Response - Charles Herring But Can They Hack?: Examining Technological Proficiency in the US Far RightTom Holt The wrong side of history - everything that is old is new againArron Finnon Poking The BearMike Kemp The Hitch Hikers Guide to Information SecurityKellman Meghu Backdooring GitJohn Menerick Spanking the Monkey (or how pentesters can do it better!)Justin Whithead, Chester Bishop Adding +10 Security to Your Scrum Agile EnvironmenttehEx0dus How I Got Network Creds Without Even Asking: A Social Engineering Case StudyJen Fox Shooting Phish in a Barrel and Other Terrible Fish Related Punsinfosystir This Is All Your FaultDuncan Manuts The Safety You Think You Have is Only a MasqueradeNathan Dragun Bumper Massage Security Incident ResponseDerek Milroy Hacking the Next GenerationHealWHans Findings Needles in a Needlestack: Enterprise Mass TriageKeven Murphy Punch and Counter-punch Part Deux: Web ApplicationsJ Wolfgang Goerlich, NerdyBeardo Application Recon - The Lost ArtTony Miller The Hand That Rocks the Cradle: Hacking Baby MonitorsMark Stanislav Software Security IWRThomas "G13" Richards Cyber 101 - Upstaring your career in a leading industryJohnny Deutsch Understanding and Improving the Military Cyber CultureDariusz Mikulski Harness the Force for Better Penetration TestingPatrick Fussell Targeted Attacks and the Privileged PivotMark Nafe Shell scripting live Linux ForensicsDr. Phil Polstra Can you patch a cloud?Scott Thomas Is it EVIL?Chaoticflaws  Submerssion Therapy Ticking me off: From Threat Intel to ReversingJuan Cortes Securing Todays Enterprise WANAndy Mansfield Footprints of This Year's Top Attack VectorsKerstyn Clover Phones and Privacy for ConsumersMatt Hoy (mattrix) and David Khudaverdyan (deltaflyer) Path Well-Traveled: Common Mistakes with SIEMNick Jacob How compliance doesn't have to suck….at least totallyRobert Carson & Bradley Stine What is a cloud access broker and do I need one?Tom Doane Security Frameworks: What was once old is new againBrian Wrozek Attacks Against Critical Infrastructures Weakest LinksJonathan Curtis Wireless Intrusion Detection Systems with the Raspberry PiChris J No One Cares About Your Data Breach Except You ... And Why Should They?Joel Cardella[...]

Louisville Infosec 2015 Videos

Wed, 30 Sep 2015 15:20:51 -0400

Link: are the videos from the Louisville Infosec 2015 conference. Thanks to @theglennbarrett, Jordan, Daren and @bridwellc for helping me record. Nexum FireEye Keynote Advesarial Paradigm Shift Che Bhatia and Artie Crawford Compromise Analysis - Why we’re seeing so many breaches Dave KennedyFounder of TrustedSecWhat to Expect When You're Expecting a PentestMartin BosMemory Acquisition in Digital Forensics and Incident ResponseJason HaleVisualizing Complex Cyber Compliance Data Using Big Data ToolsMax AulakhHacking Web Apps with Style: Path Relative StyleJeremy DruinTSA Luggage Lock DuplicationAdrian CrenshawCloud Device InsecurityJeremy BrownHow the Cloud Drives Better SecurityKevin PetersonHeartbleed, ShellsShock, and PoodlesJason GillamUsing Gamification in Security Awareness TrainingBrandon BakerMore Technology, More People, No ProcessMike RobinsonPreventing Common Core Pen TestsNathan SweaneyAshley Madison BreachJeff JareckiIntegrating Mobile Devices into Your Pen-TestingGeorgia Weidman Home Depot vs The WorldRodney Hampton[...]

DerbyCon 5 Videos

Mon, 28 Sep 2015 20:36:19 -0400 are the videos of the presentations from Derbycon 2015. Big thanks to my video jockeys Sabrina, Skydog, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Fozy, nightcarnage, Evan Davison, Chris Bridwell, Rick Hayes, Tim Sayre, Lisa Philpott, Melanie Lecompte, Ben Pendygraft, Austin Hunter, Harold Weaver, Michael Shelburne (and maybe the speakers too I guess). Welcome to the Family – IntroJordan Harbinger KeynoteInformation Security Today and in the FutureHD Moore – Ed Skoudis – John Strand – Chris Nickerson – Kevin Johnson – Katie Moussouris hosted by David KennedyThe M/o/Vfuscator – Turning 'mov' into a soul-crushing RE nightmare – Christopher DomasAND YOU SHALL KNOW ME BY MY TRAIL OF DOCUMENTATION – Jason ScottRed vs. Blue: Modern Active Directory Attacks & Defense – Sean Metcalf "@PyroTek3"Metasploit Town Hall – David Maloney "thelightcosine" – James Lee "egyp7" – Tod Beardsley "todb" – Brent Cook "busterbcook"$helling out (getting root) on a 'Smart Drone' – Kevin Finisterre – solo apePhishing: Going from Recon to Creds – Adam Compton – Eric GershmanAPT Cyber Cloud of the Internet of Things – Joey Maresca (@l0stkn0wledge)Stealthier Attacks and Smarter Defending With TLS Fingerprinting – Lee BrotherstonHoneypots for Active Defense – Greg FossManufactorum Terminatus – The attack and defense of industrial manufacturers – Noah Beddome – Eric MilamHigh Stake Target: Lo-Tech Attack – Bill Gardner "oncee" – Kevin CordleOperating in the Shadows – Carlos Perez "darkoperator"Getting Started with PowerShell – Michael Wharton "MyProjectExpert" When A Powerful Platform Benefits Both Attackers And Defenders: Secure Enhancements To Scripting Hosts In Windows 10 – Lee HolmesA deep look into a Chinese advanced attack. -Michael Gough – "HackerHurricane"Pavlovian Security: How To Change the Way Your Users Respond When the Bell Rings – Magen Wu (@tottenkoph) – Ben Ten (@ben0xa)The State of Information Security Today – Jeff ManLearning through Mentorship – Michael Ortega "SecurityMoey" – Magen Wu "Tottenkoph"The Law of Drones – Michael "theprez98" SchearerThe Phony Pony: Phreaks Blazed The Way – Patrick McNeil "Unregistered436" – Owen "Snide"HackerQue – Michael Smith (DrBearSec) – Kyle Stone (Essobi)Current Trends in Computer Law – Matthew Perry (Mostly no audio)Spankng the Monkey (or how pentesters can do it better!) – Justin Whitehead "(at)3uckaro0" – Chester Bishop "@chet121"On Defending Against Doxxing – Benjamin Brown AjnachakraPractical Windows Kernel Exploitation – Spencer McIntyre @zeroSteinerShooting Phish in a Barrel an[...]

