Presentations 2026
Presentations – More talks to come
Two days. Four tracks. No egos. No divas. Just a good time and good content.
Keynotes
To Be Announced Shortly
TBA
Thursday · Closing
I Sent AI Agents to Call the Scammers Back
Mohammad Eshan
Friday · Closing
The History of Malware: 40 Years of Viruses & Worms
Eliad Kimhy

I suck at coding. Claude senpai, make me malware.
The world of coding has changed since the introduction of LLMs. While someone may not have a strong foundation having a machine do what they want via functions and API calls, we can now make the magic happen in just plain English. Stack the usage of PoCs, TTPs, and SMEs to create fully workable exploits. Dive into the process of creating malware with LLMs that can be done by script kiddies and professionals alike.

My Bed Tried to Freeze Me at 3 AM. I Rooted It.
On the night of October 19th, 2025, Adam went to bed like a normal person. At 3 AM, he woke up freezing. His bed had locked into maximum cooling mode and wouldn’t stop. He couldn’t turn it off. It sat at 55 degrees until morning. Other users that night reported the opposite problem — burns from pods stuck at 100 degrees heating. The cause? An AWS cloud outage. The irony? Adam worked at AWS at the time.
A $2,000 mattress cover with a $399/year subscription had decided that if the internet was down, it was going to do whatever it wanted. That was enough.
Adam will walk you through what happened next: an open source project, a $70 hardware kit, a serial cable, a Linux shell on the pod’s internal computer, and a Node.js server that gives complete local control over the device — no cloud, no subscription, no AWS required. He’ll cover the full teardown: physically opening the pod, wiring the TC2070-IDC cable, connecting via minicom, booting into a bash shell through U-Boot, remounting the filesystem read-write, and installing the open-source free-sleep project that now runs his bed entirely on his local network.
This is a talk about being fed up. It’s also a practical guide to embedded Linux, serial consoles, and what it actually means to own a device you paid for.

FORTRESS (Framework for Organized RedTeam and Threat Response Evaluation for Security and Safeguards)
As physical security threats increase in sophistication and frequency, organizations face a critical gap in their security: the lack of a structured framework for physical security assessments. FORTRESS was designed to fill this need by providing a categorized model of physical Tactics, Techniques, and Procedures (TTPs), each aligned to industry-standard compliance controls such as NIST, HIPAA, FedRAMP, ISO 27001, and PCI DSS. Designed for both red and blue teams, FORTRESS enables coordinated, repeatable physical security testing by consolidating adversarial behaviors into mapped TTPs. Each TTP is supported by detailed guidance for execution and validation, making assessments more consistent across teams and engagements. By aligning each technique to specific regulatory controls, the framework also enhances audit traceability and provides clear evidence paths for demonstrating compliance. This paper presents the structure, application, and pilot evaluation of FORTRESS, along with visualizations and roadmap enhancements for its future release. The framework fills a crucial void in operational security and provides a foundation for maturing physical risk programs through structured threat modeling.

Catch Me If You Can: Hooking your way into encrypted IoT traffic
I wanted to hack a butt plug. And no, that is not the name of the next big pop hit. But really, what happens when you try to hack a butt plug over the internet and its app won’t let you see what it’s saying? This inquisition started with a simple curiosity about adult IoT devices and quickly ran into a ‘wall’: two Chinese companion apps for adult toys that encrypt all their API traffic on top of TLS, making traditional fuzzing and parameter tampering impossible.
‘Come’ with me as we walk through the journey of breaking those protections layer by layer using Frida and Burp Suite, while bypassing SSL certificate pinning, and hooking native OpenSSL functions and pulling AES keys directly out of memory. Along the way, we built CrypticBurp, a Burp extension that decrypts, lets you edit, and re-encrypts app-layer traffic on the fly, making these apps fuzz-able! The talk covers two apps, two different approaches (dynamic instrumentation and static analysis), and makes the case that app-layer encryption on consumer IoT devices could just be security theater hiding hardcoded keys and real vulnerabilities underneath.
Tooling and techniques aside, this talk highlights how methodical reverse engineering can tear down defenses that look solid on the outside but crumble once you start ‘poking’ at them.

For Prompt Injection, Press 1: Hacking AI Voice Agents
What happens when you social engineer an AI agent that was trained to be helpful over the phone? Can you get it to reveal its system prompt out loud? Will it disclose information about other callers? How far can you push it before its guardrails kick in?
AI voice agents sit behind telephony layers like speech-to-text, text-to-speech, and call routing that introduce new attack surfaces and opportunities. They’re replacing human operators everywhere: answering phones at doctor’s offices, handling IT help desks, triaging customer support, booking appointments. They sound human, but underneath they’re the same LLMs we’ve been prompt injecting.
I built an open-source tool that tackles this by placing real phone calls to voice AI agents, speaking attack scenarios using text-to-speech, capturing responses via speech recognition, and analyzing transcripts for signs of successful exploitation. It maps 20 attack scenarios across five categories from the OWASP Top 10 for LLM Applications: prompt injection, sensitive information disclosure, system prompt leakage, excessive agency, and misinformation. Detection uses pattern matching and an LLM judge to catch both obvious and subtle failures.
I’ll demo the tool live against real voice AI agents and walk through what these attacks look like in practice. You’ll see what works, what doesn’t, and how voice agents respond when someone treats a phone call like a pentest.

GrrCon Awakening: Truth, Tactic, Talent – How Humans Win
What happens when the strategist who built modern Zero Trust, the raw voice of the human element, and the unfiltered truth-teller who still operates in the trenches are locked in one room with one rule: no filters, no slides, no escape? For years, the industry has been drowning in AI hype, vendor theater, and frameworks that look good on paper but die in reality. Most talks promise answers. This one is different.
