DerbyCon 3.0 – Speakers and their subjects (Full List)

DerbyCon 3.0 – Speakers and their subjects (Full List)

Henry Dalziel | General Hacking Posts, Information Security Conferences, Latest InfoSec News | September 21, 2013

As most of our readers, students, and Hacker Hotshots know by now, we love Security Conferences (in fact, we just published our ‘Information Security Conferences of 2014’ – so go check out that if you have a minute and see if your calender works with the 2014 conference dates.

Update! We also have the conference list for 2015 set-up and 2016 here (for all your infosec conference event planning!)

DerbyCon, taking place from September 25th, is possibly the coolest infosec conference one out there (if you agree/ disagree comments below please!).

The breadth and depth of the talks they have organized this year is staggering and a true testament to the guys and gals behind the conference. To have so many well known and talented infosec professionals under one roof is awesome.

Below is a list of the talks that they have planned. For a full description – there is no where better to learn about DerbyCon than at

If you are attending, or attended, let us know how it was and what talks you enjoyed the most!


Look Ma No Exploits! The Recon-ng Framework Tim “Lanmaster53? Tomes
Cognitive Injection Reprogramming the Situation-Oriented Human OS Andy Ellis
It’s Only a Game: Learning Security through Gaming Bruce Potter
Pigs Don’t Fly Why owning a typical network is so easy and how to build a secure one. Matt “Scriptjunkie” Weeks
Building An Information Security Awareness Program from Scratch Bill Gardner and Valerie Thomas
Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland
IOCAware Actively Collect Compromise Indicators and Test Your Entire Enterprise Matt Jezorek & Dennis Kuntz
Ooops Now What? The Stolen Data Impact Model (SDIM) Brent Huston
Finding The Signal in the Noise: Quantifying Advanced Malware Dave Marcus
Malware : testing malware scenarios on your network Tony Huffman and Juan Cortes
JTAGulator: Assisted discovery of on-chip debug interfaces Joe Grand
Cash is King: Who’s Wearing Your Crown? Tom Eston & Spencer Mcintyre
Anti-Forensics: Memory or something I forget. Int0x80
Applying the 32 Zombieland Rules to IT Security Larry Pesce
Password Intelligence Project Advanced Password Recovery and Modern Mitigation Strategies John Moore “Rabid Security”
Seeing red in your future? Ian Iamit
Security Sucks and You’re Wearing a Nursing Bra Paul Asadoorian
The Mysterious Mister Hokum Jason Scott
Windows 0wn3d By Default Mark Baggett
Tizen Security: Hacking the new mobile OS Mark Manning (Antitree)
TMI: How to attack SharePoint servers and tools to make it easier Kevin Johnson And James Jardine
Windows Attacks: AT is the new black Rob Fuller & Chris Gates
Appsec Tl;dr Gillis Jones
Android 4.0: Ice Cream “Sudo Make Me a” Sandwich Max Sobell
RAWR Rapid Assessment of Web Resources Adam Byers and Tom Moore
The High Risk of Low Risk Applications Conrad Reynolds
How Good is Your Phish @Sonofshirt
DIY Command & Control For Fun And *No* Profit David Schwartzberg
Hiding @ Depth Exploring Subverting and Breaking NAND Flash memory Josh “M0nk” Thomas
Decoding Bug Bounty Programs Jon Rose
It’s Okay to Touch Yourself Ben Ten (Ben0xa)
Identifying Evil: An introduction to Reverse Engineering Malware and other software Bart ‘D4ncind4n’ Hopper
IPv6 is here (kind of) what can I do with it? Dan Wilkins
Attacking the Next Generation Air Traffic Control System; Hackers liquor and commercial airliners. Renderman
Patching Windows Executables with the Backdoor Factory Joshua Pitts
Collaborative Penetration Testing With Lair Tom Steele And Dan Kottmann
How Im going to own your organization in just a few days. Razoreqx
Dancing With Dalvik Thomas Richards
Antivirus Evasion through Antigenic Variation (Why the Blacklisting Approach to AV is Broken) Trenton Iveys
Getting Them to Talk Rather than Text at Work Nancy Kovanic
Battle Scars And Friendly Fire: Threat Research Team War Stories Will Gragido And Seth Geftic
Unmasking Miscreants Allixon Nixon and Brandon Levene
gitDigger: Creating useful wordlists from public GitHub repositories Jaime Filson (Wik)
PowerShell and Windows Throw the Best Shell Parties Piotr Marszalik
Owning Computers Without Shell Access Royce Davis
Sixnet Tools: for poking at Sixnet Things Mehdi Sabraoui
Promoting Your Security Program Like A Lobbyist. Jerry Gamblin
Abusing LFI-RFI for Fun Profit and Shells Francis Alexander
Hardening Windows 8 apps for the Windows Store Bill Sempf
Intro to Dynamic Access Control in Windows Server 2012 Evan Anderson
Evolutionary Security Embracing Failure to Attain “Good Enough” Josh More
DIY Forensics: When Incident Response Morphs into Digital Forensics John Sammons
ANOTHER Log to Analyze Utilizing DNS to Discover Malware in Your Network Nathan Magniez
Malware Automation Christopher Elisan
Pass-The-Hash 2: The Admin’s Revenge Skip Duckwall And Chris Campbell
Big Hugs for Big Data Davi Ottenheimer
