I’ve presented talks on a number of cybersecurity related topics. If you’d like me to present any of these talks at your conference or meetup, feel free to DM me on BlueSky @airman604.com
Securing Managed Kubernetes
Talk covering basics of managed Kubernetes security, including:
- What is Kubernetes and how it works
- Kuberenetes threat model
- Key security controls for protecting Kubernetes clusters
- Overview of commercial and open source cloud native security tooling
You’ll come out equipped with understanding of the Kubernetes security landscape and actionable recommendations for securely running workloads in Kubernetes.
Attacking and Securing JWT
Overview of JWT tokens, how they’re abused and how to use them securely in your applications.
Docker Basics for Security Use Cases (workshop)
Practical introduction to Docker, with labs covering security use cases.
Containers Uncontained - Docker security mistakes I made so you don’t have to!
In this blue team focused talk we review critical Docker security (mis-)configurations I’ve seen in the wild. We will consider WHY they are dangerous (there will be demos!) and HOW to fix them. The talk is focused on intended (albeit dangerous) functionality, there will be no 0-days.
Practical Threat Modelling
Practical threat modelling workshop with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model.
“Invisible Source Code” Vulnerabilities
Overview of “invisible source code” vulnerabilities and implications.
Metasploit 101 (4+ hour workshop)
Beginner-friendly, hands-on workshop on Metasploit Framework. In addition to the Metasploit, we cover the basics of the offensive security mindset. The workshop covers:
- Introduction to Metasploit
- Scanning
- Exploitation
- Meterpreter
- Pivoting
- Metasploit payloads and client-side exploits
The labs in the workshop are done with a fully custom intentionally vulnerable boot2root machine that allows us to demonstrate the concepts as they are explained, as well as practice pivoting in a realistic environment.
Demystifying Cryptography
Talk covering basics of cryptography and how the foundational building blocks are combined in modern cryptographic protocols.
CBC Padding Oracle Attacks Explained
Overview of the CBC (cipher block chaining) padding oracle attacks with demo.
JSON Parsing with jq
(workshop)
Workshop with labs focused on parsing JSON-formatted security logs.
XXE Explained
Overview of XML External Entities attacks with demo.