Schedule — Nov 15, 2025

Duration: 15 minutes

Bio

Former attorney turned pentester, Joel Coakley is a Senior Offensive Security Consultant with Depth Security. With an extensive background in consulting and network and Active Directory testing, Joel focuses on improving how technical risk is communicated to both small and enterprise organizations. He provides practical, prioritized remediation guidance tailored to each organization's environment and business needs. Outside of work Joel trains for marathons, spends time with family, and cares for his pets.

Talk description

This session highlights five common categories of weak passwords frequently seen during password audits and pentests and provides concrete examples and mitigation steps analysts and administrators can use:

1. Password Reuse — Reused credentials across services remain one of the most common vectors for initial access.
2. Breach Credentials — Stale breached passwords and predictable variations still succeed against many accounts.
3. Accounts with Weak Policies — Accounts exempt from expiration or with lax controls are high value targets.
4. Tenant-specific Predictable Passwords — Custom deny lists and tenant conventions can be abused if not kept current.
5. Onboarding/Reset Schemes — Standardized onboarding or reset patterns often produce guessable initial passwords.

Duration: 45 minutes

Bio

Garrett Foster is an offensive security researcher with over six years in IT and security, having worked across the finance, healthcare, and energy sectors. His roles have included SOC analyst and systems administration, and he now focuses on offensive research into Active Directory and enterprise tooling. Garrett publishes tooling and research to help the security community understand attack pathways and improve defenses.

Talk description

Microsoft Configuration Manager (SCCM) remains a core endpoint management tool for many enterprises and carries significant legacy complexity. In this talk Garrett demonstrates real-world techniques attackers use to abuse SCCM assumptions and dependencies to escalate privileges, impersonate administrative roles, or achieve persistence. The session includes concrete case examples, an attacker's methodology, and practical mitigations administrators can apply to reduce exposure.

Duration: 45 minutes

Bio

Nic Losby is a Senior Consultant on the Mandiant Offensive Security Services (OSS) Red Team. Over six years Nic has performed dozens of pentests and red-team operations and is a subject-matter expert in internals, password auditing, embedded devices, and offensive tooling. Nic publishes tools and research to help practitioners conduct more effective offensive assessments and to surface defensive gaps.

Talk description

This session explains the project's background, the engineering challenges of building distributed rainbow tables at scale, and the practical implications for pentesters and red teams. Attendees will learn where to obtain the tables, trade-offs when using them, and methods for checking whether NTLMv1 is present in an environment.

Duration: 45 minutes

Bio

Victor (Gr1mmie) is a developer, tinkerer, and pentester currently performing engagements for RSM. He focuses on Active Directory, reverse engineering, and embedded or game-related systems. With three years of professional experience and a decade of hands-on tinkering, Victor enjoys research, building tools, and exploring unconventional security topics like game and hardware hacking.

Talk description

This talk walks through learning Unity game hacking using the mono framework by building a cheat pack for Valheim. It covers how to get started, common cheat types, techniques to hijack existing game functionality, and how to safely prototype and test modules. Content is presented for educational and research purposes only.

Duration: 45 minutes

Bios

Skyler Knecht: Skyler is a Senior Security Consultant at SpecterOps. He performs security assessments for large organizations, focuses on initial access research, and contributes to open-source tooling and vulnerability research. Skyler has presented at conferences including DEF CON and BSides.

Kevin Clark: Kevin Clark is a Security Consultant with TrustedSec and a Red Team Instructor. He has a background in software development, penetration testing, and offensive operations, and regularly delivers training and conference presentations.

Talk description

Many red-team engagements use a full C2 implant by default. This presentation argues that for assumed-breach scenarios, a lighter operational footprint is often preferable: the presenters will show alternatives to deploying persistent implants, discuss trade-offs, and present operational workflows that accomplish objectives with less noisy tooling.

Duration: 45 minutes

Bio

Annika Clarke is a Red Team Consultant and Offensive Security Engineer at Security Risk Advisors. She builds offensive tooling and custom exploitation techniques for real-world engagements, with a focus on abuse of developer ecosystems and interpreter-based payloads. Annika has led numerous assessments where she combined social engineering, tooling, and creative persistence to bypass hardened endpoint defenses, and she publishes research and tooling to improve community defensive practices.

Talk description

This talk demonstrates how trusted developer applications and interpreted languages can be weaponized to evade modern EDR. Attendees will see:

• Examples of backdoor techniques implemented via Node.js, Python, and VS Code/Electron extensions.
• How attackers leverage legitimate developer workflows and packaging to decrease detection surface.
• Case studies from engagements showing escalation and persistence achieved without traditional native implants.
• Practical mitigations defenders can apply to reduce risk while preserving developer productivity.

Duration: 45 minutes

Bio

Jonn Callahan's background is in application security, cloud environments, and containerization. His interest in writing code and architecting systems has led to a refined talent for deep diving highly complex and disparate systems. His work in SRA's R&I team building internal tool suites and contributions to Red Team strategy has resulted in leading high-profile engagements across startups and large enterprises.

Talk description

For many organizations, long gone are the days of poorly managed Jenkins servers. For OffSec practitioners, so are the easy script-console pivot points. The modern development landscape is a complicated system of third-party SaaS platforms, custom integrations, complex control planes, and bespoke development processes. This talk explores these modern systems, the controls they expose, and inherent weaknesses. It addresses the problem from a high-level design perspective and maps exploitation primitives and controls to popular source-forge providers. Rather than rehashing OIDC or pwn request talks, it focuses on how even well-designed systems provide opportunities for full production takeovers from a single compromised developer account.

Duration: 15 minutes

Bios

reava: reava is a cybersecurity practitioner with a background in incident response and threat attribution, now focused on defending supply chain ecosystems. Their work centers on identifying systemic threats, coordinating remediation across suppliers, and designing scalable programs that reduce persistent malicious infrastructure. reava combines hands-on response experience with data-driven approaches to prioritize high-impact remediation efforts.

Julius Garza: Julius Garza is the US Incident Response and Cyber Threat Intelligence Lead at Avient Corporation, where he oversees detection and response operations, insider threat investigations, and data protection. He leads cross-functional efforts in incident coordination and SOC process development and serves as the technical liaison to NEOCC for threat intelligence sharing. When he's not coaxing AI platforms to author new security tooling or automating Tier 0 triage, he's highly likely to catch you a delicious bass or trout.

Talk description

This short presentation frames threat remediation as an ecosystem problem: rather than treating every IoC individually, the talk outlines AI-assisted strategies to identify and clear recurring malicious infrastructure at scale. Topics include prioritization heuristics, automation patterns for coordinated takedowns, and measures to protect native ecosystem services.