Day 1 Keynote

Joe Grand - Troublemakers and Superpowers(@joegrand)

Joe Grand is a product designer, hardware hacker, and the founder of Grand Idea Studio, Inc. He specializes in creating, exploring, manipulating, and teaching about electronic devices.

Also known as Kingpin, Joe was a member of the legendary hacker group L0pht Heavy Industries, where he helped raise awareness of the hacker ethos and the importance of independent security vulnerability research. He also brought engineering to the masses as a co-host of Discovery Channel’s Prototype This, which followed the real-life design process of a unique prototype every episode.

Joe holds a Bachelor of Science degree in Computer Engineering from Boston University in Boston, Massachusetts and a Doctorate of Science in Technology (Honorary) degree from the University of Advancing Technology in Tempe, Arizona.



Day 2 Keynote

Kymberlee Price - A Blameless Retro on Security(@kympossible.bsky.social)

Kymberlee Price is a dynamic engineering leader and public speaker known for developing high-performing multidisciplinary teams responsible for the security and integrity of software products, services, and infrastructure. A recognized expert in the information security industry, she has extensive experience in product security incident response and investigations, coordinated vulnerability disclosure and bug bounties, Secure Development Lifecycle (SDL), and Open Source Security strategy. Ms. Price speaks regularly at conferences around the world and is currently on the content review board for Black Hat USA and Black Hat Europe.



China Recon 101: Finding Nation State Infra with Almost Free Tools

Jonathan Reiter (@jonathanmreiter, @bees@infosec.exchange)

The People’s Republic of China has a poorly documented web, and this talk will walk the audience through some of the more practical aspects of both government and non government networks in this geo. Our thesis is that understanding the layout of the PRC web is a crucial component for contextualizing adversary infrastructure - recent operations by area adversaries, such as VoltTyphoon, used recon infrastructure with links back to PRC-based data centers. With some background on the various Telcos and major cloud providers, plus some history of internet exchanges and the growth of social networking and the pervasive surveillance state, we’ll do a brief hunt, and together learn how to make sense of unusual characteristics encountered during reconnaissance.

Jonathan is an Engineer at Dragos, where he helped build the Neighborhood Keeper ICS telemetry system, and tends to their Synapse instance. In his past life, he managed the malware database for McAfee. In his past-past life, he was a China Studies graduate student at University of Washington, and specialized in modern political economy and Qing history.

Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data

Micah Lee (@micahflee@infosec.exchange on Mastodon. @micahflee.com on Bluesky. @micahflee on Twitter)

The world is awash with hacked and leaked datasets from governments, corporations, and extremist groups. In many cases they’re freely available online and waiting for anyone with an internet connection, a laptop, and enough curiosity to analyze them. Most journalists and researchers don’t have the technical skills to do this, so most of it never even gets looked at. You probably do though! In this talk I’ll show you have to use your hacking skills for good.

Micah Lee is an investigative journalist, computer security engineer, and an open-source software developer who is known for helping secure Edward Snowden’s communications while he leaked secret NSA documents. He’s the Director of Information Security at The Intercept and an advisor to the transparency collective Distributed Denial of Secrets. He’s a former staff technologist for the Electronic Frontier Foundation and a co-founder of the Freedom of the Press Foundation. He’s also a Tor Project core contributor, and he develops open source security and privacy tools like OnionShare and Dangerzone.

Easy Mode Deception Technology Deployments @ Scale

Sasha Levy

Many threat detection & incident response teams struggle with the idea of when to deploy or leverage 7 deception technologies. During this talk, I’ll introduce the audience to Canary tokens as a tool that enables fast, simple, and customizable token types for a variety of environments (www, macOS, Windows, Linux/EC2, k8s AWS). I’ll discuss the benefits of deploying canary tokens as a detection strategy weighed against the challenges of environment wide deployment of a new technology within a D&R program. Mass deployment is easier than you think!

Sasha is a Senior Security Engineer at Remitly working on the Detection and Response Team. Over six years she’s worked on a variety of teams within security, from Trust & Safety/User Security Operations, to Governance Risk and Compliance as a Third Party Security Program Manager. Her favorite part of working in incident response is middle of the night pages /s. Outside of work, you’ll probably find her surfing in Los Angeles. She holds a B.A. in Media Arts and Sciences from Wellesley College.

