Krakow, Poland, 19 - 21 June 2024
Mackenzie is a developer and security advocate with a passion for DevOps and application security. As the co-founder and former CTO of the health tech company Conpago, he learned first-hand how critical it is to build secure applications with robust developer operations.
Today Mackenzie continues his passion for security by working with the GitGuardian research team to uncover the latest trends malicious actors are using. Mackenzie is also the host of The Security Repo podcast, an established security writer, and an experienced global speaker.
2023 will be known as the year of AI was launched into an unprepared world. AI has changed the security landscape in many areas, from next-gen phishing emails to AI-powered script kiddies. In this presentation, we demo how hackers and red teamers are using AI to their advantage.
1 What is AI
We will explore how AI models are trained, including looking at the most common training set, the ‘Common Crawl Database’ and why generative AI can consume trash, yet still sound convincing in their answers. We will also dive into the different types of AI such as LLMs vs generative AI, predictive AI, and contextual AI.
2 AI in the wrong hands
We show how malicious actors can use AI tools for nefarious activities including abusing AI dependency hallucinations, data poising, and using prompt injection to get to the hidden treasures of an AI model. We also look at the concerns of open-source AI models which can be adapted to give script kiddies super powers.
3 Using AI safely
During this section, we will discuss some of the many ways AI can be used to help developers without destroying security
4 Conclusion
AI is neither good nor bad, but it is here to stay. By reviewing how malicious actors use AI, the risks that come with it, and the benefits it brings, this survival guide will help any developer, hacker or defending build for and with AI.
Take a step into the world of black hat hacking groups and follow them step by step through a supply chain attack.
Software supply chain attacks have become alarmingly more prominent over the past years. Successful exploits have changed the economics adversaries use allowing them to conduct more sophisticated attacks which have wide-reaching implementations. This presentation will focus on exactly how adversaries target and exploit the software supply chain.
We first examine broadly what supply chains are using the SLSA framework and take a short journey into the interesting world of hacker economics, hackanomics if you like. Here we will explain the relationship between financial risk and reward that drives malicious actors' activities, further exploring why attacking the supply chain flipped previous economic models on this on their head.
Next, we will focus our attention on three different methods of attacking the supply chain, these are:
- Attacking the CI/CD pipeline
- Breaching the version control systems (VCS)
- Poisoning open-source dependencies
- Abusing AI LLMS
For each of these methods we take a walk through the anatomy of high-profile successful attacks, walking the audience through how initial access was made, how privileges were escalated, and ultimately how the hackers achieved their goals.
In the final stretch, we'll synthesize our findings into effective defense strategies, emphasizing the concept of inside-out security, breach detection, and containment.
Searching for speaker images...
Ticket prices will go up in...
You missed out!
Venue address
ICE Krakow, ul. Marii Konopnickiej 17
Phone
+48 691 793 877
info@devoxx.pl