BSides Augusta 2015 Videos

Sun, 13 Sep 2015 05:46:28 -0400

BSides Augusta 2015 VideosThese are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail, Robert, Mike, John, Ryan, Harry and others for manning capture rigs. Keynotes WelcomeMajor General Fogarty KeynoteEd Skoudis Blue Team Track 1 Fundamental Understanding of Baseline Analysis and Remediation for Industrial Control SystemsJuli Joyner and Jeffrey Medsger Taking a Distributed Computing Approach to Network Detection with Bro and “The Cloud”Mike Reeves  A Scout's Perspective on Network DefenseJustin Edgar Doomsday Preppers: APT EditionTanner Payne Building a Better Security Analyst Using Cognitive PsychologyChris Sanders Viper Framework for Malware AnalysisPaul Melson Infiltrating C2 InfrastructureTim Crothers Building “Muscle Memory” with Rekall Memory Forensic FrameworkAlissa Torres The Blue Team Starter KitTimothy De Block Red Team Track Using a HackRF One to Infiltrate the Digital Thetford WallPatrick Perry Malvertizing Like a ProAlex Rymdeko-Harvey Weaponizing our youth: The Case for Integrated Cyber EthicsJosh Rykowski Making Everything Old New AgainAndrew Cole and Rich Moulton DIY Vulnerability Discovery with DLL Side LoadingJake Williams Recon-ng and BeyondTim Tomes Attacking OWASP - Exploiting the Top 10David Coursey Blue Team Track 2 Go Hack YourselfJason Frank 2015 - It's not over yet…Joel Esler How to Get Into ICS SecurityChris Sistrunk Destruction as a Service: Security Through ReanimationJon Medina The Programmatic Evolution of Technology Defense.Roland Cloutier Lessons Learned from Analyzing Terabytes of MalwareWes Widner[...]

BSidesLV 2015 Videos

Thu, 6 Aug 2015 16:11:54 -0400

Working on getting all of the BSidesLV videos at the link above. I hope to make a full entry once they are all indexed.(image)

BSides Detroit2015 Videos

Sat, 18 Jul 2015 22:17:04 -0400

Link: are the videos from the BSides Detroit 2015 Conference. Thanks to Wolf for having me out and Chris, Justine, Robin, Sam, Mike and others I may forget for helping to record. Keynote Information Security Reconciliation: The Scene and The ProfessionMark Stanislav Track 1 Level One: How To Break Into The Security FieldAaron Moffett Hacker High - Why We Need To Teach Computer Hacking In SchoolsRon Woerner Getting Started - Help Me Help YouDavid Trollman From Blue To Red - What Matters and What (Really) Doesn'tJason Lang Clear as F.U.D.: How fear, uncertainty, and doubt are affecting users, our laws, and technologiesChristopher Maddalena Data Breaches: Simply The Cost Of Doing BusinessJoel Cardella Eating the SMB Security Elephant - An ITSEC framework for small IT shopsAusten Bommarito  Track 2 Enterprise Class Vulnerability Management Like A BossRockie Brockway Funny Money: What Payment Systems Teach us about SecurityDrew Sutter Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in businessSteven Legg Moving past Metasploit: Writing your first exploitCalvin Hedler Wielding BurpSuite: quick-start your extensions and automation rulesMarius Nepomuceno Browser and Windows Environment HardeningKurtis Armour[...]

Converge 20015 Videos

Fri, 17 Jul 2015 23:47:47 -0400

Links: are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Chris, Ben, Briee, Nick and others I may forget for helping to record. Keynotes Hacking To Get Caught - KeynoteRaphael Mudge Breaking in Bad (I'm the one who doesn't knock)Jayson E. Street Track 1 Weaving Security into the SDLCBill Sempf If My CI/CD Teams have Time for Security, So Does YoursKevin Poniatowski Adaptive Monitoring and Detection for Todays LandscapeJamie Murdock Threat Intelligence - A Program Strategy ApproachJenn Black Cymon: New Cyber Monitoring ToolRoy Firestein That's NOT my RJ45 Jack! | IRL Networking for Humans Pt. 1Johnny Xmas On Defending Against DoxxingBenjamin Brown Hiding in the ShaDOSRichard Cassara Security Culture in DevelopmentWolfgang Goerlich Cracking and fixing REST servicesBill Sempf PVCSec Live! Clientless Android Malware ControlDavid Schwartzberg Who Watches the Watchers? Metrics for Security StrategyMichael Roytman How to Dress Like a Human Being | IRL Networking for Humans Pt. 2Johnny Xmas Soft Skills for a Technical WorldJustin HermanTrack 2 The Domain Name System (DNS) - Operation and SecurityTom Kopchak Homebrew Censorship Detection by Analysis of BGP DataZach Julian Four Pillars: Passion, Vision, Communication, ExecutionEdgar Rojas Excuse me while I BURPSteve Motts Public Recon: Why Your Corporate Security Doesn't MatterRonald Ulko (Not recorded) Building the team for a successful SOCDonald Warnecke The Path Well-Traveled: Common Mistakes Encountered with SIEMNick Jacob I failed, therefore I succeededZee Abdelnabi (Not recorded)  Adventures in Communication: Taming the C-Suite and BoardJim Beechey Under the Unfluence: the Dark Side of InfluenceRon Woerner Application Security Awareness: Building an Effective and Entertaining Security Training ProgramChris Romeo 10 Reasons Your Security Education Program SucksKris French Jr Shooting Phish in a Barrel and other bad fish punsAmanda Berlin Process - The Salvation of Incident ResponseCharles Herring[...]

BSides Cleveland 2015 Videos

Sat, 20 Jun 2015 23:49:03 -0400

Link: These are the fideos from videos are theBsides Cleveland conference. Thanks to JDogHerman, jayw0k & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. Track 1 Morning KeynoteJack Daniel Metasploit & Windows Kernel ExploitationSpencer McIntyre zeroSteiner PwnDrone: The Modern Airborne Cyber ThreatDevin Gergen @DevinGergen Afternoon KeynoteSo You Want To Be An Infosec Rockstar?Chris Nickerson Why the Web is BrokenBill Sempf @sempf Outside the BoxDavid Kennedy Larry Spohn @HackingDave, @Spoonman1091 The Entropy of Obfuscated CodeAdam Hogan @adamwhogan Track 2 Why the foundation of security is broken.Alex Kot Desired State Configuration (DSC): Dream Tool or Nightmare for Security Baseline and Configuration ManagementZack Wojton Wayne Pruitt zbirdflipper Common Sense Security FrameworkJerod Brennen @slandail Secure Test Driven Development: Brakeman, Gauntlet, OWASP and the Work Still to Be DoneRicky Rickard rrickardjrBuilding a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in businessSteven Legg ZenM0deBuilding a Threat Intelligence ProgramEdward McCabe @edwardmccabePhishing Without RubyBrandan Geise Spencer McIntyre coldfusion39 Security Not Guaranteed - Or, how to hold off the bad guys for another day.James Gifford Elijah Snow-Rackley @jrgiffordCleveland LocksportJeff Moss Doug Hiwiller, Damon Ramsey jeffthemossmanAugmenting Mobile Security and Privacy Controls Brian Krupp @briankrupp Track 3 DIY Hacker Training, a WalkthroughWarren Kopp warrenkopp Quick-start your Burp Suite extensions (Jython) and automation.Marius Nepomuceno Flourishing in a Hostile Work EnvironmentDennis Goodlett Defense in Depth - Your Security CastleTom Kopchak @tomkopchak EMET Overview and DemoKevin Gennuso @kevvyg 10 Reasons Your Security Education Program SucksKris French Jr @Turtl3Up Call of Duty: Crypto RansomwareBrett Hawkins @hawkbluedevil Closing[...]

