Andrew Hendela

• Video: RVAsec 2023: Andrew Hendela – Software Bills of Behaviors: Why SBOMs aren’t enough
• Slides: https://rvasec.com/slides/2023/Hendela_Andrew-SBOM_rvasec_12.pdf
• Twitter: @zelkathak

Most software supply chain-related tools fall into a few categories: SBOM generation, vulnerability analysis, build policies, and source-code analysis. These do not address the problem exemplified by the SolarWinds supply-chain malware insertion attack. Software Bills of Behaviors provide an understanding of what the software is doing and how it has changed providing a defense against Solarwinds-style attacks.

About Andrew – Andrew has over a decade of cybersecurity experience leading teams tackling hard challenges. His technical expertise involves automating a wide range of problems, including cyber attribution, malware analysis, and vulnerability research.

Drew Schmitt

• Video: RVAsec 2023: Drew Schmitt – Ransomware Rebranding … So Hot Right Now!
• Slides: https://rvasec.com/slides/2023/Schmitt_Drew-Ransomware_Rebranding.pdf
• Twitter: @5ynax

Ransomware rebranding is becoming a common technique that ransomware groups are leveraging to obfuscate their operations and remain under the radar. From high-profile groups like Evil Corp to groups like AlphV and Blackbyte, the rebranding process has provided viable solution for extending operational capabilities after high profile attacks. This talk will examine rebranding trends since 2020 and provide a thorough review of the impacts ransomware rebranding has had on the operational capacity of multiple ransomware groups. Lastly, this talk will analyze methods that threat intelligence analysts can utilize to compare traits and behaviors between ransomware groups to determine if the group is a likely rebrand or a new group altogether.

About Drew – Drew Schmitt is the GuidePoint Research and Intelligence Team Lead Analyst and is responsible for coordinating threat research, malware analysis, and operationalized intelligence teams. Drew is especially fond of malware research and reverse engineering. When not neck deep in malware, he loves to create new and open-source tools and improve his techniques and capabilities. Drew is also an avid teacher and mentor, and really enjoys helping other people realize their love of malware, threat intelligence, and–above all–making threat actors’ lives harder. In past lives, Drew spent time as an incident responder, threat hunter, and IT administrator.

Brendan O’Leary

• Video: RVAsec 2023: Brendan O’Leary – Shakespeare, Bacon, and the NSA
• Slides: https://rvasec.com/slides/2023/Oleary_Brendan-Shakespeare_Bacon_and_the_NSA.pdf
• Twitter: @olearycrew

The peculiar story of the history of cryptography – featuring a code-breaking Quaker poet

About Brendan – Brendan O’Leary is Head of Community at ProjectDiscovery. He spends his time connecting with developers, security engineers, contributing to open source projects, and sharing his thoughts on cutting-edge technologies on conference panels, meetups, in contributed articles and on blogs.

Aliscia Andrews

• Video: RVAsec 2023: Aliscia Andrews – Cyber, the Commonwealth and You
• Slides:
• Twitter: @alisciaandrews

Discussion on the importance of a whole of government approach to cyber.

About Aliscia – Aliscia Andrews started her Homeland Security career more than 15 years ago while serving as an Intelligence Analyst and Weapons and Tactics Instructor for the United States Marine Corps. After the Marine Corps, Mrs. Andrews completed her MBA and Cybersecurity Management Certificate from Georgetown University.

After her time in the Marine Corps, Mrs. Andrews, continued honing in her analytical tradecraft in both the public and private sector. Her work portfolio has focused primarily on finding complex solutions to challenging Government problems as a strategic management, analytic, and cyber policy advisor in support of multiple government agencies both in and out of the Intelligence Community.

Today Mrs. Andrews is proud to be the Deputy Secretary of Homeland Security for the Commonwealth of Virginia. She continues to serve her community as a member and volunteer on multiple PTOs, disadvantaged children’s groups, church ministry groups, youth sports leagues, and mentors transitioning Veterans. Deputy Secretary Andrews resides in Aldie, Virginia with her Husband and three children.

Fletcher Davis

• Video: RVAsec 2023: Fletcher Davis – Context Matters: Tailoring Tradecraft to the Operational Environment
• Slides: https://rvasec.com/slides/2023/Davis_Fletcher-Context_Matters_Tailoring_Tradecraft_to_the_Operational_Environment.pdf
• Twitter: @gymR4T

With the advancements in defensive capabilities, from endpoint protection to user behavior analytics, operating within mature environments has become more difficult than ever. However, with each of these capabilities comes constraints that Red Teamers can abuse to shift the operational asymmetries and increase their strategic advantage. This talk will discuss how Red Teamers can shift their current operational mental models to abuse these constraints to blend-in more naturally within environments as they seek to complete target objectives.

About Fletcher – Fletcher is currently a Senior Red Team Consultant at CrowdStrike, specializing in Adversary Simulation operations and Offensive Security research.

