top of page
Spaceship

HACKSPACECON'24 Speakers

Date: April 12th, 2024 | On-Site (In-Person) | 45 Minute Talks

HSC'24 Conference Tickets on Sale Now

David Kennedy
  • Twitter
  • LinkedIn

Buckle up! Let’s Make the World a Safer Place

Dave Kennedy 
 

Talk Description:

Our industry might still be in its early stages, but the road ahead is packed with challenges and thrills. Picture this: small to medium-sized businesses grappling with the same old threats, like detection engineering and response dilemmas. Meanwhile, larger enterprises are wrestling with the vastness of their tech landscapes, innovation overload, and a hefty dose of technology debt. It's a cybersecurity rollercoaster. Our mission is clear: let's make the world a safer place, tackling cyber threats across all corners of civilization. Join this talk for a dive into the most effective methods to bridge the gap from SMB to large enterprises. We're turning the tables on adversaries and saying goodbye to industry noise – it is all about focusing on what truly works. 

  

This isn't your typical cybersecurity chat; it's a dynamic blend of strategy and technical wizardry. We'll explore ways to shift the odds in our favor, drawing my own playbook as a former CSO and founder of two large cybersecurity juggernauts, TrustedSec and Binary Defense. Get ready for a deep dive into offense, defense, deception, and everything in between! So, buckle up and join the ride as we journey from where we came, through the thrilling twists of today, and gaze into the future. It's not just a talk; it's a focus that's going to make the world a whole lot safer – tomorrow and beyond!

Speaker Bio:

David Kennedy OSCE, OSCP, GSEC, MCSE, ISO 27001 Founder, TrustedSec and Binary Defense “Security expert, keynote speaker, avid gamer, and the go-to for protecting companies from threats.”  

Meet David, a humble cybersecurity practitioner with over 25 years of hands-on experience. From safeguarding Fortune 1000 companies as their Chief Security Officer to offering congressional insights and making waves on national TV, David's journey is a testament to his dedication to making the cyber realm safer. Driven by a mission to propel cybersecurity into the future and contribute to a better world, David has founded globally impactful cybersecurity enterprises. TrustedSec and Binary Defense, his brainchildren, operate on a grand scale, tirelessly defending companies, individuals, and the world from the perils of hackers. TrustedSec specializes in Information Security consulting for organizations of all sizes, while Binary Defense leads the charge in Managed Security Service Provider (MSSP), Managed Detection and Response (MDR), and innovative software security, stopping attackers across the world. Before steering the ship at TrustedSec and Binary Defense, David served as the Chief Security Officer (CSO) for Diebold Incorporated, leaving an indelible mark with a comprehensive global security program. Known as a forward thinker in the security arena, David has had the privilege to keynote and speak at major conferences, delivering keynotes at Microsoft’s BlueHat, DEF CON, Blackhat, DerbyCon, Grace Hopper, RSA, and other renowned events. In 2011, he founded DerbyCon, a colossal Information Security conference. Frequent media and advisor extraordinaire, David has made guest appearances on top-tier platforms like Fox News, CNN, CNBC, MSNBC, Huffington Post, Bloomberg, BBC, and more. His tools have not only been featured in TV shows and movies but also played a role in shaping the content of the widely acclaimed Mr. Robot TV series. As security threats escalate, David has testified before Congress, striving to advance the industry. His co-authorship of "Metasploit: The Penetration Testers Guide" soared to number one on Amazon, and he co-founded the "Penetration Testing Execution Standard (PTES)," an industry-leading guide adopted by the Payment Card Industry (PCI) Data Security Standard (DSS) for Penetration Testing. David's creative drive extends to the realm of open-source tools, including "The SocialEngineer Toolkit" (SET), PenTesters Framework (PTF), Artillery, and Fast-Track. With a focus on security research, he releases advisories, including zero-days, contributing to the collective strength of cybersecurity. Before transitioning to the private sector, David served in the United States Marine Corp (USMC), dedicating himself to cyber warfare and forensics analysis, with two tours in Iraq. His commitment also saw him as a board director for ISC2, a major security collective offering certifications like the CISSP. David also is the co-host of the Hacking Your Health Podcast, a podcast dedicated to teaching individuals how to take control of their lives not only from a fitness but mindset perspective. David also is a co-owner of Illinois Alternative Medicine (IAM), a hormone replacement therapy and longevity clinic focused on helping others live longer and healthier. In the vast landscape of cybersecurity, David stands as a beacon of humility, appreciating the opportunity to contribute to a safer digital world and graciously acknowledging the collaborative efforts that make it possible. His motto, to make the world a safer place drives him uncompromising every day. 

Victor Fernandez Minguillon

Hardware Implant Revolution: Unveiling ISM Bands on Hardware Implants for Red Team Operations.

Victor Fernandez Minguillon 

Talk Description:

Hardware Implant Revolution: Unveiling ISM Bands on Hardware Implants for Red Team Operations Introduction: Over the last year, I have been researching an alternative method of communication using technologies and protocols located on the lower levels of the OSI Model (layers 1 & 2). In doing so, I happened upon a method of communication called LoRa. LoRa modulation, though not a new technology, has only been utilized in niche industries, one of them being the Internet of Things (IoT). However, within such communities, it comes with extensive documentation and open-source projects. In furtherance of my research, I decided to utilize LoRa on physical hardware implants for Red Team operations. Abstract: Building a physical implant for Red Team engagements brings with it some unique challenges. For one, such an implant could be put just about anywhere: a bathroom without a power outlet, it could be dropped from a drone onto a roof or shack, the possibilities are endless. The potential for unlimited locations, then, requires a configuration unique to each. This presentation will dive into the analysis, design and implementation of physical implants using LoRa modulation as an alternative method of remote communication for Red Team operations. Outline: This presentation will include the following: - Introduction - Definition and Analysis of Objectives - Hardware Design & Software Development - Hardware & Software Implementation - Demo – Conclusions 

Speaker Bio:

Hello there! My name is Victor and I’m a Senior Red Team Analyst at United Airlines with 7 years of experience in offensive security. After immigrating to the United States in 2017 from Spain, I started my stateside career at Underwriter Laboratories doing penetration testing on medical device technologies, including software and hardware-embedded devices, wireless devices, and web and mobile applications. In my current position, I perform and manage Red Team Engagements, Attack Surface Reduction assessments, Physical Engagements, and handle United Airlines’ Vulnerability Disclosure Program to help enhance United’s cybersecurity posture. In my free time, I like to spend time with my wife and three children (hackers are great at hide-and-seek).

  • LinkedIn
  • Twitter
Charles Shirer
  • Twitter

Hacking API’s for Realz

Charles Shirer

Talk Description:

This talk will show penetration testers / hackers how to approach testing API's for vulnerabilities. starting with basics and then some more advanced techniques. 

Speaker Bio:

Charles is a Penetration Tester/RedTeamer/Security Researcher. He has over 20 years of overall IT experience with the last 10 years in Information Security (Infosec). Outside of Infosec, Charles is also a Husband, Father, retro video gamer, and in his spare time works on the SECBSD project which is a penetration testing distro based on the OpenBsd Operating System. 

Wade Wells

Maturing Sec-Ops with Detection as Code

Wade Wells

Talk Description:

Security Operations Centers (SOCs) are under constant pressure to stay ahead of the threat curve. With vast amounts of data to sift through and an increasing number of sophisticated attacks, there's a pressing need to evolve our detection mechanisms. Detection-as-Code offers a promising direction. 

Speaker Bio:

Wade Wells is Lead Detection Engineer for a fortune fifty company. He has worked eight years in security operations performing threat hunting, cyber threat intelligence, and detection engineering primarily in the financial sector He holds a master's degree in cybersecurity from Georgia Tech, is a board member of BSides San Diego and teaches a cyber threat intelligence course. Wade is a regular on the Black Hills infosec podcast “Talkin About the News”, he has given talks for BSides San Diego, GrimmCon, Wild West Hackin Fest and Defcon 858/619. In his spare time he mentors people trying to get into the infosec field, reads fantasy novels and watches movies with his family. 

  • Twitter
  • LinkedIn
Tim Fowler

A New ETHOS...A Journey into the why, how and who cares of building a simulated CubeSat Lab 

Tim Fowler 

Talk Description:

Have you ever wanted to hack a satellite? Yeah me too but where do you get started? Ever thought "maybe I can build something"? Then this is the talk for you. In this talk, we will cover the challenges faced, the creative engineering, and all the compromises made along the way, in building an hands on CubeSat lab. Included in this talk is all the resources needed to replicate the effort along with the incredible lessons learned during the process. 

