Day 1 Keynote - Why We Research
Marion Marschalek (@pinkflawd)
Why We Research
There is this picture of a security researcher in many people’s minds. Some dark clad figure dwells in a basement, surrounded by electronics, and then suddenly a few weeks later an ATM spits money at them. Wowz, lets go write exploits y’all. But is this how it works? Why do people go down these rabbit holes, how does big research come to life, and what if you’re not in a basement but back in some office, oh the horrors, and somebody says ‘time to production’? We’ll explore the question why security research matters, where the ideas come from and what motivates a proof of concept, and the big question: What comes after? Finding the bug is nice, but have you ever tried to patch 900 machines on a Friday night? Ever wondered how mitigations make it into a compiler, or how a machine learning model rolls to production? We’ll look at why research matters, and explore what makes it significant.
Marion is a security engineer at a large cloud provider, and enjoys reverse engineering and all things binary analysis. With some background in malware analysis, incident response and microarchitecture security, her interests are quite varied. In 2015 Marion founded BlackHoodie, a series of hacker bootcamps which successfully attracts more women to the security industry.
Day 2 Keynote
Kees Cook (@kees_cook)
Kees is involved with Free Software since 1994 and has been a Debian Developer since 2007. Currently, he works as a Linux kernel security engineer at Google, focusing on Android and Chrome OS. He previously served as the Ubuntu Security Team’s Tech Lead and remains on the Ubuntu Technical Board. Kees has contributed to a range of projects, including OpenSSH, Inkscape, Wine, MPlayer, and Wireshark, with a recent focus on Linux kernel security features.
Leave your corporate masters and come work for government!
Jeff Toth
Are you a cybersecurity pro weary from the endless grind of the private sector? Do you feel like you’ve been fighting the same battles day in and day out? It might be time for a change of scenery-one with different perks and a lot less burnout. Sure the pay is worse, but at least we’re union and may have pensions! In this talk, we’ll explore why state and local governments are a new frontier for cybersecurity professionals. With a wave of retirements opening up key positions, there’s never been a better time to make the switch. Plus, the benefits are pretty cool: think solid job security, better work-life balance and the satisfaction of protecting your community from cyber threats. Also you can appear to be a cyber wizard! Local governments need our help now more than ever! Join us for a humorous and informative dive into working in state and local government cybersecurity. We’ll discuss why trading in your corporate badge for a government one might just be the best career move you’ll ever make. Let’s face it- defending a city’s digital infrastructure sounds way more badass than boosting your firm’s quarterly profits by 5% this quarter.’
Jeff Toth is a pentester, turned governmental cybersecurity shill. He is a co-founder of BsidesOrlando, taught lockpicking to most of the greater Florida hacker community and did a bunch of random career things. He likes building terrariums and growing plants.
Rudder Nonsense: Steering Smart Rowers Off Course
Shane Kell (linkedin.com/in/shane-a-kell)
Android is the most common platform worldwide, encompassing 24k distinct devices across nearly 1300 brands. Seeing the traffic being sent for internet connected embedded Android devices isn’t always easy. This talk illustrates one technique for proxying traffic on a smart rowing machine for the purpose of knowing what data is being sent, how authorizations are being handled for paywall features, as well as showcasing an efficient method for manipulating responses being received.
I live and work in the Portland Metro area, consulting on web and mobile app security for a living. When I am not working I am either hacking devices around my house, pretending I am good at gardening, baking and cooking (which I am actually good at), or spending time with my three tiny hackers.
Using Stardew Valley as a C2 client and infostealer
DrGecko (@drgecko_exe on Twitter, https://drgecko.xyz’)
Stardew Valley is a farming simulator with an open modding API written in C#, I used that modding API to write both an infostealer and C2 client.
Security researcher, student, volunteer at Packet Hacking Village @ Def Con and, Noon @ Def Con
What I Learned About Security from Auditing Data Centers
Kim Cote
Data centers employ some of the most robust physical security controls in the industry to protect the machines within. Technical Infrastructure Audit teams are the third-line of defense in ensuring physical assets are appropriately secured. In this talk I’ll walk through the physical security controls in place at data centers, and how they can be applied to any company’s information security defenses to strengthen overall security posture.’
Kim Cote is a musician turned technical auditor with a passion for Cybersecurity. When she’s not auditing security infrastructure, she enjoys backpacking, playing Dungeons and Dragons, and long boarding.
Can LLMs Take Our Jobs? AI-Assisted Detection Research
Darin Smith
The detection research process consists of performing behavior that will trigger existing detection rules, performing behavior that accomplishes the same adversary objective without triggering the rule (rule bypasses), and updating the rule to catch this behavior. This existing process requires significant security expertise and is quite time consuming even for those with the requisite knowledge. On the other hand, Large Language Models (LLMs) have the potential to assist with performing exactly this type of complex, time consuming task.’
Darin Smith is a leader for cloud native threat research @ Cisco Talos. Former Amazon threat hunting tech lead & FBI computer science. King’s College London, University of California at Davis.
CI/CD jobs don’t care about US budget cuts: why mirroring software vulnerability data matters
John ‘Warthog9’ Hawley
The National Vulnerability Database (NVD) is the biggest source of information about software vulnerabilities in the world. As more people have been using this data to help secure software supply chains, the servers behind the NVD have struggled to keep up. They implemented rate limiting and added an API to help people download less data at a time, but demand continued to grow, and continuous integration jobs didn’t care about US budget cuts affecting those running the service. But those same test and scanning jobs have managed not to completely over-run the servers that handle software updates for popular Linux distributions. What if rather than convincing people to slurp data more carefully (while somehow also convincing them that vulnerability scanning was great and they should do it), we reached out to some open source mirroring experts and made some magic happen? This is the story of how we mirrored the world’s vulnerability data and why.’
John ‘Warthog9’ Hawley a Linux kernel maintainer (ktest), FOSS mirror operator, wrangler of open source licensing, open hardware designer, and someone who believes in not only over engineering most things but that 12 gnomes in a trench coat sometimes works pretty darned well.
Building a Windows VMI System With No Windows Knowledge
Rowan Hart (@novafacing on twitter, @novafacing@haunted.computer on mastodon)
Building a Virtual Machine Introspection system for Windows VMs and guests is a serious undertaking. It’s even more serious if you know absolutely nothing about Windows. Join me on a journey through the process. We will explore the prior art. We will locate the sources of un-documented knowledge. Finally, we will implement a system that actually collects information from a running machine or memory capture.’
Rowan is an engineer at Intel working in system software fuzzing. He graduated from Purdue University in 2022 and is interested in fuzzing, program analysis, and security tool usability both at work and in his spare time.