• Tales from the Breach

    In 2022, my org was breached by Lapsus$. We had a multimillion-dollar budget, all the products, all the bells and whistles, copious staff, etc. After the dust settled, I became obsessed with understanding how so many *modern* orgs had been breached in 2022. I scheduled CISO 1-1's with everyone I knew. With those I didn't know, I dove deep into the breach notifications and articles. Patterns started to emerge. Join me in discussing notes and stories from my outreach. Topics: 2FA Failure, FIDO, IAM, Github/Gitlab Security, User Awareness Training, Threat Intelligence, Supply Chain Security, Assets and risk registers, common activities post-breach (cred-rolls, breach notifications), priority segmentation for internal networks (protecting internal web control panels), bug bounty, ++

    Track 1 - Break It
    Sat 9:00 am - 10:00 am

  • Why’d this PDF converter add-on copy my GDrive? Wait, it got my emails too?

    No one engineer can solve all SaaS risks! Do you want to democratically secure apps like Salesforce, GSuite, and Snowflake? We developed a strategy that uses a detection framework, ticketing automation, and scalable self-service processes to burn down SaaS risk without bogging down ticket queues.

    Track 2 - Build It
    Sat 9:00 am - 10:00 am

  • Preparing for the Rise: Securing the Future of AI Responsibly

    The emergence of AI being made available for everyone has become one of the most significant industry-changing events in our lifetimes, so, how are you adopting AI/ML into your enterprise? How hard can building an AI really be? What should you consider when introducing your own AI models? Are you prepared for the consequences? How do you set guard rails so your developers don't break you into jail?

    This talk is a Treatise on AI/ML challenges in securing AI/ML scenarios within an enterprise for product research and development. Developed from years of experience learning how to approach AI/ML projects in Microsoft Research, I will attempt to shed light on some current thinking and best practices for AI models for internal and public use.

    We'll walk through the explosion of technologies becoming available to industry and the challenges facing platform builders and enterprises now that these features are present.

    We'll journey through the current regulatory landscape and share some considerations that Security governance programs should consider for their own AI/ML compliance.

    Learn about how security fundamentals have not really changed but must be enhanced to deal with these new realities; these include new perspectives on protecting the supply chain, approaching AI scenarios in threat modeling, building controls for resilience, and the new demands of logging and auditing in real time for intentional behavior vs malicious behavior.

    Then, we wrap up with how to approach educating compliance organizations, your leaders, and your developers to be prepared to understand AI/ML risks and adopt AI with due diligence.

    Track 3 - Push It
    Sat 9:00 am - 10:00 am

  • The Fault in Our Metrics: Rethinking How We Measure Detection & Response

    Your metrics are boring and dangerous. Recycled slides with meaningless counts of alerts, incidents, true and false positives… SNOOZE. Even worse, it’s motivating your team to distort the truth and subvert progress. This talk is your wake-up call to rethink your detection and response metrics.

    Metrics tell a story. But before we can describe the effectiveness of our capabilities, our audience first needs to grasp what modern detection and response is and its value. So, how do we tell that story, especially to leadership with a limited amount of time?

    Measurements help us get results. But if you’re advocating for faster response times, you might be encouraging your team to make hasty decisions that lead to increased risk. So, how do we find a set of measurements, both qualitative and quantitative, that incentivizes progress and serves as a north star to modern detection and response?

    Metrics help shape decisions. But legacy methods of evaluating and reporting are preventing you from getting the support and funding you need to succeed. At the end of this talk, you’ll walk away with a practical framework for developing your own metrics, a new maturity model for measuring detection and response capabilities, data gathering techniques that tell a convincing story using micro-purple testing, and lots of visual examples of metrics that won’t put your audience to sleep.

    Track 4 - Bop It
    Sat 9:00 am - 10:00 am

  • FBI Career Pathways: Combatting Cyber Threats

    The FBI’s technology careers are the backbone of many key functions relating to security, system capabilities, and the investigative work at the FBI. Technology professionals keep the nation's computer networks and systems safe, defeat malware attacks, investigate major computer intrusions, and root out international espionage. They apply their knowledge of computer technology, cyber security, electronic surveillance, encryption, and forensic science to safeguard information across the globe.

    Examples of Technology Roles in the FBI:
    • Computer scientists combat cyber-attacks, counterintelligence plots, and more by addressing problems with system integration and architectural design.
    • Information technology specialists support tactical operations, maintain the technological infrastructure, and ensure personnel have the tools necessary to perform their jobs.
    • Digital forensic examiners serve as the FBI’s subject matter experts in digital forensics in support of investigations.
    • Digital forensic specialists collect, preserve, and copy digital evidence for investigations.

    Learn more about different career pathways available at the FBI for those with a technical background and interest.

    Track 5 - Grow It
    Sat 9:00 am - 10:00 am

  • Cloud Forensics Workshop - AI Edition

    Now in its seventh iteration since the initial launch at BSides DC in October 2017, the Cloud Forensics Workshop has been a regular feature at multiple security conferences where students new to the industry or individuals interested in cross-training learn core concepts about digital forensics in the Cloud. The latest version of this training session - dubbed the "AI Edition" - now focuses on how artificial intelligence and automation can assist with a digital forensic investigation; including securing a compromised account, creating the necessary artifacts for forensic analysis; log indexing, correlation, and analysis to help identify suspicious activity or other unusual behaviors to generate a timeline of events. The workshop will also feature plenty of group discussions on recent advancements in forensic automation, how the Cloud has evolved from large-scale virtual servers to smaller scalable containers, how IoT devices have extended the logical boundaries of the Cloud, and key similarities and differences between the three major Cloud Service Providers. There will also be hands-on labs where students can learn more about automating tasks, mirroring and capturing packet data, and open-source tools and techniques that are commonly used in the field. Students will be given the opportunity to download sample data from a Cloud account prior to the start of the class to help better understand how to leverage these tools and techniques.

    Workshop - Utopia
    Sat 9:00 am - 5:00 pm

  • The Winds of Change – The Evolution of Octo Tempest

    Learn how Octo Tempest (aka Scattered Spider, 0ktapus) redefined the cybercriminal landscape to conduct several high-profile computer intrusions in 2023. This session will cover the evolution of Octo Tempest and walk through how the threat actor operates across the cyber-attack kill chain, including their extensive abuse of identity and cloud technologies.

    Track 1 - Break It
    Sat 10:00 am - 11:00 am

  • Security usability: more important than your control

    When most people think of information security, they don’t think happy thoughts. Losing those fifty tabs because you have to update your web browser (ack). Finding your phone so you can pass MFA to get to the thing you need to do (eep). Complexity added to a development project by a secrets management system, or a secure access system that errors out during the response to a critical outage (yikes). When we’re securing systems, we must consider the human using them.

    We all want a future where security is achieved in a frictionless way and is easy but effective. Let’s talk about how to get there!

    Track 2 - Build It
    Sat 10:00 am - 11:00 am

  • How AI Changes Everything for Security

    AI implementation has flooded the technology market over the past year, with prominent models such as ChatGPT and DALL-E becoming household names. While these models have garnered significant attention, they bring to light severe security threats. One of the most pressing issues comes from the massive amount of data required to train these models and the importance of strictly defining their behavior and responses. Another being the lack of current security solutions as well as understanding of just how vulnerable AI is.

    Traditional cybersecurity is finding they are no longer equipped to protect these models. This is exacerbated by the rate at which companies are adopting AI techniques into their technology pipelines and relying on models for important company processes and decisions.

    The frameworks that create these models have significant vulnerabilities that allow for data leakage and model manipulations which can and have led to large scale security breaches and software errors. In order to protect these uses of AI, code must be analyzed before becoming a part of a customer facing code base. We propose scanning machine learning files in order to find vulnerabilities and protect AI. In this talk we will discuss the vulnerabilities and model frameworks that the scanner is equipped to address. We will demonstrate how easy it is to inject code in a pretrained model, and how typical endpoint protection is not equipped to flag security risks during download of models, highlighting the need for more robust safeguards.

    Track 3 - Push It
    Sat 10:00 am - 10:30 am

  • AppSec Coding Round: A Hands-On Interview Experience

    Have you ever entered a coding interview round, questioning the purpose and relevance of the challenges presented? Feeling disoriented, wondering how precisely the tasks assess your candidacy? If so this talk is for you. This session will be a hands-on live coding session where the presenter will provide 2 programming challenges for the attendees to solve. The session will dive into tackling programming challenges catered to both security-focused roles & software-centric security roles. Solutions to the problem statements will be discussed during the session.

    Track 4 - Bop It
    Sat 10:00 am - 11:00 am

  • Small and Mighty: Making Security Happen in a Small Security Team

    A well-staffed, well-funded team is the dream of every security practitioner, though it is often not the case. Competing business needs means that security teams have to wear multiple hats, take on extra projects, and turn down good initiatives to focus on necessities.

    Despite some of the difficulties that come with small teams, this is a great position to be in. With limited resources and a solid plan, you can make opportunities to develop relationships and get security done effectively.

    In this session, we will:
    1. Identify strategies for building strong relationships throughout your organization that will support your security program,
    2. Learn how to approach risk management in a balanced manner that encourages cooperation instead of fear, and
    3. Discuss strategies to find scalable solutions to problems that won't break the bank.

    Track 5 - Grow It
    Sat 10:00 am - 10:30 am

  • Purple Teaming with Detection-as-Code for Modern SIEM

    One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections.

    This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.

    I will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.

    Workshop - Gandalf
    Sat 10:00 am - 12:00 pm

  • No More Holiday Rush! Use Risk-Based AppSec Vulnerability Prioritization!

    Scenario: The newest zero-day, Log5j, has hit and it’s a holiday weekend. A mad scramble ensues, long hours, ruined celebrations, to quickly determine if this vulnerability exists in your environment and presents a risk to your business. You run a static code/container scan that surfaces over 200 vulnerable artifacts that could be affected, but time constraints and limited developer resources demand a strategic focus on identifying and addressing the most critical instances of this zero-day vulnerability.

    In this session, Mike Larkin, CTO, Deepfactor, will outline how AppSec teams can swiftly pinpoint and prioritize those vulnerabilities requiring immediate attention. The key is to understand which occurrences of the vulnerability pose the highest risk—those that are not only severe, but reachable and used at runtime, and exploitable. By adopting this targeted prioritization strategy, teams can avoid the overwhelming task of addressing over 200 potential vulnerabilities, narrowing their focus to a more manageable number. [redacted] will include a demonstration of a typical SCA static container scan of a sample open-source test application that returns a large number of possible vulnerabilities. And then, by combining static container scan data with runtime reachability analysis of applications, narrow down those results by up to 90%, to those that represent true risk to the business—based on reachability, runtime usage, and deployment context, as well as exploit maturity.

    Track 3 - Push It
    Sat 10:30 am - 11:00 am

  • Burnout Sucks: Surviving and Thriving in high stress environments

    Many areas in the Security space have moments.. or consistent flows of high stress and demands. Let's talk about how to not just survive, but thrive there.

    Track 5 - Grow It
    Sat 10:30 am - 11:00 am

  • DLL Sideloading / Proxy

    A session about DLL Sideloading and DLL Proxy. How it is done, and some basic understanding on the technique. Includes detecting possible DLLs to sideload, creating a DLL that can be used to sideload and the more advanced technique of DLL Proxy.
    The session also will include how is being used in the by threat actors in a simulated environment in a host where the user executes a simulated malicious payload.

    Track 1 - Break It
    Sat 11:00 am - 11:30 am

  • Security Misconfigurations in the Cloud NG - "Oh Look, something fluffy, poke poke poke!"

    Misconfigurations in my cloud environments you say? "Never! ", I say! Wait, are you telling me that if I misconfigure something in a cloud environment, and nothing to do with the applications being deployed, that I could be compromised? Lies, all lies!

    Ah, but let's take a look at the concepts of cloud configurations such as IAM and ORG policies and how they compare to redteaming “on-prem”. It’s all about understanding the magic that is the cloud in clear terms that everyone can follow along with - and yes, there are cat memes throughout. You will learn the concepts of the cloud "environment" with attack vectors identified and how pentesters and bad actors use these attack points to their advantage.

    Several recorded demos of misconfigurations and the attack vectors they pose will be presented. Opensource tools will be shown in the demonstrations to help find misconfigured cloud services.

    This talk is for everyone who has ever tried to configure a cloud-based environment to support a random application and actually deploy it to the world. You WILL come away with key points on how misconfigurations are the #1 way cloud environments are breached!!

    Track 2 - Build It
    Sat 11:00 am - 12:00 pm

  • Incident Response on the AI Frontier

    As many companies move to utilizing AI, we need to prepare for managing AI incidents. How do we respond to incidents in this developing field? Every new technology starts with panic. OMG what are we going to do! We have seen all of this before. We already have a lot of the basics we need to address these issues. How do we apply what we already know to this new area of risk?

    In this talk we will review the lessons we have already learned and how this applies to AI. Let’s talk about what we need to do to prepare our response teams, management, legal, PR/communications for AI incidents. What are the new attack surfaces we need to be worried about?

    This talk will get you thinking about what areas you need to address to get ready for these incidents. Who do you need to educate, what processes do you need to have in place, and what templates will help. We will also chat about the available resources and where you can contribute to the cause.

    Track 3 - Push It
    Sat 11:00 am - 12:00 pm

  • The Cybersecurity Clinics Model: Cyber Volunteering to Safeguard Community Organizations

    Many public interest organizations lack the resources for cybersecurity self-defense. These target-rich, resource-poor organizations and providers of critical infrastructure include nonprofits, state and local governments, small utilities, hospitals, and school districts. University-based cybersecurity clinics provide pro bono assistance to local and regional resource-strapped organizations, helping them develop long-term cybersecurity defense, increase their resilience, and expand their cyber security capacity. This session will highlight case studies of the impactful cyber volunteering work of 15 university-based cybersecurity clinics established across the country, as well as present valuable insights derived from assisting public interest organizations about their unique cybersecurity challenges.

    One major obstacle to improving the cybersecurity posture of these critical organizations is the severe lack of transparency and absence of publicly available data about the cyber intrusions they experience. This lack of openness not only erodes public trust in these institutions but also hinders the development of evidence-based strategic policies by lawmakers to bump up their security and allot them greater cybersecurity resources. This latter half of this session will spotlight some of the groundbreaking initiatives led by the academics leading the cybersecurity clinics to increase understanding of the cybersecurity challenges and needs of public service providers.

    Track 4 - Bop It
    Sat 11:00 am - 11:30 am

  • Hiring and Retaining Top Security Engineering Talent

    Ever wondered how to hire and retain top security engineering talent? If so this panel is for you! The panel will be a discussion around hiring, retaining, and scaling top security teams and talent.

    We will explore how each leader has approached talent attraction and the successes and challenges they've faced when building security teams.

    Track 5 - Grow It
    Sat 11:00 am - 12:00 pm

  • State of API Security 2024: Insights from Analyzing 1 Million Domains

    Join Tristan Kalos & Antoine Carossio from Escape, for insights on critical risks from exposed API tokens. Their groundbreaking research, analyzing 1 million domains, uncovered 18,000+ API tokens and RSA keys accessible without authentication. 41% were highly critical.
    They will share his unique web scanning methodology, dive into sensitive API data revealing potential severe financial losses (up to 17 million $), and draw parallels to standard API security threats.
    Going beyond the findings, they'll present actionable remediation strategies and provide a practical API security checklist. Leave equipped with a clear path to secure your APIs.

    Track 1 - Break It
    Sat 11:30 am - 12:00 pm

  • The Open Source Security Index: trends in open source security

    We developed the Open Source Security Index as a tool for practitioners to discover and quickly gain insight into relevant open source security projects. Using the Github API we pull data from a growing list of security repositories (approx. 700). We then rank this database of repos based on a weighted average of each project's key metrics, creating a dynamic index of the top 100 most popular security projects. The index provides simplified project descriptions, language formats, and license details to help engineers quickly find interesting security tools. The underlying data supporting the index offers a unique insight into the behavioral patterns of thousands of open source security contributors from hackers, pen-testers and threat analysts to professional developers and security engineers. Over the past 12 months we have tracked data like Github star count, contributor growth, commit and release cadence, license and programming language usage, as well as relative ranking changes. We classified projects into various functional categories and analyzed the popularity of new and emerging repos across different aspects of the cybersecurity stack. The session will provide security engineers and practitioners with an overview of the open source security index, the top 50 most popular repos, and trending data that we have gathered in the last 12 months, including but not limited to: the fastest growing security repos in each category, repos with the largest contributor following, contributor distribution by category, data on professional repos vs. community-led projects, repos with the highest development velocity (pull requests & commits), programming language usage, and licensing data.

    Track 4 - Bop It
    Sat 11:30 am - 12:00 pm

  • Bug bounty chronicles - Chaining obscure bugs for maximum impact

    Despite defense in depth bounty hunters continue to bypass security measures. We will chronicle curated submissions from our bug bounty program. Expect to hear root cause analysis, technical details, and mitigations. You will take away practical strategies to elevate your own security program.

    Track 1 - Break It
    Sat 1:00 pm - 2:00 pm

  • Stopping Ethan Hunt from taking your data

    Data security is rapidly gaining importance as the volume of data companies collect, analyze and monetize grows exponentially. New data processing tools and platforms are emerging at an increasing rate, as are the ways in which an organization consumes data. In this presentation we will talk about the unique technical and cultural challenges of running a data security program and will share some practical solutions that have worked well at our company.

    Track 2 - Build It
    Sat 1:00 pm - 2:00 pm

  • Imposters Among Us: Never Trust, Always Verify Machine Learning Models

    In security, never trust and always verify, especially when it comes to unvetted machine learning artifacts. Machine learning is increasingly being used in critical applications, but how well do you really know the models and datasets you’re using?

    Machine learning is no longer just a small number of tech giants developing models in-house; it is becoming increasingly democratized. A rising number of ML models in production now are fine tuned from foundation models shared on public hubs. However, there is often little to no verification of the security of these models, leaving the doors wide open to attackers.

    This talk turns a critical eye towards the major threat vectors emerging in machine learning artifacts - model serialization attacks, poisoning, and supply chain attacks - and shows how using practices of model scanning, cryptographic attestation, and MLBOMs can guard against these risks. Approaching every step in the ML pipeline with a mindset of no implicit trust can ensure that models are from legitimate sources and uncorrupted, but this must be a system-wide effort. It can take a village to build an ML model, but only one weak point to break it.

    Track 3 - Push It
    Sat 1:00 pm - 2:00 pm

  • Secure Your World with CISA!

    Join Christopher Callahan Cybersecurity Advisor for CISA, as he talks about some of the newest CISA initiatives. How to use no-cost services from CISA cybersecurity practitioners can take advantage of to secure your world!

    Track 4 - Bop It
    Sat 1:00 pm - 1:30 pm

  • Turbocharge Your Career Trajectory

    Brace yourself for an electrifying session where this panel of industry leaders reveal the secrets of navigating their careers, sharing invaluable insights, and providing the ultimate playbook for leveling up your own career. This is not your typical panel discussion. Join us to dive deep into the gritty reality of growing your career in security, as our panelists fearlessly tackle the topics you crave to explore. Don't hold back – Ask Us Anything.

    Track 5 - Grow It
    Sat 1:00 pm - 2:00 pm

  • Intro to C2 Class for Beginners

    C2 training class for people that are beginner red teamers or are threat hunters looking to learn how adversaries leverage C2s using Sliver.

    Workshop - Gandalf
    Sat 1:00 pm - 5:00 pm

  • The Biopsychosocial 4P Matrix: A Psybersecurity Unboxing of the Mental Health Attack Surface

    Cybersecurity stress and cyberattacks impact people’s mental health. Mental health can also be exploited by those with mal-intentions. How do we know if a psychiatric attack might be happening? What parts of mental health make us vulnerable? What can we do to build strength and to defend? In this presentation, I will unbox these questions and talk about the junction of cybersecurity and psychiatry, “psybersecurity”. The audience will be introduced to a clinical tool commonly used for patient care in the mental health field, and learn how to use this same tool for evaluating mental health threats in the context of cybersecurity. The audience will be introduced to the “Biopsychosocial 4P Matrix: Biological, Psychological, Social. Predisposing, Precipitating, Perpetuating, Protective". By gaining fluency with this technique, the audience will learn how to make a psybersecurity formulation and learn how to diagnose the mental health attack surface. With this mindset, the audience will be equipped to build a more resilient and stronger human network of security.

    Track 4 - Bop It
    Sat 1:30 pm - 2:00 pm

  • Going Undercover in the Underground - A Practical Guide on How to Safely Infiltrate and Engage

    The dark web is filled with threat actors planning nefarious crimes. Cybersecurity professionals know that threat hunting in these underground environments is necessary, but they don’t know the most crucial step to beginning the process. ‘How do you access the deep and dark web?’ and ‘How do you gain a threat actor’s trust?’ These are the most commonly asked questions of cybersecurity professionals preparing a proactive threat hunt.

    Navigating the underground requires dedication to persona management and setting up a safe and secure environment to ensure one does not expose themselves to malicious actors. This session will demonstrate how to set up a secure environment (dirty machine) using Tails, how to find sources in the dark web, best practices when creating your first persona, communicate with threat actors, and of course, how to seek out threats once you gain access to the sources where threat actors plan, play, and profit. All while using real examples that attendees can try for themselves.

    Track 1 - Break It
    Sat 2:00 pm - 3:00 pm

  • 101 Things Your Application is Doing Without Your Knowledge

    Every time you bring in code you didn't write into your application, you're possibly introducing behavior you weren't expecting. Even using well-known and battle-tested dependency libraries, your application might be opening files and making network connections without your knowledge. Come hear about some crazy hidden things we've seen applications doing, and how you can learn what yours are doing as well.

    Track 2 - Build It
    Sat 2:00 pm - 2:30 pm

  • Ethical Dilemmas at the Crossroads: AI's Role in Social Engineering and Mobile Device Security

    The convergence of artificial intelligence (AI) and mobile devices in today's landscape has opened new frontiers for convenience and vulnerability. This presentation delves into the complex interplay between AI, social engineering, and mobile device security, unraveling the ethical dilemmas at this critical juncture.

    AI's unprecedented data analysis and pattern recognition capabilities have given rise to sophisticated social engineering techniques, reshaping the threat landscape for mobile device security. These technologies enable highly targeted and persuasive manipulation, exploiting human behaviors and trust mechanisms, often bypassing conventional security measures.

    This session scrutinizes the ethical problems emerging from deploying AI-driven social engineering tactics within mobile device security. It explores how AI's involvement blurs the lines between legitimate persuasion, manipulation, and exploitation, leading to a reevaluation of ethical standards and best practices in safeguarding personal and organizational data.

    Attendees will gain insights into real-world instances where AI-driven social engineering attacks intersect with mobile device policies, uncovering the challenges faced by security professionals and ethical implications for privacy advocates. The discussion will also focus on proactive strategies to mitigate risks, foster awareness, and redefine security approaches to navigate these ethical crossroads better.

    This presentation is ideal for security practitioners, privacy advocates, policymakers, and anyone interested in understanding the evolving landscape of AI, social engineering, and the ethical complexities of mobile device security.

    Track 3 - Push It
    Sat 2:00 pm - 3:00 pm

  • Starting over. Escaping the Invisible Dragnet

    Ever wonder what it is like to disappear? How does one begin in making their private life actually private? Why are privacy fundamentalists paranoid, and why should you be too?

    You are a upcoming journalist about to lay your first big scoop on organized cybercrime. You will face attacks after you publish. How do you make sure that your reporting is not going to hurt you? How do you build an anonymous persona that can hold up to criminals doing their utmost to get back at you?

    Come walk through the foundations of personal digital privacy and understand how to engage with the entirety of the internet safely.

    Track 4 - Bop It
    Sat 2:00 pm - 3:00 pm

  • #opentowork: Find Your Own Adventure After Layoffs

    Simply put – The struggle is REALLY real.

    Being laid off can have a significant impact on one's mental health and well-being. Navigating the job market and interview process can also feel overwhelming. However, it can also be an opportunity to find a new adventure in your career.

    Ann who had her job impacted last year, will explore how she both navigated this stressful situation and turned it into a (mostly) positive adventure. In this session she will talk about tactics that worked and didn’t work for them in dealing with the initial shock, searching for a job, interviewing, self-care, and some life-changing decisions like navigating immigration. The current immigration system fails workers like those who were swept up in recent tech layoffs and forced to urgently find a new US sponsor or start life over elsewhere.

    While she doesn’t have all the answers or maybe any of the answers – she aims to share her stories in the hope that she offers you or someone you know strategies for finding your adventure after a layoff.

    Track 5 - Grow It
    Sat 2:00 pm - 2:30 pm

  • OIDC and CICD: Why your CI pipeline is your greatest security threat

    Your CI/CD Process is chock full of credentials, and almost anyone in your company has access to it. Configuring your CI correctly is vital to supply chain security. We discuss how to reduce that attack surface by enforcing proper branch permissions and using OIDC to reduce long-lived credentials and tie branches to roles.

    Track 2 - Build It
    Sat 2:30 pm - 3:00 pm

  • Cultural Change: How to Work Together for Better Security

    Learn to leverage the expertise of your internal SMEs to provide comprehensive security awareness & training, ensuring a diverse range of perspectives and up-to-date insights. Together you can foster a culture of security, promoting security best practices and staying ahead of emerging threats.

    Track 5 - Grow It
    Sat 2:30 pm - 3:00 pm

  • Modern Memory Forensics with Volatility 3

    Memory forensics, which is the analysis of volatile memory (RAM), has proven itself to be one of the most effective techniques for combating sophisticated malware. Given the widespread use of memory-only payloads, malware, rootkits, and attacker toolkits, traditional incident response techniques are often rendered ineffective. Memory-only malware leaves no traces on the file system of an infected host and hooks the system APIs needed to hide from live analysis tools. When faced with such malware, memory forensics techniques are the only viable option for detection and triage.

    In this presentation, attendees learn how to perform detection and triage of sophisticated malware against Windows 10+ systems using version 3 of the Volatility Memory Analysis framework. Volatility is the most widely used memory analysis framework for over a decade, and the recently released version 3 provides many new, modern analysis and automation features. Volatility 3 is set to replace and deprecate Volatility 2 in 2024, and attendees of this talk will get the opportunity to learn the new framework directly from one of the core developers. Volatility is open source; by using it in the presentation, students learn how to perform thorough analysis with a tool they can immediately use in their own incident response work.

    A few topics that will be covered during this presentation includes detection and triage of process code injection, credential dumping, lateral movement, memory-only rootkits, and anti-forensics concealment of malicious activity. By having this documentation, attendees will leave with knowledge that is immediately applicable in real investigations.

    Track 1 - Break It
    Sat 3:00 pm - 4:00 pm

  • Playbook for secure API Authentication and Authorization

    Secure API authentication and authorization is at the heart of Application Security. We will explore the landscape of popular vulnerabilities such as brute force attacks, JWT vulnerabilities, inadequate session management, user enumeration, Captcha related vulnerabilities, login page weaknesses, Broken Object Level Authorization (BOLA), and privilege escalation.

    This session will focus on practical examples and testing use cases that could have potentially prevented top 5 attacks related to authentication and authorization in the year 2023.

    This session is invaluable resource for developers, Application and Product security professionals, and anyone involved in Security by Design.

    Track 2 - Build It
    Sat 3:00 pm - 4:00 pm

  • Graph Neural Networks: Revolutionizing DDoS Attack Detection

    In this talk, I will present my research on the cutting-edge world of Graph Neural Networks (GNN) and their transformative role in combating one of the most prevalent cyber threats: DDoS (Distributed Denial of Service) attacks. I will uncover how GNNs offer a significant advancement over traditional methods of detection, delving into the evolution of GNNs and exploring their unique application in cybersecurity. We'll close with a forward-looking view on how the advancements in GNNs are equipping us with better shields in the digital arena against DDoS threats.

    Track 3 - Push It
    Sat 3:00 pm - 3:30 pm

  • What to Expect When You’re Expected to Testify

    It’s not the Spanish Inquisition, but it may feel like it. Imagine you are given the opportunity to go into the halls of power and speak directly to lawmakers about the security needs of businesses and consumers. How do you reach them? What do you say? How do you prepare? Lin-Manuel Miranda knew how important it was to gain an audience for Alexander Hamilton. How do you “not throw away your shot”? Very few information security practitioners get the opportunity to speak before the Washington State Legislature and United States Senate on matters of cybersecurity. Tarah Wheeler, CEO of Red Queen Dynamics, has testified before the Washington State Legislature three times with the most notable on January 21st, 2020 regarding Right to Repair issues. Then on January 17th, 2024 Tarah received the opportunity to testify in front of the U.S. Senate Cyber Safety Review Board - CSRB on cybersecurity matters that are important to small businesses. These testimonies are often used to shape the laws that will impact cybersecurity for decades to come.
    During this talk Tarah will share her experience preparing to give testimony, speaking with State Legislatures, what it’s like to go to Capitol Hill in DC, and some of the stories that came from the entire experience. Attendees will leave better prepared to speak to lawmakers at the State and Federal level about matters of cybersecurity while also learning about how our lawmakers view cybersecurity issues.

    Track 4 - Bop It
    Sat 3:00 pm - 4:00 pm

  • What Hiring Managers (Really) Look For

    Are you applying to tens or hundreds of jobs and not hearing back? Looking for insight on how hiring managers think? Frustrated with interviewing over and over in what seems like an endless loop? If you answered yes to any of these, don't miss this talk where we dive into what hiring manager are really looking for and how to succeed on your job hunt.

    Track 5 - Grow It
    Sat 3:00 pm - 3:30 pm

  • Security in the Age of AI

    As Artificial Intelligence (AI) and Large Language Models (LLMs) diffuse into everyday business use, these new technologies present novel challenges for IT Staff, Security, Compliance and Development Teams. How can practitioners ensure AI is used securely and follows company and industry guidelines? This session will present an overview of AI usage in the enterprise and how companies can safely control and harness this new power that AI can provide.

    Track 3 - Push It
    Sat 3:30 pm - 4:00 pm

  • Hiring and Retaining top talent in the Cybersecurity Industry

    Top cybersecurity talent is in short supply. Hiring top talent, keeping them inspired, helping them grow in their career, and retaining them is one of the first principles for any Cybersecurity leader.

    This presentation will cover key methods you can use to find the right talent. We will discuss how company values need to align with individual principles for a successful match. Cybersecurity requires a certain degree of rigor, resiliency, and dedication to deal with ever increasing complexities and the never ending demand from your stakeholders. We will discuss how team leaders can coach, support, and nurture growth in their team member’s career in this presentation.

    Track 5 - Grow It
    Sat 3:30 pm - 4:00 pm

  • Just-in-time Oubliette: Dynamic Forensic Evidence Collection Infrastructure

    Tools Demo for Just-in-time Azure-based infrastructure for securely storing and accessing forensic evidence. This environment is intended to be useful for when you have multiple investigators or untrusted external parties adding data for evaluation. Some key features automatically implemented in this setup leverage the immutable Azure Storage legal hold, Read-only/Write-only SAS Tokens, Azure Storage analytics logging for validation of access by which parties, Azure Key Vault logging with the logs going to a Log Analytics workspace in the resource group.

    Track 1 - Break It
    Sat 4:00 pm - 4:30 pm

  • 14 Questions Are All You Need

    How is your SOC doing, really? It’s easy to become lost in compliance and regulatory requirements soup. There are plenty of respected consultancies that will perform multi-week SOC assessments. A quick Internet search yields several SOC capability maturity models. And yet, a one-hour conversation with a SOC veteran typically yields a gut sense of how a SOC is doing on its journey, and where investments are needed. What if SOCs had a lighter weight method that identifies key strengths and weaknesses: one can be done in an afternoon, or more than once a year?
    In this talk, Carson Zimmerman will challenge your thinking about how to measure and drive SOC effectiveness. He will present 14 key indicators of performance, that survey not only how the SOC is doing at a given point of time, but also how well growth and improvement are baked into the SOC culture.

    Track 2 - Build It
    Sat 4:00 pm - 4:30 pm

  • Earth (Spam) as a Character Gallery

    Digital safety (and security) is often viewed as adversarial, which can place defensive and design teams in an aesthetic arms race with undefined and ambiguous opponents. Looking outside a purely combative view though there is a richer theater of incentives, deterrents, and actors at play.

    This talk will establish a taxonomy for better illustrating how to understand and react to possible scaled abuse by melding "Safety by Design" principles with an approach similar to security's "MITRE ATT&CK". Both are useful in their own right, but I'll be pulling on experiences with scaled abuse in security and in safety to graft multiple perspectives together to frame technical solutions in terms of altering complete relationships rather than eliminating adversaries.

    Using "spamfighting" as a model, we'll also cover why it will always be easier for spam (and scaled abuse in general) to proliferate on some platforms more than others, approaches to anti-botting strategies outside of just captcha, bans, API lockdowns, and privacy ick, and how your own workplace plays a role in "Crypto Airdrop" scams.

    Track 3 - Push It
    Sat 4:00 pm - 5:00 pm

  • Beyond Code and Clicks: UX Insights to Security Software

    In the landscape of software vulnerabilities, the significance of designing for people is obvious. Understanding how people interact with computers is essential to building safe and secure systems. Focusing on how the user interacts with your application as a developer is a necessary skill to building effective and safe security tools. Whether it’s a CLI (command line interface), GUI (graphical user interface), or TUI (terminal user interface) application, there are common design patterns that developers can leverage for secure development.

    When building security software, there are many considerations –
    What should developers consider when building a security application? What’s realistic for an organization? What makes a security tool safe? Are there always trade-offs between security and ease of use? Is it worth the effort?

    Security tooling comes in all shapes and sizes and that user experience (UX) directly impacts the effectiveness of such tooling. In this talk, we'll share our experiences and offer UX-centric insights derived from building security tools spanning CLIs, GUIs, and TUIs.

    Track 4 - Bop It
    Sat 4:00 pm - 4:30 pm

  • What Elite Hackers Do Differently

    Some cybersecurity programs just seem to hit above their weight in building top offensive cybersecurity talent.

    If you look at Pwn2Own and DEFCON black-badge events, you will see countries like South Korea and institutions like Carnegie Mellon University be represented far more frequently then the size of their program would suggest. Notably, South Korea boasts approximately one DEFCON CTF finalist team per 10 million people, contrasting with the US, which has one finalist team per 100 million people.

    The question arises: What sets these programs apart? While numerous programs guide participants from novice to proficient, what distinguishes the ones that succeed in producing exceptional talent?

    Extensive background research and interviews reveal three common factors –
    1. Ladder systems: Successful programs establish clear progression paths. For example, Korea's Best-of-the-Best (BoB) initiative employs a rigorous funnel system steering individuals from Stage 1 (200 people) to Stage 4 (10 people).
    2. Research-oriented curriculum: Emphasis on individual research into novel topics is core.
    3. Active alumni community: Programs with a thriving alumni network exhibit a pay-it-forward spirit, with former participants actively contributing through recruiting and mentoring future talent.

    This session will unveil different multicultural approaches, including Korea’s BoB program, China's National Cybersecurity Center and Cyber-AI initiative, and stories from CMU’s hacking team Plaid Parliament of Pwning. By exploring the roles of educators, mentors, policymakers, and industry in effective cyber education, we aim to highlight the theme of "Gratitude and Growth" in this session.

    Track 5 - Grow It
    Sat 4:00 pm - 5:00 pm

  • The Kids Are Alright - Lessons from building a junior research team

    Lessons learned from building a research team staffed entirely by early career researchers - a criminally undervalued resource being passed up by big players.

    Track 4 - Bop It
    Sat 4:30 pm - 5:00 pm

  • Fuzzing the Chain of Public Policy Influence

    Hackers are in an ideal position to spot unintended consequences of new and emerging technology from our early (ab)use of these systems. Through public policy, we can have an outsized impact on governing that technology to protect against its darker applications. While policymakers are eager to understand the kinds of insights we can offer, the hacking community has historically been at arms length. We either have to engage or cede our privileged position to those with lesser motives. It’s up to us to decide who we want shaping our technology future.

    Josh Michaels sits down with Beau Woods to talk about the state of collaboration between public policymakers and the hacker community, what has come out of this work, and how you can get involved.

    Track 1 - Break It
    Sat 5:00 pm - 5:30 pm
Session and Speaker Management powered by Sessionize.com