Cary Hooper is an offensive security engineer working for a Fortune 500 institution. Cary is a combat veteran and graduate of the United States Military Academy at West Point. He lead technical and non-technical teams within the Army Engineer Corps and Cyber Command. Cary’s certifications include CISSP, OSCE, OSCP, and OSWE.
- Intro to HTTP and De-Sync Attacks
Chip Thornsburg is the Program Coordinator for the Cyber Defense program at NE Lakeview College in San Antonio. Chip is responsible for developing curriculum and establishing hands-on lab projects to train the next generation of Cyber workers. Chip retains his status as a Master Peace Officer in Texas, Special Deputy U.S. Marshall, and Electronic Crimes Investigator for the City of Helotes. He has conducted cyber investigations for more than 10 years and is a member of the High Technology Crime Investigation Association and the US Secret Service: Electronic Crime Task Force.
Chip began his Infosec quest in the 1980’s launching a consulting business in 1996. Informal education was found online in BBS systems and IRC channels and at conferences like Nolacon, Blackhat and 2600 meetings. He obtained formal degrees from South Texas Junior College, San Antonio College, Texas A&M San Antonio and an MBA from Texas A&M Corpus Christi.
- How I got Hacked and So Can You!
Christopher Doege is a professional Reverse Engineer and Vulnerability Researcher that has been intrigued with software security for a long time. In his free time he enjoys CTFs, video game hacking, and checking out new technologies to work with.
If you're every looking for a mentor to help you along your way to doing reverse engineering, vulnerability research, or other cyber security related topics feel free to reach out to me.
- Intro to Reverse Engineering with Ghidra: Taming the Dragon
David works as a security architect at Microsoft, helping Microsoft partners learn and deploy the latest Microsoft security technologies in Microsoft 365 and Azure. He is currently focused on Azure Sentinel and Microsoft 365 Defender technologies, and how to implement them correctly in customer environments. David holds numerous certifications, including CISSP, GISP, GSEC, GCED, GCWN, GCIH, GMOB and a bunch of Microsoft certifications.
- Getting Burned by Solar Winds - and How to Hunt for it in a Microsoft Network
Senior security engineer at a rapidly growing startup focused on application and cloud security. Previous roles include building a security program from the ground up and working at a satellite telecommunications company. Previously worked in product management. Degrees from Texas A&M and (soon) Georgia Tech.
- Beg, Borrow, and Steal: Growing a Security Program From 1 to n
Duncan McAlynn is an award-winning InfoSec professional with over 25 years of experience consulting Fortune 500 organizations and government agencies on enterprise management & cybersecurity.
He is a published author, technical editor, industry columnist, keynote speaker and has obtained a number of certifications & awards throughout his career.
In 2017, he established a technical content development & research firm, Operandis, and works with some of the industry’s notable brands & startups to help them better communicate with their target audiences.
Most recently he has successfully completed the inaugural Harvard University Cybersecurity Risk Management program. Duncan is an active member in his local ISSA, ISACA & FBI InfraGard chapters, as well as a supporter of Security BSides events throughout his home state of Texas and around the globe.
When not working, Duncan, his wife Carol and their dog enjoy the freedom of living the #RVLife while exploring this great country.
- A Look Inside Incident Response Planning
Edward Wu leads AI/ML and detection capabilities at ExtraHop Networks. He specializes in the intersection of machine learning, software engineering, and cybersecurity, and has built innovative next-gen technology for behavioral attack detection, automated security operation, network/application monitoring, and cloud workload security from scratch. He holds 10+ patents in ML and cybersecurity, co-authored 3 papers in top academic security conferences, and is a contributor to MITRE ATT&CK framework. Prior to Extrahop, he worked in automated binary analysis and software defenses at UW Seattle and UC Berkeley.
- Hype and Reality: Practical advices for implementing and evaluating AI/ML for Cybersecurity
Currently serving as the Manager of Technical Services for Seiso, LLC. a Pittsburgh based cybersecurity, governance, risk, and compliance company. Known by ericlandmine via Twitter. Run/Own/Operate the Reddup Security podcast. BSidesPGH Organizer. Long time fan, long time attendee of various BSides conferences.