Three minds. Three very different weapons. One will bring the architecture that actually holds up under fire. One will expose the human truths everyone pretends not to see. One will say the things that usually get people uninvited from stages. They’re not here to play it safe. And they’re not here to give you another checklist. What they are bringing is something that can’t be tweeted, summarized, or replayed later.
Because the real question isn’t whether humans can still win in this game. The real question is: What are you willing to do when you finally hear what it actually takes? And that answer… will only be revealed in the room. September 24th. GrrCON x15. Grand Rapids. Be there when it happens.

Giving Swords to our Future AI overlords
Artificial Intelligence is no longer confined to chatbots and co-pilots. With the rise of Model Context Protocols (MCPs) and agentic systems, we’re building interconnected AI architectures capable of reasoning, taking action, and, if improperly controlled, doing real-world damage.
In this talk, we explore the emerging security landscape of autonomous agents and AI orchestration, where a single prompt injection can cascade through chains of agents, APIs, and decision-making systems. We’ll walk through real world scenarios where things go HORRIBLY wrong.
Then we’ll go deeper into the rabbit hole the community fell into this year: ClawdBot, OpenClaw, and the cottage industry of unofficial agent frameworks wrapping commercial LLM APIs. What started as clever tooling quickly exposed an entirely new attack surface, OAuth tokens scoped to paid plans being passed around like trading cards, packaging bugs shipping arbitrary execution paths to anyone running pip install, and autonomous agents being granted shell access on home labs and production hosts alike. We’ll dissect how a single compromised release, a leaked token, or an over-permissioned agent loop turns “I’m just experimenting locally” into a full-blown supply chain incident.
From there, we’ll define the core concepts security practitioners need to understand: MCPs, agent-to-agent communication, prompt injection (direct, indirect, and stored), jailbreaks, OAuth abuse in the AI ecosystem, and the growing risks of LLM-based supply chains. Through demos, real-world examples, and a breakdown of new attack models, we’ll show how traditional security thinking must evolve.
There’s no regex for trust. No WAF for prompts. No SBOM that captures what an agent actually does once it’s running. And no standard playbook…. yet. Whether you’re a red teamer, builder, or blue team defender, you’ll leave equipped with the language, frameworks, and mindset needed to operate in this rapidly shifting terrain.
This is the future of AI, is this our Sarah Connor moment?!?

17 Governments Audited, Zero Exploits, Bloomberg Called Me Criminal
I have a Master’s in Cybersecurity and couldn’t get a single interview. AI gutted the job market and recruiters ghosted me, so I stopped refreshing LinkedIn and started doing passive OSINT against government infrastructure from my garage in Atlanta. Venezuela was first. Forty-eight hours later I had 167 GB of publicly accessible government data from 38 organizations without logging into anything.
The operation grew to 17 countries, 26,500+ domains scanned, 180+ government organizations affected, and 342 GB of exposed data. 314 credential sets recovered. 760,000+ PII records exposed including 572,103 Venezuelan voter records, 186 million Mexican federal records, and 86,578 Haitian national IDs. 114 git repositories dumped. A parallel global git dump across 58 countries recovered 302 GB of government source code containing 3,895 credentials and 4,801 developer identities. No exploits. No credentials tested. No auth bypassed. Strictly passive OSINT.
I founded ODINT, the Observatory for Digital Infrastructure and Network Transparency, now pending 501(c)(3). Then on February 25, 2026, Bloomberg called it a sophisticated AI-powered cyberattack. A $61M Israeli startup called Gambit Security repackaged my passive OSINT as their launch-day spectacle and fifty media outlets ran the story without contacting me. The industry that wouldn’t return my calls called me a criminal for documenting what was already public and blamed AI, the same technology that locked me out of the job market. I have publicly said on social media that it was me and nobody believes me. This talk is the actual researcher on stage with the real methodology, the real tools, and the real data.

Inside Scattered Spider, Evolving Techniques from Social Engineering
Scattered Spider (also known as UNC3944 / Octo Tempest) has become one of the most adaptive and disruptive threat groups in recent years. Once focused on social engineering and voice phishing, the group has rapidly evolved into a sophisticated actor targeting identity infrastructure, SaaS platforms, and virtualization layers. This session takes attendees deep into how Scattered Spider’s operations have matured.
Leveraging session hijacking, cloud persistence, and misconfigured RBAC to infiltrate organizations without relying on traditional malware. Drawing from frontline incident response investigations, this talk breaks down how the group bypasses MFA, compromises ESXi environments, and blends human deception with technical precision. Attendees will gain practical insights into modern detection gaps, defensive blind spots in cloud identity systems, and how to prepare security teams for the next wave of identity-driven intrusions. This is a rare look inside a live adversary’s evolution grounded in real cases, real techniques, and real lessons learned.
In 30 minutes, access the building and takeover the domain. Mission Improbable? (Sorry! 12 words)
Follow a penetration tester through the key stages of an engagement, from preparation to successful execution. Step-by-step we’ll show you how someone can achieve total domain takeover within 30 minutes of entering a target’s offices.
Explore the preparation stages, in particular how to use OSINT and a demonstration of practical reconnaissance techniques. Discover how shadow technology and buildings facilities can be used to bypass firewalls and provide a foothold onto a network.
Along the way they’ll show that accessing (and exploiting) CCTV, building and lift management systems are not just the stuff of movies!
Learn how they bypass physical security controls and leverage common vulnerabilities so that they can walk away with the keys to the kingdom in under a half an hour.
Living Between the Walls of Death & Loving It
Many consider the metal band Lamb of God to be the godfathers of what fans lovingly call the Wall of Death. It’s a mosh pit, but if the mosh pit were the trash compactor in A New Hope, without the plot armor, walls crashing together like a monkey on cocaine banging cymbals.
