John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users’ capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations and has built multiple APT threat emulations for blue team capture the flag events. John has presented and led workshops at various industry symposia including FIRST, BSides, SANS Summits, WiCyS, Way West Hacking Fest, AISA, Insomni’hack and DefCon Packet Hacking Village. He also enjoys listening to what his former teammates referred to as “80s sad-timey music.”

X (Twitter): @stonerpsu

Defending Entra ID and Office 365 Using the Prism of GraphRunner (<– add to your schedule)

For organizations using Microsoft Entra ID and O365, it’s important to understand the landscape of the Graph API, how data is accessed and the logs available to gain visibility into probes and attacks that are targeting users and their information stores.

To drive this awareness, I’ve chosen to use a red team toolkit called GraphRunner that empowers offensive cyber practitioners an easy to use method to get started probing Microsoft Entra ID and Office 365 tenants. On the flip side of this, we are going to take a look at the logs generated by GraphRunner in a simulated attack chain to better understand what a blue teamer might see and how they can build detections and hunt, not just for GraphRunner, but for suspicious activities occurring within their Entra ID and Office 365 tenant.

Come see John Stoner at RVAsec 13!

Christopher Cruz is the Cyber Program Manager for the Virginia Fusion Center, which provides a vital conduit for intelligence collection and information exchange throughout the Commonwealth. He is responsible for the development, management, and integration of cybersecurity capabilities within the fusion center. Previously, Christopher was the Cybersecurity Program Manager for the Virginia Department of Emergency Management, where he was assigned to work in the Office of the Secretary of Public Safety and Homeland Security. He also spent several years in private sector working for multiple Fortune 500 companies leading global security efforts around insider threat, data protection, and IT risk management.

Hacker, Hipster, Hustler, Humanist: Establishing the Government’s Role in Public Interest Cybersecurity (<– add to your schedule)

Public interest cybersecurity is the application cybersecurity measures and strategies to protect critical infrastructure, non-profits, state & local governments, schools, healthcare facilities, and other institutes that primarily seek to serve the public good.

Come see Christopher Cruz at RVAsec 13!

Stacy Aitken: I didn’t intend to be in the Cyber Security space but so glad I am. I initially wanted to be a pediatrician, but while attending a conference for the government I was recruited for the Recombinant DNA cloning project with NIH that went on to clone the first sheep “Dolly”. Seeing the vast data and sensitive information on such government projects I knew I had to be a part of protecting data, securing sensitive information for the greater good and provide the same for companies data, assets and PEOPLE.

For the last 10 years I have focused on the importance of security, compliance and how to help organizations big and small have the same military grade cyber defense available and affordable. Working with all industries from Education to Pharm, DOD to local small government I dealve deep into their businesses to avoid risks they may have never known about, while keeping them compliant with their insurance, laws and policies.

The Importance of an Incident Response Plan (<– add to your schedule)

An incident response plan (IRP) is a necessity. It can reduce damage, improve recovery time, reduce costs, comply with regulation, preserve evidence, and improve preparedness.

Come see Stacy Aitken at RVAsec 13!

Luke McOmie started in offensive security in 1994 and is a trusted advisor, security leader and mentor. With a career focus in offensive security and a strong technical background, he is recognized for his excellence in developing and executing enterprise security strategies and leading technical and tactical programs. He has founded and contributed to several industry leading organizations over his career including start ups, fortune 100 enterprises, and federal agencies. As an extrovert, he passionately supports the information security community, is a featured speaker at various conferences, a published author, and an industry liaison for many businesses and organizations.

X (Twitter): @lmcomie

What the Scope? Sh** my Consultant | Client Says (<– add to your schedule)

Scoping a penetration test shouldn’t feel like negotiating a hostage situation—but here we are. In this engaging, no-holds-barred session, two seasoned cybersecurity professionals take the stage in a hilarious and painfully relatable discussion, showcasing the absurd, frustrating, and all-too-common conversations between consultants and clients.

Expect real stories, plenty of laughs, and insights that will make you rethink how you approach penetration testing and security assessments. Whether you’re a consultant, security leader, or someone who’s just tired of hearing “We don’t need a pentest”, this talk is for you.

Come see Luke McOmie at RVAsec 13!

Olivia Gallucci is a Senior Security Engineer at SECUINFRA and a blogger: oliviagallucci.com. She is the founder of two companies—Offensive Services (security consulting) and OG Health & Fitness (personal training). Graduating at the top of her university, Olivia is passionate about education surrounding free(dom) and open-source software, assembly, and security research. She previously worked in offensive security at Apple, US Government, and Deloitte. Outside of cybersecurity, Olivia enjoys competitive sailing, cooking, and reading about famous computer nerds.

