Speakers
Alex Useche – Pragmatic Program Analysis – Demystifying Static Analysis for Security Research
Angelina Tsuboi (G4LXY) – Reverse Engineering Satellite Communications
Bronwen Aker (Corvus) – LLM Prompt Engineering: A Toolkit for Hackers and Other Geeks
cesi0 – My Pal Rubeus
Daryll Strauss – Kubernetes Security — What not to do
Davie – Automating DNS-01 The Less Lazy Way (with acme-dns)
Jack Baker – Evil ELFs and Dishonest DWARFs – Breaking Analysis Tools using Malicious Symbols
Kody Kinzie – Beginner Microcontroller Education: Teach Ethical Hacking On A Budget
Merlin Corey – SOARing Snakes: Python for Security Orchestration Automation and Response
Nathaniel Singer – Introduction to RF Demodulation
Sanjana Sarda (meap) – Everything Wrong with “AI” Security
vyrus – The Silver Bullet Ecosystem and You!
Pragmatic Program Analysis – Demystifying Static Analysis for Security Research
Alex Useche
Program analysis, the examination of computer code to understand its behavior, is essential in developing Static Application Security Testing (SAST) tools that identify security vulnerabilities without executing the code. Static analysis tools are incredibly useful in application security. However, the typical program analysis literature is blurred with complex mathematical notations and formulas, intimidating even seasoned programmers. Moreover, much of the knowledge about building tools for examining code is buried in academic jargon. Yet, practical program analysis can be straightforward and accessible. You don’t need a PhD to start developing tools that leverage program analysis techniques for uncovering vulnerabilities, modeling systems, and automating threat modeling and attack enumeration by analyzing source code. This talk aims to demystify the art of static analysis. We will talk about modern tools like Semgrep and CodeQL, and will learn how static analysis tools go with a special focus on Go. By the end of this session you will learn about modern static analysis tools like Semgrep and CodeQL and how you can use them for discovering new vulnerabilities. You’ll have a clearer understanding of how static analysis tools function so you can better evaluate SAST tools You’ll learn about various static analysis techniques, including Abstract Syntax Tree parsing, control flow analysis, and taint analysis. We’ll explore how static analysis extends beyond finding bugs to automating threat modeling and attack surface enumeration, illustrating many of the concepts mentioned above. Join us to navigate the world of static analysis and empower your hacking skills!
Alex Useche is a security senior staff security engineer at FullStory. He has worked at companies like Trail of Bits, where he was the director of application security, and has written code for companies like Disney and Dell. Alex specializes in static analysis, application security, and Go
(^Top)
Reverse Engineering Satellite Communications
Angelina Tsuboi (G4LXY)
This aerospace cybersecurity themed talk will cover the fundamental concepts and tools required for reverse engineering satellite communications. Participants will be guided through a step-by-step process, covering the essentials of demodulating, decoding, and organizing data transmitted via satellite downlinks. From extracting weather imagery from remote sensing NOAA satellites to intercepting telemetry and communication data from amateur radio satellites, the presentation will demonstrate the practical application of tools like GNURadio and Wireshark alongside covering cybersecurity topics such as packet dissection, decoding, and more.
Angelina Tsuboi is a software developer and an aerospace cybersecurity instructor focusing on satellite systems. With over a decade of programming and development experience in addition to being a scientific researcher for NASA, she has been involved in numerous aeronautical and space-focused security initiatives for a wide range of applications ranging from drones, aircraft, and satellites. Driven by her passion for teaching, Angelina finds joy in simplifying complex subjects such as aerospace, cybersecurity, and programming to empower her students, Angelina focuses on ensuring that her students can readily apply the acquired skills to their professional and personal endeavors. Angelina is also the founder of Stellaryx Labs, a consultation, education, and development services company at the nexus of software, security, and aerospace. To learn more about her work, visit her website: angelinatsuboi.com
(^Top)
LLM Prompt Engineering: A Toolkit for Hackers and Other Geeks
Bronwen Aker (Corvus)
Are you harnessing the full potential of Large Language Models (LLMs) in your cybersecurity strategies? Embark on a journey to explore the capabilities and inner workings of today’s leading LLMs, including ChatGPT, BERT, and others. Discover how precise prompts can help you streamline tasks like drafting security policies, searching for information about CVEs, scripting in Python, and more. By perfecting your prompt engineering skills, you can enhance your ability to command AI, turning complex queries into clear, actionable insights. Are you ready to unlock the full potential of LLMs?
