RVAsec 14 Speaker Feature: Christina Johns

May 1, 2025 rvasadmin

Speaker

Christina Johns is a Principal Malware Analyst at Red Canary with 15 years experience. Prior to becoming a malware analyst she worked in a variety of areas including web application assessment, android forensics, and incident response. Her research interests lie at the intersection of automating binary analysis and malware reverse engineering. She is the author of OpenSecurityTraining2’s Introductory IDA Debugging class. She has taught multiple intro to CTF workshops, volunteers with Women’s Cyberjutsu, and enjoys participating in CTFs to build her skills and help others do the same.

Look Ma, No IDA! Malware Analysis Without Reverse Engineering (<– add to your schedule)

Do you think malware analysis is out of your reach because assembly code looks like reading the matrix? Fear not, this talk will convince you that learning assembly code is not the best place to start your malware analysis journey. For starters, the modern malware landscape is diverse and malicious code isn’t always compiled into assembly. Not every use case for malware analysis requires a deep dive and there are many great tools and services that provide information about a malware sample you can build your analysis on.

If you work as an incident responder, detection engineer, threat hunter, or intel analyst, you probably already do some malware analysis but don’t realize it. And if you don’t but would like to, this talk will discuss the tools and knowledge you should focus on first before embarking on groking the intel x86 manual.

Come see Christina Johns at RVAsec 13!

RVAsec 14 Speaker Feature: Paul Asadoorian

May 1, 2025 rvasadmin

Speaker

speaker

Paul Asadoorian is currently a Principal Security Researcher for Eclypsium, focused on firmware and supply chain security. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. In 2005, Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. Paul grew Security Weekly into a network of security podcasts spanning multiple topics, such as application security and business. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, and hosts Eclypsium’s Below The Surface podcast. He enjoys coding in Python, hacking around on ESP32, and telling everyone he uses Linux as his daily driver desktop OS.

X (Twitter): @securityweekly

The Security Professional’s Guide To The Linux Desktop (<– add to your schedule)

Want to learn how running Linux as your desktop OS can make your life BETTER? This talk is for you! Every year the Linux nerds say, “This will be the year of the Linux desktop!”. If we put Android and ChromeOS aside for a moment, there has never been such a year. However, I switched to Linux on my laptops in 2016 and fully converted all my desktops in 2019. I’m never looking back. Many of you reading this are already thinking/voicing your opinions. I’ve heard for so many years, “I don’t want to run Linux as my desktop because [blank]”. This talk will dispel the myths and hopefully getting you on team Linux desktop! If you are open-minded about Linux as a desktop, haven’t tried it in a while, worried about Windows 10 going end-of-support in 2025, and want to learn about the benefits of the Linux desktop, this talk is for you. Maybe you even use Linux as your desktop OS and just want some tips and tricks; this is the talk for you. If you’ve already decided that Windows or MacOS is perfectly fine and Linux is just annoying, this talk may not be for you.

Come see Paul Asadoorian at RVAsec 13!

RVAsec 14 After Party — Hacker Trivia Showdown — Register Now!

May 1, 2025 rvasadmin

After Party Announcement

RVAsec 14 isn’t just about top-tier cybersecurity content—it’s also about community, camaraderie, and a damn good time. This year, we’re leveling up the After Party with a night of brain-bending fun, cold drinks, amazing food, and a nod to one of the most legendary DEF CON traditions: Hacker Jeopardy (but our PG-13 version—no alcohol-fueled chaos here, sorry, but you really never know).

The RVAsec 14 after party, brought to you by RVAsec (still looking for a sponsor to make it even more epic!), will be at in the main ballroom on Tuesday, June 3rd right after Day 1 ends!

5:00pm to 9pm: Food/Beverage/Music
5:30ish: Finalize teams!
5:30 – 6:00ish: Let the Hacker Trivia Showdown begin!
8:30ish: Prizes and Food/Beverage/Music continues!

THE GAME:

Hacker Trivia Showdown is our RVAsec-style take on Hacker Jeopardy—think infosec knowledge, tech culture references, pop trivia, and plenty of snark. We’ll be forming teams, keeping the energy high, and giving away prizes that might be cooler than the coveted RVAsec Bags of Sh*t or our yearly STFU signs!

Don’t worry if you’ve never been to DEF CON—this is your chance to get a taste of the fun (without the 12AM timeslot or the Vegas dehydration).

HOW IT MIGHT WORK (we are still working on details):

We aim to have 3 teams of 3 members. You can sign up solo or with a crew—we’ll try to match you up if needed.
We will have two rounds, with each round lasting 40 to 60 minutes.
Audience members won’t just sit back—we’ll have bonus rounds, shout-out prizes, and ways to jump in throughout the night.

PLUS:

Music and DJ vibes to kick off and wrap up the night
Delicious drinks and amazing food served up before and after trivia
Swag, surprises, and bragging rights for days
We have a seasoned guest host we will be revealing soon!

Get ready to test your skills, rep your team, and maybe even outsmart your friends. This is one RVAsec party you won’t want to miss.

This is an exclusive event, so you must be registered to attend or you will not be allowed entrance–no exceptions!

Important Notes:

You must use the same email you used to register for RVAsec.
Each attendee must have their own name listed (duplicates will be deleted).
If you are not registered for RVAsec, your ticket will be deleted.
Age Restriction: You must be 21 and over to drink alcohol. Non-alcoholic beverages will be available.

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!

Register For The After Party Now!

(https://www.eventbrite.com/e/1338099966019)

If you haven’t bought a ticket for the RVAsec conference yet, now is the time…. click this link, you know you want to!

Or if you know better, don’t click that link, copy and paste this (https://www.eventbrite.com/e/rvasec-13-security-conference-tickets-776407274057) in and get that ticket!

RVAsec 14 Speaker Feature: Nicholas Popovich

April 30, 2025 rvasadmin

Speaker

Nick Popovich’s passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. His career has focused on adversarial threat simulation, offensive and defensive security, and advanced technical security assessments. He is a hacker. He is also a veteran of the U.S. Army Signal Corps, and has worked in the public and private sectors, performing advanced cyber security assessments. Nick currently runs Rotas Security, an offensive cybersecurity services company specializing in penetration testing and adversary emulation. He’s a lifelong learner and loves finding new ways to get under the hood of systems and networks. He is a father of three and a husband to one.

X (Twitter): @pipefish_

Attacking & Defending ServiceNow: A Hands-on Lab for Red & Blue Teams (<– add to your schedule)

ServiceNow is a critical enterprise platform, often integrated with sensitive systems and privileged access. This talk explores how attackers can exploit misconfigurations and privilege escalation paths within ServiceNow to gain a foothold in an environment. We’ll walk through real-world attack techniques, from initial access to lateral movement, and demonstrate how defenders can detect and mitigate these threats.

In addition to offensive tradecraft, we’ll cover how to set up a dedicated lab to safely test these attack vectors, fine-tune detections, and improve defensive strategies. Whether you’re a red teamer looking to sharpen your tactics or a blue teamer aiming to strengthen your defenses, this talk will provide actionable insights and practical steps for securing ServiceNow.

Come see Nicholas Popovich at RVAsec 13!