Chris Roberts |
TBD |
|
|
Nick Roy |
OSINT and the Hermit Kingdom. Leveraging online sources to learn more about the worlds’ most secret nation |
OSINT tools provide security analysts with a powerful set of tools and data that can be leveraged to discover accounts, infrastructure, and long forgotten services that are still running. Using these sources we can research specific companies or users, find easy targets for bug bounties, and begin reconnaissance efforts against our own systems. Learn more about different techniques to gather information while examining North Korea’s public facing infrastructure and their state sponsored operating system. |
50 minutes |
Mark Manning |
Command and KubeCTL: Real-World Pentesting of Kubernetes Environments |
Kubernetes is a security challenge that many organizations need to take on, and we as pentesters, developers, security engineers, and the technically curious need to adapt to these challenges. In this talk we will look at tactics, techniques, and tools to assess and exploit Kubernetes clusters. We will demonstrate how to intercept service mesh traffic, evade runtime syscall filters, exploit custom sidecars, and chain attacks that go from compromising a build environment, to exploiting production applications. We’ll cover real world attack paths, provide practical advice, and guidance using the experience of conducting hundreds of reviews of containerized environments while running a team of container ninjas. |
50 minutes |
Brian Callahan |
The education of hacking: A year of teaching all the things |
Cybersecurity majors are being increasingly offered at colleges and universities across the United States. This is in addition to the many informal and corporate-sponsored routes towards cybersecurity education. This talk explores two formal cybersecurity courses offered at Rensselaer Polytechnic Institute: the flagship Information Systems Security course as well as a new course named Modern Binary Exploitation. These two courses provide us a tale of two approaches: one formally designed by a professor and the other originally developed and taught by students. We will examine what worked, what didn’t, future plans for these two courses and the potential for future courses and cybersecurity activities at RPI. We will conclude with strategies for students and teachers to get the most out of their cybersecurity education, regardless of its source. |
50 minutes |
Matt Arnold |
OpenBSD Server Side |
An Introduction the OpenBSD Web Server environment, including frontend technologies such httpd(8), relayd(8), acme-client(1), . And how these technologies use OpenBSD’s proactive security features like pledge,, unveil and others, to stop or mitigate common exploits. |
50 minutes |
Chloé Messdaghi |
Hacker Rights |
1 out 4 of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This talk will focus on increasing public awareness in order to bring legislation that supports ethical hackers, challenge socially constructed biases, and encourage organizations to support bilateral trust within their policies… and the actions we can do to change the current landscape. |
50 minutes |
Joe Sarkisian |
JUST JUMP! Lessons for Wannabe Social Engineers by a Recent Wannabe Social Engineer |
Social Engineering is both the easiest and hardest part of the wider security field to enter; easy in that it doesn’t always require lots of technical knowledge, and hard because it can be absolutely terrifying to start. As someone who knows this feeling, works in the field, and has been forced to make it up as they go (with a little help from some amazing people), I’ll be talking a bit about lessons learned as I began my journey! |
50 minutes |
Jon Bauer |
Building My First Red Team Framework |
: In my years of doing red team work at RIT with the club I wrote a lot of different custom offensive tools. With this I wanted a easy way to integrate all of my ideas together, as well as give other people who were interested in this type of security a good starting base. This talk goes over what I have currently worked on. |
20 minutes |
Ayobami Emmanuel Adewale & Sarah Swad |
Project CICADA |
Continuous integration and delivery(CI?CD) is a method to quickly deliver software to customers by automating the different stages in development. Some CICD involves the use of virtualized environments and with that, developers fail to properly “locked down” that service resulting to comprised build cycles. Project CI/CD is a post exploitation framework created to exploit CI/CD systems. |
20 minutes |