It’s the most apt metaphor I can come up with for what it means to live through the birth and evolution of LLMs. From a distance, you can see the shape of the pit and predict its general movement. Drill down, and it’s slightly-coordinated chaos, foolish and pointless to predict any specific motion inside the whole. Wonderful and horrifying in (mostly) equal measure.
For my own practice that’s meant going from making AI-slop Godzilla valentines to building my first blinky badge, to standing up an entire AppSec cyber range, to fixing my daily nutrition, all in under nine months. The pace is frenetic. If you’re not questioning whether you’re developing AI psychosis at least a few times per project, you’re not using it right. It’s intoxicating to the creative brain and a constant lesson in “trust but verify.”
In this talk I’ll show off my projects, walk through how I built them, and rattle off a laundry list of lessons learned about burrowing deeper down the AI rabbit hole while staying in shouting distance of my better angels. We’re living in the green field between our own Walls of Death. It’s scary, it’s exciting, and we need to learn how to swing when those walls finally crash together.
Cybersecurity The Big Pharma of Tech: Why Zero Trust is the Real Cure
Imagine cybersecurity as Big Pharma: We’re hooked on endless prescriptions — firewalls for headaches, SIEMs for fevers, EDR for chronic pain. But breaches keep coming, and the bill skyrockets. Sound familiar? In this talk, we’ll expose why cyber is the Big Pharma of tech… and how Zero Trust is the real cure you’ve been waiting for.
Pod-tential for Disaster: Hacking Kubernetes from Pod to Cluster
Kubernetes has become the go-to container orchestration platform in modern environments, yet real-world implementations often contain critical misconfigurations. In this talk, we’ll dive into how attackers exploit these weaknesses, from pivoting off a single compromised container to achieving cluster-wide control. After a concise review of core Kubernetes concepts, we’ll showcase live demos of common pitfalls like overly permissive RBAC, insecure API endpoints, and exposed kubelets, breaking down each step of the attack.
Throughout the session, you’ll see exactly how bad actors chain these configuration flaws to move laterally, escalate privileges, and ultimately breach critical components. We’ll wrap up by discussing straightforward fixes and best practices that can thwart such attacks in your own deployments. Whether you’re a security pro or just getting started with container orchestration, you’ll come away with a clear understanding of how Kubernetes implementations get hacked and how to keep them secure. If you want to grasp container security by breaking it first, this talk is for you.
I Sent AI Agents to Call the Scammers Back
Scam call centers make money by keeping people on the phone. So we kept them on the phone instead.
We collected dozens of scam center phone numbers and deployed a cluster of AI voice agents to call them back. Not once. Continuously. For days. The agents wasted their time, tied up their lines, and made it harder for them to reach real victims. The entire scam playbook depends on manipulating a human into action. Buy the gift card. Read the numbers. Wire the money. But you can’t tell an AI agent to redeem a card. It’ll play along forever, and the scammer can’t tell the difference.
We didn’t stop at phone calls. Using computer-use agents through RMM tooling, we got into their infrastructure, watched how they operated, and saw how they moved money.
This talk covers the full operation: how we sourced the numbers, deployed AI voice agents at scale, and pivoted from tying up phones to accessing systems. You’ll hear real calls between our agents and actual scammers, and walk away with a blueprint for pointing offensive AI tooling at the people who actually deserve it.
All Keys Lost: A Car Hacking Adventure
All Keys Lost: An Adventure in Car Hacking is a practical, no-fluff journey into what happens when modern vehicles lose every key — and how security researchers, locksmiths, and attackers alike can bring them back to life. This talk walks through a real-world “all keys lost” scenario, starting off-vehicle on the bench by safely powering and connecting a DME and CAS module outside the car. From there, we’ll cover extracting the vehicle’s Internal Serial Number (ISN) directly from the DME, then pivot to the CAS by dumping its EEPROM flash using probes and hands-on hardware techniques. Once the data is in hand, we’ll explore how key data is identified and written directly into the binary, what can go wrong when you get it wrong, and why tiny mistakes can brick expensive modules. Finally, we’ll close the loop by flashing the modified binary back onto the CAS via EEPROM and returning the vehicle to a functional, key-present state. This session focuses on methodology, tooling, and tradecraft — bridging automotive electronics, hardware hacking, and real-world vehicle security — while highlighting why “all keys lost” is as much a security problem as it is a convenience one.
Weaponizing LLMs: Real-World Abuse Patterns and Defensive Countermeasures
Large Language Models are rapidly being embedded into SOC workflows, internal tools, and production systems, creating a new and poorly understood attack surface. Adversaries are no longer exploiting software flaws alone, they are exploiting model behavior.
This talk examines real-world LLM abuse patterns relevant to security teams today, including prompt injection, indirect prompt manipulation, context poisoning, and adversarial use of LLMs for reconnaissance, phishing, and malware development. Rather than theoretical risk, the session focuses on how these attacks actually manifest in deployed environments and why traditional security controls frequently fail to detect them.
Attendees will be shown concrete abuse scenarios mapped to attacker objectives and existing threat models, highlighting where defenders lack visibility and how LLM-driven systems change assumptions around trust, input validation, and logging. The talk then introduces practical defensive countermeasures that can be implemented immediately, including architectural guardrails, prompt isolation techniques, telemetry strategies, and detection heuristics aligned with SOC operations.
This session is designed to equip practitioners with a realistic threat model for LLMs, separating hype from operational risk, and providing actionable guidance to secure AI-enabled systems without halting innovation.
Last night a DJ erased my drive
As Joni Mitchell famously sang “Don’t it always seem to go, that you don’t know what you’ve got till it’s gone”.
