top of page
Where CISOs Collaborate
Hacker Village
Sessions
Breakout Room C
9:15am Session
10:05am Session
11:15am Session
1:25pm Session
2:45pm Session
9:15-10:15 Session
945
Title: A Little Red, A Little Blue and GPT
Speaker Info: A commodities trader turned cyber sleuth / threat hunter who recently pivoted to the cybersecurity industry in 2021 after building software and networks for over two decades.
Session Info: Using GPT to attack machines and then patch the vulnerabilties.
10:20-11:20 Session
1020
Title: Reversing Hashcat - How I Cracked Passwords to Keep Them Safe
Speaker Info: Ray "Sensei" Morris has been doing work in security, and particularly password security for over 20 years.
He is the author of the Strongbox password security system which was the most-used web site login security system. Along with founding RMEE, he has worked for Alert Logic, for TEEX, and other companies in technical security roles. Mr. Morris holds a masters degree in Cybersecurity from Georgia Institute of Technology. He is active in the Dallas hacker community, where he is known as “Sensei” due to his love for sharing knowledge.
Session Info: Cracking Passwords to Make Them Strong
Existing password meters say that passwords like "Fall2021!" or "Password123!" are strong, just because they have upper case, lower case, and numbers. "Password123!" is NOT a strong password; it will get cracked in seconds. I gave 47,000 “strong” password hashes to some of the best password crackers. Although the meters said these passwords were strong, over 99% of them actually got cracked.
By understanding how password cracking actually works and reversing the tools the password crackers *actually* use, we can tell whether a password will actually be cracked, by real password crackers, including those who win the Defcon Crack Me If You Can.
I will demonstrate a new open source Python tool which tells you with over 90% accuracy whether a real password cracker would be able to crack the password you're thinking about using. This free tool tests the types of attacks that crackers conduct using tools like Hashcat or John the Ripper.
11:25-12:25 Session
1100
Title: Blackbox Containers: Container security in the Enterprise
Speaker Info: Kenny Parsons is a Security Consultant for Set Solutions with over 10 years of experience in IT and Security. His passion for security started with an early interest in hacking and social engineering. Now, Kenny advises clients on complex environments, helping them to secure their infrastructure and microservice/container architectures. He provides clients with proper design, build, and runtime best practices for a rapidly changing container and cloud-first world.
Session Info: Containers have become an integral part of modern software development, offering a lightweight and efficient way to package and deploy applications. However, as the use of containers increases, so do the security considerations. In this talk, we will explore the foundations of containers, including their common uses, differences in runtimes and orchestrators, and how they are developed. We will also delve into the operational impact of containers, highlighting the challenges and considerations for container orchestration. Finally, we will examine the security considerations for containers throughout their lifecycle, from development to deployment, and explore best practices for securing containerized applications.
1:25-2:30
Session
125
Title:
Speaker Info: Larci Robertson
Session Info:
200
2:45-3:50 Session
Title: Building a Vulnerability Management Program
Speaker Info: Jacen received his Bachelor's of Science from the University of Texas at North Texas. While studying at UNT he lead a team of students conducting research for NASA on applications of IPv6 for address assignment in space networks and interned with Goldman Sachs. After graduating, he joined GS's Tech Risk Advisory team where he oversaw the rollout of firmwide application whitelisting, the global social engineering program, and lead a team of twenty SMEs to guided\ new initiatives through appropriate approvals before going to production. After Goldman, Jacen joined PwC where he consulted F100 firms on cyber security best practices. Currently he is helping build out a new cyber department at a large manufacturing company, focusing on the creation of a new full spectrum vulnerability management program. When not at work, Jacen enjoys hikes with is corgi, tinkering with his 3D printer, and dabbling in virtual reality.
Session Info: Vulnerability Management is a key component of any corporate cyber security department. So much so that the Cyber Infrastructure Security Agency offers advice, alerts, and even external assessments for companies that are part of critical infrastructure. But how do we ensure our internal vulnerability management programs are adding value to the cyber security department? How do CISOs know their programs are reducing risk, not just meeting compliance requirements? In this talk, we will explore how to build a vulnerability management program from the ground up, evaluate a programs maturity, and build a multi-year roadmap to increase and existing program's capabilities.
bottom of page