JB_2022_TB_poster.jpg

 

 

Follow live coverage on Twitter: #JailbreakSec

The world's only security summit held at a production brewery.

Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors.

Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts.

Come participate in the talks, the conversation, and the beer!

summit@jailbreakbrewing.com


 

DATE

Friday, October 28, 2022

Location

Jailbreak Brewing Company
9445 Washington Blvd N
STE F
Laurel, MD 20723

Hours

Registration 8a
Talks 9a–5p
Reception 5p-6p

Price

$125

background_image2.jpg

Sponsors

Without the efforts of these amazing companies, the Jailbreak Brewing Company Security Summit would not have been possible. Please give them your support!

PLATINUM

GOLD

SILVER

Media coverage provided by:

Patrick Wardle

Making oRAT, Go

oRAT is a new piece of macOS malware, written in Go, belonging to a recently uncovered APT group, "Earth Berberoka". After first addressing challenges of reversing Go-based malware, we will provide the first comprehensive analysis of this intriguing threat …but not in the traditional way.

Rather we’ll highlight the creation of a custom command & control server that allowed us to uncover the malware’s full functionality, simply by asking the right questions!

Patrick Wardle is the creator of the non-profit Objective-See Foundation, author of the The Art of Mac Malware book series, and founder of the Objective by the Sea macOS Security conference. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding 0days, analysing macOS malware, and writing free open-source security tools to protect Mac users.

Danny Rogers

Disinformation and Its Threat to Democracy

We are at a watershed moment in the history of information. The internet has given historically underrepresented voices unprecedented access to tools for self-expression, new platforms to build communities, and new capabilities to speak truth to power. But in response our social internet is now being corrupted, exploited, and weaponized by those with the power to control the flow of information and distort reality. Marshall McLuhan and others predicted this rise of "fifth generation warfare" as far back as the 1970s, and now we are seeing social media provide the "perfect storm" of disinformation, with deadly consequences around the world. In an era where the dominant internet business models reward, to an extreme degree, engagement above all else, and where these engagement-driven algorithmic feeds warp the realities of well over half the world's population, no less than humanity's progress since the Enlightenment itself is threatened. Dr. Rogers will talk about how we arrived at this crisis point, how to define disinformation in the first place, and what can be done at an individual, commercial, and global policymaker level to combat this scourge.

Dr. Daniel J. Rogers is the co-founder and CTO of the Global Disinformation Index, a non-profit focused on catalyzing change within the tech industry to disincentivize the creation and dissemination of disinformation. Prior to founding the GDI, Danny founded and led Terbium Labs, an information security and dark web intelligence startup based in Baltimore, Maryland. He is a computational physicist with experience supporting Defense and Intelligence Community Cyber Operations, as well as startup experience in the defense, energy, and biotech sectors. Danny is an author and expert in the field of quantum cryptography and has published numerous patents and papers on that and other subjects. Prior to co-founding Terbium Labs, Danny managed a portfolio of physics and sensor research projects at the Johns Hopkins University Applied Physics Laboratory. He has a bachelor’s degree in Math and Physics from Georgetown University, a Doctorate in Chemical Physics from the University of Maryland, is an Adjunct Professor at New York University in their program on Cybercrime and Global Security, and a Security Fellow at the Truman Project on National Security.

Matt Rose

A Retrospective on the SolarWinds Supply Chain Attack

Unless you have been living under a rock the past few years you have probably heard about the SolarWinds Supply Chain Attack. You have heard the jokes and seen the memes but do you know the whole story and the lessons learned from this significant attack? In this talk you will learn how complex the attack was and how hard it was to identify the root cause. Most people know about the attack but not the whole story. This retrospective talk will provide you with a detailed overview of the who, what, where, and how this attack occurred, was investigated, and remediated

Field CISO at Reversing Labs

Matt has over 20 years experience in software development, sales engineering, consulting, and technical leadership roles. During this time, Matt has helped some of the largest organizations in the world in a variety of industries, regions, and technical environments implement secure software development programs using cutting edge application security technologies. Matt's extensive background in application security, programming, and solution architecture has been key to many speaking engagements for organizations like OWASP, ISSA, and ISACA. In addition Matt has been the host of a successful application security podcast, been quoted in numerous industry articles, and is very well known for his video glass board sessions.

