Seasoned leader in security and cyber-intelligence with more than twenty years of experience protecting critical systems around the world. Exceptional communicator, having presented and provided keynote insights more than two hundred times in more than forty countries. Internet-scale problem solver.

Delve into the layers of Cybersecurity from Solutions to the human element.. It will be interactive with the attendees and contain some reviews of recent Cyberattacks and how they could have been thwarted.

Bio
Jamie Ward is a Cybersecurity Expert with Inversion6 with an undeniable passion for protecting Corporations, State, Local and Tribal (SLTT's) governments entities from Cyberattacks. With over 20 years of Cybersecurity experience, assisting organization’s leadership and Cybersecurity teams to deal with the present and future Cyber Threats. Jamie also served for 12 years as Mayor of Mayfield, NY. Jamie has a thorough understanding of both public and private sectors which allows both worlds to benefit from his insight.

In this talk, we will explore the potential security risks associated with the use of Terraform, a popular infrastructure-as-code tool. We will demonstrate how a malicious actor can exploit Terraform to elevate privileges, exfiltrate sensitive data, and gain unauthorized access to cloud environments. The presentation will include live demos showcasing real-world attack scenarios and will conclude with practical recommendations for securing Terraform implementations.

Michael McCabe is the president of Cloud Security Partners, where he specializes in helping clients securely migrate their workloads to the cloud. With extensive experience working with large financial institutions during their cloud transformations, Michael is dedicated to creating secure and user-friendly solutions for his clients. He has been a featured speaker at numerous security conferences, including LASCON, Defcon, DevSecOps Days, and BSides.

Join us as we provide insight into the workings of offensive operations targeting Russian systems and networks. This will be a comprehensive overview, including topics ranging from global affairs, unique challenges, and target selection to misattribution, disruption, and exit strategies. Such operations are typically restricted to state-sponsored personnel, so this session is intended not to be a “how-to”, but to discuss the tactics employed by hackers confronting foreign adversaries.

Bios
Steve Borosh started hacking the planet with Black Hills Information Security in 2021 and has been instructing offensive courses since 2015. Steve has instructed at conferences such as BlackHat and Wild West Hackin' Fest, for Fortune 500 companies, and for federal law enforcement. He currently annoys system administrators as part of the ANTISOC team at BHIS and enjoys releasing shock-and-awe research blogs and open-source tools to drive change in the industry.

Kaitlyn is an offensive operator on the ANTISOC team at Black Hills Information Security where she pokes and prods customer environments relentlessly. Since 2021, she has been teaching and assisting with offensive and defensive material in webcasts, conference trainings, and master-level university courses. She loves diving into rabbit-holes for long-lost information and finding fun ways to do things _not_ "as-intended". She encourages students to push past contrived approaches to offensive security and demonstrate the real-world impact of what someone with "no scope" may achieve against their targets.

n recent years, the security landscape of file systems has seen increasing challenges from vulnerabilities associated with file redirection mechanisms such as symbolic links (symlinks), hard links, and reparse points in Windows systems. These issues, present in Microsoft products as well as in third-party software, pose significant risks by enabling unauthorized file and directory access and manipulation. This presentation will address the shortcomings of traditional static testing methods in identifying these complex vulnerabilities, emphasizing the importance of dynamic testing, especifically through binary instrumentation. A key focus will be on the role of Microsoft's Detours, a software package for monitoring and instrumenting API calls on Windows, in the process of hunting for vulnerabilities. Detours' ability to dynamically trace and modify API calls makes it a great tool for uncovering potential security issues.

The purpose of this talk is to showcase the critical role of instrumentation, particularly via Microsoft's Detours, in identifying security vulnerabilities related to privileged file system operations. Attendees will discover the limitations of static analysis and the significant benefits of using instrumentation to identify vulnerabilities that require a deep understanding of complex logic and context. The presentation will focus on actively searching for and identifying file redirection vulnerabilities, highlighting a systematic approach to hunt for this type of bugs.

