HackMiami 1101

Ryan Montgomery is a veteran ethical hacker and cybersecurity leader with nearly 20 years of experience protecting people and organizations online. He is the Co-Founder of Pentester.com, a widely used platform for vulnerability scanning and breach detection, and is ranked #1 on TryHackMe, reflecting his elite technical expertise in offensive security.

Beyond hacking, Ryan is a leading advocate for online safety and digital protection, serving as CTO of the Sentinel Foundation, where he helps combat cyber-enabled exploitation worldwide. As a keynote speaker at HackMiami, Ryan brings a rare blend of real-world hacking insight, mission-driven impact, and practical guidance on today's evolving cyber threats..

In today’s rapidly evolving technological landscape, robots are becoming integral to business operations, from Robotic Process Automation (RPA) tools streamlining workflows to Low-Code/No-Code (LCNC) platforms enabling business users to automate processes without deep programming expertise. But what happens when these robots, designed to improve efficiency and reduce human error, start to behave unpredictably? When automation goes awry, it can lead to vulnerabilities, operational disruptions, and even security breaches.

In this session, we will explore the intersection of automation and security, focusing on the risks posed by RPA and LCNC technologies. We'll dive into real-world scenarios where robotic automation “goes rogue” and examine the potential impact on your organization’s data, infrastructure, and compliance posture. From unexpected behavior in automated workflows to security loopholes in custom-built LCNC applications, we'll cover how to recognize, mitigate, and recover from these challenges.

Jordan Bonagura
Senior Security Consultant at Secure Ideas
Information Security Researcher
IT Professor and Course Coordinator
Computer Scientist Post Graduated in Business Strategic Management, Innovation and Teaching Founder - Vale Security Conference - Brazilian Conference Director Member of Cloud Security Alliance Brazil Advisory Member of Digital Law and High-Tech Crimes OAB (Association of Brazilians Lawyers) SJC Hacker Space Founder Speaker (DefCon, AppSec California, GrrCon, Angeles Y Demonios, BSides Augusta, Bsides SP, H2HC, Silver Bullet, SegInfo, ITA, INPE, BalCCon2k14, Red Hack Con, Triangle InfoSeCon, Hack Miami, Hack Space Conetc) .

Technology alone does not transform organizations—people and culture do. The modern enterprise operates across multiple operational domains: DevSecOps, MLOps, AIOps, and data operations. Each domain often evolves independently, leading to fragmented tooling, duplicated processes, and operational silos. This talk introduces X-Ops as a unified operational paradigm and explains how OSDO acts as the enabling framework to connect these domains under a shared model. The session covers how OSDO standardizes pipelines, security controls, observability, and automation across software delivery, infrastructure, and AI-driven operations. Practical examples include event-driven automation, intelligent alerting, and decision-making workflows supported by AIOps concepts.

Bio
Tony Juanilla
Hackerdreams

In this session, we will explore a real-world security incident caused by misconfigured AWS Security Groups, which led to a 15-day data leak of sensitive information. Attendees will learn:

• The root causes of the incident including human error, lack of automation, and high-pressure startup environments.
• The timeline of the breach, from exposure to detection via Shodan. Immediate corrective actions taken, such as access closure, insurance engagement, and migration to OpenSearch.
• Best practices to prevent similar incidents, including the principle of least privilege, peer reviews, and automated monitoring.
• AWS-native and open-source tools (e.g., Security Hub, GuardDuty, Prowler, ScoutSuite) for proactive security.

This talk is a candid reflection on how cutting corners in DevOps can backfire, and how adopting a security-first mindset can save time, money, and reputation.

Bio
Francisco is a Senior DevOps Engineer and DevSecCon Spain Chapter leader with expertise in cloud security, automation, and incident response. Francisco regularly speaks at conferences, meetups, and community events, such as AWS User Group Madrid, where he shares his expertise and advocates for secure, scalable cloud practices. He is passionate about fostering knowledge exchange and collaboration in the tech community.