Speaker Bio:

Tim Fowler is an Offensive Security Analyst with Black Hills Information Security and has over a decade of experience working in information security. He has worked for Fortune 100 financial institutions and a consultant, providing penetration testing and red team services. Tim is passionate about sharing his knowledge with others and has had the pleasure of speaking at multiple security conferences across the county. When not hacking away as a clients’ network or writing the subsequent report, researching cybersecurity in space, or developing functional CubeSats, Tim loves spending time with his wife and son and working in his workshop with his collection of hand tools and CNC machines. 

  • Twitter
  • LinkedIn
Dwayne McDaniel

Stop Committing Your Secrets – Git Hooks to the Rescue

Dwayne McDaniel, Senior Security Developer Advocate at GitGuardian

Talk Description:

No one wants their keys, passwords, and other secrets exposed. Ideally, no developer would ever hardcode anything like that into their work, but unfortunately, a lot of repos are just one bad push from the world gaining access to sensitive data and mission-critical systems. In the best-case scenario, you discover the issue and fix it before something terrible happens, but in the worst case, you don’t find out until it is far too late. Just ask folks like Uber or Twitch.  

Most devs are familiar with using .env and .gitignore files to help prevent Git from tracking specific files and folders. But did you know that you can leverage git hooks, and some open-source awesomeness, to keep from accidentally committing your secrets in the first place? 

Walk away from this session with some concrete actions you and your devs can take to make sure no secrets make it into your shared hosted repos ever again!  
But that is just the start.  If you are not actively using Git hooks in your workflows, then this talk is for you. Let's look into the .git folder and unlock a whole world of automation possibilities!   

My hope with this session is to help everyone add some easy-to-implement automation to their workflows to prevent making more extreme, and costly, kind of mistakes. 

Speaker Bio:

Dwayne has been working as a Developer Advocate since 2016 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and far-off places like Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv. On the internet, most places, as @mcdwayne. 

  • LinkedIn
Alex Thines & Brad ‘Sno0ose’ Ammerman
  • LinkedIn
  • LinkedIn

Bringing Watch Dogs 2 Life (Using Drones and Arm devices to augment red team engagements)

Alex Thines & Brad ‘Sno0ose’ Ammerman

Talk Description:

In this presentation, we delve into the creation of multiple versions of a realistic hacking drone inspired by Watch Dogs 2. We commence by providing a brief overview of the in-game drone's functionality, establishing a premise for its realism and discussing its potential applications in the real world. 

The presentation unfolds with a focus on the Flying Raccoon, a payload delivery system equipped with easily accessible and cost-effective components. Using MicroPython, this drone serves as an evil twin, seeking to obtain credentials via a captive portal. After successful credential acquisition, it can enter one of three modes, each tailored to specific scenarios, ensuring adaptability and efficiency. 
 

Next, we introduce the Sneaky Raccoon, an advanced version inspired by Watch Dogs 2. This FPV drone integrates a Raspberry Pi with an Alfa WiFi card, allowing for the deployment of Kali Linux. The drone conserves power by turning off before executing its assigned tasks and can transmit data back via various means such as cellular data, LoRa, or WiFi. 

The presentation underscores the strategic advantages of drone deployment, enabling placement in hard-to-locate spots or heavily monitored areas without arousing suspicion. We highlight the ease of recovery and the diminished risk of detection compared to traditional methods. 

Concluding the presentation, we emphasize the accessibility of the required components and discuss the potential impact of this technology. We address ethical considerations and caution against potential misuse, acknowledging the technology's potential evolution for more advanced applications, including computer vision-based recognition. 

Speaker Bio:

Alex began his journey as a blue team analyst, he dove into the world of programming. As he sharpened his coding skills, he found not only an enhanced ability to hack but also a newfound love for programming itself. The synergy between hacking and coding intrigued him, urging him to merge the two. As a way for Alex to destress, he picked up flying FPV (First Person View) drones and quickly realized another potential use for his hobby. 

Brad "Sno0ose" Ammerman is an adept cybersecurity expert, proficient in ethical hacking and leading teams of skilled hackers. As a speaker, educator, and mentor, I am committed to sharing knowledge and safeguarding others. My experience is further enriched by my background as a veteran. Outside of my professional life, I take great pride in being a devoted husband and father.

An Intern’s Journey in Evading EDRs

Grant Smith

Talk Description:

Join me in the amazing and wonder-filled journey of modern day EDR evasion. I, a lightly seasoned red team intern, will be your guide for this journey. 

I started this long trek, as any good malware dev does, very late at night (or early morning). This journey was a long one but, in the end, it allowed me to be able to evade multiple big name EDR platforms and I am going to share this with you. 

We will start off with what modern EDRs capabilities are and how they detect so much… and read all your corporate data. After the quick introduction, we will get into the juicy details of how we get by such massive names that have petabytes of samples and signatures stored to reference. For this we are going to covering unhooking, syscalls, anti-debugging, sandbox evasion, stealthy C2, and so much more. This won’t be an easy task, but it is one that you must trust me for if you are going to join me on the journey. 

Now, will you take my hand as we start the perilous trek to reach peak intern skill? 

Speaker Bio:

Grant is a current senior at Virginia Tech studying cybersecurity management. He holds the OSCP, eCPPT, GSEC, Sec+, and some more alphabet soup. He has interned with Army Cyber Command, the Naval Postgraduate School, and the Walt Disney Company during which he has worked in exploit development, red teaming, and threat analysis. During his time at Virginia Tech, he has been elected president of the Cybersecurity Club, led multiple CTF teams, organized CTFs, discovered a CVE, been selected as an RSA Conference Scholar, and has been awarded over $10k from the schools internal bug bounty program. 
 

While Grant does full scope engagements, he specializes in web application testing and is the creator of the popular GraphQL assessment tool Graph Crawler. 

  • Twitter
  • LinkedIn
Grant Smith
  • Twitter
  • LinkedIn

Intro to macOS protections for Red Teams 

Carlos Polop Martin 

Talk Description:

Intro to macOS Protections for Red Teams" is a concise yet comprehensive exploration of macOS's unique security architecture, tailored for cybersecurity professionals. 

 
Unlike Linux, macOS employs a distinctive approach to privilege separation and integrates several robust security mechanisms. This presentation will shed light on key features like Gatekeeper, which guards against untrusted software; Sandbox, which isolates applications to limit system access; Transparency, Consent, and Control (TCC), managing app permissions and user data access; System Integrity Protection (SIP), preventing unauthorized system modifications; and Launch Constraints, which control how and what processes are executed. Understanding these components is crucial for red teams to effectively navigate and test the resilience of macOS's security in the face of advanced threats. 
 

Attendants will gain an appreciation of macOS's privilege separation strategy, an essential aspect for red teams to consider when assessing system vulnerabilities. This aspect of macOS security segregates system processes based on their access needs, thereby containing potential damage from exploited vulnerabilities. 

Speaker Bio:

Carlos has a degree in Telecommunications Engineering with a Master in Cybersecurity. 
He has worked mainly as Penetration Tester and Red Teamer for several companies, and has several relevant certifications in the field of cybersecurity such as OSCP, OSWE, OSMR, CRTP, eMAPT, eWPTXv2, HTB BlackSky... 
He was captain of the Spanish team in the ECSC2021 and member of Team Europe for the ICSC2022. 
He has spoken in several international conferences such as DEFCON2023, HackSpaceCon, RootedCON… 
He is the co-founder of HackTricks Training. 
Since he started learning cybersecurity, he has tried to share his knowledge with the infosec community by publishing open-source tools such as https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and writing a free hacking book that anyone can consult at https://book.hacktricks.xyz. 

Carlos Polop Martin

In the Shadows of Telemetry: Evading Stack Telemetry

Chirag Savla 

Talk Description:

Over last few years we have seen tremendous improvements in the EDR solutions, so have the malware authors evolved from direct system calls to indirect system calls with additional techniques such as module stomping etc. EDR vendors have started monitoring for Stack telemetry by leveraging Event Tracing for Windows (ETW). This can detect the usage of indirect system calls, since it modifies only the return address but not the entire stack. To bypass such detection there are multiple techniques that are already documented by many researchers globally such as Call Stack Spoofing, Thread Stack Spoofing and Proxy Loading. 
In this talk we will reveal some new undocumented Windows API calls for Proxy Loading our functions by leveraging Callback functions that will help us in bypassing detections. These techniques will help us in bypassing Stack Telemetry based detection, as it will contain a clean stack without following the trail like LoadLibrary returns to -> Callback Function returns to -> RX region. When our functions return, they don’t return back to their own thread when execution is completed. Thus, it is not possible to trace the call back to our RX region. 

