Kevin Massey

• Video: RVAsec 2023: Kevin Massey – Heap Exploitation from First Principles
• Slides: https://rvasec.com/slides/2023/Massey_Kevin-Heap_Exploitation_From_First_Principles.pdf
• Twitter: @Scratchadams118

In this talk I will discuss the process of building a userland heap allocator, identify the inherent vulnerabilities that exist in heap allocation, and demonstrate methods to exploit these vulnerabilities.

About Kevin – I am a security analyst who does independent security research. I focus on vulnerabilities, binary exploitation, and network protocols.

Jason Wonn

• Video: RVAsec 2023: Jason Wonn – Corporate Dungeon Master: How to Lead Cyber Games at Work
• Slides: https://rvasec.com/slides/2023/Wonn_Jason-Corporate_Dungeon_Master_Lead_Cyber_Games_at_Work.pdf
• Twitter: @wonnmeister

Military organizations have long known the value of “training as you fight”, but commercial entities only realized its importance in the last few years. Consequently, the Cyber Action Officer role recently became a priority for the average company. Are you a security-geek like Jason Wonn who loves role-playing games (RPGs) and want the opportunity to lead a party through incident response to the most prevalent cyber threats? In this original talk, discover how to lead games (table-top exercises) at work as a “Corporate Dungeon Master” (Cyber Action Officer), narrating the story (facilitation), controlling the monsters (cyber threats), and creating an adventure that will have your players leveling-up (process improvement).

About Jason – Jason Wonn is a results-focused information security leader with 30+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason is a “Richmonder” but works for Navy Federal Credit Union in Vienna, VA. He currently serves as a Cyber Action Officer, delivering table-top exercises and serving as a trusted incident response advisor to leadership during cyber crises. Prior to this position, Jason led the development of a cyber threat intelligence capability at both Navy Federal and The Walt Disney Company. He also served in various threat intelligence roles as a government contractor with MITRE, Lockheed Martin, and CGI Federal in support of the FBI and 1st IO Command, US Army. He holds a B.S. in Computer Science from Tarleton State University in Texas, and the CISSP and PMP industry certifications.