Bio: Marco Figueroa is an industry-leading security research expert and is the driving force behind the technical success and outreach of the 0Din GenAI Bug Bounty Program. With a hands-on approach to coding, bug hunting, and technical problem-solving, he effectively bridges the gap between his technical expertise and non-technical stakeholders, ensuring that complex concepts are accessible and comprehensible to all. Marco's passion for fostering a collaborative environment ensures that researchers and developers alike are equipped with the tools and support they need to secure AI systems. Through his leadership and technical expertise, Marco continues to advance the field of AI security, fostering innovation and collaboration within the community.

Trusted by threat actors such as APT29, BRONZE STARLIGHT, TA551 and Red Teamers alike.
Bishop Fox Sliver is a versatile Adversary Emulation Framework ready to help tackle your next op. We will go over setting up the C2 and generating binary implants for Linux, Mac or Windows targets. Touch on obfuscating these implants and setting up workflows to bypass antivirus and system protections.

Suggestions will be provided for places to host your C2 and stagers, taking advantage of service providers' positive reputation to help reduce the chances of being blocked.
After this we will get into interacting with your fresh new shells. Migrating into other processes, setting persistence, getting screenshots, pivoting and other recon before loading 3rd party modules from the Armory. Finally we gather the desired loot and set new tasks for the zombie slaves to carry on.

Evan Wagner Security Researcher, President and Founder of Hack NWA

Imagine running your business without access to your data—or worse, having that data fall into the wrong hands. The knowledge and insights your company has gathered over the years and your data are essential to your operations and represent a significant competitive advantage in today’s fast-paced business environment.

Given this, it’s critical to implement robust policies to safeguard this valuable asset. However, it’s equally important to recognize how a narrow focus on specific security measures—"tunnel vision"—can create blind spots, leaving your company vulnerable to serious threats. In this context, I'll highlight how this kind of oversight can lead to significant security gaps, putting your company at risk of costly breaches and reputational damage.

Jordan Bonagura
Senior Security Consultant at Secure Ideas
Information Security Researcher
IT Professor and Course Coordinator
Computer Scientist and Post Graduated in Business Strategic Management, Innovation and Teaching
Founder - Vale Security Conference - Brazilian Conference and Hacker Space
Speaker (AppSec California, GrrCon, Angeles Y Demonios, BSides Augusta, BSides SP, H2HC, Silver Bullet, SegInfo, ITA, INPE, BalCCon2k14, Red Hack Con, Triangle InfoSeCon, etc)

"Can you dump some white powder into our clean water tanks that feed our city of 50,000 people?" is how the conversation began. As we went through the scope, we began to see the challenges of compromising a government critical infrastructure facility. They also added a second location, their wastewater facility and tasked us with breaching that area as well. We tested the physical defenses of both locations over a span of approximately 36 hours and what we found was...well, you'll have to attend the talk to find out! Patrick is a professional penetration tester with Compass Cyber Guard in Rhode Island. He has been doing pentesting since 2016 and has had a focus on social engineering since 2017. He is the creator and organizer of the Layer 8 Conference, the first to solely focus on social engineering and OSINT topics, happening in Boston in June. He earned the Certified Ethical Social Engineer certification in 2023 and has also taught a variety of cybersecurity topics.

Attackers face significant challenges as enterprises increasingly implement defense-in-depth strategies, deploying an average of 20–30 security tools within mid-sized organizations. To succeed, attackers must bypass a broad range of security measures throughout the entirety of their attack chain. This session will deep dive into the latest tactics and techniques employed by threat actors, informed by the analysis of recent attacks and investigations. We will examine methods such as code obfuscation, HTML smuggling and resource concealment, and anti-bot protections (e.g., sandbox evasion), the exploitation of legitimate cloud services, and the use of service-based offerings within the cybercrime underground. The session will open with an exploration of how these advanced techniques have evolved in the past 20 years. It will include code reviews of malware and phishing campaigns, presented in an accessible format for participants without programming expertise. These reviews and demonstrations will highlight not only obfuscation tactics but also how threat actors reverse-engineer security solutions to introduce subtle yet impactful changes that render their malware, phishing schemes, and automated tools undetectable by existing defenses. impactful changes that render their malware, phishing schemes, and automated tools undetectable by existing defenses.

