Hacker Halted 2024 Speakers

Elizabeth Stephens

CEO, DBS Cyber LLC

Bio

Elizabeth is the CEO of DBS Cyber LLC, a company whose mission is to protect American families. She is a cybersecurity expert with a distinguished background leading intelligence teams in high-stakes environments. Formerly the Director of Data Center Cyber Risk Intelligence at Microsoft, Elizabeth’s work focused on the safety of critical digital infrastructure. Her experience includes evaluating cyber risks, providing actionable intelligence, and developing best practices to secure cloud operations.

A Nashville native and Memphis born retired United States Marine Corps veteran, Elizabeth completed three combat deployments to Iraq. Following her graduation from the United States Naval Academy, she earned an MS in Business Administration and Management from Boston University. She is also capstone pending in the Masters in Cybersecurity Program at California State University and has completed a MS in Public Leadership from USF.

Elizabeth’s career is marked by a trailblazing spirit. She holds the distinction of being the first black female graduate of the Naval Academy to become a selected Fleet Naval Aviator in the Marine Corps. Her other firsts include piloting the CH-46E, attaining tactical aircraft commander status, and becoming the first woman to fly the MV-22 Osprey. Elizabeth’s courage and leadership earned her an Individual Air Medal for her exceptional actions during a critical period in the first democratic elections in Iraq’s history.

Abstract

The cyber threat landscape is a battlefield. Outdated defenses leave us vulnerable. This manifesto unveils strategies for proactive risk management, intelligence-driven action, and a culture of cyber vigilance; it’s the modern survival guide for individuals and organizations.

Solomon Sonya

Computer Science Graduate Student, Purdue University

Bio

Solomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Masters Degrees in Computer Science, Information Systems Engineering, and Operational Art and Strategy. Solomon routinely develops new cybersecurity tools and presents his research, leads workshops, and delivers keynote addresses at cyber security conferences around the world.

Prior to attending Purdue, Solomon was the Director of Cyber Operations Training . Prior to that position, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy, Research Scholar at the University of Southern California, Los Angeles, and an Adjunct Faculty Instructor with the Advanced Course in Engineering Cyberspace Security (ACE) at the Air Force Research Lab in Rome, NY.

Solomon’s previous keynote and conference engagements include: DEFCON and BlackHat USA in Las Vegas, NV, SecTor Canada, Hack in Paris and LeHack, France, HackCon Norway, ICSIS ‚Äì Toronto, ICORES Italy, BruCon Belgium, CyberCentral ‚Äì Prague and Slovakia, Hack.Lu Luxembourg, Shmoocon DC, BotConf – France, CyberSecuritySummit Texas, SANS Digital Forensics Summit, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted Georgia, Day-Con Ohio, TakeDownCon Connecticut, Maryland, and Alabama, and AFCEA ‚Äì Colorado Springs and Indianapolis.

Abstract

Malware continues to increase in prevalence and sophistication. Traditional detection mechanisms fail to adequately detect new and varied malware. This talk teaches how to use AI and delivers a new Machine Learning framework to analyze malware classify malicious samples into malware families.

Marissa Davis

Information Security Analyst

Bio

With over five years of hands-on experience as an Information Security Analyst, I safeguard critical systems, networks, and data from sophisticated cyber threats. My expertise encompasses malware research and analysis, threat hunting, security operation center (SOC), and incident response activities, utilizing industry-leading tools and technologies. I’ve successfully identified and mitigated high-risk vulnerabilities, bolstering the company’s security posture.

I hold both a bachelor’s and Master’s degree in Cybersecurity. Additionally, I’ve earned certifications including Security+, eJPT, CySA+, and CSAP, showcasing proficiency across diverse cybersecurity domains. My professional journey spans various sectors, including roles at Maximus, Flashpoint, Synovus, and Columbus State University. Passionate about staying abreast of cybersecurity trends, I’m dedicated to fortifying digital defenses and fostering a secure online environment.

Abstract

In an age of relentless cyber threats, businesses teeter on the edge of a cyber dystopia. Join me for “Navigating the Cyber Dystopia: Proactive Incident Response,” where I’ll unveil strategies to outsmart hackers, fortify defenses, and secure your digital future. Stay ahead, stay protected!

Chris Esquire

Bio

Dr. Chris Esquire, esq. is a US Army veteran who served in the Signal Corps. Since 1996 he has worked in Information Technology for all industry sectors including public, private, military, and federal government. That also includes being a security analyst for one of the largest power companies in the world. For over 20 of those years he has operated in the security part of the field. Since 2017 he has focused his energy on educating individuals in cyber security having worked for over 5 universities. He has presented research internationally on various topics such as data breaches, cloud security, GDPR, cyber terrorism, and critical infrastructure protection. Lastly, he is also a licensed attorney who has focused his energy on education, community and public service with hopes on helping various industries and government bodies stay one step ahead of those who wish to do harm.

