RVAsec 14: Full Schedule

Streaming: https://mssvideo.vcu.edu/RVAsec

11:00am EDT

Internal Domain Name Collision 2.0

Tuesday June 3, 2025 11:00am - 11:50am EDT

The proliferation of new Top-Level Domains (TLDs) has sparked security concerns primarily around phishing and social engineering attacks. However, the emergence of these new TLDs has broadened the attack surface, making it easier for threat actors to exploit other domain-related vulnerabilities. Our research explored another critical but often overlooked vulnerability: Internal Domain Name Collision. During our research, we examined how legacy systems configured before the TLD boom can become susceptible to these collisions, potentially allowing threat actors to redirect or intercept sensitive internal traffic. This vulnerability can have a ripple effect, impacting even newly installed systems that rely on configurations from those legacy systems (e.g. DHCP, DNS Suffix, etc.). This presentation will showcase our methodology for identifying vulnerable domains and present real-world examples of high-value targets at risk, including a major European city, a US Police Department, and critical infrastructure companies.

Speakers

Philippe Caturegli

Chief Hacking Officer, Seralys

Philippe has over 25 years of experience in building, defending, and attacking across all areas of Information Security. He's been performing penetration tests since the early 2000s, gaining deep expertise across diverse security landscapes. In 2012, he founded Seralys, a boutique... Read More →

Tuesday June 3, 2025 11:00am - 11:50am EDT
Upstairs, Grand Ballroom F/G

Technical

1:00pm EDT

The Lazy Pentester's Guide to Coasting Through Internals

Tuesday June 3, 2025 1:00pm - 1:50pm EDT

Upstairs, Grand Ballroom F/G

It's been said that nobody wants to work anymore, and pentesters are certainly no exception to this rule. Internal pentests can be hard, time consuming drudgery. Pentesters may spend hours scanning hosts, looking for open ports and exploitable services only to find themselves with little time left to exploit anything, and a lack of focus on where to begin.

What if there was a better more efficient way? What if there was an 80% solution that will have you traipsing around the network with elevated privileges and creds in hand requiring a fraction of the time and effort using tools you're already using?

In this talk we'll cover multiple proven methods for obtaining creds, gaining footholds, and just generally wrecking up the place that are quick, relatively painless, and will leave you owning a client's network fast.

Speakers

Matthew Fisher

Penetration Tester, STACKTITAN

Matt Fisher is a security consultant at STACKTITAN, with an emphasis on the penetration testing and red team disciplines. Matt is a US Army veteran who spent 14 years working in various roles within the DOD Intelligence Community before being drawn to the field of cyber security... Read More →

Tuesday June 3, 2025 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

2:00pm EDT

Following The JSON Path: A Road Paved in RCE

Tuesday June 3, 2025 2:00pm - 2:50pm EDT

Upstairs, Grand Ballroom F/G

Dive into researching JavaScript implementations of JSON path libraries, breaking out of JavaScript sandboxes, achieving code execution, and examining the blast radius of impacted components. This talk covers both the research process for the discovery of these novel vulnerabilities and footguns, as well as the process for identifying the blast radius, weaponizing the vulnerabilities against actual targets, and engaging impacted stakeholders. Join me to hear a harrowing tale of remote code execution in several widely used products, CVE assignments, and critical bounty payouts.

Speakers

Nick Copi

AppSec Engineer, CarMax

Nick Copi is an application security engineer at CarMax who in his spare time immerses himself in security research and bug bounty. With a background spanning from building full stack web applications to pioneering application security initiatives at CarMax, he brings a wealth of... Read More →

Tuesday June 3, 2025 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

3:00pm EDT

Defending Entra ID and Office 365 Using the Prism of GraphRunner

Tuesday June 3, 2025 3:00pm - 3:50pm EDT

Upstairs, Grand Ballroom F/G

For organizations using Microsoft Entra ID and O365, it’s important to understand the landscape of the Graph API, how data is accessed and the logs available to gain visibility into probes and attacks that are targeting users and their information stores.