Speaker Bio:

Chirag Savla is a Cyber Security professional with 9+ years of experience. His areas of interest include penetration testing, red teaming, azure and active directory security, and post-exploitation research. He prefers to create open-source tools and explore new attack methodologies in his leisure time. He has worked extensively on Azure, Active Directory attacks, defense, and bypassing detection mechanisms. He is an author of multiple Open-Source tools such as Process Injection, Callidus, etc. He has presented at multiple conferences and local meetups and has trained people in international conferences like Blackhat, BSides Milano, Wild West Hackin’ Fest. 

He blogs at https://3xpl01tc0d3r.blogspot.com 

  • GitHub
  • Twitter
  • LinkedIn
Chirag Savla
  • LinkedIn

Always Disclose Responsibly – How I Experienced the Las Vegas High Roller Lifestyle 

Daniel Hampton

Talk Description:

Who doesn't enjoy sipping Champaing from a Penthouse suite in one of the most luxurious resort casinos on the Las Vegas Strip? Did we win the lottery? We cloned an elevator key to gain access to the restricted floor? Not this time. The executive team let us in and even left the bottle of Champaign!  

Join me as we explore the world of responsible vulnerability disclosure. We will walk through my own experience with discovery, initial contact, reporting, and follow ups. We will outline and go through two very different scenarios. One scenario where everything works out lovey and another where one of the largest hardware / software manufacturers refuse acknowledgement but also issued bug patches. 

Speaker Bio:

Daniel is a seasoned cybersecurity expert with a focus on offensive security. Daniel is recognized for his proficiency as an Offensive Security Wireless Professional (OSWP) and holds the Offensive Security Certified Professional (OSCP) designation, showcasing his commitment to excellence in offensive security practices.  

As an active member of prominent cybersecurity communities, Daniel is affiliated with various groups such as dc719, dc303, dc770, dc404, and se2600. These affiliations reflect his commitment to collaboration, knowledge sharing, and staying at the forefront of the rapidly evolving cybersecurity landscape. 

Daniel's passion for red teaming and continuous pursuit of knowledge make him a valuable asset in the cybersecurity domain, contributing to the advancement of offensive security practices. 

Daniel Hampton

That Shouldn't Have Worked - Payload Dev 101

Corey Overstreet

Talk Description:

The game of bypassing defenses and detection continues to be a cat and mouse game. Attackers often find clever ways to use common tools and techniques to execute their code and the defenders continue to create detections and mitigations for these methods. As a red teamer, it is becoming increasingly difficult to get around these defenses and emulate those attackers. In this talk, I will cover some of the methods we use during engagements to thread the needle and bypass those defenses. 

Speaker Bio:

Corey has been engaged with Fortune 500 organizations across a variety of industries, including financial services, government services, and healthcare and is widely recognized for his in-depth OSINT talks and workshops. Additionally, he is a Black Hat trainer and has spoken at conferences such as Wild West Hackin' Fest, Texas Cyber Summit, and CarolinaCon. He has over five years of systems administration and extensive VMWare administration experience. Corey was a member of the SECCDC Red Team and is one of the top Red Team Operators at Red Siege. 

  • Twitter
  • LinkedIn
Corey Overstreet
  • Twitter
  • LinkedIn

Natural Language Processing for Threat Intelligence

Pauline Bourmeau

Talk Description:

Analysts are required to make sense of a huge amount of textual data. This training equips security professionals with the skills required to work with Large Language Models (LLMs), such as those based on the Transformer architecture. We cover state-of-the-art techniques that will be integral to various development projects, while also understanding the principles underlying effective prompting techniques.  

Covered topics: Deep Learning basic concepts and historical development; practicalities of language models and Transformers; classification and generation tasks; transfer learning; fine-tuning for domain-specific tasks; interpretation and measurements; multi-modal systems. Complementary advice will be provided to build Natural Language Processing pipelines for quick prototyping and testing. 

 Program: 

 - Introduction to Deep Learning as a field of research. 

- Practical applications of Language Models and Transformers. 

- Hands-on: 

            - Build a classifier with a pre-trained model. 

            - Fine-tune your model for a specific target domain. 

            - Interpret the results using evaluation metrics. 

- Discussion: Apply Natural Language Processing to cybersecurity problems. 

 This training covers state-of-the-art techniques in Natural Language Processing, focusing on the rapidly evolving field of Deep Learning and Large Language Models, while providing the foundational knowledge needed to understand and work effectively with these tools. 

 Prerequisites: familiarity with Python programming is expected. 

Speaker Bio:

With a background in criminology and software engineering, Pauline harbors a strong passion for linguistics, for which she was trained at the University of Sorbonne. She leads Cubessa, where her work focuses on the intersection of AI, human cognition, and cybersecurity. With a unique perspective rooted in linguistics, she offers a fresh lens on building AI systems and their implications in the cybersecurity domain. Beyond her technical contributions, Pauline is an advocate for AI education. Her contributions to open-source initiatives reflect her genuine commitment. She has also had the opportunity to provide training sessions in hardware security. Beyond this, she is an active participant in the MISP community. She is the founder of the DEFCON group in Paris. 

Pauline Bourmeau

Seeing the Unseen: GEOINT Mastery in OSINT Analysis 

Mishaal Khan

Talk Description:

After this talk, you will never see images the same way again. This enlightening session explores the dynamic realm of GEOINT (Geospatial Intelligence), a captivating subset of OSINT (Open-Source Intelligence) that unlocks a wealth of hidden insights within images and videos. From identifying objects, landscapes, and aircraft to interpreting symbols, shadows, and reflections, we'll go deep into the art of imagery analysis. Learn how to decode the language of trees, signs, text and logos, and uncover the strategic implications behind seemingly mundane details. This talk promises to equip you with mind-blowing skills that you can easily learn as I take you through multiple demos. 

Speaker Bio:

Mishaal is a highly respected figure in cybersecurity, with expertise in ethical hacking, Open-Source Intelligence (OSINT), social engineering, and privacy. Mishaal's engaging approach involves live demos, making cybersecurity accessible and enjoyable, while his strength lies in rapidly enhancing organizations' security posture, saving time and budget. 

 As a virtual Chief Information Security Officer (vCISO), Mishaal secures organizations and provides executive-level consultancy to manage cyber risk and prevent breaches. His extensive experience and insights, detailed in his book "The Phantom CISO," showcase his journey from an entry-level position to a leadership role in cybersecurity. Mishaal, with certifications including CCIE, Certified Ethical Hacker, Certified Social Engineer, and Certified OSINT Professional, remains at the forefront of technology, contributing his time to shape the industry's future. With over two decades of experience, he is a sought-after speaker at premier conferences like DEF CON, Wild West Hacking Fest, and SANS. 

  • Twitter
  • LinkedIn
Mishaal Khan
  • Twitter
  • LinkedIn

A Beginner's Guide to Adversarial Machine Learning

Dr. Anmol Agarwal

Talk Description:

AI and Machine learning are being used to analyze large amounts of data. While machine learning has many benefits, machine learning is also prone to being attacked. In this session, attendees will be introduced to the idea of adversarial machine learning and attacks to machine learning models. Attendees will learn about some real-world case studies regarding attacks that have impacted top global companies in the industry as well as current open-source industry solutions that aim to increase the security of machine learning algorithms. After the session, attendees will better understand machine learning’s role in the cyber threat landscape and measures they can take to secure their organization’s machine learning technologies. 

Speaker Bio:

Dr. Anmol Agarwal is a senior security researcher specializing in AI and Machine Learning security in 5G and 6G. Dr. Agarwal holds a doctoral degree in cybersecurity analytics from George Washington University; her research focused on AI security. She has a master's degree in computer science and a bachelor's degree in software engineering from the University of Texas at Dallas.  She previously worked at the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Dr. Agarwal is also an active conference speaker and has spoken at many conferences. In her free time, Dr. Agarwal enjoys giving back to the community and is an active industry mentor. When she is not working or mentoring, she enjoys spending time with her family and traveling. 

Dr. Anmol Agarwal

Command, Control, and memes: Cordycepts + ant = zombie

Robert Pimentel (pr0b3r7) & Tony Fontana (slyf0x)

Talk Description:

Nowadays threat actors have varying mechanisms to achieve their objectives. 

 

Command-and-Control (C2) channels enable remote control of devices compromised through various means. Some C2s use network protocols to relay messages from the compromised asset to the C2 server. While others blend in with commonly used applications and websites that are not malicious and have legitimate use cases in the target environment, making it even harder to detect (e.g. Discord to relay C2 traffic).

 

Using a C2 requires pre-requisite knowledge to set up effectively. Several components must be deployed and configured before a campaign can start and target assets are exploited to connect back to the C2 infrastructure to wait for commands and/or send gathered data.