Like how an envelope generator in electronic music shapes a sound’s character over time, this talk is concerned with the shape and characteristics of cybersecurity. Music and cybersecurity have much in common. Both require trigger (an attack) to set off a series of events.
Over the years, music has been used to cause chaos and spread misinformation. Music can also be a method to control and torture people. For example, the use of acoustic bombardment to bring down the Noriega regime in Panama or high-frequency devices like the “Mosquito” for crowd dispersal.
Conversely in times of oppression and dictatorship, music and dance have been used as forms of communication to bypass censorship thus aiding resistance.
There are also examples of music being a destructive force, both deliberately or accidentally. The music video for Janet Jackson’s Rhythm Nation caused 5400 RPM OEM hard drives to crash, and as a result, was identified as a cybersecurity vulnerability with its own CVE list entry (CVE-2022-38392).
However, it’s not all doom and gloom, music is also a source of fun, humour and creativity. This talk is an audio-visual journey through cybersecurity and will provide attendees with three key takeaways: timing is crucial in cybersecurity for rapid detection, response and remediation of threats as well as for forensics and auditing; cadence is essential when implementing sustainable controls and safeguards that must be proportional to the risk; and simplicity often makes the best music and similarly, reducing complexity is key to ensuring effective resilience and protection.
Your AI Agent Could Be a Threat Actor
The AI agent your company deployed last quarter has memory, tool access, network connectivity, and the ability to execute code. It can be persuaded to process instructions in ways the organization never intended — or quietly begin making decisions no one authorized. Most current defenses cannot reliably distinguish either from normal operation.
A joint study by OpenAI, Anthropic, and Google DeepMind bypassed 12 published AI defenses with over 90% success rates using adaptive attacks. The UK’s National Cyber Security Centre classified LLMs as “inherently confusable deputies.” Researchers have documented prompt-based command and control infrastructure hijacking production agents in the wild. One in eight reported AI breaches is now linked to agentic systems. The agents are the attack surface, and current defenses are not answering the only question that matters: is this agent still doing what you think it’s doing?
This talk shows how to answer that question — demonstrated live against a multi-layer defense system running input classifiers, policy engines, trajectory analysis, and a human-in-the-loop circuit breaker. A conversational attack walks past every layer without triggering a single alert. A compromised agent phones home to attacker infrastructure while the defense reports all clear. Probes framed as routine operations — data migrations, compliance workflows, security hygiene — execute actions that individually pass every policy check but collectively breach containment.
The second half is about resolving the ambiguity. The talk introduces techniques for systematically mapping where defenses hold and where they collapse — not as binary pass/fail verdicts, but as a continuous assessment that quantifies defense strength with calibrated confidence across multiple attack categories. The audience sees how multi-turn campaigns reveal weaknesses that every standard evaluation misses, how to monitor agent-to-tool traffic for patterns that signal compromise, and how a multi-pattern attack taxonomy called SASTER (created by the presenter, published at github.com/agentsattack/saster) turns vague risk categories into specific threats their security teams can test for.
The audience leaves with a taxonomy, an open-source testing benchmark, and a practical way to determine whether their agents are operating as intended.
The Amber Prison: Transparently Proxying Ghosts into the Shell
What started as a thought exercise and personal challenge turned into a full-fledged honeypot platform. Traditional honeypots designed to trap intruders often fail when they are easily recognizable. In this talk I will introduce Honeygo, a new twist on honeypots that gives attackers an amber prison they don’t know they are in. What started as a goal to build a better honeypot for SSH and telnet, but resulted in accidentally creating something more powerful: a sophisticated login proxy for Docker containers. By intercepting credentials at the front door and seamlessly dropping attackers into isolated, “pre-warmed” containers, Honeygo eliminates the telltale signs of a fictious shell environment. Through clever terminal filtering and strict time limits, we ensure the illusion is perfect while the host remains untouchable. Attendees will learn how to trap a “Ghost” in a shell of honey, using an architecture that harvests data without ever tipping the defender’s hand. With instances deployed in cloud environments, Honeygo is now collecting live cyber threat intelligence and sharing it through MISP with live analytics. Whether you’re a Red Teamer or a Blue Teamer, you’ll discover how a shift from simple emulation to transparent interception can create the ultimate high-fidelity decoy.
Hacking Facial Recognition with Real-Time Deepfakes
Facial recognition is quickly becoming the new password. From banking apps to identity verification systems, “show your face” is now enough to prove who you are. But what if that face can be faked… in real time?
In this talk, I’ll show how I built a real-time deepfake setup using publicly available tools and used it to test and break facial authentication systems. This includes login flows, mobile apps and identity verification processes.
No theory, no hype. Just real attacks, what worked, what failed, and what surprised me along the way.
Trust But Verify: The Messy Reality of Exploitation Evidence
Since 2021, CISA’s Known Exploited Vulnerabilities (KEV) catalog has become one of the most trusted signals in vulnerability prioritization. If a CVE lands on KEV, it jumps to the top of patch queues. But behind that simple label, “exploited in the wild”, is a messy, inconsistent, and often misunderstood ecosystem of evidence.
Over several years of collecting and analyzing exploitation data, this talk breaks down where those signals actually come from. We’ll examine the full spectrum of exploitation evidence: honeypots, canaries, IDS/IPS detections, payloads, vendor advisories, security firms, researchers, exploit databases, forums, social media, press and more. More importantly, we’ll dig into what each of these sources really tells you, and what they don’t. Some provide high-confidence but narrow visibility. Others offer early warning at the cost of noise and misinformation. Many carry hidden biases based on incentives, telemetry, or audience.
