2025 Agenda
Infrastructure
9AM
Cookie Monsters in your Browsers: Cookie Exfiltration for Hungry Hackers
Andrew Gomez & Antero Guy
Chromium based browsers like Chrome and Edge have adopted App-Bound Encryption to further protect browser secrets, but attackers are still hungry and always find a way into the cookie jar. This talk explores the inner workings of Chromium’s encryption mechanisms, how a threat actor can exfiltrate and steal sensitive data such as cookies & passwords, and some potential detection opportunities for this TTP. And because one cookie is never enough, we’ll finish with a bonus: leveraging stolen EntraID cookies to pivot into the cloud!
10AM
Supercharging Binary Analysis: Teaching LLMs to Assist Your Bug Hunting Workflow
Jack Maginnes
This talk explores the intersection of traditional binary analysis and LLM-guided vulnerability research.
We'll examine how established binary analysis techniques fit into modern reverse engineering workflows, then dive into where AI agents can improve speed, throughput, and accuracy. Using real example 0days from IoT firmware analysis, I'll show how LLMs can turn noisy findings into actionable bugs - correctly identifying vulnerabilities while occasionally hallucinating about call stacks with complete confidence. By the end, attendees will understand both the practical techniques and realistic limitations of integrating custom bug-hunting agents into their own research workflows.
11AM
KEYNOTE:
The SCADA King
JJ Brockert
SCADA systems power nearly every aspect of modern life. They farm our food, pipe our gas, manufacture our cars, manage our traffic, deliver clean water, and remove wastewater. Yet above them all sits one system—the “SCADA King.” Perched at the top, it controls the electric grid, the foundation every other system depends on simply to function. What happens if the SCADA King is compromised? Could its vulnerabilities be exploited to disrupt the grid, plunging society into darkness and chaos reminiscent of the dark ages? This session will explore a bottom-up approach to infiltrating electric SCADA systems, examining the risks, vulnerabilities, and potential consequences of widespread blackouts.
12PM
LUNCH
Network. Sit down with someone you don’t know and get to know them. It’ll pay off in the long run - trust me.
Signed, a practicing introvert.
1PM
Shenanigans as a Service: Securing our infrastructure the "hacker way"
Jimi 2x
How hackers help protect the grid and our supply chains through passionate curiosity and responsible disclosure. We'll review three decades worth of examples where lessons were learned, resiliency increased, and infrastructure was hardened. In addition to sharing some stories from the past we will discuss the newest threats targeting our assets along with possible defenses.
2PM
Opening the Register: Hacking ModBus TCP
Anna Katarina Quinn
Operational Technology (OT) environments often use insecure protocols which might be vulnerable to exploitation should a malicious actor access the network. In this talk, Anna will go over the Modbus protocol, exploring the usage, history and insecurities of the protocol. Live hacking demos with visual representation of factory environments will be used to show the impact of such attacks.
3PM
Threat to Consequence
Jorge Lacoste & Jesse Dugan
As energy systems rapidly evolve to integrate more distributed and advanced controls—including solar, wind, storage, grid enhancing technologies, and advanced load controls—the energy system cybersecurity landscape becomes more complex and uncertain. These modern, software-defined systems offer significant flexibility and potential for resilience, yet their increased connectivity and decentralization introduce new risks across both cyber and physical domains. Traditional approaches to grid resilience are insufficient to fully address the complexities introduced by a dynamic threat landscape that includes extreme weather, malicious cyber activity, and infrastructure interdependencies.
To guarantee the benefits of these energy system changes, we must fully understand the risks. NREL has developed new integrated risk analysis techniques that cover the entire threat to consequence spectrum across all natural hazards and human threats. These integrated suites of tools faithfully capture the scale and complexity of our evolving energy system, including new distributed energy technologies and grid architectures. These tools also enable stakeholders to explore tradeoffs in restoration strategies and the value of integrated, secure, and resilient system design. As energy systems continue to transform, these tools are essential for assessing risk, optimizing response, and guiding investments that ensure the energy infrastructure can withstand and adapt to complex, evolving threats. This presentation will highlight the latest innovations in distributed and advanced controls and threat to consequence risk modeling, underscoring the importance of proactive defense strategies in securing the nation’s energy future.
