The race against time: Side-channel and timing attacks then and now.
Abstract
Presenter
If I hear you type, can I infer your password? If I listen to your CPU, can I infer your encryption keys? If multiple tenants share the same machine, can they infer secrets from one another? The answer to all of these is, unfortunately, yes. I’ll recant some older and more recent stories and offer a glimpse into mitigations for these pernicious vulnerabilities.
Dispelling the myths and legends of a secure AI pipeline
Presenters
Muhammed Muneer Senior Consultant (Google-Mandiant)
Dan Browne Senior Consultant (Google-Mandiant)
Abstract
Most organizations are confused by what to do about generative AI due to being blinded by the hype and click-bait coming from the media.
We will dispel myths and legends and explain it in clear simple terms using what you already understand and are familiar with.
We will then show you a method of looking at AI within your environment and talk about ways to secure it.
We will cover:
- What is generative AI?
- Why it matters to you as a security defender?
- What are some of the myths and legends?
- What are some examples of how companies are dealing with generative AI today?
- What are some of the attacks today?
- SAIF (Google’s Secure AI framework) – an overarching framework for general principles on secure AI.
- What does an AI pipeline look like?
- What it’s similar to.
- What the technologies are
- GAIA top 10 (a list of top 10 flaws in an AI pipeline that can be used to target remediation in your environment)
Passkey, What is it?
Presenter
Abstract
There is a new password killer on the loose. There have been others before Passkey, but they were not up for the challenge and failed to complete its mission. Passkey is different and looks like it might actually stick around and manage to do what others before it failed to do.
Siggi will explain this in more details in his presentation, specifically answer the following questions and more
- Why is killing passwords a good thing?
- How does Passkey makes us more secure while simplifying our logon experience?
- Why can we trust Passkey?
- Who is behind Passkey?
- Where can you currently use Passkey
Every Contact Leaves a Trace
Presenter
Abstract
The Internet now touches and intrudes on almost every aspect of our lives. There is a flood of data available that identifies individuals at our fingertips, sometimes apparent, but more often hidden. Conducting investigations in this new world has provided new opportunities as well as technical challenges, and has raised legal and ethical issues along the way. Now with the smallest piece of information we can uncover crimes and corruption. Still, these same techniques can be used by malicious actors, authoritarian states, and even corporations for unethical and even nefarious purposes . In this presentation, Ken Westin will discuss real investigations and techniques he has used to track and unveil organized crime groups, white-collar cybercriminals, and disinformation and how these same techniques can be used against the innocent. Ken will also discuss why this Pandora’s Box will continue to bring challenges to privacy, truth, and human rights and how we as a community can help to protect all three.
Hybrid Active Directory Attacks: Anatomy and Defenses
Presenter
Abstract
Active Directory is under attack! Attackers know exactly what to look for and how to exploit AD. Organizations are desperate to know how to secure AD. This session will show attendees what attackers do, and with this knowledge, they can efficiently secure their AD. Both AAD and on-prem AD will be covered, to give participants a list of what exactly they need to look for and secure.