Street vehicles have become more reliant on current technology for daily operations. This improvement in functionality broadens the attack surface and magnifies the potential consequences. Threat actors may use vulnerabilities in vehicle networks such as the Control Area Network (CAN) to execute targeted attacks against high-profile groups. The nature of these attacks goes beyond the scope of a digital environment and threatens physical safety, pressuring the offensive security field to find new talent and technology. This presentation focuses on the basics of understanding the usage and vulnerability of the CAN and presents an offensive security tool in its early development stages. 

Are you concerned about mitigating identity-based threats like account takeovers and insider threats? Take control and secure your organization with Identity Threat Detection and Response (ITDR). Join me for a talk on enhancing cyberattack preparedness by climbing the ITDR Maturity Model.

“Hunting Before Day Zero” is a talk that will delve into details of file and network access on Linux to expose signals of compromise that might indicate our systems are infected and possibly by a zero-day vulnerability!

Scared straight doesn’t work! Still walking your users through how to create a password? STOP! Start teaching your users how to use their Apple iPhone or Android built-in password managers, leaked password tools, and tap-to-pay, and gamify security to create a security culture in your organization.

APIs have exploded in popularity. It’s imperative to learn the basics and common vulnerabilities so that you can understand the basics for testing APIs. This talk covers API basics, discusses the OWASP API Top 10 and includes learning resources for getting more familiar with the covered material.

Back the blue. Don’t start a fight; always finish one. Hold the door. Yes, ma’m. Don’t mess with Texas. From serious to seemingly frivolous, we’re steeped in ways to think, act, and believe. What if those are all expressions of a “code” that social engineers can use to leverage better exploits?

If you’re struggling with detection and having to respond to malicious activity well after occurrence, this talk is for you. I will use a replicable process of identifying normal vs. malicious behavior of commonly abused binaries to create effective detection logic that is bound to catch evil.

Your boss is watching! While employee supervision isn’t a new idea, electronic monitoring and vetting using machine learning is relatively new. At the same time, consumer privacy law is being extended to employees. What are the hazards, and is bossware worth it?

I’ll demonstrate several hacks against xIoT (Extended Internet of Things) devices. Bad actor & defender stories will be shared. Research from over six years & millions of devices will be explored. Steps organizations can take to mitigate xIoT risks will be outlined.

Too many agile teams take a “security last” approach, relying on scans and automation to fix known vulnerabilities. Threat Modeling gives teams a shared language and model for security so they can think like an attacker and a tool to build into their schedule to really be “security first”.