'Never Break The Chain - How real attacks are built'
Details
Have you hear of a “critical” vulnerability that should have led to a breach… but didn’t?
Have you hear of a breach where no single security risk looked that impressive on its own?
That’s not a coincidence. Real attacks don’t win because of one perfect exploit. They happen when multiple, often unremarkable issues are chained together. Because small, forgettable issues get connected by someone who understands the system better than the people defending it.
In this talk, we’re going to look at trending vulnerabilities rooted in real-world business logic, and more importantly, how attackers actually connect them and turn them into complete attack chains.
We’ll walk through modern attack chains involving supply chain compromises, third party dependencies, dependency confusion, broken access controls, command injection, and multi-step logic flaws that only become exploitable when you stop thinking like a defender and start thinking like an attacker. Because defenders don’t lose when they miss a vulnerability, they lose when they break the chain in the wrong place, or don’t see it forming at all.
We’ll also look at how generative AI has changed the game. How attackers are using context aware GPT agents to move faster, reduce noise, and turn what used to be DAST false positives into working exploits. How custom, AI assisted 0-days are no longer a future problem..they’re already here.
Our presenter 'Burninator' is an AI cybersecurity architect and consultant, and was a teenage hacker and then software engineer before becoming an application security red-teamer in 2018. Since then, she has been earning bug bounties, releasing new CVEs, original exploit techniques, training penetration testers and conducting R&D projects as a technical lead. Burninator organizes Maine 2600, and has spoken about hacking and bot writing at many conferences, including DC207, IC2, CactusCon, Live360! , SkyTalks, and Black Hat. She has also volunteered at the Red Team Village at DEFCON in Vegas.
- For more DCG518 Group information and updates, check our site https://dc518.github.io/
- Doors open at 1:00pm for social hang out. The presentation starts sharp at 2pm. The Guilderland Public Library is located at 2228 Western Avenue, Guilderland, New York 12084
- This event is free and open to all the community. No attendee limits.
Everyone is welcome!