Corvus (aka Bronwen Aker) (M.S. Cybersecurity, GSEC, GCIH, GCFE) likes to describe herself as a “constantly evolving geek.” She has worked with computers since elementary school when she was introduced to FORTRAN programming using bubble cards. These days, Bronwen works for Black Hills Information Security (BHIS) as a technical editor, AI researcher, and general plate-spinner, reading and editing pentest reports, giving webinars, writing blogs, and doing various other things here and there.
(^Top)
cesi0
Come with us as we adventure into the forest as we tame the three-headed beast to request, forge, harvest, and roast our way to elevated privileges.First there was kekeo. now there’s Rubeus. My new best friend. Rubeus is a toolkit developed to facilitate Kerberos interaction (and exploitation). In this talk, I’ll be covering the various attacks Rubeus has implemented, from requesting, extracting, harvesting, and forging tickets to abusing delegation and kerberoasting. If there’s time, we might even be able to cover detections!
As a 15 year veteran of the security industry, I’ve lead forensic investigations, red team exercises, and currently hunt for threats for a a managed detection provider. However, you can find me happiest while painting minis, in my garden, or bouldering.
(^Top)
Kubernetes Security — What not to do
Daryll Strauss
Kubernetes automates the deployment, scaling, and management of containerized applications. The complexity of handling all these aspects makes it a challenge to properly configure all the aspects securely. This talk will discuss security models in Kubernetes and how to correctly implement them with an eye towards anti-patterns that can lead to security issues.
Daryll has been a technologist in the top facilities in Hollywood for the last 30 years. His software has helped to create hundreds of feature films and television series. He has been credited for his work in two academy award winning films. He has contributed to Linux and open source projects since 1995. He is currently consulting for Movie Labs to implement a zero trust security architecture for content production.
(^Top)
Automating DNS-01 The Less Lazy Way (with acme-dns)
Davie
The ACME protocol used by Let’s Encrypt and other Certificate Authorities is used for domain ownership validation and distributing zero-cost TLS certificates. While the HTTP-01 Challenge can be the easiest to deploy, the DNS-01 Challenge can be used to procure a certificate for non-HTTP services, internal services, or services requiring a wildcard certificate. However, automating the DNS-01 challenge requires a compatible DNS hosting service with an API, and may require storing your password or API credentials in cleartext on every server that you automate. The acme-dns project provides an alternate way to automate the DNS-01 challenge with any DNS hosting service, on a per-domain basis, while eliminating the need for administrative API credentials. It’s extremely useful for Homelab users, but may also have a place in corporate environments without public-facing services.https://github.com/joohoi/acme-dns
Davie wasn’t so much born as assembled in the Cisco factory. After a rogue network engineer gave him life, Davie set about finding his purpose in the real world. Traversing from subnet to subnet, he is always looking for new ways that he can bring his networks together, both IRL and on the net. His hobbies include building crazy live disks, ferret racing, and hanging out in trashcans.
(^Top)
Evil ELFs and Dishonest DWARFs – Breaking Analysis Tools using Malicious Symbols
Jack Baker
This talk will detail several practical examples of frustrating reverse engineering using crafted symbols and DWARF debug information. To do this, we’ll dive into the internals of reverse engineering tools such as IDA Pro, Ghidra, and radare2 and discuss the various ways that ELFs store symbols. Topics include:altering automated program analysis using forged symbols; breaking debuggers using crafted DWARF bytecode; altering program flow based on the status of symbols on a binary
Professional nuisance with too many IDA licenses
(^Top)
Beginner Microcontroller Education: Teach Ethical Hacking On A Budget
Kody Kinzie
Join Kody Kinzie for a talk on using microcontrollers for ethical hacking education! From his personal journey in hardware hacking to innovative teaching methods, Kody covers key challenges in microcontroller instruction, the transformative role of WebSerial and user-friendly languages like CircuitPython, and introduces the Nugget – a beginner-friendly microcontroller. Discover practical insights into the trade-offs of selecting and using devices like the ESP8266, Pi Pico, and ESP32s2 for educational purposes. The session concludes with real-world applications from hackerspaces and educational programs, offering a valuable perspective into the usefulness of low-cost microcontrollers for both hackers and educators.
