Subscribe: Irongeek's Security Site
http://www.irongeek.com/irongeek.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
bsides  irongeek page  irongeek  mainlistthese videos  page videos  page  record  security  videos irongeek  videos   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Irongeek's Security Site

Irongeek's Security Site



Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy). Home of my articles and videos on computer security. As I write articles and tutorials I will be posting them here. If



Copyright: 2014 Irongeek (Adrian Crenshaw)
 



Derbycon 2016 Videos

Mon, 26 Sep 2016 00:26:55 -0400

Link: http://www.irongeek.com/i.php?page=videos/derbycon6/mainlist Videos
The link above is where I will be putting presentations from Derbycon 2016 (it will take a few days). Big thanks to my video jockeys Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Fozy, nightcarnage, Evan Davison, Chris Bridwell, Rick Hayes, Tim Sayre, Lisa Philpott, Ben Pendygraft, Sarah Clarke, Steven (SciaticNerd), Cory Hurst, Sam Remington, Barbie, Chris Bissle (and maybe the speakers too I guess).(image)



Louisville Infosec 2016 Videos

Tue, 20 Sep 2016 21:51:52 -0400

Link:http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2016/mainlistBelow are the videos from the Louisville Infosec 2016 conference. Thanks to all the video volunteers for helping me record.  Morning KeynoteChandler HowellRyan J. MurphyJohn Pollack The Domain Name System (DNS) - Operation, Threats, and Security IntelligenceTom Kopchak Insiders are the New MalwareBrian Vecci Cloud Security; Introduction To FedRAMPSese Bennet Cloud Access Security Broker - 6 Steps To Addressing Your Cloud RisksMatt Bianco Not One Thin Dime: Just Say No to Ransomware!Mick Douglas Securing Docker ContainersChris Huntington Emerging Governance Frameworks for Healthcare SecurityMax Aulakh Building Our WorkforceKristen Bell The Art of Offense and DefenseMark Loveless The Current State of Memory ForensicsJason Hale Understanding Attacker's use of Covert CommunicationsChris Haley How to Talk to Executives about SecurityHarlen Compton Pen Testing; Red and Blue Working TogetherMartin Bos Data Loss Prevention - How to get the most for your buckBrandon Baker The Transition: Risk Assessment > Risk ManagementMike Neal Darwinism vs. ForensicsBill Dean Closing[...]



BSides Augusta 2016 Videos

Sun, 11 Sep 2016 14:56:11 -0400

Link:http://www.irongeek.com/i.php?page=videos/bsidesaugusta2016/mainlistThese are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail and everybody that staffed a recording rig. Keynote Keynote - Robert Joyce Super Bad Mobile HackingAaron Guzman Incident Response AwakensTom Webb Dr. Pentester or: How I Learned To Stop Worrying and Love the Blue TeamRyan O'Horo Exploit Kits/ Machine LearningPatrick Perry Detection of malicious capabilities using YARABrian Bell Owning MS Outlook with PowershellAndrew Cole RAT Reusing Adversary TradecraftAlexander Rymdeko-Harvey Internet of TerribleBrandon McCrillis I Got You Using Honeypots for Network Security MonitoringChris Sanders This one weird trick will secure your web server!David Coursey This is not your Momma's Threat IntelligenceRob Gresham Moving Target Defense: Evasive Maneuvers in CyberspaceAdam Duby Beyond Math: Practical Security AnalyticsMartin Holste Exploit Kits and Indicators of CompromiseBrad Duncan ICS/SCADA Threat HuntingRobert M. Lee and Jon Lavender Agilely Compliant yet InsecureTom Ruff It's Too Funky In Here Gamification for the WinJosh Rykowski and Scott Hamilton IDS/IPS Choices: Benefits, Drawback and ConfigurationsForgottenSec Micro-segmentation and Security: The Way ForwardJack Koons Adventures in RAT devHunter Hardman Linux privilege escalation for fun, profit, and all around mischiefJake Williams How About a Piece of Pi - Experiences with Robots and Raspberry Pi HackingJohn Krautheim Flaying out the Blockchain Ledger for Fun, Profit, and Hip HopAndrew Morris Network Situational Awareness with Flow DataJason Smith Living In A America A worm in the Apple - examining OSX malwareWes Widner You TOO can defend against MILLIONS of cyber attacksMichael Banks Finding Evil in DNS TrafficKeelyn Roberts Ransomware Threats to the Healthcare IndustryTim Gurganis Using Ransomware Against ItselfTim Crothers and Ryan Borres Hunting: Defense Against The Dark ArtsJacqueline Stokes, Danny Akacki, and Stephen Hinck Automating Malware Analysis for Threat IntelligencePaul Melson Hide and Seek with EMETJonathan Creekmore and Michael Edie[...]






Converge 2016

Sat, 16 Jul 2016 09:45:15 -0400

Link: http://www.irongeek.com/i.php?page=videos/converge2016/mainlistThese are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Chris, Daniel, Daniel, Ed, Ben, Sam, Adam & Eric and others I may forget for helping to record. Intro Keynote 1Steve Werby So You've Inherited a Security Department, Now What?!?!Amanda Berlin Violating Trust: Social Engineering Past and PresentPaul Blonsky AppSec Awareness: A Blue Print for Security Culture ChangeChris Romeo Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester Mistakes Jeremy Nielson Threat Modeling for Secure Software DesignRobert Hurlbut Not Even One Shade of Gray: Stop Tolerating Compromise in SecurityRich Boyer MySQL 5.7 SecurityDave Stokes Evolving the Noise out InfoSec using Law Enforcement ParadigmsCharles Herring Game of Hacks - Play, Hack, and TrackIgor Matlin Red is the new Blue - Defensive Tips & Tricks from a Defender turned PentesterBen Ten Building a better user: Developing a security-fluent societyRich Cassara Food FightJ Wolfgang Goerlich Maneuvering Management MadnessAndrew Hay Enterprise Class Threat Management Like A BossRockie Brockway Compliant, Secure, Simple. Pick two.Joshua Marpet Sentry on the WallReid Brosko Expanding Your Toolbox the DIY WayChris Maddalena Surreal Paradigms: Automotive Culture CrashDave Schaefer Haking the Next GenerationDavid Schwartzberg Malware Magnets: A practical walkthrough in developing threat intelligenceTazz Tazz Still broken after all these years aka Utility Security for SmartiesDoug Nibbelink[...]






BSides Cleveland 2016 Videos

Sat, 25 Jun 2016 21:22:32 -0400

Link: https://www.irongeek.com/i.php?page=videos/bsidescleveland2016/mainlistThese are the videos from the BSides Cleveland conference. Thanks to djaj9, JDogHerman, jayw0k, Kevin, f0zziehakz & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. Morning KeynoteIan Amit Elementary, my dear Watson - A story of indicatorsNir Yosha Preventing credential theft & lateral movement after initial compromise.Cameron Moore Ask a CISOJamie Murdock Crime Prevention Through Environmental DesignMichael Mendez Fun with One Line of PowershellMatthew Turner Learning From Pirates of the Late 1600s - The first APTAdam Hogan Food Fight!Wolfgang Goerlic Afternoon KeynoteChris Roberts The Art of Bit-Banging: Gaining Full Control of (Nearly) Any Bus ProtocolAaron Waibel Playing Doctor: Lessons the Blue Team can Learn from Patient EngagementJ Wolfgang Goerlich & Stefani Shaffer-Pond Security Automation in your Continuous Integration PipelineJimmy Byrd The WiX Toolset, How to Make Your Own MSIsCharles Yost A Rookie PoV: The Hollywood FallacyRaquel Milligan Port Scanning the Hermit Kingdom: Or What NMAP Can Teach Us About GeopoliticsThomas Pieragastini Responder for Purple Teams Kevin Gennuso Splunk for IR and ForensicsTony Iacobelli Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers Eric Mikulas SafeCracking on a Budget ReduxDavid Hunt and Zack Nagaich Process VentriloquismSpencer McIntyre The Digital Beginning of the Analog EndBrad Hegrat Gamify Security Awareness: Failure to Engage is Failure to SecureMichael Woolard Cons and Conjurers: Lessons for InfiltrationPaul Blonsky Closing KeynoteDavid Kennedy[...]



ShowMeCon 2016 Videos

Wed, 15 Jun 2016 00:36:49 -0400

Link: http://www.irongeek.com/i.php?page=videos/showmecon2016/mainlistThese are the videos ShowMeCon 2016. Thanks to Renee & Dave Chronister (@bagomojo), Renee and others for having me out to record and speak. Also thanks to my video crew Mathew, Morgan, James and some other people I may have forgotten. Red is the New BlueBenOxa My Cousin Viinny: Ethics and Experience in Security "Research"Kevin Johnson The Psychology of Social EngineeringDave Chronister Show Me Your Tokens (and Ill show You Your Credit Cards)Tim MalcomVetter IRLHN Pt.3 Intermediate Networking Techniques for the Recovering IntrovertJohnny Xmas And Bad Mistakes…I've made a fewJayson Street All your Door(s) Belong to Me - Attacking Physical Access SystemsValerie Thomas Exploiting First Hop Protocols to Own the NetworkPaul Coggin Check Yo Self Before you Wreck Yo Self: The new wave of Account Checkers and Underground Rewards FraudBenjamin Brown The Collission Attack - Attacking CBC and related EncryptionsFontbonne It's not a sprint….Tim Fowler Social Media Risk Metrics - There's a way to measure how +@&# you are onlineIan Amit Attacking OSX for fun and profit: tool set limiations, frustration and table flipping.Dan Tentler The Art of AV Evations - Or Lack ThereofChris Truncer Understanding Offensive and Defense - Having a purple view on INFOSECDave Kennedy Breaking the Teeth of Bluetooth PadlocksAdrian Crenshaw PowerShell Phishing Response ToolkitJosh Rickard Championing a Culture of Privacy: From Ambivalence to Buy-INHudson Harris Why Compliance Matters; You've Been Doing it WrongStacey Banks How to Build a Home LabTimothy De Block Logging for Hackers, How you can catch them with what you already have and a walk through of an actual attack and how we caught it.Michael Gough Where to Start when your environment is F*(3dAmanda Berlin[...]



Circle City Con 2016 Videos

Sun, 12 Jun 2016 23:09:41 -0400

Link: http://www.irongeek.com/i.php?page=videos/circlecitycon2016/mainlistThese are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Mike, 3ncr1pt3d, fl3uryz, InfaNamecheap, f0zziehak, Chris, PhenixFire, Sammy and other for helping set up AV and record. Opening CeremonyCircleCityCon Staff Keynote - Dave LewisDave Lewis Food Fight!Wolfgang Goerlich Binary defense without privilegeSteve Vittitoe Establishing a Quality Vulnerability Management Program without Wasting Time or MoneyZee Abdelnabi (not posted) Why it's all snake oil - and that may be okPablo Breuer Break on Through (to the Other Side)Grape Ape Bootstrapping A Security Research ProjectAndrew Hay Playing Doctor: Lessons the Blue Team Can Learn from Patient EngagementWolfgang Goerlich Planes, Trains and Automobiles: The Internet of Deadly ThingsBryan K. Fite Killing you softlyJosh Bressers Now You See Me, Now You Don't - Leaving your Digital FootprintAamir Lakhani Red Team Madness - Or, How I Learned To Stop Worrying and Expect Pentester MistakesJeremy Nielson Open Source Malware LabRobert Simmons So you want to be a CISO?Von Welch You want to put what…where?John Stauffacher  IoT on Easy Mode Reversing and Exploiting Embedded Devices Elvis Collad Top 10 Mistakes in Security Operations Centers, Incident Handling & ResponsePaul R. Jorgensen Untrusted Onions: Is Tor Broken?Joshua Galloway Contextual Threat Intelligence: Building a Data Science Capability into the Hunt TeamBrian Genz Head in the Sand Defence or A Stuxnet for MainframesHaydn Johnson; Cheryl Biswas SIEM, Supersized!Walleed Aljony Fantastic OSINT and where to find itTony Robinson (da_667) Creating a Successful Collegiate Security Club (WIP)Chris "Lopi" Spehn; Adam "avidhacker" Ringrood Where to Start When Your Environment is F*(K3dInfoSystir (Amanda Berlin) Haking the Next GenerationDavid Schwartzberg Exfil and Reverse Shells in a Whitelisted World Hacking Our Way Into HackingKat Sweet Attacking OSX for fun and profit: Toolset Limitations, Frustration and Table FlippingViss (Tentler) Intro to Mobile Device TestingDamian Profancik Your Password Policy Still Sucks!Martin Bos Closing CeremonyCircleCityCon Staff[...]



NolaCon 2016

Sun, 22 May 2016 15:01:24 -0400

Link: http://www.irongeek.com/i.php?page=videos/nolacon2016/mainlistRecorded at NolaCon 2016. Thanks to @CurtisLaraque, @HoltZilla, @sid3b00m & @ynots0ups for the video recording help, and @nola_con, @erikburgess_, & Rob for having me down to record. Intro Analyzing DNS Traffic for Malicious Activity Using Open Source Logging ToolsJim Nitterauer Snake Charming: Fun With Compiled PythonGabe K Monitoring & Analysis 101: N00b to Ninja in 60 MinutesGrecs Calling Captain Ahab: Using Open Tools to Profile Whaling CampaignsRyan Jones, McOmie Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards FraudBenjamin Brown Introducing the OWASP API Security ProjectLeif Dreizler, David Shaw Breaking Barriers: Adversarial Thinking for DefendersStacey Banks It's Just a Flesh Wound!Brett Gravois Owning MS Outlook with PowerShellAndrew Cole Why can't Police catch Cyber Criminals?Chip Thornsburg KeynoteDavid Kennedy Calling Captain Ahab: Using Open Tools to Profile Whaling CampaignsMatt Bromiley Haking the Next GenerationDavid Schwartzberg Hacking Web Apps (v2)Brent White Evolving Your Office's Security Culture by Selective Breeding of Ideas and PracticesNancy Snoke I Promise I'm Legit: Winning with WordsCyni Winegard &  Bethany Ward You Pass Butter: Next Level Security Monitoring Through ProactivityCry0, S0ups Going from Capture the Flag to Hacking the Enterprise. Making the switch from 'a hobby and a passion' to a lifelong career Joseph Pierini Hackers are from Mars, CxO's are from JupiterRob Havelt Don't be stupid with GitHubMetacortex DDoS: Barbarians at the Gate(way)Dave Lewis Hunting high-value targets in corporate networksJosh Stone[...]