AI is rapidly becoming part of the red team toolkit, and the Model Context Protocol (MCP) is opening the door to a new generation of offensive security tools. This meetup will explore MCP-enabled red team tooling and show how security practitioners use AI agents for reconnaissance, exploitation, and workflow automation. The focus will be hands-on, practical, and offense-oriented.

We’ll showcase tools like Kali MCP, which brings MCP support into Kali Linux, and HexStrike-AI, a platform for AI-assisted red teaming and attack simulation. Other emerging MCP-based frameworks used for adversary emulation will also be discussed.

Topics include what MCP is and why it’s important for red team operations, how AI agents integrate with traditional pentesting tools, and live demos of MCP-powered red team utilities. We’ll also examine the strengths, limitations, and real-world risks of AI-assisted offense—and what defenders need to know to prepare for this evolving landscape.

Bio
Jonathan Respeto is a cybersecurity professional working in the information technology industry, bringing a strong technical background and practical expertise in cybersecurity. He is committed to continuous learning and staying current with emerging technologies, with a particular focus on cloud computing and container orchestration. In addition to his professional work, Jonathan actively participates in industry communities and events, including cybersecurity and technology-focused gatherings such as this meetup and DEF CON. These experiences reflect his dedication to understanding real-world security challenges and keeping pace with evolving industry trends. Through his work and presentations, Jonathan aims to share knowledge, encourage collaboration, and make complex technical concepts accessible to diverse audiences.

The most exploitable attack surface in modern businesses might not be their network perimeter, it's the Bluetooth-enabled receipt printer broadcasting without authentication. This talk demonstrates how trivially easy it is to hijack commercial Bluetooth devices using only a smartphone, then scales that threat to reveal city-wide surveillance implications through systematic warwalking research.
I'll demonstrate live exploitation of devices I've compromised in the wild: receipt printers, Samsung TVs, and commercial IoT devices, all requiring zero technical knowledge to attack. Then I'll show how I scaled this from opportunistic hacking to systematic research using a $100 Raspberry Pi rig running Kismet with GPS tracking, collecting over 100,000 device observations across San Francisco, Nashville, NYC, and Las Vegas.
The privacy implications are severe: 60-65% of Bluetooth devices broadcast persistent identifiers enabling long-term tracking as people move through cities. I'll present data-driven analysis showing how static MAC addresses combined with GPS logs create a surveillance infrastructure accessible to anyone with basic Python skills. Hotel door locks broadcast room numbers in plaintext. Air purifiers send 50 packets per minute for no legitimate reason. The gap between "possible to secure" and "secured in practice" is enormous.
Attendees will see live demonstrations including a receipt printer available for audience hijacking attempts, real-time Kismet data collection from conference attendees' devices, and Python analysis scripts running against live data. I'll share open-source tools for conducting this research and provide actionable defensive recommendations for manufacturers, businesses, and individuals.
This presentation combines accessible exploitation demonstrations with rigorous data science to show that if I can build city-scale surveillance infrastructure without Bluetooth expertise, anyone can.
Bio
Matt Miller (kn0ck0ut) is an ethical hacker, Master's student in Data Science, and serial entrepreneur who likes breaking things to figure out how they work. With a background in application security and solo-founding multiple startups, he recently dove deep into wireless security research, combining data science methodologies with hands-on hacking. Over the past year, he's conducted extensive Bluetooth warwalking across multiple cities, collecting hundreds of thousands of device observations using custom Raspberry Pi rigs. His research applies statistical analysis to real-world security failures, revealing both exploitation opportunities and surveillance risks in urban wireless environments. He believes in making complex security concepts accessible while showing the practical consequences of wireless misconfigurations. .

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident.

Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

Serverless C2 represents a specialized approach in malware design aimed at achieving long-term persistent access, with maximizing dwell time as the primary objective. This session deep dives an obscure aspect of malware implants engineered for utmost stealth and prolonged access. The presented malware concepts and examples are specifically designed to evade the three primary modes of C2 callback detection: Network egress: Periodic API callbacks with encrypted or structured data that's easily signatured.
Sleep detection: Defenses heavily target this idle state Periodic activity: Timing detection on common malware operations. The session will showcase malware design concepts and practical examples that bypass these core modes of modern malware detection. Samples will be demonstrated that evade defenses in hardened environments, including those leveraging N-day communication methods.
Bio:
Kirk Trychel is a veteran cybersecurity professional specializing in offensive security, red team operations, and malware development. A lifelong hacker, he has led red teams at the U.S. Department of War, Secureworks Adversary Group, CrowdStrike Adversary Emulations, and Box. He currently serves as Senior Offensive Security Engineer at Group 1001. Trychel pioneered methodologies for an inaugural US Marine Corps Red Team at the Pentagon and the first Cloud Offensive Pentest team at Secureworks. His contributions include developing the Tempest Rust-based C2 framework (presented at DEF CON 32, 2024) and authoring MALicious softWARE: Omnibus (2025), a guide to payloads and evasion techniques. He shares expertise through talks at conferences, the whoami podcast, and open-source projects on GitHub and X (@Teach2Breach).

Software Defined Radio, SDR, has been a viable asset for those interested in communications. With just under $100 a person can intercept satellite communications from even the International Space Station. What if I tell you that for less than $1,000 and a laptop you can intercept every satellite? VSAT, very small aperture terminal is a two way ground station that is used by many industries to include the military. One can simply do an internet search and discover the types of equipment used by the military branches across the world. A simple Iridium antenna can intercept most satellite communications. However, for around $1,000 a person can build out a rig that allows them to intercept every form of satellite communication out there, to include those used by the military for missile defense. This research is a combination of what occurs when one goes beyond the theory and into the practical application of hacking network communication systems. SDR, satellite, antennas and encryption will be discussed.

Bio
Dr. Chris Esquire, esq. - “The Doctor of Cyber Security & Law”

Temporibus autem quibusdam et aut officiis debitis aut rerum necessitatibus saepe eveniet ut et voluptates repudiandae sint et molestiae non recusandae.

This presentation explores the architecture behind an AI-powered vishing platform that won DEF CON 33's Battle of the Bots competition. We'll examine how cloud telephony, conversational AI, and real-time state management combine to create a system that scales from single calls to thousands of simultaneous campaigns. The talk demonstrates practical attack scenarios including IT helpdesk impersonation, obtaining OAuth device codes for initial access, and building custom tooling that enables agents to query employee data, verify department structures, and reference internal processes mid-conversation. We'll also address the accessibility of these capabilities and provide defensive frameworks for organizations facing scaled voice-based attacks."

Matt Bangert is a Senior Security Consultant at DirectDefense specializing in penetration testing and AI-powered social engineering. He holds a DEF CON Black Badge for Social Engineering (DEF CON 30) and won the inaugural Battle of the Bots competition at DEF CON 33 with his AI-driven vishing platform. Matt is OSCP certified with nearly a decade of experience in offensive security.

Michael Tomlinson is a Senior Enterprise Security Consultant at DirectDefense and USAF veteran specializing in red team operations and adversary emulation. Holding certifications including CRTO, CRTP, PNPT, and BTL1, he excels at designing C2 infrastructure and executing targeted social engineering campaigns. His expertise spans offensive security from complex Active Directory exploitation to AI-powered attack development. Michael won first place at DEF CON 33's Battle of the Bots AI Vishing Competition (2025).

