ashar

Schedule

ShmooCon 2024 Day 1 One Track Mind

ShmooCon 2024 Day 2 BELAY IT! Track

ShmooCon 2024 Day 2 BUILD IT! Track

ShmooCon 2024 Day 2 BRING IT ON! Track

ShmooCon 2024 Day 3 BELAY IT! Track

ShmooCon 2024 Day 3 BUILD IT! Track

ShmooCon 2024 Day 3 BRING IT ON! Track

BSides es un evento anual que reúne a hackers éticos que comparten sus experiencias e investigaciones en un formato de conferencias técnicas que busca convertirse en un referente académico y de conocimiento sobre seguridad digital y ciberseguridad para la región latinoamericana.

BSides Panamá 2024 Playlist

BSides Panamá 2024 Agenda

Cathy Ullman: The Power of Active Defense

In this episode of the Phillip Wylie show, listeners are treated to an intimate conversation with cybersecurity expert Cathy Ullman. The talk traverses Ullman's storied path which veers from a unique childhood surrounded by pioneering computing to her two-decade-plus stint in university cyber security.

Along the way, Ullman offers a peek into the heart of her recent book, which urges a mindset shift in cybersecurity defense by taking cues from offensive tactics.

Ullman reflects on her early days in tech support, leading to her current specialization in digital forensics and incident response at the University of Buffalo. She discusses the value and rigorous nature of certifications such as the IAsis and the doors they've opened within her field. The conversation turns to Ullman's enlightening journey into the offensive side of cybersecurity, captured in her new book "The Active Defender." Ullman makes a compelling case for why understanding offensive strategies can fortify defense mechanisms within the cybersecurity realm.

Open Source Security Podcast Episode 417 - Linux Kernel security with Greg K-H

Josh and Kurt talk to GregKH about Linux Kernel security. We most focus on the topic of vulnerabilities in the Linux Kernel, and what being a CNA will mean for the future of Linux Kernel security vulnerabilities. The future of Linux Kernel security vulnerabilities is going to be very interesting.

Incident Response in Cases of Supply Chain Incidents - Lucas Ferreira

In today’s interconnected world, companies rely on a complex network of third-party vendors and service providers to deliver their products and services. This includes the use of Software as a Service (SaaS) applications and open-source libraries, which can provide significant benefits in terms of cost savings and scalability. However, this also introduces new risks, as attackers can target these third-party providers to gain access to a company’s systems and data. In this presentation, we will explore the topic of incident response in cases of supply chain incidents. We will discuss what supply chain attacks are and how they can occur through the compromise of SaaS applications and vulnerabilities in open-source libraries. We will also examine real-world examples of supply chain attacks seen by Cloudflare, including the January 2022 Okta compromise, a bug in interpreting IPv4-mapped IPv6 addresses, and the Log4Shell vulnerability. We will focus on how Cloudflare responded to these incidents and show lessons learned. We will also discuss how these incidents affect a company’s incident response team. Supply chain incidents can be particularly challenging for incident response teams because they often involve third-party vendors and service providers that may be outside of the company’s direct control.

ABOUT THE SPEAKER: Lucas is a highly experienced Information Security professional with a diverse professional and academic background. With over 25 years in the field, he has a wealth of experience working in various sectors, including big corporations, startups, government, and international organizations. Throughout his career, Lucas has worked across various Information Security domains, including risk assessment, network security, web and application security, cloud security, incident response, and IT and security operations. In addition to his practical expertise, Lucas has a solid academic foundation in information security and cryptography. He holds an M Sc degree and has completed all the requirements for a Ph.D. (unfinished) in cryptographic protocols. He has also published several papers in the field. Lucas is a long-standing contributor and supporter of OWASP. He served as a Project Leader, Chapter Leader on two continents, and Committee Member. Lucas led the team responsible for organizing three highly successful OWASP Global Appsec Conferences in Brazil.

BSides Lisbon 2023 videos

BSides Lisbon 2023 Schedule

BSidesLisbon is the premier technical information security conference in Portugal. It is a community organized, not for profit, conference started in 2013 and is now on its 8th edition, providing opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, workshops, and interaction from participants.

CactusCon 12 Schedule

CactusCon 12 - Track 1 - 16 videos

CactusCon 12 - Track 2 - 12 videos

CactusCon 12 - Track 3 - 13 videos

CactusCon is the largest annual hacker and security conference in Arizona. Our last event attracted 2000 attendees from throughout the entire country. Over the last eleven years our event has established itself as a top-tier security conference and has quickly become a must-attend learning and networking event.

CactusCon is evolving constantly, striving to meet the changing needs and expectations of the InfoSec community. We attract sought-after industry leaders, offer cutting-edge workshops, and provide ample opportunities for mingling and networking with people who share a passion for information security.

BSidesLisbon 2022 playlist

BSidesLisbon 2022 schedule

BSidesLisbon is the premier technical information security conference in Portugal. It is a community organized, not for profit, conference started in 2013 and is now on its 6th edition, providing opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, workshops, and interaction from participants.

FIRST Cyber Threat Intelligence Conference 2023 playlist

Program

The conference provides a gathering place for experts in the field to share knowledge, contribute ideas, and learn the latest in proactive approaches in relation to threat intelligence. The format is formal and includes management, technical, and hands-on components. Plenary content focuses on discussions that are more sensitive and related to the day-to-day work of participants. Workshops are interactive and taught by leading security experts in small workgroup settings.

While the event has evolved since its humble origins in 2016, the main goal of the gathering has stayed true: to unite diverse stakeholders and provide an open forum for the development of new ideas.

Defense in Depth podcast - Tracking Anomalous Behaviors of Legitimate Identities

The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security.

In this episode:

• Where are we in terms of monitoring anomalous behavior of our users?

• Why are we still struggling to understand what happens after threat actors are in our networks?

• How are new AI-based tools helping us to scale efforts?

• What's working and where do we need to improve?

Risky Business podcast #736 - Azure misconfigurations are 2024's looming threat

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• Somehow there are still more Ivanti and Fortinet exploits
• Volt Typhoon have been at it for years
• Starlink in Ukraine gets complicated -Canadians hate poor Flipper
• Much, much more…-

BSidesBoulder 2023 talk descriptions

BSidesBoulder 2023 playlist