The content brought forth...

Listed below are the lectures selected for presentation with full information.

If you are interested in speaking at InfoSec Southwest, please see our Call for Papers.



Richard Thieme

Too Much for Anyone to Know
How to survive during war, "cyber-mayhem," and the game of spy versus spy.

We built it and now we have to live with it. That is a non-trivial enterprise in the different worlds without walls we want to navigate in relative safety. Some prefer denial and ignorant bliss to anxiety and fear and a life on meds. Others prefer clarity and good strategies, learning to be mindful and vigilent in a broken world that will never be completely fixed.

Thieme opens with a high-altitude view of how we got where we don't really want to be. The "mind of society," in which "cognitive artifacts" and virtual worlds often replace the "real" is the landscape and battlefield. We had better look at how the transformational engines of new technologiues are restructuring relationships, careers, how we think, how we define ourselves, and what that is doing to the basic tenets of security and intelligence. "Cyberwar" - a word many hate - is both real and fantastically unreal, and it takes place in a media-world that is manipulated, distorted, and its own worst enemy, where truth itself is the enemy and those who say it out loud are the disloyal opposition.

We can not only navigate this messy world, we can thrive in it, but we do need clarity and strategies used by the best. Thieme doesn't pretend to have that all locked up, but he has a few suggestions that might be useful.

About Richard Thieme

Richard Thieme is an author and professional speaker focused on the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change and identify shift. His column, "Islands in the Clickstream," was distributed to subscribers in sixty countries before collection as a book in 2004. When a friend at the National Security Agency said after they worked together on ethics and intelligence issues, "The only way you can tell the truth is through fiction," he returned to writing short stories, 19 of which are collected in "Mind Games." A novel FOAM will be out this year. He is also co-author of the critically extolled "UFOs and Government: A Historical Inquiry," a 5-year research project using material exclusively from government documents and other primary sources, now in 50 university libraries

His work has been taught at universities in Europe, Australia, Canada, and the United States, and he has guest lectured at numerous universities, including Purdue University (CERIAS), the Technology, Literacy and Culture Distinguished Speakers Series of the University of Texas, the "Design Matters" lecture series at the University of Calgary, and as a Distinguished Lecturer in Telecommunications Systems Management at Murray State University. He addressed the reinvention of "Europe" as a "cognitive artifact" for curators and artists at Museum Sztuki in Lodz, Poland and keynoted "The Real Truth: A World's Fair" at Raven Row Gallery, London, He has spoken for the National Security Agency, the FBI, the Secret Service, the US Department of the Treasury, and Los Alamos National Labs. He has keynoted "hacker" conventinos around the world and spoke in 2014 at Def Con for the 19th year.



Violet Blue

Everything They Don't Tell You: When Hackers Talk to the Press

  • Why reporting on security is a mess
  • How this mess directly affects hackers
  • Examples of reporter-hacker malfesance; stories about my own opsec while reporting
  • The tricks journalists use on subjects
  • How to counter all of these tricks

About Violet Blue

Combining nine years as a journalist with four years of leading media trainings for NGO crisis workers, Violet Blue brings her experience and insight to the oft-troubled intersection of security research and headline news. Ms. Blue offers a snapshot of the current state of hacks, breaches and incident response in the press, highlighting the problems in newsrooms worldwide and how they directly affect hackers. What emerges is a threat landscape unfamiliar to security researchers, one in which they are especially vulnerable. Ms. Blue outlines the traps and tricks journalists use on subjects, and clearly explains techniques hackers can use to avoid losing control of the conversation -- or worse.

Daniel 'unicornFurnace' Crowley Damon Smith

Daniel Crowley

Damon Smith

iSEC Partners

Bugged Files: Is Your Document Telling On You?

Certain file formats, like Microsoft Word and PDF, are known to have features that allow for outbound requests to be made when the file opens. Other file formats allow for similar interactions but are not well-known for allowing such functionality. In this talk, we explore various file formats and their ability to make outbound requests, as well as what that means from a security perspective. From data loss prevention to de-anonymization to request forgery to NTLM credential capture, this presentation will explore what it means to have files that communicate to various endpoints when opened.

About Daniel & Damon

Daniel Crowley is ice. Damon Smith is fire. Daniel cultivates flowers. Damon burns them to ashes. Daniel controls the wind with but a gesture. Damon commands the water with a single word. Daniel can simulate a full TSA patdown with his mind. Damon can start cyberwars through salsa dance. Daniel wrote this completely false bio. Damon laughed and egged him on. In reality, Damon and Daniel are both dedicated security practitioners with years of experience working for iSEC Partners.

About iSEC Partners

iSEC Partners is a proven full-service security firm that provides penetration testing, secure systems development, security education and software design verification.

