May 27, 10:40-11:00

What’s up with CVSS4?

The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.

May 27, 11:10-11:30

Zero Trust in a Zero-Office World: Rethinking IAM for the Remote-First Enterprise 

Traditional "castle walls" security crumbles in today's decentralized workplace. This session will look into the challenges of outdated IAM in a remote-first world, highlighting data breaches, inflexible access controls, and shadow IT risks. It will also show the transformative power of Zero Trust, a framework emphasizing continuous verification, least privilege access, and data-centric security using MFA, CAAC, UEBA, micro-segmentation, and DLP to secure remote work. It will also highlight practical solutions like ZTNA, secure collaboration platforms, and SSO for seamless and secure access and collaboration.

May 27, 11:40-12:00

Do Not Find Bugs; Bugs Find You

All conference talks we hear about vulnerability hunting and exploitations are so cool -- so much so that it appears as if you would never get there unless you have been hacking since 14 years old. Will you not ever find cool bugs if you do not like setting up fuzzers or grinding with disassemblers? You are mistaken. In this talk, I will introduce the mindset that will slowly but organically yield the discovery of vulnerabilities without daunting learning curves or too many emotional rollercoasters often associated with “vulnerability research.” That is, let us do “security research” instead. As a case, I will discuss how I found vulnerabilities in the Windows Hypervisor. Throughout it, we will review the hardware-assisted virtualization technology the hypervisor relies on and Windows’ unique security boundary that is less scrutinized. Finally, the talk gives a few ideas to extend this work for more bug discoveries. You should attend this talk if you want to start bug hunting casually and naturally. You may not find bugs immediately, but bugs may find you soon.

May 27, 12:10-12:30

Decomposing a Malware Symphony: When Malware Work Together to Deliver a Powerful Infection

There are numerous families of malware out there, each with its own unique features. Some can steal sensitive data and exfiltrate it using specific protocols, some can introduce additional malware into the system, some can encrypt or destroy files, and many more. Despite their differences, these various malware families can collaborate in a symphonic manner to deliver a powerful infection. I've started referring to this as a “malware symphony” to describe how different types of malware contribute to the symphony of infections, much like instruments in an orchestra. One such example is CrackedCantil, which I named after Cracked Software and the Cantil Viper. In this particular malware campaign that originated from Cracked Software, at least nine different malware types were involved, including PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, and STOP. Here, the Loaders (PrivateLoader, Smoke) introduced several notorious malware into the system. The Infostealers (Lumma, RedLine, RisePro, Amadey, Stealc) exfilterated various sensitive information before the ransomware encrypted the files. The Proxy Bot malware (Socks5Systemz) transformed the system into a proxy bot, and the Ransomware (STOP) encrypted the files, demanding a ransom for their recovery. The full analysis can be found here: https://any.run/cybersecurity-blog/crackedcantil-breakdown/ This talk will delve into the malware symphonies, exploring how they are orchestrated to wreak havoc on systems.

May 27, 1:30-1:50

Techniques to Exfiltrate Data

You are the proverbial bad guy, and need to exfiltrate data out of a company. What are the various techniques you can employ to fly under the radar of all software modules designed to prevent you from doing that? If you are a blue teamer and need to guard your defenses against exfiltration, what are the various techniques you can employ to prevent this?

May 27, 2:00-2:20

What We Mean When We Say Internet Measurement, and Why it Matters So Much for Security

Often when folks think of security research, they think of things like reverse engineering, tracking threat actors, or pentesting. While these are all valid, there’s one side of security research that is often forgotten or misunderstood – Internet Measurement, or evidence-based science. In order to improve the world, we need to quantify it first, and that’s where Internet Measurement comes into play.

In this talk, I’ll use my 8 years of hands-on experience to dive deep into the world of Internet Measurement and show attendees why we should care MORE about Internet Measurement as a security research tool. To start, I’ll discuss the details of three very different measurement projects: evaluating attacker behavior in a niche market, quantifying Internet Scanning completeness, and improving vulnerability notifications. In discussing these projects, I’ll clarify the questions we were trying to answer, how we thought about our measurements, and the impact the outcomes had. Most importantly, I’ll hypothesize what we would have missed had the work NOT happened. 

By discussing these three disparate projects, I hope attendees will walk away understanding what Internet Measurement is, why it’s so useful in the world of security, and how security practitioners can apply these lessons to their own environments. We don’t know what we don’t know and the unknown can seem daunting. Internet Measurement is a way for us to step into (and through) that unknown.

May 27, 2:30-2:50

A How To Guide: Hunting Clearweb Fentanyl Distributors

On the clearweb, hundreds of sites operate in the open which have been used to fuel the spread of Fentanyl and it’s precursors. These operators have stepped out of the shadows of the darkweb to increase the accessibility to their highly addictive drugs.

Sit down for this talk and discover how to identify a seller, track them down across the web, and find the links back to shell corporations based out of the United States. I will demonstrate all of this using real world examples; by following this guide you too will be able to use these OSINT tactics to take down a drug network.

May 27, 3:00-3:20

Unveiling Deception - Catching a Catfish

This talk covers an introduction to catfishing, providing a real-life example. It outlines the Signs of a Catfish, focusing on Red Flags and Warning Signs. The role of OSINT is highlighted, showcasing techniques to unmask catfishers.

Introduction to Catfishing, Case example, Signs of a Catfish, Red Flags and Warning Signs , How can OSINT help?, OSINT techniques to unmask catfishers, Prevent Catfishing / Education 

May 27, 3:30-3:50

Blockchain DevSecOps

Blockchain technology can have a revolutionary effect on many important industries like finance and health. A security vulnerability in a smart contract can lead to a hack that would be more damaging than the biggest heists in history. We have proven DevSecOps methods in the classic software building industry that we can leverage to develop blockchain projects and improve smart contracts qualities and security. Moreover, there is a lack of consensus and guidance regarding leveraging DevSecOps in developing blockchain projects. This talk will list common smart contract vulnerabilities and how we can avoid them by building a secure CI/CD pipeline and following best security practices.

May 27, 4:00-4:20

Cultural Change: How to Work Together for Better Security

Learn to leverage the expertise of your internal SMEs to provide comprehensive security awareness & training, ensuring a diverse range of perspectives and up-to-date insights. Together you can foster a culture of security, promoting security best practices and staying ahead of emerging threats.

Attendees will come away with a deeper understanding of the importance of fostering a culture of security within an organization, and how to effectively develop and deliver security training content that engages and empowers employees. Whether you work at a large-scale organization, mid-size company or a start-up, you will learn insights and practical tips on how to leverage existing resources, such as internal experts and online training tools, to create effective security training programs that fit the specific needs of your organization. Our goal is to inspire all organizations, regardless of size, to prioritize security and build a strong security culture.

May 27, 4:30-4:50

Security Recruitment: Four Challenges Candidates Face and Four Areas You Can Improve to Impress Candidates

Deep dive into both candidate and hiring manager perspectives during interviews. What levers can you pull as a hiring manager to increase your offer acceptance rate?

Four main challenges candidates face that will make them turn you down.

Four areas to focus on so you and your team can crush it. 

May 27, 5:00-5:20

SOC Staffing and Scheduling - Justifying Headcount and Meeting the Mission 

Looking to quickly determine how many analysts your SOC needs? Wondering what the tradeoffs are between 5x8, 4x10, 2-2-3? Curious what's the right SlA & when to use an on-call? If so then this is the track for you.