 

It is not a secret that automation helps reduce the risk of human error on repetitive tasks, helps obtain consistent results and decreases the time necessary to perform a set of steps. It can also be applied to the deployment and configuration of C2 infrastructure components such as frameworks, redirectors, and associated compute infrastructure. 

 

This talk intends to raise awareness on the functioning of what comprises a C2 deployment a Red Team can use during offensive cyber operations, how are its components deployed, configured, and secured as well as how this can all be performed in an automated manner. We’ll cover how an enterprise grade Red Team leverages Infrastructure as code with the goal of improving the security posture of the organization by spending less time doing ‘Sysadmin’ tasks and more time attacking! Additionally, we’ll delve into the considerations you want to keep in mind if you’d like to develop your own C2 framework!

Speaker Bio:

Robert is a seasoned professional with more than a decade of experience in Information Security. He started his career in the U.S. Marine Corps, working on secure telecommunications. Robert holds a master's degree in Cybersecurity, numerous IT certifications, and a background as an instructor at higher education institutions like the New Jersey Institute of Technology and American University. Robert is committed to sharing his knowledge and experiences for the benefit of others through his project Hacker Hermanos (linktr.ee/hackerhermanos). He enjoys Brazilian steakhouses and cuddling with his pugs while writing Infrastructure as Code to automate Red Team Infrastructure.

Tony Fontana (slyf0x) is a former Air Force EOD tech and Firefighter paramedic. His specialty is hardware hacking, drone hacking, and red team malware development. He is currently a senior penetration tester and red team member at Dark Wolf Solutions and is a CRTO certified red teamer.

  • Twitter
  • LinkedIn
  • Twitter
  • LinkedIn
Robert Pimentel

Space Cybersecurity Immunity 

Paul Coggin

Talk Description:

Space Cyber Immunity This presentation will discuss real-world satellite attacks then continue into an architecture for a cyber resilient software-defined satellite architecture that provides an autonomous cybersecurity self-healing and immunity capability. The discussion will include the concept of a software-defined satellite architecture capable of detecting the undetectable advanced persistent threat then automatically and dynamically morph the configuration to continue uninterrupted mission operations. In addition, the presentation will discuss software-defined satellite cybersecurity deception. 

Speaker Bio:

Paul is a Cyber SME at nou Systems, Inc. His expertise includes space systems, service provider, and ICS/SCADA network infrastructure attacks, and defenses, as well as large complex network design and implementation. Paul is experienced in leading network architecture reviews, vulnerability analysis, and penetration testing engagements for service provider, enterprise, space systems and tactical networks. Paul is a regular instructor at International conferences teaching networking, hacking and forensics courses. He has a BS in Math\Computer Science, MS in Systems Management, MS in Information Assurance and Security and a MS in Computer Information Systems. Paul is currently pursuing a MS in Space Systems. In addition, he holds numerous industry network and security certifications.
 

  • LinkedIn
Paul Coggin
  • Twitter
  • LinkedIn

Hacker Marketing 101 - Amplifying Your Career’s Signal to Noise Ratio

Jared Folkins

Talk Description:

In past years, the tech job market has been red hot. And maybe you haven’t noticed, but lately the job market is brutal! Tons and tons of layoffs! And this has caused me to realize again, that despite the fact that hackers tend to be really good at pwning systems and taking names, one area where hackers really could use help is marketing. For what is the value of doing the most amazing and brilliant work when no one knows about it? did it even happen? More importantly, how do you attract the attention of people who will value both your work and align with you as a person! 
ACT I - HACKING 
 
Jared will walk you through past and current projects, including his latest, HTTPS://HAQ.NEWS. 
He’ll include both the technical process of creating an AI agent to gather news and enrich the data. Along with the strategic decisions he made to attract attention and bring the project to market.  
 
ACT II - THINKING 
 
Jared will step you through and offer philosophical considerations on how to create a SNR that attracts what one values. He’ll go over several stories where he made choices that at the time seemed small. But by doing these valuable and righteous things over many years, they eventually led to surprising opportunities and long-tail payoffs. 

Speaker Bio:

Since the Dotcom era Jared has worn many hats and is a full-stack talent in the purest sense. From architecting infrastructure with container recipes or hand crafting artisanal SQL, to programming applications or exploiting them, he loves it all. He is thankful to work with such a talented team and enjoys watching highly competent people do amazing things. When not nerding, he spends his time volunteering at his local Church to help free men from addiction. He does this alongside the love of his life Jaimi, while they work together to raise their meager brood of lovable kidlets. 

  

He currently works full-time at CounterHack.com

Jared Folkins

SQHell – Embracing and Avoiding SQL Strangeness

Tib3rius

Talk Description:

In this talk, Tib3rius will share several examples of “strange” behavior in SQL databases which can both help and hinder web app pentesters. Including some novel bypasses for popular SQL libraries, operators which defy common sense, and techniques for defeating annoying filters! 

Guaranteed to make you question your next SQL injection attempt and think about your approach to this still-pervasive web vulnerability! 

Speaker Bio:

Tib3rius is a professional penetration tester who has specialized in web application hacking for over 10 years. He is passionate about educating the next generation of the Cybersecurity industry through his YouTube & Twitch channels. Tib3rius is perhaps best known by students of the OSCP for his enumeration tool AutoRecon, and his privilege escalation courses. 

  • Twitter
  • LinkedIn
Tib3rius
  • GitHub
  • Twitter

Recursion is a Harsh Mistress: The Dangers and Rewards of Building a Recursive Internet Scanner

TheTechromancer 

Talk Description:

2021 was the year I fell in love with Spiderfoot. Spiderfoot was remarkable because it could find obscure gems that no other tools could. Curiosity grew into obsession as I studied the code and began to comprehend the gravity of Spiderfoot's biggest feature: Recursion. But not everything was rainbows and butterflies; and soon Spiderfoot's subtle flaws would drive the creation of something completely new. Come with me on my journey from a Spiderfoot contributor to the creator of a new and powerful recursive scanner: BBOT. Explore the dangers of recursion, relive some of the insidious bugs (both with Spiderfoot and early versions of BBOT) that caused recursion to get the better of us, and discover the ideas and methods needed to tame them. Most importantly, see how it was all worth it in the end! More than just a powerful command-line tool, BBOT is developer-friendly -- modular, extensible, and easily-importable as a python library. See how you can harness its recursive power to not only transform your OSINT process, but own and pwn your way to victory on pentests! 

Pick any target on the internet, and chances are it has secrets you will never find. Corporations are icebergs, only exposing their outermost surface to traditional scanners. But what if you had a scanner that could delve deeper, down through infinite layers of recursion? What secrets would you find? 

Speaker Bio:

TheTechromancer is a hacker at Black Lantern Security. He loves coding, especially in python, and is the author of several security tools including TrevorSpray, ManSpider, and BBOT. He believes there is only one thing in the universe that delivers more dopamine than hacking, and that is writing a program that hacks for you. Which is just to say he likes building things more than he likes breaking them :) 

TheTechromancer

SAT C2 Over Distributed IP Networks (hypothetically)

TC Johnson

Talk Description:

A not-insignificant portion of a satellite’s program cost lies within its command and control (C2) infrastructure. The system designers must decide whether to lease time on existing C2 networks or to build their own. They must ensure the right number of compatible ground stations exist along the space craft’s orbit, or can be built, so many variables and design choices exist in C2 design. 

Along with ground stations comes the question of how to send and receive data to these sometimes geographically dispersed sites. If the design team is considering security of the transmission, then they are thinking about encryption and traffic authentication. Again, there are many choices on the menu and some of them aren’t great options. 

This talk explores the hypothetical solution of using a terrestrial based peer-to-peer (P2P) end-to-end encrypted (E2EE) packet authenticating network in the place of traditional C2 networks.  

Veilid, though still in development, is used as an example network which could be used in such a scenario. 

Speaker Bio:

TC’s love of space began at a very young age when his grandfather, a retired NASA contractor, would tell him stories of his time at Cape Canaveral during the race to the moon. Like many kids, TC dreamt of being an astronaut which culminated with attending Space Camp. Life, however, took TC in a different direction but space was never far from his heart. After joining the U.S. Air Force as an aircraft mechanic, TC seized an opportunity to transfer into space operations.  

His time assigned to the Space Based Infrared System (SBIRS) mission was an extremely fulfilling and rewarding alternative to actually donning a space suit. TC’s hacker heart being ever curious, he wasn’t satisfied with only knowing what buttons to push to make things happen in real-time on-orbit, he also wanted to know what was happening behind the button presses. This curiosity led to multiple achievements and unique experiences during his time as a space operator. 