Abstract

What if I told you that for around $1,000 you can compromise and intercept satellite communications? Still not intrigued yet? What if I told you that all communication signals transmit under the bandwidth of satellite and microwave communications? These signals are always around us, remember that.

Jim West

Bio

Jim West possesses more than 32 years’ experience in the Information Technology field with over 20 years focused within Cybersecurity. He has worked in the IT and Security industry across many sectors of commercial, space, federal, and defense with expertise in Biometrics, Risk Management, Security Analysis, and Network and Systems Auditing. Jim holds multiple certifications which include; CISSP-ISSEP, ISSMP, GSLC, GCIH, GSNA, GPEN, G2700, PMP, C-CISO, S-CISO and many others. Jim has been invited to speak at Cyber Security conferences and events worldwide to include the NSA IA Symposium, Texas Technology Summit, CSfC Tech Day, TechNet Korea, Global CISO Forum, Cyber Bowl, Best Cyber Ranger, and many others. He was shortlisted as a finalist for Personality of the Year for the 2018, 2019, and 2020 Cyber Security Awards, and won in 2021. Jim was recently awarded the 2024 Cyber Leader of the Year award by Cyber First. West is also an award-winning author and writer. Jim’s “Cyber Security and Test Tips” eBook placed in the “100 Best Cyber Security Books of All Time” list by Bookauthority.org. For years he has developed and overseen IT and Cybersecurity strategy and solutions which solve complex problems for National Security systems and networks. West possesses a wide range of IT specialization to include systems integration, enterprise-wide and cloud security, network engineering, penetration testing, and more.

Abstract

Quantum Computing is soon to become a major advancement for the world, but with this huge step forward in compute power comes a real and serious threat to security for everyone. Threats that we will face in our near future.

Mauro Eldritch

Bitso Quetzal Team Leader

Bio

Mauro Eldritch is an Uruguayan-Argentine hacker, founder of Birmingham Cyber Arms LTD and DC5411 (Argentina / Uruguay). He has spoken at various events, including DEF CON (10 times). He is passionate about Threat Intelligence and Biohacking.

Currently, he leads Bitso’s Quetzal Team, the first in Latin America dedicated to Web3 Threats Research.

Abstract

What if the North Korean government stumbled upon your LinkedIn profile and decided to offer you a job interview? It’s more common than you think…

Kevin Cardwell

Cyber2 Labs

Bio

Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.

He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOSC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the Oman Airport Management Company (OAMC) airports. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA. LPT, APT, CHFI and a number of other certifications.

Abstract

Shattered Security: The Need for a Cybersecurity Overhaul

In the ever-evolving landscape of cybersecurity, organizations face unprecedented challenges. The current approaches have failed miserably!

I will underscore the urgency for a paradigm shift towards proactive resilience and detection. The increasing frequency and sophistication of cyber-attacks have exposed vulnerabilities in traditional reactive security measures. This emphasizes the need for a comprehensive overhaul that prioritizes the anticipation of threats and the implementation of robust defense mechanisms that deploy deception concepts.

The sad thing is, we are spending billions on products that are not going to fix this problem. It is time to stop the insanity! The presentation calls for a collaborative effort among industry stakeholders to foster a culture of security awareness and to invest in cutting-edge solutions that can adapt to the dynamic nature of cyber threats. By embracing proactive resilience and detection, organizations will not only protect their assets but also gain a competitive edge in an increasingly digital world.

We’ll move beyond reactive patching and the practice of chasing the latest vulnerability, instead focusing on strategies that anticipate and mitigate threats. This includes building robust detection and response capabilities, as well as employing deception techniques to mislead attackers and disrupt their operations using tried and true practices that offer solid results. By adopting a proactive, layered and multi-faceted approach, organizations can build resilience and emerge stronger in the face of the ever-evolving cyber threat landscape.

Georgia Weidman

Founder, Shevirah, Bulb Security

Bio

Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, mentor, angel investor, and the author of Penetration Testing: A Hands-On Introduction to Hacking. Her work in the field of smartphone exploitation received a DARPA Cyber Fast Track grant and she has been featured internationally in print and on national television including ABC, BBC, Fox, NBC, and in the PBS documentary Roadtrip Nation: Life Hackers. She has presented and trained around the world including venues such as Black Hat, DEF CON, NSA, Oxford, RSA, and West Point.

Georgia founded Shevirah to create products for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions. She is also the founder of the security consulting firm Bulb Security.