- Insane in the Computer Brain
I've been working Principal Security Engineer and Security Researcher at Zup Innovation, Global Research Manager at Hacker Security, Staff of DEFCON Group São Paulo-Brazil, I have talked in Security events in US, Germany, Poland, Hungary, Czech Republic, Brazil and others countries, served as University Professor in graduation and MBA courses at colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I'm Founder and Instructor of the Course - Malware Analysis - Fundamentals (HackerSec Company - Online Course).
- Improve the identification of vulnerabilities in your project with just few commands.
In the last 20 years I had researched and innovated in variety of security domains, including web application security, advanced persistent threats, DRM systems, automotive systems, data security and more. While thinking as an attacker is my second nature, my first nature is problem solving and algorithm development - in the past in cryptography and watermarking, and today mostly around harnessing ML/AI technology to solve security-related problems. While I am fascinated with bleeding edge technologies like AI and federated learning and the opportunities these technologies unlock, as a security veteran I am also continuously asking what can go wrong and the answer is never NULL.
I am the inventor of 20 patents in security, cryptography, data science and privacy-preserving computation arenas. I hold an M. Sc. in Applied Math and Computer Science from the Weizmann Institute.
- AI in a Minefield: Learning from Poisoned Data
Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project and author of the Purple Team Exercise Framework. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years.
He also co-authored Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, and author of Microsoft Windows 7 Administrator’s Reference. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science. Jorge speaks English, Spanish, and Portuguese, in decreasing levels of fluency.
- Operationalizing Purple Team
Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Seattle area.
- Honey, I'm Home! (customizing honeypots for fun and !profit)
Best known as the co-organizer of Car Hacking Village and serial volunteer across our community, Kirsten has been recruiting in infosec since 2010. After a brief spell programming and running help desks, she settled into recruiting the best of the best, and specializes in the hacking community.
- Who cares if the job description stinks!
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic for NCC Group. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael presents at many security and technology conferences helping to educate on security that attendees can go back to work and actually do. Michael is a primary contributor to the Open Source project ARTHIR. Michael is also co-developer of LOG-MD, a free and premium tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael is co-host of “THE Incident Response Podcast”. In addition Michael also ran BSides Texas entity (Austin, San Antonio, Dallas and Houston) for six years and lead for the Austin Conference.
- Incident Response Fails – What we see with our clients, and their fails, preparation will save you a ton of $$$, heartache, maybe your sanity and job
Nick Sweet is a Certified Information Systems Security Professional (CISSP) with more than 10 years of experience in public and private sector cybersecurity and risk management. His areas of expertise are in security operations, penetration testing, network security, and risk management.
Prior to joining Avertium, Nick lead incident response, threat intelligence, and vulnerability management at Nielsen, lead organizational change across the Department of Energy regarding full disk encryption adoption at the Oak Ridge National Laboratory, and worked at the University of Tennessee’s statewide education system as a senior security analyst.
With a genuine passion for cybersecurity and leadership, Nick enjoys working with his teams to improve customers’ security posture by challenging their established norms.
- “Pretty” Easy Threat Hunting
Nikki Robinson, DSc is a Senior Cyber Engineer by day with XLA, and an Adjunct Professor at Capitol Technology University in the evenings. Her main passions include vulnerability management, continuous monitoring, and improving IT and Security relationships. She love to blend academic research, real-life technical experience, and leadership principles into presentations. She also holds multiple industry certifications, including CISSP and CEH.
- But what about those medium and low vulnerabilities!?
Ochaun (pronounced O-shawn) Marshall is a developer and security consultant with a background in computer science education and machine learning. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people's web applications. When he is not swallowing gallons of the DevOps Kool-Aid, he can be found blasting Two Steps from Hell while hacking, blogging, and coding.
- The OPSEC of Protesting
Security Researcher at Imperva for the last 3 years & 2 years as a database security & compliance expert.
Experience with web application vulnerability research & analysis,
Database Security & Web Application Security,
Data & Information Security, Compliance and Regulations,
Risk Management, Vulnerability Assessments and Scanning.
- CrimeOps of the KashmirBlack Botnet
Dr. Paolo Di Prodi has a software engineer background with a PhD in machine learning.
He has worked as a senior data scientist for Microsoft and Fortinet in the cyber security domain.
His current research focus includes differential privacy, privacy preserving machine learning and cyber insurance.