MARC NEWLIN

Your DOCSIS Modem is not a Software-Defined Radio

Cable modems are not software-defined radios, LTE does not interfere with DOCSIS, and NDAs are an effective tool against reverse-engineering. (All lies.)
This talk explores the architecture and RF-capabilities of the Netgear CM400 DOCSIS-modem (which you can find online for $10-15). We’ll start with paths to root, enumerate the interesting RF-components and reverse-engineering targets, and demonstrate limited control of the RF transmit-chain. The target-device is an accessible platform with plenty of potential, so we’ll conclude with the release of POC code, and an enumeration of ideas for continued research.

Marc is a wireless/embedded security-researcher, and member of the reverse-engineering team at SkySafe. His greatest hits include MouseJack, several DARPA challenges, and that time he got 24 CVEs in Comcast equipment.

CHRISTINE FOSSACECA

Handoff All Your Privacy (again)

What information is your iPhone or MacBook giving away about you? iOS and macOS use a variety of proprietary protocols under the "Continuity" umbrella to share information across a user’s devices and provide a "seamless experience". However, much of this information is passed in the clear and can be sniffed, captured, or mimicked by other nearby devices.

This talk will demonstrate privacy considerations and the private information being passed in the clear via Apple’s proprietary Bluetooth Continuity protocol, including one called "Handoff". This talk will highlight previous Bluetooth research performed by the FuriousMAC research team and demonstrate how others can build upon this research using the tools provided by FuriousMAC and others in the Apple researcher community! It will also dispel the myths around AirTags and explain what they DO and DON'T share in the clear, as well as tips for stalker-prevention that leverage the anti-tracking framework.

Christine Fossaceca is a senior mobile security researcher and reverse engineer at Microsoft. She has experience with Android and iOS. Christine is an IDA Pro afficionado, but is learning to like Ghidra, too. She loves Apple device research and tries not to let her dog distract her too much. Follow her on Twitter @x71n3 and listen to her new podcast (herhaxpodcast.com) about breaking into a career in cybersecurity!

Justin Sherman

Russia’s Open-Source Code and Private-Sector Cybersecurity Ecosystem

When analyzing Moscow’s cyber power, much of the policy community and international media focuses on the Russian government’s internal cyber units and several criminal entities identified in the press. This overlooks a vast part of the Russian cyber ecosystem—including open-source code projects to which Russian developers contribute and the private-sector companies that help build talent, develop capabilities, and support state operations.

This talk, from Margin Research and its SocialCyber project, will describe its research findings in the areas of open-source code, foreign capability development, and foreign hacker communities—specifically focused on Russia.

Justin Sherman works with Margin Research’s team on research concerning foreign open-source code, cyber capability development, and hacker communities. He is also the founder of Global Cyber Strategies, a DC-based research and advisory firm, a senior fellow at Duke University’s Sanford School of Public Policy, and a nonresident fellow at the Atlantic Council.

IMG_8568.JPG

Venue

It only seems fitting...

That the world's only security summit held at a production brewery be held at Jailbreak Brewing Company.  Jailbreak Brewing Company was founded by computer security professionals looking to liberate themselves from cubicle jobs and to create a product that helps free you from whatever drama is present in your life.

While some of the world's finest security researchers are talking about security topics, our brew team will be hard at work on the other side of the gigantic window making the next batch of creative juice for your enjoyment.  During breaks in the summit, tours of the brewery will be given to those who want to see the magic happening.

Our tasting room provides the perfect venue for creative discussion over some cold, fresh beer.