She received the 2015 Women’s Society of CyberJutsu Pentest Ninja award and is a Professor at the University of Maryland Global Campus. She holds U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing; as well as CISSP, Pentest+, and OSCP certifications. She has served as a subject matter expert with the CyberWatch Center’s National Visiting Committee, FTC’s Home Inspector IoT security challenge, and as a New America Cybersecurity Policy Fellow.

Abstract

Mobility has disrupted the enterprise network on the scale that PCs disrupted mainframes. Yet most enterprises continue to approach security as if though there is still a hard perimeter with nothing but corporate-owned end points and apps. We look at practical solutions to this ubiquitous problem.

Lucas Teixeira Rocha

Bio

As a passionate full-stack web developer with a deep enthusiasm for technology, I have cultivated a diverse and extensive skill set in software development, contributing to a variety of projects across different industries. My technical expertise encompasses a wide spectrum of programming languages and solution platforms, making me adept at navigating complex technological landscapes.

Since embarking on my programming career in 2011, I have developed proficiency in an array of programming languages and frameworks. My repertoire includes JavaScript with its various frameworks and libraries (Express, NestJS, AdonisJS, loopback.io, React, Angular), C# with .NET Core, PHP with popular frameworks (Laravel, Symfony, Yii), Python using Flask, and Java with Spring. This broad skill set enables me to effectively tackle unique project requirements, ensuring that each solution I deliver is not only tailored to specific needs but also upholds the highest standards of quality and innovation. My commitment to each project goes beyond just meeting specifications; it’s about creating solutions that drive progress and make a meaningful impact.

Darius Davis

Bio

Darius J Davis is a Senior Security Engineer at CircleCI and the leader of Southside CHI Solutions, where he enhances the security of small businesses on the southside of Chicago. With a comprehensive background in system administration and product engineering, Darius has built and secured large-scale systems, specializing in cloud security, IAM, and incident response. As a security engineer, he is committed to educating the public on IT security risks. He has spoken at both major conferences like BITCON and smaller, local events in Chicago. Follow his insights on YouTube and TikTok at @talkingtechwithd.

Abstract

Imagine the water you drink, cook with, and bathe in being at risk due to cyber threats. This talk dives into the challenges faced by water facilities and how they mirror those in other sectors. We’ll explore real-world incidents and provide actionable solutions to protect our essential resources.

Inna Vasilyeva

Senior Threat Intel Analyst & Reverse Engineer, HUMAN Security

Bio

Inna Vasilyeva is a Senior Threat Intel Analyst and Reverse Engineer at HUMAN Security. She has worked in advanced cyber intelligence analysis, reverse engineering, malware analysis and ethical hacking for the last 13+ years. Inna also actively tracks cybercrime and dark web activity including targeted malware. She has spoken at many worldwide conferences such as DEFCON, Black Hat US, Botconf, DCC, Underground Economy, FIRST, including winning or placing in multiple hacking competitions. In her time at HUMAN, Inna has contributed to a number of disruptions and takedowns, including the PARETO, Scylla, VASTFLUX and BADBOX/PEACHPIT operations.

Abstract

Demystify how malware infiltrates your device, disguises itself as legitimate apps and leverages social engineering techniques. While exploring basic techniques to analyze the app’s code and how malicious apps behave when running.

Georgios Diamantopoulos

Bio

As an engineer, Georgios prides himself for being pragmatic and a generalist – engineering at its best is meant to bring an intention to life. To build a system that fulfills specific requirements over time. With over 12 years of experience working with or for startup organizations, he really knows what it takes to kickstart a project without sacrificing long-term goals like maintainability or scalability. Since he co-founded Zero to MVP in 2019, Georgios and his team have built over 25 systems that can pivot and scale.

Abstract

Such an important topic and yet so little discussion around it! The usual office ergonomic tips are superficial vs what we REALLY need to paying attention to.

The ultimate goal here is to “shock” people into action so they can be healthier later and give them some easy, alternative tools to do that