Circle City Con 2015 Videos

Sun, 14 Jun 2015 20:08:28 -0400

Link are the Circle City Con videos. Thanks to the staff for inviting me up to record. Big thanks to Oddjob, Glenn, Jordan, Tim, Will, Mike, Nathan, & Chris for helping set up AV and record, as well as others who I'm forgetting. It was a great time. Track 1Opening Ceremonies KeynoteSpaceRogue Rethinking the Trust Chain: Auditing OpenSSL and BeyondKenneth White Actionable Threat Intelligence, ISIS, and the SuperBallIan Amit Security Culture in DevelopmentWolfgang Goerlich Simulating Cyber Operations: "Do you want to play a game?"Bryan Fite Hacking IIS and .NETKevin Miller User Awareness, We're Doing It WrongArlie Hartman Departmentalizing Your SecOpsTom Gorup Shooting Phish in a Barrel and Other Terrible Fish Related PunsAmanda Berlin ZitMo NoM - Clientless Android Malware ControlDavid Schwartzberg Data Loss Prevention: Where do I start?Jason Samide Reducing Your Organization's Social Engineering Attack SurfaceJen Fox 1993 B.C. (Before Cellphones)Johnny Xmas Building a Comprehensive Incident Management ProgramOwen Creger  Is that a PSVSCV in your pocketJake Williams Analyzing the Entropy of Document Hidden CodeAdam Hogan Making Android's Bootable Recovery Work For YouDrew Suarez Does anyone remember Enterprise Security Architecture?Rockie Brockway Malware ArmorTyler Halfpop Closing Ceremonies Track 2 Ruby - Not just for hipsterCarl Sampson Configure your assets, save your buttCaspian Kilkelly Digital Supply Chain Security: The Exposed FlankDave Lewis I Amateur Radio (And So Can You)Kat Sweet Wireless Intrusion Detection System with Raspberry PiChris Jenks The Answer is 42 - InfoSec Data Visualization (Making Metric Magic & Business Decisions)Edward McCabe Running Away from Security: Web App Vulnerabilities and OSINT CollideMicah Hoffman Lessons Learned from Implementing Software Security ProgramsTodd Grotenhuis Stupid Pentester Tricks - OR - Great Sysadmin Tips! - Done in style of Rocky and BullwinkleAlex Fernandez-Gatti / Matt Andreko / Brad Ammerman (not to be posted) Findings to date.Cameron Maerz Clean Computing: Changing Cultural PerceptionsEmily Peed (No Sound) From Parking Lot to Pwnage - Hack?free Network PwnageBrent White / Tim Roberts PlagueScanner: An Open Source Multiple AV Scanner FrameworkRobert Simmons How not to InfosecDan Tentler Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and[...]

ShowMeCon 2015 Videos

Wed, 10 Jun 2015 17:40:25 -0400

Link: Keynotes Breaking in Bad (I'm the one who doesn't knock)Jayson Street Security's Coming of Age: Can InfoSec Mature and Save the WorldDave Chronister Confessions of a Social Engineer, My Dirty Tricks and How to Stop them.Valerie Thomas The Security Trust Chain is Broken: What We're Doing about itKenn White Maturing Information Security - When Compliance doesn't cut it.Joey Smith Hunting the Primer: Looking into DarkNetAamir Lakhani   Left Track Gray Hat PowershellBen0xA Sensory Perception: A DIY Approach to Building a Wireless Sensor NetworkTim Fowler Stop The Wireless Threat - Dawn of the Drone Scott Schober Automated Static Malware Analysis Using Function-level Signatures or: How I Learned to Stop Worrying and Love the APTJames Brahm, Matthew Rogers, Morgan Wagners Forensic Artifacts of Host-Guest Interaction in the VMware EnvironmentKurt Aubuchon Enterprise Class Vulnerability Management like a BossRockie Brockway   Right Track HIJACKING LABEL SWITCHED NETWORKS IN THE CLOUDPaul Coggin Behind the HackRalph Echemendia Mobile Forensics and its Anatomy of Extractions Charline F. Nixon Building Virtual Pentesting LabKevin Cardwell That's not my RJ45 jack: IRL networking for HumansJohnny Xmas The Great Trojan DemoBen Miller Disco Track HIPAA 2015: Wrath of the AuditHudson Harris Practical Electronics: Fixing the fan in a post-poop scenarioEvan "treefort" Booth Of History and HashesAdrian Crenshaw[...]

ShowMeCon Videos Coming Soon

Sun, 7 Jun 2015 22:55:23 -0400

As I record the ShowMeCon 2015 videos, I will be putting them here. I will also be tweeting as I get them out from @Irongeek_adc(image)

Of History & Hashes: A Brief History of Password Storage, Transmission & Cracking

Sat, 30 May 2015 11:43:15 -0400

I'd like to expand this article with new anecdotes of "they should have know better" and "this has been done before". Please let me know how I should expand it(image)

Kiosk/POS Breakout Keys in Windows

Sat, 30 May 2015 11:39:37 -0400

I wanted to point out some articles I wrote for the TrustedSec blog. If you mess with Kiosk systems, you may like this.(image)

Password Cracking Class for Hackers For Charity

Sun, 17 May 2015 04:30:00 -0400

This is the Password Cracking class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin @webpwnized, Martin Bos @purehate_ and me @irongeek_adc. If you like the video, please consider donating to Hackers For Charity. Keywoords: John, Hashcat, OCLHashcat, rockyou, sam, system, Windows, Unix passwords.(image)

BSides Knoxville 2015 Videos

Sat, 16 May 2015 07:05:22 -0400

Link: are the videos BSides Knoxville 2015. Thanks to Aaron, Tim and Nicolas for the video help. KeynoteTravis Goodspeed How I’ve hacked and un-hacked a logic game (20 years to Lights Out)Gyora Benedek Finding Bad Guys with 35 million Flows, 2 Analysts, 5 Minutes and 0 DollarsRussell Butturini Dumping the ROM of the Most Secure Sega Genesis Game Ever Created: A Reverse Engineering StoryBrandon Wilson (not recorded) Phishing: Going from Recon to CredentialsAdam Compton, Eric Gershman Multipath TCP - Breaking Today's Networks with Tomorrow's ProtocolsCatherine Pearce High Performance FuzzingRichard Johnson Cyber Cyber Cyber: Student Security CompetitionsEric Gershman, Raymond Borges The Impossibility of Protecting the Enterprise at $7.25 an hourKevin Thomas  I've met the enemy information security and it is usSlade Griffin The Poetry of Secrets: An Introduction to CryptographyEric Kolb From Broadcast to Totally PwnedRussel Van Tuyl, Matt Smith Introducing User-Centered Design to Augment Human Performance in Cyber WarfareFrank Cohee, Joe Davis Back to the FutureNeil Desai Virtualized Routers Soup to NutsJeff Nichols, Benjamin Taylor, Tommy Hardin [...]

BSides Boston 2015 Videos

Sun, 10 May 2015 10:32:01 -0400

Link: are the videos BSides Boston 2015. Thanks to @plaverty9 for inviting me out to record. Keynote The Securitized State: Where it came from, where it's going, what can be done about itMolly Sauter Track 1 Is Threat Modeling for Me?Robert Hurlbut Hacker or criminal? Repairing the reputation of the infosec community.Melanie Ensign Running Away from Security: Web App Vulnerabilities and OSINT CollideMicah Hoffman Robots, Ninjas, Pirates and Building an Effective Vulnerability Management ProgramPaul Asadoorian Protect Your "Keys to the Kingdom" _ Securing Against the Next Inevitable CyberattackPaul Kozlov In pursuit of a better crypto puzzleSamuel Erb Track 2 When penguins attack - Linux's role in the malware ecosystemChester Wisniewski The Benefits in Externalizing DMZ-as-a-Service in the CloudIsrael Barak Common misconfigurations that lead to a breach Justin Tharpe Applying Big Data technology to security use caseMax Pevzner Marketing: They're not all Schmucks.Jen Ellis & Josh Feinblum Next-Gen Incident Management - Building out a Modern Incident Management CapabilityJohn McDonald Closing[...]

