RVAsec

Need to file for your certification CPEs?

Bring a printed copy of this PDF to the registration or info desk during the conference to have a staff member sign off. Note that we will have a limited number of them available, but if you can print on your own that is recommended in case we run out!

RVAsec 2013 Proof of Attendance - RVAsec Need to file for your certification CPEs? Bring a printed copy of this PDF to the registration or info desk during the conference to have a staff member sign off. Note that we will have a limited number of them available, but if you can print on your own that is recommended in case we... Read More

RVAsec is pleased to present ISACA VA Chapter as an RVAsec 13 Bronze sponsor!

ISACA® VA Chapter is a non-profit organization dedicated to the continued development and enhancement of the information systems audit and control profession by providing benefits to its members and to the professional community-at-large. Additionally, “to help VA Chapter members realize the positive potential of technology throughout the Commonwealth of Virginia.”

https://engage.isaca.org/virginiachapter/home

RVAsec 13 tickets are available now!
https://rvasec.com/register

Home - Virginia Chapter The site home page

RVAsec is pleased to present Red Seer Security as an RVAsec 13 Silver sponsor!
RedSeer works with each client to personally understand their systems, business model, staffing, and risks to build a comprehensive solution. Custom built to provide maximum security that meets the client's needs.

https://www.redseersecurity.com/

RVAsec 13 tickets are available now!
https://rvasec.com'/register

Looking for the RVAsec 13 schedule? Want to know the room layout? Want to engage with fellow attendees or speakers?

𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐭𝐡𝐞 𝐑𝐕𝐀𝐬𝐞𝐜 𝐌𝐨𝐛𝐢𝐥𝐞 𝐀𝐩𝐩!

You can easily download the Sched app for iOS or Android (search Sched in the app store). After downloading, you can log into Sched (should be synced with your ticket purchase).

You can set your own agenda so you won’t miss a thing, as well as provide speaker feedback as soon as the talk is over. You can find maps, a directory and even engage with speakers, sponsors and attendees.

https://rvasec.com/rvasec-13-mobile-app/

RVAsec is pleased to present Cloudflare as an RVAsec 13 Co-Sponsor After Party sponsor!

Powered by an intelligent global network, our connectivity cloud is a unified platform that helps your business work, deliver, and innovate everywhere.

https://www.cloudflare.com/

RVAsec 13 tickets are available now!
https://rvasec.com/register

RVAsec is pleased to present Rubrik as an RVAsec 13 Hospitality sponsor!

Protect your data everywhere it lives with the latest innovations for AI-powered cyber resilience.

https://www.rubrik.com/

RVAsec 13 tickets are available now!
https://rvasec.com/register

RVAsec is pleased to present Blue Bastion, a division of Ideal Integrations, as an RVAsec 13 Silver sponsor!
Data breaches compromise the personal information of both you and your customers. In 2022 alone, they exposed over 22 billion records. Don’t give cyber criminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions.

https://www.bluebastion.net/

RVAsec 13 tickets are available now!
https://rvasec.com/register

There are only 9 Hotel Package tickets left, and the rate is now closed at the Marriott! This is still the best way to get a ticket & room for .

https://rvasec.com/register

RVAsec is pleased to present Check Point Software Technologies, Inc. as an RVAsec 13 Gold sponsor!
Check Point’s Infinity Platform adopts AI to better predict and prevent threats to your organization.
https://www.checkpoint.com/

RVAsec 13 tickets are available now!
https://rvasec.com/register

RVAsec is pleased to present SAIC as an RVAsec 13 Platinum sponsor!

SAIC® is a premier Fortune 500® technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.

https://www.saic.com/

RVAsec 13 tickets are available now!

7 days until the conference! We have some tickets left but a very limited amount of time left for you to get them! This is the must attend security conference in the DMV!

RVAsec 13 Security Conference RVAsec is Richmond, Virginia's security convention!

This is the LAST CHANCE to get the RVAsec hotel DISCOUNTED RATE at the Downtown Richmond Marriott. And reminder that if you still need a ticket, the hotel package is the best deal for a room+con!

Hotel - RVAsec RVAsec 2024 will be held in Richmond, VA, at the Downtown Richmond Marriott. 500 East Broad Street, Richmond, Virginia, USA, 23219 ** The room rate is $164 per night ** Use the following link to register: https://book.passkey.com/e/50711238 Please see the directions page for more information. If for...

