Hacker Halted 2022 Speakers
Interested in becoming a speaker? Submit your talk here.
M.Ed., MBA, MSSE, Ph.D2., D.Sc.
Georgetown University and Vanderbilt University
Dr. Chuck Easttom is the author of 36 books, including several on computer security, forensics, and cryptography. His books are used at over 60 universities. He has also authored scientific papers (over 70 so far) on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 25 computer science patents. He holds a Doctor of Science in cyber security (dissertation topic: a study of lattice-based cryptographic algorithms for post quantum computing) and three master’s degrees (one in applied computer science, one in education, and one in systems engineering). He also has a Ph.D. in Technology, focusing on nanotechnology (Dissertation title: The Effects of Complexity on Carbon Nanotube Failures) and a Ph.D. in Computer Science (Dissertation title : “A Systematic Framework for Network Forensics Using Graph Theory”)He is a Senior Member of the IEEE and a Senior Member of the ACM as well as a member of IACR (International Association of Cryptological Research) and INCOSE (International Council on Systems Engineering). He is also a Distinguished Speaker of the ACM (Association of Computing Machinery)and a Distinguished Visitor of the IEEE Computer Society. He currently is an adjunct lecturer for Georgetown University and Vanderbilt University as well as University of Dallas.
The State of Quantum Computing and Cybersecurity
Quantum computing is frankly mysterious to many people. In this talk, attendees will briefly discover what quantum computing is, how it works, and how it will impact cybersecurity. The current state of quantum computing will be explored. The impact quantum computing will have on cryptography will be explained, including the NIST quantum resistant standard project. Quantum computing’s impact on machine learning will be described, with emphasis on how that may impact cybersecurity.
Brett J. L. Landry,
Bio coming soon!
Bringing enterprise network cybersecurity approaches and tools to SMBs
Too often Small and Mid-sized Businesses are prescribed cybersecurity network designs and practices that are impractical for organizations of their size. In today’s hackerverse, the threats are coming from all directions and SMBs are often playing frogger and dealing with only the very next threat and are not able to manage the entire playing field. SMBs do not have the resources for SOCs or the expertise for complicated network designs. This hands-on live demo will examine leveraging prosumer tools for SMBs to move from the wild west of flat heterogeneous networks to planned and segmented networks where every device is known and tracked using out-of-the-box dashboards.
HI i am ADITYA DAS. Currently i am a post graduate computer science student as well as a open source contributor. As a open source contributor i love to contribute in different projects. I am very passionate about devops and open source and spread this among the folks because of awareness of security, knowledge and open source, and finally community is my power and motivation.
Kubernates Ransomeware security
Introduction to kubernates: Let us assume a web application grows over time and became large; It is now extremely challenging to make the code accurately, also the size of the application can slow down the setup time. So now what if we want to add new updates to our web application ? We have to redeploy the entire application and during this process we stop the application and try to restart the application the users on the website will not able to access anything in that time and also the bugs any of the components can bring down the entire process. And Not only that if you face sudden spike in internet traffic and huge users are interacting with the application may compromise. And finally it is very challenging to keep track of thousands of containers and make them healthy also orchestrating and managing at the same time can be extremely tedious task, so here all the problems has one solution tool kubernates. It can monitoring, load balancing, orchestrating and manage those cluster with efficient way. Kubernates security : We often hear from a tech security professional that a particular technology is 100% secure. The kubernates also have some vulnerability that are the loophole for a attacker, some of these are mention below; One of the easy way to access to CTED API, also the breachescan access via kubernates API proxies, they can intercept and modify or inject control plane traffic, they can also access the machines of VMs at whole, and access via kubelet API and exploit vulnerabilities in application; All the vulnerabilities security risk that just mention can cause great deal of data lose and information drom a particular organization.
Jigyasa Grover is a Senior Machine Learning Engineer at Twitter working in the performance ads ranking domain. Recently, she was honored with the ‘Outstanding in AI: Young Role Model Award’ by Women in AI across North America. She is also one of the few ML Google Developer Experts globally. Jigyasa co-authored a book titled ‘Sculpting Data for ML’ that campaigns for a data-centric approach to ML and is a practical guide on curating quality datasets that lay a strong foundation for an ML pipeline. She graduated from the University of California, San Diego, with a Master’s degree in Computer Science with an Artificial Intelligence specialization and has a myriad of experiences from her brief stints at Facebook, the National Research Council of Canada, and the Institute of Research & Development France involving data science, mathematical modeling, and software engineering.
