$ ls -la ~/presentations/

Over the past 25+ years, Larry has delivered countless talks at security conferences around the globe—from the hallowed halls of DEF CON and ShmooCon to RSA Conference, Wild West Hackin’ Fest, DerbyCon, BSides events, and beyond. His presentations blend deep technical expertise with irreverent humor, covering everything from IoT exploitation and wireless hacking to software supply chain security and the occasional live demonstration of hacking things that probably shouldn’t be hacked on stage.

Below is a curated selection of notable talks. For a reasonably complete archive, check out his InfoConDB profile.

ShmooCon 2025

Detecting BLE Trackers for the price of a Gas Station Hot Dog

Co-presented with Bill Swearingen. Turn a cheap ESP32 into a personal spy device for uncovering hidden BLE trackers like AirTags.

[github]

SANS 2025 – SANS@Night

SBOMs the Hard Way: Hacking Bob the Minion

Hardware disassembly, firmware extraction via SPI flash and JTAG/SWD, and generating comprehensive SBOMs from IoT devices.

DEF CON 32 – IoT Village

SBOMs the Hard Way: Hacking Bob the Minion

Extracting firmware from devices with no public firmware available and leveraging SBOMs for vulnerability discovery.

[slides]

RSA Conference 2024

SBOMs for Evil: From Software Supply Chain Documentation to an Attack Path

Examining how SBOMs can be exploited for malicious purposes and defensive strategies to protect against misuse.

[rsa profile]

CactusCon 12

SBOMs for Evil: Turning Un-Remediated Software Supply Chain Documentation into an Attack Path

How attackers can leverage SBOMs to identify unpatched vulnerabilities in software components.

InfoSec OASIS 2021

Remote Penetration Testing During a Pandemic

How to conduct in-person security assessments when you can’t be in person – technical and process lessons learned.

Wild West Hackin’ Fest 2018

What to Expect When You’re Expecting… a Penetration Test

Preparing organizations for penetration testing engagements – what to expect before, during, and after.

Wild West Hackin’ Fest 2017

Vapor Trail – Data Exfiltration via Faraday’s Law & Ponies

Exfiltrating data from networks using broadcast FM radio and other inexpensive materials.

DEF CON 24

Phishing without Failure and Frustration

Co-presented with Jay Beale. Streamlining phishing campaigns for penetration testers.

[slides]

DerbyCon 6.0

I Don’t Give One IoTA: Introducing the Internet of Things Attack Methodology

A comprehensive methodology for attacking IoT devices and ecosystems.

DEF CON 23 – ICS Village

My First ICS Pwnage

Introduction to Industrial Control Systems hacking and security assessment.

DEF CON 23

DEF CON Comedy Inception: How Many Levels Deep Can We Go?

DEF CON Comedy Jam – security fails and hilarity.

DEF CON 22 (2014)

DEF CON Comedy Jam Part VII: Is This The One With The Whales?

DerbyCon 3.0 (2013)

Applying the 32 Zombieland Rules to IT Security

Survival rules from Zombieland applied to information security.

DEF CON 21 (2013)

DEF CON Comedy Jam Part VI: Return of the Fail

DEF CON 20 (2012)

DEF CON Comedy Jam V: V for Vendetta

DEF CON 19 (2011)

DEF CON Comedy Jam IV: A New Hope For The Fail Whale

DEF CON 18 (2010)

DEF CON Security Jam III: Now in 3-D?

DEF CON 17 (2009)

DEF CON Security Jam 2: The Fails Keep on Coming