While TC has moved away from space operations, space hasn’t left his heart. Currently TC is a technical services manager with Leviathan Security Group and a member of the core team developing and steering the latest Cult of the Dead Cow project: Veilid. 

Mastodon: @SuperTeece@hackers.town 

  • Twitter
  • LinkedIn
TC Johnson
  • LinkedIn

Dissecting Critical Infrastructure Attacks – Cybersecurity Lessons from Real World Breaches

Soledad Antelada

Talk Description:

In today's hyper-connected world, critical infrastructure plays a fundamental role in our daily lives. It includes everything from power grids, water supply systems, transportation networks, healthcare facilities, and more. Unfortunately, the same interconnectedness that enhances our lives also makes these systems vulnerable to cyberattacks. Protecting our critical infrastructure is a pressing concern, and understanding the intricacies of these attacks is the first step towards fortifying these vital systems. 

Speaker Bio:

Soledad Antelada Toledano is the Security Technical Program Manager at Google. She previously worked for Berkeley Lab, one of the most prestigious scientific centers in the world and one of the first nodes of ARPANET, the forerunner of the Internet. Soledad was the first woman in the history of the Cybersecurity department at Berkeley Lab. After specializing in 'penetration testing' for several years, Soledad also develops research and advancement tasks for intrusion detection systems, monitoring of high capacity networks and vision and research exercises on how cybersecurity will evolve in the next 10 years adopting techniques of Artificial Intelligence for intrusion detection and handling of BigData generated by monitoring tools. Soledad has combined her work at the Berkeley lab in recent years with the responsibility of being the head of security for the ACM / IEEE Supercomputing Conference, the annual supercomputing conference in the United States, protecting and building the network architecture of SCinet, the fastest network in the world. She is the founder of GirlsCanHack, an organization dedicated to engaging women in the cybersecurity field, encouraging women to pursue a career in cybersecurity Soledad was named one of the 20 Most Influential Latinos in Technology in America in 2016. She has recently joined Google as a Technical Program Manager for Security 

Soledad Antelada

From Dos to Boss: How to get hired with the DoD

Rich Jackon 

Talk Description:

Strap in, folks, for the roller-coaster ride of a lifetime! We're about to embark on an epic journey through the hazardous hoops and treacherous turns of landing that coveted Cyber Security job in the DoD. Kick-start your journey as we demystify the mumbo-jumbo of qualifying for such a position. We'll dive into the abyss of applications and resurface with tips that make your resume shine brighter than a new recruit's boots! We then venture into the thrilling world of the DoD Cyber Security program. This is where cyber soldiers are forged, where firewalls are stronger than adamantium shields, and phishing is definitely not a relaxing weekend activity. Don't have the budget of Tony Stark? No worries! We'll explore how to secure systems while not blowing a Stark Industries-sized hole in your pocket. You'll become the McGyver of Cyber Security, making miracles happen with just a roll of duct tape, a Swiss Army knife, and an old router. Ever heard the saying, 'work smarter, not harder'? Well, we're going to demonstrate how to keep systems compliant without breaking a sweat. Expect to learn DOS batch files 101 - the secret weapon every Cyber Security superhero should have in their utility belt. And finally, we'll delve into the mysterious realm of the Risk Management Framework. It's not a cryptic secret society; it's the magic spell for keeping your DoD system in top shape. We'll reveal how it's implemented in the DoD, unmasking the arcane, and making it as easy as a Sunday morning. Join us on this wild journey. We promise, by the end of this talk, you'll be ready to dive headfirst into the exhilarating world of DoD Cyber Security jobs - all without a parachute! 

Speaker Bio:

Richard Jackson is the Service Deliver Manager Director at Human Resources Command, Fort Knox, Kentucky.  He was born in Clare, Michigan and joined the Air Force right out of high school.  He was first stationed at Altus Air Force Base in Oklahoma where he served four years as a Flight Simulation Technician supporting the C141 Aircraft.  Following his military service, Mr. Jackson then transitioned to the civilian sector, supporting the KC-135 Aircraft Simulator, Trident Nuclear Submarine Simulator, B52 Aircraft Simulator, M60A3, M1AI, and M1A2 Tank Simulators.  He has worked at multiple sites including Little Rock AFB, Arkansas, McCord AFB, Washington, Wurtsmith AFB, Michigan, Fort Knox, KY, and Tabuk and Riyadh, both in the Kingdom of Saudi Arabia.  In 2002, after 25 years as a Simulation Technician, Mr. Jackson earned the Microsoft MCSE certification and transitioned into an IT career.  He worked with Lockheed Martin as an IMO for two years and was hired by the NEC (DOIM at the time) in 2004 to be the first Cyber Analyst for the Information Assurance Branch, now called Cyber Security.  Mr. Jackson continued working his way to become the Chief of the Cyber Business Division and eventually the Director for the Network Enterprise Center (NEC).  He earned a Bachelor’s in Information Technology from Western Governors University as well as over a dozen IT certifications.  Throughout his civilian service, Mr. Jackson has earned a Civilian Achievement Medal and 10 Commander’s Coins along the way.  He retired from Government service in March of 2023 and now works for OSCEdge as a Service Delivery Manager Director continuing to support the Fort Knox mission, working closely with the Human Resource Command (HRC) to ensure the HRC mission is highly effective. 

Rich Jackon
  • LinkedIn

Offensive Security Awareness

Phillip Wylie

Talk Description:

Offensive security is critical for detecting vulnerabilities in systems, applications, people, and buildings. Some assessment types are only crucial at certain times or stages of an organization’s security maturity. Offensive security takes a threat approach to assess in-scope targets for vulnerabilities and, even more importantly, exploitable ones. Although offensive security is no secret, companies are required to perform pentests for compliance reasons. It is one of the most misunderstood areas of cybersecurity. This is due to the lack of experience by most cybersecurity professionals in this discipline. In this presentation, we will demystify this tradecraft, and attendees will learn the details of each specialization of offensive security, including pentesting, red teaming, social engineering, and physical security assessments. Vulnerability management will be discussed, and where offensive security falls into the overall strategy. Discussed along with the different assessment types, we will share the tools and techniques used in each phase of these assessment types. Attendees will come away with a better understanding of offensive security, the difference in assessment types, and the tools, methodologies, and standards necessary for performing thorough security assessments. 

Speaker Bio:

Phillip is the Director of Security with Alias Cybersecurity, has over 26 years of industry experience in IT and cybersecurity. He is also a former Dallas College Adjunct Instructor and the founder of both The Pwn School Project and DEFCON Group 940. Wylie has a diverse range of experience in multiple cybersecurity disciplines, including system administration, network security, application security, and pentesting. As a pentester with over 10 years of experience, he has conducted pentests of networks, Wi-Fi networks, and applications, as well as red team operations and social engineering.  

Phillip's contributions to the cybersecurity industry extend beyond his work as a pentester. He is the concept creator and co-author of “The Pentester BluePrint: Starting a Career as an Ethical Hacker,” a highly regarded book that was inspired by a lecture he presented to his class at Dallas College and later became a conference talk. Phillip is the host of The Hacker Factory Podcast, where he interviews guests on how they got started in cybersecurity and their advice for aspiring cybersecurity professionals. Additionally, he is a frequent conference speaker, workshop instructor, and mentor.

Phillip Wylie

Aerospace Engineering for Hackers

Kaitlyn Handelman

Talk Description:

Build a solid foundation of satellite engineering and operation so you can apply your cybersecurity skills to the domain of space. This talk will cover the fundamentals of spacecraft design, orbits, subsystems, communication protocols, and ground segments with a focus on cybersecurity elements. It's time to hack with some literal rocket science!  

Speaker Bio:

As an offensive security engineer, Kaitlyn began focusing on spacecraft security while at NASA. Currently, she works at Amazon where she red teams the Kuiper Satellite Network. In addition to red teaming, Kaitlyn is an amateur astronomer and ham radio operator. 

