BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Attacks as a Service with The DeRF\n When: Friday\ , Aug 11\, 12:30 - 12:59 PDT\n Where: Flamingo - Mesquite - Cloud Villag e - [1]Map\n\n SpeakerBio:Kat Traxler \, Principal Security Researcher a t Vectra AI\n Kat Traxler is the Principal Security Researcher at Vectra AI focusing\n on threat detection in the public cloud. Prior to her cur rent role\,\n she worked in various stages in the SDLC performing web ap plication\n penetration testing and security architecture design for Web \, IAM\,\n Payment Technologies and Cloud Native Technologies.\n\n Kat 's research philosophy directs her attention to where design flaws\n and misconfigurations are most probable. This guiding principle leads\n her research to the intersection of technologies\, particularly the\n conve rgence of cloud security and application security and where the\n OS-lay er interfaces with higher-level abstractions.\n\n Kat has presented at v arious conferences including the SANS\n CloudSecNext Summit and fwd:Clou dSec on topics such as privilege\n escalation in GCP\, and bug-hunting i n the cloud. In addition to her\n work at Vectra AI\, she is a member of IAN Faculty and the Lead Author\n of the SANS SEC549 - Enterprise Cloud Security Architecture and\n currently holds multiple GIAC certification s. You can find her on the\n internet as @nightmareJS\n\n Twitter: [2] @NightmareJS\n\n Description:\n Introducing the DeRF (Detection Replay Framework)\, a tool which hosts\n attack techniques and supports the in vocation of those attacks across\n cloud environments. What sets DeRF ap art from other cloud attack\n tools?\n\n * User-Friendly Interface: Since the DeRF is hosted in Google Cloud\,\n End Users can invoke at tacks through the cloud console UI without\n the need to install sof tware or use the CLI.\n\n * Accessibility for Non-Security Professiona ls: The DeRF caters to a\n broad audience of End Users\, including E ngineering\, Sales\, Support\n Staff or automated processes.\n\n * Robust OpSec: Long-Lived Credentials are not passed between\n ope rators\, instead access to the DeRF and its attack techniques\n are controlled through GCP IAM Role-Based Access Control (RBAC)\n\n * Exte nsibility at its Core: Attack sequences are written in YAML\,\n enab ling easy configuration of new techniques.\n\n * Turn-Key deployment: Deploying (and destroying!) the DeRF is a\n fully automated process\ , completed in under 3 minutes.\n\n During this demo\, we will guide you through the straightforward and\n automated deployment process for the DeRF. We'll demonstrate how to\n invoke pre-configured attack techniques and illustrate how you can\n customize the framework to align with your internal attacker profile.\n By deploying the DeRF within your organiza tion you can easily spin up\n attacker simulations\, to augment training or automate the testing of\n detection capabilities.\n\n '\n\n 1. # FlamingoThirdFloor\n 2. https://twitter.com/NightmareJS\n\n\n DTEND:20230811T195900Z DTSTART:20230811T193000Z LOCATION:CLV - Flamingo - Mesquite - Cloud Village SUMMARY:Attacks as a Service with The DeRF END:VEVENT END:VCALENDAR