HackMiami XIMay 15 - 18, 2024

TICKETS ON SALE NOW

HackMiami X

Talk Schedule Posted

Scroll down for Conference Schedule

Event Location

Marenas Beach Resort
18683 Collins Avenue
Sunny Isles Beach, FL 33160

ACCEPTING CFPs for TALKS and TRAININGS

CFP/Training Submissions: cfp [at] hackmiami.com

 

HackMiami XI 2024 Conference will consist of training classes on May 15-17, 2024 and speaking tracks on Saturday May 18, 2024.

Track 1 – NüWorld0rder – A novice track will be available for hackers who are learning the game. If you have a presentation that you believe would be beneficial to the community and will give attendees a information that can be used to advance their skills, knowledge, and/or careers, then this is the track for you. Total presentation time is 45 minutes with 10 minutes of Q&A.

Track 2 – 0ldWorld0rder – An advanced track for the hackers looking to show off their latest projects and research. If you have any hot research, code drops, vulnerability disclosures, or attack methodologies that you want to present on, then this is the track for you. Total presentation time is 45 minutes with 10 minutes of Q&A.

Subscribe to our mailing list and follow us on Twitter for announcements regarding CFP’s and training courses.

PRICING

  • General Admission: This ticket includes all talks and events taking place during the HackMiami Conference on Saturday May 19, 2024
  • Training Session: This ticket includes access to a comprehensive 24 hour training course on Wednesday-Friday, May 15-17. 2024. General Admission to the HackMiami Conference on May 18, 2024 is included with purchase of Training Session.

General Admission

$199.991 person

1 Day TRAINING COURSES

$16001 person

2 Day TRAINING COURSES

$26001 person

Sponsors

 

For sponsorship inquiries and prospectus, reach out to sponsors [at] hackmiami.com

 

TRAINING COURSES

Training Courses will take place throughout the day on Wednesday – Friday, May 15-17, 2024 from 9am – 5pm.

Purchase of a Training Course INCLUDES admission to the HackMiami XI Conference events on Saturday May 18, 2024.

Lunch will be provided during all Training Courses.

In order to purchase a Taining Course, select the course from the dropdown menu on the official HackMiami XI Conference Eventbrite registration page.

 

 

 

 

 

 

 

 

TALKS

Track 1 – NüWorld0rder

Dave Monnier
Dave Monnier
Keynote

Keynote Address

Topics: Facebook, Marketing, SEO, Social Platform
10.00 am

Seasoned leader in security and cyber-intelligence with more than twenty years of experience protecting critical systems around the world. Exceptional communicator, having presented and provided keynote insights more than two hundred times in more than forty countries. Internet-scale problem solver.

Justin Wynn
Justin Wynn
Director at Coalfire

Red Team Tales: 7 Years of Physical Penetration Testing

11.00 am

Have you ever wondered how physical penetration tests are conducted? What it would be like to actually rob a bank or how someone can gain access to the most physically secure buildings in existence? Is it really as easy as walking through the front door and asking to visit the server closet, or are people creeping in at the middle of the night, face painted, wearing tactile-necks? The answer is YES.

In this presentation, I'll be covering 7 action-packed years of physical penetration tests, with stories of breaking into banks, water treatment facilities, skyscrapers in NYC, courthouses in Iowa, and cheese-packing facilities in the middle of nowhere. We'll turn everything you know about physical security upside down - case in point, the cheese factory was by far the most secure. I'll show you how we did it, the characters we met along the way, and share some of the greatest never before told stories.

Biography: Justin Wynn is a Director at Coalfire who specializes in physical security and regularly performs network, application, wireless, and social engineering penetration tests. You may be familiar with his wrongful arrest while testing courthouses in Iowa. He's a keynote speaker and has conducted over 350 penetration tests and physical engagements. His past times include bank robbing, critical infrastructure parkour, and inventing new tools+techniques for physical security. @redteamwynns

Jamie Ward
Jamie Ward
Cybersecurity Expert with Inversion6

The depth of Cyber hygiene.

12.00 am

Delve into the layers of Cybersecurity from Solutions to the human element.. It will be interactive with the attendees and contain some reviews of recent Cyberattacks and how they could have been thwarted.

Bio
Jamie Ward is a Cybersecurity Expert with Inversion6 with an undeniable passion for protecting Corporations, State, Local and Tribal (SLTT's) governments entities from Cyberattacks. With over 20 years of Cybersecurity experience, assisting organization’s leadership and Cybersecurity teams to deal with the present and future Cyber Threats. Jamie also served for 12 years as Mayor of Mayfield, NY. Jamie has a thorough understanding of both public and private sectors which allows both worlds to benefit from his insight.

Caleb
Caleb
Hacker

TrackerJacker. Nmap for WiFi

1:00 PM

What wifi devices are around me?

In this talk, we'll look at how to see the hidden world of wifi and get a signal from ALL of the wifi devices near you, WHETHER YOU'RE CONNECTED TO THE SAME NETWORK OR NOT. <

Using trackerjacker (which uses monitor mode), you can:

  • map all nearby wifi devices
  • see which networks they are connected with
  • track individual devices (or a set of devices), and take action when they are active
  • determine when wifi-based security cameras are capturing video, and see other wifi activity (like a new device arriving in your area... perhaps the mail carrier).


trackerjacker is basically nmap for wifi devices.

Bio Caleb is a hacker and mather who enjoys pulling the signal out of the noise. He used to work at Mandiant developing cyber weapons (used for Incident Response) as well as Machine-Learning-based malware and intrusion detection. Since then, he failed at building a startup in Colombia, and now helps run a small Machine Learning consulting company called Mad Consulting. For fun, he does math art at https://gods.art.

Antonio Juanilla
Antonio Juanilla
Hacker HackMadrid%27 and HackBarcelona%27

Securing the Cloud: A Workshop on Building a Fortified SDLC on Kubernetes with Open Source Power

2:00 PM

Join us for an insightful talk where we’ll reveal the secrets to building a fortified Software Development Life Cycle (SDLC) using open-source tools. Find out how these powerful resources can improve the security of your software applications and improve your development process. Throughout the talk, we’ll explore a wide range of popular open-source tools that can be seamlessly integrated into your workflow like Gitlab, Harbor, defectdojo… By leveraging these tools, you’ll be able to enforce strong security policies, detect vulnerabilities, and Ensure compliance with industry best practices. This isn’t just a theoretical discussion: we’ll dive into practical exercises and share real-world examples that will equip you with practical skills. Open-source tools offer a wide range of features and functionality, constantly evolving with contributions from a vibrant developer community.

Bio Antonio Juanilla is an active member and collaborator of the communities in Spain HackMadrid%27 and HackBarcelona%27, member of the CTF flagHunters team, I am DevSecOps, and speaker in the different conferences in LATAM and Spain.

Michael Brown
Michael Brown
Information Security Leader

An examination of AI Policy Frameworks: the NIST AI RMF and others

3.00 pm

In recent years, especially with both the impact of ChatGPT and AI artwork, artificial intelligence has come to the forefront for many people. And this includes cybersecurity, especially as people wonder how it may affect them, especially if it takes their jobs! In light of this, many have started working on frameworks that can be applied to AI. NIST, maybe better known for things such as the cybersecurity and privacy frameworks and the like, has in recent years involved itself in AI, in part due to an executive order. This has included the creation of the AI Risk Management Framework (AI RMF), which was rolled out early last year. This framework is intended to help incorporate “trustworthiness” considerations into the design, development, use, and evaluation of AI products, services, and systems. Nor are they alone in this, as there are similar works coming from other countries as well as from international organizations such as ISO/IEC and OECD. With this presentation we will focus on the NIST AI RMF, how it is structured and how it may be used, as well as reviewing the many AI related resources at NIST. We will touch on some of the other frameworks, many of which are already tied with the AI RMF. For any wanting to understand how AI may be improved, understanding these control frameworks may help.

Bio

Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG. GSNA, is an information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA and is a member of ISACA, ISC2, Infragard, and IAPP.

 Chris Roberts AKA Sidragon
Chris Roberts AKA Sidragon
Sidragon

TBA

4:00 PM

TBA

TALKS

Track 2 – 0ld World 0rder

 

Justin Palk
Justin Palk
Senior Security Consultant, Red Siege

You Can Get There From Here - Proxies and Port Forwards for Beginners

10.00 am

Does your C2 server expose a port you need but you don't want anyone else to find? Do you have a Linux-based tool that you want to run against a client network, but only have a foothold on a Windows host? Do you want to run an aggressive scan against a client web app without getting your home IP banned by CloudFlare? Then you need a proxy! This talk will cover the basics of proxies and port forwards, including use cases and different means of setting them up.

