| 11-Aug-22 |
Black Hat USA 2022 |
Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem |
| 2-Oct-21 |
BSides Augusta 2021 |
Confidently Measuring Attack Technique Coverage by Asking Better Questions |
| 3-Dec-20 |
CONverge Detroit |
Keynote: Improving the Landscape and Messaging of Offensive Tooling and Techniques |
| 6-Sep-19 |
DerbyCon IX |
How do I detect technique X in Windows? Applied Methodology to Definitively Answer this Question |
| 30-Jun-19 |
REcon 2019 |
Using WPP and TraceLogging Tracing to Facilitate Dynamic and Static Windows RE |
| 7-Aug-18 |
Black Hat USA 2018 |
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology |
| 15-Mar-18 |
TROOPERS18 |
Subverting Trust in Windows |
| 23-Jan-18 |
BlueHat IL 2018 |
Hi, My Name is 'CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' |
| 7-Nov-17 |
Crowdstrike Fal.Con Unite 2017 |
Subverting & Restoring Trust in Windows |
| 22-Mar-17 |
TROOPERS17 |
Architecting a Modern Defense using Device Guard |
| 22-Sep-17 |
DerbyCon VII |
Keynote: Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research |
| 24-Jan-17 |
BlueHat IL 2017 |
Device Guard Attack Surface, Bypasses, and Mitigations |
| 3-May-17 |
PowerShell Conference EU 2017 |
Defensive Coding Strategies for a High-Security Environment |
| 3-May-17 |
PowerShell Conference EU 2017 |
Architecting a Modern Defense Using Device Guard and PowerShell |
| 24-Sep-16 |
DerbyCon 6.0 |
Living Off the Land 2: A Minimalist's Guide to Windows Defense |
| 12-Jan-16 |
Microsoft BlueHat v15 |
Windows Management Instrumentation – The Omnipresent Attack and Defense Platform |
| 8-Aug-15 |
DEF CON 23 |
WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis |
| 5-Aug-15 |
Black Hat USA 2015 |
Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asynchronous, and Fileless Backdoor |
| 27-May-15 |
Microsoft BlueHat Briefing Day (Internal Conference) |
Offensive PowerShell: Scripting Past Network Defenses |
| 13-Jan-15 |
ShmooCon Epilogue 2015 |
Automating Obfuscated .NET Malware Analysis |
| 7-Oct-14 |
MIRcon 2014 |
Analysis of Malicious Security Support Provider DLLs |
| 28-Apr-14 |
PowerShell Summit 2014 |
Using PowerShell as a Reverse Engineering Tool |
| 28-Apr-14 |
PowerShell Summit 2014 |
Advanced PowerShell Eventing Scripting Techniques |
| 28-Sep-13 |
DerbyCon 3 |
Living Off The Land: A Minimalist's Guide To Windows Post Exploitation |
| 26-Mar-13 |
#misec PowerShell Study Group |
Parsing Binary File Formats with PowerShell |