I like to MOVEit, MOVEit

David A (@riskymanag3ment)

An analysis of the MOVEit data breach.

David has been working in information security for over 5 years, with a variety of roles and tasks. He currently leads a security team at a medium sized company. He spent 7 years as a non-profit director before coming back to to tech.

Using Sigma as a Gateway to Detection Engineering

Micah Babinski (@micahbabinski on Twitter, micahbabinski.medium.com)

When I started in the cybersecurity industry two and a half years ago, I did not know what Detection Engineering was. Today, I work as a principal detection engineer for a Class I railroad. In this talk I will chart my journey, and describe the pivotal role that Sigma has played in my career progression. Sigma is a legendary open source project that is equal parts detection format, open-source detection rule repository, and multi-platform conversion tool. Expect to walk away with a better understanding of detection engineering, Sigma, and an idea of how to get involved with the vibrant and supportive Sigma and detection engineering communities.

Micah Babinski is a Principal Detection Engineer at Amtrak. In 2021 he pivoted to cybersecurity following a decade working in Geographic Information Systems (GIS) as an analyst, technical lead, and project manager. His areas of interest include threat research, automation, systems integration, and detection community building. He hopes to continuously sharpen his technical skills while helping aspiring security professionals succeed in launching their careers. Besides his career focus, Micah is also a professional Scottish bagpiper, proud husband and father, and an enthusiastic (but very amateur) chef. He resides with his family in Portland, Oregon.

So you want to hack AI…

Alex Ivkin

As AI and ML become more powerful, so too do the threats to their security. Ever felt curious of what the brave new world of hacking AI/ML is shaping to be? Let me take you on a cruise of what is possible in that space, and what are the state-of-the-art defenses.

Alex Ivkin does secure architecture, design and development of software and hardware for an internet search company. Alex has two decades of security evaluation experience, including cloud, IAM, application, OS and firmware security, delivered security trainings, co-authored security certifications, speaks at conferences and climbs mountains in his spare time.

Bastardo Grande: Hunting the biggest black market bike fence in the world

Bryan Hance (@bikeindex on Twitter)

Since 2020, I have (as BikeIndex.org) been chasing and hunting the single largest black market bike fence in modern history. I spoke about this in 2022, but was only able to partially share that story because prosecutors were working through the case. Since then there have been significant developments and I am now able to divulge the whole story to BSIDES. I’ll speak about this investigation and the larger problem in general it points to, and the new directions it has taken our OSINT work re: chasing similar bad guys. The talk will be audience engaging, with live back-and-forth and audience ‘spot-the-OSINT-FAIL-here’ type participation as we walk through the major breakthroughs that took this project from ‘hey, that’s interesting’ to an investigation. There will also be a general call to action re: “hey, anybody can do this work, here’s how to get started in OSINT investigations” using my experience with this investigation as the general lens.”

Bryan Hance helped co-found BikeIndex.org because he had way too many bikes stolen - and he realized chasing and recovering stolen bikes was really fun. He works in cyber security and applies OSINT methods and processes to chasing bike thieves.

Improving UEFI Binary Analysis within Ghidra

Brent Holtsclaw

UEFI binary analysis has grown in popularity in recent years. As a result, many binary tools have gained native support or plugins. Ghidra gained initial third-party support for UEFI, however, it is currently not up to parity with other tools. This talk introduces a new framework to update UEFI support within Ghidra by improving four distinct areas: preparation of the UEFI image, preparation of Ghidra, analysis, and analytics.

Brent is a Security Researcher at Intel. Brent has performed security analysis for a wide variety of targets from embedded systems to enterprise networks, developing repeatable methods for improving assurance. Brent a contributor and one of the maintainers of the CHIPSEC open source project.

Engineering Privacy From the Get-Go

Christina Liu (@cliuthulu on Twitter)

The software we build has a human impact even if at the surface level it doesn’t seem that way. We as engineers are the stewards of our users’ data so it’s important to know how users are expecting us to protect their identity because it is the right thing to do even if it takes a little more time and effort to build in. This talk will cover the current challenges to securing personally identifiable information and provide practical tips on how to protect it.