  • GitHub
  • Twitter
Kaitlyn Handelman
  • Twitter
  • GitHub
  • LinkedIn

Leveraging Generative AI and Retrieval Augmented Generation for Cybersecurity Operations

Omar Santos 

Talk Description:

Generative AI and retrieval augmented generation (RAG) implementations introduce promising capabilities to automate certain red and blue team functions to strengthen cyber defenses. This talk will explore the potential of leveraging large language models like GPT-4, Claude2, LLaMA2, and Falcon for cybersecurity operations. However, these are all pre-trained models that can provide incorrect results. You can use RAG implementations with libraries and frameworks like Langchain, vector storage like Chroma, Pinecone, and others to combine the power of Large Language Models (LLMs) with the ability to access external resources and your own data (such as output from security tools, OSINT and active recon data, logs, etc.). Specific use cases to be examined include: - Automated red team attack simulation for vulnerability discovery and penetration testing. Models can generate payloads, exploit chains, and full attack scenarios. - Augmenting security analysts with AI assistants that suggest responses, relevant data, and courses of action for investigations. - Automating blue team tasks like threat hunting, log analysis, and report writing. Models can synthesize insights from data and document findings. - Rapid prototype development of scripts, tools, and proofs of concept to support operations. Langchain serves as the foundation for building intelligent agents capable of understanding and generating human-like text. By leveraging Langchain's capabilities, cybersecurity professionals can automate various tasks, such as ethical hacking tasks, threat intelligence analysis, incident response, and vulnerability management. RAG enables the integration of structured and unstructured data sources into the agent's decision-making process. By combining RAG with Langchain, agents can retrieve relevant information from vector databases, which store and index large amounts of text data. This allows for efficient searching, filtering, and retrieval of cybersecurity-related information. Vector databases, such as LLMRails, Chroma, Pinecone, and OllamaEmbeddings, provide the infrastructure for storing and querying vector representations of documents. These databases enable fast and accurate similarity searches, allowing agents to find relevant documents based on their semantic similarity to a given query. By automating cybersecurity operations with Langchain, RAG, and vector databases, organizations can achieve significant improvements in efficiency, accuracy, and scalability. This presentation will showcase real-world use cases, demonstrate the integration of these technologies, and discuss best practices for designing secure and effective automated cybersecurity systems. Attendees will gain insights into the potential of Langchain, RAG, and vector databases to revolutionize cybersecurity operations, streamline workflows, and empower security teams to proactively detect and respond to threats in real-time. Additionally, key considerations around AI model limitations and different lessons learned will be discussed. 

Speaker Bio:

Omar Santos is a recognized leader in the cybersecurity community. He is the Distinguished Engineer at Cisco leading Artificial Intelligence (AI) Security Research, vulnerability research, and disclosure. He works with senior management, executives, engineers, and industry-peers during the investigation and resolution of security vulnerabilities in Cisco products, including cloud services. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government.  
 
Omar is a board member of OASIS Open. Omar is the chair of the Common Security Advisory Framework (CSAF) developing new ways to automate security vulnerability disclosure and management. These efforts include the CSAF Vulnerability Exploitability eXchange (VEX). He is the founder and chair of OpenEoX. Omar is the co-chair of the Forum of Incident Response and Security Teams (FIRST) PSIRT SIG.  
Author of over 20 Books, 21 video courses, and over 45 academic publications. 

Omar Santos

Teaming Up with GraphRunner – A Look at using Graph to Attack Microsoft Teams

Matthew ‘Tyl0us’ Eidelberg

Talk Description:

Building on the research that culminated in the development of GraphRunner, our upcoming presentation delves into the intricate world of Microsoft Teams. We aim to uncover several inherent deficiencies and misconfigurations deeply embedded within Microsoft Teams, revealing their potential for sophisticated phishing attacks, establishing persistence, and facilitating lateral movement within networks. 

Our focus will be on the innovative exploitation of Graph tokens. We will demonstrate how these tokens can be manipulated to gain access to functionalities within Microsoft Teams that are typically beyond the reach of Microsoft's Graph API. This exploration not only exposes critical vulnerabilities but also challenges conventional security paradigms. 

Through this session, attendees will gain a deeper understanding of the underlying architecture of Microsoft Teams, learning how to identify and exploit its weak points. Simultaneously, we will discuss the implications for cybersecurity defenses, offering insights into fortifying systems against such advanced attack techniques. 

Join us as we navigate this complex terrain, bridging the gap between theoretical knowledge and practical application, and unveiling a new frontier in cybersecurity exploitation and defense strategies. 

Speaker Bio:

Matthew Eidelberg became part of Black Hills Information Security (BHIS) in August 2023. He works as a Red Teamer and Researcher on the continuous testing team. Matthew previously ran the red team at Optiv and the research initiative for Threat. He chose to join BHIS hearing great things from friends and started reading and watching the content BHIS produces. He most enjoys the community and working with like-minded security folks who are passionate about infosec and love to help each other out. When he’s not working, Matthew can be found cooking (mainly barbequing experimentation) and, admittedly, creating payload tools. 

  • LinkedIn
  • Twitter
Matthew ‘Tyl0us’ Eidelberg
  • GitHub
  • LinkedIn

Kerberos Is A Good Boi (But He Will Let You Sneak Past For a Treat)

John Askew

Talk Description:

Kerberos holds the keys to Active Directory, so get to know the beast and you will discover ways to navigate the underworld... err... Windows domains. And maybe parts of Azure (Olympus? metaphors are hard) as well. Much has been said about Kerberos from an offensive security perspective over the past decade, but less focus has been given to network-layer attacks, particularly machine-in-the-middle (MITM) attacks. It so happens that guard dogs can sometimes be distracted or bribed to look the other way, if you know what they like. 

  

In this session, we will discuss some of the strengths and weaknesses of Microsoft's network authentication protocols, with a specific focus on MITM attacks against Kerberos. We will step through some practical attacks, highlighting new and existing tooling that red teamers can use. We will also identify some challenges in attack detection, and describe tools and techniques that blue teamers can use to improve their capabilities when defending against these attacks. As is tradition, awkward metaphors and puns of a mythological and/or video game sort may be sprinkled throughout. 

Speaker Bio:

John Askew is a penetration tester, software engineer, and occasional public speaker. He has performed penetration testing engagements for hundreds of clients over the past 17 years, from local banks and small businesses to Fortune 100 companies. He is passionate about learning new skills and finding creative solutions to interesting problems. Outside of work, he prefers hobbies that don't involve a computer screen, such as outdoor running and playing the guitar. 

John Askew

New Important Instructions - Real-world exploits and mitigations in LLM applications 

Johann Rehberger

Talk Description:

With the rapid growth of AI and Large Language Models users are facing an increased risk of scams, data exfiltration, loss of PII, and even remote code execution. This talk will demonstrate many real-world exploits the presenter discovered, including discussion of mitigations and fixes vendors put in place for the most prominent LLM applications, including ChatGPT, Bing Chat, Claude and Google Bard. The talk covers novel attacks such as indirect prompt injections, automated tool invocation (plugin request forgery), various data exfiltration techniques as well as ASCII smuggling and hidden prompt injections. 

Speaker Bio:

Johann Rehberger has over twenty years of experience in threat analysis, threat modeling, risk management, penetration testing, and red teaming. As part of his many years at Microsoft, Johann established a Red Team in Azure and led the program as Principal Security Engineering Manager. He also built out a Red Team at Uber, and currently is Red Team Director at Electronic Arts. Additionally, he enjoys providing training and was an instructor for ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK framework and also the OWASP Top 10 for LLMs. He is the author of the book "Cybersecurity Attacks – Red Team Strategies", and holds a master’s in computer security from the University of Liverpool. Johann regularly blogs about his research at https://embracethered.com 

  • GitHub
  • LinkedIn
  • Twitter
Johann Rehberger
  • Twitter
  • GitHub
  • LinkedIn

WTF is a kubernete and how do I attack it? 

Graham Helton

Talk Description:

We've all heard of kubernetes, but for most of us it's a topic we've ignored by saying “I’ll learn it one day”. Unfortunately for our freetime, Kubernetes is actually worth learning in both an offensive and defensive security context as it's quickly taking over as the primary way organizations deploy applications. In this talk we will embark on a kubernetes crash course that will give you a high level understanding of what kubernetes is (without any pre-existing kubernetes knowledge) and then go over how effectively hack into a real kubernetes cluster (uh... with permission of course). This is a dense talk of the knowledge I've acquired on my journey to answer the question: wtf is a kubernete and how do I hack it? Additionally, I will provide a list of resources I’ve compiled that I used to learn about how kubernetes works and how to evaluate kubernetes security posture both from an offensive and defensive perspective. 

Speaker Bio:

As a Red Team Specialist, Graham is responsible for providing an offensive perspective to help architect robust security infrastructure with a focus on kubernetes and linux exploitation. Leading both proactive red team engagements and collaborative purple team exercises, Graham bridges the offensive-defensive chasm, empowering teams to anticipate and thwart real-world threats. A passionate advocate for knowledge sharing, Graham regularly presents at industry conferences, volunteers at security events, and releases free content he wishes he had when he started his career on his website grahamhelton.com. In his freetime he likes cooking, playing Tetris, using AI to help write his bio, and pretending that he knows what he’s doing. 

