RVAsec 2018 has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Technical [clear filter]
Thursday, June 7


Bypassing ISP and Enterprise Anti-DDoS with 90's technology
Stressers/Booter services is providing "DDoS as A Service" and they are getting more and more powerfull, measured in amount of traffic, but the current resources they use could be improved, and optimized, and perform a much more dangerous and advanced attack patterns that can bypass large Anti-DDoS solutions through pre-analysis and data-mining with  big data analysis and OSINT informaiton as source.

The research will show a framework on how attackers can optimize attacks based on a combination of big-data analysis and pre-attack analysis, that will show that terabit attacks are not necessarily needed, and why 90's technology is prefered over IoT Worms and other fancy gadgets.

avatar for Dennis Rand

Dennis Rand

Founder, eCrimeLabs
Dennis Rand is a security researcher from Denmark. He specializes in vulnerability research, network analysis, penetration testing and incident response. | Dennis has over seventeen years of experience in various security roles including researcher, consultanting, and simply loves... Read More →

Thursday June 7, 2018 11:00am - 11:50am


Container Security: Vulnerabilities, Exploits and Defense
Whether it's an unsecured Kubernetes configuration or the Meltdown/Spectre exploits, there is always a way into your company's seemingly secure container infrastructure. We'll take a tour of the most surprising container exploits - and how to use tools like SSL and VPNs to create a strong defense for your own environment.

avatar for Elissa Shevinsky

Elissa Shevinsky

Author, OR Books
Elissa Shevinsky is a serial entrepreneur. She helped launch Geekcorps (acquired), Everyday Health (IPO) and Brave ($35M ICO.) Shevinsky is currently consulting for crypto startups, and doing research on container security.

Thursday June 7, 2018 1:00pm - 1:50pm


From Web App to ATM: Why the Basics Matter
This is a technical application security discussion for junior penetration testers or anyone interested in the world of penetration testing. Advanced members of the community are welcome, but the content is geared at newer testers. From Web App to ATM will showcase a penetration test I performed where the only previous work done was web vulnerability scanners that completely missed the iceberg lurking just below the water. In this talk I will cover some "back to basics" of web app security and show real world examples of critical applications exposing these flaws. Unauthenticated APIs, forceful browsing, privilege escalation, and total ownage of ATMs managed by this app are all up for discussion.

avatar for Travis McCormack

Travis McCormack

Lead Specialist, Security Testing, Walmart
Travis has 10 years of experience in information security roles. Starting out as a Network Administrator and later SOC Analyst he has built his experience and knowledge up through blue teaming before deciding to try out offensive security. Travis has spent the past 2 years as a penetration... Read More →

Thursday June 7, 2018 2:00pm - 2:50pm


Hiding in the Clouds - Leveraging Cloud Infrastructure to Evade Detection
Organizational spending on cybersecurity is at an all-time high. From an attacker’s perspective, this means that target networks are becoming increasingly hostile environments to operate in. This has pushed attackers to look for new ways to diminish a defenders ability to identify their activity. The introduction of cloud providers and their associated content delivery networks have provided ample ways to attack and communicate with attack infrastructure while piggy-backing on the cloud provider’s infrastructure and reputation.

Techniques and tactics such as domain fronting for multiple cloud providers, distributed scanning, and leveraging API gateways will be discussed.  Also, more nuanced aspects these cloud services will be explored as they sometimes provide many benefits to an attacker’s infrastructure, including encryption. Most importantly, mitigations for these techniques will provided so that defenders can go about better protecting their network.

avatar for Mike Hodges

Mike Hodges

Senior Consultant, Optiv
Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking... Read More →

Thursday June 7, 2018 3:00pm - 3:50pm


Red Team Apocalypse
TABLETOP SCENARIO: Your organization regularly patches, uses application whitelisting, has NextGen-NG™ firewalls/IDS’s, and has the latest Cyber-APT-Trapping-Blinky-Box™. You were just made aware that your entire customer database was found being sold on the dark web. Go.

avatar for Derek Banks

Derek Banks

Security Analyst, Black Hills Information Security
Derek is a Senior Security Analyst at Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the... Read More →
avatar for Beau Bullock