Christina is a ex-circus performer turned web developer turned Senior Security Engineer. She’s worked in highly regulated tech industries such as healthcare and finance. She is also an active Fellow of the Odd Salon San Francisco Chapter. Odd Salon is a community produced cocktail and lecture series specializing in stories about art, adventure, science, and history. Her favorite outdoors activities include climbing large rocks and hiking extremely slowly to look at wildflowers, mushrooms, and shiny smaller rocks.

Come Together: A framework for a shared security language

Lea Snyder (@_leisures on Twitter)

Have you ever tried to do data analysis on all your security issues only to find that no one is using consistent language? Does this impede conversations with product teams, slowing down development and resolution of issues? This talk will show how we solved this by first engaging the audience through a simple exercise to highlight the problem, walking through our approach and outcomes, and provide actionable steps for others looking to replicate this approach.

Lea Snyder is a Principal Security Engineer at Microsoft. She’s worn a lot of hats over her career and mostly worked for companies that begin with the letter ‘A.’ You can read more at: https://tldrsec.com/guides/staffeng-security/stories/lea-snyder. Outside of work she can be found organizing security conferences or enjoying all the PNW has to offer.

Building a programming environment for privacy and iterative learning

Lateef Jackson ( @lateefjackson on Twitter, https://bsd.network/web/@lhj, https://lateefjackson.com/)

Why do cell phones ask for permission when installing an application for access to the internet, yet any software dependency can just access the internet willy-nilly? It doesn’t have to be this way. You will see a working prototype that prioritizes privacy first

4 takeaways in 20 minutes:

  1. Motivations for privacy first.
  2. Why existing options (Capsicum, Pledge) don’t meet our needs.
  3. POC: Sndl Adding capabilities (controls) to Lua packages.
  4. Demo: Python socket as an example of applying package capabilities outside of Sndl.

My name is Lateef Jackson. Since the turn of the century, I have been building software systems and engineering organizations. People build software, and people are impacted by software. My focus is on a data-driven approach to impacting people through technology.

From Patch to Shell: The Twists and Turns of Exploiting a Hardened Platform

Ron Bowes (@iagox86 on every major platform)

In July of 2023, SonicWall released an advisory for multiple vulnerabilities in their GMS platform. As security researchers, it’s our job to help the community understand just how bad these vulnerabilities are (spoiler alert: they’re pretty bad). We didn’t realize it at the time, but this was going to be an epic journey through a labyrinthine patch: 60,000 lines of changes addressed 15 vulnerabilities of various types. Plus, aggressive filtering and a hardened platform made writing a generic exploit exceedingly difficult - how do you even stage a payload without curl or wget? But in the end, we prevailed and released a Metasploit module that chains together four-five different exploits (depending on how you count) to gain SYSTEM access to Windows or root access to the Linux appliance. This talk will be a technical deep-dive into the nuts and bolts of patch diffing, Java exploitation, bypassing obnoxious filters, and using pre-installed tools to stage a payload.

Ron Bowes is a Lead Security Researcher on the Rapid7 Emergent Threat Response team, which tracks and analyzes widespread threats that affect Rapid7 customers and the internet at large. His primary role is analyzing security vulnerabilities in enterprise software; often, that means parsing vague vendor advisories, diff’ing patches, reconstructing attacks from log files, and–most complex of all–installing and configuring enterprise software. When the internet isn’t on fire, he hunts for his own bugs, specializing in reverse engineering obscure protocols and protocol parsers. When he’s not at work, he runs the BSides San Francisco Capture the Flag contest, is a founder of The Long Con conference in Winnipeg, and continues his project to finish every game in his Steam library.

Following the metadata trail

Guilherme Venere (@gvenere on Twitter)

When financially motivated threat actors begin a new campaign their aim is to maximize gains while reducing the chances of being detected. That goal means they will use whatever delivery mechanism is trending at the time and will change behavior once the security industry becomes more efficient in detecting them. This rapid cycle sometimes cause them to leave important metadata in their IOCs, which can be used to identify and track these actors over time. In this talk we will take a look at how threat actors moved away from macro-enabled documents to Windows shortcut file format (LNK) files inside Zip/ISO files, then to OneNote when MS implemented the MoTW feature for these formats. We will also look at the current delivery mechanisms and how metadata can still be used to detect and track them.