Red Hat ‘Women in Open Source’ Academic Award and Moxie Women in Tech Award winner, Jigyasa is an avid proponent of open-source and credits the access to opportunities and her career growth to this sphere of community development. She is also the proud recipient of multiple scholarships for her research and travels like Mitacs Globalink, Linux Foundation, Facebook GHC, ESUG, GHC India, etc. She currently leads the open-source and ML track for Anita Borg’s IWiC group, co-leads the [email protected] BRG at Twitter, and co-chairs the Financial Aid Committee for Python Software Foundation. She also served as the Director of Women Who Code and Lead of Women Techmakers for a handful of years to help bridge the gender gap in technology. In her spirit to build a powerful community with a strong belief in “we rise by lifting others”, she mentors aspiring developers and ML enthusiasts in various global programs. She has 100+ conference talks, panels, keynotes, technical workshops, and podcasts to her name, which she has conducted in 10+ countries and countless cities across the US. Her love for tinkering has led her to win 5+ hackathons, sponsored by Microsoft, Google, Github, etc. and she now gives back to the community by serving on the judges’ panel of hackathons. Apart from her technological ventures, she enjoys exploring hidden gems in her city, hanging out with friends and family, and has been recently having fun with baking. You can visit her online at jigyasa-grover.github.io or on Twitter (@jigyasa_grover)
Sculpting Data for Machine Learning
In the contemporary world of machine learning algorithms – “data is the new oil”. For the state-of-the-art ML algorithms to work their magic it’s important to lay a strong foundation with access to relevant data. Volumes of crude data are available on the web nowadays, and all we need are the skills to identify and extract meaningful datasets. This talk aims to present the power of the most fundamental aspect of Machine Learning – Dataset Curation, which often does not get its due limelight. It will also walk the audience through the process of constructing good quality datasets as done in formal settings with a simple hands-on Pythonic example. The goal is to institute the importance of data, especially in its worthy format, and the spell it casts on fabricating smart learning algorithms.
My name is Evan Gertis. I have a Bachelors of Science in Physics from the University of North Carolina at Chapel Hill and I obtained my Masters of Computer Science from the Allen E. Paulson College of Engineering at Georgia Southern University. I work for Cyber Leadership and Strategy Solutions, LLC as Cyber Security and Privacy Education Manager.
How to Effectively Manage a Developer Security Operations Program
Individuals will be able to leverage this unique business process to replicate the expertise and reasoning of cyber experts ensuing a greater degree of protection and compliance. The expected out come of this presentation is that the audience will learn how automation can be combined with human intelligence to reduce the time wasted by analysts performing repetitive tasks.
Attend this session to learn how to influence organizational change by improving your DevSecOps process. If you can say yes to the following questions then this talk is for you: * Do you have individuals on your team who cannot follow directions? * Have you experienced difficulties with dishonest management or staff? * Does your organization suffer from poor accountability and communication?
Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran, Pluralsight Author, and Information Security Consultant. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://blog.edie.io and projects at https://github.com/tankmek. He is the Principal Security Engineer at smashthestack.org, a software vulnerability, and exploitation educational platform. Additionally, Michael has volunteered to speak at local nonprofits such as the Cyber Discovery Group (CDG) and NERD Nights. Outside the technical domain, he enjoys spending time with his wife and kids, motorcycling, cryptocurrency, and chess.
Collecting Threat Data using Distributed Deception
What happens when you deploy honeypots in different geographical locations and monitor, collect, and analyze the threat data for several years? The Fakelabs Project is a practitioner’s materialization of this idea. This talk will discuss the project’s architecture, observations, automation, derived products, and lessons learned. In addition, there will be demos and suggestions for how defenders can apply the information presented.
Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years’ experience on Microsoft technologies. His day-to-day job is to help companies securely embrace cloud technologies. He has certifications and recognitions such as Microsoft MVP: Microsoft Azure, OSCP, OSEP, MCT, MCT Regional Lead, EC Council CEH, CPENT, LPT Master, CCSE, CEI and more. Frequent speaker on local and international conferences. Prefers live demos and cyberattacks simulations.
Offensive Azure Security
These days, working with a cloud platform is already commonplace. Companies choose Microsoft Azure for a number of benefits, including security. But there are some responsibility on the customer side and that’s may become weakest link in the chain. A demo-based session shows attacks on the weakest link in 3 scenarios: Hybrid Active Directory, Legacy VM-based application and Modern Application. The session includes: – Pentesting Azure AD Connect – Bypassing authentication & MFA – Getting control over Compute – Extracting secrets from Key Vault -Getting Access to App Service and Azure SQL Database.
