Bio: Marco Figueroa is an industry-leading security research expert and is the driving force behind the technical success and outreach of the 0Din GenAI Bug Bounty Program. With a hands-on approach to coding, bug hunting, and technical problem-solving, he effectively bridges the gap between his technical expertise and non-technical stakeholders, ensuring that complex concepts are accessible and comprehensible to all. Marco's passion for fostering a collaborative environment ensures that researchers and developers alike are equipped with the tools and support they need to secure AI systems. Through his leadership and technical expertise, Marco continues to advance the field of AI security, fostering innovation and collaboration within the community.

Trusted by threat actors such as APT29, BRONZE STARLIGHT, TA551 and Red Teamers alike.
Bishop Fox Sliver is a versatile Adversary Emulation Framework ready to help tackle your next op. We will go over setting up the C2 and generating binary implants for Linux, Mac or Windows targets. Touch on obfuscating these implants and setting up workflows to bypass antivirus and system protections.

Suggestions will be provided for places to host your C2 and stagers, taking advantage of service providers' positive reputation to help reduce the chances of being blocked.
After this we will get into interacting with your fresh new shells. Migrating into other processes, setting persistence, getting screenshots, pivoting and other recon before loading 3rd party modules from the Armory. Finally we gather the desired loot and set new tasks for the zombie slaves to carry on.

Evan Wagner Security Researcher, President and Founder of Hack NWA

Imagine running your business without access to your data—or worse, having that data fall into the wrong hands. The knowledge and insights your company has gathered over the years and your data are essential to your operations and represent a significant competitive advantage in today’s fast-paced business environment.

Given this, it’s critical to implement robust policies to safeguard this valuable asset. However, it’s equally important to recognize how a narrow focus on specific security measures—"tunnel vision"—can create blind spots, leaving your company vulnerable to serious threats. In this context, I'll highlight how this kind of oversight can lead to significant security gaps, putting your company at risk of costly breaches and reputational damage.

Jordan Bonagura
Senior Security Consultant at Secure Ideas
Information Security Researcher
IT Professor and Course Coordinator
Computer Scientist and Post Graduated in Business Strategic Management, Innovation and Teaching
Founder - Vale Security Conference - Brazilian Conference and Hacker Space
Speaker (AppSec California, GrrCon, Angeles Y Demonios, BSides Augusta, BSides SP, H2HC, Silver Bullet, SegInfo, ITA, INPE, BalCCon2k14, Red Hack Con, Triangle InfoSeCon, etc)

"Can you dump some white powder into our clean water tanks that feed our city of 50,000 people?" is how the conversation began. As we went through the scope, we began to see the challenges of compromising a government critical infrastructure facility. They also added a second location, their wastewater facility and tasked us with breaching that area as well. We tested the physical defenses of both locations over a span of approximately 36 hours and what we found was...well, you'll have to attend the talk to find out! Patrick is a professional penetration tester with Compass Cyber Guard in Rhode Island. He has been doing pentesting since 2016 and has had a focus on social engineering since 2017. He is the creator and organizer of the Layer 8 Conference, the first to solely focus on social engineering and OSINT topics, happening in Boston in June. He earned the Certified Ethical Social Engineer certification in 2023 and has also taught a variety of cybersecurity topics.

The Darkgate loader has reemerged. While "born" in 2018 this malicious loader has been gaining popularity since mid 2023. This session will be a complete killchain analysis of this threat with a focus on its entry points to enterprise networks. The session will also cover EDR evasion techniques and how this loader compares to other offerings in the cybercrime underground.

Etay Maor is the Chief Security Strategist at Cato Networks, founding member of Cato CTRL (Cyber Threats Research Lab), and an industry recognized cyber security researcher and keynote speaker.
Previously, Etay was the Chief Security Officer for IntSights where he led strategic cybersecurity research and security services. Before that Etay held numerous leadership and research positions as an Executive Security Advisor at IBM where he created and led breach response training and security research and as Head of RSA Security’s Cyber Threats Research Labs where he managed malware research and intelligence teams and was part of cutting edge security research and operations.

Tal Darsan leads the Managed Cybersecurity Services at Cato Networks, where he oversees the threat hunting, security operations, and incident response activities. Tal has over a decade of experience analyzing cyberthreats, and he's responsible for many in-depth security investigations, including the discovery of new malware strains in the wild. Previously, Tal led the cybersecurity research lab at Trusteer, IBM, which primarily focused on advanced threats research. Before that, Tal worked at RSA Security, where he was part of the security research and operations teams. Tal holds a BS in computer science with a specialization in cybersecurity.