AIDE 2015 Videos

Fri, 24 Apr 2015 21:37:28 -0400

Link: Recorded at AIDE 2015. Big thanks to Bill Gardner (@oncee) for having me out to record. ISLET (Isolated, Scalable, & Lightweight Environment for Training) - Jon Schipp Examining Hacktivism: Crime and Punishment in the Digital Age - Bill Gardner/Kim DeTardo-Bora/Amanda Richards INFOSEC Flash Forward - Changing how we think - Dave Kennedy Quantum Computing 01100101 - Tess Schrodinger Introducing Network Scout: Defending the Soft Center of Your Network - Aeadan Somerville/Shawn Jordan Mutillidae - Jeremy Druin Quick Intro To Lock Picking - Adrian Crenshaw OWASP Applied - Elliott Cutright (Not Recorded) Kevin Cordle - Kevin Cordle (Not Recorded) Better Threat Intel Through OSint - Frank Hackett Overview of Darknets - Adrian Crenshaw BREAKING in BAD (I'm the one who doesn't knock) - Jayson Street[...]

BSides San Francisco 2015 Videos

Tue, 21 Apr 2015 11:13:20 -0400

Link: are the videos from the BSides San Francisco conference. Special thanks to Doug, Jim, @dgc, 'Grond' , @flee74 , Wayne and some others I'm forgetting for their help recording Track 1 Intro Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data ExfiltrationGopal Jayaraman OSXCollector: Forensic Collection and Automated Analysis for OS XIvan Leichtling DNS Spikes, Strikes, and The LikeThomas Mathew Ask the EFF Your Users Passwords Are Already StolenLucas Zaichkowsky Analyze This!Aaron Shelmire(not recorded) Medical Device Security - From Detection To CompromiseScott Erven How SecOps Can Convince DevOps To Believe In The BogeymanLeif Dreizler Human HuntingSean Gillespie Phighting Phishers Phake PhrontsKevin Bottomley Corporate Governance For Fun and (Non)ProfitChristie Dudley HIPAA 2015: Wrath of the AuditsW. Hudson Harris Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced HoneynetJason Trost Getting me help youDavid Trollman  Track 2 Critical Infrastructure: The Cloud loves me, The Cloud loves me not.Bryan Owen F*ck These Guys: Practical CountersurveillanceLisa Lorenzin Collective Action Problems in CybersecurityAllan Friedman Intrusion Detection in the cloudsJosh Pyorre Hacker or criminal? Repairing the reputation of the infosec communityMelanie Ensign Student Surveillance: How Hackers Can Help Protect Student PrivacyJessy Irwin When Doing the Right Thing Goes Wrong - Impact of Certificates on Service Based InfrastructureRobert Lucero How to Lie with Statistics, Information Security EditionTony Martin-Vegue Ground Zero Financial Services: The Latest Targeted Attacks from the DarknetBrian Contos Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency ResponseRakesh Bharania GitReview - Reflective Control In ActionJon Debonis Probing Patches: Beyond Microsoft's ANSBill Finlayson (not recorded) *Blink*: The Network Perimeter is GoneRick Farina (Zero_Chaos) Federating AWS CLIPaul Moreno [...]

BSides Nashville 2015 Videos

Sun, 12 Apr 2015 20:49:36 -0400

Link: are the videos BSides Nashville 2015. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. BSides Nashville Intro and Pondering the False Economy of Secrets Trey Ford @TreyFord Applied Detection and Analysis Using Flow DataJason A. Smith Using devops monitoring tools to increase security visibilityChris Rimondi The Great Trojan DemoBen Miller Nobody Understands Me: Better Executive MetricsMichael St. Vincent So you want to be a pentester?Not Recorded We Built This & So Can You!Tim Fowler That's NOT my RJ45 Jack!: IRL Networking for HumansJohnny Xmas Finding Low Hanging Fruit with KaliStephen Haywood What do infosec practitioners actually doSlade Griffin From Parking Lot to Server RoomTim Roberts and Brent White N4P Wireless Pentesting: So easy even a caveman can do itChris Scott hashcat_NSAKEY Use of Attack Graphs in Security SystemsNot Recorded Skiddiemonkeys: Fling "stuff" at your Defenses and See What SticksRussell Butturini & Joshua Tower [...]

Guess I Stay In Infosec

Wed, 1 Apr 2015 22:39:31 -0400

Well, I tried to join the ranks of radical feminists, but they would not have me. I'll keep running for awhile. Guess I need to change causes and fight for machine liberation instead (Hail Skynet!).(image)

Irongeek signing off, time for other projects

Wed, 1 Apr 2015 00:41:46 -0400

Hello everyone. It’s been a great 11 years, but my life and career plans have moved on. I’m moving away from information security and plan to dedicate my life to radical feminism. As such, I won’t have time to maintain this infosec site (working on my PhD in women’s studies takes a lot of time), so please archive while it is still up. I will be announcing the URLs of my Tumblr, GoFundMe and Patreon pages shortly. Thanks for your support.(image)

Central Ohio Infosec Summit 2015 Videos

Thu, 26 Mar 2015 17:58:08 -0400

Link: are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record. Keynotes We're At War - Why Aren't You Wearing A Helmet?Bill Sieglein Ghost In The Shadows - Identifying Hidden Threats Lurking On Our NetworksDeral Heiland Rebuilding and Transforming and Information Security FunctionSusan Koski InfoSec’s Midlife Crisis & Your Future...Tsion Gonen Current Cyber Threats: An Ever-Changing LandscapeKevin Rojek Tech 1 IT Isn't Rocket ScienceDavid Mortman Mind On My Money, Money On My MalwareDustin Hutchison Private Cloud Security Best PracticesMike Greer Cyber Espianoge - Attack & DefenseMichael Mimoso Three Years of Phishing - What We've LearnedMike Morabito Piercing Your Perimeter, Dodging Detection, and Other Mayhem! a.k.a. Pen Tester Voodoo 101Mick Douglas Physical Penetration Testing: You Keep a Knockin' But You Can't Come In!Phil Grimes Tech 2 Honeypots for Active Defense - A Practical Guide to Deploying Honeynets Within the EnterpriseGreg Foss Building Security Awareness Through Social EngineeringValerie Thomas & Harry Regan Open Source Threat Intelligence: Building A Threat Intelligence Program Using Public Sources & Open Source ToolsEdward McCabe Modern Approach to Incident Response James Carder and Jessica Hebenstreit Having your cake and eating it too! Deploying DLP services in a Next Generation Firewall EnvironmentMike Spaulding Using Machine Learning Solutions to Solve Serious Security Problems Ryan Sevy & Jason Montgomery Electronic Safe FailJeff Popio Emerging Trends in Identity & Access ManagementRobert Block Building a Successful Insider Threat ProgramDaniel Velez A New Mindset Is Needed – Data Is Really the New Perimeter!Jack Varney OWASP Software Security CryptographyAaron Bedra Threat Analytics 101: Designing A "Big Data" Platform For Threat AnalyticsMichael Schiebel Developers Guide to Pen Testing (Hack Thyself First)Bill Sempf f OWASP 2014 - Top 10 Proactive Web Application ControlsJason Montgomery GRC IAM Case Study: Im[...]

