DerbyCon 4.0 - Family Rootz - Friday, September 26
08:30
Welcome to the Family
09:00
Saving the world from the zombie apocalypse
09:45
Skoudis
How to Give the Best Pen Test of Your Life
10:30
Kennedy, Mitnick
Back by popular demand -- Adaptive Penetration Testing Part Two
12:00
Pesce
If it fits- it sniffs: Adventures in WarShipping
Potter
Threat Modeling for Realz
Scott
So You Want To Murder a Software Patent
Kumar, Shankar, Walton
Subverting ML Detections for Fun and Profit
Santana
NeXpose For Automated Compromise Detection
12:30
Kinch, Long, Miller, Miller
A girl, some passion, and some tech stuff
13:00
Perez
Abusing Active Directory in Post-Exploitation
Huston
A Guided Tour of the Internet Ghetto :: Introduction to Tor Hidden Services
Isham, Moey
Patching the Human Vulns
Bowes
Secrets of DNS
Paul
InfoSec -- from the mouth of babes (or an 8 year old)
13:30
Fitzpatrick
Why Aim for the Ground?
14:00
Marcus
Quantifying The Adversary: Introducing GuerillaSearch and GuerillaPivot
Schwartz
Red Teaming: Back and Forth, 5ever
Steele
Burp For All Languages
Hogan
Snort & OpenAppID: How to Build an Open Source Next Generation Firewall
Bromiley
NoSQL Injections: Moving Beyond ‘or ‘1’=’1′
14:30
Art
SWF Seeking Lazy Admin for Cross Domain Action
15:00
Pitts
A Year in the (Backdoor) Factory
Strand
How not to suck at pen testing
McGuire, Schroeder
Passing the Torch: Old School Red Teaming- New School Tactics
Hodeges, Schmitt, Stone
GET A Grip on Your Hustle: Glassdoor Exfil Toolkit
Beddome
Planning for Failure
15:30
Miller
The Social Engineering Savants -- The Psychopathic Profile
16:00
Donnelly, Tomes
Ball and Chain (A New Paradigm in Stored Password Security)
Wrightson
Mainframes, Mopeds and Mischief: A PenTester's Year in Review
Rogue, Woods
I Am The Cavalry: Year [0]
Cargile
DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model?
Perez-Etchegoyen
Hiding the breadcrumbs: Forensics and anti-forensics on SAP systems
16:30
Scott
You’re in the butter zone now- baby.
17:00
Campbell
Et tu- Kerberos?
Montgomery, Sevey
The Multibillion Dollar Industry That’s Ignored
Bowne, Crenshaw, Davidson, Gardner, Liles
University Education In Security Panel
Kunz
Exploiting Browsers Like A Boss w/ WhiteLightning!
Caudill, Wilson
Making BadUSB Work For You
17:30
Ringwood
PassCrackNet: When everything else fails- just crack hashes.
18:00
Smith
Advanced Red Teaming: All your Badge Are Belong To Us
Paul
Code Insecurity or Code in Security
Moey
What happened to the ‘A’? How to leverage BCP/DR for your Info Sec Program
Sharpe, Trame
Real World Intrusion Response
Askew
Vulnerability Assessment 2.0
18:30
Liles, Liles, Liles
Social Engineering your progeny to be hackers
19:00
Munoz
Bypassing Internet Explorer’s XSS Filter
McRee
C3CM: Defeating the Command- Control- and Communications of Digital Assailants
Banks
Securing Your A$$ets from Espionage
McCartney
Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed
Cook
A Brief History of Exploitation
19:30
Bilodeau
Hunting Malware on Linux Production Servers: The Windigo Backstory
DerbyCon 4.0 - Family Rootz - Saturday, September 27
09:00
Smith
Interceptor: A PowerShell SSL MITM Script
Adams, Xmas
Attack Paths
Berlin
Hackers Are People Too
Butturini
Making Mongo Cry-Attacking NoSQL for Pen Testers
Jenks
Human Trafficking in the Digital Age
09:30
Husted
Cat Herding in the Wild Wild West: What I Learned Running A Hackercon CFP
10:00
Egypt
More New Shiny in the Metasploit Framework
Kennedy
How to Secure and Sys Admin Windows like a Boss.
Jardine, Johnson
Ethical Control: Ethics and Privacy in a Target-Rich Environment
Moore
Step On In, The Waters Fine!
Samide
How to Stop a Hack
10:30
Simo
We don’t need no stinking Internet.
12:00
Regan, Thomas
All Your Base Still Belong To Us: Physical Penetration Testing Tales From The Trenches
Amit
Red white and blue. Making sense of Red Teaming for good.
Arlen
The Road to Compliancy Success Plus Plus
Chronister
Give me your data! Obtaining sensitive data without breaking in
Ellis, Ragan
Hacking the media for fame and profit
13:00
Hadnagy
The Human Buffer Overflow aka Amygdala Hijacking
Street
Around the world in 80 cons
Hoy, Stauffacher
Are You a Janitor- Or a Cleaner
Kouns, Price
Third Party Code: FIX ALL THE THINGS
Schwartzberg
ZitMo NoM
13:30
Power
Penetrate your OWA
14:00
Wartortell
Shellcode Time: Come on Grab Your Friends
Crompton, Douglas
Mirage — Next Gen Honeyports
Ten
Practical PowerShell Programming for Professional People
Erven
Just What The Doctor Ordered?
Morris, Zamora
RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours
14:30
Turner
Interns Down for What?
15:00
Asadoorian
The Internet Of Insecure Things: 10 Most Wanted List
Fasel, Jacobs
They touched you WHERE? When trusting a security questionnaire isn’t enough!
atlas
GROK
Pruitt, Wojton
Powershell Drink the Kool-Aid
Perry
i r web app hacking (and so can you!)
15:30
Lackey
Building a Modern Security Engineering Organization
16:00
Abraham
DDoS Botnet: 1000 Knives and a Scalpel!
Lang
Active Directory: Real Defense for Domain Admins
Ellis
How building a better hacker accidentally built a better defender
Douglas
powercat
Gay
Information Security Team Management: How to keep your edge while embracing the dark side
16:30
Johnson
5min web audit: Security in the startup world
17:00
cC, Maerz
wifu^2
Dunning
The Wireless World of the Internet of Things
Bull, Matthews
Exploring Layer 2 Network Security in Virtualized Environments
Thyer
Macro Malware Lives! -- Putting the sexy back into MS-Office document macros
Callaway
Project SCEVRON: SCan EVrything with ruby RONin
17:30
Herman
Soft Skills for a Technical World
18:00
Medin
Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades
Lackey
Hardware Tamper Resistance: Why and How?
Jauregui
Girl… Fault Interrupted
Hall, Harit
Gone in 60 minutes -- Practical Approach to Hacking an Enterprise with Yasuo
18:30
Mata, Stone
Snarf - Capitalizing on Man-in-the-Middle
19:00
Hartman, Roberson
Electronic locks in firearms -- Oh My!
DerbyCon 4.0 - Family Rootz - Sunday, September 28
09:00
Gardner, Jordan, Somerville
Introducting Network-Socut: Defending The Soft Center of Your Network
McCabe
Open Source Threat Intelligence: Developing a Threat intelligence program using open source tools and public sources
Troia
Analyzing Weak Areas of the Federal Cloud Security Program
Hopper
Surviving until Dawn
Sistrunk
Dolla Dolla Bump Key
09:30
Maresca
What Dungeons & Dragons Taught Me About INFOSEC
10:00
Bloxham
Getting Windows to Play with Itself: A Pen Tester's Guide to Windows API Abuse
Daniel
Once upon a time… (InfoSec History 101)
Rangarajan
Proactive Application Security
Holland, Kothari
A Bug or Malware? Catastrophic consequences either way.
Sistrunk, Tarkington
Gender Differences in Social Engineering: Does Sex Matter?
10:30
David
Introduction to System Hardening
12:00
Magniez
Offensive Safe Words -- Exploiting a Bad Dom(admins’)
White
Hacking Mainframes; Vulnerabilities in applications exposed over TN3270
Wilhoit
Chicken of the APT: Understanding Targeted Attackers with Incubation!
Berlin, Davis, Gardner, McCann, Milam, Thomas
It’s Not Easy Being Purple
Lenigan
Hacking your way into the APRS Network on the Cheap
12:30
Pubal
Building a Web Application Vulnerability Management Program
13:00
Hilt
Protocol Me Maybe? How to Date SCADA
Hall
Single Chip Microcontrollers: Beyond Arduino
Bending and Twisting Networks
Goddard
Control Flow Graph Based Virus Scanning
Thompson
Fighting Back Against SSL Inspection
13:30
Hires
Physical Security: From Locks to Dox
14:00
Kelly, Reynolds
Attacks and Countermeasures: Advanced Network Traffic Manipulation
Code24
Building Better Botnets with IPv6
Kennedy, Murdock
Bridging the gap between red and blue
Wojno
Ok -- so you’ve been pwned -- now what?
Kopp
Am I an Imposter?
14:30
Johnson, Ten
Call of Community: Modern Warfare
15:00
Bos, Milam
What to expect when you’re expecting…a pentest
Werby
Bad Advice- Unintended Consequences- and Broken Paradigms
Foss
CMS Hacking Tricks
Cran
Everybody gets clickjacked: Hard knock lessons on bug bounties
Berner
The Canary in the Cloud
15:30
Gough
Defensive talks NOT 'sexy'? What's sexier than catching an attack like Target- APT- SET or your Pen Tester? Let me show you some sexy logging
16:00
Los
Things Being a New Parent of Twins Teaches You About Security
Heiland, Kienow
Simple Network Management Pwnd
Randall
Advanced Incident Response with Bro
Nichelson
Are you a Beefeater -- focused on protecting your crown jewels?
17:00
Closing Ceremonies


Instructions

This "Old School" schedule is an automatically-generated evolution of a manually-generated hack Darth Null has been using at ShmooCon since 2007. It won't work too well for a large conference, like DEFCON, but for smaller events like ShmooCon or BlackHat DC, it might be useful.

Simply print this out at whatever scale is most helpful to you. For example, for ShmooCon: print at 65%, fold Friday and Sunday back behind Saturday, and laminate, for a two-sided 3" x 4" card that you can keep in your shirt pocket.