Airman604 - Talks | airman604

I’ve presented talks on a number of cybersecurity related topics. If you’d like me to present any of these talks at your conference or meetup, feel free to DM me on Twitter Twitter @airman604

Securing Managed Kubernetes

Talk covering basics of managed Kubernetes security, including:

What is Kubernetes and how it works
Kuberenetes threat model
Key security controls for protecting Kubernetes clusters
Overview of commercial and open source cloud native security tooling

You’ll come out equipped with understanding of the Kubernetes security landscape and actionable recommendations for securely running workloads in Kubernetes.

Attacking and Securing JWT

Overview of JWT tokens, how they’re abused and how to use them securely in your applications.

Docker Basics for Security Use Cases (workshop)

Practical introduction to Docker, with labs covering security use cases.

Containers Uncontained - Docker security mistakes I made so you don’t have to!

In this blue team focused talk we review critical Docker security (mis-)configurations I’ve seen in the wild. We will consider WHY they are dangerous (there will be demos!) and HOW to fix them. The talk is focused on intended (albeit dangerous) functionality, there will be no 0-days.

Practical Threat Modelling

Practical threat modelling workshop with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model.

“Invisible Source Code” Vulnerabilities

Overview of “invisible source code” vulnerabilities and implications.

Metasploit 101 (4+ hour workshop)

Beginner-friendly, hands-on workshop on Metasploit Framework. In addition to the Metasploit, we cover the basics of the offensive security mindset. The workshop covers:

Introduction to Metasploit
Scanning
Exploitation
Meterpreter
Pivoting
Metasploit payloads and client-side exploits

The labs in the workshop are done with a fully custom intentionally vulnerable boot2root machine that allows us to demonstrate the concepts as they are explained, as well as practice pivoting in a realistic environment.

Demystifying Cryptography

Talk covering basics of cryptography and how the foundational building blocks are combined in modern cryptographic protocols.

CBC Padding Oracle Attacks Explained

Overview of the CBC (cipher block chaining) padding oracle attacks with demo.

JSON Parsing with `jq` (workshop)

Workshop with labs focused on parsing JSON-formatted security logs.

XXE Explained

Overview of XML External Entities attacks with demo.