RVAsec 2025 Video: Caleb Crable
Staff Security Engineer – Red Team – Bill.com LLC

Title: SPF Shadowing: Give old services a chance to shine
In a world where Sender Policy Framework is meant to provide a first or second line of defense against impersonation and phishing, we instead find ourselves barely paying attention to it. Even after the MailChannels vulnerability was disclosed and thousands of companies found they could be impersonated via email through a service they paid thousands of dollars for, word really didn’t spread like it should have. Many domains are set and forget, from personal domains to fortune 500s, and I am going to take you on a journey where we use the forgotten for fun and profit.

• Youtube: https://youtu.be/dKw8xAb3mzk

RVAsec 2025 Video: Nick Copi
AppSec Engineer – CarMax

Title: Following The JSON Path: A Road Paved in RCE
Dive into researching JavaScript implementations of JSON path libraries, breaking out of JavaScript sandboxes, achieving code execution, and examining the blast radius of impacted components. This talk covers both the research process for the discovery of these novel vulnerabilities and footguns, as well as the process for identifying the blast radius, weaponizing the vulnerabilities against actual targets, and engaging impacted stakeholders. Join me to hear a harrowing tale of remote code execution in several widely used products, CVE assignments, and critical bounty payouts.

• Youtube: https://youtu.be/yJ8u94yiaMQ
• Slides: https://rvasec.com/slides/2025/Copi_Following_the_JSON_Path.pdf

RVAsec 2025 Video: Philippe Caturegli
Chief Hacking Officer – Seralys

Title: Internal Domain Name Collision 2.0
The proliferation of new Top-Level Domains (TLDs) has sparked security concerns primarily around phishing and social engineering attacks. However, the emergence of these new TLDs has broadened the attack surface, making it easier for threat actors to exploit other domain-related vulnerabilities. Our research explored another critical but often overlooked vulnerability: Internal Domain Name Collision. During our research, we examined how legacy systems configured before the TLD boom can become susceptible to these collisions, potentially allowing threat actors to redirect or intercept sensitive internal traffic. This vulnerability can have a ripple effect, impacting even newly installed systems that rely on configurations from those legacy systems (e.g. DHCP, DNS Suffix, etc.). This presentation will showcase our methodology for identifying vulnerable domains and present real-world examples of high-value targets at risk, including a major European city, a US Police Department, and critical infrastructure companies.

• Youtube: https://youtu.be/Gac_3qMk_Zw
• Slides: https://rvasec.com/slides/2025/Caturegli_Internal_Domain_Name_Collision_2.0.pdf

RVAsec 2025 Video: Andrew Case
Director of Research – Volexity

Title: Using Volatility 3 to Combat Modern Malware
Volatility 3 is the latest version of the Volatility Memory Analysis framework, which has been the most widely used open-source framework for memory forensics since its creation in 2007. This new version of the framework is a complete rewrite starting from the first line of code. In this presentation, attendees will learn about Volatility 3’s new features while also seeing how many brand-new plugins can be used to detect a wide range of sophisticated, modern malware. This will include detection of the techniques currently deployed by ransomware and APT groups to evade EDR detection, inject code in a stealthy manner, and perform lateral movement. Examples of the covered techniques will include process hollowing, module unhooking, and privilege escalation. Attendees will leave understanding how to detect modern malware and attacker toolkits along with how to integrate Volatility 3 and its new features into detection workflows suitable for production use.