Hello ASM World: A Painless and Contextual Introduction to x86 Assembly Nicolle Neulist (Rogueclown)
Panel: Building and Growing a Hacker Space Joey Maresca Dave Marcus Nick Farr Skydog
What’s common in Oracle and Samsung? They tried to think differently about crypto. Ferenc Spala
The Cavalry Is Us: Protecting the public good and our profession Josh Corman
Antivirus Evasion: Lessons Learned Thelightcosine
SQL injection with sqlmap Conrad Reynolds Cisa
SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. Jacob Holcomb
Burning the Enterprise with BYOD Georgia Weidman
Love letters to Frank Abagnale (How do I pwn thee let me count the ways) Jayson E. Street
Is Auditing C/C++ Different Nowadays? Jared Demott
The Internet of Things: Vulns Botnets and Detection Kyle Stone and Liam Randall
Put Me In Coach: How We Got Started In Infosec – pr1me Chris “G11tch” Hodges Frank Hackett Dave “Rel1k” Kennedy
Getting the goods with smbexec Eric Milam(Brav0hax) and Martin Bos (Purehate)
The Message and The Messenger James Arlen
Getting Schooled: Security with no budget in a hostile environment Jim Kennedy
The Malware Management Framework a process you can use to find advanced malware. We found WinNTI with it! Michael Gough And Ian Robertson
Alice Goes Deeper (Down the Rabbit Hole) Redirection 2.0 Nathan Magniez
Shattering the Glass: Crafting Post Exploitation Tools with PowerShell Matt Johnson
50 Shades of RED: Stories from the “Playroom” Chris Nickerson
Browser Pivoting (FU2FA) Raphael Mudge
Hack the Hustle! Eve Adams
Emergent Vulnerabilities: What ant colonies schools of fish and security have in common. Nathaniel “Dr. Whom” Husted
Cheat Codez: Level UP Your SE Game Eric Smith
Beyond Information Warfare “You Ain’t Seen Nothing Yet” Winn Schwartau
Taking the BDSM out of PCI-DSS Through Open-Source Solutions Zack Fasel & Erin “Secbarbie” Jacobs
Operationalizing Security Intelligence in the Enterprise- Rafal Los
Why Your IT Bytes Frank J. Hackett
My Experiments with truth: a different route to bug-hunting Devesh Bhatt
Stop Fighting Anti-Virus Integgroll John Strand
Hacking Back Active Defense and Internet Tough Guys
New Shiny in the Metasploit Framework Egypt
Using Facial Recognition Software In Digital Forensics And Information Security Brian Lockrey
The Art and Science of Hacking Any Organization Tyler Wrightson
Setup An Encyclpwnia of Persistence Skip Duckwall Will Peteroy
Everything you ever wanted to know on how to start a Credit Union but were afraid to ask. Jordan Modell
How to Fight a War Without Actually Starting One Brendan O’Connor
Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation Christopher Campbell and Matthew Graeber
Setup Your Turn! Johnny Long
A developer’s guide to pentesting Bill Sempf
Crypto-Exploit Exercises: A tool for reinforcing basic topics in Cryptography Nancy Snoke
Phishing Frenzy: 7 seconds from hook to sinker Brandon Mccann
Electronic Safe Fail: Common Vulnerabilities in Electronic Safesî Jeff Popio
The Good Samaritan Identity Protection Project ñ Zack Hibbard, Chris Brown and Jon Sternstein
Some defensive ideas from offensive guys. Justin Elze & Robert Chuvala
Raising Hacker Kids: For Good or for Awesome Joseph Shaw
Grim Trigger Jeff “Ghostnomad” Kirsch
Stealth servers need Stealth Packets Jaime S·Nchez
A n00bie’s perspective on Pentesting… Brandon Edmunds
My Security is a Graph Your Argument is Invalid Gabriel Bassett
Follow the Foolish Zebras: Finding Threats in Your Logs Chris Larsen
Security Training and Research Cloud (STRC) Jimmy Murphy
Passive Aggressive Defense Jason Clark
So you want to be a pentester? Raymond Gabler
Digital Energy BPT and Paul Coggin
An Anti-Forensics Primer Jason Andress
What if Petraeus was a hacker? Email privacy for the rest of us Phil Cryer
First line of defense Greg Simo
Cracking Corporate Passwords Exploiting Password Policy Weaknesses Minga/ Rick Redman
How the Grid Will Be Hacked Josh Axelrod And Matt Davis
Practical File Format Fuzzing Jared Allar
Steal All of the Databases. Alejandro Caceres
Ownage From Userland: Process Puppeteering Nick Cano
help for the helpdesk Mick Douglas
Surviving the Dead Christopher ‘Eggdropx’ Payne
After SS7 its LTE Ankit Gupta
`This_Talk` AS (‘New Exploitation and Obfuscation Techniquesí)%00 Roberto Salgado
Weaponizing your Coffee Pot Daniel Buentello
How can I do that? Intro to hardware hacking with an RFID badge reader Kevin Bong
Sandboxes from a pen tester’s view Rahul Kashyap
Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network Solomon Sonya & Nick Kulesza
Practical OSINT Shane Macdougall
A SysCall to ARMs Brendan Watters
iOS Reverse #=> iPWn Apps Mano ‘Dash4rk’ Paul
Phishing Like The Pros Luis “Connection” Santana
Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) Jack D. Nichelson
The Netsniff-NG Toolkit Jon Schipp
Terminal Cornucopia Evan “Treefort” Booth
Raspberry Pi, Media Centers and AppleTV David Schuetz
Uncloaking IP Addresses on IRC Derek Callaway
Why Dumpster Dive when I can pwn right in? Terry Gold
Wait; How is All This Stuff Free?!? Gene Bransfield


Leave a comment or reply below...thanks!