Guilherme Venere is a threat researcher with Cisco Talos since 2022. In the past 15 years he worked in the Antivirus industry analyzing and detecting almost every kind of malware that was created. Now he spend his days hunting for new malware and analyzing various threats as they emerge and continue to evolve, and trying to understand how to better detect these threats.

From Light to Router: Reversing an IoT Smart Switch

Cameron Howell

This is the story of how I exploited a smart light switch to make it into a malicious router thanks to a hard coded encryption key. I present my journey starting as someone with minimal hardware hacking experience to being able to create open routers from light switches without the owner knowing of the new hole opened up in their network. Oftentimes, to practice hardware hacking skills, people will attempt to dump firmware from a router and find flaws. IoT devices are widespread and cheap and many blogs give information on how to exploit them; this low barrier to entry makes them a good target. In this presentation, I describe my process of information gathering and the failures I made, such as trusting labels on the PCB and soldering with the wrong equipment. By the end, I show how I completely owned the device and managed to remotely flash whatever firmware I wanted by extracting a hardcoded key and pretending to be the control server. Regardless of their hardware experience, an attendee should walk away with more understanding of the difficulties involved when starting out in hardware hacking and how to approach learning through trying to reverse engineer a smart device along with some tricks to make this easier.

I’m a Security Analyst at Riscure who enjoys taking a questionable amount of bird photos. I recently got started in hardware security and I’m starting to get too many tools.

License to Pwn: How Two Muppets Hacked into a Fortune 500 Company in < 6 hours

Mike Stringer (@script_nomad on Twitter, https://www.linkedin.com/in/leestringer1/)

Despite over 40 years of evolution in the InfoSec industry, it is still possible for even a small team of hackers to compromise the most security-hardened organizations in the world with the right knowledge and a small budget. This talk is a demonstration that an APT isn’t necessarily complex. It can be as innocent as two, very convincing Sesame Street characters with a printer and a raspberry pi. This is a story of how a two-man team of penetration testers pulled off the first data heist of their careers at one of the largest companies in the United States by crossing the cyber-space barrier into the physical domain and walked away with their first success as solo red-teamers.

Michael Stringer is a network security professional specializing in attack and defense, ethical hacking, and penetration testing with over 15 years of experience in the IT field. He possesses a BSCS degree in Information Technology with numerous certificates in the field of information security, and is a proud holder of the Offensive Security Certified Professional certification. In addition, he possesses a deep, technical understanding of computer science concepts, skills in programming, network defense, attack simulation, malicious software, and exploitation. His extensive knowledge comes from a long background and passionate pursuit of information technology and computer science that goes beyond career or hobby. He frequently pursues bug bounty programs, as well as creates custom attack tools for simulating realistic cyber attacks in order to effectively test technical security controls in modern networks. Michael currently works as both a business and technical expert conducting security consulting, penetration testing, red teaming, vulnerability assessments, and other information security engagements as a Principal Consultant and the Red Team Leader at Online Business Systems,

Take control of your career: A panel with Industry Leaders

PANEL

During this panel discussion, you’ll hear stories from industry leaders with diverse backgrounds and careers who’ll be speaking on how they have navigated their careers, what they have learned so far, their successes and failures, and how to level up your career. Come hear our panelists discuss what it’s really like to grow your career in security, deciding between growing as an IC or a manager, what to do if you find yourself stuck, or whatever you want to learn more about. Ask Us Anything - seriously, anything.

PANEL SPEAKERS: Lea Snyder Lea Snyder is a Principal Security Engineer at Microsoft. She’s worn a lot of hats over her career and mostly worked for companies that begin with the letter ‘A.’ You can read more at: https://tldrsec.com/guides/staffeng-security/stories/lea-snyder. Outside of work she can be found organizing security conferences or enjoying all the PNW has to offer.