Graham Helto

O11y from SPACE @ Reddit

Dylan Raithel

Talk Description:

Things that generate data are everywhere now. Potential exploits and opportunities for compromise exist anywhere there's private information transmitted. The challenge of too much all the time is very real though, as is the question of who matters, what matters, when and why. That's what O11y gives us. Travel with me as I take you through a journey of O11y at Reddit, where we'll stop along the way to talk briefly about Security, Privacy and Compliance Engineering, and then dive deep into our modern observability stack.

Speaker Bio:

  • GitHub
Dylan Raithel
  • Twitter
  • LinkedIn

Intercepting the Cosmos: Signals Intelligence on Satellite Communication Links

Angelina Tsuboi

Talk Description:

This talk explores the decoding process behind satellite signals, emphasizing the crucial role of signals intelligence in extracting meaningful information. We will provide a simple guide for the signals analysis process covering essential tools and techniques for demodulation and packet analysis of data transmitted from various satellite communication systems. Participants will gain a deeper understanding of various satellite communication subsystems, radio, reverse engineering, OSINT, and communication theory in the context of space vehicles. 

Speaker Bio:

Angelina Tsuboi is a software developer and an aerospace cybersecurity instructor focusing on satellite systems. With over a decade of programming and development experience in addition to being a scientific researcher for NASA, she has been involved in numerous aeronautical and space-focused security initiatives for a wide range of applications ranging from drones, aircraft, and satellites. 
 

Driven by her passion for teaching, Angelina finds joy in simplifying complex subjects such as aerospace, cybersecurity, and programming to empower her students, Angelina focuses on ensuring that her students can readily apply the acquired skills to their professional and personal endeavors. Angelina is also the founder of Stellaryx Labs, a consultation, education, and development services company at the nexus of software, security, and aerospace. To learn more about her work, visit her website: angelinatsuboi.com 

Angelina Tsuboi

Scaling Your Creative Output with AI: Lessons from SANS Holiday Hack Challenge 2023

Evan Booth

Talk Description:

The rise in prominence of AI-powered content generation tools over the past year was tough to miss, and, heck, you have probably already created some cool stuff with them. Putting these tools to work in a meaningful, scalable way, however, can prove challenging. 
 

In this talk, I will equip you with the technical knowledge required to build AI-enhanced tools, we'll discuss strategies for identifying opportunities for said tools, and we'll look at real-world examples from SANS Holiday Hack Challenge, the best darn free, seasonal hacking challenge in the world. 

Speaker Bio:

Evan Booth is a builder and architect at Counter Hack, a company devoted to building fun and engaging challenges that educate and evaluate information security professionals. Armed with a profound fascination with how things are built, Evan has spent the past 20 years working on the creative, strategic, and engineering components of software and hardware projects for a wide variety of clients. Evan enjoys spending time with his family, taking stuff apart, and occasionally putting stuff back together again. 

  • LinkedIn
  • Twitter
Evan Booth
  • LinkedIn
  • LinkedIn

Dude, I Broke the Satellite

Celi Johnson & Erin York

Talk Description:

Can you replicate an electrical fire through code? Crash a satellite into the moon with a click? As space becomes more prevalent in our society and cements its status as a critical infrastructure, prospects in the cyber and aerospace field find themselves wondering just what is possible when it comes to degrading the security and mission of these space assets. In this talk, we take an aerospace engineer and a cyber security expert and put them together to discuss the common modes of satellite failures from an engineering perspective and dive into how these could be replicated or imitated through cyber attacks. 

Speaker Bio:

Celi Johnson is NOT cyber at all and her Facebook is on public!!! She is, however, an Aerospace Engineer (go jackets!) working on a master's degree in Digital Signal Processing and has 4 years of experience in the hardware space industry.

 
Erin York is currently also working in the space industry as a cybersecurity engineer while furthering her studies at Columbia College.

Celi Johnson & Erin York

Introduction to Drone Security

Hahna Kane Latonick

Talk Description:

Recent advancements in drone technology are opening new opportunities and applications in various industries across all domains. Drones are quickly becoming integrated into our everyday lives for commercial and recreational use like many IoT devices; however, these advancements also present new cybersecurity challenges as drones grow in popularity. This talk provides an introduction to drone security covering the core components of drone technology (e.g., hardware, software, firmware, and communication protocols), cybersecurity risks and mitigations, and cybersecurity best practices for drone operations. Attendees will gain an understanding of drone systems and important security measures that help protect these devices (and its operators) from emerging and evolving threats. 

Speaker Bio:

For the past 18 years of her engineering career, Hahna Kane Latonick has worked throughout the defense industry specializing in cybersecurity as a computer security researcher for the Department of Defense and other defense contracting companies. She has been featured as a cybersecurity subject matter expert on Fox Business News, ABC, U.S. News and World Report, and other national media outlets. She currently serves as a Director of Security Research for a cybersecurity firm and has led four tech startups related to computer security, serving as CTO of two of them, VP of R&D, and Director of R&D. She has trained and developed security researchers at one of the top five aerospace and defense industry companies. She has also taught at Black Hat, CanSecWest, Ringzer0, and the Security BSides Orlando conferences. At the 2023 DEF CON IoT CTF, she and her team tied for first place. In 2014, she became a DEFCON CTF finalist, placing in 6th and ranking in the top 1.5% of ethical hackers worldwide. She also holds security certifications, including CISSP, CEH, and Certified Android Exploit Developer. Latonick attended Swarthmore College and Drexel University where she earned her B.S. and M.S. in Computer Engineering along with a Mathematics minor. 

  • LinkedIn
  • Twitter
Hahna Kane Latonick
  • Twitter
  • LinkedIn
  • LinkedIn
  • Twitter
  • LinkedIn

Navigating New Waters: Fitting In and Standing Out in a Tech-Savvy Pentesting Team

Eric Pursley, Mark Devito, Janusz Jasinski & Thomas Bouve

Talk Description:

Join us for a chat on a topic that hits close to home for a lot of us in the tech world, especially when you're the new kid in a team of pentesting whizzes. It's about that sneaky feeling of not quite belonging, known as imposter syndrome, and how to kick it to the curb. Our talk is all about turning those newbie jitters into something awesome for you and your team.  

We'll dive into some down-to-earth advice for anyone who's ever felt like they're not quite up to snuff in a room full of pros. We'll talk about simple, everyday ways to boost your confidence and see that your fresh ideas are actually gold in a world where thinking differently can make a big difference. Plus, we'll share some cool stories about how we made a real splash, shook things up in the best way possible, and brought new energy to the team. 

Wrapping up, you'll walk away with a toolbox of tricks to beat those imposter blues and a new perspective on how being the 'new person' can actually be your superpower. It's all about blending in while still keeping your unique spark. So, whether you're just starting out or leading a team of your own, let's chat about making the tech world a more welcoming place for fresh faces and fresh ideas. 

Speaker Bio:

JJ is Counter Hack's first UK member. A developer with over 20 years experience, mostly in the UK public sector, he's had to wear many hats from a frontend to a backend developer, a DBA and almost inevitably becoming the in-house 'security person.’ JJ started doing the SANS Holiday Hack Challenge in 2015 where he won a 'best creative' prize and then went on to win the grand prize the following year and subsequent 'super honourable' mentions. JJ's passion for all things security is only outdone by his love for his friends, family and his beloved Liverpool FC football (not soccer) team. In his spare time he loves rowing, going to gigs and festivals. 

Mark, the quintessential hacker turned FBI wizard, started meddling with computers in 1982, probably to the despair of many. With a career sprinkled with 'unique' approaches to information security, he's the go-to scapegoat whenever the digital world goes topsy-turvy. After spending over two decades at the FBI, where he masqueraded as a Supervisory Special Agent by day and an INFOSEC sage by night, Mark now moonlights at Counter Hack. He's a degree collector, with trophies from Millersville University in PA and Virginia Tech, but at his core, he's still that hacker from '82. For kicks, Mark hoards vintage computers, gazes at stars, and wrestles with a cello, possibly plotting to blame it for any off-key notes.

Thomas is a Senior Technical Engineer at Counter Hack where he focusses on penetration testing and challenge design. As a former sysadmin from Bruges, Belgium, he began his cybersecurity career as a SOC analyst at IBM Security, where he later helped design and implement IBM's Managed Security Services threat hunting service. Every holiday season he hides from the world for several weeks to play Holiday Hack Challenge. After winning several HHC awards he was asked to join Counter Hack and told by Santa he can't play HHC anymore. He still goes into hiding for several weeks over the holiday season though, but now it's to help build the amazing HHC game world and its many challenges for others to enjoy.. 

