Thursday Morning Keynote
Guardians of Reality: Countering Hype in InfoSec
In an era where attention-grabbing headlines and flashy marketing campaigns dominate the landscape, InfoSec finds itself at a crossroads. Kevin Johnson of Secure Ideas will dive deep into the prevailing trend that is steering the industry away from its core mission – to ensure cybersecurity and protect sensitive data.
In an age where clicks and views reign supreme, the industry has been seduced by the allure of quick attention, leaving genuine security concerns languishing in the shadows. This keynote will shine a spotlight on the pressing issue of marketing-driven sensationalism that overshadows the pressing need for substantive solutions.
From the smoke and mirrors surrounding “automated penetration testing” to the proliferation of AI-powered miracle solutions, we will dissect the myths and unveil the truths. Our journey will underscore the fact that genuine penetration testing requires the human touch, the artistry of experts who understand the intricacies of security challenges and the dynamic nature of cyber threats.
As Guardians of Reality, we’ll explore strategies to realign the industry’s focus with its fundamental mission. We’ll navigate through the storm of misinformation, tackling head-on the dangers of sacrificing genuine security solutions for mere attention. It’s time to strip away the veneer of hype and rediscover the essence of InfoSec – protecting our digital world from real-world threats.
Thursday Afternoon Keynote
Zach Hanley and James Horseman
New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too
Join Chief Attack Engineer Zach Hanley and Exploit Developer James Horseman for an eye-opening keynote session where they’ll discuss in detail how the hacker mindset can be applied to seemingly daunting tasks in order to make them more approachable.
Zach and James will show how they approached their first Pwn2Own contest and how they discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. They’ll also share why they think it went unnoticed in previous research and why current open-source static analysis tools can miss this simple bug.
Finally, they’ll release the exploit POC and an additional POC to dump credentials during engagements..
Friday Morning Keynote
June 12th: My Ransomware Breach Story
Friday Wrap Up Keynote
Topic to be determined by number of Feds in the audience.