The discounted rate for the Downtown Richmond Marriott ends TOMORROW--5/24! If you haven't booked your hotel yet DO IT NOW!

If you don't have a ticket, the best deal is the hotel package which includes your RVAsec ticket, 2 nights at the hotel, and guaranteed electronic badge!

Hotel - RVAsec RVAsec 2024 will be held in Richmond, VA, at the Downtown Richmond Marriott. 500 East Broad Street, Richmond, Virginia, USA, 23219 ** The room rate is $164 per night ** Use the following link to register: https://book.passkey.com/e/50711238 Please see the directions page for more information. If for...

RVAsec is pleased to present Arctic Wolf as an RVAsec 13 After Party co-sponsor!

End cyber risk for your organization with the Arctic Wolf® Security Operations Cloud and Concierge Delivery Model.

https://arcticwolf.com/

RVAsec 13 tickets are available now!
https://rvasec.com/register

𝐑𝐕𝐀𝐬𝐞𝐜 𝐇𝐨𝐭𝐞𝐥 𝐁𝐥𝐨𝐜𝐤 𝐄𝐧𝐝𝐬 𝐎𝐧 𝟓/𝟐𝟒!

𝐒𝐭𝐚𝐲𝐢𝐧𝐠 𝐚𝐭 𝐭𝐡𝐞 𝐇𝐨𝐭𝐞𝐥 𝐌𝐚𝐤𝐞𝐬 𝐚 𝐇𝐮𝐠𝐞 𝐃𝐢𝐟𝐟𝐞𝐫𝐞𝐧𝐜𝐞

We are only able to get the whole conference space at the Marriott because we guaranteed that we will use rooms at the hotel. It is important that we continue to show the hotel that we are able to sell rooms and hopefully they are willing to provide us better dates in the future!

** The RVAsec room rate is $164 per night **
** Once the block closes rooms are ~$220 per night **

https://rvasec.com/hotel/

RVAsec is pleased to present SAIC as an RVAsec 13 Platinum sponsor!

SAIC® is a premier Fortune 500® technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.

https://www.saic.com/

RVAsec 13 tickets are available now!
https://rvasec.com/register

RVAsec May Meeting - Tonight, 5/22 @ 5pm -

RVAsec May Meeting - Tonight, 5/22 @ 5pm Please consider staying at the hotel, this helps us a lot. Room block ends 5/24 or you can get the Hotel Package: https://rvasec.com/rvasec-13-hotel-package/

Join us at the RVAsec Lockpick Village sponsored by Rotas Security!

Test your skills on a range of locks, including mini-doors, from easy to challenging, with a variety of picks at your disposal.

Never picked a lock? Fret not! We have very beginner-friendly options available, as well as instructors to assist in your lockpicking education and adventures.

Think you’re a top-notch picker or want to challenge yourself? Then plan to enter our timed contest! Race through a series of locks and compete for the fastest time to win a prize.

To ensure everyone’s safety, we’ll provide hand sanitizer for use while you explore the ancient art of lockpicking.

Come by and have a blast with the team!

https://rvasec.com/lockpick-village-contest-sponsored-by-rotas-security/

RVAsec is pleased to present Cyberhaven, Inc. as an RVAsec 13 Gold sponsor!

Cyberhaven protects data other tools can’t see, from threats they can’t detect, across technologies they can’t control.

https://www.cyberhaven.com/

X (Twitter): Cyberhaven

RVAsec 13 tickets are available now!

RVAsec is pleased to present Grip Security as an RVAsec 13 sponsor!

Discover Shadow SaaS and rogue cloud accounts. Prioritize identity sprawl risks. Secure unsanctioned SaaS and cloud accounts. Orchestrate risk mitigation and remediation.

https://www.grip.security/

RVAsec 13 tickets are available now!

The RVAsec Capture the Flag (CTF) competition is once again run by MetaCTF and sponsored by Corelight! This year the CTF is being held in the middle of the Expo hall. The action and energy is going to be the highlight of the conference this year!

Capture the Flag is a hands-on security competition where participants are tasked with solving a variety of challenges covering a range of topics and difficulties with the goal of finding “flags.” Like last year, the competition will include both a jeopardy-style and an attack & defense component.