X (Twitter): @oliviagalluccii

Unlocking macOS Internals: A Beginner’s Guide to Apple’s Open Source Code (<– add to your schedule)

Have you ever wondered how macOS works under the hood? For researchers, learning how to navigate Apple’s open source code is a game-changer. This talk demystifies macOS internals through its open source ecosystem, giving you everything you need to start hacking these machines!

Come see Olivia Gallucci at RVAsec 13!

Philippe Caturegli has over 25 years of experience in building, defending, and attacking across all areas of Information Security. He’s been performing penetration tests since the early 2000s, gaining deep expertise across diverse security landscapes. In 2012, he founded Seralys, a boutique cybersecurity company specializing in high value add penetration testing engagements, serving clients in both Europe and North America. Before Seralys, Philippe was a Senior Manager at a Big 4 firm in Luxembourg, where he led Security & Privacy engagements, primarily with financial institutions. Earlier in his career, he held several roles within the information system security department of a global pharmaceutical company in London, managing a heterogeneous network of over 100,000 users under strict regulatory requirements.

X (Twitter): @_titon_

Internal Domain Name Collision 2.0 (<– add to your schedule)

The proliferation of new Top-Level Domains (TLDs) has sparked security concerns primarily around phishing and social engineering attacks. However, the emergence of these new TLDs has broadened the attack surface, making it easier for threat actors to exploit other domain-related vulnerabilities. Our research explored another critical but often overlooked vulnerability: Internal Domain Name Collision. During our research, we examined how legacy systems configured before the TLD boom can become susceptible to these collisions, potentially allowing threat actors to redirect or intercept sensitive internal traffic. This vulnerability can have a ripple effect, impacting even newly installed systems that rely on configurations from those legacy systems (e.g. DHCP, DNS Suffix, etc.). This presentation will showcase our methodology for identifying vulnerable domains and present real-world examples of high-value targets at risk, including a major European city, a US Police Department, and critical infrastructure companies.

Come see Philippe Caturegli at RVAsec 13!

Qasim Ijaz is the Director of Cybersecurity at a leading healthcare organization, overseeing detection, incident response, vulnerability management, purple teaming, and cybersecurity engineering. With a strong background in offensive security and risk management, he has helped organizations strengthen their defenses against evolving threats. Passionate about bridging the gap between cybersecurity and business, Qasim specializes in offensive security and cybersecurity strategy. He is also a dedicated educator, mentoring professionals and sharing his expertise at conferences such as BSides and Black Hat. Committed to advancing cybersecurity in healthcare, he drives innovation in proactive defense and risk management.

X (Twitter): @hashtaginfosec

What the Scope? Sh** my Consultant | Client Says (<– add to your schedule)

Scoping a penetration test shouldn’t feel like negotiating a hostage situation—but here we are. In this engaging, no-holds-barred session, two seasoned cybersecurity professionals take the stage in a hilarious and painfully relatable discussion, showcasing the absurd, frustrating, and all-too-common conversations between consultants and clients.

Expect real stories, plenty of laughs, and insights that will make you rethink how you approach penetration testing and security assessments. Whether you’re a consultant, security leader, or someone who’s just tired of hearing “We don’t need a pentest”, this talk is for you.

Come see Qasim Ijaz at RVAsec 13!

Christina Johns is a Principal Malware Analyst at Red Canary with 15 years experience. Prior to becoming a malware analyst she worked in a variety of areas including web application assessment, android forensics, and incident response. Her research interests lie at the intersection of automating binary analysis and malware reverse engineering. She is the author of OpenSecurityTraining2’s Introductory IDA Debugging class. She has taught multiple intro to CTF workshops, volunteers with Women’s Cyberjutsu, and enjoys participating in CTFs to build her skills and help others do the same.

Look Ma, No IDA! Malware Analysis Without Reverse Engineering (<– add to your schedule)

Do you think malware analysis is out of your reach because assembly code looks like reading the matrix? Fear not, this talk will convince you that learning assembly code is not the best place to start your malware analysis journey. For starters, the modern malware landscape is diverse and malicious code isn’t always compiled into assembly. Not every use case for malware analysis requires a deep dive and there are many great tools and services that provide information about a malware sample you can build your analysis on.

If you work as an incident responder, detection engineer, threat hunter, or intel analyst, you probably already do some malware analysis but don’t realize it. And if you don’t but would like to, this talk will discuss the tools and knowledge you should focus on first before embarking on groking the intel x86 manual.

Come see Christina Johns at RVAsec 13!