WOPR Summit 0x01

Incidents don't have to be major to significantly alter the security posture of an organization. I will walk through how an incident happened, our reaction to it and what we would have done differently.

Over the past 10 years, the cybersecurity industry, including the OWASP community, has been all about risk management through Vulnerability Management. At Auxin Security, we not only think about the current holistic Vulnerability Management, but we also show how it wastes thousands of expensive engineering man-hours are wasted daily on useless metrics and data collection. This talk talks about how traditional top-down or bottom-up Vulnerability Management is flawed and outdated. Stop using it.

This talk presents a study that examines people’s ability and decision-making processes in detecting deepfakes. Survey respondents viewed a series of deepfake or AI generated/altered videos, images, and audios, mixed alongside a series of real media. Following their viewing of each piece of media, respondents rated their believability of it and provided factors that influenced their decision. The presentation will include a discussion of some of the possible dangers associated with the growing use and ease of creating deepfakes, examples of deepfakes that were used in the survey, and preliminary qualitative and quantitative findings from the study.

Before the Cyber Security industry, there were Hackers. Ours is a proud culture of "hey what's this thing do?" Some of us are content to stay in the shadows. Poking, prodding, learning. What about those that want a seat at the table? Especially those to whom public speaking is as natural as breathing water. Let's chat about how to speak to those who don't innately speak out language. Let's hack our way to that seat at their table.

Antennas are used by everyone, but not well understood. The basics aren't that tough. If it's not explained by Dr. R. F. Field or Mr. Mark E. Ting, then the concepts and theories are easily grasped.

This was previously accepted just offering to run this. Leo reached out and said to submit for tracking purposes.

Philadelphia’s network infrastructure is messy, clumsy, and often unseen by the general public. Wandering the streets, you may get a vague understanding of what’s going on—a manhole cover sits unassumingly on the crosswalk, or maybe a mysterious box with an antenna sits high upon a wall in a back alley, humming into the night. Under your feet and above your eye line, data is soaring by through brightly-lit fiber cable and ethereal radio transmission. The city is alive, but few may ever understand to what extent. Through this talk, we will take a look at pieces of networking infrastructure that are often hidden in plain sight and use them to understand the underlying communication networks that connect us all on a daily basis.

We play how we practice, and there's no time like the present to hit the SIEM, flex that change control, and make sure all your business units are in shape.
Join LitMoose, a global incident responder who has handled single disk to 500k+ endpoint environments in the throws of attack, to talk about things you can be doing to prep yourself and your team for surviving the IR marathon. You never know when you'll wake up and find yourself running.

Cloud Penetration testing, while still similar to traditional penetration test, can provide it own set a challenges and nuances. Understanding how to apply common offensive security techniques to cloud environments is quickly becoming a critical skill set for penetration testers. This talk will introduce attendees to a practical approach of cloud penetration testing, tools of the trade, as well best practice work flows using IAC.