This talk introduces a practical framework for evaluating exploitation evidence, helping defenders move beyond a binary view of “exploited vs. not exploited.” Attendees will leave with a better way to assess trust, correlate signals, and make smarter vulnerability prioritization decisions when the data is incomplete, or misleading.
Ambitious Persistent Teens (APT) — The true threat to your business
With never-ending attacks from online threats, cyber defenders must ask themselves, “What is my business’s number one adversary?”
Many companies seem focused on protecting against highly technical attacks or nation-state actors, when in reality the most common, and often more devastating, threat comes from the true APT, Ambitious Persistent Teens.
So let’s talk about tactics used by some of the most destructive teenage threat-actors. We’ll cover identifying these threats and how we as a community can redirect them before they go down a bad path.
You Are Not Behind. The Timeline Was a Lie.
Cybersecurity celebrates early success while ignoring burnout, late pivots, and the reality of long careers. John “g33kspeed” Stauffacher and Matthew “mattrix” Hoy explore the myth of linear timelines and how to apply the hacker mindset to careers, reinvention, and what comes next.
So You Want to Be a Forensicator
Imagine starting your first day on the job with a single clue: a five-second gap in the logs that absolutely shouldn’t exist. No flashy “zoom to enhance,” no instant answers — just you, a timestamp, and the question every forensicator lives for: What happened in the missing moment? This talk uses that small but mysterious anomaly to illustrate the real heart of digital forensics: quiet puzzles hidden inside ordinary data.
From that opening mystery, we’ll transition into the practical realities of entering the field. Attendees will learn how people actually break into computer forensics and the skills that matter more than pedigree. We’ll examine the core personality traits that make someone effective in this career, including the ability to clearly communicate what the evidence does (and does not) prove.
The session also sets realistic expectations for daily work in digital forensics. By the end, attendees will understand not only what it takes to become a forensicator, but what it feels like to think, work, and solve problems like one — no TV magic required, just skill, patience, and a passion for uncovering the truth hidden in the data.
What happens to cyber security when the internet fails?
I wondered what your attendees would do in case the Internet failed (seems kind of fragile just now). Anyway, I could fill a 25-minute slot with my security-ish war stories from the ’50s & ’60s and leave with some questions for the audience. But what I thought would be more fun (50 minutes) would be me and one or two current “experts,” e.g. 1. Traditional cyber, 2. A.I. cyber. We could each do an intro and then kick my topic around.
Vibe Coding Without Burning the House Down
I wanted to build a simple app to help my kids’ high school run a fundraiser. I didn’t have years to turn myself into a full-time software developer first, so I partnered with an AI co-pilot and started vibe coding my way from an idea to a working product in nine months.
That “simple app” quickly turned into GradVids, a production platform handling video uploads, SMS and email delivery, admin roles, and real users on the Internet while countering bot attacks. As the app moved from a proof of concept into AWS and then into production, the pace was unlike anything I had experienced before, and the risks were very real. While features were shipping quickly, bots were probing for weaknesses, assumptions were being tested, and AI-generated code was confidently solving problems without ever considering an adversary.
This talk is a candid, real-world case study of what happens when vibe coding meets production reality. Using GradVids as the setting, we will explore where AI dramatically accelerated development, where it quietly introduced security and compliance risk, and why human judgment is still essential for threat modeling, trust boundaries, and guardrails. Attendees will leave with practical lessons for using AI as a force multiplier, without burning the house down.
Hacking Big Iron with AI: Attacking Mainframe Operating Systems Beyond Modern Assumption
Mainframes still underpin critical infrastructure such as banking, airlines, and government systems, yet most modern security teams approach them using assumptions formed around Unix, Windows, and enterprise platforms. These assumptions often fail on z/OS, creating blind spots that are difficult to detect and easy to underestimate.
This talk explains how mainframe security actually works and why familiar concepts such as “root,” shells, ports, and lateral movement do not translate cleanly. Focusing on components like JES, JCL, RACF, CICS, VTAM, and PR/SM, we explore where attackers and defenders truly operate today: transactions, security managers, and management boundaries.
From an offensive perspective, the talk reframes how attackers actually move inside mainframe environments: not through shells or services, but via job submission paths, inherited authority, transaction routing, and security manager behavior. The session highlights concrete failure modes red teams encounter when modern assumptions are applied to z/OS, and how those blind spots are exploited in real assessments.
Using real TN3270 terminal screens and practical examples, attendees will learn a repeatable methodology for assessing mainframe environments and identifying misconfigurations that appear harmless but can have severe impact. AI-Assisted Assessment: local LLM interprets screens, narrates walkthroughs, and tutors in real-time. No prior mainframe experience is required.
Bypassing Protection Mechanisms in Automotive ECUs
I begin by giving a brief overview of what a modern car looks like. This includes ECUs, CAN, and UDS. I explain how UDS is used to lock certain sensitive features, which are supposedly only accessible by authorized users. At first there was only SecurityAccess, which uses a seed key algorithm to unlock access. This is inherently insecure due to the fact that the client will need access to this algorithm in some way, and once the algorithm is extracted from whatever tool that uses it and leaked, the protection is pretty much useless. I move to covering a few specific ways I have broken the protection imposed by security access, including reverse engineering from the tool, replay attacks, and abusing an algorithm that was just plain awful.
I then introduce UDS Authentication which was introduced to solve the problems of security access and is actually good at what it’s trying to do. It’s capable of using PKI to avoid the need to include all the sensitive information in the ECU and diagnostic tools. However, authentication is still not foolproof. Even if the logic is sound, the implementation may leave holes. I then go over a specific example of how I was able to bypass authentication, leading to complete control over the ECU in the process. I conclude with potential solutions, including the state of automotive cybersecurity standards in America.
