The Archives

SecDSM 101 - November 2018
Jay Urban Stop Web Application Version Disclosure in .NET on IIS

IIS and .NET disclose a lot of version number data by default that can be exploited by attackers to wreak havoc upon your web site using known vulnerabilities. Make hackers work harder to penetrate your web applications by utilizing these simple tips on stopping version information disclosure.

SecDSM 101 - September 2018
Craig Leabhart Amateur Malware Analysis

Are you interested in reversing but don't know where to start? Think reversing is beyond your means? This talk will try to make the topic of reversing more accessible and will focus on amateur malware analysis, including setting up your environment, free tools, and some demos.

Benjamin Holland Recent Trends in Program Analysis for Bug Hunting and Exploitation

Software is pervasive, and for better or worse, it now controls most of daily lives. Developing and maintaining secure software is of the upmost importance, but it seems that despite our best efforts we just haven’t gotten it right yet. More importantly we should ask ourselves why haven’t we solved this problem yet? This talk summarizes classical program analysis as well as recent program analysis techniques without all the fancy jargon. As case studies, we examine a few of DARPA’s high-profile software security programs and read between the lines to see where the field is going. Is your job in computer security going to be replaced by machines armed with theorem provers or will humans always have a role to play? Come join in the discussion.

SecDSM 101 - August 2018
Andy Robbins and Rohan Vazarkar BloodHound: He Attac, but he also Protec
Brandon Murphy Phishing Investigation Maturity Model - A Discussion
SecDSM 101 - July 2018
Brandon Murphy Verification of HTML document subresources
Matthew White and Nicholas Starke Introduction to PFSense
Arden Meyer Privilege Escalation in Mechanical Master-Keyed Systems
SecDSM 101 - June 2018
Ryan Walker and Ben Schmitt Canaries in your data center, not the mine
Ryan Rost Intro to Bloodhound
Aaron Tekippe Driving Change Without Authority: Sales Skills for InfoSec Pros
SecDSM 101 - May 2018
K. Reid Wightman Switches Get Root Canals - May 2018
Stacy Monroe Achieving Scale with SAST - May 2018
Jared Brees Yubikeys With Crypto Keys - May 2018
SecDSM 101 - April 2018
David Little and Nick Starke Tool Talk - GnuPG (GPG)
Sherri Davidoff Cybercrime 2018: from Cryptojacking to Cyber Extortion
SecDSM 101 - March 2018
Kris Mortensen Certificate Services (Windows PKI) - March 2018
SecDSM 101 - February 2018
Jared Brees Cheap Passive Ethernet Taps - February 2018
Eric Johnson Continuous Security: Monitoring & Active Defense in the Cloud - February 2018
Brandon Murphy Using Huginn for Situational Awareness - January 2018
David Liddle CCNA Basic Router ans Switch Security - January 2018
Antoinette Stevens Mini CTF Walkthrough - January 2018
Steff Bisinger Intro to Pineapple-ing
Dave Cisco ICND1/Security Skill: Configuring VLANs & Port Security
Jake Drahos and Brandon Murphy PWN'ing SDR CTFs
Nicholas Starke A Brief Introduction to Static Reverse Engineering Android Apps
Jason Williams There is a lot more under the surface than Phishing 101 and best practices would have you believe. Let's talk about phishing backends, obfuscations, encryptions, web sockets, and get in it. This is not a 101 talk, you know what phishing is. We're going to dive in and look at examples of how things work and look at some Emerging Threats IDS rules that can show how we can better detect these jerks
ProCircular CTF Event
Aaron Blythe Introduction to Shodan
SecDSM Crew Blackhat/BSidesLV/DEF CON recap
Ben Schmitt and Nate Subra Memory Forensics 101.5
Arden Meyer TOOOL: Lockpicking and physical security 10
Kelcee Patrick-Ferree SDR 101
Kelcee Patrick-Ferree Data Breaches
tompohl, t0w3ntum, and zoomequipd CircleCityCon CTF
Sherri Davidoff Do-It-Yourself Cellular IDS
Stacy Monroe Principal CTF
Current Cyber Threats Special Agent Jordan Loyd
@t0w3ntum and @ns OSCP in Response
@ns Exotic Exfil
Nicholas Starke Introduction to SQLMAP
Jared Brees Password cracking
Ben Schmitt DNS Tunneling with dnscat2
Tom Pohl and Nick Starke WeevBot - Browser Based DNS Exfiltration
Aaron Tekippe Finding a needle in a haystack: Utilizing DNS to detect threats
Matthew White Look at all the Phish!
Sean Flattery Sudoers and Auditd!
James Stumme Updating SecDSM Website
Michael Jackson NextGen Vendor Risk Management: How to Raise the Bar on <>aaS Providers.
Nicholas Starke Binary Ninja
Gadi Evron Threat Hunting with Cyber Deception Tools
Gadi Evron The OPSEC evolution of APT threat actors
James Beal Cyber Deception

