Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Track2 [clear filter]
Wednesday, April 28

9:00am EDT

MQTT - IoT's Little Protocol with Big Vulnerabilities
Have you ever wondered about how your IoT device talks to your phone? Or how industrial factories collect data from sensors? Odds are pretty good they use a tiny protocol called MQTT, a tiny protocol that often has massive vulnerabilities.

avatar for Tracie Martin

Tracie Martin

Principal Security Engineer/Founder, DefendCon
Tracie Martin is a Principal Security Engineer at a really big book store. Previously she's worked in a variety of roles in various tech companies such as Google, Microsoft and Twitter. She is passionate about making security accessible and approachable to everyone and changing the... Read More →

Wednesday April 28, 2021 9:00am - 9:55am EDT

10:00am EDT

Securing AND Pentesting the Great Spaghetti Monster (k8s)
Oh sure, Kubernetes is the Bomb! But is it secure out-of-the-box? Oh hell no! Let's see if we can change that. Let's start with a live Kubernetes cluster running on a stack of PIs (there are visuals) So we have an app and we deploy it, but before we do that, let's make sure our cluster is secure.

NOTE: This presentation was not recorded per Kat's request.

avatar for Kat Fitzgerald

Kat Fitzgerald

Security Engineering Mgr, Google
Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral... Read More →

Wednesday April 28, 2021 10:00am - 10:55am EDT

11:00am EDT

Zero-day .NET and Nvidia GFE Vulnerabilities Explained
I discovered two logical vulnerabilities that allowed for Local Privilege Escalation (LPE). Walking through the process of discovery and then the actual exploit is fun and will show everyone how installing new software will open up systems to more vulnerabilities. Both reported and Confirmed.

avatar for Matt Batten

Matt Batten

Matthew Batten is a Red Team Security Engineer at SIXGEN, Inc. conducting red team operations in support of the Department of Defense. Mr. Batten has ten years of experience in the information security field and is a veteran of the United States Marine Corps specializing in signals... Read More →

Wednesday April 28, 2021 11:00am - 11:55am EDT

2:00pm EDT

A Live Simulation of Advanced Cloud Misconfiguration Attacks
Preventing cloud-native exploits requires us to rethink cloud architecture and how we use services such as IAM. We will simulate advanced cloud attacks live to demonstrate how common cloud misconfigurations are exploited to understand how we can prevent them up front with secure architecture.

avatar for Josh Stella

Josh Stella

Chief Executive Officer, Fugue, Inc.
Josh Stella is co-founder, CTO, and CEO of Fugue, the company transforming cloud security to help teams move faster and stay secure. Through Fugue's masterclasses, Josh educates cloud and security professionals about cloud misconfiguration exploits and how to keep cloud infrastructure... Read More →

Wednesday April 28, 2021 2:00pm - 2:55pm EDT

3:00pm EDT

Educated Guesses with Symbolic Execution: Using Constraint Solvers for Speculative Execution in Modern Firmware
Symbolic Execution is a useful way to perform static and dynamic analysis but is underutilized by security professionals. I hope to expose more people to this awesome tool and demonstrate its utility in finding bugs and "rehosting" firmware.

avatar for Chris Craig

Chris Craig

Cyber Security Software Engineer, ORNL
Christopher Craig is a Cyber Security Software Engineer in the Vulnerability Research Group at Oak Ridge National Laboratory. He received a B.S. and M.S. in Computer Science from the University of Tennessee in 2011 and 2018 respectively and has 9 years of experience in the field of... Read More →

Wednesday April 28, 2021 3:00pm - 3:55pm EDT

4:00pm EDT

Hacking K-12 School Software in a Time of Remote Learning
This talk will take an in-depth look at the zero-day vulnerabilities discovered in a K-12 classroom management solution used in over 9,000 school districts. The focus will be on how four vulnerabilities combined lead to a wormable unauthenticated remote code execution resulting in System privileges.

avatar for Sam Quinn

Sam Quinn

Security Researcher, McAfee
Sam Quinn is a Security Researcher on McAfee's Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Sam has a focus on IOT and embedded devices with knowledge in the fields of reverse engineering and penetration testing.

Wednesday April 28, 2021 4:00pm - 4:55pm EDT

5:00pm EDT

Service Mess to Service Mesh
In our quest to secure all the things, do we jump in too quickly? We'll use Istio and Linkerd as example service meshes, and look at the features we would expect from a service mesh. You'll leave with a concrete understanding of the service mesh, and be ready to justify the investment.

avatar for Rob Richardson

Rob Richardson

Developer Advocate, Cyral
Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He’s a Microsoft MVP, published author, frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development... Read More →

Wednesday April 28, 2021 5:00pm - 5:55pm EDT

Twitter Feed