Danna Pelleg is a seasoned Cybersecurity Manager with over a decade of experience in the industry. Currently, she leads the Managed Threat Detection and Response Global Hunters Team at Cato Networks' cybersecurity research lab. Pelleg's expertise lies in creating and implementing threat-hunting strategies, leveraging advanced tools and technologies, and providing actionable insights to clients. She is well-versed in the latest threat intelligence and hunting techniques, which she applies in her current role. Before joining Cato Networks, Pelleg led the cybersecurity research lab at Trusteer, IBM, where she primarily focused on advanced threat research. Before that, she worked at RSA Security, examining threats in the banking industry. Pelleg holds a BA in Behavioral Sciences with a specialization in Psychology, which provides her with a unique perspective on human behavior in relation to cybersecurity threats.

In this session, we'll explore the development of an in-house threat modeling assistant that leverages Large Language Models through AWS Bedrock and Anthropic Claude. Learn how we're building a private solution that automates and streamlines the threat modeling process while keeping sensitive security data within our control. We'll demonstrate how this proof-of-concept tool combines LangChain and Streamlit to create an interactive threat modeling experience. Join us to see how modern AI technologies can enhance security analysis while maintaining data privacy.

This presentation will explore real-life stories from the trenches, representing how unknowns have allowed malicious actors to thrive. We’ll dive into specialized tools and techniques attackers use, especially cybercriminals and nation-states. We’ll demonstrate hacking techniques that illustrate the ease of compromise against multiple target types, from cloud applications to industrial robots. Finally, we’ll share vendor-agnostic mitigation strategies to help you discover, secure, monitor, and respond more eLiciently and eLectively by converting your unknowns to knowns. Malicious actors count on you being passive regarding unknowns and want you to fail. Disappoint them!

Joseph Salazar is a seasoned cybersecurity professional with over 25 years of experience in both military and civilian sectors. He is a retired Major from the U.S. Army Reserves, where he served for 22 years as a Counterintelligence Agent, Military Intelligence Officer, and Cybersecurity Officer. Throughout his civilian career in cybersecurity, he has held numerous roles and co-authored a book on Deception Technology. He maintains several certifications, including the CISSP, CEH, and EnCE, and is currently serving as a Senior Product Marketing Manager at Bastille Networks.

You spend your time configuring HTTP headers and hardening your containers, meanwhile your CFO just downloaded a Chrome extension to make the font in Gmail larger. What are Chrome extensions, exactly? We'll dive into details, including: format, contents, static analysis with custom rules, threat modeling (when does this even matter?), and in general what to look for. We'll cover some historical malicious extensions and how they worked (incl. on red teams). We'll then demo a tool I've just released for this: CRXaminer (https://crxaminer.tech, WIP) and how you can immediately start using it. We'll finally do some data analysis on statistics we've uncovered by using this tool at scale on many extensions, and uncover general trends and findings.

Mark started as an offensive security consultant, doing penetration testing and code and design reviews. Mark then expanded his skillset into the defensive side, leading cybersecurity at various organizations and industries, including: Gaming, fintech, and biometrics. Mark is a conference speaker, holds security certifications, and was an instructor at a Columbia University cybersecurity bootcamp for over four years. Mark is now Director of Security Engineering at Movable Ink.

We will discuss the latest cyber intelligence practices and techniques, latest research, and software including the use of Generative AI in combination with honeypots.We'll get our hands dirty with examples of low, medium, and high interaction honey pots and discuss use cases including some homework to play with examples in your own lab applying the knowledge that we just covered.

We'll also discuss the topics of operational security in regards to active defense: counterintelligence and the impact of disclosure voluntarily or involuntarily of the existence of your cyber deception program based on academic research.

