42: The answer to life, the universe, and everything offensive security

Active Directory Security: Beyond the Easy Button

Adventures in Azure Privilege Escalation

Adventures in systemd injection

Adversarial Emulation

API Keys, Now What?Taking the Pen Test Into the Amazon Cloud

Are you ready to leverage DevSecOps? Get ready and use it for good.

Assessing IoT Surveillance - Arlo

Assumed Breach: A Better Model for Penetration Testing

Attacking with Automation: How Office 365 automation provides another new risk to the cloud

Automated Dylib Hijacking

Automating Hashtopolis

Azure Sentinel - A first look at Microsoft's SIEM Solution

Behavioral Security and Offensive Psychology at Scale

BloodHound From Red to Blue

BloodHound: Head to Tail

Breaking & Entering via SDR, or How I defeated Wiegend over UHF/VHF, or your apartment isn't safe...

Build your own multi-user password manager using open source software

Bypassing MacOS Detections With Swift

Catching Cyber Criminals – Investigative techniques to identify modern threat actors and the clues they leave behind during data breaches

Choose Your Own TTX: Redefining the Incident Response Table Top Exercise

Closing Ceremony

Collect All the Data - Protect All the Things

COM Hijacking Techniques

Confessions of an IT / OT Marriage Counselor

Cyber false flags and adversarial counterintelligence, oh my…

Defeating Next-Gen AV and EDR: Using Old (And New) Tricks on New Dogs

DerbyCon Story Time Panel

Designing & building a stealth C2 LDAP channel

Dynamic Risk Taking and Social Engineering

Early Detection Through Deception

Empathy as a Service to Create a Culture of Security

Enabling The Future (Panel)

Endpoint Detection Super Powers on the cheap, with Sysmon

Five Mistakes We Wish Users Would Stop Making

Frag, You're It - Hacking Laser Tag

Full Steam Ahead: Serverless Hacking 101

Getting dirty on the CANBUS

Getting the most out of your covert physical security assessment - A Client’s Guide

Hacking Humans: Addressing Vulnerabilities in the Advancing Medical Device Landscape

Hacking While Blind.

“How do I detect technique X in Windows?” Applied Methodology to Definitively Answer this Question

How to cook a five star meal from the convenience of your hotel room

How to Give the Gift That Keeps on Giving - Your Knowledge

How to Tell the C-Level Their Baby is Ugly

Hunting Phish Kits

Hunting Webshells: Tracking TwoFace

Improving CACTUSTORCH payloads

Incident response on macOS

Inter-chip communication - Testing end-to-end security on IoT

Invoke-GreatBirdOfCommonKnowledge - Gathering what is scattered with ATT&CK, an Atomic Bird, and a bit of homegrown PowerShell...

IPv6 Security Considerations - For When "Just Turn It Off" Isn't Good Enough

I PWN thee, I PWN thee not!

I sim(ulate), therefore i catch: enhancing detection engineering with adversary simulation

It Must Be Fancy Bear!

Kerberoasting Revisited

kubered - Recipes for C2 Operations on Kubernetes

Lying in Wait: Discovering and Exploiting Weaknesses in Automated Discovery Actions

Metasploit Town Hall Finale

Modlishka - Is a Mantis Eating 2FA's Lunch?

More Quiet Time

.NET Manifesto - Win Friends and Influence the Loader

Next-gen IoT botnets - leveraging cloud implementations for shells on 500k IoTs

No class, Low Tech, High damage

Not A Security Boundary: Breaking Forest Trusts

Offensive Machine Learning for Pentesters and Red Teams

Old Tools, New Tricks: Hacking WebSockets

One woman's journey to CISO leveraging Social Engineering

Opening Ceremony

Opening Keynote - Presented by Ed Skoudis

Phishing past Mail Protection Controls using Azure Information Protection (AIP)

PowerShell Security: Looking Back from the Inside

Practical Heuristic Exploitation

Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

Product Security Shouldn't be Painful

Python Two birds with one stone

Quiet Time

Red Team Level over 9000! Fusing the powah of .NET with a scripting language of your choosing: introducing BYOI (Bring Your own Interpreter) payloads.

Red Team Methodology: A Naked Look

REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure

RFID sniffing, under your nose and in your face!

Rise of the Machines // using machine learning with GRC

SCADA: What the next Stuxnet will look like and how to prevent it

Scientific computing for information security – forging the missing link

Shadow IT in the Cloud

SharPersist: Windows Persistence Toolkit in C#

Social Engineering in Non-Linear Warfare

SS7 for INFOSEC

Still More Quiet Time

StringSifter: Learning to Rank Strings Output for Speedier Malware Analysis

Swagger Defense

Testing Endpoint Protection: How Anyone Can Bypass Next Gen AV

The $19.95 anonymous cyber profile

The “Art” of The BEC - What Three Years of Fighting Has Taught Us

The Backup Operators Guide to the Galaxy

The Hackers Apprentice

The quest for 10g IDS

There's No Place like (DUAL)Homed.

To CORS! The cause of, and solution to, your SPA problems!

Unix: the Other White Meat

Using Next Generation Fuzzing Tools: Fixing Bugs and Writing Memory Corruption Exploits

Virtual Smart Cards for Lab Environments

Waking up the data engineer in you!

Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting

Well, what have we here? A year of cyber deception, attribution and making attackers rethink their life choices.