David Girvin

• Video: RVAsec 2023: David Girvin – Hacking your Job? Trying to cheat at life with ChatGPT
• Slides: https://rvasec.com/slides/2023/Girvin_David-HackGPT.pdf

AI, it’s all the buzz. We have seen marketing fraudsters at Black Hat called out. Heard sales people use every buzzword they can to try and close. So is it all smoke and mirrors? Or maybe there is pragmatic use for this upcoming technology. I have taken ChatGPT and treated it like an offensive security lab. I trialed many different approaches to using it. In this talk I will show where it can add value in a technical, business and sales role. I will also show how it can fail miserably, it’s security concerns and how its influenced. Will this take your job or add to it? Find out in my talk.

About David – Hacker, BJJ enthusiast, world traveler and surfer. I am a giant weirdo who somehow found my niche in offensive security. I have been blessed getting to build AppSec programs for companies like 1Password and Red Canary. I have an extremely diverse background and hope I can relate and or add value to everyones experience,

Josh Cigna

• Video: RVAsec 2023: Josh Cigna – Everything you never knew you wanted to know about Passkeys
• Slides: https://rvasec.com/slides/2023/Cigna_Josh-Everything_You_Never_Knew_You_Wanted_to_Know_About_Passkeys.pdf
• Twitter: @Sporksan

Passwords have long been the bane of user, IT support staff & security professional. Compromised passwords are the leading source of account takeover and system breach, attackers are simply logging in and no longer breaking in! Solutions in the past have always come with caveats, but with the inclusion of Passkeys into most major operating systems and platforms a true light may be at the end of the tunnel. Join this panel to learn about the sorted history of passwords, current and developing trends with passwordless authentication, and what the best practice for Passkeys looks like!

About Josh – Josh Cigna is a solutions architect at Yubico focused on supporting enterprises on the impacts of regulations, requirements, and the latest authentication technologies. He is passionate about evangelizing user focused security solutions—advising organizations that user experience should be a key consideration alongside risk mitigation and meeting compliance mandates. Joshua’s experience includes the definition, design and implementation of IAM processes and programs. Prior to Yubico, he held technical positions at Thomson Reuters and Capital One and holds a CISSP certification.

Denis Mandich

• Video: RVAsec 2023: Denis Mandich – Quantum Cybersecurity
• Slides: https://rvasec.com/slides/2023/Mandich_Denis-Quantum_Impact.pdf

The advent of quantum computers promises to have profound economic impact because they solve lucrative industry problems that are otherwise impossible. The dark side is the consequences to global cybersecurity and the encryption systems fundamental to almost every aspect of our digital lives, including the cyber tools needed to protect them. Although 1970s-era PKI infrastructure has served us well for decades, it provides no assurance against the threat of “harvest now, decrypt later”. The transition to post quantum cryptography standards must be accompanied by more advanced techniques to ensure durable privacy, which is now a national economic security imperative. Fortunately, new redundant hardware and software solutions eliminate the single point of attack and failure in our business critical systems.

About Denis- CTO and Co-founder of Qrypt
Founding member of the Quantum Economic Development Consortium (QED-C)
Founding member of the Mid-Atlantic Quantum Alliance (MQA)
ANSI Accredited Standards Committee X9
ITU Telecommunications Standardization Sector (ITU-T)
Forbes Technology Council
Quside board member
20-year USIC veteran
Physicist

Qasim Ijaz

• Video: RVAsec 2023: Qasim Ijaz – Feature or a Vulnerability? Tale of an Active Directory Pentest
• Slides: https://rvasec.com/slides/2023/Ijaz_Qasim-Feature-or-Vulnerability_rvasec_12.pdf
• Twitter: @hashtaginfosec

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).

About Qasim – Qasim “”Q”” Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “”dry”” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.

Andrew Skatoff

• Video: RVAsec 2023: Andrew Skatoff – Maturing your Threat Hunting Operations
• Slides: https://rvasec.com/slides/2023/Skatoff_Andrew-Maturing-Hunt-Ops.pdf
• Twitter: @dfir_tnt

This talk will present a roadmap for designing a mature threat hunting service. A maturity model will be shared, along with prerequisites and incremental steps along the way.

Having built the Threat Hunting service at the Federal Reserve, I will share our journey, recommend approaches and resources, and provide a path for listeners to follow to do the same.

About Andrew – Andrew has been securing and protecting critical infrastructure networks since 2002.

Raised by a Topgun Marine fighter pilot and a middle school special education teacher, Andrew was always driven to find meaningful work, solve interesting problems and help others do the same in an effort to make the world a better and safer place.

His love for computers started in college and after spending several years providing tech support in the energy and financial sectors, he achieved his MCSE certification. This led to his first information security job supporting a migration to active directory. Andrew then went on to champion, design and implement an automated compliance and vulnerability management program.

Andrew has been developing and leading incident response, malware analysis, threat hunting and digital forensics services for the past 18 years in critical infrastructure financial organizations.

He currently holds GREM, GCFA, GDAT, GNFA and CISSP certifications and serves as an Cybersecurity Senior Manager at a large financial organization.