Active Directory (AD) is OLD in tech years, but this 25-yr-old identity platform is still deployed all over. This course focuses on understanding AD to build foundational defenses against common attacks and misconfigurations. Through guided lectures, instructor demonstrations, and hands-on labs participants will explore key AD security components and best practices for hardening AD environments.

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

The internet is filled with prying eyes. While several well-established tools including TOR and VPNs offer certain degrees of privacy, they all have limitations that could leave users vulnerable to advanced attacks. In this talk, I’ll discuss the foundations of a decentralized mixnet, how it performs against Tor and VPN, and how you can use it to protect your privacy.

Cyber deception is a ruse to mislead or disrupt adversaries by exploiting their cognitive biases. Traps— lures that detect adversary interaction— reinforce the seams in detection surfaces monitored by security operations teams. But deception management and orchestration is painful in practice. Cloud environments provide an opportunity to overcome some of these pitfalls.

Security teams often face the challenge of navigating complex cloud environments with limited visibility into potential threats. Hawk bridges this gap by automating the collection of essential logs from Microsoft 365. This talk will demonstrate how Hawk, reduces investigation time, flags high-risk behaviors, and enables defenders to hunt for threats across the Microsoft cloud ecosystem.

Advanced and evolving cloud attacks (Blizzard) make breach seem inevitable. We describe a deception detection approach using canaries, with a bit of honey and razors, to implement stealthy tripwires to provide low-FP detections for post-breach lateral movement and privilege escalation.

Resume Reviews - 1:00 - 2:15pm

Breakout Tabletop Discussions - 2:15-3pm
Room 1 - Interview Strategy Presented by John Stoner
Accomplished CISSP, PMP certified cybersecurity US Army veteran with an 25-year track record in USIC, public sector, and national security industry. Has 15* years of experience focused in cybersecurity with experience in CTI, CI, cyber maturity assessments, APT analysis, course development, and instruction. Passionate about helping others in INFOSEC and volunteers in the community and with several non-profits.

Room 2 - Reputational Impact on Career Hunt Presented by Jen Haverman
30+ years of collected experiences including cyber roles like sysadmin, ISSONSSM, pentester, red/white/blue/purple teamer, operations/incident response leader, adjunct faculty, and more. While she started in tech/cyber without degrees and certs, she is currently pursuing a cyber doctorate.

Resume Reviews - 3:00 - 5:00pm

Metadata from incident response and business communications can leak sensitive information, aiding threat actors. External legal and crisis management teams may unintentionally expose data. Explore how to leverage AI/ML analysis of regulatory disclosures such as SEC 8-K filings and past incidents to build pre-incident cross-team partnerships and mitigate future leaks.

Hack your way into a new cybersecurity career during this gaming-inspired interactive session, during which we'll transform your current resume's "character sheet" into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next – or first! – infosec campaign.

It’s coming, and you aren’t ready. Your company’s virtual agent is sending inappropriate messages and handing out customer PII to anyone that asks nicely. And who are they going to call? You. This talk explores the investigation and response process for handling the unique threats to GenAI chatbots.

Jeff Man and Danny Akacki bring decades of experience—and their own battle scars—to explore not just the why behind job loss, but how to navigate its emotional and practical fallout. From the shock of that final paycheck to the long weeks and months that follow, this session will offer real talk, resilience strategies, and a much-needed reminder: when the fall is all there is, how you land matters

The InfoSec industry was born out of fear. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. We will explore this history, consider how it shaped the industry, and how it’s now in the way. Finally, we’ll consider what the new paradigm could be, and most importantly - how to enable a security-minded culture without using fear.

In 2021, we presented at BSides Charm on the vulnerabilities plaguing state-level political party domains across the country. This year, we're back to share the evolution of that work into a non-partisan nationwide election cybersecurity initiative that discovered and shared thousands of vulnerabilities in political campaigns and party offices before the 2024 Election.

It is becoming increasingly complex to defend against zero- to low-cost attacks generated by Threat Actors (TA) as they leverage sophisticated Generative AI (Gen AI)-enabled infrastructure. An orchestrated Workflow with a team of AI Agents presents an opportunity to respond better. To avoid burnout and alert fatigue of SOC analysts, a shift in strategy is required by automating routine tasks.

Pivoting careers involves changes, but interacting with people always remains.