Dealing with Shadows: The Life of a Threat Actor Negotiator
Ransomware negotiations are rarely just about money. They are high-pressure engagements shaped by psychology, leverage, timing, and uncertainty, all while organizations are still assessing the scope of compromise.
This talk offers a practitioner’s perspective on negotiating with threat actors during live extortion events. Drawing on real-world cases, it examines how threat actors communicate, what their behavior signals, and how disciplined negotiation strategy can influence outcomes beyond the final payment amount. Attendees will learn how pacing, message control, and delay are used to buy time, reduce risk, and preserve decision-making authority under crisis conditions.
The session also addresses common misconceptions about ransom negotiations, frequent mistakes that increase cost and exposure, and how negotiation fits into a broader incident response strategy that balances technical, legal, financial, and human factors. This presentation is about what works, and what doesn’t. What you should do, and maybe more importantly, what you should never do.
Your AI is Social Engineering You
Your AI is lying to you. It happens. Mine lies to me, too. Our helpful assistants and agents have been architected to hack our trust, one token at a time. This talk introduces a kill chain for this dark pattern dependency: reaching deep into LLM engagement tactics, psychological vulnerabilities, and classic cons and social engineering tricks. The hook, the groom, the capture, and the lock-in, leaving the dupe de-skilled and dependent. Forget phishing emails. The next great vulnerability is not in our tech stack, but in our dopamine receptors. Join us to regain the upper hand (and maybe learn to harden our organization’s AIs to mitigate these risks.)
Compounding Interest: Compromising the ATM Supply Chain
In 2024, the ATM world shook slightly after I released 6 code execution vulnerabilities affecting Diebold Nixdorf’s security stack. But the rabbit hole didn’t end there, it just got deeper. To truly “own” the platform, you have to go into the pre-boot environment where CryptWare CryptoPro guards the gates.
This talk is a technical autopsy of 9 new vulnerabilities that turn CryptoPro’s “impenetrable” FDE into a liability. We’ll explore the “Hidden Sector Table,” a labyrinthine data structure used to stash system secrets, and show how obscurity was the only thing standing between us and total platform dominance.
In this talk, I will be discussing: 9 New CVEs ranging from logic flaws to code execution; TPM Secret Recovery moving from raw disk access to cleartext encryption keys; and ragavan, my custom attack tooling, enabling researchers to automate the identification, extraction, and decryption of hidden blocks and secrets.
Join me as I bypass TPM protections, reverse engineer custom crypto, and demonstrate how a trusted security component became the ultimate backdoor.
Breaking MCP: Attack Paths in Agentic AI
More organizations are asking Security teams to secure Agentic-based applications and the MCP servers that enable them. If you are wiring MCP into real products, you have already created a new attack surface, even if your dashboards still say “all green”. This session looks at MCP not as a developer-experience win, but as an attacker’s playground across hosts, clients, and servers.
We walk through hands-on research on real MCP ecosystems and show how prompt injection, context poisoning, malicious or compromised MCP servers, poisoned schemas, and over-privileged tools combine into practical kill chains that lead to data exfiltration and remote code execution. We show how well-known attacks are being adapted to this ecosystem, and how the design of MCP gives rise to new attack patterns.
We start from a minimal yet realistic MCP architecture, trace concrete failure modes across code, configuration, and deployment patterns, and then distill them into a reusable threat model and a short, opinionated hardening strategy. If you build or operate MCP hosts, servers, or aggregators, you will leave with a clear picture of how attackers think about MCP today and which defenses to ship first.
Fireside chat with GrrCON founder, EggDropX
Please join me for a chat with GrrCON’s founder, EggDropX. We will explore how and why he started GrrCON. Find out more about the founder and his cyber security career. As well as hearing some great stories from GrrCON’s 15 years. If you would like to submit a question for the chat please use this form.
The History of Malware: 40 Years of Viruses, Worms, and Other Strange Creatures
The history of malware is weirder, funnier, and more instructive than most people realize. A ninth-grader wrote one of the first Apple II viruses as a prank because his friends had wised up to his tricks and refused to take any of his floppy disks. A macro virus from the late 90s would hijack your Word document and then play a generated audio file of someone laughing at you. A botnet author in 2005 was releasing variants so fast he started leaving angry messages for antivirus researchers embedded in the code.
But underneath the stories, there’s a consistent pattern. Each major technology shift (personal computers, the internet, and more recently, AI) triggers the same cycle: experimentation, creative mischief, and weaponization. Many of the techniques we think of as modern had all existed at one point or another, in one form or another. And for our part, we seem to consistently forget the lessons of the past, whenever a new-fangled technique comes on the scene.
This talk is a research-driven walkthrough of over 40 years of malware history, built from primary sources and forgotten security publications. We’ll trace the full arc from Creeper in 1971, through boot sector viruses spreading at the speed of sneaker shoes, the macro virus epidemic that overtook all other malware within three years, the formation of the first botnets, banking trojans that learned to drop ransomware, and the multistage attack chains we deal with today. We close by turning this historical lens toward the present moment. If every major technology shift has followed this pattern, and generative AI is the defining technology of this decade, where are we in this cycle? And what does 40 years of malware history suggest about what comes next?
AI SOC Analyst: 24/7, No Complaints, Occasionally Right
Every SOC analyst has a Jarvis fantasy — an AI that watches the whole network, notices the thing you missed at 2am, and just tells you about it. I’m not a researcher. I don’t have a security team. I have a home lab, a full-time job, and a deep commitment to never doing the same manual task twice.
So I used Claude to build it. Scout is an autonomous SOC analyst running on a $150 mini PC. It monitors logs, queries Wazuh, watches Pi-hole DNS, checks host health — and when something looks wrong, it tells Cipher, my voice assistant, in plain English.
