Loading…
Streaming: https://mssvideo.vcu.edu/RVAsec
Type: Technical clear filter
arrow_back View All Dates
Tuesday, June 3
 

11:00am EDT

Internal Domain Name Collision 2.0
Tuesday June 3, 2025 11:00am - 11:50am EDT
Upstairs, Grand Ballroom F/G
The proliferation of new Top-Level Domains (TLDs) has sparked security concerns primarily around phishing and social engineering attacks. However, the emergence of these new TLDs has broadened the attack surface, making it easier for threat actors to exploit other domain-related vulnerabilities. Our research explored another critical but often overlooked vulnerability: Internal Domain Name Collision. During our research, we examined how legacy systems configured before the TLD boom can become susceptible to these collisions, potentially allowing threat actors to redirect or intercept sensitive internal traffic. This vulnerability can have a ripple effect, impacting even newly installed systems that rely on configurations from those legacy systems (e.g. DHCP, DNS Suffix, etc.). This presentation will showcase our methodology for identifying vulnerable domains and present real-world examples of high-value targets at risk, including a major European city, a US Police Department, and critical infrastructure companies.
Speakers
avatar for Philippe Caturegli

Philippe Caturegli

Chief Hacking Officer, Seralys
Philippe has over 25 years of experience in building, defending, and attacking across all areas of Information Security. He's been performing penetration tests since the early 2000s, gaining deep expertise across diverse security landscapes. In 2012, he founded Seralys, a boutique... Read More →
Tuesday June 3, 2025 11:00am - 11:50am EDT
Upstairs, Grand Ballroom F/G
  Technical

1:00pm EDT

The Lazy Pentester's Guide to Coasting Through Internals
Tuesday June 3, 2025 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G
It's been said that nobody wants to work anymore, and pentesters are certainly no exception to this rule. Internal pentests can be hard, time consuming drudgery. Pentesters may spend hours scanning hosts, looking for open ports and exploitable services only to find themselves with little time left to exploit anything, and a lack of focus on where to begin.

What if there was a better more efficient way? What if there was an 80% solution that will have you traipsing around the network with elevated privileges and creds in hand requiring a fraction of the time and effort using tools you're already using?

 In this talk we'll cover multiple proven methods for obtaining creds, gaining footholds, and just generally wrecking up the place that are quick, relatively painless, and will leave you owning a client's network fast.
Speakers
avatar for Matthew Fisher

Matthew Fisher

Penetration Tester, STACKTITAN
Matt Fisher is a security consultant at STACKTITAN, with an emphasis on the penetration testing and red team disciplines. Matt is a US Army veteran who spent 14 years working in various roles within the DOD Intelligence Community before being drawn to the field of cyber security... Read More →
Tuesday June 3, 2025 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

2:00pm EDT

Following The JSON Path: A Road Paved in RCE
Tuesday June 3, 2025 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G
Dive into researching JavaScript implementations of JSON path libraries, breaking out of JavaScript sandboxes, achieving code execution, and examining the blast radius of impacted components. This talk covers both the research process for the discovery of these novel vulnerabilities and footguns, as well as the process for identifying the blast radius, weaponizing the vulnerabilities against actual targets, and engaging impacted stakeholders. Join me to hear a harrowing tale of remote code execution in several widely used products, CVE assignments, and critical bounty payouts.
Speakers
avatar for Nick Copi

Nick Copi

AppSec Engineer, CarMax
Nick Copi is an application security engineer at CarMax who in his spare time immerses himself in security research and bug bounty. With a background spanning from building full stack web applications to pioneering application security initiatives at CarMax, he brings a wealth of... Read More →
Tuesday June 3, 2025 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

3:00pm EDT

Defending Entra ID and Office 365 Using the Prism of GraphRunner
Tuesday June 3, 2025 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom F/G
For organizations using Microsoft Entra ID and O365, it’s important to understand the landscape of the Graph API, how data is accessed and the logs available to gain visibility into probes and attacks that are targeting users and their information stores.

To drive this awareness, I’ve chosen to use a red team toolkit called GraphRunner that empowers offensive cyber practitioners an easy to use method to get started probing Microsoft Entra ID and Office 365 tenants. On the flip side of this, we are going to take a look at the logs generated by GraphRunner in a simulated attack chain to better understand what a blue teamer might see and how they can build detections and hunt, not just for GraphRunner, but for suspicious activities occurring within their Entra ID and Office 365 tenant.
Speakers
avatar for John Stoner

John Stoner

Principal Security Strategist, Google Cloud
John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users' capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations... Read More →
Tuesday June 3, 2025 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

4:00pm EDT

Large Language Models for Hackers
Tuesday June 3, 2025 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G
Wield your own AI agents, for fun and profit, with open-weight Large Language Models. In this talk, the audience will learn the foundational data science that empowers LLMs to help…and hallucinate, before diving into a tutorial on “agentic” LLM techniques. Along the way, key concepts and methods are related to NIST’s AI Risk Management Framework (NIST AI 600-1) and their adversarial machine learning taxonomy (NIST AI 100-2e2023). Cut through the hype - see the limitations and attack surfaces for yourself, and explore ways you could incorporate these tools into your own practice.
Speakers
avatar for Morgan Stuart

Morgan Stuart

Data scientist and engineer
Morgan is an independent consultant who helps teams identify and implement data science solutions. However, unsatisfied with the ivy walls of the tech oligarchy, he also researches and experiments with today’s latest AI trends for issues related to offline use, trust, and data privacy... Read More →
Tuesday June 3, 2025 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Tuesday, June 3
Wednesday, June 4
Downstairs, Capital Ballroom
Downstairs, Capital Ballroom / Middle
Downstairs, Dominion
Downstairs, Foyer
Downstairs, Madison / Jefferson / Monroe
Downstairs, Shenandoah
Upstairs, Desk
Upstairs, Grand Ballroom D/E
Upstairs, Grand Ballroom D/E/F/G
Upstairs, Grand Ballroom F/G
  • 101
  • Business
  • CTF
  • Food
  • Informational
  • Keynote
  • Social
  • Technical
  • Vendor Break
  • Village
  • Popular