Dr. Chuck Easttom

Bio

Dr. Chuck Easttom is currently in his own consulting practice both consulting and conducting research. He is also an adjunct lecturer at Georgetown University, adjunct professor at Vanderbilt University, and an adjunct professor at University of Dallas. He is the author of 43 books, including several on computer security, forensics, and cryptography. His books are used at over 60 universities. He has also authored scientific papers (over 70 so far) on digital forensics, machine learning/AI, cyber warfare, cryptography, bio-engineering, and applied mathematics. He is an inventor with 26 computer science patents. He holds a Doctor of Science (D.Sc.) in cyber security (dissertation topic: “A Comparative Study of Lattice Based Algorithms for Post Quantum Computing”) and a Ph.D. in Technology focused on nanotechnology (dissertation topic:“The Effects of Complexity on Carbon Nanotube Failures”), and a Ph.D. in computer science with emphasis on applied mathematics (dissertation topic “A Systematic Framework for Network Forensics Using Graph Theory”), as well as four master’s degrees (one in applied computer science, one in education, one in strategic and defense studies, and one in systems engineering).. He is a Senior Member of the IEEE and a Senior Member of the ACM as well as a member of IACR (International Association of Cryptological Research)a member of APS (American Physical Society), and INCOSE (International Council on Systems Engineering). He is also a Distinguished Speaker of the ACM (Association of Computing Machinery). and a Distinguished Visitor of the IEEE Computer Society, and a frequent speaker at conferences. He also currently holds 80 industry certifications (CISSP, CASP, CEH, etc.) He is a member of IEEE Software & Systems Engineering Standards Committee. Worked on the DevOps 2675 IEEE standards group 2017 to 2019 and currently a member of the IEEE Engineering in Medicine and Biology Standards Committee Standard for a Unified Terminology for Brain-Computer Interfaces P2731. He is also Vice Chair of IEEE P23026 – Systems and Software Engineering — Engineering and Management of Websites for Systems, Software, and Services Information. Chair of IEEE P3123 Standard for Artificial Intelligence and Machine Learning (AI/ML) Terminology and Data Formats. He frequently serves as an expert witness in computer related court cases. You can get more details at www.ChuckEasttom.com

Abstract

AI including large language models has already been used by terrorists as well as cyber attackers and even child predators. And all current data suggests this will increase dramatically in coming years.

Allie Hunter

Bio

Allie Hunter is a Cybersecurity Awareness Manager and Advisory Board Member with experience in promoting cybersecurity best practices and awareness. She is dedicated to ensuring organizations understand and implement effective cybersecurity measures. Allie also volunteers as a Marketing Manager/Moderator for Fireside Chat with IT/Cyber Leaders and contributes to quality assurance initiatives with Women in Technology (WIT). Her diverse educational background includes degrees and certificates in Marketing Management, Fine Arts, and Psychology, along with IT and Cybersecurity from Kennesaw State University, College of Coastal Georgia and Emory University.

Abstract

Learn how to revolutionize your cybersecurity awareness training with Allie Hunter’s groundbreaking “Hunter Method.” Utilizing relatable stories, employees become captivated while internalizing crucial lessons needed to protect themselves, their families, the organization and its customers.

Pallavi Deshmukh

Cloud Security Manager, Coupa Software

Bio

Pallavi is working as a Cloud Security Manager with over 14 years of experience, excelling in managing cloud security teams and passionate about penetration testing. As a dedicated advocate for application security and accomplished security researcher, Pallavi’s expertise extends to diverse domains, making her a valuable asset in fighting cyber threats. Her commitment to cybersecurity and pioneering work as a woman in application security promise to ignite lively discussions at the conference. Presented for the VulnCon conference.

Abstract

Web apps often utilize template systems FreeMarker for embedding dynamic content. However, unsafely embedding user input can lead to Template Injection vulnerabilities. This paper explores an issue discovered in the Alfresco Community Edition, allowing attackers to perform SSTI, resulting in RCE.

Andrea Amico

Privacy4Cars

Bio

Andrea Amico’s 1000+ media mentions (TV, radio, podcasts, articles) and his signature blue hair make him one of the most recognizable and vocal experts on vehicle privacy and security. As the founder & CEO of Privacy4Cars, the first privacy-tech focused on automotive, Andrea brings a hacker mindset to the auto industry: disclosing vulnerabilities, authoring novel research, and creating solutions that are redefining the role of privacy for cars. He holds several patents, including for AutoCleared; a mobile tool used in 1,500,000+ vehicles to efficiently manage, execute, and log the deletion of Personal Information from cars. His https://VehiclePrivacyReport.com is a first-of-its-kind privacy disclosure tool that consumers can use to learn what their car collects, shares, and sells, and how to take action to reduce your vehicle’s data footprint: with manufacturers, auto finance companies, insurance companies, and more.

Abstract

Cybersecurity podcast host and book author Carey Parker of Firewalls Don’t Stop Dragons and vehicle privacy expert Andrea Amico of Privacy4Cars get together by that dumpster fire that is vehicle privacy. They’ll share their stories and knowledge. You’ll never look at a car the same way again.

Ben Halpert

Bio

Ben Halpert is a man on a mission: to educate and empower today’s digital citizens in the workplace, at schools, and at home.

By day, he is the CSO at The Cyber Health Company providing individuals cybersecurity, online privacy, and digital hygiene services with 24/7 human support.