Beau Bullock

Senior Security Analyst, Black Hills InfoSec
Beau is a Senior Security Analyst at Black Hills Information Security where he performs penetration tests and red team assessments. He is the author of various red team/pentest tools such as MailSniper, PowerMeta, HostRecon, and DomainPasswordSpray. Beau is a host of the web shows... Read More →

Thursday June 7, 2018 4:00pm - 4:50pm
Friday, June 8


How to REACT to JavaScript [In]Security
According to a StackOverflow survey, JavaScript is the most commonly used programming language on earth. Today just the client-side JavaScript ecosystem has over 50 frameworks available, and JavaScript is successfully conquering the server-side space. The amount of application logic that is executed in the browser is growing every year, which means the attack surface is growing as well. Which security issues are most common in JavaScript applications? Do new frameworks provide the security controls needed to protect the growing amount of client-side code? In this talk we will answer these questions and, as an example, we will look at one of the hottest JavaScript frameworks today – React. We will discuss its new features like components and server-side DOM rendering, analyze React’s security posture and demonstrate existing vulnerabilities.

avatar for Ksenia Peguero

Ksenia Peguero

Sr. Research Lead, Synopsys
Ksenia Peguero is a Sr. Research Lead within Synopsys Software Integrity Group. She has eight years of experience in application security and five years in software development. Ksenia is a subject matter expert in static analysis and JavaScript frameworks and technologies. Before... Read More →

Friday June 8, 2018 10:10am - 11:00am


OS X App Whitelisting Without Losing Your Job
Application whitelisting: it's easy to say it should be practiced as part of a complete endpoint security practice, but in reality it can be hard to deploy widely without causing friction and frustration across the organization. This talk will look at the tools and processes that enabled Duo's Corporate Security team to progressively deploy and monitor application whitelisting across their fleet of OS X endpoints.

avatar for Chris Czub

Chris Czub

Senior Security Engineer, Duo Security
Chris Czub is an information security engineer on Duo Security's Corporate Security team where he helps keep their employee endpoints and servers monitored and safe.

Friday June 8, 2018 11:10am - 12:00pm


A Game Theoretic Model of Computer Network Exploitation Campaigns
Increasingly, cyberspace is the battlefield of choice for twenty first century criminal activity and foreign conflict. This suggests that traditional modeling and simulation approaches have stalled in the information security domain. We propose a game theoretic model based on a multistage model of computer network exploitation (CNE) campaigns comprising reconnaissance, tooling, implant, lateral movement, exfiltration and cleanup stages. In each round of the game, the attacker chooses whether to proceed with the next stage of the campaign, nature decides whether the defender is cognizant of the campaign’s progression, and the defender chooses to respond in an active or passive fashion. We propose a dynamic, asymmetric, complete-information, general-sum game to model CNE campaigns and techniques to estimate this game’s parameters. Researchers can extend this work to other threat models, and practitioners can use this work for decision support.

avatar for Robert Mitchell

Robert Mitchell

Member of Technical Staff, MITRE
Dr. Robert Mitchell is currently a member of technical staff at Sandia National Laboratories. He received the Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 12 years of industry experience, having worked previously at Boeing... Read More →

Friday June 8, 2018 1:00pm - 1:50pm


Seize and Desist? Criminal Evolution One Year After AlphaBay’s Demise
As we’re approaching the one year anniversary of AlphaBay’s seizure, the talk will demonstrate the impact this has had on the criminal ecosystem. This includes new, alternative mechanisms and technologies for discussing and trading criminal goods and services. The talk will also outline the drivers that will determine the future of the criminal ecosystem and outline what this means for all organizations.

avatar for Michael Marriott

Michael Marriott

Senior research and strategy analyst, Digital shadows
Michael Marriott is a Senior Strategy and Research Analyst at Digital Shadows, which he joined in late 2014. Michael has a passion for security analysis and the trends they indicate, in order to better protect clients. He has written several articles and papers, and his research is... Read More →

Friday June 8, 2018 3:00pm - 4:00pm