CYBER! CYBER! CYBER! Now that everyone is 3 shots deep, I plan to discuss info sec deception tools from Black Hills Info Sec and Cymmetria. These are, at their core, a software suite or tool to make honeypots and honeytokens, along with several other methods, actually functionally usable to setup and run. I will be doing a basic review of the Active Defense Harbinger Distribution(BHIS) and Mazerunner from Cymmetria. To follow on from Gadi's discussion of using "cyber deception" tools for threat hunting, I will also show a demo of Mazerunner.

Brandon Murphy Getting an A+ on
Ben Schmitt Consuming API
Aaron Tekippe Security Onion – A quick start guide

Security Onion ( is a Linux distro for intrusion detection, network security monitoring, and log management. This talk will cover design considerations, tools included in the distro, and deployment tips.

Aaron Tekippe is a security practitioner in Des Moines, IA. Currently, he touches all areas of InfoSec, including engineering, operations, and compliance. Recently he has started scripting in Powershell in a quest to automate all the things.

James Beal Moloch

I will be discussing Moloch, an open source tool developed by a small team at AOL, to handle scalable indexing of PCAP's into a backend database. First I will cover general architecture and basic/standard network configurations. Moloch is composed of three parts, the capture component, the elasticsearch database, and the webGUI Viewer. Then we will move on to a "live" demo of the software components, with a look at the actual packet capture and info available in the Viewer app. Wrapping up with search functions and if there is time, a quick look at the pcap in Wireshark as a comparison.

Nate Subra and Brandon Murphy An Intro to Bro

Bro ( is becoming a very popular network security monitoring tool. This talk will cover the basics of running a bro instance, integration with external threat intelligence (via critical stack) and analyzing the logs with elastic search.

Brandon Murphy is a network security practitioner in Des Moines, Iowa. Nate Subra is an Infosec practitioner with a love for automation. He doesn't believe in a silver bullet solutions, he believes in silver clips loaded by the right people. PowerShell, threat emulation, and breaking into the internet of things are his current hobbies. Nate currently works out of Des Moines, Iowa.

Open Discussion SecKC and DEFCON trip recap

A small group of SecDSM attendees are headed out to Kansas City on Augh 9th! While we're there, we'll be giving a short talk about how SecDSM became economic threat actors for the lulz.

Ben Schmitt Spider Chart: the one chart to rule them all?

In security, sometimes we are selling something people don’t want to “buy”. Other times, we are trying to explain complex information to people in puffy chairs and without crayons or a whiteboard, how do we get our point across? Sure, robust business cases work but at the board level, how do you graphically communicate your request in its most simple and powerful form? I present to you the “Spider Chart” - a tool born in Denmark which I have continued to refine and use effectively over the years. This isn’t a technical tool, it is not an elite zero day or even a shiny new threat intelligence kernel module forensic canary token however it is a colorful and simple way to show leadership the maturity of a security program and perhaps more importantly, where to invest. I’ll show variations of the chart and provide the shell .xlsx document - use it wisely!

