Talks at Hack Red Con 2022

Keynote RoundTable Day 1 

Discussion from top security experts on topics like: how to stay positive in the current virtual workplace, how in demand are cyber security jobs, what does the future of cyber security look like, what can someone new do to break into the field. Followed up with a QA from the audience.

zachary stashis.jpg
Speaker TBD
new-linkedin-logo-white-black-png.png
Zach Stashis  Moderator, Founder Hack Red Con & Red Seer Security
IMG_3385.jpg
new-linkedin-logo-white-black-png.png
Charles Shirer
CEO GlobalWave Consulting
new-linkedin-logo-white-black-png.png

Katrina Khanta
Cyber Solutions
Engineer II 

370x370_Ed-Skoudis.jpg
new-linkedin-logo-white-black-png.png
Ed Skoudis
President SANS Institute

War Stories Covert Physical, Wireless, and Red Team Assessments Against Government and Commercial Clients.

For each issue, they'll dive into techniques used to trick security guards into handing over access cards, employees allowing keyloggers to be plugged into systems, bypassing expensive access controls into Data Centers, C-Level executives handing over laptops, and MUCH more.

dark wolf solutions.jpg
new-linkedin-logo-white-black-png.png

Brent White
Covert Entry Specialist

wehackpeople-logo.webp
new-linkedin-logo-white-black-png.png

Tim Roberts
Covert Entry Specialist

Topic TBD

TBD

Jeff Jarecki Volta.jpg
new-linkedin-logo-white-black-png.png

Jeff Jarecki
CISO, Volta

In Rust I Trust Using Rust with the Offensive Mindset

Using the Rust programming language during a penetration test  the success and failures and  what I learned from it. 

IMG_3385.jpg
new-linkedin-logo-white-black-png.png

Charles Shirer
CEO GlobalWave Consulting, Pentester, Senior RedTeamer

Digital Forensics & Incident Response (DFIR) - Mobile Forensics

Katrina Khanta will provide an overview Digital Forensics & Incident Response (DFIR), present her smartphone forensics research, and discuss how you can leverage your current skills to succeed in the Cybersecurity industry. This presentation aims to eliminate self-doubts and inspire the audience to pursue their curiosities through various methods and techniques on how to get started. 

new-linkedin-logo-white-black-png.png

Katrina Khanta
Cyber Solutions Engineer II - The Walt Disney Company | M.Sc. Cybersecurity & IT | Sec+ | Pursuing Doctorate of Science in Cybersecurity

AWS IAM Privilege Escalation Redux

int_eighty_solo_DFW- Dual Core.jpeg
new-linkedin-logo-white-black-png.png

int eighty (of Dual Core)
int eighty (he/him) is a computer crime enthusiast, and the rapper in Dual Core. Occasional memes and hacking content on Twitter as @int0x80.

You have gained access to an AWS account but lack permissions to complete your objectives. You attempt every privilege escalation path documented online, but none of them are successful. The objectives now seem impossibly distant; your battery is low and it’s getting dark.

 

This talk will present a set of IAM privilege escalation paths that I have not seen documented online* accompanied by anecdotes of adventures in cloud security. Attendees will learn new tricks for IAM privilege escalation in AWS along with a methodology for evaluating potential priv esc paths.

Hidden Threat of Social Media - Social Engineering & OSINT

Learn how, terrorists, criminals, and spies, “bad guys” take the seemingly innocuous information your employees post online and use it to compromise your company's network. Specifically, participants will learn how these “bad guys” use this information to create infected e-mails/documents that will compromise your network.  In these instances, it does not matter how robust your IT budget is, because the offender has totally bypassed it.

IMG_0151_JPG.webp
new-linkedin-logo-white-black-png.png

Stacy M. Arruda
FBI - Supervisory Special Agent Retired &
Founder & CEO of Arruda Group

Bootstrapping your AppSec program

Bootstrapping your AppSec program. We dive into what I have learned from being apart of growing AppSec programs with companies like 1Password and Red Canary. We will take a look at secure SDLC, social engineering a culture and leadership that works. Application security is a strange place in InfoSec and I want to make it better and more effective while not hindering business. This talk was a great success at RVAsec this year.

David Girvin.jpg
new-linkedin-logo-white-black-png.png

David Girvin
Security Engineer at Red Canary

Spilling the Beans: How to Spot a Bad Pentest

Ever wondered what the magic is behind a penetration test? Did you receive a pentest report that does not line up with your expectations? Do you want to get more out of your consulting partners or want to know the secret to landing that job at a consulting firm? Come join us as we spill the beans and disclose how the (halal) sausage is made. We will discuss pentesting from the perspective of both the client and the consultant. If you're looking to land a job at a consultancy, this talk is for you too. As we peel the curtain and talk through real-world examples, everyone walks out with the magic sauce.

happy alp.jpg
new-linkedin-logo-white-black-png.png

Qasim Ijaz
Director of Offensive Security

aveanna healthcare.png
new-linkedin-logo-white-black-png.png

Andrew Clinton
Director of Cyber Security

Malware Research & Reverse Engineering, Elastic Security, Threat Hunter, Detection, SecOps - Talk TBD
Virtual

TBD

tnisha.jpg
new-linkedin-logo-white-black-png.png

Tennisha Martin
Founder Black Girls Hack, Advisory Board Member RaicesCyberOrg, CEO of BGH Security Corporation

Insider Threat Awareness

Individuals entrusted with access to or knowledge of an organization represent potential risks, and include current or former employees or any other person who has been granted access, understanding, or privilege. Trusted insiders commit intentional or unintentional disruptive or harmful acts across all infrastructure sectors and in virtually every organizational setting. Using case studies and incident analysis, this presentation will help you understand the importance of detecting potential insider threat activity and recognizing risk indicators.  

