fbpx Skip to main content

Application Security (AppSec)

CypherCon's Application Security (AppSec) community consists of hackers from the red team (attackers - works to break into systems), the blue team (defenders - works to keep the systems safe) and the purple team (Mix of both red teams and blue teams working to improve collaboration) Application Security (AppSec) members come together to learn how to exploit software vulnerabilities and other weaknesses in software. Software is everywhere and in everything. The software attack surface continues to grow and is attractive for abuse.

2023

KEYNOTE: Cameras.ICU

Jonathan Tomek & Cory Kujawski

ATT&CKing Unicorns

Matthew Lange & Gary Lobermier

Creativity 3.0: How Web3 Will Shape The Future of The Creator Economy.

Ian McCullough (Cullah)

A Hole In The Boat – How APIs Threaten Everything

Richard Bird

A World Without Passwords

Andy Jaw

GUR RIBYHGVBA BS PELCGBTENCUL

Mr. Jeff Man

The Call’s Coming from Inside the House: Authentication Proxy Attacks: Detection, Response and Hunting

Chris Merkel

Offensive Security & The Evolution of Attack Path Management

Joe Mondloch

Hacking and Defending APIs

Robert Wagner

Hunting Before Day Zero

Ryan LaBouve

Achieving a Threat-Informed Defense with MITRE ATT&CK

Ben Opel

No Longer a No-Go: How to Safely Scan OT Devices in Critical Environments

Chris Kirsch

Learning to Manipulate Safe Dials

Dustin Heywood (Evil_Mog)

Are they human or scripts? The level of human involvement behind RDP brute-force attacks

Andréanne Bergeron, Ph.D

Exposing the Threat: Uncovering the Hidden Risks to Your Cable Modem Security

Daniel Walters

Voiding your warranty, a wireless journey.

Eric Escobar

Command & Control: Malware Deobfuscation via Phishing

Robert Lerner

How The Sausage is REALLY Made: CloudOps for Red Teamers

John Ventura

SQL Injection: A history’ OR 1=1; —

Will McCardell

Agile Security Teams

Naveen VK

Patch? We can’t patch! An Introduction to OT/ICS Systems

Luciano Moretti

Secret Handshake: A Mutual TLS Based C2 Communication Channel

John Conwell

Watching the Watchers – Analyzing URL Scanning Solutions at Scale

Nicholas Anastasi

Security Does Not Need To Be Fun: Ignoring OWASP To Have A Terrible Time

Dwayne McDaniel

AI for Red Team and Malware Development

Kirk Trychel

Evading EDR by DLL sideloading with C#

Gary Lobermier

You’ve Got Mail (and Misdirected Funds): A Demo of Business Email Compromise

Drew Hjelm

PCI DSS v4.0 Is Here – Now What?

Kyle Hinterberg

Now anyone can become a cellular provider! How anyone can build their own cellular network and how I built one for Milwaukee

Russell From

What’s Right in Cybersecurity

Matteo Rebeschini

Extra description