Loading…
Streaming: https://mssvideo.vcu.edu/RVAsec
Venue: Upstairs, Grand Ballroom F/G clear filter
Tuesday, June 9
 

11:00am EDT

Hacking Customized IDE Distributions: Methodology Behind Six Figures in Bug Bounties
Tuesday June 9, 2026 11:00am - 11:50am EDT
Upstairs, Grand Ballroom F/G
Customized IDE distributions pose a lucrative attack surface due to the interconnected systems they interact with, usually highly privileged. This talk covers high level technical ecosystem architectures, IDE threat modeling, common attack vectors, and takes a stab at defining an IDE exploitation kill chain. While specific bug bounty targets and findings remain undisclosed, the methodology developed while producing them will be covered.
Speakers
avatar for Nick Copi

Nick Copi

Full Time Bug Bounty Hunter
Nick Copi is a full time bug bounty hunter targeting web applications, cloud infrastructure, desktop apps, and pretty much anything with an attack surface. His background spans application security engineering, full stack development, and a long track record of CTF competition wins... Read More →
Tuesday June 9, 2026 11:00am - 11:50am EDT
Upstairs, Grand Ballroom F/G
  Technical

1:00pm EDT

I Called Your AI Agent and It Told Me Everything: Live Voice AI Red Teaming
Tuesday June 9, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G
You'll leave this talk understanding:
  1. How voice AI agents are architecturally different from text chatbots
  2. The specific attack vectors unique to voice: transcription manipulation, DTMF injection, audio-layer prompt injection, and social engineering through vocal tone
  3. A repeatable methodology for testing voice AI systems in your own organization
  4. Concrete remediation strategies for the most common findings
Speakers
avatar for Brian Cardinale

Brian Cardinale

Principal Security Researcher, SecureCoders
Brian Cardinale is the Principal Security Researcher at SecureCoders and creator of the TEAPOT methodology for voice AI red teaming. He holds a CISSP and has spent his career breaking things that aren't supposed to break. Brian built VoiceGoat, the first open-source vulnerable voice... Read More →
Tuesday June 9, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

2:00pm EDT

Social Engineering The Machine: When Your Target Runs On Attention Instead Of Anxiety
Tuesday June 9, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G
Every AI talk this year will tell you prompt injection is a problem. This one gives you the methodology to actually exploit it. Borrowing from decades of adversarial human testing, we’ll move past "vibes" and "jailbreak screenshots" to build a working, repeatable framework for social engineering the machine.
Speakers
avatar for Jason Ross

Jason Ross

Product Security Principal, Salesforce
With 20+ years in cyber security, Jason Ross now performs adversarial testing and defense of deployed generative AI applications, agentic systems, and the LLMs powering them at Salesforce. Jason's work focuses on prompt injection attacks and defense, model governance and security... Read More →
Tuesday June 9, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

3:00pm EDT

Robots vs Robots – Securing AI and the Data that Powers It
Tuesday June 9, 2026 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom F/G
As AI systems, copilots, and autonomous workflows proliferate, defenders must secure not only the data that fuels them, but the AI behaviors, access paths, and automation they introduce. Robots vs. Robots explores how organizations can protect AI systems end‑to‑end by controlling data exposure, governing AI access, and using automation to stay ahead of adversaries.
Tuesday June 9, 2026 3:00pm - 3:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

4:00pm EDT

Breaking Tokens: Modern Attacks on OAuth, OIDC, and JWT Auth Flows
Tuesday June 9, 2026 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G
As applications embrace OAuth, OIDC, and JWTs for federated authentication, attackers are shifting focus to token abuse and logic flaws rather than password theft.
This talk explores how modern auth systems can be compromised through token replay, session fixation, and insecure implementation of identity protocols.

We’ll walk through real-world examples — including intercepted tokens, replayed sessions, and privilege escalations through misconfigured scopes and claims.
We’ll also demonstrate a purpose-built lab environment and open-source tooling to analyze and detect these flaws, helping teams validate their own auth integrations.