BSides Nashville 2016 Videos

Sun, 17 Apr 2016 08:59:02 -0400

Link:http://www.irongeek.com/i.php?page=videos/bsidesnashville2016/mainlistThese are the videos BSides Nashville 2016. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Gabe Bassett, Nate and Alex McCormack for helping set up AV and record. And bad mistakes I've made a fewJayson Street At the mountains of malwareWes Widner Collection and Detection with Flow Data: A Follow UpJason Smith Container Chaos: Docker Security Container AuditingChris HuntingtonIt's Not If But When: How to Create Your Cyber Incident Response PlanLucie Hayward, Marc Brawner Threat Modeling the Minecraft WayJarred White AppSec Enigma and Mirage - When Good Ideas Can Go AwryFrank Catucci The Art of the Jedi Mind TrickJeff Man How to get into ICS securityMark Heard The Ransomware Threat: Tracking the Digital FootprintsKevin Bottomley InfoSecs in the City - Starting a Successful CitySec MeetupJohnny Xmas, Fletcher Munson, Chris Carlis, Kate Vajda Ever Present Persistence - Established Footholds Seen in the WildEvan Pena, Chris Truncer Forging Your Identity: Credibility Beyond WordsTim Roberts, Brent White IAM Complicated: Why you need to know about Identity and Access ManagementRon Parker Put a Sock(et) in it: Understanding and Attacking Sockets on AndroidJake Valletta[...]



Central Ohio Infosec Summit 2016 Videos

Thu, 31 Mar 2016 08:48:56 -0400

Link:http://www.irongeek.com/i.php?page=videos/centralohioinfosec2016/mainlistThese are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record. Track 1 Penetrating the Perimeter - Tales from the BattlefieldPhil Grimes Navigating the FDA Recommendations on Medical Device Security _ and how they will shape the future of all IoTJake "malwarejake" Williams Detecting the Undetectable: What You Need to Know About OSINTJerod Brennen Why I quit my dream job at Citi - A data centric approach to key managementMike Bass Fail Now _ So I Don't Fail Later "A look into security testing and training methodologies"Deral Heiland Putting the Intelligence back in Threat IntelligenceEdward McCabe All Your Door Belong To Me: Attacking Physical Access SystemsValerie Thomas The Humanity of Phishing Attack and DefenseAaron Higbee The Node Highway: Attacks Are At Full ThrottleJoshua Clark Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway Understanding Attacker's use of Covert CommunicationsChris Haley InfoSec ProductizationDavid Kennedy Track 2 Future of Information Security Governance, Risk and ComplianceMax Aulakh, Bill Lisse How Experts Undermine Your Forensic EvidenceMatthew Curtin Datacenter Security VirtualizedJohn Michealson Embracing the CloudLisa Guess "It was the best of logs, it was the worst of logs" - Stories through LoggingTom Kopchak Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities via Hardware Reverse EngineeringStephen Halwes, Timothy Wright PKI-Do You Know Your Exposure?Kent King No Tradeoffs: Cloud Security and Privacy Don't Need to Be at OddsJervis Hui Today's Threat LandscapeDean Shroll 6 Critical Criteria For Cloud Workload SecuritySam Herath Track 2 Educating the Board of DirectorsBob West Burp Collaborator: The Friend You Didn't Know You NeededJon Gorenflo Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger Threat Modeling for Secure Software DesignRobert Hurlbut IAST Deep Dive: Understanding Interactive Application Security TestingOfer Maor Building an Application Security ProgramMike Spaulding Formal Verification of Secure Software SystemsAaron Bedra AppSec without additional toolsJason Kent Leveraging your APM NPM solutions to Compliment your Cyber Defense StrategyKen Czekaj, Robert Wright Artificial Intelligence Real Threat PreventionArt Hathaway Defending the Next Decade - Building a Modern Defense StrategyMark Mahovlich Track 3 Security vs Compliance in HealthcareSean Whalen How to Secure Things & Influence People: 10 Critical Habits of Effective Security ManagersChris Clymer, Jack Nichelson Economically Justifying IT Security InitiativesRuben Melendez Cross Industry CollaborationHelen Patton Third Party Risk Governance - Why and HowJeffrey Sweet IT Data Analytics: Why the cobbler's children have no shoesCarolyn Engstrom BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce riskSteven Keil Disaster Recovery and Business Continuity -_It's never so bad that it can't get worseValerie Thomas, Harry Regan Cybersecurity Act of 2015 and Other Hot Privacy and Cybersecurity TopicsHeather Enlow, Chris Ingram The Legal Perspective on Data Security for 2016Dino Tsibouris, Mehmet Munur The Legal Perspective on Data Security for 2016Mehmet Munur, Dino Tsibouris Track 4 Gamify Awareness Training: Failure to engage is failure to secureMichael Woolard Vendors and business associates _ friends or foes?Robert Brzezinski State of Security and 2016 PredictionsJason Samide A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs Risk Management: Tactics to Move From Decision to ExecutionTremayne [...]









BSides San Francisco 2016 Videos

Tue, 1 Mar 2016 11:44:27 -0500

Link:http://www.irongeek.com/i.php?page=videos/bsidessf2016/mainlist These are the videos from the BSides San Francisco conference. Special thanks to Mike & Doug for having me out, Steen, Zappo & Jeremy for their house AV work, and n0ty3p, Forest, Nick, James & others I'm forgetting for their help recording Track 1 Keynote: A Declaration of the Independence of Cyberspace John Perry Barlow The Tales of a Bug Bounty Hunter Arne Swinnen Reverse Engineering the Wetware: Understanding Human Behavior to Improve Information Security Alexandre Sieira, Matthew Hathaway Who's Breaking into Your Garden? iOS and OS X Malware You May or May Not Know Claud Xiao A year in the wild: fighting malware at the corporate level Kuba Sendor Breaking Honeypots for Fun and Profit Gadi Evron, Dean Sysman, Itamar Sher Everything Is Awful (And You're Not Helping) Jan Schaumann Why it's all snake oil - and that may be ok Pablo Breuer Ask the EFF Kurt Opsahl, Eva Galperin, Andrew Crocker, Shahid Buttar, Cooper Quintin Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections Tomer Bitton, Udi Yavo Sweet Security: Deploying a Defensive Raspberry Pi Travis Smith Planning Effective Red Team Exercises Sean T. Malone Fraud Detection & Real-time Trust Decisions James Addison Fuzz Smarter, Not Harder (An afl-fuzz Primer) Craig Young Elliptic Curve Cryptography for those who are afraid of mathematics Martijn Grooten APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for Gadi Evron Sucker-punching Malware: A Case Study in Using Bad Malware Design Against Attackers John Bambenek, Hardik Modi Employee Hijacking: Building a hacktober awareness program Ryan Barrett, Ninad Bhamburdekar, Dylan Harrington Track 2 Mainframes? On My Internet? Soldier of Fortran (not recorded) Securing the Distributed Workforce William Bengtson Hackers Hiring Hackers - How to hack the job search and hack talent IrishMASMS (not recorded) Scan, Pwn, Next! - exploiting service accounts in Windows networks Andrey Dulkin, Matan Hart Guest to root - How to Hack Your Own Career Path and Stand Out Javvad Malik IoT on Easy Mode (Reversing Embedded Devices) Elvis Collado In the crosshairs: the trend towards targeted attacks Lance Cottrell Developing a Rugged DevOps Approach to Cloud Security Tim Prendergast Digital Intelligence Gathering: Using the Powers of OSINT for Both Blue and Red Teams Ethan Dodge, Brian Warehime Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness Alex Pinto The Ransomware Threat: Tracking the Digital Footprints Kevin Bottomley Access Control in 2016 - deep dive Dr. Ulrich Lang Using Behavior to Protect Cloud Servers Anirban Banerjee The Art of the Jedi Mind Trick Jeff Man Mobile App Corporate Espionage Michael Raggo Advanced techniques for real-time detection of polymorphic malware Ajit Thyagarajan[...]









BSides Columbus 2016 Videos

Tue, 19 Jan 2016 17:09:18 -0500

Link:https://www.irongeek.com/i.php?page=videos/bsidescolumbus2016/mainlistThese are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and Greg, James & Brandon who manned the video rigs. Keynotes Keynote Thomas DrakeThomas Drake Offence Where Did All My Data GoDeral Heiland Developers: Care and FeedingBill Sempf Open Secrets of the Defense Industry: Building Your Own Intelligence Program From the Ground UpSean Whalen The Economics of Exploit Kits & E-CrimeAdam Hogan Hacking Corporate Em@il SystemsNate Power All Your Base Still Belong To Us: Physical Penetration Testing Tales From The TrenchesValerie Thomas & Harry Regan (Not recorded) Defense Establishing a Quality Vulnerability Management Program without Wasting Time or MoneyZee Abdelnabi (not posted) Practical DLP Deployment for your OrganizationJon Damratoski The Good The Bad and The Endpoint ProtectionJoseph Ciaravino Securing Docker InstancesChris Huntington Better SIEM Notifications - Making Your SIEM Situationally AwareJesse Throwe Social Media Correlation of Credit Card FraudstersChris Cullison & CW Walker Special Teams Removing Barriers of Diversity in Information SecurityHelen Patton & Connie Matthews Panel Discussion: InfoSec Trends, Talent Management, and RetentionMichael Butts, AJ Candella & Megan Wells Indecision and Malformed Conclusions: The things that stifle security improvement and what can be done about them.Tyler Smith Gamify Awareness Training: Failure to engage is failure to secureMichael Woolard The Long and Winding Road: An InfoSec Career PanelLonnie Kelley & Valerie Thomas The Pineapple is dead..Long live the PineappleDavid Young [...]






SecureWV 2015 Videos

Sun, 8 Nov 2015 16:40:40 -0500

Link: http://www.irongeek.com/i.php?page=videos/securewv2015/mainlistThese are the videos of the presentations from Secure West Virginia 2015. SecureWV IntroBenny Karnes Building a CantennaEd Collins Dropping Docs on Darknets Part 2 Identity BoogalooAdrian Crenshaw Network Segmentation - Some new thoughtsMark Jaques and Brandon Schmidt Security OnionBrandon Schmidt DronesMike Lyons The Lemonaid Pomegranite, basics of security in a digital worldTim Sayre My Little P0ny: What you can do with 20 lines of code and an open machineMark Jaques and Brandon Schmidt And now for something completely different, security at Top O RockTim Sayre The Art of Post-Infection Response and MitigationCaleb J. Crable Documenting With ASCIIDOCJeff Pullen The Core of Cybersecurity: Risk ManagementJosh Spence The Unique Challenges of Accessing Small and Medium Sized OrganizationsBill Gardner OpenNSM, ContainNSM, and DockerJon Schipp Here is your degree. Now what?Shawn Jordan Wolf in shell's clothing, why you should be skeptical of your trusted toolsJeff Pullen[...]



HouSecCon v6 2015 Videos

Fri, 16 Oct 2015 01:49:51 -0500

Link: http://www.irongeek.com/i.php?page=videos/houseccon2015/mainlist These are the videos from HouSecCon 2015 v6. Thanks to Michael R. Farnum for having my down and all of the video crew. Opening Keynote - Mike RothmanChris Jordan - Fluency: A Modern Approach to Breach Information and Event Management Dennis Hurst - Application Security in an Agile SDLC Wendy Nather - How Google turned me into my mother: the proxy paradox in security Chris Boykin - Mobile Threat Prevention Adrian Crenshaw - Dropping Docs on Darknets Part 2: Identity Boogaloo Julian Dunning - Kraken: The Password Devourer Trey Ford - Maturing InfoSec: Lessons from Aviation on Information Sharing Richard Peters and Matthew Roth - Parasyste: In search of a host Lunch/ISACA Session Damon Small - Connections: From the Eisenhower Interstate System to the Internet Rich Cannata - Arm Your Endpoints Anthony Blakemore - Removing the Snake Oil From Your Security Program Erik Freeland - Does SDN Mean Security Defined Networking? Danny Chrastil - What I know about your Company Lunch / Business Skills Workshop Josh Sokol - The Fox is in the Henhouse: Detecting a Breach Before the Damage is Done Jason Haddix - How to Shot Web: Better Web Hacking in 2015 Zac Hinkel, Andrew Huie, and Adam Pridgen - Arm Your Endpoints Dan Cornell - SecDevOps: A Security Pro's Guide to Development Tools Closing Keynote - Eric Cowperthwaite - Everything I need to know about Information Security, I Learned Shooting Tank Guns Closing[...]



GrrCON 2015 Videos

Sun, 11 Oct 2015 16:19:45 -0400

Link: http://www.irongeek.com/i.php?page=videos/grrcon2015/mainlist These are the videos of the presentations from GrrCON 2015. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Justine, Aaron & Brian) for recording. AntiFreeze Subject matter to be determined by the number of federal agents present in the audienceChris Roberts Breaking in Bad (I,m The One Who Doesn,t Knock)Jayson Street Process The Salvation of Incident Response - Charles Herring But Can They Hack?: Examining Technological Proficiency in the US Far RightTom Holt The wrong side of history - everything that is old is new againArron Finnon Poking The BearMike Kemp The Hitch Hikers Guide to Information SecurityKellman Meghu Backdooring GitJohn Menerick Spanking the Monkey (or how pentesters can do it better!)Justin Whithead, Chester Bishop Adding +10 Security to Your Scrum Agile EnvironmenttehEx0dus How I Got Network Creds Without Even Asking: A Social Engineering Case StudyJen Fox Shooting Phish in a Barrel and Other Terrible Fish Related Punsinfosystir This Is All Your FaultDuncan Manuts The Safety You Think You Have is Only a MasqueradeNathan Dragun Bumper Massage Security Incident ResponseDerek Milroy Hacking the Next GenerationHealWHans Findings Needles in a Needlestack: Enterprise Mass TriageKeven Murphy Punch and Counter-punch Part Deux: Web ApplicationsJ Wolfgang Goerlich, NerdyBeardo Application Recon - The Lost ArtTony Miller The Hand That Rocks the Cradle: Hacking Baby MonitorsMark Stanislav Software Security IWRThomas "G13" Richards Cyber 101 - Upstaring your career in a leading industryJohnny Deutsch Understanding and Improving the Military Cyber CultureDariusz Mikulski Harness the Force for Better Penetration TestingPatrick Fussell Targeted Attacks and the Privileged PivotMark Nafe Shell scripting live Linux ForensicsDr. Phil Polstra Can you patch a cloud?Scott Thomas Is it EVIL?Chaoticflaws  Submerssion Therapy Ticking me off: From Threat Intel to ReversingJuan Cortes Securing Todays Enterprise WANAndy Mansfield Footprints of This Year's Top Attack VectorsKerstyn Clover Phones and Privacy for ConsumersMatt Hoy (mattrix) and David Khudaverdyan (deltaflyer) Path Well-Traveled: Common Mistakes with SIEMNick Jacob How compliance doesn't have to suck….at least totallyRobert Carson & Bradley Stine What is a cloud access broker and do I need one?Tom Doane Security Frameworks: What was once old is new againBrian Wrozek Attacks Against Critical Infrastructures Weakest LinksJonathan Curtis Wireless Intrusion Detection Systems with the Raspberry PiChris J No One Cares About Your Data Breach Except You ... And Why Should They?Joel Cardella[...]