Meet Eric, the Air National Guard's own cyber warrior turned digital swashbuckler. In the mystical world of infosec, he's the chap who transitioned from defensive maneuvers to the thrilling frontlines of offensive cybersecurity. Picture this: a hacker in shining blue armor, schooled in the Way of Red at the SANS Technology Institute, where he dazzled the cyber-elite and joined forces with the legendary Counter Hack.Not just a keyboard warrior, Eric's life is a montage of modding video games, motorcycling like a rogue on wheels, and jet-setting with his pilot wife. All in a day's work for a man making the cyber world a tad safer.

  • Twitter
  • LinkedIn
Eric Pursley, Mark Devito, Janusz Jasinski & Thomas Bouve

Modern Social Engineering - Hacking the Human in 2024

Mark Gaddy & Jonathan Burstein

Talk Description:

Join us as we explore the merging of technology and psychology to manipulate victims into telling all. We will delve into the psychology behind why individuals fall victim to deceptive tactics and uncover how the classic methods such as phishing and vishing have evolved over time. This talk will show new improvements to the tried and true techniques as well as showcase Browser in the Browser Phishing, Multi-Factor Authentication Spamming, and AI Vishing. 

Speaker Bio:

Mark Gaddy is an Attack Surface Management Analyst with Black Lantern Security. Mark gained his background through competing in Capture the Flag competitions throughout college. Mark also volunteers on the red team for the MACCDC competition and the development team for CPTC. 

Jonathan Burstein, recent graduate of the University of West Florida with a passion for all things security ranging from ethical hacking and CTFs, to python scripting and malware analysis.  

  • LinkedIn
  • LinkedIn
Mark Gaddy
  • Twitter
  • LinkedIn
  • Twitter
  • LinkedIn

Unveiling the Techniques of Abusing Azure Function Apps for Fun and Profit

Raunak Parmar & Chirag Savla

Talk Description:

The talk will delve into various approaches to gain access to the Function App Source code that may leak sensitive information which indeed can help us in gaining access to other services. We will also look at the approach of deploying the backdoors in the Function App by leveraging multiple techniques. By uncovering these vulnerabilities and providing practical insights into their exploitation and mitigation, this research offers valuable knowledge to the cybersecurity community. It helps organizations to enhance their security posture in the context of Function Apps. 

Speaker Bio:

Raunak Parmar works as a Senior Cloud Security Engineer at White Knight Labs whose areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He has 3+ years of experience in information security. He likes to research new attack methodologies and create open-source tools that can be used during Cloud Red Team activities. He has worked extensively on Azure and AWS. He is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon, RootCon, HITB and NullCon, and also at local meetups. 

 

Chirag Savla is a Cyber Security professional with 9+ years of experience. His areas of interest include penetration testing, red teaming, azure, active directory security, and post-exploitation research. He prefers to create open-source tools and explore new attack methodologies at his leisure. He has worked extensively on Azure, Active Directory attacks, defense, and bypassing detection mechanisms. He is an author of multiple Open-Source tools such as Process Injection, Callidus, etc. He has presented at multiple conferences and local meetups and has trained people in international conferences like Blackhat, and BSides Milano. 

Raunak Parmar & Chirag Savla
Mike Feltch

Demystifying Trusted Platform Modules with a Path to Exploitation

Mike Felch

Talk Description:

Have you ever considered how hardware devices, such as laptops, vehicles, and IoT devices protect their boot processes while also implement encryption? Are you interested in learning how to get started with attacking TPMs? This presentation offers an introduction into Trusted Platform Modules (TPMs) which currently serve as a security cornerstone in modern hardware devices. We will see how TPMs are responsible for everything from authenticating bootloaders and kernels to keeping data securely encrypted behind the technologies like BitLocker.  

During this talk, attendees will gain an understanding of how TPMs work, while also serving as an offensive security primer in attacking TPMs. We will cover the TPM basics, common security controls implemented by TPMs, and then take a look at common attack paths affecting TPMs. Finally, we will also showcase a real-world attack against an insecure implementation of TPM. 

Speaker Bio:

Mike Felch (known online as @ustayready) is a penetration tester and information security professional with over 25 years in cybersecurity. As the founder of Dark Optics, he specializes in identifying security vulnerabilities and customizing solutions to mitigate or remediate risk. Mike’s experience covers a vast amount of technology stacks, network infrastructure, and cloud platforms. His career started in vulnerability research, exploit development, and reverse engineering which led into numerous security engineering roles in which he has been a penetration tester since 2005. His security background includes hardware hacking, red teaming, and penetration testing at employers like Black Hills Information Security, CrowdStrike, and Fortress Information Security. 

  • Twitter
  • LinkedIn
David Meece
  • LinkedIn

Cyber Nexus: Navigating the Human Network for Cybersecurity Careers

David Meece

Talk Description:

My talk will be about the following below: 

1.  Choose a Career Focus 

2. Identify at least 3 companies You want to work for 

3. Navigate the Human Network (Find Hiring Managers, etc)

4. How creating Content on LinkedIn can help you land a job

Speaker Bio:

David Meece has held multiple positions in IT and Cybersecurity. He has a combined 12 years of experience in performing Cybersecurity awareness, Identity Access Management, Intrusion Detection and vulnerability research, and virus removal. He holds a Master’s of Science degree in Information Systems Management and has a wide array of skills ranging from teaching to vulnerability management. He is an active member and contributor in WiCyS, Simply Cyber, Bsides, and many other groups within the Cybersecurity community.

He pivoted careers and broke into cybersecurity and helping others know that they can break in too is a focal point for volunteering for David. He is passionate about Cybersecurity and enjoys using his platform to teach people how to protect themselves and stay safe online. In downtime he enjoys watching movies, playing video games, traveling, and spending time with his wife and friends. He’s always searching for networking opportunities on LinkedIn to connect with more cybersecurity.

He is also very passionate about protecting people and keeping them safe from cybercriminals to reduce risk of cybercrime.

David's desire is to educate people around the globe with knowledge gained from my professional career. I believe my willingness to learn new systems and strong desire to mentor talented individuals will help me succeed in future endeavors.

 

CMMC Comes Knocking: The Basics of New DoD Cybersecurity Compliance

Chris Silvers

Talk Description:

The Cybersecurity Maturity Model Certification (CMMC) is the new security program the Department of Defense (DoD) is requiring Defense Industrial Base (DIB) contractors to comply with. CMMC 2.0, published for comments in early 2024, aims to protect Controlled Unclassified Information (CUI) with the evolving nature of contemporary cybersecurity threats in mind. In this talk, Chris Silvers will explore the historical progression of DoD cybersecurity requirements (including the 9/11 Commission Report), highlight the most impactful new components of CMMC, and provide his expert guidance for DIB contractors to forge a path to certification.

Speaker Bio:

Chris, one of less than 100 individuals officially certified as both a Certified CMMC Provisional Assessor and Instructor, has led CMMC instruction for more than 500 students. His positioning on the front lines of the CMMC 2.0 rollout, and his cumulative 25-plus years in cybersecurity, uniquely qualify him to guide DIB contractors through the certification process.

  • LinkedIn
Chris Silvers
  • Twitter
  • LinkedIn

Big Tests From Small Teams: A White-Box Approach to Effective Engagement Scoping

Mike Lisi

Talk Description:

In the realm of cybersecurity, small teams often face the challenge of executing extensive tests with limited resources. This presentation will unveil a systematic approach that equips small teams to conduct large-scale assessments efficiently. By gathering critical information to understand client testing needs, fostering open dialogue with the client's technical team, and steering discussions on testing goals and scoping, attendees will discover how to craft tests that maximize coverage while minimizing time and personnel requirements. We will address the need for clients to embrace this collaborative journey, emphasizing that the aim is not to simulate a realistic attack but to derive results, identify risks, and provide cost-effective recommendations. Real-world examples, including engagements with organizations housing over 120 internal web applications and sprawling school districts with diverse assets, will showcase successful strategies for efficient engagement scoping and testing. Join us to unlock the potential of small teams in the cybersecurity landscape and enhance client interactions while optimizing your testing endeavors.

Speaker Bio:

Mike Lisi is the Founder of Maltek Solutions, a company which provides security consulting, assessments, and custom solutions to organizations of all sizes.
Mike serves the CTF Design Lead for the NCAE Cyber Games which is an NSA-funded beginner-level collegiate cybersecurity competition designed to get students hands-on experience to supplement their college curriculum. He also provides support for other CTF events held throughout the country.
Mike provides mentorship and guidance through the National Cybersecurity Alliance's HBCU Cybersecurity Career Program, which pairs HBCU students with security and privacy professionals to help prepare them for the job search process.
Mike has a BS in Computer Science, a MS in Cybersecurity and Information Assurance, and various certifications including OSCP, GWAPT, and CEH.

Mike Lisi
bottom of page