Christopher Williams
Principal Incident Response Engineer

With the increased use of AI in the last couple of years, there has been a parallel concern of the misuse of AI. And when this happens, you know that governments will get involved. This has led to regulations, such as the recent one from the EU (AI Act 2023) and the attempt in California (SB 1047). But what do these laws attempt to do and where is this going? Alongside regulation, we are also seeing an increase in certifications for AI systems, most notable the ISO/IEC 42001:2023 (AI Management System) and the recently released HITRUST AI Security Assessment and certification. Are these a boon or bane for AI? Will they help their acceptance or curtail their success? We will discuss these new trends coming to AI in this talk.

Understanding how malicious actors think and operate is crucial to safeguarding systems and data. The Hacker Mindset takes participants on an immersive journey into the tactics, techniques, and procedures (TTPs) used by cybercriminals and threat actors. This talk will explore the psychology and motivations driving hackers, providing a deeper understanding of how cyber intrusions unfold—from initial reconnaissance and exploitation to establishing persistence and exfiltrating valuable data.
Dr. Fatou Sankare is a seasoned cybersecurity engineer with years of hands-on experience in both offensive and defensive security. Having worked with various organizations to identify and mitigate complex vulnerabilities, Dr. Sankare brings a unique perspective on the evolving tactics of cybercriminals. With a background in ethical hacking, penetration testing, and threat analysis, Dr. Sankare is passionate about demystifying the hacker mindset and equipping others with the knowledge to protect themselves and their systems.

LoRaWAN has emerged as a leading low-power, wide-area networking (LPWAN) technology, enabling long-range, energy-efficient wireless communication for a broad spectrum of Internet of Things (IoT) applications. From smart agriculture and environmental monitoring to city-scale sensor deployments, LoRaWAN’s flexibility and low operational cost make it an attractive choice for businesses, researchers, and developers alike. In this introductory presentation, I will demystify LoRaWAN—starting from the fundamental principles behind LoRa modulation and spreading factors, to understanding network architecture and device classes. I’ll cover the lifecycle of a LoRaWAN data packet, examine key parameters that influence range and reliability, and offer practical guidance on how to get started with building LoRaWAN-enabled solutions. By the end of this session, attendees will have a solid understanding of LoRaWAN’s capabilities, tools, and ecosystem, empowering them to confidently explore new IoT deployments and innovations. Mike Long Founder: SpaceCoastSec, previously founded SWFLSec

This talk explores the importance of implementing robust access controls in GraphQL and REST APIs and the severe consequences when these controls are not properly enforced. GraphQL, a flexible data query language, allows clients to request exactly the data they need, but without proper access control mechanisms, sensitive data can be easily exposed. Using the Feeld dating app as a case study, we will dive into a critical security review of how the lack of access controls in GraphQL and REST endpoints led to the exposure of users’ personal data, including sensitive photos, videos and private messages. This session will highlight common access control vulnerabilities in GraphQL and REST implementations , real-world examples of security lapses, their impact and remediation. Bogdan Tiron Managing Partner at FortBridge UK

Building a physical implant for Red Team engagements brings with it some unique challenges. For one, such an implant could be put just about anywhere: a bathroom without a power outlet, it could be dropped from a drone onto a roof or shack, the possibilities are endless. The potential for unlimited locations, then, requires a configuration unique to each. This presentation will dive into the analysis, design and implementation of physical implants using LoRa modulation as an alternative method of remote communication for Red Team operations.
Victor is founder of Red Defender Technologies and Senior Red Team Analyst at United Airlines with 8 years of experience in offensive security. After immigrating to the United States in 2017 from Spain, Victor started his stateside career at Underwriter Laboratories doing penetration testing on medical device technologies, including software and hardware-embedded devices, wireless devices, and web and mobile applications.