Bio:
Justin Palk
Senior Security Consultant, Red Siege

Justin Palk has more than 16 years of experience in IT and information security, working in the academic, federal civilian government, and health research sectors. He has held a variety of roles including sysadmin, developer, auditor, assessment team lead and now pentester. In the middle of his technical career Justin took a seven-year detour into state and local journalism. He regularly competes in CTFs. When not hacking or developing tools, Justin plays TTRPGs, writes cosmic horror, and brews

Michael McCabe
Michael McCabe
President of Cloud Security Partners

Infrastructure as Remote Code Execution: How to abuse Terraform to elevate access

11.00 am

In this talk, we will explore the potential security risks associated with the use of Terraform, a popular infrastructure-as-code tool. We will demonstrate how a malicious actor can exploit Terraform to elevate privileges, exfiltrate sensitive data, and gain unauthorized access to cloud environments. The presentation will include live demos showcasing real-world attack scenarios and will conclude with practical recommendations for securing Terraform implementations.

Michael McCabe is the president of Cloud Security Partners, where he specializes in helping clients securely migrate their workloads to the cloud. With extensive experience working with large financial institutions during their cloud transformations, Michael is dedicated to creating

Will Vandevanter
Will Vandevanter
Senior Staff Security Researcher - Sprocket Security

Hunting for Bugs with BChecks and Hackvertor

12.00 pm

This presentation gets deep into finding vulnerabilities leveraging BurpSuite BChecks and the popular extension, Hackvertor. We will start with simple examples from each tool. We then work our way up to more complicated uses like dynamically automating fuzzing and logging results, more quickly finding delicate file upload bugs when things can't be automated, and more. Participants are expected to have a basic familiarity with BurpSuite features like Intruder, but expertise in it is not a prerequisite.

Bio:
Will Vandevanter, Senior Staff Security Researcher - Sprocket Security

With 14 years of experience in penetration testing, Will Vandevanter keeps coming back to his original obsession — hacking web apps. He has previously spoken at Blackhat, DEFCON, OWASP and a number of other conferences on web application security. He has also released popular open source tools and trained hundreds through in-person and online courses.

Brandon Scholet
Brandon Scholet
Senior Pentetration Tester

Penetration Testing: Communication is the REAL Hack

1:00 PM

Penetration testing success relies on effective communication with clients. This talk will address common frustrations and provide strategies for having smooth engagements, as well as insights for clients looking to understand how to get pentests to meet their goals. This will go over strategies to obtain necessary information such as client goals, pre-engagement, managing scope, and minimizing frustrating surprises. This talk will also talk about communicating findings in a way that helps clients understand and appreciate the security risks.

Bio
Brandon Scholet
Senior Pentetration Tester

Indy Mellink
Indy Mellink
Cybersecurity Awareness Consultant

Social engineering, vishing, blackteaming, cybersecurity awareness

2:00 PM

A presentation of how this research was conducted, the results and why this is relevant in todays threat landscape. Main arguments will include the significance of this research, suggestion for further research and how to raise security awareness for social engineering.

Bio
Indy Mellink
Cybersecurity Awareness Consultant

Lenin Alevski
Lenin Alevski
Security Engineer at Google

Kubernetes Insecurity - Attacking & Defending Modern Infrastructure

3:00 pm

Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, new users may introduce security risks like cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.

This workshop will teach you the fundamentals of Kubernetes security, from protecting your cluster to securing your workloads. You'll learn about RBAC, OPA, Security Contexts, Network Policies, and other security features. You'll also learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.

Bio

Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Before joining Google, Lenin worked at MinIO, OneLogin, Oracle and Websec Mexico as an appsec engineer, software engineer, security consultant and penetration tester. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.

TALKS

%27 Track (Event Room)

Subscribe for Conference Updates

* indicates required






Contact Us

Questions? Send us an email.

If you are with the media, we have press passes available. Contact us for more information.

General Inquiries:  info [at ] hackmiami.com
Press/Media Inquiries: press [at] hackmiami.com
Sponsorship Inquiries: sponsors [at] hackmiami.com
CFP/Training Submissions: cfp [at] hackmiami.com