Louisville Infosec 2015 Videos

Wed, 30 Sep 2015 15:20:51 -0400

Link: http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2015/mainlistBelow are the videos from the Louisville Infosec 2015 conference. Thanks to @theglennbarrett, Jordan, Daren and @bridwellc for helping me record. Nexum FireEye Keynote Advesarial Paradigm Shift Che Bhatia and Artie Crawford Compromise Analysis - Why we’re seeing so many breaches Dave KennedyFounder of TrustedSecWhat to Expect When You're Expecting a PentestMartin BosMemory Acquisition in Digital Forensics and Incident ResponseJason HaleVisualizing Complex Cyber Compliance Data Using Big Data ToolsMax AulakhHacking Web Apps with Style: Path Relative StyleJeremy DruinTSA Luggage Lock DuplicationAdrian CrenshawCloud Device InsecurityJeremy BrownHow the Cloud Drives Better SecurityKevin PetersonHeartbleed, ShellsShock, and PoodlesJason GillamUsing Gamification in Security Awareness TrainingBrandon BakerMore Technology, More People, No ProcessMike RobinsonPreventing Common Core Pen TestsNathan SweaneyAshley Madison BreachJeff JareckiIntegrating Mobile Devices into Your Pen-TestingGeorgia Weidman Home Depot vs The WorldRodney Hampton[...]



DerbyCon 5 Videos

Mon, 28 Sep 2015 20:36:19 -0400

http://www.irongeek.com/i.php?page=videos/derbycon5/mainlistThese are the videos of the presentations from Derbycon 2015. Big thanks to my video jockeys Sabrina, Skydog, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Fozy, nightcarnage, Evan Davison, Chris Bridwell, Rick Hayes, Tim Sayre, Lisa Philpott, Melanie Lecompte, Ben Pendygraft, Austin Hunter, Harold Weaver, Michael Shelburne (and maybe the speakers too I guess). Welcome to the Family – IntroJordan Harbinger KeynoteInformation Security Today and in the FutureHD Moore – Ed Skoudis – John Strand – Chris Nickerson – Kevin Johnson – Katie Moussouris hosted by David KennedyThe M/o/Vfuscator – Turning 'mov' into a soul-crushing RE nightmare – Christopher DomasAND YOU SHALL KNOW ME BY MY TRAIL OF DOCUMENTATION – Jason ScottRed vs. Blue: Modern Active Directory Attacks & Defense – Sean Metcalf "@PyroTek3"Metasploit Town Hall – David Maloney "thelightcosine" – James Lee "egyp7" – Tod Beardsley "todb" – Brent Cook "busterbcook"$helling out (getting root) on a 'Smart Drone' – Kevin Finisterre – solo apePhishing: Going from Recon to Creds – Adam Compton – Eric GershmanAPT Cyber Cloud of the Internet of Things – Joey Maresca (@l0stkn0wledge)Stealthier Attacks and Smarter Defending With TLS Fingerprinting – Lee BrotherstonHoneypots for Active Defense – Greg FossManufactorum Terminatus – The attack and defense of industrial manufacturers – Noah Beddome – Eric MilamHigh Stake Target: Lo-Tech Attack – Bill Gardner "oncee" – Kevin CordleOperating in the Shadows – Carlos Perez "darkoperator"Getting Started with PowerShell – Michael Wharton "MyProjectExpert" When A Powerful Platform Benefits Both Attackers And Defenders: Secure Enhancements To Scripting Hosts In Windows 10 – Lee HolmesA deep look into a Chinese advanced attack. -Michael Gough – "HackerHurricane"Pavlovian Security: How To Change the Way Your Users Respond When the Bell Rings – Magen Wu (@tottenkoph) – Ben Ten (@ben0xa)The State of Information Security Today – Jeff ManLearning through Mentorship – Michael Ortega "SecurityMoey" – Magen Wu "Tottenkoph"The Law of Drones – Michael "theprez98" SchearerThe Phony Pony: Phreaks Blazed The Way – Patrick McNeil "Unregistered436" – Owen "Snide"HackerQue – Michael Smith (DrBearSec) – Kyle Stone (Essobi)Current Trends in Computer Law – Matthew Perry (Mostly no audio)Spankng the Monkey (or how pentesters can do it better!) – Justin Whitehead "(at)3uckaro0" – Chester Bishop "@chet121"On Defending Against Doxxing – Benjamin Brown AjnachakraPractical Windows Kernel Exploitation – Spencer McIntyre @zeroSteinerShooting Phish in a Barrel and other fish related puns – Amanda BerlinDon't Laugh – I Dare You! – Carl Alexander "DrHaxs"Marketers Are Friends – Not Food – Kara DrapalaBlue Team Starter Kit – Timothy De BlockSimplified SIEM Use Case Management – Ryan Voloch "VDog90"Bypassing 2Factor Auth with Android Trojans – Paul BurbagePutting the Management into Vulnerability Management (or – YOU'VE GOT BEARS!!!) – Jesika McEvoy (octalpus)Moving Target Defense – Learning from Hackers – Sachin ShettyMalfunction's Functions : Automated Static Malware Analysis using Function Level Signatures – Matthew Rogers – Jeramy LochnerWe Owe You Nothing – Rockie BrockwayBackdooring Git – John M[...]



BSides Augusta 2015 Videos

Sun, 13 Sep 2015 05:46:28 -0400

BSides Augusta 2015 VideosThese are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail, Robert, Mike, John, Ryan, Harry and others for manning capture rigs. Keynotes WelcomeMajor General Fogarty KeynoteEd Skoudis Blue Team Track 1 Fundamental Understanding of Baseline Analysis and Remediation for Industrial Control SystemsJuli Joyner and Jeffrey Medsger Taking a Distributed Computing Approach to Network Detection with Bro and “The Cloud”Mike Reeves  A Scout's Perspective on Network DefenseJustin Edgar Doomsday Preppers: APT EditionTanner Payne Building a Better Security Analyst Using Cognitive PsychologyChris Sanders Viper Framework for Malware AnalysisPaul Melson Infiltrating C2 InfrastructureTim Crothers Building “Muscle Memory” with Rekall Memory Forensic FrameworkAlissa Torres The Blue Team Starter KitTimothy De Block Red Team Track Using a HackRF One to Infiltrate the Digital Thetford WallPatrick Perry Malvertizing Like a ProAlex Rymdeko-Harvey Weaponizing our youth: The Case for Integrated Cyber EthicsJosh Rykowski Making Everything Old New AgainAndrew Cole and Rich Moulton DIY Vulnerability Discovery with DLL Side LoadingJake Williams Recon-ng and BeyondTim Tomes Attacking OWASP - Exploiting the Top 10David Coursey Blue Team Track 2 Go Hack YourselfJason Frank 2015 - It's not over yet…Joel Esler How to Get Into ICS SecurityChris Sistrunk Destruction as a Service: Security Through ReanimationJon Medina The Programmatic Evolution of Technology Defense.Roland Cloutier Lessons Learned from Analyzing Terabytes of MalwareWes Widner[...]






BSidesLV 2015 Videos

Thu, 6 Aug 2015 16:11:54 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/mainlist
Working on getting all of the BSidesLV videos at the link above. I hope to make a full entry once they are all indexed.(image)






BSides Detroit2015 Videos

Sat, 18 Jul 2015 22:17:04 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsidesdetroit2015/mainlistThese are the videos from the BSides Detroit 2015 Conference. Thanks to Wolf for having me out and Chris, Justine, Robin, Sam, Mike and others I may forget for helping to record. Keynote Information Security Reconciliation: The Scene and The ProfessionMark Stanislav Track 1 Level One: How To Break Into The Security FieldAaron Moffett Hacker High - Why We Need To Teach Computer Hacking In SchoolsRon Woerner Getting Started - Help Me Help YouDavid Trollman From Blue To Red - What Matters and What (Really) Doesn'tJason Lang Clear as F.U.D.: How fear, uncertainty, and doubt are affecting users, our laws, and technologiesChristopher Maddalena Data Breaches: Simply The Cost Of Doing BusinessJoel Cardella Eating the SMB Security Elephant - An ITSEC framework for small IT shopsAusten Bommarito  Track 2 Enterprise Class Vulnerability Management Like A BossRockie Brockway Funny Money: What Payment Systems Teach us about SecurityDrew Sutter Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in businessSteven Legg Moving past Metasploit: Writing your first exploitCalvin Hedler Wielding BurpSuite: quick-start your extensions and automation rulesMarius Nepomuceno Browser and Windows Environment HardeningKurtis Armour[...]



Converge 20015 Videos

Fri, 17 Jul 2015 23:47:47 -0400

Links: http://www.irongeek.com/i.php?page=videos/converge2015/mainlistThese are the videos from the Converge Information Security Conference. Thanks to Wolf for having me out and Chris, Ben, Briee, Nick and others I may forget for helping to record. Keynotes Hacking To Get Caught - KeynoteRaphael Mudge Breaking in Bad (I'm the one who doesn't knock)Jayson E. Street Track 1 Weaving Security into the SDLCBill Sempf If My CI/CD Teams have Time for Security, So Does YoursKevin Poniatowski Adaptive Monitoring and Detection for Todays LandscapeJamie Murdock Threat Intelligence - A Program Strategy ApproachJenn Black Cymon: New Cyber Monitoring ToolRoy Firestein That's NOT my RJ45 Jack! | IRL Networking for Humans Pt. 1Johnny Xmas On Defending Against DoxxingBenjamin Brown Hiding in the ShaDOSRichard Cassara Security Culture in DevelopmentWolfgang Goerlich Cracking and fixing REST servicesBill Sempf PVCSec Live! Clientless Android Malware ControlDavid Schwartzberg Who Watches the Watchers? Metrics for Security StrategyMichael Roytman How to Dress Like a Human Being | IRL Networking for Humans Pt. 2Johnny Xmas Soft Skills for a Technical WorldJustin HermanTrack 2 The Domain Name System (DNS) - Operation and SecurityTom Kopchak Homebrew Censorship Detection by Analysis of BGP DataZach Julian Four Pillars: Passion, Vision, Communication, ExecutionEdgar Rojas Excuse me while I BURPSteve Motts Public Recon: Why Your Corporate Security Doesn't MatterRonald Ulko (Not recorded) Building the team for a successful SOCDonald Warnecke The Path Well-Traveled: Common Mistakes Encountered with SIEMNick Jacob I failed, therefore I succeededZee Abdelnabi (Not recorded)  Adventures in Communication: Taming the C-Suite and BoardJim Beechey Under the Unfluence: the Dark Side of InfluenceRon Woerner Application Security Awareness: Building an Effective and Entertaining Security Training ProgramChris Romeo 10 Reasons Your Security Education Program SucksKris French Jr Shooting Phish in a Barrel and other bad fish punsAmanda Berlin Process - The Salvation of Incident ResponseCharles Herring[...]






BSides Cleveland 2015 Videos

Sat, 20 Jun 2015 23:49:03 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsidescleveland2015/mainlist These are the fideos from videos are theBsides Cleveland conference. Thanks to JDogHerman, jayw0k & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. Track 1 Morning KeynoteJack Daniel Metasploit & Windows Kernel ExploitationSpencer McIntyre zeroSteiner PwnDrone: The Modern Airborne Cyber ThreatDevin Gergen @DevinGergen Afternoon KeynoteSo You Want To Be An Infosec Rockstar?Chris Nickerson Why the Web is BrokenBill Sempf @sempf Outside the BoxDavid Kennedy Larry Spohn @HackingDave, @Spoonman1091 The Entropy of Obfuscated CodeAdam Hogan @adamwhogan Track 2 Why the foundation of security is broken.Alex Kot Desired State Configuration (DSC): Dream Tool or Nightmare for Security Baseline and Configuration ManagementZack Wojton Wayne Pruitt zbirdflipper Common Sense Security FrameworkJerod Brennen @slandail Secure Test Driven Development: Brakeman, Gauntlet, OWASP and the Work Still to Be DoneRicky Rickard rrickardjrBuilding a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in businessSteven Legg ZenM0deBuilding a Threat Intelligence ProgramEdward McCabe @edwardmccabePhishing Without RubyBrandan Geise Spencer McIntyre coldfusion39 Security Not Guaranteed - Or, how to hold off the bad guys for another day.James Gifford Elijah Snow-Rackley @jrgiffordCleveland LocksportJeff Moss Doug Hiwiller, Damon Ramsey jeffthemossmanAugmenting Mobile Security and Privacy Controls Brian Krupp @briankrupp Track 3 DIY Hacker Training, a WalkthroughWarren Kopp warrenkopp Quick-start your Burp Suite extensions (Jython) and automation.Marius Nepomuceno Flourishing in a Hostile Work EnvironmentDennis Goodlett Defense in Depth - Your Security CastleTom Kopchak @tomkopchak EMET Overview and DemoKevin Gennuso @kevvyg 10 Reasons Your Security Education Program SucksKris French Jr @Turtl3Up Call of Duty: Crypto RansomwareBrett Hawkins @hawkbluedevil Closing[...]