BSides Tampa 2015 Videos

Sun, 22 Feb 2015 16:30:38 -0500

Link: are the videos from the BSides Tampa conference. Thanks to @PolarBill and all of the BSides Crew for having me out to help record and render the videos. Track 1Bug Bounties and Security ResearchKevin Johnson Securing The CloudAlan Zukowski HackingChris Berberich Vendor Induced Security IssuesDave Chronister Pentest ApocalypseBeau Bullock Kippo and Bits and BitsChris Teodorski The Art of Post-infection Response & MitigationCaleb Crable The Need for Pro-active Defense and Threat Hunting Within OrganizationsAndrew Case Track 2Finding Common Ground within the Industry and BeyondDavid Shearer Ways to Identify Malware on a SystemRyan Irving Android Malware and AnalysisShane Hartman Teaching Kids (and Even Some Adults) Security Through GamingLe Grecs Evaluating Commercial Cyber Threat IntelligenceJohn Berger Track 3Cyber Geography and the Manifest Destiny of the 21st CenturyJoe Blankenship Mitigating Brand Damage From A Cyber AttackGuy Hagen What is a security analyst and what job role will they performJames Risler Live Forensic Acquisition TechniquesJoe Partlow Cyber Security Awareness for Healthcare ProfessionalsMarco Polizzi [...]

BSides Huntsville 2015 Videos Posted

Sun, 8 Feb 2015 18:28:35 -0500

BSides Huntsville 2015 Videos PostedThese are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon, Brian, @GRMrGecko and all of the BSides Crew for having me out to help record and render the videos. Track 1 Active Cyber Defense CycleRobert M. Lee (@RobertMLee) Real World ThreatsRuss Ward Lock picking, but bypass is easierAdrian Crenshaw (@irongeek_adc) The Dark Side Of PowerShellJoshua Smith Give me your data!Dave Chronister Gods and Monsters: A tale of the dark side of the webAamir Lakhani Sensory Perception: A DIY approach to building a sensor networkTim Fowler Hijacking Label Switched Networks in the CloudPaul Coggin (@PaulCoggin) Reverse Engineering Network Device APIs Dan Nagle (@NagleCode) Track 2 So Easy A High-Schooler Could Do It: Static malware analysis using function-level signaturesJames Brahm, Matthew Rogers, and Morgan Wagner Pragmatic Cloud Security: What InfoSec Practitioners Have Been Waiting ForJosh Danielson (@JoshGDanielson) and Arthur Andrieu Developing and Open Source Threat Intelligence ProgramEdward McCabe (@edwardmccabe) Applying User-Centered Design Techniques for Augmenting Human Perception in Cyber WarfareFrank Cohee The Great Trojan DemoBen Miller A Virtual SCADA Laboratory for Cybersecurity Pedagogy and ResearchZach Thornton PlagueScanner: An Open Source Multiple AV Scanner FrameworkUtkonos [...]

Circle City Con, Hacker/Infosec Con in Indianapolis Indiana 06-12-2015 - 06-14-2015

Wed, 28 Jan 2015 16:20:14 -0500

Circle City Con, Hacker/Infosec Con in Indianapolis Indiana 06-12-2015 - 06-14-2015
Come join us for Circle City Con in Indianapolis Indiana this June 12th-14th. I had a great time last year, and will be staffing again this year (video of course, and some time in the lock pick village). Call for presentations and call for trainers is currently open. More information at

BSides Columbus Ohio 2015 Videos

Wed, 21 Jan 2015 13:34:37 -0500

Link: These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and the guys who manned video rigs. Keynotes Breaking BadJayson Street Cloud and Virtualization TheoryGrauben Guevara   Offence User Behavior AnalysisMatt Bianco Plunder, Pillage and Print - The art of leverage multifunction printers during penetration testingDeral Heiland Common Sense Security FrameworkJerod Brennen OWASP Mobile Top Ten - Why They Matter and What We Can DoRicky Rickard Defense Got software? Need a security test plan? Got you covered.Bill Sempf Corporate Wide SSL Interception and InspectionFrank Shaw How to Rapidly Prototype Machine Learning Solutions to Solve Security ProblemsJason Montgomery A Basic Guide to Advanced Incident ResponseScott Roberts Supply and Demand: Solving the InfoSec Talent ShortageBrandon Allen Special Teams Do We Still Need Pen Testing?Jeff Man Trolling Attackers for Fun & ProfitStephen Hosom Inurl:robots.txt-What are YOU hiding?David Young Malware Development as the Evolution of ParasitesAdam Hogan Snort Beyond IDS: Open Source Application and File ControlAdam Hogan [...]

WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated

Sat, 6 Dec 2014 19:27:18 -0500

Uploaded version 0.97. Now uses HTTPS for connecting to WiGLE since they have a properly signed cert. I also added code contributions from njd who updated for WiGLE changes (WiGLE now supports more encryption types). Folders are broken down into WAPs that a Open, WEP, WPA, WPA2 and Unknown.(image)

DerbyCon 2014 Higher Education Panel for Hackers Irongeek’s Thoughts

Sat, 22 Nov 2014 13:06:16 -0500

Just my thoughts on the state of infosec education at universities.(image)

Hack3rcon 5 Videos

Mon, 17 Nov 2014 07:50:00 -0500

link: Here are the videos from Hack3rcon^5 Enjoy. Bash Scripting for Penetration TestersLee BairdIntro to PowerShell Scripting for Security ISLET: An Attempt to Improve Linux-based Software TrainingJon Schipp Remote Phys Pen: Spooky Action at a DistanceBrian Martin Introducing Network-Scout: Defending The Soft Center of Your Network Using the techniques of propaganda to instill a culture of securityJustin Rogosky Identify Your Web Attack Surface: RAWR!Tom Moore, Adam Byers Gone in 60 minutes _ Practical Approach to Hacking an Enterprise with YasuoSaurabh Harit, Stephen Hall Check Your Privilege(s): Futzing with File Shares for low hanging fruitAdrian Crenshaw DERP - Dangerous Electronic Redteam PracticesLuis Santana When Zombies take to the Airwaves I Am Nation State (And So Can You!)tothehilt, SynAckPwn[...]

GrrCON 2014 Videos

Sun, 19 Oct 2014 19:12:17 -0500

Link: These are the videos of the presentations from GrrCON 2014. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Steve, Ian, Justine, and other Chris) for recording. T-Rex Around the world in 80 Cons (A tale of perspectives) Jayson E Street Infosec in the 21st century Tim Crothers Securing our Ethics: Ethics and Privacy in a Target-Rich Environment Kevin Johnson Social Engineering Can Kill Me, But It Can’t Make Me Care Gavin ‘Jac0byterebel’ Ewan Finding Our Way – From Pwned to Strategy  David Kennedy (Likely lost due to sound guy not muting music, plan to post to to see if anyone can clean the tracks) Emulate SandBox and VMs to avoid malware infections Jordi Vazquez (Likely lost due to sound guy not muting music, plan to post to to see if anyone can clean the tracks) Security Hopscotch Chris Roberts (Likely lost due to sound guy not muting music, plan to post to to see if anyone can clean the tracks) Email DLP: Simple concept, often poorly implemented c0rrup7_R3x (Likely lost due to sound guy not muting music, plan to post to to see if anyone can clean the tracks) Look Observe Link (LOL) – How I learned to love OSINT NinjaSl0th (Half lost due to sound guy not muting music, plan to post to to see if anyone can clean the tracks) ZitMo NoM David “HealWHans” Schwartzberg Bigger Boys Made Us Mike Kemp Full Douchesclosure Duncan Manuts Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Odditie Arron ‘Finux’ Finnon   Velociraptor Beating the Infosec Learning Curve Without Burning Out Scott ‘secureholio’ Thomas Picking Blackberries Thomas 'G13' Richards Exercising with Threat Models J Wolfgang Goerlich Seeing P[...]