By night, he champions cyber ethics education throughout society via the 501(c)3 nonprofit Savvy Cyber Kids he founded in 2007.

Ben enjoys being on boards of organizations looking to enhance value and organizational resilience for the stakeholders they serve.

Ben is honored to speak and keynote at conferences and events worldwide. He has presented at the World Economic Forum, NACD directorship training, RSA Security Conference, GISEC Global, InfoSec World, SecureWorld, Cyber Future Foundation, IEEE, ACM, CSO50, CIO/CISO Summits and many other events over his career.

Ben was invited to present at TEDxKids@Vilnius (Raising Savvy Cyber Kids) and TEDxSaintThomas (Technology addiction and what you can do about it).

Based on his early research and experience in the then emerging field of Cloud Computing, Ben was invited to publish Auditing Cloud Computing: A Security and Privacy Guide through John Wiley & Sons. Ben was a contributing author to Readings and Cases in the Management of Information Security and the Encyclopedia of Information Ethics & Security, wrote the security column for Mobile Enterprise Magazine and has contributed to seven NIST special publications.

Through Savvy Cyber Kids, Ben provides cyber ethics educational and awareness sessions for parents, teachers, and students from preschool through high school. Ben is the award-winning author of The Savvy Cyber Kids at Home children’s book series (The Family Gets a Computer, The Defeat of the Cyber Bully, and Adventures Beyond the Screen).

As a trusted voice on a variety of cyber security issues, Ben has made numerous TV and radio appearances and has been featured in newspapers and magazines such as The New York Times, Wired, Bloomberg, BBC, Kiplinger, Good Morning America, Good Day Atlanta, CNN HLN, Fox News, RogersTV, RTVI, 11 Alive, WSB-TV, among others.

Abstract

Learn how to revolutionize your cybersecurity awareness training with Allie Hunter’s groundbreaking “Hunter Method.” Utilizing relatable stories, employees become captivated while internalizing crucial lessons needed to protect themselves, their families, the organization and its customers.

Alexandre Horvath

CISO at Cryptix AG

Bio

Alexandre Horvath has over 20 years of experience in multinational organizations on a global level. A motivator, innovator, leader, and security enthusiast, he has solid knowledge of privacy, data protection, and cybersecurity. He has successfully managed international cross-functional teams and major IT security and risk programs. He has over a decade of strategic, operational, and project management leadership expertise in IT security and risk management. Alexandre specializes in service management, risk remediation, and delivery of global projects. In his role as a leader, he manages the triangle of cost, quality, and speed to market while considering strategy as well as emerging security needs.

Abstract

On their 1st day, a deepfake remote hire will steal your secrets, plans, data, and install ransomware.

This expensive and soon-to-be widespread scam is designed to fool interviewers into believing that a “electronic caricature” is actually a highly qualified real candidate.

Himanshu Sharma

Bio

Coming Soon

Abstract

This talk covers how modern endpoint protection solutions like EDRs and XDRs detect malware with static, dynamic and behavioral analysis and then dives deep into our novel techniques used to bypass such solutions during real world red team engagements in sophisticated corporate IT ecosystems.

Carey Parker

Bio

Coming Soon

Abstract

Cybersecurity podcast host and book author Carey Parker of Firewalls Don’t Stop Dragons and vehicle privacy expert Andrea Amico of Privacy4Cars get together by that dumpster fire that is vehicle privacy. They’ll share their stories and knowledge. You’ll never look at a car the same way again.

Omkar Joshi

Lead Security Engineer, Coupa Software

Bio
  • More than 11 years of experience in Security domain especially Pentest, Application Security, Forensics Investigation
  • Currently Leading OffSec team @ Coupa Software
  • Passionate Red teamer, Security researcher
  • Reported multiple vulnerabilities in products, applications and acknowledged with CVE’s
  • Holds prestigious certifications that testify to his expertise and commitment to the cybersecurity industry, including Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO) and much more.
  • Presented across conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon
Abstract

Web apps often utilize template systems FreeMarker for embedding dynamic content. However, unsafely embedding user input can lead to Template Injection vulnerabilities. This paper explores an issue discovered in the Alfresco Community Edition, allowing attackers to perform SSTI, resulting in RCE.

Wayne Burke

Bio

Wayne Burke is internationally recognized for his commitment and work experience, achievements and contributions to the IT and Cyber Security Industry. Currently specializing in many offensive and defensive Ai technologies for Robotics such as Drones, building and managing new high-tech security tools, custom hardware solutions for Bio-Medical products, Digital Forensics, Penetration Testing, Mobile Security and radio frequency using specialized SDR’s.