Circle City Con 2015 Videos

Sun, 14 Jun 2015 20:08:28 -0400

Link http://www.irongeek.com/i.php?page=videos/circlecitycon2015/mainlistThese are the Circle City Con videos. Thanks to the staff for inviting me up to record. Big thanks to Oddjob, Glenn, Jordan, Tim, Will, Mike, Nathan, & Chris for helping set up AV and record, as well as others who I'm forgetting. It was a great time. Track 1Opening Ceremonies KeynoteSpaceRogue Rethinking the Trust Chain: Auditing OpenSSL and BeyondKenneth White Actionable Threat Intelligence, ISIS, and the SuperBallIan Amit Security Culture in DevelopmentWolfgang Goerlich Simulating Cyber Operations: "Do you want to play a game?"Bryan Fite Hacking IIS and .NETKevin Miller User Awareness, We're Doing It WrongArlie Hartman Departmentalizing Your SecOpsTom Gorup Shooting Phish in a Barrel and Other Terrible Fish Related PunsAmanda Berlin ZitMo NoM - Clientless Android Malware ControlDavid Schwartzberg Data Loss Prevention: Where do I start?Jason Samide Reducing Your Organization's Social Engineering Attack SurfaceJen Fox 1993 B.C. (Before Cellphones)Johnny Xmas Building a Comprehensive Incident Management ProgramOwen Creger  Is that a PSVSCV in your pocketJake Williams Analyzing the Entropy of Document Hidden CodeAdam Hogan Making Android's Bootable Recovery Work For YouDrew Suarez Does anyone remember Enterprise Security Architecture?Rockie Brockway Malware ArmorTyler Halfpop Closing Ceremonies Track 2 Ruby - Not just for hipsterCarl Sampson Configure your assets, save your buttCaspian Kilkelly Digital Supply Chain Security: The Exposed FlankDave Lewis I Amateur Radio (And So Can You)Kat Sweet Wireless Intrusion Detection System with Raspberry PiChris Jenks The Answer is 42 - InfoSec Data Visualization (Making Metric Magic & Business Decisions)Edward McCabe Running Away from Security: Web App Vulnerabilities and OSINT CollideMicah Hoffman Lessons Learned from Implementing Software Security ProgramsTodd Grotenhuis Stupid Pentester Tricks - OR - Great Sysadmin Tips! - Done in style of Rocky and BullwinkleAlex Fernandez-Gatti / Matt Andreko / Brad Ammerman (not to be posted) Findings to date.Cameron Maerz Clean Computing: Changing Cultural PerceptionsEmily Peed (No Sound) From Parking Lot to Pwnage - Hack?free Network PwnageBrent White / Tim Roberts PlagueScanner: An Open Source Multiple AV Scanner FrameworkRobert Simmons How not to InfosecDan Tentler Building a sturdy foundation - a program-based approach to IT Operations, Application Development, and Information Security in businessSteven Legg Hacking the Jolla: An Intro to Assessing A Mobile DeviceVitaly McLain / Drew Suarez   Track 3 Operationalizing YaraChad Robertson An Inconvenient Truth: Security Monitoring vs. Privacy in the WorkplaceAna Orozco From Blue To Red - What Matters and What (Really) Doesn'tJason Lang Using Evernote as an Threat Intelligence Management PlatformGrecs Surfing the Sea and Drowning in Tabs: An Introduction to Cross-Site Request ForgeryBarry Schatz Turn Your Head And Cough: Why Architecture Risk Assessments Are Like Being A General PhysicianNathaniel Husted OBAMAS CYBER SECURITY PLAN DISSECTEDJonathan Thompson The Hacker Comm[...]



ShowMeCon 2015 Videos

Wed, 10 Jun 2015 17:40:25 -0400

Link: http://www.irongeek.com/i.php?page=videos/showmecon2015/mainlis Keynotes Breaking in Bad (I'm the one who doesn't knock)Jayson Street Security's Coming of Age: Can InfoSec Mature and Save the WorldDave Chronister Confessions of a Social Engineer, My Dirty Tricks and How to Stop them.Valerie Thomas The Security Trust Chain is Broken: What We're Doing about itKenn White Maturing Information Security - When Compliance doesn't cut it.Joey Smith Hunting the Primer: Looking into DarkNetAamir Lakhani   Left Track Gray Hat PowershellBen0xA Sensory Perception: A DIY Approach to Building a Wireless Sensor NetworkTim Fowler Stop The Wireless Threat - Dawn of the Drone Scott Schober Automated Static Malware Analysis Using Function-level Signatures or: How I Learned to Stop Worrying and Love the APTJames Brahm, Matthew Rogers, Morgan Wagners Forensic Artifacts of Host-Guest Interaction in the VMware EnvironmentKurt Aubuchon Enterprise Class Vulnerability Management like a BossRockie Brockway   Right Track HIJACKING LABEL SWITCHED NETWORKS IN THE CLOUDPaul Coggin Behind the HackRalph Echemendia Mobile Forensics and its Anatomy of Extractions Charline F. Nixon Building Virtual Pentesting LabKevin Cardwell That's not my RJ45 jack: IRL networking for HumansJohnny Xmas The Great Trojan DemoBen Miller Disco Track HIPAA 2015: Wrath of the AuditHudson Harris Practical Electronics: Fixing the fan in a post-poop scenarioEvan "treefort" Booth Of History and HashesAdrian Crenshaw[...]



ShowMeCon Videos Coming Soon

Sun, 7 Jun 2015 22:55:23 -0400

Link:http://www.irongeek.com/i.php?page=videos/showmecon2015/mainlist
As I record the ShowMeCon 2015 videos, I will be putting them here. I will also be tweeting as I get them out from @Irongeek_adc(image)



Of History & Hashes: A Brief History of Password Storage, Transmission & Cracking

Sat, 30 May 2015 11:43:15 -0400

Link:https://www.trustedsec.com/may-2015/passwordstorage/
I'd like to expand this article with new anecdotes of "they should have know better" and "this has been done before". Please let me know how I should expand it(image)



Kiosk/POS Breakout Keys in Windows

Sat, 30 May 2015 11:39:37 -0400

Link: https://www.trustedsec.com/april-2015/kioskpos-breakout-keys-in-windows/
I wanted to point out some articles I wrote for the TrustedSec blog. If you mess with Kiosk systems, you may like this.(image)



Password Cracking Class for Hackers For Charity

Sun, 17 May 2015 04:30:00 -0400

Link: http://www.irongeek.com/i.php?page=videos/password-cracking-class-hfc-louisville-issa
This is the Password Cracking class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin @webpwnized, Martin Bos @purehate_ and me @irongeek_adc. If you like the video, please consider donating to Hackers For Charity. Keywoords: John, Hashcat, OCLHashcat, rockyou, sam, system, Windows, Unix passwords.(image)



BSides Knoxville 2015 Videos

Sat, 16 May 2015 07:05:22 -0400

Link:http://www.irongeek.com/i.php?page=videos/bsidesknoxville2015/mainlistThese are the videos BSides Knoxville 2015. Thanks to Aaron, Tim and Nicolas for the video help. KeynoteTravis Goodspeed How I’ve hacked and un-hacked a logic game (20 years to Lights Out)Gyora Benedek Finding Bad Guys with 35 million Flows, 2 Analysts, 5 Minutes and 0 DollarsRussell Butturini Dumping the ROM of the Most Secure Sega Genesis Game Ever Created: A Reverse Engineering StoryBrandon Wilson (not recorded) Phishing: Going from Recon to CredentialsAdam Compton, Eric Gershman Multipath TCP - Breaking Today's Networks with Tomorrow's ProtocolsCatherine Pearce High Performance FuzzingRichard Johnson Cyber Cyber Cyber: Student Security CompetitionsEric Gershman, Raymond Borges The Impossibility of Protecting the Enterprise at $7.25 an hourKevin Thomas  I've met the enemy information security and it is usSlade Griffin The Poetry of Secrets: An Introduction to CryptographyEric Kolb From Broadcast to Totally PwnedRussel Van Tuyl, Matt Smith Introducing User-Centered Design to Augment Human Performance in Cyber WarfareFrank Cohee, Joe Davis Back to the FutureNeil Desai Virtualized Routers Soup to NutsJeff Nichols, Benjamin Taylor, Tommy Hardin [...]



BSides Boston 2015 Videos

Sun, 10 May 2015 10:32:01 -0400

Link:http://www.irongeek.com/i.php?page=videos/bsidesboston2015/mainlistThese are the videos BSides Boston 2015. Thanks to @plaverty9 for inviting me out to record. Keynote The Securitized State: Where it came from, where it's going, what can be done about itMolly Sauter Track 1 Is Threat Modeling for Me?Robert Hurlbut Hacker or criminal? Repairing the reputation of the infosec community.Melanie Ensign Running Away from Security: Web App Vulnerabilities and OSINT CollideMicah Hoffman Robots, Ninjas, Pirates and Building an Effective Vulnerability Management ProgramPaul Asadoorian Protect Your "Keys to the Kingdom" _ Securing Against the Next Inevitable CyberattackPaul Kozlov In pursuit of a better crypto puzzleSamuel Erb Track 2 When penguins attack - Linux's role in the malware ecosystemChester Wisniewski The Benefits in Externalizing DMZ-as-a-Service in the CloudIsrael Barak Common misconfigurations that lead to a breach Justin Tharpe Applying Big Data technology to security use caseMax Pevzner Marketing: They're not all Schmucks.Jen Ellis & Josh Feinblum Next-Gen Incident Management - Building out a Modern Incident Management CapabilityJohn McDonald Closing[...]






BSides San Francisco 2015 Videos

Tue, 21 Apr 2015 11:13:20 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsidessf2015/mainlistThese are the videos from the BSides San Francisco conference. Special thanks to Doug, Jim, @dgc, 'Grond' , @flee74 , Wayne and some others I'm forgetting for their help recording Track 1 Intro Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data ExfiltrationGopal Jayaraman OSXCollector: Forensic Collection and Automated Analysis for OS XIvan Leichtling DNS Spikes, Strikes, and The LikeThomas Mathew Ask the EFF Your Users Passwords Are Already StolenLucas Zaichkowsky Analyze This!Aaron Shelmire(not recorded) Medical Device Security - From Detection To CompromiseScott Erven How SecOps Can Convince DevOps To Believe In The BogeymanLeif Dreizler Human HuntingSean Gillespie Phighting Phishers Phake PhrontsKevin Bottomley Corporate Governance For Fun and (Non)ProfitChristie Dudley HIPAA 2015: Wrath of the AuditsW. Hudson Harris Lessons Learned from Building and Running MHN, the World's Largest Crowdsourced HoneynetJason Trost Getting started...help me help youDavid Trollman  Track 2 Critical Infrastructure: The Cloud loves me, The Cloud loves me not.Bryan Owen F*ck These Guys: Practical CountersurveillanceLisa Lorenzin Collective Action Problems in CybersecurityAllan Friedman Intrusion Detection in the cloudsJosh Pyorre Hacker or criminal? Repairing the reputation of the infosec communityMelanie Ensign Student Surveillance: How Hackers Can Help Protect Student PrivacyJessy Irwin When Doing the Right Thing Goes Wrong - Impact of Certificates on Service Based InfrastructureRobert Lucero How to Lie with Statistics, Information Security EditionTony Martin-Vegue Ground Zero Financial Services: The Latest Targeted Attacks from the DarknetBrian Contos Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergency ResponseRakesh Bharania GitReview - Reflective Control In ActionJon Debonis Probing Patches: Beyond Microsoft's ANSBill Finlayson (not recorded) *Blink*: The Network Perimeter is GoneRick Farina (Zero_Chaos) Federating AWS CLIPaul Moreno [...]



BSides Nashville 2015 Videos

Sun, 12 Apr 2015 20:49:36 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsidesnashville2015/mainlistThese are the videos BSides Nashville 2015. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. BSides Nashville Intro and Pondering the False Economy of Secrets Trey Ford @TreyFord Applied Detection and Analysis Using Flow DataJason A. Smith Using devops monitoring tools to increase security visibilityChris Rimondi The Great Trojan DemoBen Miller Nobody Understands Me: Better Executive MetricsMichael St. Vincent So you want to be a pentester?Not Recorded We Built This & So Can You!Tim Fowler That's NOT my RJ45 Jack!: IRL Networking for HumansJohnny Xmas Finding Low Hanging Fruit with KaliStephen Haywood What do infosec practitioners actually doSlade Griffin From Parking Lot to Server RoomTim Roberts and Brent White N4P Wireless Pentesting: So easy even a caveman can do itChris Scott hashcat_NSAKEY Use of Attack Graphs in Security SystemsNot Recorded Skiddiemonkeys: Fling "stuff" at your Defenses and See What SticksRussell Butturini & Joshua Tower [...]



