Conference:  Defcon 31

Authors: Austin Carson Founder & President of SeedAI, Dr. Arati Prabhakar Director of the White House Office of Science and Technology Policy (OSTP) and Assistant to the President for Science and Technology

2023-08-01

On May 4th, the White House announced the AI Village at DEF CON's Generative AI Red Team and their participation, followed by announcements from the House and Senate AI Caucus leadership and the National Science Foundation. In this panel, we'll hear from top officials and executives about how they're balancing the explosion of creativity and entrepreneurship from the advent of GenAI with the known & unknown risks of deployment at scale. We'll also hear how this exercise is viewed as a model for enhancing trust & safety through democratizing AI education. Panelists will also discuss why it's meaningful to bring together thousands of people from different communities to conduct the exercise across the available AI models.

Conference:  Defcon 31

Authors: R.J. McDown Principal Red Teamer

2023-08-01

The future isn’t certain, nor is the continued access to our compromised endpoints. At some point, every red team operator faces the gut-wrenching event of losing command and control (C2) access. This often occurs when post exploitation activity is detected and associated to the C2 process and channel. Further link analysis may lead to the discovery of other compromised endpoints, secondary C2, and compromised credentials. Needless to say, a single mistake can cause a huge disruption in access and even lead to the detriment of the entire engagement. This talk will present and demonstrate the methodologies and techniques built into Obligato, a covert implant tasking and communications framework, designed with the Primary objectives of breaking process chaining events, disassociating network communication from the implant, providing a means for maintaining or regaining access, and evading dynamic analysis. Technical information will be explained and demonstrated at both high and low levels, so prior knowledge is not required. However, to get the most out of the talk, attendees are encouraged to have a basic understanding of general Windows architecture, networking, and programming concepts.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Lewis Denham-Parry, Natalia Reka Ivanko

2022-10-27

The presentation discusses the importance of sharing knowledge and resources in cybersecurity and DevOps, using a scenario involving a taxi company as an example.

• Sharing knowledge and resources is crucial in cybersecurity and DevOps
• The presentation uses a scenario involving a taxi company to illustrate this point
• The scenario includes various components such as RBAC, an S3 bucket, and an application to manage traffic lights
• Hints and clues should be given to participants to make events more enjoyable