WELCOME CEREMONY
OPENING KEYNOTE
Attacking AI is a one of a kind session releasing case studies, tactics, and methodology from Arcanum’s AI assessments in 2024 and 2025.
Not all Red Team engagements are spearphish > mimikatz > profit. If nothing else, this talk proves that some jobs still involve crawling around car parks at night and hiding in bushes with a high gain antenna to gain your objective.
Traditionally, cyber incidents and Red Team operations focus on compromising Windows devices as an initial infection vector but for modern cloud native companies, this approach simply doesn’t work.
In this talk, we will explore how we compromised an Electric Vehicle to infiltrate a corporate Smartphone, leveraging legitimate applications and protocols to move laterally and achieve full compromise of the environment.
We will demonstrate the chaining of low code (and in some cases ancient techniques), abstract attack vectors targeting atypical devices and platforms and the abuse of protocols and inbuilt applications to conduct a full scale breach of the environment.
Do you want to learn how to solder? Are you afraid of thinking you are going to burn yourself? Don't be scared, we've got your back. Famous and renowned badge Maker Abhinav (Panda) Pandagale will teach you the basics of soldering. You are going to have a chance to solder a badge.
Unveil how attackers exploit overlooked vulnerabilities with one of the creators of Pegasus. This talk dives into real-world attack chains, runtime analysis, and adversarial intelligence, arming you with advanced techniques to expose and mitigate threats in cloud-native and distributed systems.
This presentation explores Adversarial Intelligence - an approach that views application security from an attacker’s perspective. Drawing from vulnerability research experience at the NSO Group and building Pegasus, the speaker will highlight how overlooked low and medium vulnerabilities can be combined to execute successful attacks. By examining attack chains and application runtime behavior, attendees will see how gaps often missed by traditional methods are exposed. Attendees will learn about effective tools and techniques for detecting and mitigating these threats, especially in cloud-native and distributed systems. Designed for security practitioners and academics, this session provides a deeper understanding of defending against sophisticated attackers by adopting their mindset.
As scanning and reconnaissance grows more diverse - from public platforms like Shodan and Censys to hidden probing by botnets and bulletproof hosting services—security teams need better ways to understand who is on the other side of their network connections. This talk will show how network fingerprinting has developed over time, starting with tools like p0f and moving up to more advanced methods like JA4, JA4+, and MuonFP. We’ll discuss how these modern fingerprints can help analysts recognize the tools and infrastructure used by attackers—whether they are fast scanners, basic banner grabbers, or connections routed through VPNs and jump servers. You’ll learn how to use these fingerprints to strengthen your defenses, protect critical infrastructure, and reduce your visibility to public scanners. We will also explain how to fit fingerprinting into security team workflows, noting both what it can and cannot do. Attendees will leave with a practical understanding of modern fingerprinting techniques and a few examples they can apply in their daily work.
Practical demonstration of how the attackers can use misconfigurations across major cloud platforms, including AWS, Azure, GCP and OCI. Attendees will gain invaluable insights into the multifaceted challenges posed by misconfigurations within these cloud environments. Leveraging the power of graph-mode visualization, we will dissect and map potential attack paths arising from misconfigurations, providing a visual narrative of the complex relationships at play using open-source tools through the neo4j/memgraph database to explain some possible attacks.
The heart of the discussion will revolve around practical mitigation approaches tailored to each cloud platform, ensuring a holistic defense strategy using open-source tools and free tools to help organizations increase their security posture. Real-world examples and case studies will illustrate the impact of misconfigurations and how a proactive approach, guided by graph-mode visualization, can significantly enhance security.
By the end of the presentation, participants will be well-equipped to navigate the nuanced landscape of misconfigurations in AWS, Azure, GCP and OCI. This knowledge will empower cloud security professionals to implement effective mitigation strategies, fortifying their cloud environments against evolving cyber threats across diverse platforms. Attendees will gain invaluable insights into the multifaceted challenges posed by misconfigurations within these cloud environments. Leveraging the power of graph-mode visualization, we will dissect and map potential attack paths arising from misconfigurations, providing a visual narrative of the complex relationships at play.