4PM
Digital Twins, Evil Doppelgängers: Securing Mirrored Plants
Rock Lambros
Digital twins are no longer passive 3-D dashboards. They’re AI-powered control loops that continuously learn from (and even decide for) our plants. That virtuous feedback can just as easily become a vicious cycle when adversaries target the AI models, the data streams, or the orchestration pipelines that link virtual and physical worlds. This session dissects how AI supercharges both the value and the attack surface of OT/ICS/IoT environments. We’ll map out real-world failure modes, model-poisoned maintenance schedulers, edge-device model inversion, synthetic-data misdirection, and more. Then, we'll lay out defensive patterns that keep mirrored plants from becoming evil doppelgängers.
5PM
Grids Under Siege: First-Strike Cyber Weapons in the Fifth Domain
Erin Owens & Tejas Luthra
In this gripping session, we dive into the shadowy world of electric grid hacking, focusing on sophisticated techniques that could destabilize cooperative and municipal grid operations, with Texas’ ERCOT system as a prime case study. Attendees will explore how compromising smaller, interconnected transmission and distribution entities could cascade into full-scale grid failure, potentially affecting millions. We’ll dissect closed-door attack scenarios, including:
1) Mass Meter Manipulation
2) Substation Load Sabotage
3) Supply Chain Cyberattacks
4) Wind Turbine Compromise
5) Strategic Deployment of Ransomware on EMS Systems
Through a theoretical analysis, we’ll quantify the percentage of co-ops and municipal grids that, if compromised, could trigger catastrophic failure.
6PM
Your Car's Hidden Passengers: Companies, Cops, and Criminals. Retake Control
Mike Pedrick, Merry Marwig, Justin Pollard
Not your grandparents' Oldsmobile - from integration with our smartphones to voice assistants to autonomous driving functionality, today's automotive products are more connected to the world around us than ever. With added convenience comes some interesting challenges to consumer privacy. In this panel, two and a half car enthusiasts, two privacy professionals, and three data nerds will unpack the world of Connected Cars, including the state of technology, the effect of increasing regulatory pressures, and most importantly, what YOU can do to manage risk in this ever-changing landscape.
7PM
Happy Hour - Sobo151
151 S. Broadway st.
Non-Infrastructure
9AM
A Gentle Introduction to Container Security
Natalie Somersall
Containers transformed modern application deployment, enabling faster development with portable and scalable systems. They also introduce new security risks that are difficult to navigate, particularly when development teams don't understand fundamental infrastructure security principles. Having a threat model of containerized applications is critical for developers, security engineers, and policymakers alike. This talk will break down the key security risks at each layer of the container ecosystem while providing actionable insights for assessing and mitigating threats.
10AM
One Cluster to Rule Them All: Pentesting Multi-Tenant Kubernetes Clusters
Nick Coblentz
As organizations scale their on-prem or cloud-native infrastructure, the attractiveness of a multi-tenant Kubernetes cluster is undeniable. The promise of reduced operational overhead, centralized management, and significant cost savings is pushing more and more teams to consolidate their workloads. But, how isolated are each of the development teams' access and workloads? What level of protection do solutions like Capsule and Kyverno provide, and where are the gaps? This talk dives deep into the unique security landscape of multi-tenant Kubernetes by analyzing the specific security needs of multi-tenant clusters and getting hands on with our newly released Kubernetes Penetration testing tool: VirtueKube. We will introduce theory and quickly move to live demonstrations and exploitation.
11AM
KEYNOTE (main room)
The SCADA King
JJ Brockert
12PM
LUNCH
Network. Sit down with someone you don’t know and get to know them. It’ll pay off in the long run - trust me.
Signed, a practicing introvert.