Brandon Murphy Network Flows - Generation

This talk will cover how to generate network flows using tools such as yaf, bro, argus, ntop, switches and routers, etc. Collecting and Analyzing will be covered in later discussions.

Ben Schmitt Archive/Analyze/Alert OpenDNS data using an S3 Bucket
Open Discussion Incident Response Tools
Nate Subra Gophish

Gophish is a phishing framework that makes the simulation of real-world phishing attack dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.

Nicholas Starke Exploiting IP Cameras

A presentation on hacking web based interfaces on IP cameras.

Tom Pohl THOTCON 0x07 Review

everal SecDSM attendees made the trip to Chicago to attend THOTCON this year. Tom will be discussing his experience at THOTCON 0x7. Tom participated in the THOTCON CTF, coming in second place by a single point.

Ben Schmitt and Atoninette Stevens Web Development frameworks

In recent years, web development has become more accessible for less experienced developers thanks to frameworks. Frameworks provide a simple method to build complex and dynamic websites and applications in a reasonably short amount of time. Many frameworks advertise the idea of ‘built-in security’ as a feature, meaning the framework takes care of protecting the app from vulnerabilities without the developer having to think about it. So, what are framework developers doing to make security a default for the applications that are built on top? This talk will explore ‘built-in security’ in framework development. We’ll look at what guidelines have been set forth when designing a framework that is secure by default and what vulnerabilities often still exists in a framework.

David Lindner WASP Mobile Top Ten Security Risks - iOS

With over 3.1 million applications in the Apple AppStore and Google Play Store, and more than 7.5 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. Mobile application security encompasses many facets of security. Device security, application security, and network security all play an important role in the overall security posture of a mobile application. Part of being a pen tester of mobile applications is understanding how every security control works and how they all interact. The Open Web Application Security Project (OWASP) has aimed to help organizations understand the most prevalent mobile risks with their released OWASP Mobile Top Ten Risks of 2014. Join Dave as he walks through the Top Ten, provides spot the bug code snippets, and explains the typical vulnerabilities found in doing penetration testing and code review of mobile applications.

David Lindner is the Director of Mobile and IoT Security at nVisium. David is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, David has worked within multiple disciplines in the security field, from application development, network architecture design and support, IT security and consulting, security training, and application security. Over the past 8 years, David has specialized in all things related to mobile applications and securing them. David has supported many different clients including financial, government, automobile, healthcare, and retail. In his spare time, David hones his Mobile and IoT testing skills by participating in numerous bug bounties.

Nicholas Starke Bettercap

Bettercap is a Ruby rewrite of Ettercap that strives to make usability as simple as possible. In this presentation, we will see how to use Bettercap to MITM a host, as well as inject and examine traffic. We'll discuss the internal mechanism of such functionality, and then talk about some use cases as it applies to penetration testing and security research in general.

Nicholas Starke is a security researcher based in Des Moines, IA who will be presenting on Bettercap.

Ben Schmitt Crypto Update 2016

With crypto almost always in the news, the recent vulnerabilities in TLS and the fact that crypto is something which is (unfortunately) very easy to get wrong, let's touch on current leading practices (for example, Authenticated Encryption) and leave with common understanding of the basics, some pitfalls and be able to ask our vendors and/or colleagues the right questions when evaluating or implementing data protection.

Ben Schmitt is the InfoSec/Risk Manager for Dwolla. Prior to this role, Ben held the position of Global Director, IT Security & Compliance at the Danfoss Group responsible for Network and Application security (including ERP systems). Ben is a Wisconsin native hailing from Manitowoc, WI (yes, he has watched Making a Murderer) and started his InfoSec career with TDS Telecom in Madison covering ISP and Enterprise security as a Security Architect.