Wayne and team have delivered Security assessments, Penetration Test assignments and customized training for International Corporations and many Government Agencies such as: EPA, FAA, DOJ, DOE, DOD, Air Force, Army, Navy, Marines, FBI, NSA and many more USA Gov bodies.
In Europe: United Nations, NATO, Europol, MOD (Military of Defense UK) various EU Law Enforcement, Dutch Ministry of Defense, Ministry of Justice, local European Law Enforcement: UK, Ireland, Switzerland, Belgium, Holland, Denmark.

ASIA: Singapore Gov, Philippines’ Presidential Office, the Undersecretary, and Cyber Crime Police Specialist Unit. Jakarta, Tax Investigations Office. Various Malaysian Gov agencies. His experience in the public / defense sector is equally complemented by assignments undertaken for heavyweight world renowned corporations.

Imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and Cyber Security (CPENT, CEH Master, ECSA, CPTS, LPT, CHFI, CTIA, CSA, Security+ and CCE) besides a bachelor’s degree in science.

Abstract

Navigating the Double-Edged Sword: The Risks and Benefits of AI/ML in Computer Security

In 2024, Artificial Intelligence (AI) stands as a pivotal technology in the realm of computer security, presenting both unparalleled benefits and significant risks. This presentation will delve into how AI is transforming security practices, enhancing threat detection, and automating responses to cyber threats. We will explore the advanced capabilities AI brings to predictive analytics, allowing for proactive defense strategies against emerging threats.

However, the integration of AI in cybersecurity also introduces new vulnerabilities. Malicious actors are increasingly leveraging AI to create sophisticated attacks, including automated phishing schemes and AI-driven malware that can adapt and evolve. The presentation will discuss the potential for AI to be used in adversarial attacks, where attackers manipulate AI systems to bypass security measures.

Moreover, ethical considerations and the need for robust AI governance frameworks will be highlighted, emphasizing the importance of ensuring AI systems are transparent, accountable, and secure. We will also examine case studies of AI-driven security in action and the lessons learned from their implementation.
By balancing the discussion on both the promise and peril of AI in cybersecurity, this presentation aims to provide a comprehensive understanding of how to harness AI’s potential while mitigating its risks, ensuring a secure digital future.

Keith Turpin

Bio

Chief Information Security Officer (CISO) at The Friedkin Group, a multibillion-dollar international consortium of automotive, hospitality, entertainment, sports, and adventure companies.

Recent accomplishments while leading cyber security at The Friedkin Group:

  • 2024 Orbie Award – Houston Large Enterprise CISO of the Year
  • 2023 Forbes 20 Best Security Programs in the U.S.
  • 2023 CSO Online CSO50 Award
  • 2023 Cyber Defense Magazine Top 100 CISOs

Former Chief Information Security Officer (CISO) and Head of Global Infrastructure at Universal Weather and Aviation, an international aviation logistics company operating more than 50 locations in 20 countries.

Former Technical Fellow at The Boeing Company leading:

  • International IT Security Operations
  • Supply Chain Security
  • Enterprise IT Risk
  • Software Security

Former U.S. delegate to the International Standards Organization’s (ISO) Cyber Security Sub-Committee
Former OWASP Global Projects Committee Member
Former Transportation Sector Chief for the Houston FBI InfraGard program

Graduate of the FBI CISO Academy at Quantico
BS in Mechanical Engineer and MS in Computer Systems

Abstract

Doing your job is not the same as managing your career. Your job is what you do today, but your career is what you will be doing 5 years from now. Getting what you want in the future is about laying down the right ground work for success today. Find out what that means in this candid conversation.

Tom Updegrove

Bio

I cut my teeth on a Tandy Coco, made toast with a Commodore Amiga 2500 in the 80′. Became a Microsoft Systems Engineer & Cisco Network Associate in the 2000′. If I am not researching the trend in Cyber you will find me in the park doing Tai Chi or at Martial Posture the Martial Arts school I founded slugging it out with my Amigos. Self Defense has many levels.

Abstract

In this presentation, we explore the integration of shellGPT, an advanced AI model, into ethical hacking practices. As cyber threats evolve, so must our tools and methodologies. We’ll demonstrate how shellGPT can be utilized in various stages of ethical hacking

Todd Renner

Bio

Mr. Renner is a senior cybersecurity expert with more than 25 years of experience leading complex global investigations, cyber intrusion response, digital asset tracing, cryptocurrency theft recovery, preparedness and crisis management. Mr. Renner advises clients on cybersecurity and data privacy topics including third-party risks, insider threats, counterintelligence risks, forensic investigations, cross-segment risk management, cyber fraud protection, regulatory compliance including CFIUS and NYDFS, assessorships and monitorships, and international cyber incidents. He leverages a technical background and strategic perspective when dealing with complex cyber challenges and the associated risks businesses are facing.

