OnlyFeet <3 - OnlyFeet Con 2022 Schedule

Time (PST)	Description	Length
3:30pm	Welcome	15 min
3:45pm	What even is good security? A short discussion on the challenges of Information Security Assurance. jon Several different standards exist today that organizations use to provide assurance of their own security posture. This can prove challenging due to the differing requirements, not to mention the one-size-fits all approach when applying these requirements to organizations of various sizes. This talk aims to highlight the challenges faced by analysts and bring to light some of the difficulties experienced by organizations with balancing simple tick box assurance exercises and implementing cyber security best practices. Social Media: @jcn_sec on Twitter	15 min
4:15pm	XML External Entity Injection Tib3rius, Senior Threat Emulation Specialist, White Oak Security A comprehensive overview of XML External Entity Injection, explaining how and why it works, what it can be used for, and how to prevent it. Talk will include demos and a question & answer section at the end. Social Media: @0xTib3rius on Twitter, 0xTib3rius on Twitch, Tib3rius on YouTube, https://tib3rius.com	45 min
5:15pm	My First Whitepaper Perryman A whitepaper is a document that is used to communicate complex information to a target audience. They are often used to educate potential customers on a product or service, or to inform potential investors on the viability of a company. This presentation will cover the basics of what a whitepaper is, how it is created, and how to use the tools to create one. Social Media: none	20 min
6:00pm	Arctic Microgrids Conrad Franke, Arctic Microgrids I worked on an arctic micro-grid and I would like to share the amount of security and engineering that goes into a standalone system. I had to mask it from Russian planes, subs, and other adverse threats. The electronics had to reach down to -40 and still operate! The micro-grid contained 5 DER's or generation sources as well as the ability to connect to satellite if imminent threat was apparent. This micro-grid was built to be operated year round. Social Media: none	30 min
6:45pm	Intro to Qubes-OS xn0px90 aka p90x "If you’re serious about security, Qubes OS is the best OS available today," says NSA whistleblower Edward Snowden. "It’s what I use, and free." In most operating systems like Windows, macOS, and all Linux distributions, all it takes is one mistake - open the wrong PDF, plug in the wrong USB stick and it’s game over. Even without root, the attacker can own you. In Qubes, your host machine runs a thin layer of software for managing a graphical desktop environment and all other software is compartmentalized in separate virtual machines. Social Media: https://twitch.tv/xn0px90	30 min

Time (PST)	Description	Length
4:30pm	Welcome	15 min
4:45pm	Weak Passwords in the Wild - A fun dive Vale, Senior Cybersecurity Consultant Passwords are essential measures for protecting access to critical systems and critical data. People design passwords to be easily remembered but often create them to be easily guessed, which malicious actors can compromise. In response, organizations have developed policies and guidelines to create more “secure” passwords in order to mitigate against brute-force attacks (password spraying, password stuffing, password cracking, etc.). As attackers’ tactics evolve, organizations are compelled to make more stringent password policies to protect against these threats. Consequently, users create passwords with compliance, over security, in mind, to comply with their organizations’ password policies, unintentionally creating insecure passwords. The password policy guidance provided to users (and the organizations creating these policies) is inefficient for today’s landscape. A good password policy understands this simple principle: have users create a password that is as secure and intuitive as possible. Social Media: @624Vale on Twitter	45 min
5:30pm	How to gaslight people while playing hidden identity games. Tib3rius, Professional Amateur Among Us Player Among Us strategies for Imposters and Crew, based loosely on games I've played on the OnlyFeet discord. Social Media: @0xTib3rius on Twitter, 0xTib3rius on Twitch, Tib3rius on YouTube, https://tib3rius.com	15-30 min
6:00pm	Selling Yourself (but not like that, no shame to SWs): Making Interviews Work For You h313n_0f_t0r, Threat Hunter at Nunya I’d like to talk about the process of interviewing, how it’s a two way street and a great opportunity to find out more about the company you’re applying to, as they are also interviewing for you as a candidate as well. Take advantage of the situation! Social Media: @h313n_0f_t0r on everything	30 min
6:30pm	Feet Feud Tib3rius Family Feud but with cybersecurity and OnlyFeet.