Terra Cooke Terra Cooke is GRC Manager at Boom Supersonic. She’s been in the security game for 15 years. She’s here for all things security, technology, and non-performative intersectionality. Oh and cats.

Rachana Doshi Rachana Doshi is the Director of Third Party Security at Salesforce. She has over 15 years of experience in the information security and technology industry, working in many different security domains from Secure SDLC, Application Security to Third Party Security. She has developed many security programs at scale, automating risk-based security assessments while enabling the business.

Dayana Claghorn Dayana Claghorn is an Associate Principal Security Engineer at SiriusXM. She has had several careers prior to finding her niche in security. She has a diverse background, starting off her career in GRC, then moving into security architecture and later security operations. She is now the head of the application security department at SiriusXM. Outside of work, she enjoys making pottery, running her mini-farm, ice skating, and going hiking.

Jess Jimenez Jess Jimenez is a Director at Dropbox. She’s rebuilt her career multiple times over, starting in the Army, then the Intelligence Community, and then in the InfoSec world. She is a passionate advocate and enjoys mentoring the next generation of security professionals, including teaching at UTSA’s CIAS. Outside of work, Jess spends her time hanging with her family and playing in the garden (except when there are heat domes in place).

Gone Tishing: Abusing Microsoft Teams Security Misconfigurations for Webhook Hijacking and Other Shenanigans

Jessa Gegax (https://www.linkedin.com/in/jessa-gegax-00912b191/)

Misconfigurations are common vulnerabilities in business communication platforms that can be leveraged to build more complex security awareness trainings going beyond the classic phishing email. These concerns tend to arise from third-party components integrated within the client that provide additional communication functionalities often utilized by software teams during development. Web hooks are a specific example here that are frequently used in corporate environments to web together these third-party applications for system updates and other development notifications and are often insecure due to the client’s default configurations.

Jessa Gegax is an Information Security Testing Analyst at Surescripts LLC in Minneapolis, MN. Jessa holds an undergraduate degree in Computer Science and minor in Environment and Natural Resources with research interests in offensive cloud security, IoT devices, and web application/API penetration testing. In their free time, Jessa likes to go backpacking, practice yoga, and spend time with their dog (in no particular order).

Fun With Zero Knowledge Execution Environments

Dean Pierce (deanpierce at everything)

“Zero Knowledge” is a hot new buzzword, but how are ZK Proofs being practically used today, and what technologies will they unlock in the near future?

Dean Pierce is an offensive security researcher in Portland Oregon.

A Gentle Introduction to Understanding Fuzzers

Allison Naaktgeboren (https://www.linkedin.com/in/anaaktge/)

Fuzzing is a popular automated bug finding technique. Frequently Vulnerability Researchers’ tool of choice, it can be confusing and frustrating for newcomers, particularly developers. In this talk, we’ll discuss what fuzzing is (and what it isn’t), its strengths and weaknesses, how to break down the important features of different fuzzers, how those factors influence optimizing a fuzzer, who’s using fuzzers for what purposes, what fuzzers suit the needs of each group, how to pick the fuzzer for your needs. There will be an optional fuzzing lab based on docker. Those interested in the lab should have a GCP account ready for about ~30 minutes of use.

Allison Marie Naaktgeboren is a PhD researcher at Portland State University advised by Dr. Andrew Tolmach. Her research agenda is to make security tools more practical & pragmatic. Or, to atone for all the security sins she committed over the years as a developer at Draper Labs, Signal Sciences, Mozilla, FactSet Research Systems, Amazon, and Cisco. Her current focus is improving the quality & actionability of fuzzer bug reports and expanding fuzzer bug detection beyond memory safety to higher level classes using the PIPE hardware reference monitor. She holds a Masters in Computer Science & Cybersecurity from Portland State and a Bachelor’s Degree in Computer Science from Carnegie Mellon University and is a founder of PSU’s CTF team, the void* vikings.