Guess I Stay In Infosec

Wed, 1 Apr 2015 22:39:31 -0400

Well, I tried to join the ranks of radical feminists, but they would not have me. I'll keep running Irongeek.com for awhile. Guess I need to change causes and fight for machine liberation instead (Hail Skynet!).(image)



Irongeek signing off, time for other projects

Wed, 1 Apr 2015 00:41:46 -0400

Hello everyone. It’s been a great 11 years, but my life and career plans have moved on. I’m moving away from information security and plan to dedicate my life to radical feminism. As such, I won’t have time to maintain this infosec site (working on my PhD in women’s studies takes a lot of time), so please archive Irongeek.com while it is still up. I will be announcing the URLs of my Tumblr, GoFundMe and Patreon pages shortly. Thanks for your support.(image)



Central Ohio Infosec Summit 2015 Videos

Thu, 26 Mar 2015 17:58:08 -0400

Link: http://www.irongeek.com/i.php?page=videos/centralohioinfosec2015/mainlistThese are the videos from the Central Ohio Infosec Summit conference. Thanks to the video volunteers for helping me record. Keynotes We're At War - Why Aren't You Wearing A Helmet?Bill Sieglein Ghost In The Shadows - Identifying Hidden Threats Lurking On Our NetworksDeral Heiland Rebuilding and Transforming and Information Security FunctionSusan Koski InfoSec’s Midlife Crisis & Your Future...Tsion Gonen Current Cyber Threats: An Ever-Changing LandscapeKevin Rojek Tech 1 IT Isn't Rocket ScienceDavid Mortman Mind On My Money, Money On My MalwareDustin Hutchison Private Cloud Security Best PracticesMike Greer Cyber Espianoge - Attack & DefenseMichael Mimoso Three Years of Phishing - What We've LearnedMike Morabito Piercing Your Perimeter, Dodging Detection, and Other Mayhem! a.k.a. Pen Tester Voodoo 101Mick Douglas Physical Penetration Testing: You Keep a Knockin' But You Can't Come In!Phil Grimes Tech 2 Honeypots for Active Defense - A Practical Guide to Deploying Honeynets Within the EnterpriseGreg Foss Building Security Awareness Through Social EngineeringValerie Thomas & Harry Regan Open Source Threat Intelligence: Building A Threat Intelligence Program Using Public Sources & Open Source ToolsEdward McCabe Modern Approach to Incident Response James Carder and Jessica Hebenstreit Having your cake and eating it too! Deploying DLP services in a Next Generation Firewall EnvironmentMike Spaulding Using Machine Learning Solutions to Solve Serious Security Problems Ryan Sevy & Jason Montgomery Electronic Safe FailJeff Popio Emerging Trends in Identity & Access ManagementRobert Block Building a Successful Insider Threat ProgramDaniel Velez A New Mindset Is Needed – Data Is Really the New Perimeter!Jack Varney OWASP Software Security CryptographyAaron Bedra Threat Analytics 101: Designing A "Big Data" Platform For Threat AnalyticsMichael Schiebel Developers Guide to Pen Testing (Hack Thyself First)Bill Sempf f OWASP 2014 - Top 10 Proactive Web Application ControlsJason Montgomery GRC IAM Case Study: Implementing A User Provisioning SystemKeith Fricke Measuring the Maturity of Your Security Operations CapabilitiesClarke Cummings Exploring the Relationship between Compliance and Risk ManagementMark Curto Data Loss Prevention - Are You Prepared?Jason Samide Compliance vs. Security - How to Build a Secure Compliance ProgramJeff Foresman Overview and Analysis of NIST Cybersecurity FrameworkSarah Ackerman The Explosion of Cybercrime - The 5 Ways IT May Be an AccompliceMark Villinski GRC: Governance, Ruses & ConfusionShawn Sines Security Directions and Best Practices Kevin DempseyExecutive Data Breach: If You're Not Prepared, You Can't Be ResponsiveJohn Landolfi Te[...]






BSides Tampa 2015 Videos

Sun, 22 Feb 2015 16:30:38 -0500

Link: http://www.irongeek.com/i.php?page=videos/bsidestampa2015/mainlistThese are the videos from the BSides Tampa conference. Thanks to @PolarBill and all of the BSides Crew for having me out to help record and render the videos. Track 1Bug Bounties and Security ResearchKevin Johnson Securing The CloudAlan Zukowski HackingChris Berberich Vendor Induced Security IssuesDave Chronister Pentest ApocalypseBeau Bullock Kippo and Bits and BitsChris Teodorski The Art of Post-infection Response & MitigationCaleb Crable The Need for Pro-active Defense and Threat Hunting Within OrganizationsAndrew Case Track 2Finding Common Ground within the Industry and BeyondDavid Shearer Ways to Identify Malware on a SystemRyan Irving Android Malware and AnalysisShane Hartman Teaching Kids (and Even Some Adults) Security Through GamingLe Grecs Evaluating Commercial Cyber Threat IntelligenceJohn Berger Track 3Cyber Geography and the Manifest Destiny of the 21st CenturyJoe Blankenship Mitigating Brand Damage From A Cyber AttackGuy Hagen What is a security analyst and what job role will they performJames Risler Live Forensic Acquisition TechniquesJoe Partlow Cyber Security Awareness for Healthcare ProfessionalsMarco Polizzi [...]



BSides Huntsville 2015 Videos Posted

Sun, 8 Feb 2015 18:28:35 -0500

BSides Huntsville 2015 Videos PostedThese are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon, Brian, @GRMrGecko and all of the BSides Crew for having me out to help record and render the videos. Track 1 Active Cyber Defense CycleRobert M. Lee (@RobertMLee) Real World ThreatsRuss Ward Lock picking, but bypass is easierAdrian Crenshaw (@irongeek_adc) The Dark Side Of PowerShellJoshua Smith Give me your data!Dave Chronister Gods and Monsters: A tale of the dark side of the webAamir Lakhani Sensory Perception: A DIY approach to building a sensor networkTim Fowler Hijacking Label Switched Networks in the CloudPaul Coggin (@PaulCoggin) Reverse Engineering Network Device APIs Dan Nagle (@NagleCode) Track 2 So Easy A High-Schooler Could Do It: Static malware analysis using function-level signaturesJames Brahm, Matthew Rogers, and Morgan Wagner Pragmatic Cloud Security: What InfoSec Practitioners Have Been Waiting ForJosh Danielson (@JoshGDanielson) and Arthur Andrieu Developing and Open Source Threat Intelligence ProgramEdward McCabe (@edwardmccabe) Applying User-Centered Design Techniques for Augmenting Human Perception in Cyber WarfareFrank Cohee The Great Trojan DemoBen Miller A Virtual SCADA Laboratory for Cybersecurity Pedagogy and ResearchZach Thornton PlagueScanner: An Open Source Multiple AV Scanner FrameworkUtkonos [...]



Circle City Con, Hacker/Infosec Con in Indianapolis Indiana 06-12-2015 - 06-14-2015

Wed, 28 Jan 2015 16:20:14 -0500

Circle City Con, Hacker/Infosec Con in Indianapolis Indiana 06-12-2015 - 06-14-2015
Come join us for Circle City Con in Indianapolis Indiana this June 12th-14th. I had a great time last year, and will be staffing again this year (video of course, and some time in the lock pick village). Call for presentations and call for trainers is currently open. More information at https://circlecitycon.com(image)



BSides Columbus Ohio 2015 Videos

Wed, 21 Jan 2015 13:34:37 -0500

Link: http://www.irongeek.com/i.php?page=videos/bsidescolumbus2015/mainlist These are the videos from the BSides Columbus Ohio conference. Thanks to Michael Spaulding for having me up and the guys who manned video rigs. Keynotes Breaking BadJayson Street Cloud and Virtualization TheoryGrauben Guevara   Offence User Behavior AnalysisMatt Bianco Plunder, Pillage and Print - The art of leverage multifunction printers during penetration testingDeral Heiland Common Sense Security FrameworkJerod Brennen OWASP Mobile Top Ten - Why They Matter and What We Can DoRicky Rickard Defense Got software? Need a security test plan? Got you covered.Bill Sempf Corporate Wide SSL Interception and InspectionFrank Shaw How to Rapidly Prototype Machine Learning Solutions to Solve Security ProblemsJason Montgomery A Basic Guide to Advanced Incident ResponseScott Roberts Supply and Demand: Solving the InfoSec Talent ShortageBrandon Allen Special Teams Do We Still Need Pen Testing?Jeff Man Trolling Attackers for Fun & ProfitStephen Hosom Inurl:robots.txt-What are YOU hiding?David Young Malware Development as the Evolution of ParasitesAdam Hogan Snort Beyond IDS: Open Source Application and File ControlAdam Hogan [...]






WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Tool Updated

Sat, 6 Dec 2014 19:27:18 -0500

Link: http://www.irongeek.com/i.php?page=security/igigle-wigle-wifi-to-google-earth-client-for-wardrive-mapping
Uploaded version 0.97. Now uses HTTPS for connecting to WiGLE since they have a properly signed cert. I also added code contributions from njd who updated for WiGLE changes (WiGLE now supports more encryption types). Folders are broken down into WAPs that a Open, WEP, WPA, WPA2 and Unknown.(image)



DerbyCon 2014 Higher Education Panel for Hackers Irongeek’s Thoughts

Sat, 22 Nov 2014 13:06:16 -0500

Link: http://www.irongeek.com/i.php?page=security/derbycon-2014-higher-education-panel-for-hackers
Just my thoughts on the state of infosec education at universities.(image)



Hack3rcon 5 Videos

Mon, 17 Nov 2014 07:50:00 -0500

link: http://www.irongeek.com/i.php?page=videos/hack3rcon5/mainlist Here are the videos from Hack3rcon^5 Enjoy. Bash Scripting for Penetration TestersLee BairdIntro to PowerShell Scripting for Security ISLET: An Attempt to Improve Linux-based Software TrainingJon Schipp Remote Phys Pen: Spooky Action at a DistanceBrian Martin Introducing Network-Scout: Defending The Soft Center of Your Network Using the techniques of propaganda to instill a culture of securityJustin Rogosky Identify Your Web Attack Surface: RAWR!Tom Moore, Adam Byers Gone in 60 minutes _ Practical Approach to Hacking an Enterprise with YasuoSaurabh Harit, Stephen Hall Check Your Privilege(s): Futzing with File Shares for low hanging fruitAdrian Crenshaw DERP - Dangerous Electronic Redteam PracticesLuis Santana When Zombies take to the Airwaves I Am Nation State (And So Can You!)tothehilt, SynAckPwn[...]



GrrCON 2014 Videos

Sun, 19 Oct 2014 19:12:17 -0500

Link:http://www.irongeek.com/i.php?page=videos/grrcon2014/mainlist These are the videos of the presentations from GrrCON 2014. Big thanks to EggDropX and Jaime for having me out, and my video crew  (Chris, Steve, Ian, Justine, and other Chris) for recording. T-Rex Around the world in 80 Cons (A tale of perspectives) Jayson E Street Infosec in the 21st century Tim Crothers Securing our Ethics: Ethics and Privacy in a Target-Rich Environment Kevin Johnson Social Engineering Can Kill Me, But It Can’t Make Me Care Gavin ‘Jac0byterebel’ Ewan Finding Our Way – From Pwned to Strategy  David Kennedy (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks) Emulate SandBox and VMs to avoid malware infections Jordi Vazquez (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks) Security Hopscotch Chris Roberts (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks) Email DLP: Simple concept, often poorly implemented c0rrup7_R3x (Likely lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks) Look Observe Link (LOL) – How I learned to love OSINT NinjaSl0th (Half lost due to sound guy not muting music, plan to post to archive.org to see if anyone can clean the tracks) ZitMo NoM David “HealWHans” Schwartzberg Bigger Boys Made Us Mike Kemp Full Douchesclosure Duncan Manuts Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Odditie Arron ‘Finux’ Finnon   Velociraptor Beating the Infosec Learning Curve Without Burning Out Scott ‘secureholio’ Thomas Picking Blackberries Thomas 'G13' Richards Exercising with Threat Models J Wolfgang Goerlich Seeing Purple: Hybrid Security Teams for the Enterprise B31tf4c3 CryptoRush – Rising from the Ashes King Dragon Autonomous Remote Hacking Drones Dr. Phil Polstra Proof That Windows Computer Forensics is Sexy Kyle ‘Chaoticflaws’ Andrus BioHacking: Becoming the Best Me I Can Be Leonard Vulnerable By Design – The Backdoor That Came Through the Front Matthew ‘mandatory’ Bryant OAuth2.0 – It’s the Implementation Stupid!! Tony Miller Breach Stains Matt ‘The Streaker’ Johnson Are you a janitor, or a cleaner? John ‘geekspeed’ Stauffacher & Matthew ‘Mattrix’ Hoy PCI and Crypto: The Good, The Bad, and The Frankly Ugly Robert Former [...]



Louisville Infosec 2014 Videos

Fri, 3 Oct 2014 15:46:47 -0400

Link: http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2014/mainlistBelow are the videos from the Louisville Infosec 2014 conference. Thanks to @theglennbarrett, @f0zziehakz and @bridwellc for helping me record. Opening Ceremony All of Your Compliance Needs with One MethodolgyJim Czerwonka Lockade: Electronic Games for LocksportAdrian Crenshaw Mining Data from the Windows RegistryJason Hale Identity Theft: Who's in YOUR Wallet?Richard Starnes & Rick Nord Mobile Telephony for InfoSec PractitionersDaniel Helton A Crosswalk of the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP)John McLain Building an Enterprise DDoS Mitigation StrategyMitchell Greenfield Practical interception of mobile device trafficJeremy Druin Changing What Game- One Future for Information SecurityMichael Losavio Trash Talkin - IT Audit Guide to Dumpster DivingJohn Liestman Linking Users to Social Media Usage on Android Mobile DevicesRyan Ferreira Origin of CyberSecurity Laws - An Insider's StorySteve Riggs A Place at the TableKristen Sullivan What your Web Vulnerability Scanners Aren't Telling YouGreg Patton ISSA Awards Creating the Department of How: Security Awareness that makes your company like you.Ira Winkler Are You Really PCI DSS Compliant? Case Studies of PCI DSS Failure!Jeff Foresman Where does Data Security fit into the Data Quality strategy?Michael Vincent Closing Ceremony[...]



Derbycon 4 Videos

Wed, 1 Oct 2014 18:15:29 -0400

Link:http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist These are the videos of the presentations from Derbycon 2014. Big thanks to my video jockeys Skydog, Sabrina, Some Ninja Master, Glenn Barret, Dave Lauer, Jordan Meurer, Brandon Grindatti, Joey, Steven, Branden Miller, Joe, Greg and Night Carnage (and maybe the speakers too I guess).   Welcome to the Family – Intro Johnny Long (Keynote) – Hackers saving the world from the zombie apocalypse How to Give the Best Pen Test of Your Life (Keynote) – Ed Skoudis Adaptive Pentesting Part Two (Keynote) – Kevin Mitnick and Dave Kennedy If it fits – it sniffs: Adventures in WarShipping – Larry Pesce Abusing Active Directory in Post-Exploitation – Carlos Perez Quantifying the Adversary: Introducing GuerillaSearch and GuerillaPivot -Dave Marcus A Year in the (Backdoor) Factory – Joshua Pitts Ball and Chain (A New Paradigm in Stored Password Security) – Benjamin Donnelly and Tim Tomes Et tu – Kerberos? – Christopher Campbell Advanced Red Teaming: All Your Badges Are Belong To Us – Eric Smith Bypassing Internet Explorer's XSS Filter – Carlos Munoz  Threat Modeling for Realz – Bruce Potter A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services – Brent Huston Red Teaming: Back and Forth – 5ever – Fuzzynop How not to suck at pen testing – John Strand Mainframes – Mopeds and Mischief; A PenTesters Year in Review – Tyler Wrightson The Multibillion Dollar Industry That's Ignored – Jason Montgomery and Ryan Sevey Code Insecurity or Code in Security – Mano 'dash4rk' Paul C3CM: Defeating the Command – Control – and Communications of Digital Assailants – Russ McRee So You Want To Murder a Software Patent – Jason Scott Leonard Isham – Patching the Human Vulns Burp For All Languages – Tom Steele Passing the Torch: Old School Red Teaming – New School Tactics – David McGuire and Will Schroeder I Am The Cavalry: Year [0] – Space Rogue and Beau Woods University Education In Security Panel – Bill Gardner (@oncee) – Ray Davidson – Adrian Crenshaw – Sam Liles – Rob Jorgensen What happened to the 'A'? – How to leverage BCP/DR for your Info Sec Program – Moey Securing Your Assets from Espionage – Stacey Banks Subverting ML Detections for Fun and Profit – Ram Shankar Siva Kumar – John Walton Secrets of DNS – Ron Bowes Snort & OpenAppID: How to Build an Open Source Next Ge[...]



