Author: rvasadmin

RVAsec 14 Speaker Feature: Philippe Caturegli

Philippe Caturegli has over 25 years of experience in building, defending, and attacking across all areas of Information Security. He’s been performing penetration tests since the early 2000s, gaining deep expertise across diverse security landscapes. In 2012, he founded Seralys, a boutique cybersecurity company specializing in high value add penetration testing engagements, serving clients in both Europe and North America. Before Seralys, Philippe was a Senior Manager at a Big 4 firm in Luxembourg, where he led Security & Privacy engagements, primarily with financial institutions. Earlier in his career, he held several roles within the information system security department of a global pharmaceutical company in London, managing a heterogeneous network of over 100,000 users under strict regulatory requirements.

X (Twitter): @_titon_


Internal Domain Name Collision 2.0 (<– add to your schedule)

The proliferation of new Top-Level Domains (TLDs) has sparked security concerns primarily around phishing and social engineering attacks. However, the emergence of these new TLDs has broadened the attack surface, making it easier for threat actors to exploit other domain-related vulnerabilities. Our research explored another critical but often overlooked vulnerability: Internal Domain Name Collision. During our research, we examined how legacy systems configured before the TLD boom can become susceptible to these collisions, potentially allowing threat actors to redirect or intercept sensitive internal traffic. This vulnerability can have a ripple effect, impacting even newly installed systems that rely on configurations from those legacy systems (e.g. DHCP, DNS Suffix, etc.). This presentation will showcase our methodology for identifying vulnerable domains and present real-world examples of high-value targets at risk, including a major European city, a US Police Department, and critical infrastructure companies.

Come see Philippe Caturegli at RVAsec 13!


RVAsec 14 Speaker Feature: Qasim Ijaz

Qasim Ijaz is the Director of Cybersecurity at a leading healthcare organization, overseeing detection, incident response, vulnerability management, purple teaming, and cybersecurity engineering. With a strong background in offensive security and risk management, he has helped organizations strengthen their defenses against evolving threats. Passionate about bridging the gap between cybersecurity and business, Qasim specializes in offensive security and cybersecurity strategy. He is also a dedicated educator, mentoring professionals and sharing his expertise at conferences such as BSides and Black Hat. Committed to advancing cybersecurity in healthcare, he drives innovation in proactive defense and risk management.

X (Twitter): @hashtaginfosec


What the Scope? Sh** my Consultant | Client Says (<– add to your schedule)

Scoping a penetration test shouldn’t feel like negotiating a hostage situation—but here we are. In this engaging, no-holds-barred session, two seasoned cybersecurity professionals take the stage in a hilarious and painfully relatable discussion, showcasing the absurd, frustrating, and all-too-common conversations between consultants and clients.

Expect real stories, plenty of laughs, and insights that will make you rethink how you approach penetration testing and security assessments. Whether you’re a consultant, security leader, or someone who’s just tired of hearing “We don’t need a pentest”, this talk is for you.

Come see Qasim Ijaz at RVAsec 13!


Dragnet Secure – RVAsec 14 Gold Sponsor

RVAsec is pleased to present Dragnet Secure as an RVAsec ’25 Gold sponsor!

Dragnet is defense grade cybersecurity and compliance for all. Dragnet provides CMMC Assessments and Program Management services.

Dragnet Secure
X (Twitter):

RVAsec 14 tickets are available now!


RVAsec 14 Speaker Feature: Christina Johns

Christina Johns is a Principal Malware Analyst at Red Canary with 15 years experience. Prior to becoming a malware analyst she worked in a variety of areas including web application assessment, android forensics, and incident response. Her research interests lie at the intersection of automating binary analysis and malware reverse engineering. She is the author of OpenSecurityTraining2’s Introductory IDA Debugging class. She has taught multiple intro to CTF workshops, volunteers with Women’s Cyberjutsu, and enjoys participating in CTFs to build her skills and help others do the same.


Look Ma, No IDA! Malware Analysis Without Reverse Engineering (<– add to your schedule)

Do you think malware analysis is out of your reach because assembly code looks like reading the matrix? Fear not, this talk will convince you that learning assembly code is not the best place to start your malware analysis journey. For starters, the modern malware landscape is diverse and malicious code isn’t always compiled into assembly. Not every use case for malware analysis requires a deep dive and there are many great tools and services that provide information about a malware sample you can build your analysis on.

If you work as an incident responder, detection engineer, threat hunter, or intel analyst, you probably already do some malware analysis but don’t realize it. And if you don’t but would like to, this talk will discuss the tools and knowledge you should focus on first before embarking on groking the intel x86 manual.

Come see Christina Johns at RVAsec 13!


RVAsec 14 Speaker Feature: Paul Asadoorian

Paul Asadoorian is currently a Principal Security Researcher for Eclypsium, focused on firmware and supply chain security. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. In 2005, Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. Paul grew Security Weekly into a network of security podcasts spanning multiple topics, such as application security and business. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, and hosts Eclypsium’s Below The Surface podcast. He enjoys coding in Python, hacking around on ESP32, and telling everyone he uses Linux as his daily driver desktop OS.

X (Twitter): @securityweekly


The Security Professional’s Guide To The Linux Desktop (<– add to your schedule)

Want to learn how running Linux as your desktop OS can make your life BETTER? This talk is for you! Every year the Linux nerds say, “This will be the year of the Linux desktop!”. If we put Android and ChromeOS aside for a moment, there has never been such a year. However, I switched to Linux on my laptops in 2016 and fully converted all my desktops in 2019. I’m never looking back. Many of you reading this are already thinking/voicing your opinions. I’ve heard for so many years, “I don’t want to run Linux as my desktop because [blank]”. This talk will dispel the myths and hopefully getting you on team Linux desktop! If you are open-minded about Linux as a desktop, haven’t tried it in a while, worried about Windows 10 going end-of-support in 2025, and want to learn about the benefits of the Linux desktop, this talk is for you. Maybe you even use Linux as your desktop OS and just want some tips and tricks; this is the talk for you. If you’ve already decided that Windows or MacOS is perfectly fine and Linux is just annoying, this talk may not be for you.

