Saturday Nov 19th


Security is a (Big) Data Problem - Boosting Signal to Noise Ratio with Data Pipelines Jackie McGuire 9AM
0900 - Opening Ceremony

0930 - KEYNOTE - Security is a (Big) Data Problem: Boosting Signal to Noise Ratio with Data Pipelines - Jackie McGuire

1000 - Trace Me if You Can: Bypassing Linux Syscall Tracing - Rex Guo & Junyuan Zeng

1100 - Finding Unknown Threats Leveraging AI and Data - Howie Xu & Dianhuan Lin

1200 - LUNCH - Sponsored by CyberSN, Diverse Security & Day of Shecurity

1300 - Data is the New E-Currency: Dissecting the Paradigm of Present-Day Cyberattacks - Aditya Sood

1400 - 2022 Wi-Fi Security - or Lack of… - Phil Morgan

1500 - Cybersecurity is Warfare, Defend Accordingly - Tom D'Aquino

1600 - Networking to Reach Your Next Opportunity - Heather Hall

1700 - Building Trust in your Container Supply Chain - Sai Santosh Vernekar & Swarup Natukula

1800 - Don’t Get Caught in a Compromising Position: Defend & Detect Across Your Threat Landscape - Jes Manikonda

1900 - Closing Ceremony

1900-2100 - Happy Hour, music by DJ Felipe


Trace Me if You Can: Bypassing Linux Syscall Tracing - Rex Guo 10:00 AM PST 

In this talk, we will present novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing. A user mode program does not need any special privileges or capabilities
to reliably avoid system call tracing detections by exploiting these vulnerabilities. The exploits work even when seccomp, SELinux, and AppArmor are enforced.

Advanced security monitoring solutions on Linux VMs and containers offer system call monitoring to effectively detect attack behaviors. Linux system calls can be monitored by kernel
tracing technologies such as tracepoint, kprobe, ptrace, etc. These technologies intercept system calls at different places in the system call execution. These monitoring solutions can be
deployed on cloud compute instances such as AWS EC2, Fargate, EKS, and the corresponding services from other cloud providers.

We comprehensively analyzed the Time-of-check-to-time-of-use (TOCTOU) issues in the Linux kernel syscall tracing framework and showed that these issues can be reliably exploited to
bypass syscall tracing. Our exploits manipulate different system interactions that can impact the execution time of a syscall. We demonstrated that significant syscall execution delays can beintroduced to make TOCTOU bypass reliable. We will talk about two novel exploitation
philosophies invented by us and presented in DEFCON 29/Blackhat USA 2022/DEFCON 30.

We will also talk about the disclosure stories and the diverse mitigations taken by different open source projects.

We will demonstrate our bypass for Falco on Linux VMs/containers and GKE. We will also demonstrate bypass for pdig on AWS Fargate. In addition, we will demonstrate exploitation
techniques for syscall enter and explain the reason why certain configurations are difficult to reliably exploit. Finally, we will summarize exploitable TOCTOU scenarios and discuss potential mitigations in various cloud computing environments.

Rex Guo is an experienced cyber security engineering leader and a hacker at heart. He is currently a Principal Engineer at Lacework where he leads data-driven cloud security product development and research on new attack vectors in the cloud. Previously, he was the Head of Research at Confluera, a cloud XDR start-up that builds real-time threat storyboards. Before that, he was an Engineering Manager at Tetration, a cloud workload protection start-up acquired by Cisco. Prior to that, Rex worked on application security, infrastructure security, malware analysis, and mobile/IoT security at Intel. He has presented at Black Hat and Defcon multiple times. He has 30+ patents and publications. He received a PhD from New York University.

Junyuan Zeng is Senior Software Engineer at Linkedin. Before Linkedin, he was Staff Security Architect at where he designed and architected container security monitoring solutions. Before that he was Staff Software Engineer for mobile payment security at Samsung and a security researcher at FireEye where he worked on mobile malware analysis. He has spoken at Blackhat and Defcon. He has published in ACM CCS, USENIX ATC, and other top academic conferences. He obtained his PhD in Computer Science from The University of Texas at Dallas.


