Morgan Stuart is an independent consultant who helps teams identify and implement data science solutions. However, unsatisfied with the ivy walls of the tech oligarchy, he also researches and experiments with today’s latest AI trends for issues related to offline use, trust, and data privacy. A long time tinkerer and hacker, Morgan’s prior education includes working on the RVAsec badge for several years (I can’t be bothered to count). He also earned a PhD in computer science from VCU and has worked in both the enterprise and mission-driven non-profits.

Large Language Models for Hackers (<– add to your schedule)

Wield your own AI agents, for fun and profit, with open-weight Large Language Models. In this talk, the audience will learn the foundational data science that empowers LLMs to help…and hallucinate, before diving into a tutorial on “agentic” LLM techniques. Along the way, key concepts and methods are related to NIST’s AI Risk Management Framework (NIST AI 600-1) and their adversarial machine learning taxonomy (NIST AI 100-2e2023). Cut through the hype – see the limitations and attack surfaces for yourself, and explore ways you could incorporate these tools into your own practice.

Come see Morgan Stuart at RVAsec 13!

Vennard Wright is the President & CEO of PerVista, an award-winning AI-weapons detection firm headquartered in National Harbor, MD.

Prior to founding PerVista, his professional experience was comprised of multiple executive leadership roles including serving as the Chief Information Officer (CIO) and Vice President of Operations for Iron Bow Technologies, CIO for WSSC Water, CIO for Prince George’s County Government (MD), and Director of Technology for Hillary Clinton during her successful United States Senate re-election campaign and subsequent 2008 Presidential Campaign. In addition, he held the distinction of being the Chief Technology Officer and Technical Organization Delivery Manager for Electronic Data Systems (EDS), which was subsequently acquired by Hewlett Packard (HP).

Because of his leadership in the technology industry, he has received numerous awards, authored dozens of articles, and spoken publicly on many topics, ranging from the importance of experiential learning in educational systems to the changing role that artificial intelligence and automation plays in future career prospects.

Leveraging AI in Surveillance for Public Safety Amid Privacy Concerns (<– add to your schedule)

During this session, we’ll explore the dual-edged role of artificial intelligence (AI) in enhancing public safety through surveillance while navigating the complex landscape of privacy and legislation. As AI transforms law enforcement and emergency responses with its advanced monitoring and threat detection capabilities, it also prompts critical questions about privacy rights and ethical considerations. This talk will dissect the balance between leveraging cutting-edge AI technologies and adhering to evolving privacy laws. We’ll delve into the latest trends, discuss the implications of facial recognition and behavior prediction, and examine how legislation is adapting to these rapid technological advancements. Whether you’re a tech professional, policy maker, or privacy advocate, this session will equip you with the insights needed to responsibly implement AI in surveillance, ensuring public safety enhancements do not compromise individual privacy.

Come see Vennard Wright at RVAsec 13!

Matt Fisher is a security consultant at STACKTITAN, with an emphasis on the penetration testing and red team disciplines. Matt is a US Army veteran who spent 14 years working in various roles within the DOD Intelligence Community before being drawn to the field of cyber security. Matt can often be found (or not found) lurking in the dark of enterprise networks (with prior consent of course), searching for paths to domain compromise.

The Lazy Pentester’s Guide to Coasting Through Internals (<– add to your schedule)

It’s been said that nobody wants to work anymore, and pentesters are certainly no exception to this rule. Internal pentests can be hard, time consuming drudgery. Pentesters may spend hours scanning hosts, looking for open ports and exploitable services only to find themselves with little time left to exploit anything, and a lack of focus on where to begin.

What if there was a better more efficient way? What if there was an 80% solution that will have you traipsing around the network with elevated privileges and creds in hand requiring a fraction of the time and effort using tools you’re already using?

In this talk we’ll cover multiple proven methods for obtaining creds, gaining footholds, and just generally wrecking up the place that are quick, relatively painless, and will leave you owning a client’s network fast.

Come see Matthew Fisher at RVAsec 13!

Ben Haynes is a data scientist at Flashpoint, leveraging analytics and his cybersecurity expertise to solve practical problems in the industry. Previously, he worked at Risk Based Security, where he dedicated his time to enhancing and implementing the organization’s cybersecurity intelligence products. He is responsible for multiple innovative risk models for vulnerability and breach intelligence, as well as pioneering ways to make that intelligence actionable for clients.

Ben has a B.S. in Astronomy, a M.S. in Math (Statistics), and is currently studying game theory and market dynamics. He is also an amateur archivist, data hoarder, and collector of hobbies. X (Twitter): @atbenhaynes

Why There is No Casino Night at RVAsec This Year (Sorry) (<– add to your schedule)

Every year, RVAsec hosts an after-party to close out the first day of talks at the conference. For the last two years, that nightly entertainment has been CASINO NIGHT, an opportunity to bet fake money on games of chance in order to win some very real prizes. Unfortunately, through some fault of my own, Casino Night will not be returning this year.

Join me for a retrospective of the last two Casino Nights: what went right, what went wrong, how systems (and people) can be gamed, how to adapt to new information, how I managed to win numerous prizes, and more. We will discuss how to harness game theory, social engineering, statistics, and other things that will get you kicked out of a normal casino.

