Talks at Hack Red Con 2022
Keynote RoundTable Day 1
Discussion from top security experts on topics like: how to stay positive in the current virtual workplace, how in demand are cyber security jobs, what does the future of cyber security look like, what can someone new do to break into the field. Followed up with a QA from the audience.
Zach Stashis Moderator, Founder Hack Red Con & Red Seer Security
CEO GlobalWave Consulting
War Stories Covert Physical, Wireless, and Red Team Assessments Against Government and Commercial Clients.
For each issue, they'll dive into techniques used to trick security guards into handing over access cards, employees allowing keyloggers to be plugged into systems, bypassing expensive access controls into Data Centers, C-Level executives handing over laptops, and MUCH more.
Covert Entry Specialist
Covert Entry Specialist
Digital Forensics & Incident Response (DFIR) - Mobile Forensics
Katrina Khanta will provide an overview Digital Forensics & Incident Response (DFIR), present her smartphone forensics research, and discuss how you can leverage your current skills to succeed in the Cybersecurity industry. This presentation aims to eliminate self-doubts and inspire the audience to pursue their curiosities through various methods and techniques on how to get started.
Cyber Solutions Engineer II - The Walt Disney Company | M.Sc. Cybersecurity & IT | Sec+ | Pursuing Doctorate of Science in Cybersecurity
AWS IAM Privilege Escalation Redux
int eighty (of Dual Core)
int eighty (he/him) is a computer crime enthusiast, and the rapper in Dual Core. Occasional memes and hacking content on Twitter as @int0x80.
You have gained access to an AWS account but lack permissions to complete your objectives. You attempt every privilege escalation path documented online, but none of them are successful. The objectives now seem impossibly distant; your battery is low and it’s getting dark.
This talk will present a set of IAM privilege escalation paths that I have not seen documented online* accompanied by anecdotes of adventures in cloud security. Attendees will learn new tricks for IAM privilege escalation in AWS along with a methodology for evaluating potential priv esc paths.
Hidden Threat of Social Media - Social Engineering & OSINT
Learn how, terrorists, criminals, and spies, “bad guys” take the seemingly innocuous information your employees post online and use it to compromise your company's network. Specifically, participants will learn how these “bad guys” use this information to create infected e-mails/documents that will compromise your network. In these instances, it does not matter how robust your IT budget is, because the offender has totally bypassed it.
Stacy M. Arruda
FBI - Supervisory Special Agent Retired &
Founder & CEO of Arruda Group
Bootstrapping your AppSec program
Bootstrapping your AppSec program. We dive into what I have learned from being apart of growing AppSec programs with companies like 1Password and Red Canary. We will take a look at secure SDLC, social engineering a culture and leadership that works. Application security is a strange place in InfoSec and I want to make it better and more effective while not hindering business. This talk was a great success at RVAsec this year.
Security Engineer at Red Canary
Spilling the Beans: How to Spot a Bad Pentest
Ever wondered what the magic is behind a penetration test? Did you receive a pentest report that does not line up with your expectations? Do you want to get more out of your consulting partners or want to know the secret to landing that job at a consulting firm? Come join us as we spill the beans and disclose how the (halal) sausage is made. We will discuss pentesting from the perspective of both the client and the consultant. If you're looking to land a job at a consultancy, this talk is for you too. As we peel the curtain and talk through real-world examples, everyone walks out with the magic sauce.
Director of Offensive Security
Director of Cyber Security
Insider Threat Awareness
Individuals entrusted with access to or knowledge of an organization represent potential risks, and include current or former employees or any other person who has been granted access, understanding, or privilege. Trusted insiders commit intentional or unintentional disruptive or harmful acts across all infrastructure sectors and in virtually every organizational setting. Using case studies and incident analysis, this presentation will help you understand the importance of detecting potential insider threat activity and recognizing risk indicators.
Cyber Security Advisor. Cybersecurity Infrastructure
Security Agency, Department of Homeland Security
Improv Comedy as a Social Engineering Tool
Have you ever gotten an “urgent call about your car warranty” or a demand that “you need to pay the IRS by credit card right now”? Social Engineering is the practice of talking your way into or out of situations, and is often employed by the underhanded, but can also be used to defend against those very attacks.
The rules of improv comedy can apply to many social interactions, including bluffing your way to compromise a target. The constantly changing situations of improv are great practice for accepting unexpected circumstances, and happily going with the flow.
Dave Mattingly was a NASA rocket scientist while also a comedy and punk radio DJ. He led a sci-fi and RPG publishing company, while writing anti-terrorism software for DHS. He’s an itinerant preacher, entrepreneur, award-winning speaker, and occasional improv comic. In short, he doesn’t know what he wants to do when he grows up.
Data Master, Tech Speaker, Entreprenerd, OSINT Wonk, Preacher, Publisher, All-Purpose Geek, 413 Experience on Clubhouse
Red Teaming, Pen Testing, Research
This talk will include what is different about red teaming, how to tie it and upgrade your pentesting, working with blue teams,. how to start a detection and engineering Ops team. Developing your purple team from your red team. Simple tricks to upgrade your red team to a response and readiness team.
Director of Offensive Security Innovation, Research and Advanced Testing at OnDefend
Have you tried taking it apart and putting it back together again? An introduction to Hardware Hacking.
With an ever increasing number of gizmos, gadgets, and circuits being produced for widespread consumption, the ability to comprehend the deep mysterious inner workings of electronics is becoming a vital skill set. Get ready to fall down the electron hole as we break down how to break into hacking hardware devices.
Cyber Security Engineer - Red Team at Emerson
From exploiting my smart-home into controlling thousands of smart-devices around the world - Virtual from Tel Aviv, Isreal
In our scenario, thousands of HDL smart devices could have been exploited & remotely controlled in the wild. 4 unique vulnerabilities have been found and presented here - We show how they can be utilized by a sophisticated attacker to stealth-access smart-devices remotely, change, control and take advantage of their data. Also, we show how a full data-extraction of smart-devices managing accounts: private data and credentials could have been extracted as well. This unique attack scenario demonstrates the high-security impact of deploying IoT devices over any organization, especially when using dedicated IoT hardware and proprietary components which are interconnected and even remotely managed. A coordinated responsible disclosure was done and thankful to HDL responsiveness & approach - All was fixed.
Categories: IoT, Security Vulnerabilities, Web-Apps / Application Security
Offensive Security. Founder @ Wild Pointer
Hacker-In-Residence, Advisor YL Ventures
How to Rob a Bank Over the Phone
ROBBING A BANK OVER THE PHONE - HOW AN EXPERT SOCIAL ENGINEER CAN CONVINCE YOU TO DO ANYTHING.
In this intense keynote, Joshua brings the audience along for the ride on one of the most advanced social engineering attacks he's ever executed - robbing a bank over the phone.