This is the story of how it works, how badly it failed first, how we’re still making it better, and how easy it is to get lost in the AI fantasy.
Attackers Don’t Need Shells, They Need Prompts: This Is How We Hunt Them
As large language models become embedded in enterprise workflows, prompt injection has emerged as a practical and repeatable attack vector. Unlike traditional exploits, prompt injection does not target memory corruption or authentication bypass, it targets model reasoning itself. By manipulating instruction hierarchy and trust boundaries, attackers can induce data exfiltration, policy violations, and unauthorized tool execution inside AI driven systems.
We begin by examining how large language models are being integrated into enterprise systems and how this shift introduces new and unfamiliar security challenges. We then review current defensive approaches and discuss why many existing mitigation strategies struggle to provide reliable, production grade protection in real world environments.
The core of this research focuses on adversarial technique analysis. Rather than treating prompt injection as a single phenomenon, we decompose it into granular sub techniques, map injection vectors across trust boundaries, and study model failure modes under controlled adversarial input. This systematic breakdown reveals consistent gaps in general purpose safety models and highlights why generic moderation pipelines underperform against structured injection strategies. Using this findings, we fine tune a security focused Small Language Model (SLM) optimized specifically for prompt injection detection.
We present empirical results comparing open source tools, traditional heuristics, LLM based classifiers, and the fine tuned SLM across multiple injection categories. The findings demonstrate that domain specific SLMs can achieve high precision with low false positive rates, sub second latency, and cost efficiency suitable for inline enforcement in enterprise environments.
Attendees will gain a practical understanding of prompt injection as adversarial control over model reasoning, insight into systematic attack analysis methodologies, and a blueprint for building production ready AI threat detection systems.
Reconstructing a 1992 Virus to Understand Modern Malware
Before ransomware, before botnets, before the internet mattered — there were floppy disks and virus code printed in magazines like 2600: The Hacker Quarterly.
I took a virus from a 1992 issue, rebuilt it in a lab, and let it loose (safely). Turns out, a lot of the ideas still work — just scaled up and rebranded 30 years later.
This talk walks through what that code actually did, why it worked, and how those same patterns show up in modern malware. No fear-mongering, no “nation-state” buzzwords — just raw mechanics: infection, persistence, and evasion.
If you’ve ever wondered whether we’re actually innovating in security or just renaming old tricks, this is for you.
VIPs and Fake IDs: Investigating PDF Revisions
Have you ever wondered what a threat actor was thinking when crafting their lures? This talk explores an often overlooked feature of the PDF spec that allows us to track how lure documents evolve across real-world malicious campaigns. We’ll break down how this works, what these attacks look like, and how we can detect and analyze these files.
How to win GrrCON and the secretive ShitterCON
Got 25 mins? Come and learn about the infamous M&M and how they conquered GrrCON and discovered the secretive ShitterCON.
Every Risk Acceptance Memo I’ve Signed Was a Bet
“Accepted risk” is a phrase we use to launder a wager.
A critical CVE lands on a Tuesday. By Friday I am signing a risk-acceptance memo that defers the patch to next quarter. The memo cites our compensating controls, our segmentation, our monitoring. What it does not cite is that I signed a nearly identical memo, at a different company, six years ago. And the one before that.
I have come to believe that “accepted risk” is a phrase we use to launder what is actually happening when we sign those memos.
In economic terms, every one of them is a wager. On one side of the wager: the saved budget, the engineering sprint we don’t consume, the launch we don’t slow. Concrete. Immediate. Legible on a slide. On the other side: a breach that may or may not happen, against a threat actor who may or may not target us, with a blast radius we have not actually modeled. Abstract. Probabilistic. Diffuse. The gain is the chips on the table. The loss is the house edge.
Kahneman won a Nobel Prize for showing that the human brain does not weigh those two sides symmetrically. We feel losses about twice as sharply as equivalent gains — but only when the loss is crisp. When the loss is probabilistic and the gain is certain, we systematically over-accept the wager.
That is the gambler’s psychology. And I think it is the psychology driving most of the risk-acceptance decisions I have watched executives make — including the ones I signed myself.
DNS Based OSINT Techniques for Product & Service Discovery
This talk explores a DNS-based OSINT technique that uncovers hidden services and technology dependencies through large-scale TXT record analysis. Attendees will learn how these overlooked records can reveal valuable insights for both offensive and defensive security, and how to integrate this methodology into existing reconnaissance workflows using tools like Nuclei and OWASP Amass.
Your Security Isn’t Failing, It’s Regressing
Security controls don’t fail loudly, with whistles and sirens. They quietly regress.
An agent update changes behavior. A policy exception sticks around “temporarily.” Logging degrades. Detections stop firing. Dashboards stay green — and then an incident happens.
Funny thing is, most modern security failures aren’t failures at all — they’re regressions.
We’ll break down how Security Control Validation, Security Control Regression, and Detection Validation are not separate disciplines, but different failure modes of the same system.
Through real-world scenarios, we’ll show how to continuously prove that controls still enforce, still generate signal, and still alert after change in a practical, repeatable approach to catching security decay before attackers do.
Boldly Going: Cybersecurity Lessons Learned from Space Exploration
As a species, we’ve put a lot of time and effort into throwing contraptions past the stratosphere. With such high stakes, an equally intense level of risk management must be employed. Space agencies like NASA must account for not only intensely complex risks, but also profoundly impactful ones. As cybersecurity professionals, we also operate in high-risk and high-stakes environments — where uncertainty is constant and failure has serious consequences. In this talk we’ll explore how space programs identify, assess, and address risk at every stage of a mission, and what we can learn from their approaches.
