Accuvant To Present Nine Sessions at DerbyCon 3.0

-- Topics to Include: Intro to Hacking Hardware, x86 Assembly, Phishing Frenzy and More --

Denver – September 26, 2013 – Accuvant, the Authoritative Source for information security, today announced that several members of its renowned Accuvant LABS team are participating in nine different sessions at DerbyCon 3.0. The conference is taking place from September 25-29 in Louisville, Ky.

Kevin Finisterre, senior research consultant, is co-leading a sold-out two-day training course from September 25-26 on “Tap That – An Introduction to Hacking Hardware." This course guides students through basic hardware hacking – setting up a home lab, EE basics, soldering techniques, JTAG basics with the GoodFet, firmware analysis, logic analysis and defeating hardware protections.

Additionally, Accuvant security experts are presenting the following talks:

Owning Computers without Shell Access
Who/What:  Royce Davis, senior consultant, will demonstrate how to accomplish the same degree of network level compromise that has been enjoyed in the past with shell-based attack vectors, while avoiding detection from AV solutions and leaving little to no trace of presence on target systems.
When/Where:  Friday, September 27 at 2:30 p.m./Stable Talk

AppSec Tl;dr
Who/What:  Gillis Jones, consultant, will walk through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try to keep quiet and suggestions on “How to Hack,” this presentation aims to bring attendees to a level of proficiency in hacking the web in less than 60 minutes.
When/Where:  Friday, September 27 at 4:00 p.m./Track 3

Pass-the-Hash 2: The Admin's Revenge
Who/What:  Skip Duckwall, senior consultant, will co-present some of the shortcomings in Microsoft’s guide for mitigating Pass-The-Hash attacks against Windows, and offer practical ways to detect and potentially prevent hashes from being passed on a network.
When/Where:  Saturday, September 28 at 9:00 a.m./Track 2

Hello ASM World: A Painless and Contextual Introduction to x86 Assembly
Who/What:  Nicolle Neulist, associate consultant, will explain basic principles of programming in x86 assembly language, provide concrete examples of simple functions implemented in assembly beside that same functionality implemented in a higher-level language, and demonstrate basic techniques for writing custom shellcode.
When/Where:  Saturday, September 28 at 9:00 a.m./Track 4

Phishing Frenzy: 7 Seconds from Hook to Sinker
Who/What:  Brandon McCann, senior consultant, will discuss the new addition to the open source and InfoSec community: Phishing Frenzy. Phishing Frenzy is a database driven web application written in Ruby on Rails that helps penetration testers manage their phishing campaigns by providing a framework that is easy to build and manage templates for future engagements. Being able to launch effective email phishing campaigns allows us to better help our clients mitigate these types of risks.
When/Where:  Saturday, September 28 at 9:00 a.m./Stable Talk

Some Defensive Ideas from Offensive Guys
Who/What:  Justin Elze, security consultant, and Robert Chuvala, associate consultant, will address common high impact vulnerabilities they continue to see on many networks. They will help people new to defense by highlighting a number of misconfigurations and common vulnerabilities along with mitigation techniques. They’ll also address the common arguments that might act as roadblocks when trying to remove or mitigate legacy systems.
When/Where:  Saturday, September 28 at 10:30 a.m./Stable Talk

Getting The Goods with smbexec
Who/What:  Eric Milam and Martin Bos, managing principals, will explore the creation of smbexec, the components behind it, and how to leverage its functionality to get the goods from a system without having to use a payload.
When/Where:  Saturday, September 28 at 1:00 p.m./Track 1

An Encyclpwnia of Persistence
Who/What:  Skip Duckwall will co-present on more than 20 different ways that someone could attain persistence. This talk will benefit those who have to defend and those who provide threat emulation by sharing details about real world persistence methods.
When/Where:  Saturday, September 28 at 5:00 p.m./Track 3

Accuvant LABS, the largest and most skilled team of information security professionals in the world, is comprised of respected information security veterans, established thought leaders, sought out speakers and published authors. Each of our 250+ leading security experts is committed to performing research, developing solutions and working with clients – and one another – to solve specific security problems as well as those of the industry at large.

Media wishing to interview any Accuvant experts are encouraged to contact Susan Vaillancourt at or (603) 459-8906.

About Accuvant                                                                                                        

Accuvant is the Authoritative Source for information security. Since 2002, the company has served more than 5,200 clients, including half of the Fortune 100 and more than 900 educational institutions and government entities. Headquartered in Denver, Accuvant has offices across the United States and Canada and has the largest and most skilled team of technical security professionals in the world – Accuvant LABS. For more information, please visit

# # #