2021 Program and Speakers

We are currently building out our program so please check back for updates. 

Jay Beale


Session Title: Hacking Kubernetes Security - the CTF Attack Path

Come learn Kubernetes attack TTPs in this demo-heavy presentation! We'll demonstrate the attack path that fully compromises the Def Con Kubernetes Capture the Flag (CTF), picking up flags and movie references. You'll learn techniques that you can use on real-world Kubernetes attacks and map these to the Mitre Att&ack Framework. Finally, you'll gain a stronger understanding of the security controls in and available to Kubernetes cluster.

O'Shea Bowens

Founder & CEO
Null Hat Security

Session Title: Up, Up And Away- Hunting the Bad Actors Into The Clouds

The objective of this talk to to create dialogue about the changing landscape concerning cloud environments. It doesn't matter which of the big three cloud providers we focus on, there is lacking conversation around how we identify sketchy activity of threat actors. Currently we are overwhelmed with threat actors leveraging cloud services to host attacking infrastructure, identify buckets and accounts with weak security controls, hosting stolen data, and many more nefarious types of activity. What are we doing about it? I'll share my research and techniques for hunting across cloud services, identifying attacker activity, and strengthen your cloud environment. Disclaimer: I will try not to rag on any specific cloud providers.

Marina Ciavatta
CEO and Co-Founder
Hekate, Inc.

Session Title: Don't fear the reaper! Teaching Social Engineering to your family and friends

How a Physical Pentester is educating people like your family and friends about Social Engineering in the middle of a pandemic. All the way from Brazil, Marina Ciavatta is an innocent looking girl who actually breaks and enters into the biggest companies in her country using Social Engineering. Telling her stories through talks around the world and also at family and friends gatherings (like the bar table), she learned how people respond to Security and Hacking tips when you make then funny and relatable. Prepare to have some fun with some Physical Pentesting tales and scratch your brain as well with some challenges regarding how we talk and educate people on their own common day to day Security issues.

Patrick Coble
VDI Security Architect

Session Title: How to Hack VDI

VDI Deployments are in over 90% of all the Fortune 1000 companies and are used in almost all industry verticals, but are they secure? With the rise of Work From Home VDI deployments have grown and become much more common with the pandemic in 2020. The goal of most VDI deployments is to centrally deliver applications and/or desktops to users internally and externally, but in many cases their basic security recommendations haven’t fully deployed, allowing an attacker to gain access. This talk will review the basic design of the top two solution providers, Citrix and VMware along with some notes on Windows Azure Virtual Desktop as a growing solution. We will go over these solutions strengths and weaknesses and learn how to quickly identify server roles and pivot. We will also examine all the major attack points and their defensive counters. If you or if you have a client that has a VDI Deployment you don’t want to miss this talk.

Chris Eng
Chief Research Officer

Session Title: Navigating the shifting sands of third-party software

Open source code has become ubiquitous in modern software, but recent research highlights some troubling security risks. Veracode’s State of Software Security: Open Source Edition v11 found that 79 percent of third-party libraries are never updated after initial inclusion in a codebase. The research also found it takes more than a year for developers to fix 50 percent of vulnerable libraries. These findings further illustrate the security risk posed by third-party code and a “set it and forget it” mindset.

Eric Escobar
Principal Security Consultant

Session Title: Your corporate networks are showing

Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? This talk will discuss their evolving wireless pentest methodology and answer audience questions.

Kevin Johnson
Secure Ideas

Session Title: Exploding the Whales: Actual Examples of engineers and developers not understanding results.

In 1970, engineers blew up a whale. No, really, they did, and they thought it was the best idea to solve a rotting carcass problem. While this example doesn't appear to be related to application security, we see this misunderstanding or disregard for results quite often as we test. In this presentation, Kevin Johnson of Secure Ideas will walk attendees through various tests from his career as an application penetration tester. These examples will include the problems Kevin and his team found and the techniques for finding the issues in your applications. After listening to the presentation, the audience will understand the flaws, how they are misunderstood, and how to look for them in their own software development practices.

Dave Kennedy

Session Title: Defense for All: Paving the Way Forward

Much has changed in over twenty years that I’ve been in security. The industry is evolving both in good and bad ways. One continual theme is the continual over-reliance on technology versus focusing on understanding offensive capabilities and detection engineering. There has been monumental shifts for organizations to focus on more visibility and focusing heavy on defense however, the general masses still do not have more than an average or below average program in place. This talk will dive into what trends to follow, how we need to position ourself in the future, and most importantly how we afford security to the masses versus a small percentage. We have the ears of the world listening, how do we have a clear consistent message to help and drive progress forward to everyone.

Justin Kohler
Director, BloodHound Enterprise

Session Title: Active Directory Attack Paths: What they are, Why they're so difficult to manage, and What you can do about it

Active Directory Attack Paths are nothing new yet every organization struggles to control the problem and eventually gives up. In this talk we'll cover why that is starting with the basics of an Attack Path and how it is formed in Active Directory. We'll then cover some of the existing approaches and why they've been unsuccessful. Finally, we'll cover effective Attack Path Management principals and how everyone can start today using the free and open-source BloodHound.

Nick Leghorn
Director of Application Security
The New York Times

Session Title: Learning from Failure: Tales of Incident Response Gone Wrong

Sometimes the most entertaining (and instructive) stories are ones where the good guys don't necessarily win.

Nick Leghorn is an information security professional who has done more incident response than most people would ever hope to see in their lifetime, and not all of it has gone to plan. In this talk Nick will walk through some of the most interesting examples of incident response gone wrong (including at least one incident featured in newspapers around the world) and discuss the lessons learned from each one.

Hopefully by learning from these examples we can all prevent the same issues in the future.

Alyssa Miller
BISO (Business Information Security Officer) 
S&P Global

Mike Schladt
Principal Cyber Security Researcher
General Electric

Session Title: Demystifying Data Science for Modern Cyber Operations

It's no surprise with the exponential explosion of connected devices from smart TVs to home automation to remote monitoring, manual review of security related events isn't keeping pace (and hasn't for a while). Automation, AI, and data analytics is not a new concept to the domain of cybersecurity and nearly all vendors proudly proclaim the virtues of these technologies deployed in their products. Then why do the majority of cyber professionals seem to shun data analytics and avoid unlocking the potential of data science techniques in daily operations??? In this presentation, we will tackle the fundamentals of data science including data acquisition, graph analytics, artificial intelligence, and machine learning. Within the context of those domains we gently introduce the key concepts of statistics, path finding, centrality, modeling, classification, feature sets, training, and more. Sound complicated? Don't worry! This presentation isn't for PhD's, it's for the real world cyber operator. All concepts include practical applications to threat hunting, attack surface modeling, cyber intelligence mapping, and anomalous event detection. Open source tools including network graphing and AI enabled threat modeling to accompany presentation!