Asher Davila: A Mexican vulnerability researcher in Silicon Valley, specializing in binary analysis, binary exploitation, reverse engineering, and hardware hacking. Currently focused on IoT and OT vulnerability hunting and creation of security strategies. His main goal is to contribute to the global cybersecurity community:

https://github.com/AsherDLL
https://cronop-io.github.io/
https://twitter.com/asher_davila


(Co-presenter) Alam Lastra: Cybersecurity professional committed to staying at the forefront of the field, dedicated to various projects, such as teaching and doing security research. Continuously expanding his knowledge and skills to protect others against cyber threats.

https://www.linkedin.com/in/alamlastra

In recent years, especially with both the impact of ChatGPT and AI artwork, artificial intelligence has come to the forefront for many people. And this includes cybersecurity, especially as people wonder how it may affect them, especially if it takes their jobs! In light of this, many have started working on frameworks that can be applied to AI. NIST, maybe better known for things such as the cybersecurity and privacy frameworks and the like, has in recent years involved itself in AI, in part due to an executive order. This has included the creation of the AI Risk Management Framework (AI RMF), which was rolled out early last year. This framework is intended to help incorporate “trustworthiness” considerations into the design, development, use, and evaluation of AI products, services, and systems. Nor are they alone in this, as there are similar works coming from other countries as well as from international organizations such as ISO/IEC and OECD. With this presentation we will focus on the NIST AI RMF, how it is structured and how it may be used, as well as reviewing the many AI related resources at NIST. We will touch on some of the other frameworks, many of which are already tied with the AI RMF. For any wanting to understand how AI may be improved, understanding these control frameworks may help.

Bio

Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG. GSNA, is an information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA and is a member of ISACA, ISC2, Infragard, and IAPP.

The emergence of artificial intelligence (AI) has transformed the landscape of social engineering and given rise to a new class of AI-powered cyber threats. Earlier this year, a finance professional at a global corporation in Hong Kong was deceived into transferring $25 million to scammers, who leveraged deepfake and voice-cloning technology to impersonate the company's chief financial officer on a video conference call. This talk aims to illuminate the sophisticated capabilities that AI brings to the table in creating hyper-realistic deepfakes and voice clones. Through a captivating live demonstration, we will showcase real-time AI-powered deepfake and voice cloning technologies and demonstrate how they can be used by offensive cybersecurity professionals to conduct highly effective social engineering attacks. This discussion will emphasize the critical need for the development of more sophisticated defense mechanisms to mitigate the risks posed by these rapidly evolving AI-based cyber threats.

AI is more common in SOCs than ever, however, efficacy concerns are plenty. Brace for a journey through the highs and lows of experimenting with AI models to address some of the most important SOC challenges: threat abstraction and threat correlation. You will enhance your ability to evaluate AI solutions, separate hype from reality, assess integration risks, and design your SOC to be AI ready.

Speaker bio
Ezz Tahoun is a distinguished cyber data scientist, who won awards at Yale, Northwestern and Princeton universities as well as prizes from CCCS, CSE, Microsoft, Trustwave and PIA. During his PhD studies in Univ of Waterloo, he had authored 19 papers, 4 open source projects, and was a reviewer for top conferences. He led innovative security projects for Royal Bank of Canada, Orange, Canarie, Huawei, Forescout, various governments, and others. He holds the following certifications: GIAC Advisory Board, GCIH, GSEC, GFACT, CEH, CISM, CRISC, PMP, GCP Prof Cloud Architect, and was an Adjunct Professor of Cyber Security in Toronto's school of management and EC Council. Ezz is also the Founder of Cypienta, a cyber data science startup, backed by TechStars, Oak Ridge National Lab, Tennessee Valley Authority among others, working with and supported by Rogers, IBM, Ciena, CGI, Thales, Next Era, US Dept of Energy, Ericsson, Gov of Canada, MassChallenge, Raytheon, BAE Systems, MITRE, Nvidia, and others.Ezz was a keynote speaker for Blackhat, and speaks often at various conferences around the world.

Have you ever wondered how physical penetration tests are conducted? What it would be like to actually rob a bank or how someone can gain access to the most physically secure buildings in existence? Is it really as easy as walking through the front door and asking to visit the server closet, or are people creeping in at the middle of the night, face painted, wearing tactile-necks? The answer is YES.

In this presentation, I'll be covering 7 action-packed years of physical penetration tests, with stories of breaking into banks, water treatment facilities, skyscrapers in NYC, courthouses in Iowa, and cheese-packing facilities in the middle of nowhere. We'll turn everything you know about physical security upside down - case in point, the cheese factory was by far the most secure. I'll show you how we did it, the characters we met along the way, and share some of the greatest never before told stories.