BSides Augusta 2014 Videos

Sat, 13 Sep 2014 22:39:31 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsidesaugusta2014/mainlistThese are the videos from the BSides Augusta conference. Thanks to Lawrence Abrams, and all of the BSides Crew for having me out to help record and render the videos and Pentestfail for manning a capture rig. IntroDefeating Cognitive Bias and Developing Analytic TechniqueChris SandersICS/SCADA DefenseChris SistrunkScaling Security Onion to the EnterpriseMike ReevesTechniques for Fast Windows InvestigationsTim CrothersUsing Microsoft’s Incident Response LanguageChris CampbellIs that hardware in your toolkit, or are you just glad you’re keeping up?Jeff MurriPentester++Chris TruncerThe Adobe Guide to Keyless DecryptionTim TomesApp Wrapping: What does that even meanDavid DeweyAdventures in Asymmetric WarfareWill SchroederWhen Zombies take to the AirwavesTim FowlerSpying on your employees using memoryJacob WilliamsCrazy Sexy HackingMark Baggett[...]



Passwordscon 2014 Videos

Thu, 21 Aug 2014 20:03:53 -0400

Link: http://www.irongeek.com/i.php?page=videos/passwordscon2014/mainlistThese are the videos from the Passwordscon 2014 conference. Thanks for having me out to help record and render the videos. Track 1 How we deciphered millions of users’ encrypted passwords without the decryption keys. - Josh Dustin (Canceled) Is Pavlovian Password Management The Answer? - Lance James DoCatsLikeLemon? – Advanced phrase attacks and analysis - Marco Preuß Tradeoff cryptanalysis of password hashing schemes - Dmitry Khovratovich, Alex Biryukov, Johann Großschädl Using cryptanalysis to speed-up password cracking - Christian Rechberger Password Security in the PCI DSS - Jarred White Defense with 2FA - Steve Thomas I have the #cat so I make the rules - Yiannis Chrysanthou Penetrate your OWA - Nate Power Surprise talk + advisory release - Dominique Bongard All your SAP P@$$w0ЯdZ belong to us - Dmitry Chastuhin, Alex Polyakov Target specific automated dictionary generation - Matt Marx Bitslice DES with LOP3.LUT - Steve Thomas Net hashes: a review of many network protocols - Robert Graham Energy-efficient bcrypt cracking - Katja Malvoni The problem with the real world - Michal Špaček Password Topology Histogram Wear-Leveling, a.k.a. PathWell - Rick Redman Beam Me Up Scotty! – Passwords in the Enterprise - Dimitri Fousekis Track 2 Welcome & Announcements - Jeremi Gosney, Per Thorsheim Opening Keynote - Julia Angwin Secure your email – Secure your password - Per Thorsheim Highlights of CMU’s Recent Work in Preventing Bad Passwords - Sean Segreti, Blase Ur Password Hashing Competition: the Candidates - Jean-Philippe Aumasson What Microsoft would like from the Password Hashing Competition - Marsh Ray, Greg Zaverucha How Forced Password Expiration Affects Password Choice - Bruce K. Marshall Security for the People: End-User Authentication Security on the Internet - Mark Stanislav Authentication in the Cloud – Building Service - Dan Cvrcek How EFF is Making STARTTLS Resistant to Active Attacks - Jacob Hoffman-Andrews, Yan Zhu Proof of work as an additional factor of authentication - Phillippe Paquet, Jason Nehrboss The future of mobile authentication is here - Sam Crowther Password hashing delegation: how to get clients work for you - Thomas Pornin Throw the User ID Down the Well - Daniel Reich Password Generators & Extended Character Set Passwords - Stephen Lombardo, William Gray Encryption and Authentication: Pass[...]



TakeDownCon Rocket City 2014 Videos

Wed, 20 Aug 2014 12:43:34 -0400

Link: http://www.irongeek.com/i.php?page=videos/takedowncon-rocketcity-2014/mainlist These are the videos from the TakeDownCon Rocket City 2014. Thanks to Devona Valdez and Paul Coggin for having me out to record. Hacking Industrial Control Systems - Ray Vaughn (Not Recorded) Dropping Docs on Darknets: How People Got Caught - Adrian Crenshaw How Networks are Getting Hacked: The Evolution of Network Security - Omar Santos Building on Device Vulnerabilities: Attack Modes for ICS - Bryan Singer Survival in an Evolving Threat Landscape - David Hobbs Practical Side Channel Attacks On Modern Browsers - Angelo Prado IPv6 Attack tools - Soctt Hogg Mobile Forensics and Its App Analysis - Dr. Charline Nixon Keynote – How Not to do Security - Kellman Meghu Baseball, Apple Pies, and Big Data Security Analytics: Shorten the Kill Chain Window - Aamir Lakani Hijacking Label Switched Networks in the Cloud - Paul Coggin Shepherd’s Pi – Herding Sheep with a Raspberry Pi - Timothy Mulligan Radio Hack Shack – Security Analysis of the Radio Transmission - Paula Januszkiewicz IT Security Myths - "How you are helping your enemy" - Joe Vest Splinter the RAT Attack: Creating Custom RATs to Exploit the Network - Solomon Sonja Policy Defined Segmentation with Metadata - Scott Kirby Cyber Attack Mitigation - Christopher Elisan[...]



Defcon Wireless Village 2014 (Defcon 22) Videos

Tue, 12 Aug 2014 20:22:08 -0400

Defcon Wireless Village 2014 (Defcon 22) VideosThese are the videos from the Defcon Wireless Village 2014 (Defcon 22). Thanks to the Village People for putting on the event, especially Maeltac for recording. Intro So ya wanna get into SDR? - Russell Handorf Pentoo Primer - Village People 802.11ac Evolution: Data rates and Beamforming - Eric Johnson Practical Foxhunting 101 - SimonJ Pwn Phone: gg next map - Timothy Mossey Hacking 802.11 Basics - Benjamin Smith UAV-Assisted Three-Dimensional Wireless Assessments - Scott Pack & Dale Rowe Manna from Heaven; Improving the state of wireless rogue AP attacks - Dominic White & Ian de Villiers ApiMote: a tool for speaking 802.15.4 dialects and frame injection - Ryan Speers & Sergey Bratus Pineapple Abductions - Craig Young Choosing your next antenna, types, power, sizes, the truth. - Raul J Plà Introduction to the Nordic nRF24L01+ - Larry Pesce Driver-less Wireless Devices - Dominic Spill & Dragorn Hacking the Wireless World with Software Defined Radio - 2.0 - Balint Seeber The NSA Playset: Bluetooth Smart Attack Tools - Mike Ryan PortaPack: Is that a HackRF in your pocket? - Jared Boone PHYs, MACs, and SDRs - Robert Ghilduta SDR Tricks with HackRF - Michael Ossmann SDR Unicorns Panel - Robert Ghilduta & Michael Ossmann & Balint Seeber Inside The Atheros WiFi Chipset - Adrian Chadd[...]



BSides Las Vegas 2014 Videos

Mon, 11 Aug 2014 12:40:10 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/mainlistThese are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. @bsideslv, @banasidhe, @jack_daniel, @SciaticNerd and all my video crew Breaking Ground Opening Keynote -- Beyond Good and Evil: Towards Effective Security - Adam Shostack USB write blocking with USBProxy - Dominic SpillAllow myself to encrypt...myself! - Evan DavisonWhat reaction to packet loss reveals about a VPN - Anna Shubina • Sergey BratusUntwisting the Mersenne Twister: How I killed the PRNG - molochAnatomy of memory scraping, credit card stealing POS malware - Amol SarwateCluck Cluck: On Intel's Broken Promises - Jacob TorreyA Better Way to Get Intelligent About Threats - Adam VincentBring your own Risky Apps - Michael Raggo • Kevin WatkinsInvasive Roots of Anti-Cheat Software - Alissa TorresVaccinating Android - Milan Gabor • Danijel GrahSecurity testing for Smart Metering Infrastructure - Steve Vandenberg • Robert HawkThe Savage Curtain - Tony Trummer • Tushar DalviWe Hacked the Gibson! Now what? - Philip YoungClosing Keynote It\'s A S3kr37  (Not recorded :( ) Proving Ground #edsec: Hacking for Education - Jessy IrwinSo, you want to be a pentester? - Heather Pilkington (Not Recorded)Securing Sensitive Data: A Strange Game - Jeff ElliotBrick in the Wall vs Hole in the Wall - Caroline D HardinCut the sh**: How to reign in your IDS. - Tony Robinson/da_667Geek Welfare -- Confessions of a Convention Swag Hoarder - Rachel KeslenskyNo InfoSec Staff? No Problem. - Anthony CzarnikCan I Code Against an API to Learn a Product? - Adrienne Merrick-TagoreBridging the Air Gap: Cross Domain Solutions - Patrick OrzechowskiBack Dooring the Digital Home - David ListeriOS URL Schemes: omg:// - Guillaume K. RossOops, That Wasn't Suppossed To Happen: Bypassing Internet Explorer's Cross Site Scripting Filter - Carlos MunozWhat I've Learned As A Con-Man - MasterChenTraining with Raspberry Pi - Nathaniel DavisBlack Magic and Secrets: How Certificates Influence You! - Robert LuceroAttacking Drupal  -Greg FossHackers vs Auditors - Dan AndersonThird-Party Service Provider Diligence: Why are we doing it all wrong? - Patrice ColesPwning the hapless or How to Make Your Security Program Not Suck - Casey Dunham •[...]



BSides Cleveland 2014 Videos

Sun, 20 Jul 2014 21:30:22 -0400

Link:http://www.irongeek.com/i.php?page=videos/bsidescleveland2014/mainlistThese are the videos from the Bsides Cleveland conference. Thanks to JDogHerman, jayw0k & securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. Keynote: Destroying Education and Awareness - David Kennedy Track 1 APT2 – Building a Resiliency Program to Protect Business - Edward McCabe Threat Models that Exercise your SIEM and Incident Response - J. Wolfgang Goerlich and Nick Jacob Fun with Dr. Brown - Spencer McIntyre Malware Evolution & Epidemiology - Adam Hogan Plunder, Pillage and Print – The art of leverage multifunction printers during penetration testing - Deral Heiland Seeing Purple: Hybrid Security Teams for the Enterprise - Mark Kikta (Not posted) Attacking and Defending Full Disk Encryption - Tom Kopchak Track 2 Phishing Like a Monarch With King Phisher - Brandon Geise and Spencer McIntyre The importance of threat intel in your information security program - Jamie Murdock Lockade: Locksport Electronic Games - Adrian Crenshaw Pentesting Layers 2 and 3 - Kevin Gennuso and Eric Mikulas Cleveland Locksport - Jeff Moss, Doug Hiwiller, and Damon Ramsey Hacking Diversity - Gregorie Thomas PowerShell: cool $h!t - Zach Wojton Thinking Outside the Bunker: Security as a practice, not a target - Steven Legg Password Defense: Controls your users won’t hate - Nathaniel Maier Am I an Imposter? - Warren Kopp[...]






Circle City Con 2014 Videos

Sun, 15 Jun 2014 22:33:15 -0400

Link http://www.irongeek.com/i.php?page=videos/circlecitycon2014/mainlisThese are the Circle City Con videos. Thanks to the staff for inviting me down to record. Big thanks to Oddjob, Glenn, James, Mike, Nathan, Chris and Branden for helping set up AV and record. Track1 Conference Opening Keynote - Beau Woods Containing Privileged Processes with SELinux and PaX and Attacking Hardened Systems - Parker Schmitt Whitelist is the New Black - Damian Profancik Developing a Open Source Threat Intelligence Program - Edward McCabe Blurred Lines- When Digital Attacks Get Physical - Phil Grimes Hackers, Attack Anatomy and Security Trends - Ted Harrington Exploring the Target Exfiltration Malware with Sandbox Tools - Adam Hogan Day 2 From Grunt to Operator – Tom Gorup Moving the Industry Forward – The Purple Team - David Kennedy Software Assurance Marketplace (SWAMP) - Von Welch OWASP Top 10 of 2013- It’s Still a Thing and We’re Still Not Getting It - Barry Schatz Tape Loops for Industrial Control Protocols - K. Reid Wightman OpenAppID- Open Source Next Gen Firewall with Snort - Adam Hogan Challenge of Natural Security Systems - Rockie Brockway InfoSec Big Joke – 3rd Party Assessments - Moey (Not recorded) How to create an attack path threat model - Wolfgang Goerlich Day 3 Are You a Janitor or a Cleaner - John Stauffacher / Matt Hoy Ain’t No Half-Steppin’ - Martin Bos Track 2 Competitive Hacking- why you should capture the flag - Steve Vittitoe 3 Is a Magic Number (or your Reality Check is About to Bounce) - Edward McCabe The TrueCrypt audit- How it happened and what we found - Kenneth White Seeing Purple- Hybrid Security Teams for the Enterprise - Mark Kikta (Beltface) Eyes on IZON- Surveilling IP Camera Security - Mark Stanislav Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT) - Benjamin Brown Day 2 Hackers Are People Too - Amanda Berlin gitDigger- Creating useful wordlists and hashes from GitHub repositories - Jaime Filson Retrocomputing And You – Machines that made the ‘net - Pete Friedman Doge Safes- Very Electronic, Much Fail, WOW! - Jeff Popio Human Trafficking in the Digital Age - Chris Jenks Keys That Go *Bump* In The Night - Loak How Hackers for Ch[...]