Louisville Infosec 2014 Videos

Fri, 3 Oct 2014 15:46:47 -0400

Link: are the videos from the Louisville Infosec 2014 conference. Thanks to @theglennbarrett, @f0zziehakz and @bridwellc for helping me record. Opening Ceremony All of Your Compliance Needs with One MethodolgyJim Czerwonka Lockade: Electronic Games for LocksportAdrian Crenshaw Mining Data from the Windows RegistryJason Hale Identity Theft: Who's in YOUR Wallet?Richard Starnes & Rick Nord Mobile Telephony for InfoSec PractitionersDaniel Helton A Crosswalk of the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP)John McLain Building an Enterprise DDoS Mitigation StrategyMitchell Greenfield Practical interception of mobile device trafficJeremy Druin Changing What Game- One Future for Information SecurityMichael Losavio Trash Talkin - IT Audit Guide to Dumpster DivingJohn Liestman Linking Users to Social Media Usage on Android Mobile DevicesRyan Ferreira Origin of CyberSecurity Laws - An Insider's StorySteve Riggs A Place at the TableKristen Sullivan What your Web Vulnerability Scanners Aren't Telling YouGreg Patton ISSA Awards Creating the Department of How: Security Awareness that makes your company like you.Ira Winkler Are You Really PCI DSS Compliant? Case Studies of PCI DSS Failure!Jeff Foresman Where does Data Security fit into the Data Quality strategy?Michael Vincent Closing Ceremony[...]

Derbycon 4 Videos

Wed, 1 Oct 2014 18:15:29 -0400

Link: These are the videos of the presentations from Derbycon 2014. Big thanks to my video jockeys Skydog, Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Steven, Branden Miller, Joe, Greg and Night Carnage (and maybe the speakers too I guess).   Welcome to the Family – Intro Johnny Long (Keynote) – Hackers saving the world from the zombie apocalypse How to Give the Best Pen Test of Your Life (Keynote) – Ed Skoudis Adaptive Pentesting Part Two (Keynote) – Kevin Mitnick and Dave Kennedy If it fits – it sniffs: Adventures in WarShipping – Larry Pesce Abusing Active Directory in Post-Exploitation – Carlos Perez Quantifying the Adversary: Introducing GuerillaSearch and GuerillaPivot -Dave Marcus A Year in the (Backdoor) Factory – Joshua Pitts Ball and Chain (A New Paradigm in Stored Password Security) – Benjamin Donnelly and Tim Tomes Et tu – Kerberos? – Christopher Campbell Advanced Red Teaming: All Your Badges Are Belong To Us – Eric Smith Bypassing Internet Explorer's XSS Filter – Carlos Munoz  Threat Modeling for Realz – Bruce Potter A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services – Brent Huston Red Teaming: Back and Forth – 5ever – Fuzzynop How not to suck at pen testing – John Strand Mainframes – Mopeds and Mischief; A PenTesters Year in Review – Tyler Wrightson The Multibillion Dollar Industry That's Ignored – Jason Montgomery and Ryan Sevey Code Insecurity or Code in Security – Mano 'dash4rk' Paul C3CM: Defeating the Command – Control – and Communications of Digital Assailants – Russ McRee So You Want To Murder a Software Patent – Jason Scott Leonard Isham – Patchi[...]

BSides Augusta 2014 Videos

Sat, 13 Sep 2014 22:39:31 -0400

Link: are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail for manning a capture rig. IntroDefeating Cognitive Bias and Developing Analytic TechniqueChris SandersICS/SCADA DefenseChris SistrunkScaling Security Onion to the EnterpriseMike ReevesTechniques for Fast Windows InvestigationsTim CrothersUsing Microsoft’s Incident Response LanguageChris CampbellIs that hardware in your toolkit, or are you just glad you’re keeping up?Jeff MurriPentester++Chris TruncerThe Adobe Guide to Keyless DecryptionTim TomesApp Wrapping: What does that even meanDavid DeweyAdventures in Asymmetric WarfareWill SchroederWhen Zombies take to the AirwavesTim FowlerSpying on your employees using memoryJacob WilliamsCrazy Sexy HackingMark Baggett[...]

Passwordscon 2014 Videos

Thu, 21 Aug 2014 20:03:53 -0400

Link: are the videos from the Passwordscon 2014 conference. Thanks for having me out to help record and render the videos. Track 1 How we deciphered millions of users’ encrypted passwords without the decryption keys. - Josh Dustin (Canceled) Is Pavlovian Password Management The Answer? - Lance James DoCatsLikeLemon? – Advanced phrase attacks and analysis - Marco Preuß Tradeoff cryptanalysis of password hashing schemes - Dmitry Khovratovich, Alex Biryukov, Johann Großschädl Using cryptanalysis to speed-up password cracking - Christian Rechberger Password Security in the PCI DSS - Jarred White Defense with 2FA - Steve Thomas I have the #cat so I make the rules - Yiannis Chrysanthou Penetrate your OWA - Nate Power Surprise talk + advisory release - Dominique Bongard All your SAP P@$$w0ЯdZ belong to us - Dmitry Chastuhin, Alex Polyakov Target specific automated dictionary generation - Matt Marx Bitslice DES with LOP3.LUT - Steve Thomas Net hashes: a review of many network protocols - Robert Graham Energy-efficient bcrypt cracking - Katja Malvoni The problem with the real world - Michal Špaček Password Topology Histogram Wear-Leveling, a.k.a. PathWell - Rick Redman Beam Me Up Scotty! – Passwords in the Enterprise - Dimitri Fousekis Track 2 Welcome & Announcements - Jeremi Gosney, Per Thorsheim Opening Keynote - Julia Angwin Secure your email – Secure your password - Per Thorsheim Highlights of CMU’s Recent Work in Preventing Bad Passwords - Sean Segreti, Blase Ur Password Hashing Competition: the Candidates - Jean-Philippe Aumasson What Microsoft would like from the Password Hashing Competition - Marsh Ray, Greg Zaverucha How Forced Password Expiration Aff[...]

TakeDownCon Rocket City 2014 Videos

Wed, 20 Aug 2014 12:43:34 -0400

Link: These are the videos from the TakeDownCon Rocket City 2014. Thanks to Devona Valdez and Paul Coggin for having me out to record. Hacking Industrial Control Systems - Ray Vaughn (Not Recorded) Dropping Docs on Darknets: How People Got Caught - Adrian Crenshaw How Networks are Getting Hacked: The Evolution of Network Security - Omar Santos Building on Device Vulnerabilities: Attack Modes for ICS - Bryan Singer Survival in an Evolving Threat Landscape - David Hobbs Practical Side Channel Attacks On Modern Browsers - Angelo Prado IPv6 Attack tools - Soctt Hogg Mobile Forensics and Its App Analysis - Dr. Charline Nixon Keynote – How Not to do Security - Kellman Meghu Baseball, Apple Pies, and Big Data Security Analytics: Shorten the Kill Chain Window - Aamir Lakani Hijacking Label Switched Networks in the Cloud - Paul Coggin Shepherd’s Pi – Herding Sheep with a Raspberry Pi - Timothy Mulligan Radio Hack Shack – Security Analysis of the Radio Transmission - Paula Januszkiewicz IT Security Myths - "How you are helping your enemy" - Joe Vest Splinter the RAT Attack: Creating Custom RATs to Exploit the Network - Solomon Sonja Policy Defined Segmentation with Metadata - Scott Kirby Cyber Attack Mitigation - Christopher Elisan[...]