He is also one of the contributors behind the EPSS scoring system which is a similar score to the CVSS with the aim to predict when a vulnerability will be exploited.
- Why cyber insurance is broken and what we should do about it
I am a IT security professional with over 25 years of IT experience. Currently, I am employed at a San Antonio financial institution where I work as a Security Janitor cleaning Windows.
- Master "The Interview"
Payton joined the Open Security team after completion of the Applied Cybersecurity Undergraduate Program at the SANS Institute of Technology. Having sharpened his pen-testing skillset and garnering recognition across the industry through his participation in various Capture-The-Flag competitions, Payton quickly set himself apart as a highly motivated self-starter. His experience in Web Application Development and offensive methodologies provide valuable insight to each of his engagements.
- Advanced Phishing Threat (APT) - Exploiting Modern Features
- Common Cloud Vulnerabilities with Walkthroughs
Brazilian, certified C|EH, having begun his studies about Information Security 13 years ago, and passed 10 years has realized projects of Application/Infrastructure Penetration Test, Security Analysis, Code Review and Hardening for industries such as: Telecommunications, Aviation, Financial Institutions, Information Technology and Mining.
In his free time like of research and practice news techniques of Attack and something of Reverse Engineering.
HITB - Hack In The Box UAE - 2020 - Fuzzing: Finding Your Own Bugs and 0days!
MorterueloCON 2021 - Spain
From SEH Overwrite to Get a Shell - Pentest Magazine
Covert Channel Technique Explained - Pentest Magazine
From Fuzzing to Get a Shell – Pentest Magazine
Stack Overflow - Hakin9 Magazine
- Fuzzing: Finding Your Own Bugs and 0days!
Rose is a GRC Consultant with Seiso, LLC. Prior to joining the Seiso team, she worked as a Third-Party Management Lead at a major retailer. Within this program, she developed a comprehensive framework and evaluation process to assess vendors, as well as integrated automation with a cloud platform. Rose has a diverse IT and Security background spanning over 13 years' in network security/administration, enterprise vendor risk management, and security awareness program development and implementation. She brings over 8 years of experience from her time spent in the Navy as an Information System Technician. Rose also has her M.S. in Cyber Security and Information Assurance and a B.S. in Advanced Networking. Her industry experience spans health care, federal government, and retail.
- Lessons Learned - Crash Course in Information Security Management System Implementation
Security researcher at Imperva for the last 5 years in web application and cloud data security and for 5 years as a security analyst.
Analyse CVEs and threats in web applications and cloud environments.
Develop algorithms to detect and protect against attacks.
- CrimeOps of the KashmirBlack Botnet
My name is Venkatraman K (goes by r3dw0lf_sec handle ), a passionate Information Security enhtuiast from India. I’m currently working as Security Analyst in a Cyber Security Startup. With over 3 years
working in the different subdomains of cyber security, I constantly find myself engaged with
learning, reading, discussing info-sec, participate in the CTF Challenges, conducting
workshops and webniars on cybersecurity, participating in bug bounty programs, writing
blogs and spent my weekend nights solving Hackthebox Challenges. I am specialized in Red Teaming and Active Directory exploitation. Follow my blog (r3dw0lfsec.in) for awesome Infosec Articles.
- Understanding and Attacking Delegations in Active Directory
Prior to joining Accenture as a Senior Cybersecurity Consultant, Will has a solid foundation of applying innovative cyber solutions to the public and private sector. During his time in public service, he identified new cyber methods and capabilities to mitigate risk to U.S. personnel and facilities during the Global War on Terror. In the private sector, Will has performed e-discovery, data recovery, mobile forensic analysis and fatal automobile incident reconstruction. Will is often interviewed by radio and television news sources as a mobile forensic subject matter expert,
Will has appeared as a speaker at DefCon 2019, BSidesLV, BSides Detroit, BSides Tampa, Diana Initiative, BSidesSATX2020, CarolinaCon, PancakesCon2, HTCIA, Techno-Forensic Denver, NATO HQS and CANSOFCOM,. He serves as a OpSec/OSINT/Digital Forensic advisor to Operation Safe Escape, providing assistance to domestic abuse victims seeking to cut ties to their abuser.
- Detecting the insider threat: it's not magic