RVAsec 2023 has ended
Streaming: https://mssvideo.vcu.edu/RVAsec
101 [clear filter]
Tuesday, June 13

1:00pm EDT

Everything You Never Knew You Wanted To Know About Passkeys

Passwords have long been the bane of user, IT support staff & security professional.  Compromised passwords are the leading source of account takeover and system breach, attackers are simply logging in and no longer breaking in!  Solutions in the past have always come with caveats, but with the inclusion of Passkeys into most major operating systems and platforms a true light may be at the end of the tunnel.  Join this panel to learn about the sorted history of passwords, current and developing trends with passwordless authentication, and what the best practice for Passkeys looks like!

avatar for Josh Cigna

Josh Cigna

Josh Cigna is a solutions architect at Yubico focused on supporting enterprises on the impacts of regulations, requirements, and the latest authentication technologies. He is passionate about evangelizing user focused security solutions—advising organizations that user experience... Read More →

Tuesday June 13, 2023 1:00pm - 1:50pm EDT
1st Floor, Magnolia Room

2:00pm EDT

Adversary TTP Evolution & the Value of TTP Intelligence

Awareness of the benefits of behavior-focused defense is growing, and more intelligence around adversary tactics, techniques, and procedures ("TTPs") is available now than ever. However, as major adversaries increasingly modify their TTPs, teams struggle to track and manage the rising volume of TTP intel. We’ll review recent examples of adversary TTP evolution, including ransomware and commodity loader case studies, a summary of the TTP intelligence landscape, and guidance on effective intelligence collection, processing, and application for defenders.

avatar for Scott Small

Scott Small

Director of Cyber Threat Intelligence, Tidal Cyber
Scott Small is a security & intelligence practitioner and expert in cyber threat intelligence & threat modeling, open source research & investigations, and data analysis & automation. He currently serves as Director of Cyber Threat Intelligence at Tidal Cyber. Scott has advised enterprise... Read More →

Tuesday June 13, 2023 2:00pm - 2:50pm EDT
Ballroom A/B

3:00pm EDT

Feature or a Vulnerability? Tale of an Active Directory Pentest

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).

avatar for Qasim Ijaz

Qasim Ijaz

Director of Offensive Security, Blue Bastion Security
Qasim "Q" Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas... Read More →

Tuesday June 13, 2023 3:00pm - 3:50pm EDT
Ballroom C/D

4:00pm EDT

Network 201: A Tour Through Network Security

Taking the Network 101 presentation at RVAsec 2019 a bit further, this talk will dive into network security aka technical security controls that should be considered with respect to risk management in common environment, including private/public cloud and the recent industry buzz words around ZTNA - Zero Trust Network Access.
If you have ever wondered how you might use a VRF to segment authenticated user traffic, this is a talk for you. If you are trying to cut through buzzwords that a sales guy is throwing your way about how to protect your remote workers, this is a talk for you.

avatar for Rick Lull

Rick Lull

Senior Solution Architect - Security, InterVision Systems
Lifelong geek turned security consultant after stops as a desktop tech, server bubba, and network jockey. Rick is a healthcare IT survivor, and is now playing Horatio on the bridge for hire with a national technology consulting company, advising clients on security strategy and operations... Read More →

Tuesday June 13, 2023 4:00pm - 4:50pm EDT
1st Floor, Magnolia Room
Wednesday, June 14

10:30am EDT

Shakespeare, Bacon, and the NSA

The peculiar story of the history of cryptography - featuring a code-breaking Quaker poet

avatar for Brendan O'Leary

Brendan O'Leary

Head of Community, ProjectDiscovery
Brendan O'Leary is Head of Community at ProjectDiscovery. He spends his time connecting with developers, security engineers, contributing to open source projects, and sharing his thoughts on cutting-edge technologies on conference panels, meetups, in contributed articles and on b... Read More →

Wednesday June 14, 2023 10:30am - 11:20am EDT
Ballroom C

11:30am EDT

The State of NIST/CMMC Compliance Today

Get a 2023 update on NIST security framework and CMMC compliance. Business with the government is Virginia's #1 industry. The government is sick of spending billions on projects only to find the data leaked onto the Internet. Due to this many government contracts require security compliance to the National Institute of Standards and Technology (NIST) 800-171 standard. For years businesspeople didn't take the 110 security controls seriously. Now we are seeing deals being lost to the Supplier Performance Risk System score. Ian has helped dozens of organizations implement compliance programs since 2017 in his role of vCSO.

avatar for Ian MacRae

Ian MacRae

CEO, E-N Computers
Ever since founding E-N Computers in 1997, Ian has been dedicated to helping people get the most out of their technology. Since then, he’s grown the company from a small computer repair shop into a top-tier regional managed services provider (MSP) that helps SMB and enterprise clients... Read More →

Wednesday June 14, 2023 11:30am - 12:20pm EDT
Ballroom D

1:00pm EDT

Quantum Cybersecurity

 The advent of quantum computers promises to have profound economic impact because they solve lucrative industry problems that are otherwise impossible. The dark side is the consequences to global cybersecurity and the encryption systems fundamental to almost every aspect of our digital lives, including the cyber tools needed to protect them. Although 1970s-era PKI infrastructure has served us well for decades, it provides no assurance against the threat of “harvest now, decrypt later”. The transition to post quantum cryptography standards must be accompanied by more advanced techniques to ensure durable privacy, which is now a national economic security imperative. Fortunately, new redundant hardware and software solutions eliminate the single point of attack and failure in our business critical systems. 

avatar for Denis Mandich

Denis Mandich

CTO and Co-founder of QryptFounding member of the Quantum Economic Development Consortium (QED-C)Founding member of the Mid-Atlantic Quantum Alliance (MQA)Industry Advisor to the NSF-funded Center for Quantum TechnologyAdvisor to the Quantum Startup FoundryANSI Accredited Standards... Read More →

Wednesday June 14, 2023 1:00pm - 1:50pm EDT
Ballroom A/B

2:00pm EDT

Hacking Your Job? Trying To Cheat At Life With ChatGPT

AI, it's all the buzz. We have seen marketing fraudsters at Black Hat called out. Heard sales people use every buzzword they can to try and close. So is it all smoke and mirrors? Or maybe there is pragmatic use for this upcoming technology. I have taken ChatGPT and treated it like an offensive security lab. I trialed many different approaches to using it. In this talk I will show where it can add value in a technical, business and sales role. I will also show how it can fail miserably, it's security concerns and how its influenced. Will this take your job or add to it? Find out in my talk.

avatar for David Girvin

David Girvin

Senior solutions engineer, sumo logic
Hacker, BJJ enthusiast, world traveler and surfer. I am a giant weirdo who somehow found my niche in offensive security. I have been blessed getting to build AppSec programs for companies like 1Password and Red Canary. I have an extremely diverse background and hope I can relate and... Read More →

Wednesday June 14, 2023 2:00pm - 2:50pm EDT
Ballroom C/D
Filter sessions
Apply filters to sessions.