CISA_Logo.png
new-linkedin-logo-white-black-png.png

Colin Glover
Cyber Security Advisor. Cybersecurity Infrastructure
Security Agency, Department of Homeland Security 

Talk about Infosec, Redteam, Pentesting, Cybersecurity, and Offensive Security - Talk Topic TBD

TBD

tyler robinson.jpg
new-linkedin-logo-white-black-png.png

Tyler Robinson
Managing Director of Offensive Security & Research at Trimarc

The Intersection of Control Systems and Privacy Data, Security. - Talk Topic TBD

TBD

kelli Tarala.jpg
new-linkedin-logo-white-black-png.png

Kelli Tarala
Principal and Founder of Enclave Security, SANS Athuthor and Instructor

Improv Comedy as a Social Engineering Tool

Have you ever gotten an “urgent call about your car warranty” or a demand that “you need to pay the IRS by credit card right now”? Social Engineering is the practice of talking your way into or out of situations, and is often employed by the underhanded, but can also be used to defend against those very attacks.

 

The rules of improv comedy can apply to many social interactions, including bluffing your way to compromise a target. The constantly changing situations of improv are great practice for accepting unexpected circumstances, and happily going with the flow.

 

Dave Mattingly was a NASA rocket scientist while also a comedy and punk radio DJ. He led a sci-fi and RPG publishing company, while writing anti-terrorism software for DHS. He’s an itinerant preacher, entrepreneur, award-winning speaker, and occasional improv comic. In short, he doesn’t know what he wants to do when he grows up.

dave mattingly.jpg
new-linkedin-logo-white-black-png.png

Dave Mattingly
Data Master, Tech Speaker, Entreprenerd, OSINT Wonk, Preacher, Publisher, All-Purpose Geek, 413 Experience on Clubhouse 

Red Teaming, Pen Testing, Research

This talk will include what is different about red teaming, how to tie it and upgrade your pentesting, working with blue teams,. how to start a detection and engineering Ops team. Developing your purple team from your red team. Simple tricks to upgrade your red team to a response and readiness team.

Joe Headshot Version 1 (1).JPG
1906_BlindHacker_Hoodie.jpg
new-linkedin-logo-white-black-png.png

Joe Brinkley
Director of Offensive Security Innovation,  Research and Advanced Testing at OnDefend

Threat Analysis - Talk TBD

TBD

Clint Walker.jpg
CISA_Logo.png
new-linkedin-logo-white-black-png.png

Klint Walker
Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency, U.S. DHS

Have you tried taking it apart and putting it back together again? An introduction to Hardware Hacking.

With an ever increasing number of gizmos, gadgets, and circuits being produced for widespread consumption, the ability to comprehend the deep mysterious inner workings of electronics is becoming a vital skill set. Get ready to fall down the electron hole as we break down how to break into hacking hardware devices.

Sparkles.jpg
new-linkedin-logo-white-black-png.png

Sparkles
Cyber Security Engineer - Red Team at Emerson

Purple Team Talk - TBD

TBD

Alex Kot.jpg
new-linkedin-logo-white-black-png.png

Alex Kot
AVP of Cyber Security at Aveanna Healthcare

From exploiting my smart-home into controlling thousands of smart-devices around the world - Virtual from Tel Aviv, Isreal

 In our scenario, thousands of HDL smart devices could have been exploited & remotely controlled in the wild. 4 unique vulnerabilities have been found and presented here - We show how they can be utilized by a sophisticated attacker to stealth-access smart-devices remotely, change, control and take advantage of their data. Also, we show how a full data-extraction of smart-devices managing accounts: private data and credentials could have been extracted as well. This unique attack scenario demonstrates the high-security impact of deploying IoT devices over any organization, especially when using dedicated IoT hardware and proprietary components which are interconnected and even remotely managed. A coordinated responsible disclosure was done and thankful to HDL responsiveness & approach - All was fixed.

Categories: IoT, Security Vulnerabilities, Web-Apps / Application Security

Barak Steinberg.jpg
new-linkedin-logo-white-black-png.png

Barak Sternberg
Offensive Security. Founder @ Wild Pointer
Hacker-In-Residence, Advisor YL Ventures

How to Rob a Bank Over the Phone

ROBBING A BANK OVER THE PHONE - HOW AN EXPERT SOCIAL ENGINEER CAN CONVINCE YOU TO DO ANYTHING.

In this intense keynote, Joshua brings the audience along for the ride on one of the most advanced social engineering attacks he's ever executed - robbing a bank over the phone.

Joshua C.jpg
new-linkedin-logo-white-black-png.png

Joshua Crumbaugh
CEO & Chief Hacking Officer PhishFirewall