His experience in the public / defense sectors is equally complemented by assignments undertaken for heavyweight world renowned corporations including Yahoo, Xerox, AT&T and Texas Instruments to name but a few. He is imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and IT Security (CIW-SA, Security+, CEH, ECSA, LPT, CHFI) besides a bachelor’s degree in science.
Wayne is currently the CSO for Sequrit CSI, responsible for the technical realm and security management, which includes consulting teams. He is a captain of a global operating group of penetration testers and security experts. Wayne and his group have delivered security assessments, Penetration Test assignments and customized training for International Corporations and many Government Agencies such as: EPA, FAA, DOJ, DOE, DOD + 8570: Air force, Army, Navy, Marines, FBI and Statewide Law Enforcement Offices in the USA.
In Europe: NATO, Europol, MOD (Military of Defense UK) various EU Law Enforcement, Dutch Ministry of Defense, Ministry of Justice, local European Law Enforcement: UK, Ireland, Switzerland, Belgium, Holland, Denmark.
Critical Cyber and BIO-Hacking Practical Attacks & Defense for 2022
Kevin will start on SCADA/ICS/OT & IOT and Wayne will continue with AI / Deep Learning, Bio Medical/telemedicine, signal tracking and side-channel updates.
Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.
He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOSC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.
He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the Oman Airport Management Company (OAMC) airports. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA. LPT, APT, CHFI and a number of other certifications.
Critical Cyber and BIO-Hacking Practical Attacks & Defense for 2022
Kevin will start on SCADA/ICS/OT & IOT and Wayne will continue with AI / Deep Learning, Bio Medical/telemedicine, signal tracking and side-channel updates.
Brazilian, certified C|EH, having begun his studies about Information Security 13 years ago, and passed 11 years has realized projects of Application/Infrastructure Penetration Test, Security Analysis, Code Review and Hardening for industries such as: Telecommunications, Aviation, Financial Institutions, Information Technology and Mining. In his free time like of research and practice news techniques of Attack and something of Reverse Engineering. Speaker at many conferences as: Hack In The Box, Ekoparty, Qubit Conference, Arab Security Conference, Red Team Village, Stackconf, MorterueloCON, BSides Calgary, BSides Newcastle, BSides Athens, etc… Author: From SEH Overwrite to get a shell – Pentest Magazine Covert Channel Technique Explained – Pentest Magazine From Fuzzing to Get a Shell – Pentest Magazine Stack Overflow – Hakin9 Magazine
From SEH Overwrite with Egg Hunter to Get a Shell!
In this talk we gonna learn what is SEH (Structured Exception Handler), what your function in the system, as well as your famous message “program has encountered a problem and needs to close”, and how and why sometimes in exploit development is necessary in memory stack, overwrite the SEH. We also gonna learn what is the function for exploitation technique called Egg Hunter, and when is necessary make use of this technique. For end, we gonna learn create from zero an exploit, to exploit a Buffer Overflow vulnerability utilizing the technique SEH Overwrite with use of Egg Hunter, and we will looking for badchars for avoid error in our shellcode, all this to get a reverse shell. Video PoC is included 🙂 of course!
Senior Manager of Recruiting for the AFS National Security Portfolio
Kirsten Renner is the Senior Manager of Recruiting for the AFS National Security Portfolio.
She is best known in the community for her organization of the Car Hacking Village since its inception in 2015 and volunteering across multiple organizations as a career coach. Kirsten is a proud Army mom with nearly 3 decades of recruiting experience, primarily in the information security arena.
Read the Room
The Read the Room presentation is a look at the candidate journey as it relates to the neurodivergent community. The discussion reviews techniques and strategies that not only help overcome challenges from the candidates’ perspective but also better enables hiring teams to eliminate barriers.
CISO (Advisory) for the Mountain States Region,Trace3
Gina Yacone, CCSFP is a Cybersecurity Consultant with Agio’s Raleigh, NC, office, where she specializes in HIPAA and HITRUST. Gina is an information security strategist and speaker with a unique technical vision and business acumen. She is responsible for educating organizations about the ever-changing cybersecurity landscape and helping them build a dynamic cybersecurity program. She loves focusing on the unique challenges today’s organizations face. Prior to her work in information security, Gina was a licensed private investigator for Barry A. Cohen, P.A., in Tampa, FL. While there, she specialized in high-profile, complex litigation. Gina holds a bachelor’s degree in political science from the University of Miami in Miami, FL. Gina is a Rotarian and an active member in the local NC chapters of the Information Systems Security Association (ISSA), InfraGard, DC919, OakCity Locksports and North Carolina Healthcare Information and Communications Alliance (NCHICA), and she regularly participates in Women in Cybersecurity (WiCyS) and Tweens & Technology. Gina sits on the conference board for BsidesRDU as well as the Information Services Advisory Board.