Joshua Danielson

Joshua Danielson


Pragmatic Cloud Security: What InfoSec Practitioners Have Been Waiting For

Applying security standards consistently across environments has typically been a struggle for security practitioners. Maintaining accurate system baselines in dynamic, complex ecosystems is a challenge that makes asset management a seemingly impossible process to control in traditional environments. With the elastic capabilities of Cloud solutions such as Amazon Web Service (AWS) it may appear at first glance that this struggle will only continue. However, there is a light at the end of the tunnel. In this talk we will describe a practical implementation of AWS services; CloudTrail, SNS, and SQS, in combination with the configuration management capabilities of Puppet to ensure a consistent set of security standards across an entire environment; enabling practitioners to secure cloud environments in near real-time, even allowing for the segregation of non-compliant systems just as quickly. Lastly, we will take a peek into the future, where organizations will likely become more reliant on AWS services as critical components in their configuration management solution.

About Joshua

Josh Danielson is a Sr. Security Manager with Axway, where he is responsible for global governance of the Cloud Services security program. With nearly a decade of experience in both public and private sectors, he has served a variety of industries throughout his security career; from academia and government contracting, to the software space. Josh is an active member of the infosec community were he has participated in multiple volunteer events. Josh has received a Master of Science degree in Information Management from Syracuse University, and currently holds multiple certifications including CISSP-ISSAP and CISM.


Greg Foss

LogRhythm Labs

Honeypots for Active Defense

InfoSec analysts are all somewhat familiar with honeypots. When they are given the proper attention, care and feeding, they produce invaluable information. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor -- how can an organization that is not focused on research gain valuable intelligence using honeypots and actively defend their network using the data obtained?

The answer is honeypots for active defense. There are currently many open source security tool distros that come pre-loaded with honeypots among other useful tools, however the honeypot software is often not deployed in an effective manner. This session will discuss techniques to deploy honeypots in ways that will not overburden the security team with massive logs to sift through and focuses on correlating active threat data observed in the honeypot with the production environment. When deploying honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network.

About Greg Foss

Greg Foss is a Senior Security Research Engineer with the LogRhythm Labs Threat Intelligence Team, where he focuses on developing defensive strategies, tools and methodologies to counteract advanced attack scenarios. He has over 7 years of experience in the Information Security industry with an extensive background in Security Operations, focusing on Penetration Testing and Web Application Security. Greg holds multiple industry certifications including the OSCP, GAWN, GPEN, GWAPT, GCIH, and C|EH, among others. He has presented at national security conferences such as DerbyCon, AppSecUSA, BSidesLV, and is a very active member of the Denver security community.

About LogRhythm Labs

LogRhythm is the largest and fastest growing independent security intelligence company in the world. The company's patented and award-winning Security Intelligence Platform, unifying SIEM, log management, file integrity monitoring, network forensics and host forensics, empowers organizations around the globe to detect breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before.

Rob Fuller

Rob "Mubix" Fuller

Clear Text Credentials Everywhere

As Pentesters and Red Teamers we've all grown to love Mimikatz and WCE as methods of gaining access to clear-text credentials. This talk will go over some of the lesser known methods of gaining credentials in an age of ever-lessening wdigest enabled systems.

About Rob

Senior Red Teamer. My professional experience starts from my time on active duty as an United States Marine. I have worked with devices and software that run gambit in the security realm. I have a few certifications, but the titles that I holds above the rest is FATHER, HUSBAND and United States Marine.

Ricky Lawshae

Ricky "HeadlessZeke" Lawshae

Let's Talk About SOAP, Baby. Let's Talk About UPnP

Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability you can think of, and an all-around lack of good security practice about sums it up. In this talk, I will discuss this growing attack surface, demonstrating examples of the many dangers of insecure SOAP/ UPnP interfaces on embedded and "smart" devices along the way.

About Ricky Lawshae

Ricky "HeadlessZeke" Lawshae is a Security Researcher for DVLabs at HP TippingPoint with a medium-sized number of years' experience in professionally voiding warranties. He has spoken at the Defcon, Recon, Insomni'hack, and Ruxcon security conferences, and is an active participant in the extensive Austin, TX hacker community. In his meager spare time, he enjoys picking locks, reading comic books, and drinking expensive beers.


Brian O'Shea

Striker Pierce Investigations and Executive Solutions

Social Hacking and Corporate Espionage

Understanding the way corporate spies operate is essential in attempting to defend against them. With new advances in Social Hacking, Social Engineering, and advanced manipulation, many questionable Competitive Intelligence firms and corporate spies have become more successful in capturing corporate data leveraging time tested techniques that are almost undetectable.

This presentation seeks to educate the audience in the ongoing ways external corporate spies are recruiting corporate employees, creating entire intelligence networks from within their targets, and even becoming sub-contractors of their targets in order to gain confidential information. This presentation also seeks to teach the audience how to spot, assess, and react to these instances appropriately in a manner to eliminate the threat and "harden" their businesses as targets.