This CTF is beginner friendly. If you’ve never participated in one before, this is the perfect opportunity to start! We’ll host platform walkthroughs and provide a practice environment on Day 1 of the conference to help participants prepare. The actual competition will take place on Day 2. Among others, challenge categories will include web exploitation, reverse engineering, OSINT, cryptography, forensics, and binary exploitation.

https://rvasec.com/capture-the-flag-ctf-run-by-metactf-and-sponsored-by-corelight/

RVAsec is pleased to present James Madison University as an RVAsec 13 Gold sponsor!

Friendly, real people. Small classes. Nationally recognized. Affordable. In JMU’s MBA program, you aren't just a number. You’re a valued member of a diverse cohort with a myriad of business experiences and perspectives. Our hybrid study format is designed to allow you to build relationships in-person to set the foundation for rich discussion in the online sessions. Our professors are passionate about the content, and design courses that are relevant and adaptive to today's ever-changing business world—all while being mindful that you are working full time while you complete your degree.

RVAsec 13 tickets are available now!
https://rvasec.com/register

MBA Program MBA Program

Ross Merritt is a U.S. Marine Corps Veteran, Former Private Investigator, Performing Comedian, and a Cyber Security Consultant at Blue Bastion specializing in Social Engineering and OSINT.

"Improv Comedy for Social Engineering"

This talk introduces the techniques used in Improv Comedy and applies them to skills used in the OFFSEC field to enable the participants to better communicate, think on their feet, and gain confidence when operating in the unknown.

Come see Ross Merritt at RVAsec 13!
https://rvasec.com/register

Ariyan Bakhti-Suroosh is a senior security consultant on the Attack and Pe*******on team under Optiv’s Threat Management divison. Ariyan has a diverse background in information technology caused by an exigent curiosity for how things work. Ariyan has over 5 years of experience in comprehensive internal and external pe*******on testing of large enterprise environments as well as focused targeted attacks against small targets. Ariyan’s area of expertise is in physical facility penentration test where he has put together training for Optiv as well as delivered a talk at SANS Hackfest on methodology and ex*****on. X (Twitter):

"Its Coming From Inside the House: A Guide to Physical Facility Pe*******on Testing"

Physical security is crucial to any organization; however, physical security sometimes takes a back seat. Many companies still maintain a physical office presence, and protecting employees working from the office, along with other critical assets is vitally important as protecting networks. An attacker gaining access into a building through social engineering or other means of physical entry could jeopardize those critical assets and employee’s safety. Attackers may access unattended workstations, open file cabinets, server rooms, or other information inside the organization. Skilled attackers may only need a few moments to slip into a building and plant a remote access device on the network without anyone noticing they were in the building.

Come see Ariyan Suroosh at RVAsec 13!

Oren Koren is the Co-Founder and Chief Product Officer of Veriti. Oren brings 19 years of experience in cybersecurity, advanced threat analysis, and product management. Prior to founding Veriti, Oren was a Senior Product Manager at Check Point Software Technologies, where he led AI-based innovations and advanced data analytics projects redefining threat hunting and SIEM applications. Before Check Point, Oren served for 14 years in the prestigious 8200 unit and was responsible for various cybersecurity activities and research. Oren’s allocades include the Israeli Security Award and 3 MoD (Ministry of Defense) awards for cutting-edge innovations in cyber security.

"Verified for Business Continuity: How to Remediate Risk Safely Across the Enterprise"

Remediation can feel like a high-wire act, balancing the need to close exposures against the imperative of maintaining business continuity. This talk addresses the quintessential challenge: how can organizations utilize their existing arsenal of security tools to remediate vulnerabilities, misconfigurations, and exposures without halting the business engine? Glean insights from a seasoned industry expert on leveraging security logs, configurations, and threat intelligence to unearth exposures, teaching CISOs to navigate this delicate balance.

Come see Oren Koren at RVAsec 13!

RVAsec 13 Speaker Feature: Oren Koren - RVAsec Oren Koren is the Co-Founder and Chief Product Officer of Veriti. Oren brings 19 years of experience in cybersecurity, advanced threat analysis, and product management. Prior to founding Veriti, Oren was a Senior Product Manager at Check Point Software Technologies, where he led AI-based innovations...