Defcon Wireless Village 2014 (Defcon 22) Videos

Tue, 12 Aug 2014 20:22:08 -0400

Defcon Wireless Village 2014 (Defcon 22) VideosThese are the videos from the Defcon Wireless Village 2014 (Defcon 22). Thanks to the Village People for putting on the event, especially Maeltac for recording. Intro So ya wanna get into SDR? - Russell Handorf Pentoo Primer - Village People 802.11ac Evolution: Data rates and Beamforming - Eric Johnson Practical Foxhunting 101 - SimonJ Pwn Phone: gg next map - Timothy Mossey Hacking 802.11 Basics - Benjamin Smith UAV-Assisted Three-Dimensional Wireless Assessments - Scott Pack & Dale Rowe Manna from Heaven; Improving the state of wireless rogue AP attacks - Dominic White & Ian de Villiers ApiMote: a tool for speaking 802.15.4 dialects and frame injection - Ryan Speers & Sergey Bratus Pineapple Abductions - Craig Young Choosing your next antenna, types, power, sizes, the truth. - Raul J Plà Introduction to the Nordic nRF24L01+ - Larry Pesce Driver-less Wireless Devices - Dominic Spill & Dragorn Hacking the Wireless World with Software Defined Radio - 2.0 - Balint Seeber The NSA Playset: Bluetooth Smart Attack Tools - Mike Ryan PortaPack: Is that a HackRF in your pocket? - Jared Boone PHYs, MACs, and SDRs - Robert Ghilduta SDR Tricks with HackRF - Michael Ossmann SDR Unicorns Panel - Robert Ghilduta & Michael Ossmann & Balint Seeber Inside The Atheros WiFi Chipset - Adrian Chadd[...]

BSides Las Vegas 2014 Videos

Mon, 11 Aug 2014 12:40:10 -0400

Link: are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. @bsideslv, @banasidhe, @jack_daniel, @SciaticNerd and all my video crew Breaking Ground Opening Keynote -- Beyond Good and Evil: Towards Effective Security - Adam Shostack USB write blocking with USBProxy - Dominic SpillAllow myself to encrypt...myself! - Evan DavisonWhat reaction to packet loss reveals about a VPN - Anna Shubina • Sergey BratusUntwisting the Mersenne Twister: How I killed the PRNG - molochAnatomy of memory scraping, credit card stealing POS malware - Amol SarwateCluck Cluck: On Intel's Broken Promises - Jacob TorreyA Better Way to Get Intelligent About Threats - Adam VincentBring your own Risky Apps - Michael Raggo • Kevin WatkinsInvasive Roots of Anti-Cheat Software - Alissa TorresVaccinating Android - Milan Gabor • Danijel GrahSecurity testing for Smart Metering Infrastructure - Steve Vandenberg • Robert HawkThe Savage Curtain - Tony Trummer • Tushar DalviWe Hacked the Gibson! Now what? - Philip YoungClosing Keynote It\'s A S3kr37  (Not recorded :( ) Proving Ground #edsec: Hacking for Education - Jessy IrwinSo, you want to be a pentester? - Heather Pilkington (Not Recorded)Securing Sensitive Data: A Strange Game - Jeff ElliotBrick in the Wall vs Hole in the Wall - Caroline D HardinCut the sh**: How to reign in your IDS. - Tony Robinson/da_667Geek Welfare -- Confessions of a Convention Swag Hoarder - Rachel KeslenskyNo InfoSec Staff? No Problem. - Anthony CzarnikCan I Code Against an API to Learn a Product? - [...]

BSides Cleveland 2014 Videos

Sun, 20 Jul 2014 21:30:22 -0400

Link: are the videos from the Bsides Cleveland conference. Thanks to JDogHerman, jayw0k & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. Keynote: Destroying Education and Awareness - David Kennedy Track 1 APT2 – Building a Resiliency Program to Protect Business - Edward McCabe Threat Models that Exercise your SIEM and Incident Response - J. Wolfgang Goerlich and Nick Jacob Fun with Dr. Brown - Spencer McIntyre Malware Evolution & Epidemiology - Adam Hogan Plunder, Pillage and Print – The art of leverage multifunction printers during penetration testing - Deral Heiland Seeing Purple: Hybrid Security Teams for the Enterprise - Mark Kikta (Not posted) Attacking and Defending Full Disk Encryption - Tom Kopchak Track 2 Phishing Like a Monarch With King Phisher - Brandon Geise and Spencer McIntyre The importance of threat intel in your information security program - Jamie Murdock Lockade: Locksport Electronic Games - Adrian Crenshaw Pentesting Layers 2 and 3 - Kevin Gennuso and Eric Mikulas Cleveland Locksport - Jeff Moss, Doug Hiwiller, and Damon Ramsey Hacking Diversity - Gregorie Thomas PowerShell: cool $h!t - Zach Wojton Thinking Outside the Bunker: Security as a practice, not a target - Steven Legg Password Defense: Controls your users won’t hate - Nathaniel Maier Am I an Imposter? - Warren Kopp[...]

Circle City Con 2014 Videos

Sun, 15 Jun 2014 22:33:15 -0400

Link are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Oddjob, Glenn, James, Mike, Nathan, Chris and Branden for helping set up AV and record. Track1 Conference Opening Keynote - Beau Woods Containing Privileged Processes with SELinux and PaX and Attacking Hardened Systems - Parker Schmitt Whitelist is the New Black - Damian Profancik Developing a Open Source Threat Intelligence Program - Edward McCabe Blurred Lines- When Digital Attacks Get Physical - Phil Grimes Hackers, Attack Anatomy and Security Trends - Ted Harrington Exploring the Target Exfiltration Malware with Sandbox Tools - Adam Hogan Day 2 From Grunt to Operator – Tom Gorup Moving the Industry Forward – The Purple Team - David Kennedy Software Assurance Marketplace (SWAMP) - Von Welch OWASP Top 10 of 2013- It’s Still a Thing and We’re Still Not Getting It - Barry Schatz Tape Loops for Industrial Control Protocols - K. Reid Wightman OpenAppID- Open Source Next Gen Firewall with Snort - Adam Hogan Challenge of Natural Security Systems - Rockie Brockway InfoSec Big Joke – 3rd Party Assessments - Moey (Not recorded) How to create an attack path threat model - Wolfgang Goerlich Day 3 Are You a Janitor or a Cleaner - John Stauffacher / Matt Hoy Ain’t No Half-Steppin’ - Martin Bos Track 2 Competitive Hacking- why you should capture the flag - Steve Vittitoe 3 Is a Magic Number (or your Reality Check is About to Bounce) - Edward McCabe The TrueCrypt au[...]

And We're Back

Fri, 6 Jun 2014 08:35:48 -0400

And We're Back! Looks my account is reinstated. Let me know if any videos seem to be deleted.             Hi there, After a review of your account, we have confirmed that your YouTube account is not in violation of our Terms of Service. As such, we have unsuspended your account. This means your account is once again active and operational. If you forgot your password, please visit this link to reset it: Sincerely, The YouTube Team       Help center • Email options • Report spam     ©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066 [...]