Joshua Crumbaugh is an internationally respected cybersecurity subject matter expert. People come to hear intriguing stories of corporate hacking from one of the world’s leading social engineering experts. Joshua’s engaging, entertaining, and extremely informative keynotes are a must for any organization. It’s easy to think that security these days is solely online, but Joshua ties in a dose of social engineering to his security approach as well. He trains organization members to recognize and avoid easy ins for scammers and phishers and his expertise on all things InfoSec makes him the ideal speaker to train your organization on how to protect its assets. After hearing him speak, audiences go away with a better understanding of cybersecurity. His programs are highly informational and always extremely entertaining.
Joshua is an academic peer-reviewed author, he has never encountered a network that could keep him out. His social engineering accomplishments include talking his way into back vaults, fortune 500 data centers, corporate offices, restricted areas of casinos, and more. Joshua is the founder of PhishFirewall and is widely known as an InfoSec leader and innovator.
Phishing Naked – Demystifying the Most Significant and Least Understood Cyber Threat Today
Phishing is the single most significant threat facing every organization, government, and individual in the world. Ironically, this is also the least known attack vector in modern society. While Phishing, and other digital social engineering attacks, account for most all cyber risk, they are commonly the least threat addressed.
Early in his career, he realized that cybersecurity was a human, not a technology problem. This led him to the realization that humans had to be involved in the solution. This talk focuses on statistics, trends, and predictions based on real-life data collected through enterprise phishing emulations. Learn methodologies discovered through Joshua’s extensive research into social engineering prevention. This research has led to significant improvements in anti-phishing methodologies which will be detailed in this fascinating account of a pentester turned entrepreneur’s journey to solve one of the most significant threats facing humanity.
Lead Incident Detection Engineer for Blumira
Amanda Berlin is the Lead Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author of a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O’Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible and running incident response tabletop trainings.
Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings and industry events. While she doesn’t have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quickly to new technologies.
The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.
Application Security Engineer, EcosystemApplication Security Engineer, Ecosystem at Atlassian
Jasmine shares her passion for Information Security by presenting and teaching workshops with over ten years of Information Security experience. She is an Adjunct Professor at Drexel University and City University of Seattle with additional courses with Cybrary and Infosec Institute. She has certifications in Secure Programming, Web Application Pentesting, and Cloud Security. She has a Master’s in Computer Science and a Graduate Certificate in Information Security and Privacy from the University of North Carolina, Charlotte. She has presented her work domestically and internationally for conferences – The Diana Initiative, Bugcrowd, Blacks in Cybersecurity, Intigriti, and NotPinkCon on Mobile Security and Web Application Security. Along with contributing two articles for the latest O’Reilly Media publication, “97 Things Every Information Security Professional Should Know,” in penetration testing and increasing the cyber pipeline. Currently, she is an Application Security Engineer for a Fortune 500 company.
In her spare time, she likes to stay up to date on security vulnerabilities by completing capture-the-flag write-ups on her blog, submitting vulnerability disclosures, and creating Information Security content on her YouTube channel. Besides Jasmine’s passion for teaching, she has a fervor for educating the next generation of Information Security professionals by creating her non-profit, T-ATP (The Accelerated Training Program), to make cybersecurity education accessible to marginalized groups, along with volunteering with organizations – Biohacking Village, BlackGirlsHack, Open Web Application Security Project (OWASP), and Women’s Society of Cyberjutsu.
She can be reached on all social media platforms at thefluffy007.
Hacking APIs with Jasmine Jackson
With the increase of APIs, API security is still misunderstood. This presentation will discuss common security vulnerabilities with APIs and how to remediate them.
Shashwat Kumar is a Pentester, Public Speaker, Part time Bug Hunter,Web Developer, Read Teamer, CTF Player and Cyber Security Enthusiast. Shashwat currently holds some reputed certifications like OSCP,CRTP and ECSA Practical. He loves to Know what is going on in the Infosec Domain including Offensive and Defensive. He is currently working on Web/Mobile AppSec, Cloud Security and DevSecOps. Shashwat has taken multiple Cyber Security Woekshops and has spoken at local community chapters and conferences like OWASP chapters and WarSaw IT Days.
Shared License or Crack?
This presentation focuses on how crack software are making market into web hosting and how they are selling cracked applications of CPanels, Litespeed, WCMS etc. We did some insightful work on these cracks and we were able to hack into thousands of servers running these crack software. This is kind of awareness presentation how these cracked software are harmful and can lead to complete take over of business.