RVAsec is pleased to present WIZ, Inc. as an RVAsec 13 Gold sponsor!

Secure Everything You Build and Run in the Cloud.

https://www.wiz.io/

RVAsec 13 tickets are available now!
https://rvasec.com/register

Jennifer Shannon is a Senior Security Consultant at Secure Ideas with a background in malware analysis, pe*******on testing, and training. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both pe*******on testing and malware analysis. She has experience performing pe*******on tests against web applications, mobile software and platforms, and physical security assessments.

Get ready for a wild ride as Jennifer Shannon, a Senior Security Consultant at Secure Ideas, takes the stage to present “”API-ocalypse”” In this thrilling and entertaining session, Jennifer will showcase the vulnerabilities lurking within APIs and the havoc they can wreak if left unaddressed. Through live pentesting demos, she will demonstrate jaw-dropping exploits, mind-bending injection attacks, and authentication bypass techniques that will leave you on the edge of your seat. Join Jennifer as she navigates the dark side of API’s to help you understand and fortify your attack surface in order to prevent the impending API-ocalypse.

Come see Jennifer Shannon at RVAsec 13!

RVAsec 13 Speaker Feature: Jennifer Shannon - RVAsec Jennifer Shannon is a Senior Security Consultant at Secure Ideas with a background in malware analysis, pe*******on testing, and training. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both pe*******on testing and...

Good news! The RVAsec 13 discounted hotel rate has been extended until May 24! Don't wait, or you'll just pay more for the same room:

Hotel - RVAsec RVAsec 2024 will be held in Richmond, VA, at the Downtown Richmond Marriott. 500 East Broad Street, Richmond, Virginia, USA, 23219 ** The room rate is $164 per night ** Use the following link to register: https://book.passkey.com/e/50711238 Please see the directions page for more information. If for...

Nick Copi, an application security engineer at CarMax, seamlessly balances his professional role with a fervent pursuit of security research. From architecting full-stack web applications to spearheading innovative security initiatives at CarMax, Nick’s diverse background enriches his insights, allowing him to bring a multifaceted perspective to his endeavors. His dominance in cybersecurity competitions, including numerous 1st place CTF victories, highlights his adeptness. As the former president of the VCU Cyber Security Club and a co-organizer of the OffsecRVA meetup group, he ardently fosters community engagement and knowledge exchange. With a knack for blending practical experience and strategic vision, Nick embodies a commitment to excellence in both his professional endeavors and his contributions to the broader cybersecurity community.

"Some Assembly Required: Weaponizing Chrome CVE-2023-2033 for RCE in Electron"

In this presentation, the development process of a remote code ex*****on (RCE) exploit for CVE-2023-2033 is discussed. CVE-2023-2033 is an N-day type confusion vulnerability that affects Google Chrome for Windows, Mac, and Linux with which an attacker can exploit Chrome V8 engine to cause heap corruption via a crafted HTML page and gain RCE. Prior to this presentation, a public RCE exploit for this vulnerability did not exist. This exploit is based on publicly available proof of concept code that uses this vulnerability to implement v8 heap read/write/addrof primitives. This presentation focuses on weaponizing these primitives to achieve remote code ex*****on consistently on an unsandboxed renderer process of an Electron version running a vulnerable version of Chrome. Methods to hijack the render process instruction pointer and to write and execute specially encoded chunks of shellcode using these primitives are discussed.

Come see Nick Copi at RVAsec 13!
https://rvasec.com/register/

David Girvin: Hacker, BJJ enthusiast, world traveler and surfer. I am a giant weirdo who somehow found my niche in offensive security. I have been blessed getting to build AppSec programs for companies like 1Password and Red Canary. I have an extremely diverse background and hope I can relate and or add value to everyones experience,

"Social Engineering the Social Engineers: How to not suck at buying software"

There is a huge gap in security and that gap is understanding the process for acquiring security tools. After buying security tools as an architect and selling as a sales engineer I know the process, pitfalls and gaps in the process. We will dive into the process for both sides. You will learn how you should be architecting your program and winning budget for those tools. We will also explore what happens on the sales side of deal. I will explain what to look out for and what you can take advantage of and the common mistakes we make.

Sales people are top tier social engineers we will explore how to hack them.

Come see David Girvin at RVAsec 13!
https://rvasec.com/register