In today's rapidly evolving threat landscape, organizations struggle not with a lack of security tools, but with effectively managing the complex web of knowledge required for robust security operations. This talk introduces SNARF (Security Knowledge Automation and Response Framework), an innovative approach to organizing, connecting, and maintaining security knowledge across the entire security lifecycle. We'll explore why traditional documentation methods fail security teams, how disconnected knowledge silos create dangerous blind spots, and why security is never a "set it and forget it" proposition. Learn how integrating threats, detections, testing procedures, response protocols, and automation into a unified, version-controlled ecosystem dramatically improves security posture while reducing analyst burnout. Discover practical strategies for implementing a living security knowledge repository that evolves with your organization and the threat landscape, turning your security documentation from a liability into a strategic asset.
In this session, we will explore the different layers of security that can be applied or verified to enhance your security posture toward Kubernetes and containers. We will cover everything from the supply chain to production.
KEYNOTE
Come bring both your blue team and red team hats to interactively participate in attack scenarios. Vote with your colleagues on the best approach the security team should take when presented with a potential security incident, and what the threat actor should do when encountering response activity. Join your peers as you test your incident response and attack strategies in a gamified lively discourse.
Security is tasked with understanding all threat vectors and uses a wide range of tooling to do so (endpoint, identities, and networks). But different tools performing different functions create silos and in between those disjointed siloes lie risks. Risks that can be mitigated by a single view across all assets across all systems. This session seeks to explore a unification of assets to minimize attack exposure.
Secure static code analysis with AI and patterns.
This talk will cover key exploitation techniques for RESTful, SOAP, GraphQL, and gRPC APIs, based on the OWASP API Security Top 10. It will include practical demonstrations of vulnerabilities like injection flaws, broken authentication, and data exposure using tools like Burp Suite and custom scripts. The session will also highlight the Open-Sec framework for structured API penetration testing.
In the fast-paced world of cybersecurity, bringing context to new vulnerabilities quickly is more important than ever. As a Threat Researcher at Datadog, I've been involved in developing an approach to deploying honeypots using CI/CD pipelines. This method allows us to rapidly set up honeypots in real-world environments, tailored specifically to the technologies our customers use.
This presentation introduces LogLMs, transformer-based foundation models specifically pre-trained on log sequences. LogLMs understand the 'language' of logs, enabling it to identify anomalies and deviations from normal behavior across diverse protocols and usage patterns. Unlike rules-based systems, LogLMs adapt to changing environments through active learning and federated fine-tuning. This approach provides holistic security, including anomaly detection, threat hunting, real-time alerts, compliance, and forensics. We will see how a LogLM, deployed as TEMPO, detects novel attacks, and empowers forensic analysis.
Critical infrastructure like water treatment plants and air traffic control towers are under constant attack by hostile nations, and securing them is a national priority. This workshop covers industrial automation systems, network security monitoring, and incident response. Participants will perform many hands-on projects configuring systems, attacking them, and defending them.
Static analysis is crucial but limited in detecting vulnerabilities tied to dynamic data and runtime behavior. This session introduces symbolic execution to extend SAST’s capabilities, showcasing how symbolic execution improves vulnerability detection through symbolic execution, illustrated with real-world examples and demonstrations.
Security within games is a popular yet somehow underserved topic. Video games offer various challenges for curious engineers to explore, including reverse engineering, anti-cheat systems, modding, DRM, etc. This talk aims to make these topics and discussions accessible to all levels of technical experience, both within and outside the gaming industry. We'll also examine the game we specifically created for the GameHacking.GG CTF was held at DEFCON32 last year. You can download and play the game we will be discussing from the website before attending this talk at: gamehacking.gg. Julian is leading the Game Hacking Village at DEFCON 33 this year and is looking for interested volunteers!
CLOSING KEYNOTE
CLOSING CEREMONY