DerbyCon 8.0 - Evolution - Friday, October 5
08:30
Opening Ceremonies
09:00
Delpy
How to influence security technology in kiwi underpants
10:00
Carhart, Kennedy, Skoudis, Strand
Panel Discussion - At a Glance: Information Security
12:00
Hadnagy, Murdock
IRS, HR, Microsoft and your Grandma: What they all have in common
Pitts
I Can Be Apple, and So Can You
Legowski
Invoke-EmpireHound - Merging BloodHound & Empire for Enhanced Red Team Workflow
Schwartau
The History of the Future of Cyber-Education
Sayen
Red Teaming gaps and musings
12:30
Atkinson, Winchester
A Process is No One: Hunting for Token Manipulation
13:00
Moe
#LOLBins - Nothing to LOL about!
Metcalf
From Workstation to Domain Admin: Why Secure Administration Isn't Secure and How to Fix It
Cyrus
When Macs Come Under ATT&CK
Chauhan
State of Win32k Security: Revisiting Insecure design
Liu
Fuzz your smartphone from 4G base station side
13:30
Zaballos
Clippy for the Dark Web: Looks Like You’re Trying to Buy Some Dank Kush, Can I Help You With That?
14:00
Asadoorian
Everything Else I Learned About Security I Learned From Hip-Hop
zerosum0x0
MS17-010?
Delewski, Harit
Abusing IoT Medical Devices For Your Precious Health Records
Weber
Offensive Browser Extension Development
Rozner
Synfuzz: Building a Grammar Based Re-targetable Test Generation Framework
14:30
Evilmog
Escoteric Hashcat Attacks
15:00
Berlin
Hackers, Hugs, & Drugs: Mental Health in Infosec
Christensen, Nelson, Schroeder
The Unintended Risks of Trusting Active Directory
Gough
Detecting WMI exploitation
Loobeek
Protect Your Payloads: Modern Keying Techniques
Simo
NOOb OSINT in 30 Minutes or less!
15:30
Lagos
RFID Luggage Tags, IATA vs Real Life
16:00
Banks, Thyer
Android App Penetration Testing 101
Campbell
Lessons Learned by the WordPress Security Team
Toussain
Gryffindor | Pure JavaScript, Covert Exploitation
Snoke, Snoke
Jump Into IOT Hacking with the Damn Vulnerable Habit Helper Device
Alexander
#LOL They Placed Their DMZ in the Cloud: Easy Pwnage or Disruptive Protection
16:30
Roberts, Roberts
Maintaining post-exploitation opsec in a world with EDR
17:00
Biswas
Draw a Bigger Circle: InfoSec Evolves
Salvati
IronPython... omfg
Douglas, Johnson
Instant Response: Making IR faster than you thought possible!
Lundgren
In-Memory Persistence: Terminate & Stay Resident Redux
Bradley, CRob
Hey! I found a vulnerability – now what?
17:30
Snezhkov
Foxtrot C2: A Journey of Payload Delivery
18:00
Brown
Ridesharks
DerbyCon 8.0 - Evolution - Saturday, October 6
09:00
Shaver
Building an Empire with (Iron)Python
Heiland
Hardware Slashing, Smashing, and Reconstructing for Root access
Ogden, Roberts, Sayre
VBA Stomping - Advanced Malware Techniques
Perez, Quinones
Disaster Strikes: A Hacker's Cook book
Young
Tales From the Bug Mine - Highlights from the Android VRP
09:30
Shawgo
Decision Analysis Applications in Threat Analysis Frameworks
10:00
Towers
SAEDY: Subversion and Espionage Directed Against You
Moe
App-o-Lockalypse now!
Gallagher, Ragan, Wagenseil
Media hacks: an Infosec guide to dealing with journalists
Infojanitor
Ninja Looting Like a Pirate
Nichols
How Russian Cyber Propaganda Really Works
10:30
Zaballos
Make Me Your Dark Web Personal Shopper!
12:00
Chuddy, Serper, Yona
OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
Saunders
Web App 101: Getting the lay of the land
Gennuso
Deploying Deceptive Systems: Luring Attackers from the Shadows
Coursey
Hacking Mobile Applications with Frida
Maresca
Driving Away Social Anxiety
12:30
Herman
Off-grid coms and power
13:00
Miller
How to test Network Investigative Techniques(NITs) used by the FBI
Bohannon
Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Evans
The Money-Laundering Cannon: Real cash; Real Criminals; and Real Layoffs
Lang, McIntosh
Victor or Victim? Strategies for Avoiding an InfoSec Cold War
Flores
CTFs: Leveling Up Through Competition
13:30
Madrigal
Mapping wifi networks and triggering on interesting traffic patterns
14:00
Cooper, Marie
Cloud Computing Therapy Session
Krypt3ia, Sistrunk, SynAckPwn
WE ARE THE ARTILLERY: Using Google Fu To Take Down The Grids