Prior to joining FTI Consulting, Mr. Renner was a Federal Bureau of Investigation (FBI) Supervisory Special Agent, leading high-profile international cyber investigations that resulted in increased corporate protection, risk mitigation, prevention techniques, and actor attribution.

While at the FBI, Mr. Renner advised victims of cyber events, from informing corporate board rooms and C-Suites on cyber risk to handling ransomware, business email compromise, advanced persistent threats (APT), cryptocurrency thefts, counterintelligence threats, and other investigations. In recent years, Mr. Renner led multiple efforts to successfully recover over $100 million in stolen proceeds from cyber criminals.

Mr. Renner served in a diplomatic role as an FBI Supervisor in the United Kingdom, working daily with the UK’s‚ National Cyber Security Centre and Ireland’s‚ National Cyber Security Center. He was directly responsible for increasing global collaboration between industry and government partners, leveraging his extensive international operations experience, and applying geo-political visibility to ongoing cyber events.

Mr. Renner also served in a leadership role at the National Security Agency (NSA), leading enterprise-wide national security cyber operations. He led collaborative efforts across business units and field offices to develop and implement technical solutions to prevent, protect, and defend against some of the world’s‚ most advanced threats.

A highly decorated cybersecurity expert, Mr. Renner has been awarded multiple awards for his contributions to the cybersecurity community, including the FBI Director’s Award and the Director of National Intelligence Meritorious Unit award. Mr. Renner was selected as a member and supervisor of the FBI’s Cyber Action Team (CAT), a team of forensically trained cyber experts who deploy globally for incident response and threat hunting during the most critical cyber incidents, on behalf of the US government.

Mr. Renner has been retained as a cybersecurity expert in various cases, providing his expertise in legal proceedings. He has authored multiple expert reports and has testified in federal court cases, sharing his opinion on the topics of digital forensics and the cybersecurity industry.

Mr. Renner is committed to improving the cyber security talent pipeline and giving back to the community. He served as an Adjunct Professor of Cybersecurity at Mercer University and created ongoing programs at the high school-level to promote STEM awareness, recruiting and training tomorrow’s cyber leaders.

Abstract

Following a career as an FBI Agent, pursuing justice for those who were victimized by threat actors, the speaker will share his experiences of chasing threats from nation state and criminal actors to now, his work with companies facing a different threat: from litigation and regulatory actions.

Sergey Chubarov

Bio

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years’ experience on Microsoft technologies.

His day-to-day job is to help companies securely embrace cloud technologies.

He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, MCT Regional Lead, EC Council CEH, CPENT, LPT, CCSE, CEI, CREST CPSA, CRT and more.

Frequent speaker at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin’ Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box etc.

Prefers live demos and cyberattacks simulations.

Abstract

Session explores a world where security analysts have an AI-powered sidekick that not only assists but also enhances their capabilities.

Attendees will see how OpenAI, GPT-4 and Microsoft Copilot for Security empower security professionals to catch threats others miss and strengthen their expertise.

Justin Varner

Bio

Justin Varner is a seasoned and passionate security professional with over 18 years of experience in the industry across a variety of security domains and disciplines.

His career started as a cryptographer at NASA where he spent time redesigning the cryptographic messaging system used to communicate from the mission control center to the International Space Station. During a focused and driven career, he has had the opportunity to work across a multitude of different industries in various roles that have ranged from security architecture to offensive security to DevSecOps and everything in between.

His most recent endeavors have been focused on helping others improve their ability to rapidly detect breaches and generally bolster their overall security posture with simple and pragmatic means and methods.

Justin embraces any opportunity to teach fundamental security concepts to those who need help but have no idea where to look, and he prides himself on being able to break down and articulate complex topics in a fun, interesting, and engaging manner that appeals to people from all backgrounds.

Abstract

Breaches continue happening at unprecedented levels with huge financial impact to the global economy year after year.

This talk discusses a different way of thinking about breach detection that is intended to improve alert fidelity, reduce time-to-detection, and mitigate the impact of a breach.

Andrew Amaro

Bio

Andrew is a highly skilled engineer and a former member of the Canadian Armed Forces.

With close to 20 years of experience in security and threat intelligence, he has an impressive track record.

As a former Technical Operations Agent and Senior Manager of the Counter Terrorism\Proliferation Technology Group at the Canadian Security Intelligence Service (CSIS), Andrew continued to excel in his security career at the National Head Quarters (NHQ) and the Ottawa Regional office.

He has a wealth of experience leading and coordinating technical teams on data exploitation, physical access, online anonymity, and digital surveillance operations, in support of Canadian national security investigations.

