RVAsec 15

“A Peek Behind the Curtain: How A.I. Works” offers a clear, non-technical tour of how modern AI systems learn from data and generate predictions or content. The talk demystifies key concepts like training, inference, and model limitations so attendees can better understand what AI can—and can’t—do.

Discover how to use Zeek in order to create custom detections for network threats. We will go over how to create a real detection using Zeek via scripting, protocol analysis, and log analysis.
Zeek is a network monitoring tool that analyzes network traffic with custom analyzers and produces logs. This talk will go over a real threat from beginning to end. This talk will walk through a Redis RCE exploit (eg https://medium.com/@knownsec404team/rce-exploits-of-redis-based-on-master-slave-replication-ef7a664ce1d0) based on master-slave replication and how Zeek can be used to detect it. This will also go over Spicy, a protocol parser generator, and how it helps to detect cases like this.

As an Offensive Security Consultant, I often joke that my job is 90% troubleshooting and 10% breaking things. Truthfully, developing the skill and methodology for finding the right information, tools, or techniques and implementing them when things get borked is at the heart of hacking. Similarly, that same skill if applied to our attitude, health, relationships, and career can make the difference between a steady pace and quickly flaming out in life.

This talk is aimed at folks who are currently employed in Cybersecurity, those looking to transition in, and those who are ready to transition out - basically anyone! We'll talk about what troubleshooting is, and how developing an effective strategy in troubleshooting technical things can apply to the non-technical aspects of life with some real-world examples, audience participation, and some practical tips to ground this concept into everyday life.

Ransomware attacks are the visible event. The access economy enabling them is not. This session maps that economy — how access is acquired, automated, and converted into ransomware deployment — using intelligence from years of undercover operations inside the criminal underground. Attendees will leave with a working model of how initial access brokers operate, and a concrete illustration of how fast CVE exploitation moves from public disclosure to active resale: in February 2026, operatives observed IABs selling confirmed access attributed to a critical BeyondTrust vulnerability within 17 days of vendor advisory. The session closes with a case study of an ALPHV affiliate whose documented operational mistakes contributed to a DOJ prosecution — and a framework for how the private-sector-to-law-enforcement intelligence loop works when it functions correctly.

In cybersecurity, we spend a lot of time talking about new CVEs, what tools could fill this gap, how can we automate this, and how we can use AI here. We debate coverage, stack optimization, and detection engineering. At the same time, many teams are operating under negative budgets, understaffing, and constant pressure to do more with less.

What we don’t talk about enough is the role people play in all of this.