This talk will dive into the top 10 vulnerabilities commonly exploited in AWS environments, exposing how attackers leverage these weaknesses to compromise cloud infrastructure. The vulnerabilities include:
      1.    Misconfigured S3 buckets,
      2.    Weak Identity and Access Management (IAM) policies,
      3.    Insecure APIs,
      4.    Unencrypted data at rest or in transit,
      5.    Vulnerable EC2 instances,
      6.    Poor network security configurations,
      7.    Inadequate secrets management,
      8.    Serverless architecture flaws,
      9.    Container security issues, and
      10.   Insufficient logging and monitoring.
This hands-on session will include live demonstrations of some of these vulnerabilities being exploited in real time, providing attendees with a unique opportunity to see the risks in action. By the end of the session, participants will leave with a deeper understanding of these critical threats and how attackers operate in the cloud environment.

Freddy Kasprzykowski is a Senior Security Consultant with Amazon Web Services Professional Services based in Florida, USA with 20+ years experience in Information Technology. He assists customers adopt AWS services securely according to industry best practices, standards, and compliance regulations.

This talk is about how to perform security tests by configuring the ZAP Proxy for it and also how to integrate them into automation pipelines to perform such tests in the relevant stages.

I will also discuss how to integrate with the other security tools in the same complete pipeline in order to have security throughout the SDLC and explain how to have visibility of the vulnerabilities that appear in each of the steps.

I am Antonio Juanilla known as Specter, I am an active member and collaborator of the communities in Spain HackMadrid%27 and HackBarcelona%27, a member of the CTF flagHunters team, I am DevSecOps, and a speaker in the different conferences in LATAM and Spain.

The blockchain and crypto ecosystem has revolutionized how we think about finance and technology. However, with innovation comes the need for robust security measures. Bug bounties have emerged as a critical tool to incentivize ethical hackers and developers to discover vulnerabilities before malicious actors exploit them.

In this talk, we will explore the intersection of blockchain bug bounties and open source development, discussing how crypto projects can leverage collaborative frameworks to enhance security. Attendees will gain insights into creating impactful bounty programs, fostering a security-first community, and contributing to open source ecosystems.

Kenneshka DaSilva
Cloud Security Consultant

Due to the rise of generative AI, AI has become more accessible to the public. Therefore, more and more people are using AI to perform various tasks. Unfortunately, although AI can be used for many good things such as powerful data analytics, criminals are using AI to help them perform various attacks from generating more convincing phishing emails to stealing passwords. In this presentation, learn about the different techniques that criminals are using to attack systems with the help of AI, and discuss what organizations and individuals can do to prepare and protect themselves from this threat.

Anmol Agarwal

Dr. Anmol Agarwal is a senior security researcher focused on securing AI and Machine Learning in 5G and 6G. She holds a doctoral degree in cybersecurity analytics and a master’s degree in computer science. Her research focused on security vulnerabilities in Machine Learning.She is a frequent speaker at international conferences and speaks about the offensive and defensive aspects of AI Security. Comment end

Are you a blue teamer that wants to learn more about those pesky viruses you’re always stomping? Or are you a penetration tester that wants to learn the basics of writing your own implants? Either way, this the presentation for you!. We will make our way through the alphabet all the way from A, to Z, learning about important Malware Development topics and tricks Landon Rice Threat Researcher with RedSense. He specializes in tracking adversary tradecraft and infrastructure

This workshop was delivered this year in Defcon (Blue team village, Cloud village, ICS Village, Packet Hacking Village, Wall of Sheep, Creator Stage, Telco Village, and Adversary Village). It is now more refined and streamlined after many iterations.
In the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models.

Join us on a journey to enhance security operations efficacy and efficiency. In the intricate and ever-evolving landscape of modern cybersecurity, pinpointing coordinated attacks amid vast volumes of security data is an immensely challenging task. Security professionals constantly wrestle with distinguishing genuine threats from a sea of false positives and isolated incidents. This talk will shed light on how data science can be leveraged to transform an overwhelming number of events, logs, and alerts into manageable clusters, insightful kill chains, and actionable insights using open-source models.
Attendees will gain a comprehensive understanding of the necessary steps to preprocess and normalize diverse data sources, map them to standardized threat models, and use AI-driven methods to contextualize and correlate security events. The session will also cover how to generate different types of tickets, such as false positive advisories, incident reports, and detailed attack stories, to streamline response efforts and enhance security operations' overall efficacy and efficiency.