Ever wanted to start fresh and train the "detection and response" dragon? Hear my account of how I did this (and hope to continue building!) from scratch with learnings from my professional experience so far!
Information stealer malware is underestimated by our industry. In this deep-dive, we look into what is captured by them – desktop screenshots, password vaults, browser extensions, MFA bypass material, etc. –, cover the Redline takedown, and offer defensive countermeasures including code and samples.
In this talk, we will take you through our journey of bringing a high stakes SaaS product to the Chinese market while exploring the challenges we faced and sharing what we learned. We will offer insights and practical advice for navigating the unique threats of the Chinese market for global company.
Learn to build your own treasure map of how attackers might move laterally through your company’s assets. We’ll provide a conceptual engineering framework for attack path analysis, recommend no- or low-cost tools, share examples, and release an open-source attack graph ontology to learn from.
What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective.
While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface, and leaving the floodgates ajar to remote network attacks. This session will dive into the 0.0.0.0 exploit research conducted by the team.
We uncovered a data exfiltration technique, capable of bypassing all major DLP vendors listed by Gartner. We will dissect the architectural flaws in endpoint and proxy-based DLP, showcase live bypass demos, and launch Angry Magpie, an open-source toolkit for red teams to replicate these attacks.
This talk compares APRS and Meshtastic protocols for decentralized communications, examining their security models, vulnerabilities, and real-world applications. We will explore how these systems handle encryption, authentication and their attack surface with live demonstrations.
Discover how Yelp's Infrastructure Security team transformed past challenges and failures into success by shifting authentication and authorization from the infrastructure to the application layer. Learn how this pragmatic approach met all security requirements applicable to Yelp's threat model.
From p0f to MuonFP and JA4+, learn how network fingerprinting evolved. See how each step helps security teams spot malicious traffic, detect scanners, and more. Attendees gain real-world use cases and practical tips to deploy fingerprinting for monitoring and threat hunting.
Shift-left sounds great—catch issues early, save time, empower devs—but too often it backfires, creating noise and chaos. Learn from real-world fails, laugh at sh*t-left stories, and discover practical strategies to make shift-left work. Let’s fix AppSec, one bug at a time.
AppSec must balance usability and security, but traditional approaches often lead to disjointed efforts—developers patching blindly, detection teams creating incomplete rules, and threat hunters chasing past compromises. This talk uses eBPF to show how tracing brings context for actionable insights.
We've been forcing AI to imitate human analyst workflows, but what if that's holding both machines and humans back? Through real-world experiments at Anthropic, we'll show how letting AI tackle security problems its own way can allow humans to focus on the nuanced work machines can't do (yet).
Ever wonder how your data is really handled in the cloud? Confidential Computing gives you an answer by isolating your data and cryptographically proving what code was ran. This talk dives into the hardware and software behind Confidential Computing, and how to ship it in real-world cases.
UC Berkeley studied 68 San Francisco nonprofits to assess their cybersecurity needs, resources, and adoption of protective controls. Our findings include actionable recommendations for the City of San Francisco to improve support for nonprofits and boost resilience against growing cyber threats.
Compliance often feels like the party crasher in the DevOps world- unwanted, and slowing everyone down. But what if compliance could be an insider, seamlessly fitting into your CI/CD pipeline without breaking a sweat? In this talk, we’ll tackle the age-old battle between engineers and compliance.
Our talk will focus on securing autonomous AI agents by addressing their unique threats. We will dive into threat modeling of real-world autonomous AI systems, model poisoning attacks with hacking demos, and then explore advanced prompt injection techniques and mitigation strategies.
Taming dragons is risky—so is deploying agentic apps. Like dragons, they’re unpredictable, with threats like hallucinations, non-determinism, vast input spaces, and attacker prompt injections. We show how open-source tools tame the beast, so you can confidently deploy AI agents in production.
This talk details challenges in incident response for AI systems, including insufficient logging, visibility, and accountability, as well as the risks of data exposure and prompt injection. We examine a case of RAG-enabled LLM and propose triaging strategies and improved IR practices for mitigation.
Discover efficient incident handling strategies for third-party supplier incidents. Learn the importance of a predefined process and collaboration between risk management and incident response teams. Gain insights into key decision-making considerations and elevate your IR capabilities.