Biography: Justin Wynn is a Director at Coalfire who specializes in physical security and regularly performs network, application, wireless, and social engineering penetration tests. You may be familiar with his wrongful arrest while testing courthouses in Iowa. He's a keynote speaker and has conducted over 350 penetration tests and physical engagements. His past times include bank robbing, critical infrastructure parkour, and inventing new tools+techniques for physical security. @redteamwynns

Humanistic AI, how DO we protect everyone?

Recent years have seen an unprecedented surge in the growth and accessibility of artificial intelligence (AI) and machine learning (ML) technologies. These advancements have unlocked numerous opportunities for cyber operations, yet the resources to understand and utilize these tools remain limited.

Part of this talk is tailored for red teams eager to delve into AI/ML, those aiming to incorporate these technologies into offensive strategies, and even seasoned experts in search of advanced tactics, techniques, and procedures (TTPs). We will explore the use of both commercial and open-source AI/ML platforms, demonstrating their transformative potential for offensive cyber capabilities. From manipulating voice and video to automating complex coding and text generation, and even coordinating sophisticated workflows, this presentation will have plenty of practical demonstrations.

However, the formidable power of AI/ML extends beyond offense. Blue teams can leverage these same tools to strengthen their defensive posture. The talk will also cover the development of defensive strategies using the same foundational technologies. We will investigate how Large Language Models (LLMs) can facilitate the creation of advanced blue team tools, including automated threat intelligence, incident response, real-time anomaly detection, and system hardening scripts. This session is designed to bridge the gap between offensive and defensive applications of AI/ML, underscoring the dual role these tools can play in cybersecurity. Attendees will gain practical insights that will amplify both their offensive and defensive cyber operations through approachable means to leverage AI

Bio

Jonathan is an experienced Enterprise Architect at ReliaQuest, where he aligns business strategy with technological solutions. Prior to this role, he was an offensive security engineer at Facebook, where he conducted various offensive operations. He has also held multiple positions at ReliaQuest, including penetration testing, red teaming, security operations, and malware analysis. Jonathan is a frequent speaker at industry conferences, discussing topics such as cybercrime, state-sponsored operations, and smart home security.

Marcus is a cybersecurity practitioner with over 20 years of experience in the field and is a US Navy veteran. He currently serves as an Enterprise Architect at ReliaQuest, performing research and leading the development of a variety of solutions. He has worked with federal agencies like NSA, DC3, DIA, and DARPA and is the co-author of the Tribe of Hackers cybersecurity book series. He also holds a Master of Science in Network Security from Capitol Technology University. His diverse background and extensive experience make him a valuable asset in the field of cybersecurity.

Unleashing the Webhook Beast: When CI/CD Goes Rogue and Organizations Fall Abstract: In this paper, we will explore the potential dangers of CI/CD webhooks and how they can be exploited by attackers to compromise an organization’s security. We will discuss real-world examples of webhook vulnerabilities and provide practical advice on how to secure your webhooks to protect your organization from compromise. By understanding the risks associated with webhooks and implementing best practices for their use, organizations can ensure that their software delivery process remains both efficient and secure.

Specter
I am Antonio Juanilla also known as Specter, I am an active member and collaborator of the communities in Spain HackMadrid%27 and Co-funder of HackBarcelona%27,Leader of CTF team flagHunters, and Chapter Leader in DevSecCon Spain, I am DevSecOps Architect, and speaker in the different international conferences as BlackHat Europe, RootedCon and DragonJarCon.

Penetration testing success relies on effective communication with clients. This talk will address common frustrations and provide strategies for having smooth engagements, as well as insights for clients looking to understand how to get pentests to meet their goals. This will go over strategies to obtain necessary information such as client goals, pre-engagement, managing scope, and minimizing frustrating surprises. This talk will also talk about communicating findings in a way that helps clients understand and appreciate the security risks.

Bio
Brandon Scholet
Senior Pentetration Tester

Does your C2 server expose a port you need but you don't want anyone else to find? Do you have a Linux-based tool that you want to run against a client network, but only have a foothold on a Windows host? Do you want to run an aggressive scan against a client web app without getting your home IP banned by CloudFlare? Then you need a proxy! This talk will cover the basics of proxies and port forwards, including use cases and different means of setting them up.