Finally, we’ll discuss secure patterns for token handling, revocation, and identity proofing that can prevent these modern attacks before they reach production.
Speakers
avatar for Bhaumik Shah

Bhaumik Shah

CEO, SecurifyAI
Bhaumik Shah is a cybersecurity leader and founder of Securify, where he helps organizations secure their cloud, applications, and infrastructure through penetration testing, red team operations, and compliance programs like SOC 2 and ISO 27001. With over a decade of experience uncovering... Read More →
Tuesday June 9, 2026 4:00pm - 4:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical
 
Wednesday, June 10
 

10:30am EDT

From OSINT to Detection: Building an Agentic CTI Pipeline
Wednesday June 10, 2026 10:30am - 11:20am EDT
Upstairs, Grand Ballroom F/G
Modern threat intelligence moves fast, but detection engineering lags. This talk presents an agentic workflow that transforms OSINT into actionable detections using structured extraction, LLM reasoning, and automated validation. Transparent, auditable pipelines accelerate the CTI lifecycle, from ingestion to Sigma rules, while preserving analyst control, reducing time-to-detection from days to hours.
Speakers
avatar for Andrew Skatoff

Andrew Skatoff

Senior Manager Information Security, Federal Reserve Bank of Richmond
Andrew is a cybersecurity senior leader with over 20 years of experience protecting critical financial infrastructure within the national financial infrastructure. He leads large-scale programs spanning incident response, threat hunting, and detection engineering, and has served as... Read More →
Wednesday June 10, 2026 10:30am - 11:20am EDT
Upstairs, Grand Ballroom F/G
  Technical

11:30am EDT

Flirting With AI: Pwning Web Sites Through Their AI Chatbot Agents
Wednesday June 10, 2026 11:30am - 12:20pm EDT
Upstairs, Grand Ballroom F/G
Everyone is implementing AI chatbots to improve their customer experience and journey, without increasing call centre costs. But this comes with risk: get the configuration wrong and that chatbot can be convinced to part with data that it shouldn't. We think of conventional cyber security controls as being binary, yet AI can sometimes hallucinate, lie and mislead. It's a brave organization that would trust their perimeter security exclusively to AI. We'll include some live demos to illustrate the problem.
Speakers
avatar for Paul Brownridge

Paul Brownridge

Head of Technical Delivery, Pen Test Partners
Paul Brownridge is Head of Technical Delivery at Pen Test Partners, the ethical hacking firm. Originally from an engineering background, Paul swapped his hard hat for a white hat and has been working in cyber security for the last 10 years. His practical experience of industrial environments... Read More →
Wednesday June 10, 2026 11:30am - 12:20pm EDT
Upstairs, Grand Ballroom F/G
  Technical

1:00pm EDT

Initial Access in 2026 – The Power of the Spoken Word
Wednesday June 10, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G
Defensive detections and protocols have come a long way. The adoption of MFA was once the sign of a security minded client with a mature security posture but has reached the level of commonplace. Gaining initial access via email or web application has become so difficult that its often skipped entirely as companies opt to place the attacker on the inside of the network as the starting point. Yet, business compromises are on the rise. What are attackers using if they no longer rely on business email compromise as their go-to initial access vector. Well, as was the case with MGM, they’re often just picking up the phone.
Speakers
avatar for Mike Bailey

Mike Bailey

Hacker, Rotas

avatar for Ariyan Suroosh

Ariyan Suroosh

Principal Security Consultant, Rotas Security
Ariyan Bakhti-Suroosh is a Principal Security Consultant at Rotas Security, specializing in offensive security, social engineering, and physical facility penetration testing. With over seven years of experience, Ariyan has led enterprise-scale penetration tests, advanced adversary... Read More →
Wednesday June 10, 2026 1:00pm - 1:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical

2:00pm EDT

Catching Collection in M365: Outlook and SharePoint Canary Tokens
Wednesday June 10, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G
After a stolen token grants access to M365, the next move is predictable: search for value before exfiltration. This talk shows how to detect that collection phase using canary tokens built on native telemetry across Outlook and SharePoint/OneDrive. We cover end-to-end implementation and results from live production deployments, including what produced high-fidelity signal and what created noise.
Speakers
avatar for Ryan O'Donnell

Ryan O'Donnell

Senior Security Engineer, Microsoft
Ryan O'Donnell is a Senior Security Engineer at Microsoft. Over the last 13+ years, he's been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has presented at the followinhttg conferences: Wild West Hackin' Fest, Saintcon, Hack Space... Read More →
Wednesday June 10, 2026 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G
  Technical
 

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Tuesday, June 9
Wednesday, June 10
Downstairs, Capital Ballroom
Downstairs, Capital Ballroom / Middle
Downstairs, Foyer
Downstairs, Madison / Jefferson / Monroe
Downstairs, Shenandoah
Upstairs, Desk
Upstairs, Grand Ballroom D/E
Upstairs, Grand Ballroom D/E/F/G
Upstairs, Grand Ballroom F/G
  • 101
  • Business
  • CTF
  • Food
  • Informational
  • Keynote
  • Social
  • Technical
  • Vendor Break
  • Village
  • Popular