In this session, we'll explore the development of an in-house threat modeling assistant that leverages Large Language Models through AWS Bedrock and Anthropic Claude. Learn how we're building a private solution that automates and streamlines the threat modeling process while keeping sensitive security data within our control. We'll demonstrate how this proof-of-concept tool combines LangChain and Streamlit to create an interactive threat modeling experience. Join us to see how modern AI technologies can enhance security analysis while maintaining data privacy.

This presentation will explore real-life stories from the trenches, representing how unknowns have allowed malicious actors to thrive. We’ll dive into specialized tools and techniques attackers use, especially cybercriminals and nation-states. We’ll demonstrate hacking techniques that illustrate the ease of compromise against multiple target types, from cloud applications to industrial robots. Finally, we’ll share vendor-agnostic mitigation strategies to help you discover, secure, monitor, and respond more eLiciently and eLectively by converting your unknowns to knowns. Malicious actors count on you being passive regarding unknowns and want you to fail. Disappoint them!

Brian Contos
With two IPOs & eight acquisitions, Brian has helped build some of the most successful security companies in the world. He has over 25 years in the security industry as a security company entrepreneur, board advisor, investor, and author. After getting his start with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, Solera Networks, Cylance, JASK, Verodin, and Mandiant.

You spend your time configuring HTTP headers and hardening your containers, meanwhile your CFO just downloaded a Chrome extension to make the font in Gmail larger. What are Chrome extensions, exactly? We'll dive into details, including: format, contents, static analysis with custom rules, threat modeling (when does this even matter?), and in general what to look for. We'll cover some historical malicious extensions and how they worked (incl. on red teams). We'll then demo a tool I've just released for this: CRXaminer (https://crxaminer.tech, WIP) and how you can immediately start using it. We'll finally do some data analysis on statistics we've uncovered by using this tool at scale on many extensions, and uncover general trends and findings.

Mark El-Khoury

Mark started as an offensive security consultant, doing penetration testing and code and design reviews. Mark then expanded his skillset into the defensive side, leading cybersecurity at various organizations and industries, including: Gaming, fintech, and biometrics. Mark is a conference speaker, holds security certifications, and was an instructor at a Columbia University cybersecurity bootcamp for over four years. Mark is now Director of Security Engineering at Movable Ink.

Understanding how malicious actors think and operate is crucial to safeguarding systems and data. The Hacker Mindset takes participants on an immersive journey into the tactics, techniques, and procedures (TTPs) used by cybercriminals and threat actors. This talk will explore the psychology and motivations driving hackers, providing a deeper understanding of how cyber intrusions unfold—from initial reconnaissance and exploitation to establishing persistence and exfiltrating valuable data.
Dr. Fatou Sankare is a seasoned cybersecurity engineer with years of hands-on experience in both offensive and defensive security. Having worked with various organizations to identify and mitigate complex vulnerabilities, Dr. Sankare brings a unique perspective on the evolving tactics of cybercriminals. With a background in ethical hacking, penetration testing, and threat analysis, Dr. Sankare is passionate about demystifying the hacker mindset and equipping others with the knowledge to protect themselves and their systems.

LoRaWAN has emerged as a leading low-power, wide-area networking (LPWAN) technology, enabling long-range, energy-efficient wireless communication for a broad spectrum of Internet of Things (IoT) applications. From smart agriculture and environmental monitoring to city-scale sensor deployments, LoRaWAN’s flexibility and low operational cost make it an attractive choice for businesses, researchers, and developers alike. In this introductory presentation, I will demystify LoRaWAN—starting from the fundamental principles behind LoRa modulation and spreading factors, to understanding network architecture and device classes. I’ll cover the lifecycle of a LoRaWAN data packet, examine key parameters that influence range and reliability, and offer practical guidance on how to get started with building LoRaWAN-enabled solutions. By the end of this session, attendees will have a solid understanding of LoRaWAN’s capabilities, tools, and ecosystem, empowering them to confidently explore new IoT deployments and innovations. Mike Long Founder: SpaceCoastSec, previously founded SWFLSec

Building a physical implant for Red Team engagements brings with it some unique challenges. For one, such an implant could be put just about anywhere: a bathroom without a power outlet, it could be dropped from a drone onto a roof or shack, the possibilities are endless. The potential for unlimited locations, then, requires a configuration unique to each. This presentation will dive into the analysis, design and implementation of physical implants using LoRa modulation as an alternative method of remote communication for Red Team operations.
Victor is founder of Red Defender Technologies and Senior Red Team Analyst at United Airlines with 8 years of experience in offensive security. After immigrating to the United States in 2017 from Spain, Victor started his stateside career at Underwriter Laboratories doing penetration testing on medical device technologies, including software and hardware-embedded devices, wireless devices, and web and mobile applications.

