2019
- Black Hat USA Trainings 2019 (Accepted):
- "The Web Application Hacker Level-Up Lab"
- Unfortunately we couldn't fill the class in Las Vegas. It was delivered in Buenos Aires instead with the help of Include Security. Thank you!
- "The Web Application Hacker Level-Up Lab"
2018
- OWASP Maine:
- Best Fit Mapping Attacks
2017
- Pluralsight Training 2017:
2016
- Pluralsight Training 2016:
- Black Hat USA Arsenal 2016:
- Overview: "SERPICO"
2015
- Black Hat USA 2015:
- Black Hat Webcast November, 2015:
- Webinar: "Exploiting XXE in File Upload Functionality"
- The webinar was updated to include more file types; PDF, JPG, and GIF
- Webinar: "Exploiting XXE in File Upload Functionality"
- BeaCon 2015:
- "Building (Simple) Fuzzing Scripts from Wireshark Dissectors"
- Black Hat USA Arsenal 2015:
- Overview: "SERPICO"
2014
- Black Hat Europe 2014:
- Vidoe/Slides: "Blended Web and Database Attacks on Real-Time, In-Memory Platforms"
- I couldn't make the talk unfortunately.
- Vidoe/Slides: "Blended Web and Database Attacks on Real-Time, In-Memory Platforms"
- Troopers 2014:
- Video: "Hiding the breadcrumbs: Anti-forensics on SAP systems"
- Really fun presentation on hiding actions in SAP
- Video: "Hiding the breadcrumbs: Anti-forensics on SAP systems"
- Troopers 2014:
- Video: "SAP BusinessObjects Attacks: Espionage and Poisoning of Business Intelligence platforms"
- Another round of BO research, quite a few advisories came from this.
- Video: "SAP BusinessObjects Attacks: Espionage and Poisoning of Business Intelligence platforms"
- BlackHat Arsenal 2014:
- Overview: "SERPICO"
2013
- Rapid7 Whiteboard Wednesday
- Post/Video: "There's a Hole in 1,951 Amazon S3 Buckets"
2012
- Defcon Skytalks 20 (2012):
- "Interface Puncher"
- This talk focused on fingerprinting web applications and bruteforcing credentials. Cool idea, but didn’t really take off.
- "Interface Puncher"
2011
- Defcon 19 (2011):
- Video: "Metasploit vSploit Modules"
- Joint presentation with Marcus Carey and David Rude. Awesome idea and fun work. Presentation wasn’t great though.
- Video: "Metasploit vSploit Modules"
- Defcon Skytalks Las Vegas 2011:
- "Distributed Denial of Service Attacks for Whitehats"
- Focused on testing DoS mitigations in place from vendors. Unfortunately can’t find the slides or video.
- "Distributed Denial of Service Attacks for Whitehats"
- BSides Las Vegas 2011:
- "Distributed Denial of Service Attacks for Whitehats"
- Focused on testing DoS mitigations provided by vendors. Unfortunately can’t find the slides or video.
- "Distributed Denial of Service Attacks for Whitehats"
2010
- OWASP AppSec USA 2010:
- SOURCE Barcelona 2010: