Jake is the founder of RVAsec and was previously the CEO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. Kouns has presented at many well-known... Read More →
Wednesday June 5, 2024 8:50am - 9:00am EDT
Ballroom
Chair of CSA AI Security Alliance, Cloud Security Alliance
Caleb serves as the Chair of CSA AI Security Initiative. Caleb served as Chief Security Officer at Robinhood where he focused on keeping customers safe. Prior to Robinhood he was Security CTO at Databricks a leading data analytics and machine learning company where he built the security team from the ground up. Previously he was a Managing... Read More →
Wednesday June 5, 2024 9:00am - 10:00am EDT
Ballroom
Come learn about your badge, get it fixed if there are any issues and talk to HackRVA!
HackRVA is a member-run and organized non-profit makerspace in Richmond, Virginia. HackRVA is a space filled with tools, computers, and people who like to build, invent, tinker, expand their minds, and learn and share new skills. You’ll find a diverse group of individuals who are into electronics, woodworking, embedded software, metalworking, programming, music, art, video, photography, 3D printing, sewing, textiles, and virtual reality—and that’s for starters. HackRVA members have access to the makerspace, tools, community and learning opportunities through member-lead workshops, events and projects.
Wednesday June 5, 2024 10:00am - 4:00pm EDT
Rappahannock
A variety of example locks, from simple to extremely hard, along with a picks of all shapes and sizes will be available in our lock pick village.
Stop by and have some fun testing your skills! Provided hand sanitizer will be required to help reduce the modern risks while we explore the oldest security mechanism on earth!
If you fancy yourself a strong picker or have a competitive streak, we are planning to have a time contest of a series of locks, with the fastest through them all taking home something epic.
Wednesday June 5, 2024 10:00am - 4:00pm EDT
Rappahannock
Join our quick start guide to building your very own Private AI! In this presentation, we'll explore the key differences between Public and Private AI and the components needed for success. You'll get hands-on experience setting up your development environment, preparing data for training, and using popular libraries to train a simple AI model. We'll also discuss best practices in AI development and provide guidance on evaluating and fine-tuning performance. Don't miss this opportunity to take control of your very own AI and build a system tailored to your unique needs and goals. Join us for an engaging and informative session that will empower you to start building your Private AI today!
Chief Information Security Officer, Networking Technologies and Support
Samuel S. Panicker specializes in cyber security and data protection. He is currently the CISO for NTS with over twenty-six years of experience in the field. Sam has authored several security awareness programs for SANS and Black Hat including “A healthy level of paranoia”.
Wednesday June 5, 2024 10:30am - 11:20am EDT
Ballroom C
In this speech, we will uncover many of secrets the security services industry doesn't want you to know. We will follow three real world case examples to show why it's important to know how to compare "apples to apples" when getting the help you need to evaluate, remediate, and mature your security program.
Vice President | Offensive Security, Blue Bastion | Ideal Integrations
Mr. McOmie started in offensive security in 1994 and is a trusted advisor, security leader and mentor. With a career focus in offensive security and a strong technical background, he is recognized for his excellence in developing and executing enterprise security strategies and leading... Read More →
Wednesday June 5, 2024 10:30am - 11:20am EDT
Ballroom A/B
Are LLMs a revolutionary leap forward for security research—or just spicy auto-complete?
The truth lies somewhere in between. This talk cuts through the hype and offers a practical perspective that’s grounded in real-world analysis of critical bugs in widely used products. We’ll walk through our process of harnessing large language models (LLMs) for patch-diffing in the context of N-day vulnerability research. Given a vague security advisory and some complicated code diffs, can an LLM get you closer to finding the right spot in the code to dig deeper? Which models work best for this task, and why? Let’s ditch the theory and get our hands dirty with iterative experimentation. Whether you’re a seasoned pentester, applied researcher, or budding practitioner, you'll take away tactical lessons for incorporating AI into your security toolkit.
As a Staff Security Engineer at Bishop Fox, I lead vulnerability research within the Capability Development team, where I leverage vulnerability intelligence to drive our team to conduct the most impactful in-depth technical investigations. I have created multiple tools that enhanced... Read More →
Caleb Gross is the Director of Capability Development at Bishop Fox, where he leads a team of offensive security professionals specializing in attack surface research and vulnerability intelligence. Prior to coming to Bishop Fox, he served as an exploitation operator in the US Department... Read More →
Wednesday June 5, 2024 10:30am - 11:20am EDT
Ballroom D
We are meant to enjoy our lives; both personal, and professional. As human beings, and as professionals, we all have to learn how to cultivate even-mindedness, balance, and fortitude to meet life/work challenges. Cybersecurity is fascinating because it requires us to constantly learn, and find ways to optimize our process. Burnout is a huge problem many fields, but especially in Cybersecurity. Cultivating a mindfulness or meditation practice is one of the most efficient ways we can support our process, and manage the stress and anxiety that comes with our professional and personal lives.
The focus of this talk is not specifically on work, because it addresses thoughtful ways to approach every aspect of our lives from our mental and physical health, to our relationships both personally and professionally. Whether new to the industry or a seasoned veteran, this talk with give you some insights, guidance, and the opportunity to practice.
Associate Security Consultant, Blue Bastion | Ideal Integrations
Aqeel Yaseen transitioned into Offensive Security from over a decade of teaching yoga professionally, and is currently working with Blue Bastion Security. That might seem like a curious combination, but Pentesting and teaching yoga both help people cultivate awareness of blind spots... Read More →
Wednesday June 5, 2024 11:30am - 12:20pm EDT
Ballroom D
Collaboration between Governance, Risk, and Compliance (GRC) teams and offensive security teams is vital for a strong security stance. This presentation highlights the role of GRC teams in augmenting offensive security efforts. Traditionally, GRC teams are seen as policy makers, compliance assessors, and risk managers. Their role, however, significantly contributes to offensive security strategies, going beyond these conventional duties. The presentation emphasizes how GRC teams can enhance offensive security through risk-informed strategies, ensuring that offensive measures align with policies and compliance, optimizing resources, and bridging communication between technical and executive teams. The session aims to provide cybersecurity professionals and organizational leaders with a thorough understanding of the importance of GRC teams in offensive security and practical approaches for integrating these functions within their organizations.
Darryl MacLeod works for the Lares Advisory Services team and has over 20 years of experience in the IT security sector, having been responsible for developing, managing, and assessing information security programs for all levels of enterprise and government-level organizations. He... Read More →
Wednesday June 5, 2024 11:30am - 12:20pm EDT
Ballroom C
Join us for 'Unlocking Generative AI: Balancing Innovation with Security' as we navigate the complex landscape of generative AI in corporate environments. From understanding the fundamentals to exploring security threats like data poisoning and model theft, discover how large enterprises can safeguard sensitive data and AI models. Learn robust mitigation strategies to tackle these challenges head-on, ensuring a secure future for AI innovation. Don't miss this opportunity to delve into the promising yet challenging world of generative AI security.
Jason Ross is a passionate cybersecurity expert with a diverse skill set, currently focused on building tools and processes to test the security of generative AI models & applications that use them. Jason's past work experiences include penetration testing, cloud security, and OSINT.Jason... Read More →
Wednesday June 5, 2024 11:30am - 12:20pm EDT
Ballroom A/B
There is a huge gap in security and that gap is understanding the process for acquiring security tools. After buying security tools as an architect and selling as a sales engineer I know the process, pitfalls and gaps in the process. We will dive into the process for both sides. You will learn how you should be architecting your program and winning budget for those tools. We will also explore what happens on the sales side of deal. I will explain what to look out for and what you can take advantage of and the common mistakes we make.
Sales people are top tier social engineers we will explore how to hack them.
Hacker, BJJ enthusiast, world traveler and surfer. I am a giant weirdo who somehow found my niche in offensive security. I have been blessed getting to build AppSec programs for companies like 1Password and Red Canary. I have an extremely diverse background and hope I can relate and... Read More →
Security Operations has become the talk of the town now that there are CoPilots, Unified Consoles, and VC money pouring into the field. While many of those things address technical aspects what about the business of security operations? Specifically the people involved. Chris Tillett has spent 2 years interviewing SOC leaders and analysts and would like to share his results from this data driven approach.
Chris currently works for Palo Alto Networks in R&D, helping customers stay ahead of threat actors and helping our products stay customer focused. His experience with UEBA and IAM helped drive the ITDR module to not only focus on Identity based attacks, but also the entire Identity... Read More →
Wednesday June 5, 2024 1:00pm - 1:50pm EDT
Ballroom C/D
When developing a product, software engineers often discuss the “what if?” user. What if a user builds their own frontend client? What if a user finds that embedded API key? What if a user notices that endpoint doesn’t have authorization? This talk has three real-life examples from the speaker’s perspective as the “what if?” user. Each example will delve into the motivation, the security flaws reverse engineered, and how to improve the security of each product. This talk will cover reverse engineering assets from an Android game, a waitlist to buy exercise equipment, and a Publish Subscribe system for an auction house. This talk aims to generate interest in identifying software design flaws and reverse engineering them, as well as helping teach about common security issues and practical methods of fixing them.
Micah Parks started his professional career about six years ago in the National Security Agency. After moving to the private sector, Micah has continued to work as a security minded software engineer. He has created and maintains multiple open source projects, with the most popular... Read More →
Wednesday June 5, 2024 1:00pm - 1:50pm EDT
Ballroom A/B
Get ready for a wild ride as Jennifer Shannon, a Senior Security Consultant at Secure Ideas, takes the stage to present "API-ocalypse" In this thrilling and entertaining session, Jennifer will showcase the vulnerabilities lurking within APIs and the havoc they can wreak if left unaddressed. Through live pentesting demos, she will demonstrate jaw-dropping exploits, mind-bending injection attacks, and authentication bypass techniques that will leave you on the edge of your seat. Join Jennifer as she navigates the dark side of API’s to help you understand and fortify your attack surface in order to prevent the impending API-ocalypse.
Jennifer Shannon is a Senior Security Consultant at Secure Ideas with a background in malware analysis, penetration testing, and training. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration... Read More →
The rise in prominence of AI-powered content generation tools over the past year was tough to miss, and, heck, you have probably already created some cool stuff with them. Putting these tools to work in a meaningful, scalable way, however, can prove challenging.
In this talk, I will equip you with the technical knowledge required to build AI-enhanced tools, we'll discuss strategies for identifying opportunities for said tools, and we'll look at real-world examples from SANS Holiday Hack Challenge, the best darn free, seasonal hacking challenge in the world.
Evan Booth is a builder and architect at Counter Hack, a company devoted to building fun and engaging challenges that educate and evaluate information security professionals. Armed with a profound fascination with how things are built, Evan has spent the past 20 years working on the... Read More →
Wednesday June 5, 2024 2:00pm - 2:50pm EDT
Ballroom C/D
Deception engineering is a defence-in-depth strategy which many organisations overlook. Post achieving certain level of maturity over their infrastructure security processes, deception engineering is a great security project to enhance monitoring via high fidelity alerts and targeted knowledge of an attack in terms of where the attack's epicentre exists, what actions are the attackers taking, etc.
This session aims to share the overview of what entails when building a deception engineering charter, how to plan for deploying honeypots and honeytokens, and finally how to handle a potential incident that was detected via a honeypot.
Ayush is a Cyber Security Engineer specialising in Cloud and Data Security, and DevSecOps practices. He loves to develop automation for security controls and processes. He has delivered talks at various conferences and security communities like GrayHat'20, and Cyber Security Global... Read More →
Saksham Tushar specializes in various aspects of Threats, including intelligence, detection, analytics, and hunting. He has experience leading teams and collaborating with organizations such as Informatica, Microsoft, and IBM to establish multiple global Security Operations Centers... Read More →
Wednesday June 5, 2024 2:00pm - 2:50pm EDT
Ballroom A/B
We’re taking a fresh look at how to beat cyber attackers at their own games! It’s all about using our defender advantages wisely, controlling, constraining, and shaping the adversary’s moves before the attack even begins. We're ditching the old "Defender’s Dilemma" mindset and showing how smart defense strategies can make a huge difference. Let’s shift our thinking, use our advantages better, and boost our defense without breaking the bank.
David is a Staff Security Strategist on Splunk’s SURGe research team. He is also a SANS Certified Instructor, where he teaches network forensics. David has more than 20 years of experience in the information security field, primarily in incident detection and response, threat hunting... Read More →
Wednesday June 5, 2024 3:10pm - 4:00pm EDT
Ballroom
The closing will take place right after the final talk. We will have a short break for attendees to get their beverages & Hors d'oeuvres, and then we will do Prizes and CTF awards.
Menu:
Nacho & Soft Taco Bar with Tortilla Chips & Flour Tortillas Vegetarian
Chris is the founder of RVAsec and Head of Innovation at Project Discovery, Inc. Chris has been in the security industry for 27 years, working in various research and security roles with Focal Point, HP (SPI Dynamics) and Capital One. He is the author of the “Nikto” web server... Read More →
Wednesday June 5, 2024 4:00pm - 5:30pm EDT
Ballroom
