Phillip Wylie is the Senior Red Team Lead for a global consumer products company, Adjunct Instructor at Richland College, and The Pwn School Project founder. Phillip has over 22 years of experience with the last 8 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project a monthly educational meetup focusing on cybersecurity and ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Richland College in Dallas, TX. Phillip is a co-host for The Uncommon Journey podcast. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.
Pentesting or ethical hacking as it is more commonly known has become a much sought-after job by people in IT, InfoSec, or those just trying to get into the industry. In this presentation, Phillip Wylie shares the blueprint for becoming a pentester. The presentation combines Phillip’s experience as a pentester and ethical hacking instructor to give attendees a guide on how to pursue a career as a pentester. Phillip shares what has worked for his students and people that he has mentored over his years as a pentester. This presentation covers the knowledge and skills needed to become a pentester as well as the steps to achieve them.
Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself. She is a Chapter Leader for Women of Security (WoSEC), Advisory Board member for Blue Team Con in Chicago, and her security career journey was recently featured in Cybercrime Magazine.
"It may be hard to believe, but it’s been over a decade since DevOps was introduced. It wasn’t long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep security shut out of the DevOps Pipeline. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share indicators that organizations are still failing to mature their processes in order to achieve the ideal shared responsibility culture. Through her analysis, Alyssa identifies tangible, practical actions that security practitioners can take to successfully enable security practices within the pipeline. Alyssa will demonstrate what steps can be taken to create accountability between Development, Security, and Operations disciplines. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be extended to include the broader business. "
Nitin Pandey is a Cyber Security Practitioner, Learner, Penetration Tester, Researcher, Trainer, Blogger; working in Cyber Security domain since 2007. His expertise is widely recognized in India and abroad, which is reflected in deliverables of numerous workshops, seminars, talks and trainings among a variety of different audiences including colleges, schools, companies, industry meets, national & international conferences.
In his talk he will discuss about Cyber threats, challenges, Data Privacy, Online harassment, Bullying, Cyber Stalking, Emerged cyber crimes and scams in this Covid-19 pandemic, Women Safety & the actuall ground reality of it with various case studies.
Chenny Ren is a senior consultant of Deloitte's enterprise risk consulting department. She has many years of experience in red team penetration test and information security and information technology risk consulting. Certifications and Affiliations : OSCP, OSWP, Splunk Fundamental1 Certificate, Splunk Infrastructure Certificate, Splunk UBA Certificate
As a defender for organization, it’s critical to consider adversary emulation at both technical and behavioral levels to ensure highly effective post-compromise resilience. In this presentation, I'll introduce the key concepts of adversary emulation, and the ingredients for automated adversary emulation (tools, logics, Mitre-Attack Framework and cyber kill chain)
Mr. Sankarraj Subramanian is a renowned international speaker, cybersecurity consultant & certified ethical hacker (CEH) with 15 years of experience in the cybersecurity field. He has delivered international sessions in 45 countries and is also involved in solving critical cybercrime issues for various government law enforcement agencies including ATM frauds, malware analysis, network forensics, web security architecture and assisting government law enforcement officers in helping to solve cybercrimes or find forensic evidence of other kinds of cybercrime.
One of the primary jobs of Security Professionals is to assess security risks through offensive strategies like Vulnerability Assessment and Penetration Testing (VAPT) which aims at identifying, mitigating, and patching these security risks. This includes the use of various automated tools and manual testing methodologies to come up with a Risk Assessment. Automated VAPT methodologies can help us in saving the time when we have a lot of fuzzing to do with numerous payloads. But considering the size of the target server or application to be huge, we cant always rely on automated tools and the report generated in it. Manual VAPT can be more effective in Testing for Business Logic vulnerabilities, CSRF(Cross-Site Request Forgery) & for identifying false positives with automated methodologies its mandatory for a human to intervene and to exploit & loop the vulnerability. It also enhances the skill set of the security professionals and it gives an opportunity for the security professionals to think from attacker perspective. When its critical infrastructure which is taken into account, Manual VAPT can prove to be one of the most effective strategies to follow. This talk will emphasize more on Manual VAPT approaches and what challenges security professionals face and how to make it more effective to identify the flaws with target infrastructure.
Umair Nehri is a student currently pursuing his bachelor's degree in computer applications.He has worked in areas such as web application security and malware. analysis.He has been recognized by the government of Brazil, Netherlands, Department of Defense and the United Nations for finding flaws in their websites.
The Evilnum malware , which was detected in the wild in 2018 has been involved in a wide range of attacks against Fintech (Financial Technology) companies mostly located in the EU countries and the UK .The malware is linked with the advanced persistent threat (APT) group known as Evilnum. The malware is not just focusing on stealing sensitive credentials but the financial information of these companies and their customers as well. In this talk we would be talking about the way of delivery of this malware , analysing a random sample and drawing up some conclusions at the end.
Hi! I’m Atul Singh (kunwaratulhax0r). I’m a Pentester, Public Speaker, Part time Bug Hunter, CTF Player, Trainer, Blogger and Cyber Security Enthusiast. Love Knowing What’s Going on in Infosec Domain including Offensive and Defensive. I’m currently working on Web/Mobile Appsec, Android Things, Cloud Security and DevSecOps.
What exactly is a security champion? According to the Open Web Application Security Project (OWASP), they are active members of non-security teams that may help to make decisions about when to engage the security team.
Priyanshu Ratnakar is an Indian entrepreneur Founder, Director of Protocol X. He is also a cybersecurity practitioner and a bug bounty hunter. Priyanshu was named in Your-story's Top 5 Youngest Entrepreneurs of India 2020.
In my talk i.e., Cyber Security and The Rise of Startups. Where I'll talk about how startups can build tools and software to help other organizations, law enforcement agencies, and for people/public safety and awareness. I'll show some data and research, case study, the role of the individual developers, tools they can make with some examples, and some more interesting sub-topics related to startups. How they can start their entrepreneurship journey in the cyber domain.
Being a bug hunter myself, I have seen myself & other making mistakes while collecting intel for further hunt.
In this talk, I want to share my reconnaissance methodologies, tips, & roadmap that focus on how & which tool & utility can be used for gaining substancial & relevant information when doing bug hunting.
Recon for Hunters
Bypassing Scrape detection using Python