To drive this awareness, I’ve chosen to use a red team toolkit called GraphRunner that empowers offensive cyber practitioners an easy to use method to get started probing Microsoft Entra ID and Office 365 tenants. On the flip side of this, we are going to take a look at the logs generated by GraphRunner in a simulated attack chain to better understand what a blue teamer might see and how they can build detections and hunt, not just for GraphRunner, but for suspicious activities occurring within their Entra ID and Office 365 tenant.

Speakers

John Stoner

Principal Security Strategist, Google Cloud

John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users' capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations... Read More →

Tuesday June 3, 2025 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

4:00pm EDT

Large Language Models for Hackers

Tuesday June 3, 2025 4:00pm - 4:50pm EDT

Upstairs, Grand Ballroom F/G

Wield your own AI agents, for fun and profit, with open-weight Large Language Models. In this talk, the audience will learn the foundational data science that empowers LLMs to help…and hallucinate, before diving into a tutorial on “agentic” LLM techniques. Along the way, key concepts and methods are related to NIST’s AI Risk Management Framework (NIST AI 600-1) and their adversarial machine learning taxonomy (NIST AI 100-2e2023). Cut through the hype - see the limitations and attack surfaces for yourself, and explore ways you could incorporate these tools into your own practice.

Speakers

Morgan Stuart

Data Scientist, Canopy Nine

Morgan is an independent consultant who helps teams identify and implement data science solutions. However, unsatisfied with the ivy walls of the tech oligarchy, he also researches and experiments with today’s latest AI trends for issues related to offline use, trust, and data privacy... Read More →

Tuesday June 3, 2025 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

10:30am EDT

Attacking & Defending ServiceNow: A Hands-on Lab for Red & Blue Teams

Wednesday June 4, 2025 10:30am - 11:20am EDT

Upstairs, Grand Ballroom F/G

ServiceNow is a critical enterprise platform, often integrated with sensitive systems and privileged access. This talk explores how attackers can exploit misconfigurations and privilege escalation paths within ServiceNow to gain a foothold in an environment. We’ll walk through real-world attack techniques, from initial access to lateral movement, and demonstrate how defenders can detect and mitigate these threats.

In addition to offensive tradecraft, we’ll cover how to set up a dedicated lab to safely test these attack vectors, fine-tune detections, and improve defensive strategies. Whether you’re a red teamer looking to sharpen your tactics or a blue teamer aiming to strengthen your defenses, this talk will provide actionable insights and practical steps for securing ServiceNow.

Speakers

Mike Bailey

Hacker, Rotas Security

Mike Bailey has almost 2 decades of varied experience working in private industry, academic institutions, US government and every aspect of the financial industry. Mike's focus is all things security. He brings a robust subject matter expertise within the areas of adversarial threat... Read More →

Nicholas Popovich

Principal, Rotas Security

Nick Popovich's passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. His career has focused on adversarial threat simulation, offensive and defensive security, and advanced technical security assessments. He is a hacker... Read More →

Wednesday June 4, 2025 10:30am - 11:20am EDT
Upstairs, Grand Ballroom F/G

Technical

11:30am EDT

SPF Shadowing: Give Old Services a Chance to Shine

Wednesday June 4, 2025 11:30am - 12:20pm EDT

Upstairs, Grand Ballroom F/G

In a world where Sender Policy Framework is meant to provide a first or second line of defense against impersonation and phishing, we instead find ourselves barely paying attention to it. Even after the MailChannels vulnerability was disclosed and thousands of companies found they could be impersonated via email through a service they paid thousands of dollars for, word really didn't spread like it should have. Many domains are set and forget, from personal domains to fortune 500s, and I am going to take you on a journey where we use the forgotten for fun and profit.