The presentation, specifically, will cover the following areas:

  • Social Hacking and Competitive Intelligence
  • Cyber/Social Hacking Joint Operations
  • Advanced Social Engineering: Manipulating the environment around a target to get information.
  • Recruitment of Human Assets
  • Defending against this threat

Presented by one of the United States' most sought after Competitive Intelligence experts, investigators, and former U.S. Intelligence Community Intelligence Professional, this presentation will provide chilling accounts from ongoing and past corporate espionage projects, methods, and outcomes and will give the audience effective ways to counter the threat. "If you can't spot the victim...you are the victim."

About Brian O'Shea

Brian O'Shea has over 20 years of experience in the intelligence and counter intelligence world and has worked across multiple intelligence disciplines for various U.S. Intelligence Agencies, U.S. Special Operations Intelligence, Private Competitive Intelligence Firms, Corporate Litigation and Investigative Teams, and several "grey" boutique intelligence firms notorious for utilizing creative and custom techniques to obtain intelligence. Mr. O'Shea is also the current CEO of Striker Pierce which chiefly specializes in counter corporate espionage, counter competitive intelligence, corporate investigations, and intelligence collection and investigations for private clients. Mr. O'Shea has worked with CEOs, members of two Middle Eastern Royal Families, and foreign governments around the world managing various protection and intelligence operations.

Mr. O'Shea recently presented on counter-espionage techniques at the Human Rights Foundation in Oslo, Norway, the International Conference on Corporate Espionage in Canada, and numerous other key events related to his craft.

Mr. O'Shea is also the Senior Intelligence advisor at several U.S. based corporate intelligence firms and Fortune 500 Companies. Mr. O'Shea is a seasoned instructor specializing in training clients in counter- espionage, counter manipulation, and advance body language reading. Essentially, he teaches his Clients how to thwart the efforts of spies. Mr. O'Shea has been featured in the New York Time's Best Selling "You Can't Lie to Me" by Janine Driver, several national newspapers and magazines around the world, and in local news and radio regarding his work. Mr. O'Shea has published hundreds of articles and reports for the U.S. Government (classified), has recently published an article on corporate espionage in a popular Canadian security magazine, and is the chief author of the Striker Pierce Case and Advice Blog.

Mr. O'Shea holds a Master's Degree in Criminal Justice with a depth in White Collar Crime from Boston University and is a licensed Private Security Instructor for the Commonwealth of Virginia. He is also a graduate of the Defense Language Institute in Monterey California where he studied Arabic.

About Striker Pierce

Striker Pierce LLC provides a full range of investigative services and executive solutions on both a domestic and international scale. Striker Pierce was formed in 2009 and has conducted 181 corporate and field investigations since April of 2012, in addition to hundreds of due diligence and intelligence collection operations within the same time frame. Our Team includes former journalists, military intelligence & competitive intelligence collectors, political consultants and cyber conducted 181 corporate and field investigations since April of 2012, in addition to hundreds of due diligence and intelligence collection operations within the same time frame. Our Team includes former journalists, military intelligence & competitive intelligence collectors, political consultants and cyber pentest specialists.

Striker Pierce also leverages its network of over 230 industry and private individuals domestically and internationally to support operations as appropriate or when needed. In addition to the entire Commonwealth of Virginia, within the United States, this includes (but is not limited to) Austin, Baltimore, Boise, Boston, Denver, Jacksonville (Florida), Los Angeles, New York City, Philadelphia, Portland (Maine), Reno/Tahoe, Salt Lake City, San Francisco and Seattle/Tacoma.

Internationally this network includes representatives in the Kingdom of Saudi Arabia, Dubai/Abu Dhabi (UAE), Frankfurt (Germany), Sao Paulo (Brazil), Perth (Australia), Seoul (S. Korea), Hereford and London (England), Buenos Aires (Argentina), Athens (Greece), and Beijing, (China).


Brandon Perry

Writing Metasploit Modules (For Fun and Profit)

Writing Metasploit Modules (for fun and profit) will focus on turning web application vulnerabilities into profitable modules that can be sold in stores such as ExploitHub. From the module variations a simple SQL injection vulnerability can yield, to other common vulnerablities such as XXE, RCE, and privilege escalation, this talk will focus on tricks and insights into making writing Metasploit modules in your free time profitable. Many demos will be used to solidify an understanding of how a single vulnerability can lead to multiple variations of modules to be sold.

About Brandon Perry

Brandon currently works at a game company auditing games and the supporting infrastructure for security vulnerabilities. In his free time, he does vulnerability research focusing on web application vulnerabilities and contributes often to the Metasploit Framework.

