What's it look like when someone spends hours fine-tuning llama 3.1 to be the most destructive hacking robot the world has ever seen, with a pure goal of causing damage, with no safeguards? Are we ready for that? Not a pentesting bot with guardrails; a harbinger of chaos, tasked only with spreading.
This talk will explore the hidden access patterns to the crown jewels, including most-common access patterns, hidden paths and popular backdoors left by engineers to get their jobs done. We will discuss practical tips to understand the problem and work on removing the hidden access paths.
As Netflix enters live streaming, fraud prevention stakes rise significantly. This talk offers an insider's view of strategies and challenges in tackling fraud during live events, focusing on preparing for the unpredictable and maintaining robust defenses amidst this unpredictability.
I’ve been working in security ops for 20 years. Most SOCs struggle because of one big mistake: don’t let this happen to you. I will step you through how to organize a SOC: what should go in it, what should probably stay out, and what your SOC will look like if you get it right.
So you've just battled a dragon: how quickly and effectively can you fight the next one? We dive into Resiliency by Design for an AI search / chat product - based on considerations like uptime, disaster recovery, availability, fault testing etc, while meeting audit/compliance & privacy regulations.
Are you aspiring to break into cybersecurity or looking to take your career to the next level but don’t have a mentor to guide you? This talk is for you. We'll dive into practical advice to guide your career journey, based on real-world questions asked by my mentees.
Hybrid environments complicate network egress. Learn how Block centralized network egress policies and ensured consistent deployment of rules across diverse enforcement endpoints—regardless of type or location—enabling secure, scalable, and streamlined outbound traffic management.
New specializations have emerged in this AI-adoring age, but where does that leave security practitioners? Good news: if you know web application security, you can secure AI uses too. This talk examines normal web app security issues relevant to any LLM-based app—and the handful unique to AI.
A unique name server linked to Iran-nexus cyber activity reveals a broader set of malicious name servers with potential nation-state tires. Learn how passive DNS data connects a single typosquatting domain to multiple name servers being used to for malware distribution.
Network security is important, but what about the networks that serve your network?
In this talk I go over my methodology and findings performing a security audit of some local ISPs. I’ll outline how simple vulnerabilities and configuration mistakes are still making it to these production networks,
Imagine a cybercriminal accessing your network with credentials bought on the dark web—they walk in unnoticed. Attackers aren't breaking in—they're logging in. With 80% of attacks involving stolen credentials, discover how Automated Credential Threat Monitoring (ACT) keeps you ahead of threats
Enterprise AI search tools like Glean and Guru aggregate all your company’s data into a single, easy-to-navigate interface. Think of it as Google, but for juicy, sensitive corporate information. In this session, we’ll explore effective threat modeling and controls when deploying these tools.
The Russian hacktivist group Killnet was a cyber army directed by a few to cause harm. With a checkered history and inconsistent behaviors, deciphering who is behind this group was challenging, but we’ll lift this veil and share a personal story of disrupting and unbalancing Killnet into chaos.
GraphQL APIs offer flexibility and efficiency but often introduce security risks that remain hidden in the shadows. In this session, we’ll share findings from scanning GraphQL APIs, revealing vulnerabilities like schema leaks, brute-force risks, and GraphQL-specific "bomb" attacks.
Anyone can build simple LLM–based tools that streamline security tasks. Join us to learn how, with short prompts and very little code, you can do more with less by automating IAM, threat detection, and vuln management workflows. Get tips and prebuilt used-in-prod examples to play with on your own.
LOL - a lot less funny than it sounds - (living off the land) attacks have been around for several years, now it is time for LOC (living off the cloud) attacks. With cloud services becoming a core part of engineering today, it is no wonder attackers see this as a high-value attack vector.
For the last 6 years we have been tracking the activities of the cyber-mercenaries Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain insights into their activities and targets and see just how effective they actually are despite it all
When an outside threat becomes an insider threat, are your hiring practices prepared to catch it? In this session, you’ll learn how to examine the tactics of fraudulent job seekers and how to collaborate with talent teams to secure your hiring pipeline *and* protect your organization.
If you see a phishing email or domain that’s a public IoC, it’s already too late. Our research team’s approach to threat detection finds more DNS artifacts and adversary infrastructure as they are created and maps intent before it can be weaponized. This session will show how you can do the same.
In the vast sea of security data, how do we efficiently find malicious activity and turn it into actionable intelligence? This presentation introduces data-driven detection engineering, showcasing a data-first approach to building detection rules and threat feeds.
We monitored public changelogs of popular open-source projects to detect unreported security fixes. We found 600+ vulnerabilities, 25% high or critical, with most never being reported. We achieved this by using dual LLM models to monitor change logs and verify the result with our security engineers.
As cloud adoption grows, attackers exploit its unique attack surface. This talk explores atomic IOCs (e.g., IAM metadata, container IDs) and behavioral IOCs (e.g., API activity), featuring real-world examples like threat actor "Bapak" and insights to enhance cloud detection, hunting, and response.
INCIDENT DECLARED! As Incident Commander, team up with your product and privacy leads to navigate the response. Will you launch a forensics investigation? Draft a customer notice? You decide in this choose-your-adventure talk.
Residential proxies are the weapon of choice for bots bypassing defenses by mimicking legit traffic. This talk unpacks how machine learning can expose and mitigate these threats at scale. Expect actionable insights for improving detections while minimizing false positives.
Dive into the challenges of LLMs in cybersecurity as we explore the process of fine tuning an LLM to handle the task of secret detection in code and be efficient enough to run on any laptop. Can LLMs with low inference times pave the way for new detection methods that were previously overlooked?
Security policies must consider human psychological traits for effectiveness. We'll contrast this with security needs for Non-Human Identities and argue that AI has its own "psychological traits" requiring tailored approaches to secure systems against AI-specific threats.
