Saturday Virtual Schedule

Click This Link For the Latest Schedule!

Saturday, March 21, 2020

10:00 - 10:30

Badge Talk - Waylon Grange

Saturday 10:30 - 11:00 - It Is The Year 200, We Are Robots

OpenAI talked about the theoretical abuse cases for large language models - we will prove their fears to be legitimate. In this talk we'll explore the use of language models to generate synthetic phishing emails, and build chat-bots to add a personal touch to malware delivery.

-Will Pearce

Saturday 11:00 - 11:30 - BOLA, IDOR, MA, BFLA. Welcome to the OWASP API Top 10!

A foundational element of innovation in today’s app-driven world is the API.  APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. 

-Adam Fisher

Saturday 11:30 - 12:00 - The Domain Password Audit Tool 

Poor password habits often lead to system compromise.  The Roberts family has authored an open source tool called “The Domain Password Audit Tool (DPAT)” and will be presenting how it can be used to understand weak password use. The discussion will include background information on password hashing and how password cracking is accomplished by attackers.

-Carrie Roberts, Darin Roberts, Cameron Roberts

LUNCH 12:00 - 1:00

Saturday 1:00 - 1:30 - From Mattress Sales to Infosec Soldier

This session will cover my story of transitioning from a Mattress Salesman to a Security Analyst. Anyone can make it in this industry if you have the drive and passion.  Attend if you're still deciding on which path in infosec to take.

-Chriss Hansen

Saturday 1:30 - 2:00 - $how Me the Money! (Getting Business Buy-in)

Having trouble getting execs to buy into the idea of security? This talk is a crash course in getting business buy-in to securing your organization, and getting user buy-in, too. I'll share some spreadsheet tools that will help the business understand the value of security and see return on investment for security tools and personnel.

-Carlotta Sage

Saturday 2:00 - 2:30 - How Can I Get Started in Cybersecurity?

Aimed at new, or less experienced cyber professionals, this presentation will review a wealth of online resources to help get you started in your area of interest. Penetration testing, reverse engineering, compliance, forensics and incident response will be discussed at a high level, with recommendations on how to further your knowledge and experience. No Prior Experience Necessary


-Dale Rowe

Saturday 2:30 - 3:00 - MineMeld - there's gold in them thar hills!

MineMeld is an open source, extensible Threat Intelligence processing framework.  In this session you'll learn how to install MineMeld and set up common configurations. We'll also cover adding new and custom sources and how to integrate outputs into your tools.

-Jason Reverri (nibb13)

Saturday 3:00 - 3:30 - Jump Starting Your Appsec Program

As technology and software industries continue to grow at a breakneck pace, my infrastructure has moved to the cloud, and Code Rules Everything Around Me. Application security has become critical to get right. This session will cover how to jumpstart your application security program. 

-Julia Knecht & Jacob Lords

Saturday 3:30 - 4:00  - SSH Keys: Security Asset or Liability?

SSH keys are widely used in every enterprise to provide privileged administrative access. Poor SSH key management practices expose businesses to costly security risks. Learn how to take SSH keys from an operational liability to a security asset.

-Bart Lenaerts


closing remarks, rumblings, ruminations, and rants

- Bryce Kunz

thank you so much for joining us