Richard Johnson

Richard Johnson

High Performance Fuzzing

Security conference talks related to fuzzing tend to focus on distributed frameworks or new proof-of-concept engines. This talk will take a look at how to get the most performance out of your engine designs and fuzzing cluster for long term deployments. We will discuss topics like fork servers, static binary rewriting, patching Windows kernel to bypass memory limits and more tricks that have yet to be included in fuzzing talks. We have successfully applied these techniques to create a high performance port of AFL that targets binaries as well as speed up previous work on concolic execution and automated test generation. We will also compare effectiveness of various black box fuzzing approaches including model inference and directed fuzzing engines against a new benchmark composed of real-world vulnerabilities.

Highlights include:

  • Highest performance program tracing options for coverage and dataflow
  • Using bootkits to bypass software memory limits in Windows
  • RAM disk options on Windows
  • Harnessing copy-on-write on Windows
  • High speed automatic test generation
  • Benchmark set of real vulnerabilities for testing fuzzers
  • Performance of best-in-class fuzzers against benchmarks
  • Demo of port of AFL for targeting binaries
  • Demo of fast concolic testing

About Richard Johnson

Richard Johnson is a computer security specialist in the area of software vulnerability analysis. Currently the Manager of Vulnerability Development for Cisco Talos, Richard offers 12 years of expertise and leadership in the software security industry. Current responsibilities include research and development of advanced fuzzing and crash analysis technologies facilitating the automation of the vulnerability triage and discovery process. Richard has presented annually at top-tier industry conferences worldwide for over a decade and was co-founder of the Uninformed Journal.

Mike Sconzo

Mike Sconzo

Bit9 + Carbon Black

I am packer and so can you

Packer and toolchain detection can be a tricky subject, and it seems most of the solutions are either old, closed source, or don't run on your operating system of choice. I'll present a more open way of identifying packers and toolchains, and some results on some open datasets so everybody can play along at home. The motivation behind the work, the process of gathering and analyzing the data as well as the output of identifying and clustering similar samples will be covered.

About Mike

Mike Sconzo has been around the Security Industry for quite some time, and is interested in creating and implementing new methods of detecting unknown and suspicious network activity as well as different approaches for file/malware analysis. This includes looking for protocol anomalies, patterns of network traffic, and various forms of static and dynamic file analysis. He works on reversing malware, tool creation for analysis, and threat intelligence. Currently a lot of his time is spent doing data exploration and tinkering with statistical analysis and machine learning.

About Bit9 + Carbon Black

More than 1,000 organizations worldwide - from 25 Fortune 100 companies to small enterprises - use Bit9 + Carbon Black to increase security, reduce operational costs and improve compliance. Leading managed security service providers (MSSP) and incident response (IR) companies have made Bit9 + Carbon Black a core component of their threat detection and response services. With Bit9 + Carbon Black, you can arm your endpoints against advanced threats.


Sam "0x00string" Shapiro


Hacking Things In 2015, Part 1: Reverse Engineering the KanKun Smartplug

- It's 2015 and many Things are yet unhacked. On a mission to change that, 0x00string presents processes of, anecdotes about and exploits for Things he has been hacking this year.

About Sam

Sam "@0x00string" "Overlord of Pwn" Shapiro is an information security researcher and professional penetration tester at Digital Defense, Inc. in San Antonio Texas. His time is spent hacking things.

About 0x00labs

0x00labs is the name of a farcical organization that @0x00string publishes under.

Juan Vazquez

Juan Vazquez

Rapid7 / Metasploit

Reviewing and Abusing Java Remote Interfaces (Server-side Attacks)

The lecture tries to summarize some interesting Java (remote) attack, and how to check / exploit them with Metasploit. The lecture doesn't focus on client attack vectors, like java sandbox abuses through applets, or click2play bypasses. It focus on remote attack vectors abusing RMI endpoints and technologies using RMI. The lecture won't only summarize some of the popular attack vectors, it also will review how to check/exploit them with Metasploit, presenting new capabilities and modules which are being added to the Metasploit Framework to support all the techniques discussed in the lecture.

About Juan Vazquez

Juan Vazquez is an Exploit Developer at Rapid7, where he splits his time on exploit writing and helping to make the Metasploit Framework. Vulnerabilities, their exploitation and software security are among his interests. In the past he was seen at RootedCON presenting an SCADA product software review with his mate Julian Vilas.

About Rapid7

"Rapid7's mission is to develop simple, innovative solutions for security's complex challenges. We understand the attacker better than anyone and build that insight into our security software and services. Our IT security analytics solutions collect, contextualize, and analyze the security data you need to dramatically reduce threat exposure and detect compromise in real-time. They speed investigations so you can halt threats and clean up systems fast. Unlike traditional vulnerability assessment or incident management, Rapid7 provides insight into the security state of your assets and users, across virtual, mobile, private and public cloud networks.