• Youtube: https://youtu.be/qkAQzGNhn0U
• Slides: https://rvasec.com/slides/2025/Case_%20Volatility.pptx

RVAsec 2025 Video: Paul Asadoorian
Principal Security Researcher – Eclypsium

Title: The Security Professional’s Guide To The Linux Desktop
Want to learn how running Linux as your desktop OS can make your life BETTER? This talk is for you! Every year the Linux nerds say, “This will be the year of the Linux desktop!”. If we put Android and ChromeOS aside for a moment, there has never been such a year. However, I switched to Linux on my laptops in 2016 and fully converted all my desktops in 2019. I’m never looking back. Many of you reading this are already thinking/voicing your opinions. I’ve heard for so many years, “I don’t want to run Linux as my desktop because [blank]”. This talk will dispel the myths and hopefully getting you on team Linux desktop! If you are open-minded about Linux as a desktop, haven’t tried it in a while, worried about Windows 10 going end-of-support in 2025, and want to learn about the benefits of the Linux desktop, this talk is for you. Maybe you even use Linux as your desktop OS and just want some tips and tricks; this is the talk for you. If you’ve already decided that Windows or MacOS is perfectly fine and Linux is just annoying, this talk may not be for you.

• Youtube: https://youtu.be/tAVuqGsG0-c

RVAsec 2025 Video: Travis Altman
Cybersecurity Leader

Title: Running a proper Purple Team
Some folks within cybersecurity have probably heard the concept of purple teaming but what is it like to actually execute or leverage this type of service? What value does it provide? Where should it exist within the organization? What other challenges might you face when performing purple teaming?

This talk will dive into details on how to go from the concept or infancy of purple teaming to executing at a higher level of maturity and everything in between. I’ll walk thru specific examples of purple team exercises then debrief outcomes and values of those engagements. I’ll also walk thru variations of purple teaming (e.g., simulation vs emulation) and describe when a certain variation might be appropriate and when. Last but not least I’ll explain how to perform purple teaming in various environments (e.g., endpoint, cloud, network) and considerations for operating in those conditions.

• Youtube: https://youtu.be/9q0D87_zqps
• Slides: https://rvasec.com/slides/2025/Altman_RUNNING_A_PROPER_PURPLE_TEAM.pptm

RVAsec 2025 Video: Stacy Aitken
Security Program Manager – Dragnet

Title: The Importance of an Incident Response Plan
An incident response plan (IRP) is a necessity. It can reduce damage, improve recovery time, reduce costs, comply with regulation, preserve evidence, and improve preparedness.

• Youtube: https://youtu.be/SLmo7DuH6vU
• Slides: https://rvasec.com/slides/2025/Aitken_Importance_of_an_Incident_Response_Plan.pdf

RVAsec 2025 Video: Bruce Potter
CEO and Founder – Turngate

Title: Keynote
Bio: Bruce Potter has been doing cybersecurity for 30 years, which makes him kind of old. Bruce is currently the CEO and founder of Turngate, a SaaS audit log analysis company. Prior to that Bruce served as CISO at several companies including Clear Street, Expel, and the KeyW Corporation.

Bruce is the founder of The Shmoo Group and assisted with running ShmooCon, a cybersecurity conference that ran for the last 20 years in Washington DC. Bruce has done DARPA research, led red teams, broken large networks (in good and bad ways), and even helped bring Internet service to remote parts of Alaska in the mid-90’s.

• Youtube: https://youtu.be/KYGCTwJ-tCM

RVAsec 2025 Video: Mike Bailey
– Rotas Security

Title: Attacking & Defending ServiceNow: A Hands-on Lab for Red & Blue Teams
ServiceNow is a critical enterprise platform, often integrated with sensitive systems and privileged access. This talk explores how attackers can exploit misconfigurations and privilege escalation paths within ServiceNow to gain a foothold in an environment. We’ll walk through real-world attack techniques, from initial access to lateral movement, and demonstrate how defenders can detect and mitigate these threats.

In addition to offensive tradecraft, we’ll cover how to set up a dedicated lab to safely test these attack vectors, fine-tune detections, and improve defensive strategies. Whether you’re a red teamer looking to sharpen your tactics or a blue teamer aiming to strengthen your defenses, this talk will provide actionable insights and practical steps for securing ServiceNow.

• Youtube: https://youtu.be/LxwyQV8sIdA
• Slides: https://rvasec.com/slides/2025/Popovich_Bailey_Attacking_and_Defending_ServiceNow.pptx