Logo Design by FlamingText.com
Logo Design by FlamingText.com


**BTW public talks have been posted here: https://youtube.com/@onlyfeetcon

Randomly throughout the week, look out for live notifications from chadb_n00b!

Let’s Talk!

ChadB, “I have two.”


An interview of everyone there. I plan to hold casual one on one or one on two conversations with everyone there.


Social Media: https://www.twitch.tv/chadb_n00b 


Thursday March 24

Public talks






15 min


What even is good security? A short discussion on the challenges of Information Security Assurance.



Several different standards exist today that organizations use to provide assurance of their own security posture. This can prove challenging due to the differing requirements, not to mention the one-size-fits all approach when applying these requirements to organizations of various sizes. This talk aims to highlight the challenges faced by analysts and bring to light some of the difficulties experienced by organizations with balancing simple tick box assurance exercises and implementing cyber security best practices.


Social Media: @jcn_sec on Twitter

15 min


XML External Entity Injection

Tib3rius, Senior Threat Emulation Specialist, White Oak Security


A comprehensive overview of XML External Entity Injection, explaining how and why it works, what it can be used for, and how to prevent it. Talk will include demos and a question & answer section at the end.


Social Media: @0xTib3rius on Twitter, 0xTib3rius on Twitch, Tib3rius on YouTube, https://tib3rius.com

45 min


My First Whitepaper



A whitepaper is a document that is used to communicate complex information to a target audience. They are often used to educate potential customers on a product or service, or to inform potential investors on the viability of a company. 


This presentation will cover the basics of what a whitepaper is, how it is created, and how to use the tools to create one.

Social Media: none

20 min


Arctic Microgrids

Conrad Franke, Arctic Microgrids


I worked on an arctic micro-grid and I would like to share the amount of security and engineering that goes into a standalone system. I had to mask it from Russian planes, subs, and other adverse threats. The electronics had to reach down to -40 and still operate! The micro-grid contained 5 DER's or generation sources as well as the ability to connect to satellite if imminent threat was apparent. This micro-grid was built to be operated year round.


Social Media: none

30 min


Intro to Qubes-OS

xn0px90 aka p90x


"If you’re serious about security, Qubes OS is the best OS available today," says NSA whistleblower Edward Snowden. "It’s what I use, and free." In most operating systems like Windows, macOS, and all Linux distributions, all it takes is one mistake - open the wrong PDF, plug in the wrong USB stick and it’s game over. Even without root, the attacker can own you. In Qubes, your host machine runs a thin layer of software for managing a graphical desktop environment and all other software is compartmentalized in separate virtual machines.


Social Media: https://twitch.tv/xn0px90

30 min



Friday March 25

Private talks (will not be streamed) + Feet Feud

Time (PST)





15 min


Weak Passwords in the Wild - A fun dive

Vale, Senior Cybersecurity Consultant


Passwords are essential measures for protecting access to critical systems and critical data. People design passwords to be easily remembered but often create them to be easily guessed, which malicious actors can compromise. In response, organizations have developed policies and guidelines to create more “secure” passwords in order to mitigate against brute-force attacks (password spraying, password stuffing, password cracking, etc.). As attackers’ tactics evolve, organizations are compelled to make more stringent password policies to protect against these threats. Consequently, users create passwords with compliance, over security, in mind, to comply with their organizations’ password policies, unintentionally creating insecure passwords. 


The password policy guidance provided to users (and the organizations creating these policies) is inefficient for today’s landscape. A good password policy understands this simple principle: have users create a password that is as secure and intuitive as possible. 


Social Media: @624Vale on Twitter

45 min


How to gaslight people while playing hidden identity games.

Tib3rius, Professional Amateur Among Us Player


Among Us strategies for Imposters and Crew, based loosely on games I've played on the OnlyFeet discord.


Social Media: @0xTib3rius on Twitter, 0xTib3rius on Twitch, Tib3rius on YouTube, https://tib3rius.com

15-30 min


Selling Yourself (but not like *that*, no shame to SWs): Making Interviews Work For You

h313n_0f_t0r, Threat Hunter at Nunya


I’d like to talk about the process of interviewing, how it’s a two way street and a great opportunity to find out more about the company you’re applying to, as they are also interviewing for you as a candidate as well. Take advantage of the situation!

Social Media: @h313n_0f_t0r on everything

30 min


Feet Feud



Family Feud but with cybersecurity and OnlyFeet.