Finding unknown threats leveraging AI and Data - Howie Xu, Dianhuan Lin. 11:00 AM PST

Identifying and stopping new malware variants or never-before-seen threats without signals IoC (Indicator of Compromise) or signatures is a monumental task. In fact, it's like finding a needle in a haystack, except you've never seen a needle either. Without signals and high volumes of traffic to sift through, you need AI to level out the playing field. Learn how Zscaler's security researchers and engineers monitor over 240 billion web transactions per day to filter petabytes of data and perform deeper analysis, effectively blocking million threats across the platform.

Howie Xu
Vice President of Machine Learning and AI
Howie Xu is the VP of Machine Learning and AI. Before, Howie was the CEO/Co-founder of TrustPath, which was acquired by Zscaler, a Greylock Partners EIR, a senior executive at Cisco and Big Switch Networks, and the founder of VMware Networking. Howie is a Stanford GSB alum and guest lecturer


Dianhan Lin

Dr. Dianhuan Lin is a technical leader with 15 years of experience in Artificial Intelligence and Machine Learning. She is currently a Senior Manager of Machine Learning at Zscaler, which is a leading SaaS security company with a $1 billion Annual Recurring Revenue (ARR). She leads the development of AI/ML models for security and networking products at Zscaler.

Prior to Zscaler, She was a Machine Learning Scientist at Amazon Alexa, improving Alexa's question-answering skills. She won Amazon's 'think big' award for her innovation in developing natural language understanding techniques. After Amazon, she continued developing Artificial General Intelligence at the robotics company Vicarious, which was recently acquired by the Google DeepMind team.

She received her Ph.D. in Machine Learning from Imperial College London. She has published in top ML journals (e.g. Machine Learning) and top AI conferences (e.g IJCAI). She is also an inventor for multiple patents.


Networking to Reach Your Next Opportunity Heather Hall 01:00 PM PST

Heather Hall of Optiv Security will give this talk on how networking can be a source for your next opportunity. She'll share activities, lessons, and steps she took that helped her gain knowledge, notoriety, and roles. Networking is an avenue to meet people and help each other serve. The talk will emphasize how growing relationships through networking can help you reach unknown avenues.


Heather Hall started her Army career in 1994 in Ft. Hood, Texas. In 1998, after 4 years on active duty, she joined the Nevada National Guard where she served until 2014. She retired as the lead of the Computer Network Defense Team, Chief Warrant Officer 3.

Currently, Heather is a Demand and Delivery Manager at Optiv Security. Optiv is the world's leading security solutions integrator with the capability to manage the full gamut of the Security life cycle from plan, build, run to respond, remediate, and restore. Heather’s role has her interacting with Fortune 100 clients to ensure the United States most important resources - data. Heather currently resides in Carson City, Nevada, where she and her husband raise their three children, two of which are 4-year-old identical twin girls.

2022 Wi-Fi Security - or lack of… -- Phil Morgan 02:00 PM PST

Wi-Fi security is paramount today. Threat actors are probably not going to try and sneak into your site dressed as repair staff. They are going to first attack your Wi-Fi.
Most people believe Wi-Fi attacks are impossible … They are if Wi-Fi is configured properly, and there is the catch. If you answer ‘YES’ to these questions, you need to come and attend this talk -
Do you use PSK? Do you never change it? Do you use 802.1X Enterprise, and do you have non-strict certificate requirements? Do you have WPA3 configured, and have turned on Transition mode?

Wi-Fi attacks are easy, and very successful. They can be run from miles away, yes “miles”. In this talk we will discuss common attacks, common threats, and solutions.
We will learn why and how Wi-Fi is vulnerable, and simple steps to take to make your Wi-Fi more secure.


Phil Morgan is a senior Wireless engineer holding several certifications in networks and Wi-Fi. He is CCIE #5224, CWNE #322, and CWISE #4. Phil has worked with Wi-Fi since 1998, is a member of the IEEE, and has been involved in the development of IEEE protocols and standards.

Cybersecurity is warfare, defend accordingly - Tom D'Aquino 03:00 PM PST

In this talk, Tom D'Aquino will use attacker TTPs to present rationale that cyber attacks, even those initiated by criminal threat actors, are rooted in warfare and how established war-fighting strategies can be utilized by cybersecurity teams to stop attacks before they become noteworthy events. Tom will dive into the practical aspects of several war-fighting strategies and illustrate how they can be adapted by cybersecurity teams to organize in an innovative manner, do more with less, and ultimately, gain advantages over cyber-adversaries. This talk will wrap up with examples of specific techniques based on war-fighting strategies that are highly effective and easy to implement.

