42: The answer to life, the universe, and everything offensive security
Active Directory Security: Beyond the Easy Button
Adventures in Azure Privilege Escalation
Adventures in systemd injection
API Keys, Now What?Taking the Pen Test Into the Amazon Cloud
Are you ready to leverage DevSecOps? Get ready and use it for good.
Assessing IoT Surveillance - Arlo
Assumed Breach: A Better Model for Penetration Testing
Attacking with Automation: How Office 365 automation provides another new risk to the cloud
Automated Dylib Hijacking
Azure Sentinel - A first look at Microsoft's SIEM Solution
Behavioral Security and Offensive Psychology at Scale
BloodHound From Red to Blue
BloodHound: Head to Tail
Breaking & Entering via SDR, or How I defeated Wiegend over UHF/VHF, or your apartment isn't safe...
Build your own multi-user password manager using open source software
Bypassing MacOS Detections With Swift
Catching Cyber Criminals – Investigative techniques to identify modern threat actors and the clues they leave behind during data breaches
Choose Your Own TTX: Redefining the Incident Response Table Top Exercise
Collect All the Data - Protect All the Things
COM Hijacking Techniques
Confessions of an IT / OT Marriage Counselor
Cyber false flags and adversarial counterintelligence, oh my…
Defeating Next-Gen AV and EDR: Using Old (And New) Tricks on New Dogs
DerbyCon Story Time Panel
Designing & building a stealth C2 LDAP channel
Dynamic Risk Taking and Social Engineering
Early Detection Through Deception
Empathy as a Service to Create a Culture of Security
Enabling The Future (Panel)
Endpoint Detection Super Powers on the cheap, with Sysmon
Five Mistakes We Wish Users Would Stop Making
Frag, You're It - Hacking Laser Tag
Full Steam Ahead: Serverless Hacking 101
Getting dirty on the CANBUS
Getting the most out of your covert physical security assessment - A Client’s Guide
Hacking Humans: Addressing Vulnerabilities in the Advancing Medical Device Landscape
Hacking While Blind.
“How do I detect technique X in Windows?” Applied Methodology to Definitively Answer this Question
How to cook a five star meal from the convenience of your hotel room
How to Give the Gift That Keeps on Giving - Your Knowledge
How to Tell the C-Level Their Baby is Ugly
Hunting Phish Kits
Hunting Webshells: Tracking TwoFace
Improving CACTUSTORCH payloads
Incident response on macOS
Inter-chip communication - Testing end-to-end security on IoT
Invoke-GreatBirdOfCommonKnowledge - Gathering what is scattered with ATT&CK, an Atomic Bird, and a bit of homegrown PowerShell...
IPv6 Security Considerations - For When "Just Turn It Off" Isn't Good Enough
I PWN thee, I PWN thee not!
I sim(ulate), therefore i catch: enhancing detection engineering with adversary simulation
It Must Be Fancy Bear!
kubered - Recipes for C2 Operations on Kubernetes
Lying in Wait: Discovering and Exploiting Weaknesses in Automated Discovery Actions
Metasploit Town Hall Finale
Modlishka - Is a Mantis Eating 2FA's Lunch?
More Quiet Time
.NET Manifesto - Win Friends and Influence the Loader
Next-gen IoT botnets - leveraging cloud implementations for shells on 500k IoTs
No class, Low Tech, High damage
Not A Security Boundary: Breaking Forest Trusts
Offensive Machine Learning for Pentesters and Red Teams
Old Tools, New Tricks: Hacking WebSockets
One woman's journey to CISO leveraging Social Engineering
Opening Keynote - Presented by Ed Skoudis
Phishing past Mail Protection Controls using Azure Information Protection (AIP)
PowerShell Security: Looking Back from the Inside
Practical Heuristic Exploitation
Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty
Product Security Shouldn't be Painful
Python Two birds with one stone
Red Team Level over 9000! Fusing the powah of .NET with a scripting language of your choosing: introducing BYOI (Bring Your own Interpreter) payloads.
Red Team Methodology: A Naked Look
REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure
RFID sniffing, under your nose and in your face!
Rise of the Machines // using machine learning with GRC
SCADA: What the next Stuxnet will look like and how to prevent it
Scientific computing for information security – forging the missing link
Shadow IT in the Cloud
SharPersist: Windows Persistence Toolkit in C#
Social Engineering in Non-Linear Warfare
SS7 for INFOSEC
Still More Quiet Time
StringSifter: Learning to Rank Strings Output for Speedier Malware Analysis
Testing Endpoint Protection: How Anyone Can Bypass Next Gen AV
The $19.95 anonymous cyber profile
The “Art” of The BEC - What Three Years of Fighting Has Taught Us
The Backup Operators Guide to the Galaxy
The Hackers Apprentice
The quest for 10g IDS
There's No Place like (DUAL)Homed.
To CORS! The cause of, and solution to, your SPA problems!
Unix: the Other White Meat
Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory Corruption Exploits
Virtual Smart Cards for Lab Environments
Waking up the data engineer in you!
Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting
Well, what have we here? A year of cyber deception, attribution and making attackers rethink their life choices.