Talks

3D printing canister-launchable drones for city-scale wardriving

Ever wanted to deploy a drone from a grenade launcher? A lot of drones were harmed in the making of this talk. This talk will demonstrate a process for designing and 3D printing your own canister launched drones. Canister launched drones are compact and portable, however conventional designs lack sufficient wing area and deployment mechanisms, making payload capacity and flight times far lower than they could be. I’ve created a concept that makes use of low weight, high tensile fabric wings which allows small drones, such as the 40mm diameter unit depicted below, to have practical on-site flight times while carrying a useful payload.

More Details

5G: Security Pitfalls and Considerations

5G networks leverage cutting-edge technologies such as software-defined networking (SDN) and network functions virtualization (NFV) to meet the requirements of broadband access everywhere. SDN and NFV in turn leverage advances in cloud technologies such as mobile edge computing (MEC) to meet ease of integration requirements. However, securely using these technologies and maintaining user privacy in future wireless networks are concerns that have not been adequately addressed. This talk provides an overview of security and user privacy challenges associated with cloud computing, SDN and NFV.

More Details

A Few Things Right: Insights from Live and Simulated Incident Response

While we continue to support the concepts of compliance, defense, governance, and prevention, it’s time to shift our focus beyond those measures with more emphasis on strategic response to incidents. This talk offers real stories of failure and practical, quick-win lessons on how to be prepared to respond quickly, accurately, and confidently when incidents occur. Because they will occur. Doing a few, important things well means opening our hearts and minds to a new way of thinking and learning about each other and what it means to be prepared for a crisis.

More Details

A Theme of Fear: Hacking the Paradigm

The InfoSec industry was born out of fear. Initially it was fear from virus infections and later, external attacks. We capitalized on that fear to build more secure environments. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. This talk will take a look at the history of fear in InfoSec, explore how its impact has shaped the industry, and how it is now getting in the way.

More Details

Beginning DFIR – How to get started with Cooties

Can you learn DFIR in less than an hour? No – our goal is to familiarize you with some of the freely available, open source tools. In addition, we’ll discuss some of the methods to use these tools to analyze files and systems. Covered will be beginning Remnux, SIFT workstation, Eric Zimmerman’s excellent tool suite, and others. SPEAKER Lisa Wallace

More Details

Behind The Locked Door: we built an escape room for security awareness

People want to attend our internal security awareness and training programs. In fact, we ran out of slots and had to turn colleagues away! We did it on a budget, too. We created an infosec-themed escape room which was educational, fun, cheap, and got great reviews. We’ll share what worked, what can be improved, and publish some of our awareness materials and puzzles along with this talk. SPEAKER Christian Bobadilla

More Details

Call Of Duty, Modernest Browser Warfare v2

The talk I will be presenting is entirely my own work of research. While identifying vulnerabilities in web applications and participate in various bug bounty programs is interesting, I enjoy targeting platforms which are less popular as research topics. Having said that, while security for browsers is a known topic, I’ve been able to identify, through my research, several vulnerabilities which will help to secure it further. The issues I will be talking about during this talk would be – Same Origin Policy(SOP), Remote Code Execution(RCE) and Address Bar Spoofing (ABS).

More Details

Catching the Guerrilla: Powershell Counterinsurgency

For too long attackers have leveraged the built-in APIs and tooling on Windows systems against us. It’s time the tables are turned! Those APIs were made for Sys Admins and defenders… and we’re taking them back! We’re building a framework of response tools for defenders to wrestle control from threat actors without the risk of production outages. This talk will focus on techniques to turn the limited and traditional black-and-white incident response options into a full-color spectrum of alternatives for defending your turf.

More Details

Cons & Careers

“If you compete with others, you may not win. If you compete with yourself, you always win by becoming better.” ― Debasish Mridha PURPOSE: Demonstrate the possibilities of career enhancement by making use of the wide variety of conferences, conventions, and events that are put on in the wider Information Security community When I got my first job out in the real world, I thought: this is it: All I’m ever going to need to know for my career, for my job.

More Details

Container Security Deep Dive

Containers are the next big thing in virtualization technology. If configured properly they provide immense security. There are many different segments where a container deployment needs to be secured like Dockerfile , docker daemon, container images , monitoring within containers etc. Attending this talk will help you secure your deployments the container way. I will start this talk with a brief intro to containers, talk about how a typical container deployment pipeline looks like.

More Details