2025 Agenda
Infrastructure
9AM
Cookie Monsters in your Browsers: Cookie Exfiltration for Hungry Hackers
Andrew Gomez & Antero Guy
Chromium based browsers like Chrome and Edge have adopted App-Bound Encryption to further protect browser secrets, but attackers are still hungry and always find a way into the cookie jar. This talk explores the inner workings of Chromium’s encryption mechanisms, how a threat actor can exfiltrate and steal sensitive data such as cookies & passwords, and some potential detection opportunities for this TTP. And because one cookie is never enough, we’ll finish with a bonus: leveraging stolen EntraID cookies to pivot into the cloud!
10AM
Gridlocked: Defending Critical Infrastructure Across Domains
Jessica Thompson
As critical infrastructure evolves into a layered system of physical assets, cloud platforms, space-based technologies, and AI-integrated operations, traditional cybersecurity approaches fall short. In this session, Jessica Thompson—former Space Force officer and current cyber threat intelligence leader in the financial sector—will break down a modern approach to securing “the grid.”
Drawing from real-world military and private-sector experience, Jess will introduce a cross-domain threat modeling framework that accounts for emerging risks at the intersection of electromagnetic, cyber, and influence operations. She’ll walk attendees through CTI playbooks tailored for hybrid threats and explain how to drive red-blue-intel integration in high-stakes environments.
11AM
KEYNOTE Speaker
SCADA
12PM
LUNCH
Network. Sit down with someone you don’t know and get to know them. It’ll pay off in the long run - trust me.
Signed, a practicing introvert.
1PM
Shenanigans as a Service: Securing our infrastructure the "hacker way"
Jimi 2x
How hackers help protect the grid and our supply chains through passionate curiosity and responsible disclosure. We'll review three decades worth of examples where lessons were learned, resiliency increased, and infrastructure was hardened. In addition to sharing some stories from the past we will discuss the newest threats targeting our assets along with possible defenses.
2PM
Opening the Register: Hacking ModBus TCP
Anna Katarina Quinn
Operational Technology (OT) environments often use insecure protocols which might be vulnerable to exploitation should a malicious actor access the network. In this talk, Anna will go over the Modbus protocol, exploring the usage, history and insecurities of the protocol. Live hacking demos with visual representation of factory environments will be used to show the impact of such attacks.
3PM
Threat to Consequence
Jorge Lacoste & Jesse Dugan
As energy systems rapidly evolve to integrate more distributed and advanced controls—including solar, wind, storage, grid enhancing technologies, and advanced load controls—the energy system cybersecurity landscape becomes more complex and uncertain. These modern, software-defined systems offer significant flexibility and potential for resilience, yet their increased connectivity and decentralization introduce new risks across both cyber and physical domains. Traditional approaches to grid resilience are insufficient to fully address the complexities introduced by a dynamic threat landscape that includes extreme weather, malicious cyber activity, and infrastructure interdependencies.
To guarantee the benefits of these energy system changes, we must fully understand the risks. The National Renewable Energy Laboratory (NREL) has developed new integrated risk analysis techniques that cover the entire threat to consequence spectrum across all natural hazards and human threats. These integrated suites of tools faithfully capture the scale and complexity of our evolving energy system, including new distributed energy technologies and grid architectures. These tools also enable stakeholders to explore tradeoffs in restoration strategies and the value of integrated, secure, and resilient system design. As energy systems continue to transform, these tools are essential for assessing risk, optimizing response, and guiding investments that ensure the energy infrastructure can withstand and adapt to complex, evolving threats. This presentation will highlight the latest innovations in distributed and advanced controls and threat to consequence risk modeling, underscoring the importance of proactive defense strategies in securing the nation’s energy future.
4PM
Digital Twins, Evil Doppelgängers: Securing Mirrored Plants
Rock Lambros
Digital twins are no longer passive 3-D dashboards. They’re AI-powered control loops that continuously learn from (and even decide for) our plants. That virtuous feedback can just as easily become a vicious cycle when adversaries target the AI models, the data streams, or the orchestration pipelines that link virtual and physical worlds. This session dissects how AI supercharges both the value and the attack surface of OT/ICS/IoT environments. We’ll map out real-world failure modes, model-poisoned maintenance schedulers, edge-device model inversion, synthetic-data misdirection, and more. Then, we'll lay out defensive patterns that keep mirrored plants from becoming evil doppelgängers.
5PM
Grids Under Siege: First-Strike Cyber Weapons in the Fifth Domain
Erin Owens
In this gripping session, we dive into the shadowy world of electric grid hacking, focusing on sophisticated techniques that could destabilize cooperative and municipal grid operations, with Texas’ ERCOT system as a prime case study. Attendees will explore how compromising smaller, interconnected transmission and distribution entities could cascade into full-scale grid failure, potentially affecting millions. We’ll dissect closed-door attack scenarios, including:
1) Mass Meter Manipulation
2) Substation Load Sabotage
3) Supply Chain Cyberattacks
4) Wind Turbine Compromise
5) Strategic Deployment of Ransomware on EMS Systems
Through a theoretical analysis, we’ll quantify the percentage of co-ops and municipal grids that, if compromised, could trigger catastrophic failure.
6PM
Modernizing OT When Your Entire Industry is Against You
Brian Monroe
Face it, the Oil & Gas industry sucks at cybersecurity. From unwillingness to modernize equipment and protocols to extreme costs required to monitor and protect thousands of sites spread across thousands of miles of the southern US, it took some drastic measures (for an old industry) to come up with and implement a plan. Join James, bpx's Senior Security Architect and Brian as we take you through our challenges and solutions as we try to level-up our security, or at least run faster than the other guy.