Come see Paul Asadoorian at RVAsec 13!


RVAsec 14 After Party — Hacker Trivia Showdown — Register Now!

RVAsec 14 isn’t just about top-tier cybersecurity content—it’s also about community, camaraderie, and a damn good time. This year, we’re leveling up the After Party with a night of brain-bending fun, cold drinks, amazing food, and a nod to one of the most legendary DEF CON traditions: Hacker Jeopardy (but our PG-13 version—no alcohol-fueled chaos here, sorry, but you really never know).

The RVAsec 14 after party, brought to you by RVAsec (still looking for a sponsor to make it even more epic!), will be at in the main ballroom on Tuesday, June 3rd right after Day 1 ends!

  • 5:00pm to 9pm: Food/Beverage/Music
  • 5:30ish: Finalize teams!
  • 5:30 – 6:00ish: Let the Hacker Trivia Showdown begin!
  • 8:30ish: Prizes and Food/Beverage/Music continues!

THE GAME:

Hacker Trivia Showdown is our RVAsec-style take on Hacker Jeopardy—think infosec knowledge, tech culture references, pop trivia, and plenty of snark. We’ll be forming teams, keeping the energy high, and giving away prizes that might be cooler than the coveted RVAsec Bags of Sh*t or our yearly STFU signs!

Don’t worry if you’ve never been to DEF CON—this is your chance to get a taste of the fun (without the 12AM timeslot or the Vegas dehydration).

HOW IT MIGHT WORK (we are still working on details):

  • We aim to have 3 teams of 3 members. You can sign up solo or with a crew—we’ll try to match you up if needed.
  • We will have two rounds, with each round lasting 40 to 60 minutes.
  • Audience members won’t just sit back—we’ll have bonus rounds, shout-out prizes, and ways to jump in throughout the night.

PLUS:

  • Music and DJ vibes to kick off and wrap up the night
  • Delicious drinks and amazing food served up before and after trivia
  • Swag, surprises, and bragging rights for days
  • We have a seasoned guest host we will be revealing soon!

Get ready to test your skills, rep your team, and maybe even outsmart your friends. This is one RVAsec party you won’t want to miss.

This is an exclusive event, so you must be registered to attend or you will not be allowed entrance–no exceptions!

Important Notes:

  • You must use the same email you used to register for RVAsec.
  • Each attendee must have their own name listed (duplicates will be deleted).
  • If you are not registered for RVAsec, your ticket will be deleted. 
  • Age Restriction: You must be 21 and over to drink alcohol. Non-alcoholic beverages will be available.

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!

Register For The After Party Now!

(https://www.eventbrite.com/e/1338099966019)

If you haven’t bought a ticket for the RVAsec conference yet, now is the time…. click this link, you know you want to!

Or if you know better, don’t click that link, copy and paste this (https://www.eventbrite.com/e/rvasec-13-security-conference-tickets-776407274057) in and get that ticket!


Ox Security – RVAsec 14 Gold Sponsor

RVAsec is pleased to present Ox Security as an RVAsec ’25 Gold sponsor!

Scale your AppSec with continuous scanning and analysis of software vulnerabilities — OX’s Application Security.

Ox Security
X (Twitter): @OX__Security

RVAsec 14 tickets are available now!


RVAsec 14 Speaker Feature: Nicholas Popovich

Nick Popovich’s passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. His career has focused on adversarial threat simulation, offensive and defensive security, and advanced technical security assessments. He is a hacker. He is also a veteran of the U.S. Army Signal Corps, and has worked in the public and private sectors, performing advanced cyber security assessments. Nick currently runs Rotas Security, an offensive cybersecurity services company specializing in penetration testing and adversary emulation. He’s a lifelong learner and loves finding new ways to get under the hood of systems and networks. He is a father of three and a husband to one.

X (Twitter): @pipefish_


Attacking & Defending ServiceNow: A Hands-on Lab for Red & Blue Teams (<– add to your schedule)

ServiceNow is a critical enterprise platform, often integrated with sensitive systems and privileged access. This talk explores how attackers can exploit misconfigurations and privilege escalation paths within ServiceNow to gain a foothold in an environment. We’ll walk through real-world attack techniques, from initial access to lateral movement, and demonstrate how defenders can detect and mitigate these threats.

In addition to offensive tradecraft, we’ll cover how to set up a dedicated lab to safely test these attack vectors, fine-tune detections, and improve defensive strategies. Whether you’re a red teamer looking to sharpen your tactics or a blue teamer aiming to strengthen your defenses, this talk will provide actionable insights and practical steps for securing ServiceNow.

Come see Nicholas Popovich at RVAsec 13!


Corelight – RVAsec 14 CTF Sponsor

RVAsec is pleased to present Corelight as the RVAsec ’25 Capture the Flag (CTF) sponsor!

Disrupt future attacks with complete network visibility, next-level analytics, faster investigations, and expert threat hunting.

Corelight
X (Twitter): @corelight_inc

RVAsec 14 tickets are available now!


Check Point – RVAsec 14 Gold Sponsor

RVAsec is pleased to present Check Point as an RVAsec ’25 Gold sponsor!

Check Point Software Technologies Ltd. is a leading provider of cyber security solutions to corporate enterprises and governments globally.

Check Point
X (Twitter): @checkpointsw

RVAsec 14 tickets are available now!