Come see Ben Haynes at RVAsec 13!

Justin Varner is a seasoned security enthusiast with 19 years of experience dating back to his work with NASA on the IIS in 2006 to his current physical security shenanigans.

His last talk called “Honeypot Boo Boo” debuted at RVASec 2022 and his since then been presented at 9 international security conferences including HackerHalted and BSides Munich.

X (Twitter): @JustinTVarner

Oh Hotel No!: How A Helpless Hooligan Helped A Homie From Homelessness To Homeownership In 9 Months (<– add to your schedule)

This is the story of a hooligan and his fascination with exploiting physical and digital vulnerabilities in hotels for the purposes of persistent access, living off the land, and surreptitiously housing homeless people.

Come see Justin Varner at RVAsec 13!

Nick Copi is an application security engineer at CarMax who in his spare time immerses himself in security research and bug bounty. With a background spanning from building full stack web applications to pioneering application security initiatives at CarMax, he brings a wealth of practical experience to the table. Nick’s accolades in cybersecurity competitions underscore his prowess, with multiple first place CTF victories attesting to his skills. As a former president of VCU Cyber Security Club and co-organizer of OffsecRVA meetup, he remains deeply committed to community engagement and knowledge sharing.

X (Twitter): @7urb01

Following The JSON Path: A Road Paved in RCE (<– add to your schedule)

Dive into researching JavaScript implementations of JSON path libraries, breaking out of JavaScript sandboxes, achieving code execution, and examining the blast radius of impacted components. This talk covers both the research process for the discovery of these novel vulnerabilities and footguns, as well as the process for identifying the blast radius, weaponizing the vulnerabilities against actual targets, and engaging impacted stakeholders. Join me to hear a harrowing tale of remote code execution in several widely used products, CVE assignments, and critical bounty payouts.

Come see Nick Copi at RVAsec 13!

Michael Roytman is the CTO of Empirical Security. Previously, he was the Chief Data Scientist of Kenna Security, and a Distinguished Engineer at Cisco. He served on boards for the Society of Information Risk Analysts, Cryptomove, and Social Capital. He was the co-founder and executive chair of Dharma Platform (acquired, BAO Systems), for which he landed on the 2017 Forbes 30 Under 30 list. He currently serves on Forbes Technology Council.

X (Twitter): @mroytman

Cybersecurity is Ready for Local Models (<– add to your schedule)

This talk explores how a custom, local AI/ML model can be built internally at an enteprise for cybersecurity decision support. We’ll walk through data, methods, and pitfalls of building your own models rather than using off the shelf or vendor solutions.

Come see Michael Roytman at RVAsec 13!

Caleb Crable currently works as a Senior Staff Security Engineer on the Bill.com Red Team, performing attacks against critical financial infrastructure and physical security controls to make sure that red team gets the foothold before the attacker does. Previous to performing official red team work, penetration testing and red team consulting were the name of the game. Caleb spent over 3 years consulting with Cylance Professional Services on a variety of different security engagements at companies in every sector of modern business. Before his consulting journey started, Caleb was a Senior Malware Analyst at Cylance conducting deep-level file inspection, analysis, incident reconstruction, and taking part in special projects such as research associate for the whitepaper “Influence Sketching: Finding Influential Samples In Large-Scale Regressions”

SPF Shadowing: Give old services a chance to shine (<– add to your schedule)

In a world where Sender Policy Framework is meant to provide a first or second line of defense against impersonation and phishing, we instead find ourselves barely paying attention to it. Even after the MailChannels vulnerability was disclosed and thousands of companies found they could be impersonated via email through a service they paid thousands of dollars for, word really didn’t spread like it should have. Many domains are set and forget, from personal domains to fortune 500s, and I am going to take you on a journey where we use the forgotten for fun and profit.

Come see Caleb Crable at RVAsec 13!

John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users’ capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations and has built multiple APT threat emulations for blue team capture the flag events. John has presented and led workshops at various industry symposia including FIRST, BSides, SANS Summits, WiCyS, Way West Hacking Fest, AISA, Insomni’hack and DefCon Packet Hacking Village. He also enjoys listening to what his former teammates referred to as “80s sad-timey music.”

X (Twitter): @stonerpsu

Defending Entra ID and Office 365 Using the Prism of GraphRunner (<– add to your schedule)

For organizations using Microsoft Entra ID and O365, it’s important to understand the landscape of the Graph API, how data is accessed and the logs available to gain visibility into probes and attacks that are targeting users and their information stores.

To drive this awareness, I’ve chosen to use a red team toolkit called GraphRunner that empowers offensive cyber practitioners an easy to use method to get started probing Microsoft Entra ID and Office 365 tenants. On the flip side of this, we are going to take a look at the logs generated by GraphRunner in a simulated attack chain to better understand what a blue teamer might see and how they can build detections and hunt, not just for GraphRunner, but for suspicious activities occurring within their Entra ID and Office 365 tenant.

Come see John Stoner at RVAsec 13!