7PM
Happy Hour - TBD
Non-Infrastructure
9AM
A Gentle Introduction to Container Security
Natalie Somersall
Containers transformed modern application deployment, enabling faster development with portable and scalable systems. They also introduce new security risks that are difficult to navigate, particularly when development teams don't understand fundamental infrastructure security principles. Having a threat model of containerized applications is critical for developers, security engineers, and policymakers alike. This talk will break down the key security risks at each layer of the container ecosystem while providing actionable insights for assessing and mitigating threats.
10AM
One Cluster to Rule Them All: Pentesting Multi-Tenant Kubernetes Clusters
Nick Coblentz
As organizations scale their on-prem or cloud-native infrastructure, the attractiveness of a multi-tenant Kubernetes cluster is undeniable. The promise of reduced operational overhead, centralized management, and significant cost savings is pushing more and more teams to consolidate their workloads. But, how isolated are each of the development teams' access and workloads? What level of protection do solutions like Capsule and Kyverno provide, and where are the gaps? This talk dives deep into the unique security landscape of multi-tenant Kubernetes by analyzing the specific security needs of multi-tenant clusters and getting hands on with our newly released Kubernetes Penetration testing tool: VirtueKube. We will introduce theory and quickly move to live demonstrations and exploitation.
11AM
KEYNOTE (main room)
SCADA
12PM
LUNCH
Network. Sit down with someone you don’t know and get to know them. It’ll pay off in the long run - trust me.
Signed, a practicing introvert.
1PM
Post-Quantum Cybersecurity: Understanding the Quantum Threat Landscape
Saad Baig
This presentation talks about Quantum Computing and the cyber security risks associated with this new line of technology. I will cover the basics of a quantum computer, how it threatens certain forms of modern cyber security protocols, and then dives into each specific threat and its proposed mitigation. It will also cover timelines and the current state of quantum computation
2PM
Active Directory - 25 Years of Giving Up...NTDS.dit
Richard Belisle
You wouldn’t build your house on sand (insert your favorite idiom here). A strong foundation is essential for any structure—without it, cracks form, other weaknesses emerge, and collapse becomes inevitable. Active Directory (AD) serves as the foundation of many networks, yet it is often overlooked, leaving organizations vulnerable to critical security threats.
​
3PM
Mycelium as the Path: Decentralized Biological Models for Cyber Resilience
Akira Brand
Nature had decentralized, self-healing networks long before we started wiring up the internet. Mycelium—fungi’s underground nervous system—has quietly been running a massive, fault-tolerant, data-sharing ecosystem for millions of years. Turns out, there’s a lot we can learn from it.
In this talk, Akira Brand reverse-engineers the biological mechanics of mycelium to uncover practical design patterns for building more resilient, adaptive cybersecurity programs. Mycelial networks operate without a central brain, respond dynamically to stress, optimize resource flows, and recover from disruption by reinforcing damaged pathways—sound familiar? It should. These are the same properties we chase when we talk about zero trust, chaos engineering, observability, and autonomous remediation.
This is not a feel-good metaphor talk. We’ll break down how fungal architectures map to actual security engineering decisions—from embedding trust signals in CI/CD flows to designing distributed detection models that don’t fall over when a single node goes dark. We’ll also cover how nature’s feedback mechanisms mirror breach detection and post-incident growth.
Whether you’re red, blue, or purple, if you’re tired of brittle systems and burned-out teams, maybe it’s time to look underground.
You’ll walk away with:
• A model for decentralized, fault-tolerant security design based on mycelial networks
• Parallels between fungal symbiosis and embedded security across dev pipelines
• A framework for incident response inspired by ecological resilience
• A fresh take on system design that blends natural science and modern security architecture
4PM
Seeing Through the Cipher: AI-Powered Threat Detection in Encrypted Traffic
Chandan Vedavyas
As encryption becomes ubiquitous across networks and applications, defenders face a growing paradox: while encryption protects user privacy, it also blinds traditional security tools. Intrusion detection systems, data loss prevention tools, and firewalls now struggle to detect threats hiding within encrypted flows like TLS 1.3 or VPN tunnels.
This talk presents a novel AI-driven approach to regain visibility without decrypting traffic. By analyzing encrypted metadata such as packet sizes, flow directionality, timing, and TLS fingerprints, we trained machine learning models to detect threats, including command-and-control channels and data exfiltration attempts, without compromising encryption.
5PM
What Information Security Can Learn from Aviation
Trent Thompson
The basics of learning how to fly have surprising commonalities with the basics of information security best practices. There are similarities in the use of documentation/checklists, certifications, team management, incident response, how to pick the right tools, just to name a few concepts that overlap. Along the way we'll use examples of how these concepts can apply to security programs and SOC teams, or just personal growth in the industry. We'll also get into why these concepts exist in aviation by detailing aviation incidents that reenforce why it's taught. The presentation is meant to teach better security practices while learning a little about the world of aviation along the way. Of course, there will be a little bit of humor along the way. If the audience does get bit by the aviation bug, we'll also go into how they can get started on their own aviation journey.
6PM
Your Car's Hidden Passengers: Companies, Cops, and Criminals. Retake Control
Mike Pedrick
Not your grandparents' Oldsmobile - from integration with our smartphones to voice assistants to autonomous driving functionality, today's automotive products are more connected to the world around us than ever. With added convenience comes some interesting challenges to consumer privacy. In this panel, two and a half car enthusiasts, two privacy professionals, and three data nerds will unpack the world of Connected Cars, including the state of technology, the effect of increasing regulatory pressures, and most importantly, what YOU can do to manage risk in this ever-changing landscape.