Biking past vendor lock-in

Will Dillon (https://tech.lgbt/@hpux735)

As e-bike manufacturers try to differentiate themselves they’ve turned to cloud- and app-based features. While these features make great press releases, what happens when they go out of business? Are customers left with expensive junk? In the last year, one of the biggest e-bike makers, VanMoof, went out of business. Not only did the industry have to reckon with the impact that had on the consumer’s perception of their products, it highlights the importance of initiatives such as right to repair. In this talk, I briefly discuss these market forces then dive right in to reverse engineering an orphaned bike. We will:

  • enumerate the components of the bike and what their functions are
  • reverse engineer the main board
  • reverse engineer the battery management system’s binary protocol
  • identify a path forward to remove the dependency of the defunct cloud platform
  • Build custom wiring to rejuvenate the bike with off-the-shelf components
  • Demonstrate an open source tool to eliminate the need for encumbered vendor tools
  • Show how you can brute-force crack the passcodes locking a common electronic speed controller.

Will Dillon grew up across the river in Vancouver. As a kid, Will loved electronics and computers. At Skyview High School he started the Unix club; securing donations of surplus HPUX computers from Oregon Steel Mills. In his tenure as club president he got himself and the teacher of the computer class in trouble with the School district. Will graduated from The Evergreen State College in Olympia Washington, and received his Ph.D. from Oregon State University. After which, he was in the founding cohort at Racepoint Energy, a company that developed energy management solutions to more effectively manage home energy use. Racepoint was purchased by Savant Systems five years later. Will is currently the CTO of Savant Systems, and works from his home in Corvallis, Oregon. Outside of work, Will is an instrument rated private pilot, and enjoys using his plane for family trips as well as volunteering. He’s currently a command pilot for two organizations: Angel Flight West, which provides free flights for patients with special medical needs and for those with financial difficulties, and for Elevated Access, which provides free flights for folks needing prenatal care, abortion access, gender confirming care, and relocation services for displaced transgender folks.

Purple-teaming outbound HTTPS

Anon Hacker

Red teams: want to exfiltrate sensitive data from outbound HTTPS traffic on that juicy Linux host you just compromised? Blue teams: want to detect the various ways bad actors can intercept outbound HTTPS? This talk is for you! We’ll walk through a number of scenarios discussing trade-offs in steal and complexity. Watch a quick PoC live, and dig into the internals of the solutions offline.

Evading detection in Linux has a special place in my heart. There’s nothing quite as exciting as popping a shell on a host and seeing what you can do with it. Add intercepting outbound HTTPS to your arsenal!

We Have C2 at Home - Leveraging Microsoft’s C2 Framework

Garrett Foster (@garrfoster on Twitter)

For attackers, Microsoft’s enterprise device management software SCCM is a high value target and a large amount of research has been published over the last year that demonstrates how a site can be taken over. However, identifying the various servers and server roles deployed in an environment to achieve this privilege escalation can be a difficult task. SCCMHunter aims to solve this problem. This tool helps identify potential SCCM server roles and SCCM related users and groups to piece the SCCM site takeover puzzle together.

Garrett is an Oregon native and offensive security consultant with over 4 years experience in information technology. He has conducted successful engagements against organizations that include the finance, healthcare, and energy sectors and enjoys researching Active Directory and developing offensive security tools. His background also includes roles as a Security Operations Center Analyst and Systems Administrator.

Securing your Open Source Project

Dan Shanahan & Jose Palafox

GitHub has made substantial investments to improve the overall security of the open source supply chain. In this presentation we’ll share updates from our journey to secure open source projects on GitHub and share hands on guidance about how to enable free features available on GitHub to help with code security and analysis. From a tools perspective we’ll demonstrate how to use GitHub features to identify and prevent API credentials leaked in code and we’ll share what we do when we find API credentials in code on github.com. We’ll share how to identify and prevent insecure coding patterns in code using CodeQL a static analysis security testing tool for application security embedded directly into GitHub, and we’ll discuss how we use this tool for open source security research. We’ll also show how to enable Dependabot to identify and prevent insecure or out of date dependencies from entering a project, share how to generate SBOMS, and share how to responsibly disclosure security vulnerabilities you may find on GitHub.com.

Dan Shanahan is a Principal Field Security Specialist at GitHub where he helps customers and open source maintainers conceptualize and build strategies to enable developer-first security. Throughout his career, Dan has held many roles in the security and software development space, but found his “happy place” in application security.