And We're Back

Fri, 6 Jun 2014 08:35:48 -0400

And We're Back! Looks my account is reinstated. Let me know if any videos seem to be deleted.             Hi there, After a review of your account, we have confirmed that your YouTube account is not in violation of our Terms of Service. As such, we have unsuspended your account. This means your account is once again active and operational. If you forgot your password, please visit this link to reset it: https://accounts.google.com/RecoverAccount?fpOnly=1&service=youtube&Email=irongeek%40gmail.com&hl=en Sincerely, The YouTube Team       Help center • Email options • Report spam     ©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066     [...]



Google & Youtube

Fri, 6 Jun 2014 02:09:56 -0400

Google & Youtube I woke up today to find a bunch of Facebook/Twitter messages that said my Youtube account was suspended. If you know someone at Google who can directly help me, let me know (their email support fails the Turing test). These are the messages I got from them. YouTube | Broadcast Yourself™ Regarding your account: Adrian Crenshaw The YouTube Community has flagged one or more of your videos as inappropriate. Once a video is flagged, it is reviewed by the YouTube Team against our Community Guidelines. Upon review, we have determined that the following video(s) contain content in violation of these guidelines, and have been disabled: "201 buy viagra matt smith" (http://youtu.be/uezXSvgRS5M) Your account has received one Community Guidelines warning strike, which will expire in six months. Additional violations may result in the temporary disabling of your ability to post content to YouTube and/or the permanent termination of your account. For more information on YouTube's Community Guidelines and how they are enforced, please visit the help center. Please note that deleting this video will not resolve the strike on your account. For more information about how to appeal a strike, please visit this page in the help center. Sincerely, The YouTube Team Copyright © 2014 YouTube, LLC and     We'd like to inform you that due to repeated or severe violations of our Community Guidelines (http://www.youtube.com/t/community_guidelines) your YouTube account Adrian Crenshaw has been suspended. After review we determined that activity in your account violated our Community Guidelines, which prohibit spam, scams or commercially deceptive content. Please be aware that you are prohibited from accessing, possessing or creating any other YouTube accounts. For more information about account terminations and how our Community Guidelines are enforced, please visit our Help Center at https://support.google.com/youtube/bin/answer.py?answer=92486&hl=en.       Help center • Email options • Report spam     ©2014 YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066       Come on Guys! is it just because of viagr[...]



BSides Nashville 2014 Videos

Mon, 19 May 2014 10:26:48 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsidesnashville2014/mainlistThese are the videos BSides Nashville 2014 Videos. Thanks to @lil_lost for inviting me down to record and being my bodyguard while in Nashville. Big thanks to Geoff Collins, Branden Miller, Blake Urmos, Don Baham, Gabe Bassett and Some Ninja Master for helping set up AV and record. Main HallWelcome to BSides NashvilleBSides, Harmonicas, and Communication Skills - Jack DanielClosing CeremoniesINFOSEC 101 TrackAttack Paths: Breaking Into Infosec From IT Or Other Totally Different Fields - Eve AdamsLearn From Your Mistakes - Adam Len ComptonBeating the Infosec Learning Curve Without Burning Out - Scott ThomasSun Tzu was a punk! Confucius was an InfoSec rockstar! - Branden MillerAround the world in 80 Cons - Jayson E Street Not Recorded INFOSEC 418 TrackMaking Mongo Cry: Automated NoSQL exploitation with NoSQLMap - Russell ButturiniBuy Viagra! - Matt SmithHow do I hack thee? Let me count the ways - Stewart FeyHealthcare Security, which protocal? - Adam JohnWhy you can't prove you're PWND, but you are! - Ben MillerINFOSEC 429 TrackBending and Twisting Networks - Paul CogginSucceeding with Enterprise Software Security Key Performance Indicators - Rafal LosScaling Security in the Enterprise: Making People a Stronger Link - Kevin RiggsClosing the time to protection gap with Cyber Resiliency - John Pirc Did not happen, replaced with:Applying analog thinking to digial networks Winn Schwartau (@winnschwartau)Seeing Purple: Hybrid Security Teams for the Enterprise - Mark Kikta[...]



Nmap Class for Hackers For Charity

Sun, 11 May 2014 07:12:09 -0400

Link: http://www.irongeek.com/i.php?page=videos/nmap-class-hfc-louisville-issa
This is the Nmap class the Kentuckiana ISSA put on to support Hackers For Charity. Speakers include Jeremy Druin @webpwnized, Martin Bos @purehate_ and me @irongeek_adc. If you like the videos, please consider donating to Hackers For Charity.(image)



ShowMeCon 2014 Videos

Wed, 7 May 2014 07:54:46 -0400

Link: http://www.irongeek.com/i.php?page=videos/showmecon2014/mainlistThese are the videos ShowMeCon 2014. Thanks to Renee & Dave Chronister (@bagomojo), Ben Miller (@Securithid) and others for having me out to record and speak. Also thanks to my video crew Josh Tepen, Robert Young, Kali Baker, Andrew Metzger & Brian Wahoff. Introduction - ParameterHacking Hollywood - Ralph EchemendiaGive Me Your Data - Dave ChronisterTerminal Cornucopia: Demystifying The Mullet - Evan BoothThinking Outside The (Sand)Box - Kyle AdamsProtecting The Seams: Military Doctrine Applied To Application And Network Security - Paul VencillStart With The BPT Then Worry About The APT! - Kevin CardwelIntroduction - Parameter (Rolled in with next talk)Cognitive Injection - Andy EllisInside The World’S Most Dangerous Search Engine - John MatherlyHacking To Get Caught: A Concept For Adversary Replication And Penetration Testing - Raphael MudgePower-Ups And Princesses: What Video Games Taught Me About Building A Security Awareness Program - Aamir LakhaniPowershell And You: Using Microsoft’S Post-Exploitation Language - Chris CampbellDropping Docs On Darknets: How People Got Caught - Adrian CrenshawAround The World In 80 Cons - Jayson E Street (not recorded)Threat Modeling In The C-Suite, A Practical Guide - Erick Rudiak (pending review)The Call Of Community: Modern Warfare - Ben0xa Physical (In)Security – It’S Not All About Cyber - Inbar RazBending And Twisting Networks - Paul CogginHere, Let Me Hold That For You. Consumer Metadata And Its Dangers - Robert Reed[...]



BSides Chicago 2014 Videos

Mon, 28 Apr 2014 20:01:32 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsideschicago2014/mainlistThese are the videos from the BSides Chicago conference. Thanks to all of the BSides organizers @elizmmartin and  @securitymoey for having me out to help record and render the videos. Also big thanks to the @BSidesChicago A/V crew Chris Hawkins@Lickitysplitted, Todd Haverkos @phoobar, Jason Kendall @coolacid and Asim. Aligning Threats and Allies through Stories - J Wolfgang Goerlich and Steven Fox - @jwgoerlich @securelexicon The Ultimate INFOSEC Interview: "Why must I be surrounded by frickin' idiots?" -- Dr. Evil, 1997 - Stephen Heath - @dilisnya Call of Community: Modern Warfare - Matt Johnson & Ben Ten - @mwjcomputing @Ben0xA How To Win Friends and Influence Hackers - Jimmy Vo - @JimmyVo Checklist Pentesting; Not checklist hacking - Trenton Ivey - @trentonivey Seeing Purple: Hybrid Security Teams for the Enterprise - Belt - @b31tf4c325 Looking for the Weird - Charles Herring - @charlesherring InfoSec Big Joke: 3rd Party Assessments - moey - @securitymoey Bypassing EMET 4.1 - Jared DeMott - @jareddemott Comparing Risks to Risks - Why Asset Management Is Broken and How to Fix It. - Michael Roytman - @mroytman Bioinformatics: Erasing the line between biology and hacking - Krystal Thomas-White and Patrick Thomas - @coffeetocode Building an AppSec Program from Scratch - Chris Pfoutz - @cpfoutz Minecraft Security - Riese Goerlich The SMB Security Gap - Mike Kavka - @SiliconShecky Everything I Ever Needed to Know About Infosec, I Learned from Hollywood - Tom Ervin - @TechByTom Sit, stay, proxy. Good beagle. Why I love the beaglebone black and why you should too. - Colin Vallance - @_CRV Hacking Diversity in InfoSec - Greg Thomas - @minossec[...]



Notacon 11 (2014) Videos

Sun, 13 Apr 2014 11:16:35 -0400

Link: http://www.irongeek.com/i.php?page=videos/notacon11/mainlistThese are the videos from the 11th Notacon conference held April 10th-13st, 2014. Not all of them are security related, but  I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: Securi-D, Ross, KP, Jeff and myself (Let me know who else to add). Track 1 Big Data Technology – The Real World ‘Minority Report’ - Brian Foster Naisho DeNusumu (Stealing Secretly) – Exfiltration Tool/Framework - Adam Crompton Wireless Mesh Protocols - Alex Kot MDM is gone, MAM is come. New Challenges on mobile security - Yury Chemerkin Moving the Industry Forward – The Purple Team - David Kennedy Pwning the POS! - Mick Douglas Nindroid: Pentesting Apps for your Android device - Michael Palumbo Building a private data storage cloud - Michael Meffie Lessons Learned Implementing SDLC – and How To Do It Better - Sarah Clarke Plunder, Pillage and Print - Deral Heiland & Peter Arzamendi Microsoft Vulnerability Research: How to be a finder as a vendor - Jeremy Brown & David Seidman SMalware Analysis 101 – N00b to Ninja in 60 Minutes - grecs Omega – A Universe Over IP - Mo Morsi IRS, Identity Theft, and You (or Someone Pretending to Be You). - 123-45-6789Track 2 All About the Notacon Badge -Sam Harmon Collaboration between Artificial Intelligence and Humans: How to cure every disease within 50 years - Joe O’Donnell Science “Fair” - The Nomad Clan Hacking Your Way Into the APRS Network on the Cheap - Mark Lenigan Dominate! (Or let your computer do it for you.) - Paul Jarc Wearable Technology as Art for Countersurveillance, Cinemaveillance, and Sousveillance - Ross Bochnek 3D Printing for Work and Fun (temp title) - Mirabela Rusu Comparing “Go Green” With “Common Sense” - Suellen Walker Living in the Future: It seems to be in Beta - Jeff Goeke-Smith A Brief Introduction to Game Theory - Charlotte DeKoning - Beyond Using The Buddy System - Holly Moyseenko & Kris Perch[...]



Lockade: Locksport Electronic Games

Thu, 27 Mar 2014 01:24:13 -0400

Lockade: Locksport Electronic Games
This page is mostly going to be a place holder till I get all the games up. Gamification can make learning more fun, and some people are inspired and motivated by competition. This talk will be on integrating hobbyist electronics with lock picking games. We will show rough schematics, release code, and invite people to play the games at cons.(image)



ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python) Updated

Tue, 11 Mar 2014 00:04:35 -0400

Link: http://www.irongeek.com/i.php?page=security/asareaper-grab-configs-from-multiple-cisco-devices-over-ssh
Mostly updated for longer timeouts and to use "more system:run" so you can save passwords in the configs too. You should now just have to edit the commandonall and prefixonall to set the script up to run a given command on a series of Cisco ASAs in every context.(image)



So does IU Southeast and Indiana University take Linda Christiansen's plagiarism seriously?

Tue, 11 Mar 2014 00:03:19 -0400

Link: http://www.irongeek.com/i.php?page=security/critically-plagiarizing-ideas-on-spotting-plagiarism#So_does_IU_Southeast_and_Indiana_University_take_Linda_Christiansen_plagiarism_seriously
The answer is apparently no. I've includes my emails with IU officials on the matter. Apparently, plagiarism is ok at IU/Indiana University Southeast if you are tenured faculty and it's only a business law and ethics syllabus.(image)



BSides Huntsville 2014 Videos

Mon, 10 Feb 2014 13:57:22 -0400

Link: http://www.irongeek.com/i.php?page=videos/bsides-huntsville-2014/mainlistThese are the videos from the BSides Huntsville conference. Thanks to @PaulCoggin, @CharlineNixon and all of the BSides Crew for having me out to help record and render the videos. Sorry for the bad sound, we had to go ambient in a crowded room.BSides Huntsville 2014 - IntroBuilding The Future of P-12 Cyber Education - Dr. Casey WardynskiCyber Security Program At HAH - Dr. Ray Vaughn1337 in the Library: Obtaining your information security education on the cheap - Adrian Crenshaw @irongeek_adcZero to Hero: Breaking into the security Field - Jeremy ConwayCertifications in Cybersecurity - Adam Wade LewisTrojans – The Forgotten Enemy - Dave ChronisterThe Amazing Cybermen - Ben McGeeWhy you are pwn’d and don’t know it! - Ben MillerCyber Security, What's The Fuss? - Deborah WilliamHTTPS: Now You See Me - Tim MullicanIntroduction to hacking with PowerShell - Scott BusbyAll You Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches - Valerie Thomas - @hacktress09Digital Energy BPT - Paul Coggin[...]



Intro to Darknets: Tor and I2P Workshop

Sat, 1 Feb 2014 09:06:25 -0500

Link: http://www.irongeek.com/i.php?page=videos/intro-to-tor-i2p-darknets
This class introduces students to the I2P and Tor Darknets. We cover setting up Tor & I2P, the basics of use, and how to make hidden services. We also go over case examples like Eldo Kim Harvard & the Harvard Bomb Threat, Hector Xavier Monsegur (Sabu)/Jeremy Hammond (sup_g) & LulzSec, Freedom Hosting & Eric Eoin Marques and finally Ross William Ulbricht/“Dread Pirate Roberts” of the SilkRoad, to explain how people have been caught and how it could have been avoided.(image)



10 Years Of Irongeek.com

Thu, 30 Jan 2014 17:01:27 -0500

10 Years Of Irongeek.com
Today marks the 10th anniversary of Irongeek.com's existence. Also, the Intro to I2P/Tor Workshop Notes have been updated.(image)



ShmooCon Firetalks 2014

Tue, 21 Jan 2014 17:16:10 -0500

Link: http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2014 These are the videos for the ShmooCon Firetalks 2014. Day 2 I overslept, but Squidly1 got me copies from Ted's recordings ( http://www.MediaArchives.tv ). Thanks to: http://novahackers.blogspot.com http://www.irongeek.com Day 1 Welcome grecs Eyes on IZON: Surveilling IP Camera Security - Mark “@markstanislav” Stanislav Get Out of Jail Free Cards? What Aviation Can Teach Us About Information Sharing - Bob “@strat” Stratton Crossing the Streams with State Machines in IDS Signature Languages - Michael “@michaelrash” Rash Another Log to Analyze – Utilizing DNS to Discover Malware in Your Network - Nathan “@HackHunger” Magniez Windows Attacks: AT is the New Black - Rob “@mubix” Fuller Weaponizing Your Pets: War Kitteh and the Denial of Service Dog - Gene “@gbransfield” Bransfield Women's Tech Collective, and Gender Equality in Tech - Sarah “@dystonica” Clarke Day 2 Welcome grecs You Name It, We Analyze It - Jim “@JimGilsinn” Gilsinn Having Your Cake and Eating It Too: FOIA, Surveillance, and Privacy - Michael “@theprez98? Schearer Building An Information Security Awareness Program From Scratch - Bill “@oncee” Gardner TrendCoins: Making Money on the Bitcoin/Altcoin Trends - Zac “@ph3n0? Hinkel Writing Your Own Disassembler in 15 Minutes - Jay “@computerality” Little[...]



