Skip to content

2023 Schedule



Time/TrackTrack 1Track MTrack Peppermint
8:30 AMWelcome to GrrCON
– hosted by EggDropX & P1nkN1ghtmare
9:00 AMKeynote – Guardians of Reality: Countering Hype in InfoSec
– Kevin Johnson
10:00 AMBeing B.A.D. for good reasons! & How we can help others to be better!
– Jayson E. Street
AI and Cyber Ops: Optimization, Augmentation, and Assimilation
– Shane Harsch
Unmasking AWS Deceptions: Unraveling Cloud Security’s Sneaky Side
– Yossi Tamarov
11:00 AMLatest Developments in the Ransomware Threat Landscape
– Jithin Nair & Danny Connelly
How I learned to Stop Worrying & Love Structured File Formats
– Kyle Eaton
Can you get High on Hacking
– Erick Boulter
11:30 AMHis palms are sweaty, C2s up, implants ready…
– Jonathan Fischer
All Aboard! Application Security Posture Management is Taking Off!
– John “JT” Tierney
How to Start a Riot: Transform your security and observability program to meet today’s challenges
– Kam Amir
NoonAdvanced Persistent Teenagers: Learning from LAPSUS$, 0ktapus, and other groups
– Matt Muller
Strengthening Cybersecurity Incident Response: Collaborative Efforts and Customer Impact
– JD Shotwell
Context Matters: Why Vetted Component Lists Are Mostly Security Theater
– Cortez Frazier Jr.
12:30 PMFun Ways to Run Code in .NET
– Nicholas Spagnola
Breaking into Cybersecurity the Easy Way
– Brian Dudek
Seeing is Believing Knowing: Anatomy of APT Exploit and Why Visibility must Evolve to Awareness
– Chris Pittman
1:00 PMKeynote – New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too
– Zach Hanley and James Horseman
2:00 PMHow to choose a tinfoil hat (with science!)
– Gabe Schuyler
Working remote overseas and all that goes wrong
– Scott Thomas
The Anatomy of a Threat Hunting Hypothesis
– Lauren Proehl
2:30 PMDeterring Cybercrime via a Global Cybergrid
– Charles Herring
Break it to make it: Uplift developer security maturity and smash the cycle of recurrent vulnerabilities
– Steve Allor
DFIR Analysis with a Purpose
– Terryn Valikodath
3:30 PMSocial Engineering from the Detective Perspective
– Tom Howard
Finding authentication and authorization security bugs in web application routes
– Matt Schwager
Cloud Native is causing a Culture Shift within Organizations
– Tim Connolly
4:00 PMThe Great Task Heist: Stealing the Spotlight on Scheduled Tasks
– Brandon DeVault
Overcoming the CyberSecurity Poverty Line
– Robert Wagner
Tales of AV/EDR Bypass: Ropping the Night Away
– Gregory Hatcher & John Stigerwalt
5:00 PMFriction
– J Wolfgang Goerlich
Oil, Circuits, and Cheese: An Additive Model of Failure
– Jennifer Shannon
Security Flaw Safari: Reading between the lines and hunting security risks
– Brian Halbach
6:00 PMDay 1 Wrap Up
– hosted by EggDropX



Time/TrackTrack 1Track MTrack Peppermint
9:00 AMKeynote – June 12th: My Ransomware Breach Story
– Nathan Ruehs
10:00 AMI Came in Like a Wrecking Ball
– Vincent Matteo
Empowering Analysts: Leveraging AI for IoT, Ransomware, and Your Data
– Jason Bevis
Utilizing Zero Trust to enhance your detective capabilities
– Aaron Tekippe & Nick Weber
11:00 AMStory Time with Matt and John
– Matt Hoy (mattrix) – John Stauffacher
Malicious Code Incoming, Ready Your Shields!
– Ankita Lamba
Legal in the cyber/medical space and all things (shit that can & do go wrong)
– Allie Abdeljabbar
11:30 AMBackup Red Team Exercises: Removing your ability to recover from the last line of defense of your business
– Joshua Stenhouse
Managing Coordinated Vulnerability Disclosure: The Art of Wrangling Cats
– Tina Zhang-Powell
Noonstory-time with atlas (with hex)
– Atlas of D00m
Don’t let GitHub be your weakest security link
– Noam Dotan & Nadav Noy
The attackers guide to exploiting secrets in the universe
– Mackenzie Jackson
1:00MSP’s suck, but the world without them is worse
– Jason Slagle and Matt Lee
Cloudy with a Chance of SSRF: Vulnerability Trends & Techniques
– Dr. Jared DeMott & Michael Fowl
Clearing the Fog: Detection and Defense against Cloud Persistence Techniques
– Ryan Thompson
2:00 PMBoats are scary
– Arron Finnon
Kicking Open Closed Doors: Offensive Java Code Review
– Ryan Emmons
The Dungeon Master’s Guide to Deception in Depth
– Matt Mahoney
3:00 PMShining a light into the security blackhole of IoT and OT
– Huxley Barbee (void *)
How (and why) to think like a threat actor in the cloud
– Jacob Julian
Architecting a Zero Trust Framework for the Cloud
– Dwayne Natwick
3:30 PMPCI DSS v4.0 Is Here – Now What?
– Kyle Hinterberg
Invisible Red Teaming
– Patrick Matthews
4:00 PMRecalling early Unix System development at AT&T Bell Labs
– Richard Haight
Defending Beyond Defense
– Catherine Ullman
The Canary War Path: Weaponizing your data for SOC maturity
– Roy Bray
5:00 PMKeynote – Topic to be determined by number of Feds in the audience
– Chris Roberts
6:00 PMDay 2 Wrap Up
– hosted by EggDropX & P1nkN1ghtmare