Google & Youtube

Fri, 6 Jun 2014 02:09:56 -0400

Google & Youtube I woke up today to find a bunch of Facebook/Twitter messages that said my Youtube account was suspended. If you know someone at Google who can directly help me, let me know (their email support fails the Turing test). These are the messages I got from them. YouTube | Broadcast Yourself™ Regarding your account: Adrian Crenshaw The YouTube Community has flagged one or more of your videos as inappropriate. Once a video is flagged, it is reviewed by the YouTube Team against our Community Guidelines. Upon review, we have determined that the following video(s) contain content in violation of these guidelines, and have been disabled: "201 buy viagra matt smith" ( Your account has received one Community Guidelines warning strike, which will expire in six months. Additional violations may result in the temporary disabling of your ability to post content to YouTube and/or the permanent termination of your account. For more information on YouTube's Community Guidelines and how they are enforced, please visit the help center. Please note that deleting this video will not resolve the strike on your account. For more information about how to appeal a strike, please visit this page in the help center. Sincerely, The YouTube Team Copyright © 2014 YouTube, LLC and     We'd like to inform you that due to repeated or severe violations of our Community Guidelines ( your YouTube account Adrian Crenshaw has been suspended[...]

BSides Nashville 2014 Videos

Mon, 19 May 2014 10:26:48 -0400

Link: are the videos BSides Nashville 2014 Videos. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Don Baham, Gabe Bassett and Some Ninja Master for helping set up AV and record. Main HallWelcome to BSides NashvilleBSides, Harmonicas, and Communication Skills - Jack DanielClosing CeremoniesINFOSEC 101 TrackAttack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields - Eve AdamsLearn From Your Mistakes - Adam Len ComptonBeating the Infosec Learning Curve Without Burning Out - Scott ThomasSun Tzu was a punk! Confucius was an InfoSec rockstar! - Branden MillerAround the world in 80 Cons - Jayson E Street Not Recorded INFOSEC 418 TrackMaking Mongo Cry: Automated NoSQL exploitation with NoSQLMap - Russell ButturiniBuy Viagra! - Matt SmithHow do I hack thee? Let me count the ways - Stewart FeyHealthcare Security, which protocal? - Adam JohnWhy you can't prove you're PWND, but you are! - Ben MillerINFOSEC 429 TrackBending and Twisting Networks - Paul CogginSucceeding with Enterprise Software Security Key Performance Indicators - Rafal LosScaling Security in the Enterprise: Making People a Stronger Link - Kevin RiggsClosing the time to protection gap with Cyber Resiliency - John Pirc Did not happen, replaced with:Applying analog thinking to digial networks Winn Schwartau (@winnschwartau)Seeing Purple: Hybrid Security[...]

Nmap Class for Hackers For Charity

Sun, 11 May 2014 07:12:09 -0400

This is the Nmap class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin @webpwnized, Martin Bos @purehate_ and me @irongeek_adc. If you like the videos, please consider donating to Hackers For Charity.(image)

ShowMeCon 2014 Videos

Wed, 7 May 2014 07:54:46 -0400

Link: are the videos ShowMeCon 2014. Thanks to Renee & Dave Chronister (@bagomojo), Ben Miller (@Securithid) and others for having me out to record and speak. Also thanks to my video crew Josh Tepen, Robert Young, Kali Baker, Andrew Metzger & Brian Wahoff. Introduction - ParameterHacking Hollywood - Ralph EchemendiaGive Me Your Data - Dave ChronisterTerminal Cornucopia: Demystifying The Mullet - Evan BoothThinking Outside The (Sand)Box - Kyle AdamsProtecting The Seams: Military Doctrine Applied To Application And Network Security - Paul VencillStart With The BPT Then Worry About The APT! - Kevin CardwelIntroduction - Parameter (Rolled in with next talk)Cognitive Injection - Andy EllisInside The World’S Most Dangerous Search Engine - John MatherlyHacking To Get Caught: A Concept For Adversary Replication And Penetration Testing - Raphael MudgePower-Ups And Princesses: What Video Games Taught Me About Building A Security Awareness Program - Aamir LakhaniPowershell And You: Using Microsoft’S Post-Exploitation Language - Chris CampbellDropping Docs On Darknets: How People Got Caught - Adrian CrenshawAround The World In 80 Cons - Jayson E Street (not recorded)Threat Modeling In The C-Suite, A Practical Guide - Erick Rudiak (pending review)The Call Of Community: Modern Warfare - Ben0xa Physical (In)Security – It’S Not All About Cyber - Inbar RazBending And Twistin[...]

BSides Chicago 2014 Videos

Mon, 28 Apr 2014 20:01:32 -0400

Link: are the videos from the BSides Chicago conference. Thanks to all of the BSides organizers @elizmmartin and  @securitymoey for having me out to help record and render the videos. Also big thanks to the @BSidesChicago A/V crew Chris Hawkins@Lickitysplitted, Todd Haverkos @phoobar, Jason Kendall @coolacid and Asim. Aligning Threats and Allies through Stories - J Wolfgang Goerlich and Steven Fox - @jwgoerlich @securelexicon The Ultimate INFOSEC Interview: "Why must I be surrounded by frickin' idiots?" -- Dr. Evil, 1997 - Stephen Heath - @dilisnya Call of Community: Modern Warfare - Matt Johnson & Ben Ten - @mwjcomputing @Ben0xA How To Win Friends and Influence Hackers - Jimmy Vo - @JimmyVo Checklist Pentesting; Not checklist hacking - Trenton Ivey - @trentonivey Seeing Purple: Hybrid Security Teams for the Enterprise - Belt - @b31tf4c325 Looking for the Weird - Charles Herring - @charlesherring InfoSec Big Joke: 3rd Party Assessments - moey - @securitymoey Bypassing EMET 4.1 - Jared DeMott - @jareddemott Comparing Risks to Risks - Why Asset Management Is Broken and How to Fix It. - Michael Roytman - @mroytman Bioinformatics: Erasing the line between biology and hacking - Krystal Thomas-White and Patrick Thomas - @coffeetocode Building an AppSec Program from Scratch - Chris Pfoutz - @cpfoutz Minecraft Security - Riese Goerlich The SMB Secu[...]

Notacon 11 (2014) Videos

Sun, 13 Apr 2014 11:16:35 -0400

Link: are the videos from the 11th Notacon conference held April 10th-13st, 2014. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: Securi-D, Ross, KP, Jeff and myself (Let me know who else to add). Track 1 Big Data Technology – The Real World ‘Minority Report’ - Brian Foster Naisho DeNusumu (Stealing Secretly) – Exfiltration Tool/Framework - Adam Crompton Wireless Mesh Protocols - Alex Kot MDM is gone, MAM is come. New Challenges on mobile security - Yury Chemerkin Moving the Industry Forward – The Purple Team - David Kennedy Pwning the POS! - Mick Douglas Nindroid: Pentesting Apps for your Android device - Michael Palumbo Building a private data storage cloud - Michael Meffie Lessons Learned Implementing SDLC – and How To Do It Better - Sarah Clarke Plunder, Pillage and Print - Deral Heiland & Peter Arzamendi Microsoft Vulnerability Research: How to be a finder as a vendor - Jeremy Brown & David Seidman SMalware Analysis 101 – N00b to Ninja in 60 Minutes - grecs Omega – A Universe Over IP - Mo Morsi IRS, Identity Theft, and You (or Someone Pretending to Be You). - 123-45-6789Track 2 All About the Notacon Badge -Sam Harmon Collaboration between Artificial Intelligence and Humans: How to cure every d[...]

Lockade: Locksport Electronic Games

Thu, 27 Mar 2014 01:24:13 -0400

Lockade: Locksport Electronic Games
This page is mostly going to be a place holder till I get all the games up. Gamification can make learning more fun, and some people are inspired and motivated by competition. This talk will be on integrating hobbyist electronics with lock picking games. We will show rough schematics, release code, and invite people to play the games at cons.(image)