Coldwater
Perfect Storm: Taking the Helm of Kubernetes
Gorenflo
Ubiquitous Shells
Elgee
Extending Burp to Find Struts and XXE Vulnerabilities
14:30
DazzleCatDuo
Introduction to x86 Assembly
15:00
Gray
Silent Compromise: Social Engineering Fortune 500 Businesses
Boyd
Just Let Yourself In
Fry, Gardner, Hayes, Karnes, Moore, Perry, Rogosky, Truax
How to put on a Con for Fun and (Non) Profit
Askew
99 Reasons Your Perimeter Is Leaking - Evolution of C&C
Gietzen
Pacu: Attack and Post-Exploitation in AWS
15:30
Aoyama
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
16:00
Parker
Dexter: the friendly forensics expert on the Coinbase security team
Garrison
A “Crash” Course in Exploiting Buffer Overflows (Live Demos!)
Clements, McMurry, Neely
Web app testing classroom in a box - the good, the bad and the ugly
Olson, Satira
Ship Hacking: a Primer for Today’s Pirate
Brew
Brutal Blogging - Go for the Jugular
16:30
Castro
RID Hijacking: Maintaining Access on Windows Machines
17:00
Edge
Going on a Printer Safari – Hunting Zebra Printers
Mannino
Living in a Secure Container, Down by the River
Cammack, Cook, Pierce, Soto
Metasploit Town Hall 0x4
Hawkins
Code Execution with JDK Scripting Tools & Nashorn Javascript Engine
O'Grady
Your Training Data is Bad and You Should Feel Bad
17:30
Bong, Vieau
So many pentesting tools from a $4 Arduino
18:00
Jones, Renner, Seymour, Smith, Wu
Community Based Career Development or How to Get More than a T-Shirt When Participating as part of the Community
Milhouse
PHONOPTICON - leveraging low-rent mobile ad services to achieve state-actor level mass surveillance on a shoestring budget
DerbyCon 8.0 - Evolution - Sunday, October 7
09:00
Wright
Social Engineering At Work – How to use positive influence to gain management buy-in for anything
Grace
Red Mirror: Bringing Telemetry to Red Teaming
Yair
Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight
Baines
Bug Hunting in RouterOS
Biswas
Patching: Show me where it hurts
09:30
Barnard, Gordon
Advanced Deception Technology Through Behavioral Biometrics
10:00
Noel, Watkins
Ham Radio 4 Hackers
Baker, Bienstock
Two-Factor, Too Furious: Evading (and Protecting) Evolving MFA Schemes
Sherman
Cloud Forensics: Putting The Bits Back Together
Roberts, White
Breaking Into Your Building: A Hackers Guide to Unauthorized Access
Raisler
We are all on the spectrum: What my 10-year-old taught me about leading teams
10:30
Bullinger
No Place Like Home: Real Estate OSINT and OPSec Fails
11:00
Browder
Getting Control of Your Vendors Before They Take You Down
Mullen
IoT: Not Even Your Bed Is Safe
Donoso
Killsuit: The Equation Group's Swiss Army knife for persistence, evasion, and data exfil
Bearchell
The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.
Mallz
The Layer2 Nightmare
11:30
Fosaaen
Attacking Azure Environments with PowerShell
12:00
Kane
Cyber Intelligence: There Are No Rules, and No Certainties
Althouse
Fingerprinting Encrypted Channels for Detection
Ceelen, Hegt
The MS Office Magic Show
Tuzel
Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Ayyy
Blue Blood Injection: Transitioning Red to Purple
12:30
Arzamendi
Mirai, Satori, OMG, and Owari - IoT Botnets Oh My
13:00
Nielsen
Getting Started in CCDC
Stephens
On the Nose: Bypassing Huawei's Fingerprint authentication by exploiting the TrustZone
Reiser
Living off the land: enterprise post-exploitation
Chrastil, Gold
Pwning in the Sandbox: OSX Macro Exploitation & Beyond
Mathis
Comparing apples to Apple
13:30
Sarju
How online dating made me better at threat modeling
14:00
Kalat
Changing Our Mindset From Technical To Psychological Defenses
Ryan
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Compton
Hillbilly Storytime: Pentest Fails
Kusjanovic, Shelton
IOCs Today, Intelligence-Led Security Tomorrow
Murdock
Threat Hunting with a Raspberry Pi
14:30
Leal, Morrow
M&A Defense and Integration – All that Glitters is not Gold
15:30
Opening Ceremony


Instructions

This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.

Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.