Bio:
Justin Palk
Senior Security Consultant, Red Siege

Justin Palk has more than 16 years of experience in IT and information security, working in the academic, federal civilian government, and health research sectors. He has held a variety of roles including sysadmin, developer, auditor, assessment team lead and now pentester. In the middle of his technical career Justin took a seven-year detour into state and local journalism. He regularly competes in CTFs. When not hacking or developing tools, Justin plays TTRPGs, writes cosmic horror, and brews

Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, new users may introduce security risks like cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.

This workshop will teach you the fundamentals of Kubernetes security, from protecting your cluster to securing your workloads. You'll learn about RBAC, OPA, Security Contexts, Network Policies, and other security features. You'll also learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.

Bio

Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Before joining Google, Lenin worked at MinIO, OneLogin, Oracle and Websec Mexico as an appsec engineer, software engineer, security consultant and penetration tester. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.

A presentation of how this research was conducted, the results and why this is relevant in todays threat landscape. Main arguments will include the significance of this research, suggestion for further research and how to raise security awareness for social engineering.

Bio
Indy Mellink
Cybersecurity Awareness Consultant

This presentation gets deep into finding vulnerabilities leveraging BurpSuite BChecks and the popular extension, Hackvertor. We will start with simple examples from each tool. We then work our way up to more complicated uses like dynamically automating fuzzing and logging results, more quickly finding delicate file upload bugs when things can't be automated, and more. Participants are expected to have a basic familiarity with BurpSuite features like Intruder, but expertise in it is not a prerequisite.

Bio:
Will Vandevanter, Senior Staff Security Researcher - Sprocket Security

With 14 years of experience in penetration testing, Will Vandevanter keeps coming back to his original obsession — hacking web apps. He has previously spoken at Blackhat, DEFCON, OWASP and a number of other conferences on web application security. He has also released popular open source tools and trained hundreds through in-person and online courses.

Abstract This session will dive deep into the most commonly exploited Remote Code Execution (RCE) vulnerabilities of Q1 2024, including JetBrains TeamCity CVE-2024-27198, ConnectWise ScreenConnect CVE-2023-46805 and CVE-2024-21887, and Jenkins CVE-2024-23897. The presenter will go over common patterns among these vulnerabilities, and explore effective detections against attempts of exploitation

Bio
Jose Enrique Hernandez
Director of Splunk Threat Research Team. Former Prolexic and co-founder of Zenedge.

What wifi devices are around me?

If you're at an Airbnb, wouldn't you like to know if there were any Dropcams or Blink cameras around? Or maybe you have some home security cameras, and want to see how often they're uploading data when they shouldn't (this actually happened to me). Or maybe you want to do a sweep to see if there are any rogue wifi devices at a company or home. Or maybe you'd just like to know how people can be tracked with wifi so you can avoid being tracked.

In this talk, we'll look at how to see the hidden world of wifi and get a signal from ALL of the wifi devices near you, WHETHER YOU'RE CONNECTED TO THE SAME NETWORK OR NOT.

Using trackerjacker (which uses monitor mode), you can:
map all nearby wifi devices
see which networks they are connected with
track individual devices (or a set of devices), and take action when they are active
determine when wifi-based security cameras are capturing video, and see other wifi activity (like a new device arriving in your area... perhaps the mail carrier).

trackerjacker is basically nmap for wifi devices.

Bio
Caleb is a hacker and mather who enjoys pulling the signal out of the noise. He used to work at Mandiant developing cyber weapons (used for Incident Response) as well as Machine-Learning-based malware and intrusion detection. Since then, he failed at building a startup in Colombia, and now helps run a small Machine Learning consulting company called Mad Consulting. For fun, he does math art at https://gods.art.

Defenders are constantly adapting their security to counter new threats. Our mission is to identify how they plan on securing their systems and avoid being identified as a threat. This is a hands-on class to learn the methodology behind malware delivery and avoiding detection. This workshop explores the inner workings of Microsoft's Antimalware Scan Interface (AMSI), Windows Defender, and Event Tracing for Windows (ETW). We will learn how to employ obfuscated malware using Visual Basic (VB), PowerShell, and C# to avoid Microsoft's defenses. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.

In this workshop, we will:
i.Understand the use and employment of obfuscation in red teaming.
ii.Demonstrate the concept of least obfuscation.
iii.Introduce Microsoft's Antimalware Scan Interface (AMSI) and explain its importance.
iv.Demonstrate obfuscation methodology for .NET payloads.