Behind the abstraction lies a misconception, that serverless means responsibility. Spoiler alert - it doesn’t. Fast and adaptable, serverless is also dangerously simple to configure incorrectly. In highly dynamic, event-driven Cloud environments, sporadic and fine-grained service integrations introduce unique attack surfaces that traditional security models fail to address.
This technical session dives deep into the tactics, techniques, and procedures (TTPs) adversaries use to exploit serverless applications via new attack vectors, including vulnerable libraries, leaky secrets, wildcard IAM roles, and insecure triggers. It also emphasizes actionable, tried-and-true methods over theory - equipping practitioners with the skills to defend modern serverless stacks while maintaining operational velocity.
This talk is designed for professionals building and securing cloud-native, serverless architectures, where visibility is limited, the blast radius is significant, and assumptions can be risky. We introduce LynxLab, an open-source home lab framework developed by us to simulate realistic attack and defense scenarios in serverless environments, enabling practitioners to better understand and mitigate evolving cloud security threats.
Shivam Dhar -
Speaker Bio: With nearly a decade of experience across sectors such as e- commerce, healthcare, gaming, open-source, and cybersecurity, within both large enterprises and agile startups, Shivam brings a creative, solutions-driven approach to complex challenges. Committed to community engagement, he actively mentors early-career cybersecurity professionals, judges prestigious tech awards, peer-reviews academic research, and contributes to tech-for-good initiatives with nonprofit organizations. He currently leads cloud security efforts at JPMorganChase, driving robust solutions to support the firm’s ongoing growth. Nimish Sharma -
Speaker Bio: Results - driven Cybersecurity Engineer with diverse experience across Healthcare, Banking, Public, and Telecom sectors, cross-functional project guidance and stakeholder support, security architecture strategy, application security, predictive analytics, and enterprise risk management. Adept at designing and implementing scalable solutions, driving automation, and delivering quantifiable value and innovation.

Agentic AI is changing software delivery from fixed pipelines to autonomous systems that choose tools, call services, and generate code on the fly. That flexibility brings speed, but it also creates a new kind of supply-chain risk. When agents make decisions, every tool call becomes a trust boundary and every prompt becomes a potential attack surface.This talk shows how agent-driven workflows amplify familiar threats like dependency confusion and malicious integrations, while introducing new ones unique to autonomy. We walk through real failure patterns, including poisoned retrieval sources, hostile tool adapters, and prompt-level attacks that quietly steer agents toward unsafe actions.
We then focus on practical defenses: trusted capability registries, signed tool metadata, verifiable agent identities, and runtime controls that check intent before tools are used. Attendees will leave with a clear mental model of where agentic systems break, how attackers exploit them, and how to harden autonomous automation without sacrificing speed."
Bio
Aamiruddin Syed is a Cybersecurity Professional with over a decade of experience specializing in DevSecOps, Shift-Left Security, Cloud Security, and Internal Penetration Testing. He is the OWASP GenAI Supply Chain Project Co-Lead and an active contributor to the CSA Agentic AI initiative. He authored Supply Chain Software Security – AI, IoT, Application Security (Apress/Springer) and has deep expertise in automating security in CI/CD pipelines, infrastructure as code, and cloud hardening. He routinely conducts internal security assessments of critical systems and is known for bridging the gap between security and engineering teams to embed security directly into products. As recognized advocate for secure development, he is a frequent speaker and session chair at leading industry conferences including RSA Conference, DEFCON, and Black Hat. In 2024, he was honored with the Impact Award for Professional Excellence in Dubai.

"Authorized Personnel Only" is just a suggestion if you're a badgewhisperer... Join Evan "Shortrange" Cook — creator of the OpenDoorSim and trainer to over 300 students — for a high-octane "Zero to Hero" bootcamp that demystifies RFID security in under an hour. This isn’t a passive lecture; it’s a live-fire mission fast-tracking you from bystander to budding breacher. We'lll kick off by tearing down the theory behind RFID and wiegand vulnerabilities. Then, we'll learn the battle-tested 3-step methodology Evan has taught to everyone from grandmas to special forces operators. From there, you take the wheel: using Flipper Zeros, Proxmarks, and the world’s first access control lab built entirely from off-the-shelf parts, you will learn to clone badges, replay credentials, and bypass controllers in real-time. Come ready to beep, boop, and break your way in with the audience as Shortrange takes you into the incredible world of access control!
Bio

Evan "Shortrange" Cook is a physical security researcher who specializes in turning locked doors into open opportunities. A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak successfully in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

