What's it look like when someone spends hours fine-tuning llama 3.1 to be the most destructive hacking robot the world has ever seen, with a pure goal of causing damage, with no safeguards? Are we ready for that? Not a pentesting bot with guardrails; a harbinger of chaos, tasked only with spreading.
As Netflix enters live streaming, fraud prevention stakes rise significantly. This talk offers an insider's view of strategies and challenges in tackling fraud during live events, focusing on preparing for the unpredictable and maintaining robust defenses amidst this unpredictability.
The Russian hacktivist group Killnet was a cyber army directed by a few to cause harm. With a checkered history and inconsistent behaviors, deciphering who is behind this group was challenging, but we’ll lift this veil and share a personal story of disrupting and unbalancing Killnet into chaos.
For the last 6 years we have been tracking the activities of the cyber-mercenaries Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain insights into their activities and targets and see just how effective they actually are despite it all
In the vast sea of security data, how do we efficiently find malicious activity and turn it into actionable intelligence? This presentation introduces data-driven detection engineering, showcasing a data-first approach to building detection rules and threat feeds.
INCIDENT DECLARED! As Incident Commander, team up with your product and privacy leads to navigate the response. Will you launch a forensics investigation? Draft a customer notice? You decide in this choose-your-adventure talk.
The cybersecurity industry has 5,000+ startups yet many key problems are overlooked for not being "venture scale." This talk explores alternative paths (bootstrapping, Silicon Valley Small Businesses) & talks why niche markets and smaller ideas can drive impactful solutions without unicorn pressure.
Most people aren’t dragon slayers. There are dragon slayers out there, but they’re not us. EDR isn’t a dragon slayer. Neither is the SOC. That’s okay - when the dragon comes, the goal should be *survival,* not going out in a blaze of glory.
Security’s weakest link comes with ten fingers, ten toes and an uncanny ability to find ways past your thoughtfully implemented controls. Learn well-tested psychology principles that drive positive security outcomes. From social proof to reciprocity, small changes in approach bring outsized results.
The Secure Shell (SSH) is the most commonly exposed dedicated management protocol, second only to HTTP in terms of internet-wide exposure, and it’s had a rocky year. This presentation explores the multitude of SSH implementations, their specific weaknesses and real-world exposures.
The presentation will cover research into pig butchering scams connected to FUNNULL CDN-hosted money laundering, retail phishing campaigns targeting luxury brands, and more. Technical analysis step will be provided and explained in-depth as we cover this threat which we have dubbed “Triad Nexus."
Learn how Anthropic automates dependency security at scale across diverse infrastructure and environments while still letting engineers use the tools and dependencies they need. We'll explore Dependant, our tool to enforce our dependency posture at the network level, and how users interact with it.