Tom D'Aquino is a cybersecurity practitioner with over 20 years of experience architecting, implementing and validating cybersecurity solutions. Tom works in an official capacity as the Director of Security Validation for Vectra AI where he specializes in testing and validating the capabilities of Vectra AI's technology in the lab and in customer environments. Tom is also the creator and primary developer of the open source ./HAVOC framework and, in his spare time, he produces and hosts the ./HAVOC podcast.

Data is the New E-Currency: Dissecting the Paradigm of Present-day Cyberattacks - Aditya K Sood 04:00 PM PST
Cyberattacks are evolving at an exponential rate. The adversaries (attackers, cybercriminals, nation-state actors) are focused on stealing, exfiltrating, and destructing data. The question is, "Why?" The answer is simple, "Data is the new e-currency"? In this session, we will present the current state of advanced threats and how "controlling data" 
has become the breeding ground for cyberattacks.  A number of data exfiltration case studies will be discussed, covering nation-state cyber warfare and broad-based attacks. 

Aditya K Sood 
Ph.D., is a cybersecurity practitioner. With the experience of more than 15 years in the field of security, Dr. Sood focuses on a wide spectrum of cybersecurity and next-generation technologies. Dr. Sood obtained his Ph.D. from Michigan State University in computer sciences. He also authored Targeted Cyberattacks and Empirical Cloud Security books. Dr. Sood is also a frequent speaker at global cybersecurity conferences and contributes regularly to industry and academic leading journals and magazines




Building trust in your container supply chain - 05:00 PM PST - Sai Santosh Vernekar - Swarup Natukula 

Applications are made up of software components. The supply chain is at the heart of developing, delivering, maintaining, and scaling applications. It is critical to understand the risk in each component in order to safeguard the supply chain. End-to-end security is critical to mitigating the risks associated with open source software, regardless of the application that is being created.

In this talk, we will look at the challenges associated with the "Container" supply chain, as well as some of the technology, processes, and tools that you can use to create confidence in your container supply chain.

Sai Santosh Vernekar 

Sai Santosh Vernekar is a seasoned Application Security Practitioner with over a decade of expertise in application security. Over his career, Sai has undertaken secure code review, DAST, Devsecops, penetration testing, secure architecture reviews as well as threat modeling.He currently works as Senior Information Security Analyst at Kohl’s.His keen interest lies in Cloud Security & secure CI/CD implementations.

Swarup Natukula 

Swarup Natukula is an experienced Application Security Practitioner with over 10 years of experience in SAST, DAST, Architecture review, Threat Modeling, Devsecops, cloud and container security. He is currently working as Senior Information Security Analyst at Kohl’s. He is part of the OWASP Bay area chapter. He holds the OSCP and CEH certifications.

Don’t get caught in a compromising position: Defend & Detect across your threat landscape - Jeswanth Manikonda 06:00 PM PST

Threat detection is at the heart of building foundational security to shift with the evolving threat landscape. In this session, we will demonstrate how to build behavioral attack-pattern scenarios correlating detection use cases across different data domains, which helps to keep up with their threat landscape, and learn how you can easily start to build and implement sequence-based detections in your environment. The right methods, frameworks, and detections are fundamental to understanding your threat landscape and comprehending the correct path. We will show how to cover the steps to defend against some of the various compromises that have been identified across the numerous industries.


Jeswanth Manikonda, goes by Jes, is an executive with strong security, product and technical background. He wore many hats throughout his 10+ years of working in security and played a crucial role in building companies to become the leaders in their space. He personally worked with 400+ organizations, including Fortune 100/500/1000 companies, in helping build their security programs. He has a deep understanding of the challenges faced by most of the SOC organizations along with strong hold on the security ecosystem and the evolving threat landscape. His hands-on expertise across building threat detections, Log Parsers, security tool integrations, workflow integrations and application of machine learning algorithms in solving SOC challenges is exemplary. He is currently heading the product management at Anvilogic and delivering the products that help SOCs be more efficient and function much more stronger, better and faster.