Speakers

Caleb Crable

Staff Security Engineer - Red Team, Bill.com

From reverse-engineering malware to simulating attacks on critical financial infrastructure, Caleb’s career has always been centered on staying one step ahead of adversaries. With 7 years of Red Team experience, he currently serves as a Staff Security Engineer on the Bill.com Red... Read More →

Wednesday June 4, 2025 11:30am - 12:20pm EDT
Upstairs, Grand Ballroom F/G

Technical

1:00pm EDT

Running A Proper Purple Team

Wednesday June 4, 2025 1:00pm - 1:50pm EDT

Upstairs, Grand Ballroom F/G

Some folks within cybersecurity have probably heard the concept of purple teaming but what is it like to actually execute or leverage this type of service? What value does it provide? Where should it exist within the organization? What other challenges might you face when performing purple teaming?

This talk will dive into details on how to go from the concept or infancy of purple teaming to executing at a higher level of maturity and everything in between. I’ll walk thru specific examples of purple team exercises then debrief outcomes and values of those engagements. I’ll also walk thru variations of purple teaming (e.g., simulation vs emulation) and describe when a certain variation might be appropriate and when. Last but not least I’ll explain how to perform purple teaming in various environments (e.g., endpoint, cloud, network) and considerations for operating in those conditions.

Speakers

Travis Altman

Cybersecurity Leader, Industry

Travis Altman has been a leader in the cybersecurity field for decades. He’s worked in various cybersecurity roles such as info sec engineer, application security, incident response, red teaming, and many more. Travis now focuses his energy on leading organizations to implement... Read More →

Wednesday June 4, 2025 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

2:00pm EDT

Using Volatility 3 to Combat Modern Malware

Wednesday June 4, 2025 2:00pm - 2:50pm EDT

Upstairs, Grand Ballroom F/G

Volatility 3 is the latest version of the Volatility Memory Analysis framework, which has been the most widely used open-source framework for memory forensics since its creation in 2007. This new version of the framework is a complete rewrite starting from the first line of code. In this presentation, attendees will learn about Volatility 3’s new features while also seeing how many brand-new plugins can be used to detect a wide range of sophisticated, modern malware. This will include detection of the techniques currently deployed by ransomware and APT groups to evade EDR detection, inject code in a stealthy manner, and perform lateral movement. Examples of the covered techniques will include process hollowing, module unhooking, and privilege escalation. Attendees will leave understanding how to detect modern malware and attacker toolkits along with how to integrate Volatility 3 and its new features into detection workflows suitable for production use.

Speakers

Andrew Case

Director of Research, Volexity

Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the most widely used open-source memory forensics framework, and a co-author of the highly... Read More →

Wednesday June 4, 2025 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

3:10pm EDT

The Security Professionals Guide To The Linux Desktop

Wednesday June 4, 2025 3:10pm - 4:00pm EDT

Upstairs, Grand Ballroom D/E/F/G

Want to learn how running Linux as your desktop OS can make your life BETTER? This talk is for you! Every year the Linux nerds say, “This will be the year of the Linux desktop!”. If we put Android and ChromeOS aside for a moment, there has never been such a year. However, I switched to Linux on my laptops in 2016 and fully converted all my desktops in 2019. I’m never looking back. Many of you reading this are already thinking/voicing your opinions. I’ve heard for so many years, “I don’t want to run Linux as my desktop because [blank]”. This talk will dispel the myths and hopefully getting you on team Linux desktop! If you are open-minded about Linux as a desktop, haven’t tried it in a while, worried about Windows 10 going end-of-support in 2025, and want to learn about the benefits of the Linux desktop, this talk is for you. Maybe you even use Linux as your desktop OS and just want some tips and tricks; this is the talk for you. If you’ve already decided that Windows or MacOS is perfectly fine and Linux is just annoying, this talk may not be for you.

Speakers

Paul Asadoorian

Principal Security Researcher, Eclypsium

Paul Asadoorian is currently a Principal Security Researcher for Eclypsium, focused on firmware and supply chain security. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his... Read More →

Wednesday June 4, 2025 3:10pm - 4:00pm EDT
Upstairs, Grand Ballroom D/E/F/G

Technical