RVAsec

With over 5 years of experience in the information security industry, Ali has performed a wide variety of security assessments including network penetration testing, application security assessments, full-scope red team engagements, adversarial simulation, and physical penetration testing. Prior to joining Atredis Partners, Ali performed network penetration tests as a Security Consultant on Optiv’s Attack and Penetration team.

Outside of work, Ali enjoys researching software vulnerabilities and malware techniques on Windows Systems. Ali has created open source tooling and authored blog posts focused on evasive Command and Control (C2) techniques and implant development to give back to the information security community. Ali also holds the Offensive Security Certified Professional (OSCP) certification. X (Twitter): @aahmad097

Hacking Exchange from the Outside In (<– add to your schedule)

Microsoft Exchange 2019 uses the Oracle Outside-In libraries to parse specific file types when attached to emails. This talk covers the process of discovering memory corruption vulnerabilities within the technology using AFL and Jackalope and the results of the fuzzing process. Outside-In was deprecated as a result of this research.

Come see Ali Ahmad at RVAsec 13!

Ell Marquez is a proud Hacking Is Not and Crime and Operation Safe escape advocate. She has traveled the world for five years, educating security practitioners on subjects from on-prem infrastructure to the cloud and everything in between. As part of her journey in 2023, Ell transitioned to Neuvik, focusing on researching and training organizations to strengthen their defenses against the latest cyber threats.

I’ve traveled the world educating security practitioners on subjects from on-prem infrastructure to the cloud and everything in between. X (Twitter): @ell_o_punk

Once Upon a Cyber Threat: The Brothers Grimms Teachings on APT Awareness (<– add to your schedule)

Two hundred years ago, the first volume of fairy tales was published by the Brothers Grimm, introducing to the world a realm of magic, dark forests, and powerful villains to haunt everyone’s dreams.

We never imagined this realm would exist in the digital age. “”Once Upon A Cyber Threat”” delves into the realm of advanced persistent Threat Groups (APTs), drawing parallels between the world of poisoned apples, breadcrumb trails, and magic mirrors and today’s modern cyber threats. Serving not a tale of caution but a call to action and a lesson in storytelling, creating an outline that can help every security professional impart the caution, wisdom, and resilience we need to become the narrators that transformed Brother Grimm’s tales into the happy ever after stories we know today.

Come see Ell Marquez at RVAsec 13!

Corey has been engaged with Fortune 500 organizations across a variety of industries, including financial services, government services, and healthcare and is widely recognized for his in-depth OSINT talks and workshops. Additionally, he is a Black Hat trainer and has spoken at conferences such as Wild West Hackin’ Fest, Texas Cyber Summit, and CarolinaCon. He has over five years of systems administration and extensive VMWare administration experience. Corey was a member of the SECCDC Red Team and is one of the top Red Team Operators at Red Siege. X (Twitter): @retronaut7

That Shouldn’t Have Worked – Payload Development 101 (<– add to your schedule)

The game of bypassing defenses and detection continues to be a cat and mouse game. Attackers often find clever ways to use common tools and techniques to execute their code and the defenders continue to create detections and mitigations for these methods. As a red teamer, it is becoming increasingly difficult to get around these defenses and emulate those attackers. In this talk, I will cover some of the methods we use during engagements to thread the needle and bypass those defenses.

Come see Corey Overstreet at RVAsec 13!