This talk will dive into the top 10 vulnerabilities commonly exploited in AWS environments, exposing how attackers leverage these weaknesses to compromise cloud infrastructure. The vulnerabilities include:
      1.    Misconfigured S3 buckets,
      2.    Weak Identity and Access Management (IAM) policies,
      3.    Insecure APIs,
      4.    Unencrypted data at rest or in transit,
      5.    Vulnerable EC2 instances,
      6.    Poor network security configurations,
      7.    Inadequate secrets management,
      8.    Serverless architecture flaws,
      9.    Container security issues, and
      10.   Insufficient logging and monitoring.
This hands-on session will include live demonstrations of some of these vulnerabilities being exploited in real time, providing attendees with a unique opportunity to see the risks in action. By the end of the session, participants will leave with a deeper understanding of these critical threats and how attackers operate in the cloud environment.

Freddy Kasprzykowski is a Senior Security Consultant with Amazon Web Services Professional Services based in Florida, USA with 20+ years experience in Information Technology. He assists customers adopt AWS services securely according to industry best practices, standards, and compliance regulations.

This talk is about how to perform security tests by configuring the ZAP Proxy for it and also how to integrate them into automation pipelines to perform such tests in the relevant stages.

I will also discuss how to integrate with the other security tools in the same complete pipeline in order to have security throughout the SDLC and explain how to have visibility of the vulnerabilities that appear in each of the steps.

I am Antonio Juanilla known as Specter, I am an active member and collaborator of the communities in Spain HackMadrid%27 and HackBarcelona%27, a member of the CTF flagHunters team, I am DevSecOps, and a speaker in the different conferences in LATAM and Spain.

The blockchain and crypto ecosystem has revolutionized how we think about finance and technology. However, with innovation comes the need for robust security measures. Bug bounties have emerged as a critical tool to incentivize ethical hackers and developers to discover vulnerabilities before malicious actors exploit them.

In this talk, we will explore the intersection of blockchain bug bounties and open source development, discussing how crypto projects can leverage collaborative frameworks to enhance security. Attendees will gain insights into creating impactful bounty programs, fostering a security-first community, and contributing to open source ecosystems.

Kenneshka DaSilva
Cloud Security Consultant

Due to the rise of generative AI, AI has become more accessible to the public. Therefore, more and more people are using AI to perform various tasks. Unfortunately, although AI can be used for many good things such as powerful data analytics, criminals are using AI to help them perform various attacks from generating more convincing phishing emails to stealing passwords. In this presentation, learn about the different techniques that criminals are using to attack systems with the help of AI, and discuss what organizations and individuals can do to prepare and protect themselves from this threat.

Anmol Agarwal

Dr. Anmol Agarwal is a senior security researcher focused on securing AI and Machine Learning in 5G and 6G. She holds a doctoral degree in cybersecurity analytics and a master’s degree in computer science. Her research focused on security vulnerabilities in Machine Learning.She is a frequent speaker at international conferences and speaks about the offensive and defensive aspects of AI Security. Comment end

This workshop was delivered this year in Defcon (Blue team village, Cloud village, ICS Village, Packet Hacking Village, Wall of Sheep, Creator Stage, Telco Village, and Adversary Village). It is now more refined and streamlined after many iterations.
In the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models.

Join us on a journey to enhance security operations efficacy and efficiency. In the intricate and ever-evolving landscape of modern cybersecurity, pinpointing coordinated attacks amid vast volumes of security data is an immensely challenging task. Security professionals constantly wrestle with distinguishing genuine threats from a sea of false positives and isolated incidents. This talk will shed light on how data science can be leveraged to transform an overwhelming number of events, logs, and alerts into manageable clusters, insightful kill chains, and actionable insights using open-source models.
Attendees will gain a comprehensive understanding of the necessary steps to preprocess and normalize diverse data sources, map them to standardized threat models, and use AI-driven methods to contextualize and correlate security events. The session will also cover how to generate different types of tickets, such as false positive advisories, incident reports, and detailed attack stories, to streamline response efforts and enhance security operations' overall efficacy and efficiency.