WWHF @ Mile High 2025

Everyone else is doing automated testing - why aren't red teamers? Be confident your payload will execute, regardless of the options you picked, by integrating shellidate into your continuous integration pipelines!

Are you ready to become the Golden Unicorn of cybersecurity—a technical powerhouse who bridges the gap between hacking and risk management? The industry buzz around Golden Unicorns refers to individuals who are not only masters of red teaming but also fluent in the language of governance, risk, and compliance (GRC). They’re rare, powerful, and essential to shaping a secure organization.In this session, we’ll decode the mystery of risk management and why it matters to hackers and red teamers. You’ll learn how the vulnerability tools you already use—like Snyk and Qualys—fit into risk management plans and how to level up your skills to communicate risks effectively to leaders and stakeholders. Plus, we’ll break down how to read workpapers and understand the fundamentals of control assessments, demystifying processes that are critical for effective risk mitigation.This session is packed with actionable insights and practical takeaways—so bring your A-game and get ready to rock and roll. Join me to hack risk management, elevate your career, and become the Golden Unicorn that every organization needs. It’s time to own the spotlight and prove that hackers can lead the way in managing risk with innovation and technical excellence.

Large Language Models (LLMs) have opened up the floodgates for a whole new generation of security tooling. One of the most obvious applications is automatic discovery of vulnerabilities which so far has had extremely mixed results. Can LLMs “get good” at vulnerability discovery? In this talk, we cover our approach to the problem going into all the success and fails along the way. Finally, we will be tool dropping VulnHuntr, which implements our approach to using LLMs for discovering vulnerabilities through static code analysis along with presenting a number of 0days that were found by it.

TL;DR: This talk shares our journey building a custom SOAR-like solution for Microsoft Sentinel that 1) combines full-code flexibility with low-code simplicity, and 2) overcomes the limitations of Logic Apps in performance, maintainability, and debugging. Learn about architecture and design decisions, integrations, limitations and other lessons we learned when building our SOAR.
 
Microsoft Sentinel offers a robust SIEM platform, but its automation capabilities are heavily reliant on Logic Apps, Azure’s low-code automation tool. While functional, Logic Apps present a lot of challenges, most notably in performance, maintainability, and debugging. This is especially true for more complex automation needs.
These limitations motivated us to develop a custom SOAR-like solution that combines the flexibility of low-code automation with the power and precision of full-code capabilities.
 
We built a solution designed to:

• Support both full-code and low-code automations.
• Operate modularly across diverse environments.
• Be extensible for custom integrations and enhancements.
• Address known limitations in Sentinel’s native automation.
• Run seamlessly within Azure.

 
In this talk, we share the architecture, implementation, and lessons learned from building this system. Key topics include:

• System architecture and design decisions.
• Integration with Sentinel data.
• UI and dashboarding for visibility.
• External and internal interfaces.
• Caching strategies.
• Error handling, traceability, and debugging.

 
By the end of this session, you will have actionable insights to build or enhance your own automation solutions on Microsoft Sentinel, avoiding common pitfalls and maximizing efficiency.

Malware used in ransomware campaigns and targeted attacks makes a concerted effort to conceal its injected code from AVs, EDRs, and manual inspection. This deception includes removing obvious signs of malicious code like regions that are allocated readable, writable, and executable or DLLs loaded from unusual directories. Instead, modern forms of code injection, such as process hollowing, process ghosting, module stomping, and their many variants are used to bypass scanners that rely on outdated detections. In this talk, attendees will be taken through the methods that modern malware uses to inject code in a stealthy manner along with how such malware can be detected using volatile memory analysis. This analysis will be performed using Volatility 3, the latest version of the most widely used open-source memory forensics framework. Attendees will leave understanding how to detect modern code injection and with slides documenting how to integrate such detection workflows in real-world, enterprise settings.

The sheer volume of pentest and vulnerability data can overwhelm security teams, making it challenging to turn this information into actionable insights. Manual reporting and prioritization of findings are often time-consuming and prone to error. This presentation will explore how AI can streamline these processes by automating report writing and prioritizing findings based on business impact and risk frameworks. Attendees will learn how to safely and effectively leverage AI to: Streamline report generation: AI can automatically create comprehensive, customized reports, significantly reducing the time and effort required by security teams. Improve accuracy: By analyzing data objectively, AI minimizes human error and identifies potential inconsistencies. Prioritize findings based on business impact: AI evaluates the potential effects of vulnerabilities on critical business functions, ensuring that remediation efforts target the most significant risks. Align with risk frameworks: AI can assist organizations in aligning their risk management practices with industry standards and regulatory requirements. This session will provide practical insights into how AI can automate pentest and vulnerability reporting, enabling security teams to focus on higher-value activities and make more informed decisions.

The sheer volume of pentest and vulnerability data can overwhelm security teams, making it challenging to turn this information into actionable insights. Manual reporting and prioritization of findings are often time-consuming and prone to error. This presentation will explore how AI can streamline these processes by automating report writing and prioritizing findings based on business impact and risk frameworks.
Attendees will learn how to safely and effectively leverage AI to:

• Streamline report generation: AI can automatically create comprehensive, customized reports, significantly reducing the time and effort required by security teams.
  
• Improve accuracy: By analyzing data objectively, AI minimizes human error and identifies potential inconsistencies.
  
• Prioritize findings based on business impact: AI evaluates the potential effects of vulnerabilities on critical business functions, ensuring that remediation efforts target the most significant risks.
  
• Align with risk frameworks: AI can assist organizations in aligning their risk management practices with industry standards and regulatory requirements.
  

This session will provide practical insights into how AI can automate pentest and vulnerability reporting, enabling security teams to focus on higher-value activities and make more informed decisions