Saturday Virtual Schedule
Saturday, March 21, 2020
10:00 - 10:30
Badge Talk - Waylon Grange
Saturday 10:30 - 11:00 - It Is The Year 200, We Are Robots
OpenAI talked about the theoretical abuse cases for large language models - we will prove their fears to be legitimate. In this talk we'll explore the use of language models to generate synthetic phishing emails, and build chat-bots to add a personal touch to malware delivery.
Saturday 11:00 - 11:30 - BOLA, IDOR, MA, BFLA. Welcome to the OWASP API Top 10!
A foundational element of innovation in today’s app-driven world is the API. APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers.
Saturday 11:30 - 12:00 - The Domain Password Audit Tool
Poor password habits often lead to system compromise. The Roberts family has authored an open source tool called “The Domain Password Audit Tool (DPAT)” and will be presenting how it can be used to understand weak password use. The discussion will include background information on password hashing and how password cracking is accomplished by attackers.
-Carrie Roberts, Darin Roberts, Cameron Roberts
LUNCH 12:00 - 1:00
Saturday 1:00 - 1:30 - From Mattress Sales to Infosec Soldier
This session will cover my story of transitioning from a Mattress Salesman to a Security Analyst. Anyone can make it in this industry if you have the drive and passion. Attend if you're still deciding on which path in infosec to take.
Saturday 1:30 - 2:00 - $how Me the Money! (Getting Business Buy-in)
Having trouble getting execs to buy into the idea of security? This talk is a crash course in getting business buy-in to securing your organization, and getting user buy-in, too. I'll share some spreadsheet tools that will help the business understand the value of security and see return on investment for security tools and personnel.
Saturday 2:00 - 2:30 - How Can I Get Started in Cybersecurity?
Aimed at new, or less experienced cyber professionals, this presentation will review a wealth of online resources to help get you started in your area of interest. Penetration testing, reverse engineering, compliance, forensics and incident response will be discussed at a high level, with recommendations on how to further your knowledge and experience. No Prior Experience Necessary
Saturday 2:30 - 3:00 - MineMeld - there's gold in them thar hills!
MineMeld is an open source, extensible Threat Intelligence processing framework. In this session you'll learn how to install MineMeld and set up common configurations. We'll also cover adding new and custom sources and how to integrate outputs into your tools.
-Jason Reverri (nibb13)
Saturday 3:00 - 3:30 - Jump Starting Your Appsec Program
As technology and software industries continue to grow at a breakneck pace, my infrastructure has moved to the cloud, and Code Rules Everything Around Me. Application security has become critical to get right. This session will cover how to jumpstart your application security program.
-Julia Knecht & Jacob Lords
Saturday 3:30 - 4:00 - SSH Keys: Security Asset or Liability?
SSH keys are widely used in every enterprise to provide privileged administrative access. Poor SSH key management practices expose businesses to costly security risks. Learn how to take SSH keys from an operational liability to a security asset.