Jose Palafox works at GitHub as an application security executive. He helps the largest enterprises and technology companies on the west coast improve their security posture on Github. Jose’s had a long career in technology and in the Portland technology scene working at both Intel and Puppet Labs.

LAPSUS$ is winning

jason craig (@3141592f all the places)

Since the Twitter breach in July 2020, multiple threat actors have been whaling high value targets for fun, lulz, and BTC. They share a common set of tools, tactics and procedures which are still highly impactful and effective.

Jason is a unicorn enthusiast and enjoys coffee, thrunting, and late apexes. Jason has worked for a few org’s you would probably recognize by name.

Essential Logs Pyramid SIEM

Eric Goldstrom (https://www.linkedin.com/in/ericgoldstrom)

This talk will focus on the significant role efficient log management plays in an effective SIEM implementation.

Eric Goldstrom is a Director of Cyber Threat Management at KPMG. Prior to KPMG, he was an Incident Responder at Mandiant. He also worked at a local Healthcare company where he built out use cases for and implemented the UEBA/SIEM. Prior to the private sector, Eric worked in the DoD and Intelligence Community conducting both Red and Blue Team activities. He has a MS in Cyber Security and his certifications include CISSP, OSCP, and SANS certifications.

How And Why To Gain Technological Advantages By Harvesting Entropy From An Unsuspecting Public

Karl Anderson (https://futel.net)

To be a successful engineer requires creativity. How can we develop creativity? We can do things outside of our day jobs that help us explore new ideas. What if we aren’t privileged enough to have the capacity for under-paid extra work? We need to find a way to get rewarded for this work.

Karl Anderson is a hardware and software experimenter who is good at thinking up projects but bad at predicting whether or not they will be practical. As director of Futel, he runs Portland’s fastest-growing payphone network. With C.H.U.N.K. 666, he has created amphibious human-powered vehicles out of discarded bicycles and construction debris. With the Church of Robotron, he has built a post-apocalyptic training facility, indoctrination center, and reading room based on the tenets of a coin-operated video game.

This Chip Does Not Exist: Pre-Silicon Fuzzing

Rowan Hart (@novafacing@haunted.computer on Mastodon)

Fuzzing is a critical step in the security process, and has uncovered bugs in software throughout the stack. Mainstream support for fuzzing user-space applications is nearly mainstream, but fuzzing below Ring 0 has remained the realm of domain expert security researchers. A common, virtually unsupported use case is fuzzing software and firmware designed to interface with pre-silicon hardware. To address this use case, we present TSFFS: Target Software Fuzzer For SIMICS, an open-source snapshotting coverage-guided fuzzer built with LibAFL capable of fuzzing most software that runs in the SIMICS full-system pre-silicon simulator, along with a survey of its use cases.

Rowan is an engineer at Intel working in system software fuzzing. He graduated from Purdue University in 2022 and is interested in fuzzing, program analysis, and security tool usability.

VectorDumper: Red team adventures with VectorDBs

Andrew Davis & Matt Mcdevitt

In recent years, vector databases have surged in importance across industries, attracting substantial investor capital due to their prowess in handling high-dimensional data and uncovering concealed insights in sectors like finance, healthcare, and infrastructure. The influx of resources underscores the growing significance of high-dimensional data analysis. This talk focuses on the evolving landscape of vector databases and their critical role in efficient data management and analysis within sensitive industries. Moreover, we delve into the escalating stakes of high-dimensional data analysis, emphasizing the imperative need for robust security practices. Over the last few years, over half a dozen new vector databases have gained a significant level of market share, each with their own API implementation with their own quirks for how data is stored. If only there were a vector database-agnostic way to run “SELECT * FROM *”! In this talk, we introduce an open-source tool designed to get down to brass tacks – if you have an endpoint hosting a vector database, how do you dump out the important stuff without worrying about the specific vector database-specific quirks of doing recon, identifying the important things, and dumping out the gooey center of the vector database.

Andrew Davis Data scientist working in the MLSec space since 2014.

Matt Mcdevitt Hacker who’s been around for a long time.