?In the world of affiliate marketing, the "last-click" wins. But what happens when a browser extension with millions of users intercepts that click at the millisecond of checkout? This talk dives into the mechanics of the "Honey Scam"—a controversial practice where popular coupon extensions allegedly hijack affiliate commissions from content creators. we will examine the technical "gray hat" tactics used to overwrite browser cookies, the legal fallout involving major fintech players, and the broader security implications of granting "read and change all data" permissions to browser add-ons. Attendees will walk away with a deeper understanding of how affiliate fraud is evolving and how to audit extensions for predatory behavior.
Bio
Alex Heid
President and Cofounder of Hackmiami

What would happen if a previously undocumented and novel cloud attack allowed remote command execution inside an Azure tenant, enabled attackers to modify credentials at scale, and even remove all Global Administrators except one—while leaving almost no trace in logs? This talk walks through a real-world multinational corporate incident where defenders faced exactly that scenario.
We will explore how the compromise unfolded, why traditional Azure logging and monitoring failed, what signals still remained, and how we built a response strategy under near-blind conditions. Attendees will see the investigative techniques used, the hypotheses tested, which Azure artifacts still provided intelligence, and the operational decisions required to regain control of the tenant.
Finally, we will discuss key lessons learned, detection and containment strategies, architecture hardening recommendations, and practical playbook updates for Incident Response teams working in Azure environments. This session is aimed at Blue Teams, DFIR practitioners, SOC analysts, and cloud security leaders who need to be prepared for the next generation of stealthy Azure-based attacks.
Bio Manuel Moreno
CEO – Incident Commander
Global Secure

As AI and large language models (LLMs) become increasingly embedded in real-world applications — from chatbots and copilots to security tools and customer service — the attack surface is growing faster than our ability to secure it. This talk explores combining security frameworks with red teaming methodologies to build resilient, secure AI/LLM systems. Using real-world attack scenarios like prompt injection, model abuse, and data leakage, I will show how frameworks such as the OWASP LLM Top 10 and NIST AI Risk Management Framework can be operationalized through practical red teaming exercises.

Key Topics

• The expanding attack surface of AI/LLM applications
• Overview of OWASP LLM Top 10 and NIST AI Risk Management Framework
• Red teaming methodologies specifically designed for AI/LLM systems
• Real-world attack scenarios: prompt injection, model abuse, data leakage, and jailbreaking
• Practical strategies for building defense-in-depth for AI applications
• Bridging the gap between security frameworks and hands-on testing

Learning Outcomes

• How to apply security frameworks to AI/LLM applications
• Red teaming techniques specific to language models
• How to identify and mitigate common AI/LLM vulnerabilities
• Actionable steps to secure their AI deployments

About the Speaker
Samuel A. Cordoba is a Systems Engineer and Cybersecurity Executive with 10+ years of experience spanning banking, oil & gas, and government sectors. CISSP certified, he excels in designing, implementing, and managing high-level security programs aligned with strategic objectives and compliance standards.

He has spoken at international conferences on cybersecurity, AI, and data protection, serving as trainer, speaker, and panel moderator for ISACA, Internet Society (ISOC), Bsides, CyberBay-CyberFlorida and Universities. Recognized for thought leadership and impactful presentations, he has represented major organizations in national cyber defense initiatives, partnering with the Ministry of National Defense to influence policy changes that significantly improved critical infrastructure protection.

He is particularly interested in the integration of AI and cybersecurity, cloud security, adoption of DevSecOps, threat simulation, zero-trust architecture, and supply chain and third-party risk management.

Thank you for considering this proposal. I look forward to the opportunity to contribute to HackMiami 2026 and would be happy to provide any additional information needed. .

Aenean auctor wisi et urna. Aliquam erat volutpat. Duis ac turpis. Integer rutrum ante eu lacus.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus finibus, neque vitae hendrerit eleifend, felis elit rhoncus nulla, vitae iaculis mauris arcu in magna.