In 2019, Andrew transitioned to the private sector, where he specializes in social engineering, dark web navigation, online privacy, risk management, and cyber attack incident response planning.

Andrew is a seasoned physical and cyber security operator, advisor, and consultant. He has recently collaborated with other industry experts from the Intelligence and Cyber Security community to establish Klavan.

*CSIS (Canadian Security Intelligence Service)

*Physical access includes: Perimeter breach and TSCM assessments (Technical Surveillance Countermeasures)

Abstract

Step into cyber warfare’s shadows with firsthand intelligence insights. Explore critical infrastructure’s vulnerability and strategic cyber attack maneuvers. Together, let’s fortify defenses and shape a safer digital future.

Jeremy Straub

Bio

Jeremy Straub is the director of the North Dakota State University Cybersecurity Institute and an Associate Professor in the North Dakota State University Computer Science Department. His research spans a continuum from autonomous technology development to technology commercialization to asking questions of technology use ethics and national and international policy. He has published more than 60 articles in academic journals and more than 100 peer-reviewed conference papers. Straub serves on multiple editorial boards and conference committees. He is also lead inventor on two U.S. patents and a member of multiple technical societies.

Abstract

Autonomous cyber attack and defense capabilities were science fiction and are now very real threats and weapons in the next generation of cyber (and conventional) warfare. This talk discusses the state of these capabilities and how explainable AI and the cyber kill chain concept can enable them.

Len Noe

Bio

Len Noe, a Technical Evangelist, White Hat Hacker, and Transhuman at CyberArk Software, is a dynamic and influential speaker on the international security circuit. With an impressive track record of delivering impactful presentations in over 50 countries and at renowned security conferences worldwide, Noe’s expertise leaves a lasting impression. Notably, he has graced the stage at the prestigious World Conference in The Hague, C.E.R.T. EU, and has been invited to address multiple governments.

Len is the author of Human Hacked: My life and lessons as the worlds first augmented ethical hacker. With his first book Len exposes the subculture of Transhumans and the capabilities available to this new breed of human, along with the cyber security risks they pose.

Len is a co-host of the Cyber Cognition Podcast and a thought leader in the field of Transhumanism. With his upcoming book, he shares a captivating narrative of his personal evolution, solidifying his position as one of the world’s foremost authorities in this transformative movement. As a futurist, Len’s insights and expertise are highly sought after.

Len’s passion for the Transhuman/Human+ movement is unparalleled, and he actively employs microchip implants to pioneer advancements in cyber security and enhance the human experience. His groundbreaking research has garnered global recognition, appearing in multiple global news outlets, while his regular appearances on top-tier security podcasts showcase his ongoing contributions to the field.

With a rich history as a Black/Grey Hat Hacker, Noe’s extensive practical experience has shaped his skills. Over the course of 30 years, he has honed his expertise in web development, system engineering/administration, architecture, and coding. For the past ten years, Len has devoted his focus to information security from an attacker’s perspective Actively engaging with the Texas information security communities and organizations like the Autism Society, Len continuously demonstrates his commitment to making a positive impact beyond the realm of technology.

Abstract

Transhumans, individuals enhanced with technological augmentations, are no longer just a concept from science fiction—they exist and walk among us today. Historically, these individuals have been perceived either from a medical standpoint, with enhancements designed to aid those with disabilities, or as full cyborgs, a notion confined to the realms of speculative fiction. However, with the advent of Brain-Computer Interfaces (BCI), SMART technologies, and consumer products, the boundary between the physical and biological is rapidly disappearing, transforming the landscape of human capability and interaction.

Today’s headlines increasingly reflect scenarios reminiscent of science fiction movies, highlighting the profound implications of these advancements for cybersecurity. Augmented humans, with their integrated technological enhancements, pose a significant cyber threat to modern security controls. These transhumans can perform sophisticated cyber attacks such as URL redirections, phishing, smishing, and even man-in-the-middle (MiTM) attacks, all executed from technology embedded beneath their skin. The integration of such advanced tech within the human body renders traditional security measures inadequate, necessitating a rethinking of our defensive strategies.

We are living in a future world today, and it is crucial to recognize and acknowledge this reality to ensure our security. The presence of transhumans necessitates a paradigm shift in our approach to cybersecurity, calling for the development of new strategies and technologies to defend against the unique and evolving threats they present. This presentation aims to illuminate with multiple demonstrations including implant initiated MiTM attacks, Phishing, Smishing, and full automated Linux attacks. The expanding landscape of cyber threats posed by transhumans is a real. The urgent need for complimentary and layered security solutions to safeguard our society in this new era of human evolution is already here.