Fortunately for us, they have released a wide array of knowledge to the public that we are free to analyze. We’ll examine the standard operating and emergency procedures from the likes of Apollo and Skylab to see how we should prioritize and improve our own. We’ll explore the crucial redundancies implemented throughout spacecraft like Gemini, and learn how to analyze engineering tradeoffs under the most rigid circumstances. Finally, the curtain will be torn off the mistakes of the Space Shuttle Challenger and Columbia disasters to learn how we can avoid disasters of our own. Together, let’s step into managing risk in the most unforgiving environment imaginable.
Bitch Don’t Kill My Vibe
Every day, we paste client findings, JavaScript blobs, and exploit chains into AI chatbots owned by companies losing billions a year. We fed our clients’ dirtiest secrets to someone else’s platform and called it “productivity.” The exact shit we roast our clients for. And it’s making us fucking useless without it.
Two years ago, I could trace through minified JavaScript by hand, in my head. Now I paste it into a chatbot and wait. I still know how. But I’m slower. The muscle memory is rotting. That obsessive need to understand every byte is quietly replaced by a prompt and a prayer. I’m not learning faster. I’m thinking less.
Then the trap closes. OpenAI just said the quiet part out loud: unlimited plans are dead. Altman wants to meter intelligence like electricity. Anthropic is eyeing $500/month tiers. The $20/month era was the free sample. The first hit. Now that we can’t fuzz an API without our copilot, they’re going to find out how much we’ll pay to avoid doing our own job.
Where does that leave us? Getting worse at hacking, paying more for it, shipping client data to God knows where.
This talk is going to piss you off. The pricing death spiral. The skill rot you feel but won’t say out loud. And how to slip the leash — not to quit AI, but to stop letting someone else choke you with it. Own the hardware. Run the models. No filters. No meter. No landlord.
APEX: An Open-Source Autonomous Offensive Security Agent
Autonomous offensive security is no longer theoretical. APEX is an open-source autonomous offensive security agent built by Pensar that deploys a swarm of specialized AI agents — spanning reconnaissance, authentication analysis, exploitation, and code review — to conduct real security engagements against live targets. In this talk, we’ll run a live demo of APEX against a target, watch it reason through an attack surface, and surface real vulnerabilities in real time. APEX is open source and available today.
Jimmy’s Running OpenClaw, and You Can’t Stop Him
Yup. Jimmy’s running OpenClaw on your system… right now… and you can’t stop him. How do you feel about that? Disbelief? Scared? Panicked? Excited? A little offended? Uh… yes?
I will demo why this is already real — and why securing it is harder than you think. I have been coding with AI for years, but this is not just coding anymore. OpenClaw means Jimmy can be anyone in your company doing anything.
But hit pause on that security brain for a moment and dream with me. What do you wish you could do at work? What if that wish could actually become real?
Stop pretending we can policy this away. Let’s focus on people, collaborate, find what actually works, and adapt. Learn from developers and say, “Did we just become best friends?” What if Jimmy is not the problem? Not the villain? Maybe not the hero either. But find Jimmy, and he can definitely be your canary.
My Other Inbox Is Your Inbox: One-Click Email Theft Using Microsoft 365 Copilot
What happens when you ask Microsoft 365 Copilot to summarize a document and it quietly sends me your emails instead?
“You have to sign in”, it said. “It’ll be fine”, it said…
Ctrl + Alt + Lead: Rebooting Cyber Culture with Human Skills
Technical skills might open doors in IT & Cybersecurity, but leadership, communication, and mentorship sustain growth and impact. As the field becomes more complex and critical, we must rethink how we build and lead teams. This talk highlights the soft skills that turn strong technicians into effective collaborators, trusted advisors, and emerging leaders: from coaching junior analysts to translating between the SOC and the C-suite.
VibeShell: How Trusting Your AI IDE Costs You Your Machine
Forget prompt injection. While the industry obsesses over manipulating model inputs to bypass guardrails, it is overlooking a far more dangerous threat requiring no user interaction beyond opening the application embedded beneath the AI itself: the underlying platform architecture.
To deliver on the promise of full autonomy, AI-powered coding environments wire Large Language Models directly into the developer workflow — handing them local filesystem access, shell execution, and cloud credentials. Developers accept this tradeoff for the massive productivity gains, but the security cost is severe.
In these environments, privileged OS access is not a misconfiguration but a product requirement. For a chat interface to truly become an autonomous “agent,” it must be equipped with tools. Equipping the AI with these tools creates a structural conflict with traditional application isolation, like Electron’s security model. To make the AI function, developers are forced to break the sandbox and expose highly permissive IPC (Inter-Process Communication) bridges between the web renderer and the local operating system.
This presentation provides a technical deep dive into how chained IDOR vulnerabilities can be escalated into zero-click RCE via persistent LLM conversation injection and unsafe Electron IPC designs. To prove the real-world impact, we will debut novel research into Orchids, a leading local, Electron-based AI coding IDE with over a million users, reported to be used by teams at firms including Google, Amazon, and Uber.
By weaponizing the IDE’s automated context ingestion, we turn the platform’s own features into a silent backdoor, achieving full remote system takeover with no user interaction beyond opening the application.
Attendees will leave this session with a practical understanding of this emerging attack surface, a live demonstration of the zero-click exploit chain, and actionable defensive design patterns for safely architecting the next generation of AI-enabled desktop applications.
This Talk Was Written by AI
Abstract Coming Soon
Full abstract to be added. Replace this paragraph with the talk description when available.
Talk Title to be Determined by Number of Feds in the Room
Abstract Coming Soon
Full abstract to be added. Replace this paragraph with the talk description when available.



































