May 26, 10:40-11:30

Get to Know Your OAuth Apps: Your New Attack Surface in the Cloud

As organizations increasingly integrate OAuth applications for secure authentication and authorization, these tools have also become a prime target for cybercriminals. This session explores OAuth applications in modern cloud environments, emphasizing their role as a critical attack surface.

We start by outlining OAuth fundamentals, their key functionalities, and their role in enabling secure user-application interactions. Building on this, we examine sophisticated attack techniques identified by Microsoft Security Research, including consent phishing, cryptomining, business email compromise (BEC), and spam campaigns, all exploiting OAuth applications.

Attendees will gain insights into the attack lifecycle and TTPs, covering user deception, application abuse, and broader cloud security implications. The session also provides practical threat-hunting strategies, demonstrating how to detect and investigate suspicious OAuth activities using log analysis and other security tools.

Additionally, we’ll cover remediation tactics to contain and recover from compromised OAuth applications, whether addressing unauthorized access, revoked permissions, or altered applications. To prevent future attacks, we’ll discuss mitigation strategies such as enforcing least privilege access, OAuth governance, and multi-factor authentication (MFA).

By the end of this session, attendees will have a clear ways to detect, respond to, and prevent OAuth-related threats, strengthening their organization’s security posture and maintaining trust in their cloud environments.

May 26, 11:40-12:30

Hacking the Machine: Unmasking the Top 10 LLM Vulnerabilities and Real-World Exploits

In this talk, we’ll explore real-world attack scenarios, recent security incidents, and live demonstrations to show how LLM-based systems are being abused. 

Attendees will gain practical insights on exploitation techniques, the latest adversarial AI tactics, and defensive strategies that can be implemented to secure LLM applications.

May 26, 1:30-2:20

Securing AI Agents: Critical Threats & Exploitation Techniques 

As AI security advances rapidly, our talk will focus on securing autonomous AI agents and addressing their unique threats. We will explore autonomous AI agents capable of transforming how we approach complex tasks and uncovering the security challenges they present. The session will include hands-on experience with threat modeling for these systems and hacking demos of vulnerabilities identified during the exercise.

We will begin by threat modeling a real-world use case in which LLMs act as autonomous agents capable of making independent decisions and actions. Through practical examples, we will demonstrate how agentic capabilities make these systems more vulnerable to exploitation, thereby increasing security risks. Using the STRIDE methodology, we will systematically examine threats such as Insecure Tool Use, Model Poisoning, and Persistent Memory Vulnerabilities, providing attendees with a structured framework to identify, categorize, and prioritize security risks in their own LLM implementations.

Next, we will dive into model poisoning attacks, showing how an attacker can alter a model’s parameters to make it behave in unintended ways, followed by a live hacking demo. We will also cover advanced techniques for prompt injection, such as Prompt Virtualization, Prefix Injection, Distractor Instructions, Combining Languages, and Context Manipulation. Using real-world scenarios, we will demonstrate how attackers craft complex prompts to exploit LLMs.

Finally, we will conclude by discussing mitigation strategies, best practices in prompt validation, and architectural defenses to safeguard Agentic AI systems from emerging threats. By the end of the session, attendees will gain practical insights and tools they can immediately apply to strengthen the security of their AI agents, helping them stay resilient against the evolving AI risks.

May 26, 2:30-3:20

From Junior to Leader - Cultivating Growth in Teams

Leadership isn’t a title; it’s a way of being. Whether you’re mentoring a teammate, managing a sprint, or just trying to make your workplace a little more human, you’re already leading.

This talk is about growing that leadership with intention.

Drawing from experiences across AI, cybersecurity, and team development, we’ll explore what it means to lead technical teams in high-pressure environments without burning out.

Through real stories and lessons from the field, you’ll learn how to cultivate trust, create a feedback-ready culture, and grow both individuals and teams. We’ll talk mindset shifts, not management models - and focus on self-awareness as the foundation for real impact.

You’ll walk away with practical tools, but more importantly, new ways to think about leadership, growth, and your role in shaping the culture around you.

And because leadership starts with presence, we’ll close with a short, grounded meditation exercise - something simple you can take with you and offer to others.

May 26, 3:30-4:20

DNS: The Silent Weapon of Cybercriminals - Leveraging DNS, Data and AI/ML to Build Cybersecurity Solutions

Cybercriminals are increasingly exploiting DNS to bypass traditional security measures, execute stealthy attacks, and exfiltrate data undetected. In this session, we'll expose the hidden risks within DNS, discuss the challenges of building effective security insights, and demonstrate how data, AI/ML can detect and disrupt threats before they cause harm. Join us to explore how innovative data strategies and advanced machine learning can transform DNS from a security blind spot into a powerful defense tool.

May 26, 4:30-5:20

Boosting Operational Resilience with Red Teaming for OT Systems

Red teaming for Operational Technology (OT) systems is not a new concept, however, many organizations have yet to fully recognize its potential benefits. Red teaming Industrial Control Systems (ICS) presents unique challenges compared to IT systems, primarily because testing cannot be done on live production systems and may result in physical consequences (e.g. safety risks, environmental damage, or equipment failure).

This presentation will introduce a flexible strategy that can be tailored to the specific needs of your organization and operations, emphasizing key aspects for enhancing operational resilience. Topics include selecting appropriate attack scenarios and technical considerations, along with the critical role of an OT lab. Conducting red team exercises in a controlled, non-production environment allows organizations to identify areas for hardening and improvement while offering valuable training opportunities for cybersecurity teams. A demonstration will showcase a practical use case using Caldera OT, an open-source adversary simulator from MITRE.

Additionally, the presentation will address the importance of collaboration between IT and OT teams, highlighting how joint red teaming can break down traditional silos and simulate realistic attack scenarios that begin in IT and move into OT systems. This includes analyzing the attack chain through the lens of your organization's detection and monitoring tools.

Overall, this session will underscore the value of red teaming for OT systems and how a lean, systematic approach can significantly improve operational resilience. Insights will be drawn from hands-on experience in facilitating OT attack scenarios for clients and creating internal digital labs focused on OT / ICS.