This time of the year is always the most difficult time for us. We have to make decisions on a very finite amount of spots for speakers with an overwhelming amount of submissions. There were so many amazing talks that it was the hardest year for us to go through and make hard decisions. The DerbyCon team wants to thank every single person that submitted a talk and we truly hope you continue to submit so we can have you talk another year.
Congratulations to those that were selected and we can’t wait to see the amazing lineup we have this year.
We are also proud to announce our two opening keynotes
Matthew Graeber and John Strand. We know that these two folks will knock it out of the park, and we will have some more exciting announcements soon!
This year is shaping to be the best year yet, thank you to EVERYONE that submitted a talk and making DerbyCon an amazing experience for everyone.
Speaker Talks selected:
FM, and Bluetooth, and Wifi… Oh My!
VMware Escapology: How to Houdini The Hypervisor
How we accidentally created our own RAT/C2/BotNet
Eye on the Prize – a Proposal for the Legalization of Hacking Back
Building Better Backdoors with WMI
Beyond xp_cmdshell: Owning the Empire through SQL Server
Peekaboo! I Own You. Owning Hundreds of Thousands Vulnerable Devices with only two HTTP packets
Bots, Trolls, and Warriors: The Modern Adversary Playbook
Exploiting the Security Log: Bypassing Windows Auditing with PowerShell
Hacking Serverless Runtimes
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Building Google for Criminal Enterprises
V!4GR4: Cyber-Crime, Enlarged
Detect Me If You Can
The Approaching Age of Autonomous Computing
JReFrameworker: One Year Later
The skills gap: how can we fix it?
Common Assessment Mistakes Pen Testers and Clients Should Avoid
Memory-Based Library Loading: Someone Did That Already.
Shellcode Via VBScript/JScript Implications
Blue Team Keeping Tempo with Offense
So you wanna be a Social Engineer?
POP POP RETN ; An Introduction to Writing Win32 Shellcode
Steel Sharpens Steel: Using Red Teams to improve Blue Teams
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@(‘Tech’,’niques’) -Join”)
Retail Store/POS Penetration Testing
Improv Comedy as a Social Engineering Tool
3rd Annual Metasploit Townhall
IoT Security – Executing an Effective Security Testing Process
ar Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
Fileless Malware – The New “Cyber”
Introducing DeepBlueCLI v2, now available in PowerShell and Python
How to safely conduct shenanigans
DanderSpritz: How the Equation Group’s 2013 tools pwn in 2017
Active Defense for web apps
A New Take at Payload Generation: Empty-Nest
The Operation of .NET Inter-Operability
Purpose Driven Hunt: What do I do with all this data?
Introducing Bruiser: A Small and Sneaky Backdoor for Windows
A presentation or presentations because… presenting
Modern Evasion Techniques
Purple team FAIL!
Personalities disorders in the infosec community
Web Application testing – approach and cheating to win
What A Long Strange Trip It’s Been
Return From The Underworld – The Future Of Red Team Kerberos
Hunting for Memory-Resident Malware
Game On! Using Red Team to Rapidly Evolve Your Defenses
MEATPISTOL, A Modular Malware Implant Framework
Jumping the Fence: Comparison and Improvements for Existing Jump Oriented Programming Tools
Aiding Static Analysis: Discovering Vulnerabilities in Binary Targets through Knowledge Graph Inferences
Securing Your Network: How to Prevent Ransomware Infection
The Trap House: Making your house as paranoid as you are.
“Going Deep and Empowering Users” – PCAP Utilities and Combating Phishing in a new way
Securing Windows with Group Policy
Anatomy of a Medical Device Hack- Doctors vs. Hackers in a Clinical Simulation Cage Match
Building a full size CNC for under $500
Run your security program like a boss / practical governance advice
C2 Channels – Creative Evasion
Reaching Across the Isle: Improving Security Through Partnership
Kinetic to Digital: Terrorism in the Digital Age
An ACE in the Hole: Stealthy Host Persistence via Security Descriptors
Defending against PowerShell Attacks
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Love is in the Air – DFIR and IDS for WiFi Networks
Out With the Old, In With the GNU
IDAPython: The Wonder Woman of Embedded Device Reversing
Building the DeathStar: getting Domain Admin with a push of a button (a.k.a. how I almost automated myself out of a job)
MitM Digital Subscriber Lines
When IoT Research Matters
Atombombing and Other Obfuscation – Your EDR may be broken
Tracing Adversaries: Detecting Attacks with ETW
Not a Security Boundary: Bypassing User Account Control
Regular Expressions (Regex) Overview
Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
SniffAir – An Open-Source Framework for Wireless Security Assessments
I Survived Ransomware . . . TWICE
Data Mining Wireless Survey Data with ELK
Lateral Movement for the Blue Team
Drone Delivered Attack Platform (DDAP)
Mobile APTs: A look at nation-state attacks and techniques for gathering intelligence from military and civilian devices
MacOS host monitoring – the open source way
Become the Puppet Master – the battle of cognition between man and machine
I want my EIP
Scrumy Security: Getting stuff done
Windows Event Logs — Zero 2 Hero
Statistics on 100 million secrets: A look at the LinkedIn Dump
Hacking VDI, Recon and Attack Methods
Everything I Need To Know About Security I Learned From Watching Kung Fu Movies
Would You Like To Play A Game: A Post Exploitation Journey in to z/OS
Gone In 59 Seconds – High Speed Backdoor Injection via Bootable USB
Windows Rootkit Development: Python prototyping to kernel level C2
Smart toys ain’t that Smart, when Insecure!
Advanced Threat Hunting
CHIRON – Home based ML IDS
PSAmsi – An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
Architecture at Scale – Save time. Reduce spend. Increase security.
How to Hunt for Lateral Movement on Your Network
Introducing SpyDir – a BurpSuite Extension
Phishing for You and Your Grandma!
(Mostly) Free Defenses Against the Phishing Kill Chain
The Current State of Security, an Improv-spection
Python Static Analysis
Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.
Burping for Joy and Financial Gain
Winning (and Quitting) the Privacy Game: What it REALLY takes to have True Privacy in the 21st Century; or How I learned to give in and embrace EXIF tags
Reverse Engineering Hardware via the HRES
Diary of a Security Noob
We’re going on a Threat Hunt, Gonna find a bad-guy.
Spy vs. Spy – Tip from the trenches for red and blue teams
To Catch a Spy
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
How to Measure Your Security: Holding Security Vendors Accountable
Hidden Treasure: Detecting Intrusions with ETW
changeme: A better tool for hunting default creds
Rapid Incident Response with PowerShell