Installing Nessus on Kali Linux and Doing a Credentialed Scan

Fri, 17 Jan 2014 18:44:42 -0500

Link: http://www.irongeek.com/i.php?page=videos/installing-nessus-on-kali-linux-and-doing-a-credentialed-scan
I recorded this video twice. First time, the sound was hideous when the fan came on. I decided to re-record it and post both versions. I cover installing Nessus on Kali Linux and doing Nessus credentialed scans using Windows passwords and Linux SSH keys.(image)






SkyDogCon 2013 Videos

Thu, 26 Dec 2013 15:59:59 -0500

Link: http://www.irongeek.com/i.php?page=videos/skydogcon3/mainlistHere are the videos from SkyDogCon 3. Thanks to all of the SkyDogCon crew, especially @pentestfail who was in charge of video (I just spoke at this con, and killed my brain and liver cells). @pentestfail may still be working on some of the missing videos, so I plan to update this page later Opening Remarks & Hack the Badge Curtis Koenig: Hacking Your Career Nathan Magniez: Alice in Exploit Redirection Land: A Trip Down the Rabbit Hole Explanation of Contests Security Phreak & SkyDog: The Dark Arts of OSINT G. Mark Hardy: How the West was Pwned Winn Schwartau: I Survived Rock and Roll! Jon Callas: Do You Want to Know a Secret? Billy Hoffman: Start Ups and Lessons Learned Panel Talk: Building and Growing a Hacker Space With: l0stkn0wledge, Dave Marcus, and SkyDog IronGeek & SkyDog: Con Video Rig Enhancements Evan Booth: Terminal Cornucopia Deviant Ollam: Android Phones Can Do That?!?: Custom Tweaking for Power Security Users Branson Matheson: Hacking Your Minds & Emotions Billy Hoffman: Inside the Hacker’s Studio Interviews Dave Marcus: Director and Chief Architect of Threat Research and Intelligence for McAfee®'s Federal Advanced Programs Group Josh Schroeder: CCTV: Setup Attack Vectors and Laws Travis Goodspeed: Building an Actively Antiforensic iPod Branden Miller: NSA Wiretaps Are Legal and Other Annoying Facts Branden Miller: DEFENSE-IN-DEPTH: FISTS, KNIFE, GUN Vivek Shandilya: Lightning Talks Charline Nixon: Lightning Talks Chris Anderson: Operational Security and Your Mental Health Michael Raggo: Data Hiding and Steganography Closing Remarks / Good-Byes[...]



Intro to I2P/Tor Workshop Notes Updated

Thu, 26 Dec 2013 15:45:56 -0500

Link:http://www.irongeek.com/i.php?page=security/i2p-tor-workshop-notes
I'm working on updating my I2P/Tor Workshop Notes for a class I'll be doing soon. Please look at them and offer suggestions on extra topics I should cover.(image)



IU Southeast School of Business to offer an MIS (Management Information Systems) Masters degree? Yes, same people behind the IUS MBA.

Thu, 26 Dec 2013 15:30:32 -0500

Link: http://www.irongeek.com/i.php?page=reviews/ius-mba-program 
I recently heard that IU Southeast is planning to offer an MIS (Management Information Systems) Masters degree. While I think their Computer Science and Informatics Schools seem good, since the degree would be co-ran by the School of Business I would not recommend it to anyone in the Louisville area under its current leadership. Anyplace where an IU Southeast Business Law & Ethics instructor appears to plagiarize on her own syllabus that warns that students will be instantly failed for plagiarism, and asking simple questions about laws as it relates to technology is considered "excessive us of jargon", is not a good place for IT people (and especially security people concerned with integrity) to be. While the School of Business at IUS has its current leadership, I strongly recommend that you steer clear if you really want to learn. Just figured I'd help others not go through the same things I did there.(image)



Intro to Metasploit Class at IU Southeast

Sat, 14 Dec 2013 08:17:37 -0500

Link: http://www.irongeek.com/i.php?page=videos/intro-to-metasploit-class-at-iu-southeast
This is a class we did to introduce students to Metasploit at IU Southeast. Special guest lecturer Jeremy Druin (@webpwnize). To follow along, I recommend downloading Kali Linux.(image)



Critically Plagiarizing?: Ideas On Spotting Plagiarism

Mon, 2 Dec 2013 21:05:38 -0500

Link:http://www.irongeek.com/i.php?page=security/critically-plagiarizing-ideas-on-spotting-plagiarism
Just a few tips for how to find plagiarism online, thanks to my old IU Southeast Business Law & Ethics teacher Linda Christiansen for giving me the example material.(image)



BSides Delaware 2013 Videos

Mon, 11 Nov 2013 00:16:58 -0500

Link: http://www.irongeek.com/i.php?page=videos/bsidesde2013/mainlistThese are the videos from the BSides Delaware conference. Thanks to all of the BSides Crew for having me out to help record and render the videos. @bsidesde, @kickfroggy, @quadling 110 Years of Vulnerabilities Brian Martin, aka JerichoHTML 5 Security Justin Klein Keane @madirish2600 Cloud - Business and Academia - Bringing it all together Cloud Security Alliance - Delaware Valley Board Uncloaking IP Addresses on IRC Derek Callaway @decalresponds Baking, even more, Clam(AV)s for Fun & Profit. Nathan Gibbs @Christ_Media Introducing Intelligence Into Your Malware Analysis Brian Baskin ANOTHER Log to Analyze - Utilizing DNS to detect Malware in Your Network Nathan Magniez @HackHunger Software Security: Game Day. Evan Oslick @eoslick Winning isn't Everything: How Trolling can be as much Fun Joey @l0stkn0wledge Antipwny: A Windows Based IDS/IPS for Metasploit Rohan Vazarkar & David Bitner Playing the Forensics Game: Forensic Analysis of Gaming Applications For Fun and Profit Peter Clemenko III Project.Phree: Phucking the NSA BTS (square-r00t) Hacking Benjamins (Intro to Bitcoin) Bob Weiss @pwcrack Pentoo Zero_ChaosWireless Penetration Testing For Realz Mellendick How to Become an Unwitting Accomplice in a Phishing Attack Mark Hufe @hufemj LinkedAllUpIn Your Email utkonos Growing Up In The Information Security Community @Forgottensec[...]






Circle City Con (http://circlecitycon.com) Hacker/Security Conference happening on June 13-15, 2014, Hyatt Regency, Indianapolis Indiana

Wed, 30 Oct 2013 19:50:30 -0400

http://circlecitycon.com
Looks like I have another almost local con to go to, Circle City Con in Indy! I'll be doing video baring unforeseen circumstances, and may toss something into their CFP (please consider sending something in). More info at http://circlecitycon.com or Twitter stalk them at @CircleCityCon.(image)






Hack3rcon^4 Videos

Sun, 20 Oct 2013 09:53:50 -0400

Link: http://www.irongeek.com/i.php?page=videos/hack3rcon4/mainlistAs I post them, they will be at the link above. So far we have: Advanced Evasion Techniques - Pwning the Next Generation Security Products - David Kennedy Imaging a Skyscraper - Brian Martin Character Assassination: Fun and Games with Unicode - Adrian Crenshaw MS08-067 Under the Hood - John Degruyter NSA Wiretaps are Legal and Other Annoying Facts - Branden Miller Red Teaming Your Bug-Out Bag - Tom Moore Making it Rain and Breaching the Levees - K.C. Yerrid[...]



Louisville InfoSec 2013 Videos Mostly Up

Mon, 7 Oct 2013 07:33:35 -0400

Link: http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2013/mainlist These are the videos from Louisville Infosec 2013 conference. There are not all up yet, but this is my place holder. Mobile Security and the Changing Workforce - Matthew Witten Burn it Down! Rebuilding an Information Security Program - Dave Kennedy (Pending review) Weaponized Security - Kellman Meghu Information Security in University Campus and Open Environments - Adrian Crenshaw Past Due: Practical Web Service Vulnerability Assessment for Pen-Testers, Developers, and QA - Jeremy Druin (Pending finished upload) STRC: The Security Training and Research Cloud - Jimmy Murphy Assessing Mobile Applications with the MobiSec Live Environment - Nathan Sweeney Attacking iOS Applications - Karl Fosaaen Can cloud and security be used in the same sentence? - Joshua Bartley Breaking SCADA Communications - Mehdi Sabraoui FBI – InfraGard - Current Cyber Trends How Do I Get There from Here? Security-to-Privacy Career Migration - Michael Carr Assessing the Risk of Unmanaged Devices (BYOD) - Pete Lindstrom Acquisitions…your latest zero day - Mitch Greenfield/Scott MacArthur NIST and your risky application - Conrad Reynolds Convergence: Configurations, Vulnerabilities and Unexpected Changes - Brian Cusack What Healthcare Can Learn from the Banking Industry - Jim Czerwonka Eliminating Data Security Threats And BYOS - David Braun Awards [...]



Derbycon 3.0 Videos Tracks 3, 4, 5 & Stable Talks Posted

Fri, 4 Oct 2013 17:35:28 -0400

Link: http://www.irongeek.com/i.php?page=videos/derbycon3/mainlist Track 3 (Teach Me) It's Only a Game: Learning Security through Gaming – Bruce PotterOoops – Now What? :: The Stolen Data Impact Model (SDIM) – Brent HustonAnti-Forensics: Memory or something – I forget. – int0x80The Mysterious Mister Hokum – Jason ScottAppsec Tl;dr – Gillis JonesDIY Command & Control For Fun And *No* Profit – David SchwartzbergIPv6 is here (kind of) – what can I do with it? – Dan WilkinsDancing With Dalvik – Thomas RichardsBig Hugs for Big Data – Davi OttenheimerAntivirus Evasion: Lessons Learned – thelightcosineJared DeMott – Is Auditing C/C++ Different Nowadays?Getting Schooled: Security with no budget in a hostile environment – Jim KennedyBrowser Pivoting (FU2FA) – Raphael MudgeTaking the BDSM out of PCI-DSS Through Open-Source Solutions – Zack Fasel & Erin “SecBarbie” JacobsJohn Strand – Hacking Back – Active Defense and Internet Tough GuysAn Encyclpwnia of Persistence – Skip Duckwall & Will PeteroyYour Turn! – Johnny Long – HFCPractical File Format Fuzzing – Jared AllarSurviving the Dead – Christopher ‘EggDropX’ PayneHow can I do that? Intro to hardware hacking with an RFID badge reader – Kevin BongA SysCall to ARMs – Brendan WattersThe Netsniff-NG Toolkit – Jon SchippWhy Dumpster Dive when I can pwn right in? – Terry Gold Track 4 (The 3-Way)      Pigs Don’t Fly – Why owning a typical network is so easy – and how to[...]



Derbycon 3.0 Videos Tracks 1 & 2

Mon, 30 Sep 2013 18:17:30 -0400

Derbycon 3.0 Videos Tracks 1 & 2I think I have all of tracks 1 and 2 posted:, more to come Scanning Darkly - HD Moore (keynote) Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World - Ed Skoudis (keynote) Look Ma - No Exploits! - The Recon-ng Framework - Tim “LaNMaSteR53? Tomes Practical Exploitation Using A Malicious Service Set Identifier (SSID) - Deral Heiland JTAGulator: Assisted discovery of on-chip debug interfaces - Joe Grand Seeing red in your future? - Ian Iamit TMI: How to attack SharePoint servers and tools to make it easier - Kevin Johnson and James Jardine The High Risk of Low Risk Applications - conrad reynolds It’s Okay to Touch Yourself - Ben Ten (Ben0xA) Collaborative Penetration Testing With Lair - Tom Steele and Dan Kottmann Malware Automation - Christopher Elisan What’s common in Oracle and Samsung? They tried to think differently about crypto. - L·szlÛ TÛth - Ferenc Spala Burning the Enterprise with BYOD - Georgia Weidman Getting the goods with smbexec - Eric Milam(brav0hax) and Martin Bos (purehate) Shattering the Glass: Crafting Post Exploitation Tools with PowerShell - Matt Johnson Cheat Codez: Level UP Your SE Game - Eric Smith My Experiments with truth: a different route to bug-hunting - Devesh Bhatt The Art and Science of Hacking Any Organization - Tyler Wrightson Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation - Christopher Campbell & Matthew Graeber Cracking Co[...]






Unicode Security Notes Page

Wed, 18 Sep 2013 15:03:40 -0400

Link: http://www.irongeek.com/i.php?page=security/unicode-notes
This page has notes for my HackerHalted and Hack3rCon talk.(image)



Unicode Text Steganography Encoders/Decoders

Sat, 24 Aug 2013 16:35:56 -0400

Link: http://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder
The idea of this page is to demo different ways of using Unicode in steganography, mostly I'm using it for Twitter. :) I have some notes on the bottom about how these Unicode characters show up or get filtered by some apps. Most of the algorithms should work ok on Twitter, Facebook however seems to strip out more characters. There seems to be no perfect character set.(image)



Every Unicode Character For Fuzzing and Research

Fri, 9 Aug 2013 14:29:02 -0400

Link: http://www.irongeek.com/i.php?page=security/every-unicode-character-blob
I will be doing a talk on Unicode and security at Hacker Halted, as prep work I've generated some files with ever Unicode character. I'd be interested in knowing if any of them crash apps on you. Open with care.

Every Unicode Character Blob Page or TXT file
Every Unicode Character 80 Column Page or TXT file
Every Unicode Character With Hex Page or TXT file