1PM
Reframing the Pyramid of Pain: A Defender's Perspective
Frank Victory
You’ve heard about the Pyramid of Pain, right? It’s usually all about the attacker’s perspective—“Hash values? Easy to change!” and “TTPs? Oh no, not so fast!” But here’s the twist: what if we flipped the script? In the corporate world, we’ve got our own Pyramid of Pain. Picture this: at the base of our pyramid, we’ve got IP addresses—easy to get, but what’s next? How do we actually make them useful? How hard would it be to change your existing policies and procedures? Need a Tylenol yet?
This talk takes you through each layer of the pyramid, breaking down how we can ease our pain in the corporate environment. No doom and gloom here—just practical, straightforward actions to turn frustration into progress. It’s like a security roadmap, but with a little less stress and a lot more clarity. Let’s make the Pyramid of Pain work for us instead of against us!
2PM
The Dark Side of AI: Developing unsecure applications in minutes
Chris Lindsey
AI is the ultimate accelerant for application development—its power unmatched—but without balance and control, it can quickly ignite new risks, turning potential into destruction. Explore the tangible impact of AI-generated code in this session by playing with fire – Using GPT-driven prompts, we’ll build a fully functional application, and in real time, we’ll uncover how common security flaws like SQL injection, cross-site scripting, and weak authentication can manifest in AI-generated code.
3PM
Mycelium as the Path: Decentralized Biological Models for Cyber Resilience
Akira Brand
Nature had decentralized, self-healing networks long before we started wiring up the internet. Mycelium—fungi’s underground nervous system—has quietly been running a massive, fault-tolerant, data-sharing ecosystem for millions of years. Turns out, there’s a lot we can learn from it.
In this talk, Akira Brand reverse-engineers the biological mechanics of mycelium to uncover practical design patterns for building more resilient, adaptive cybersecurity programs. Mycelial networks operate without a central brain, respond dynamically to stress, optimize resource flows, and recover from disruption by reinforcing damaged pathways—sound familiar? It should. These are the same properties we chase when we talk about zero trust, chaos engineering, observability, and autonomous remediation.
This is not a feel-good metaphor talk. We’ll break down how fungal architectures map to actual security engineering decisions—from embedding trust signals in CI/CD flows to designing distributed detection models that don’t fall over when a single node goes dark. We’ll also cover how nature’s feedback mechanisms mirror breach detection and post-incident growth.
Whether you’re red, blue, or purple, if you’re tired of brittle systems and burned-out teams, maybe it’s time to look underground.
You’ll walk away with:
• A model for decentralized, fault-tolerant security design based on mycelial networks
• Parallels between fungal symbiosis and embedded security across dev pipelines
• A framework for incident response inspired by ecological resilience
• A fresh take on system design that blends natural science and modern security architecture
4PM
Ads? In My Games? Reverse Engineering an Ad-Injection DLL
Jordan Whitehead
Some modern games have begun placing advertisements inside the game world. These advertisements come with a full suite of user targeting and tracking tools. In this talk we dig into a library used for in-game advertisements. We will walk through a hybrid approach for reverse-engineering binaries. There will be examples of disassembling, debugger scripting, custom harnesses, and intercepting network traffic. The purpose of the talk is to show how easy it can be to start answering our own questions and encourage others to build their reverse engineering skills.
5PM
What Information Security Can Learn from Aviation
Trent Thompson
The basics of learning how to fly have surprising commonalities with the basics of information security best practices. There are similarities in the use of documentation/checklists, certifications, team management, incident response, how to pick the right tools, just to name a few concepts that overlap. Along the way we'll use examples of how these concepts can apply to security programs and SOC teams, or just personal growth in the industry. We'll also get into why these concepts exist in aviation by detailing aviation incidents that reenforce why it's taught. The presentation is meant to teach better security practices while learning a little about the world of aviation along the way. Of course, there will be a little bit of humor along the way. If the audience does get bit by the aviation bug, we'll also go into how they can get started on their own aviation journey.
6PM
Wait.. Was I The Threat Actor?
Ben LeDoux
What could go wrong with accepting a job offer off of Craigslist in 2012? Years before becoming an Information Security professional, Ben LeDoux found out the hard way when his internship spiraled from developing websites to morally ambiguous tasks such as serving up ads and selling free services to unassuming users. Hear his story about the weirdest three months of his life working for an American Online Marketer.