I’m a security researcher who specializes in open-source intelligence and Wi-Fi security. I teach cybersecurity to beginners on two popular YouTube channels called Hak5 and Null Byte, as well as organizing cybersecurity training and outreach events. I’m currently the host of the Hacking with Friends show on the SecurityFWD YouTube channel. I also enjoy putting together workshops on cybersecurity, computer science, and electrical engineering.
(^Top)
SOARing Snakes: Python for Security Orchestration Automation and Response
Merlin Corey
Evolution took millions of years to produce flying snakes that glide from the tops of trees, but to make a snake SOAR you only need Python on your computer. Focusing on using Python for Security Orchestration Automation and Response (SOAR), Merlin will talk about the what, why, and how Python can be used to implement SOAR processes. SOAR platforms of the commercial and open source variety will be compared and contrasted based on their Python integrations. Even if your organization does not yet have a centralized SOAR platform, Merlin will explain how you can engage in a local-first SOAR process using just Python to get and show value to your organization.
Merlin is a wizard who provides magical solutions in Engineering for Security, Software, Systems, Networking, and occasionally Hardware
(^Top)
Introduction to RF Demodulation
Nathaniel Singer
Over the last couple of years, I’ve been learning about and experimenting with how to take energy out of the air and convert it back into the original bitstream (the 1’s and 0’s; the data). This talk is a collection of that knowledge and walks through the signal identification and demodulation process, specifically for OOK in automotive key fobs. If this sounds interesting, you only need to bring your curiosity, no prior knowledge in the world of wireless data transmission. The first portion of this talk is brief primer in RF theory. This will be followed by a discussion of the hardware required to start doing this yourself and some practical demos against modern Chrysler and Honda key fobs going from pressing a button to seeing 1’s and 0’s on a screen. The last phase of this talk is a discussion of the current state of automotive security and interesting future areas of research where this learned knowledge can be applied.
Nate Singer is an experienced security engineer currently working primarily on cloud and web security for a large US-based silicon-valley tech company. He is interested in a variety of areas of technology, but has most recently been interested in cloud computing security and the integration of Large Language Models (LLMs). A recent core focus has been the secure usability of LLMs in vulnerability research and broader applications. At a much lower level, he continues to do some reversing and binary exploitation work, and if you find him at the conference feel free to ask about the 8-bit 16B computer he is building on breadboards.
(^Top)
Everything Wrong with “AI” Security
Sanjana Sarda (meap)
Have you ever wondered what attacks on “AI” systems look like in the wild, what real adversaries care about (hint: it’s not prompt injection), and why security researchers love MLOps software? In this talk we will discuss the standard ML development cycle and how to effectively attack each stage with both real world examples and overhyped “attacks”. We will also cover a comprehensive analysis of exploits and vulnerability classifications and discuss strategies for mitigating supply chain risks, paving the way for a more secure and resilient “AI” ecosystem.
Sanjana currently leads Offensive Security efforts at an autonomous robot startup after focusing on security and privacy for ML systems at Stanford. Her research has previously been featured in Forbes and Vice’s Motherboard and she has given talks at DEFCON, BSides, and Bumble (no comment).
(^Top)
The Silver Bullet Ecosystem and You!
vyrus
A historical account of how the Silver Bullet ecosystem evolved, and how to find the versions of it that are likely pwning you during this talk. Don’t know what the Silver Bullet ecosystem is? You should come to this talk!
Vyrus is a grumpy young man with an even grumpier old soul who yells at clouds. The things he yells at the aforementioned clouds about include but are not limited to: threat intelligence, genetic – self proliferating – environmentally encrypted malware tradecraft, adversary engagement, and all things “cyber” automation.
(^Top)