This industry cyber deception practitioner’s short talk demonstrates how to build authentic online sock puppets using the cheap nostalgic junk we buy at yard sales to project the storyline and cultural depth of your sock puppet for defensive cyber deception.

No matter what stage you are in your career, you can’t leave your next move to chance. Advancing in the industry requires planning, dedication, and some adventure. In this session we’ll walk though that journey together and help you understand what is next on your path and how to prepare for the challenges ahead. Knowing your own “end game” and the many challenges you’ll face to get there.

Join us for a tabletop roleplaying game (RPG) with real-world wins! Participant-players seeking their first role in cyber – or simply transitioning to a new specialization – will transform their current resume's "character sheet" into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next infosec campaign.

We all know that the daily life of a cybersecurity analyst often requires you to branch out into left field and learn a completely new skill on the fly. Join me as I introduce you to some of today's go-to tradecraft for static, dynamic, and code-level analysis so that you can begin analyzing artifacts of interest with ease.

The talk will outline detection and threat hunting strategies that could be easily adopted by a mature SOC to look for threats in their Cloud (O365 and AWS) environment. Session will use Jupyter notebook containing detections mapped to the MITRE ATT&CK framework and threat hunting methodologies backed by unsupervised machine learning to hunt for anomalies and visualize them.

Red teaming is an important consideration when training new software professionals, ultimately creating a generation of adversarial-minded engineers. We will present how this perspective was integrated in the Praxis internship project, enabling us to unveil vulnerabilities, research mitigations, and strengthen the resiliency of AI solutions.

In my 3rd week working for a Fortune 500 company, I was tasked with designing and rolling out a programme to churn out software bills of material for our high inherent risk products. 5 months later, we're on the right side of the forthcoming supply chain security regulatory and compliance world. It wasn't easy, but it was sure worth the effort. I even made some friends along the way.

As Active Directory attacks rise, red teamers often focus on "pwning" systems, but real-world engagements require understanding the artifacts these tools leave. In “ Think You’re Stealthy? How to Detect Attacks in AD“, we’ll explore the workings of commonly used AD pentest tools and the artifacts they leave behind. Ideal for anyone looking to deepen their knowledge of defense in AD environments.

New specializations have emerged in this AI-adoring age, but where does that leave security practitioners? Good news: if you know web application security, you can secure AI applications too! This talk explores common web app security concerns that are relevant to any LLM-based app—and the handful of issues unique to AI—guiding the audience through ways to detect and mitigate them.

With the emergence of Large Language Models, there has been a rapid acceleration in the development of AI capabilities. This brings with it many questions for security teams on how they should be thinking about AI security. While care should be taken on the development of LLM prompts, it is critical to not lose sight of the fundamentals to establish secure best practices.

Pair hacking with tools like WhiteRabbitNeo speeds up your process and reduces the tedium inherent in most security roles. WhiteRabbitNeo is an uncensored, open-source LLM trained on red team data. Learn how WhiteRabbitNeo can help you harden your source code and improve configuration security while reducing hours of DevSecOps tedium to minutes.

This 3-hour Web Application Penetration Testing training covers key security concepts, tools, and techniques. Participants will learn to identify and exploit vulnerabilities like SQL Injection, XSS, and CSRF through hands-on exercises. The session also includes reporting and mitigations offering essential skills for security professionals, developers, and IT admins.

Akira, one of the most prolific RaaS groups today, is responsible for millions in ransom payments, and has proven themselves as a formidable opponent. Also tracked as PUNK SPIDER, they specialize in compromising edge devices, encrypting hypervisors, and extorting victims. Join us for an investigation of two PUNK SPIDER intrusions and gain insight into the life of an incident response consultant.

Despite being older than internet explorer injection attacks like SQLi, Command Injection, and XSS remain prominent. Our research found SQLi alone accounts for 6.7% of open-source vulnerabilities and 10% in closed-sourceprojects. This session reveals why these attacks persist and how modern solutions can help.

Delivering security products to millions of users is a monumental task. From building & deploying to mitigating performance issues & false positives, securing systems requires constant coordination between multiple teams of researchers, engineers, and other stakeholders. This session will highlight lessons learned from our experience as an effective cross-functional team building an XDR product.

Recently, the landscape of tools used to change code saw explosive growth. Several open source code mutation frameworks have emerged, allowing expressive code transformations. LLMs have also jumped into the picture, promising power and delivering “cool” – but also towing chaos. We’ll explore the capabilities of these tools all towards answering “are we ready to automatically fix code issues?