BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//2026//MUWXHX
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2026-E7LDLH@cfp.nsec.io
DTSTART;TZID=EST:20260514T133000
DTEND;TZID=EST:20260514T163000
DESCRIPTION:Type: Intermediate–Advanced\nFocus: Adversary emulation\, det
 ection engineering\, IR workflows\nStyle: Fast\, offensive-defensive\, “
 learn by attacking and defending”\n\n\nCloud platforms like Amazon Web S
 ervices (AWS) are foundational to many critical infrastructures and enterp
 rise applications\, making them prime targets for attackers. In this sessi
 on\, we will not only explore the most relevant attack vectors cybercrimin
 als use to compromise AWS infrastructures but will also simulate these att
 acks using known threat actor techniques in an adversary emulation context
 . From initial access to hardcore persistence\, this talk will provide a c
 omprehensive look at how attackers operate in AWS environments.\n\nWe will
  take a technical journey through the tactics\, techniques\, and procedure
 s (TTPs) employed by attackers at every stage of the threat lifecycle\, al
 igned with the MITRE ATT&CK framework. We’ll start by reviewing common m
 ethods of initial access\, such as exploiting exposed credentials or vulne
 rabilities in services like IAM\, Lambda\, and EC2. From there\, we’ll d
 etail how attackers escalate privileges\, move laterally\, and evade detec
 tion from tools like CloudTrail.\n\nThe session will conclude with an in-d
 epth look at advanced persistence techniques in AWS\, including the manipu
 lation of IAM policies\, backdooring Lambda functions or Docker containers
 \, and tampering with logs. Along the way\, we’ll demonstrate how securi
 ty teams can implement defensive and detection strategies to mitigate thes
 e risks. By leveraging AWS-native services and third-party tools\, attende
 es will learn how to enhance their incident response capabilities.\n\nThis
  hands-on workshop will give attendees practical\, technical insights into
  AWS security\, adversary behavior\, and how to better defend against soph
 isticated\, persistent attacks. A full hands-on experience\, this presenta
 tion ensures deep technical immersion.\n\nRequirements:\nParticipants shou
 ld have the following ready before the training:\nAWS CLI installed\nTerra
 form installed\nGitHub account for cloning lab repos\nKnowledge of AWS Sec
 urity Fundamentals\n\n\nAn email with detailed setup instructions will be 
 sent beforehand.\nProvided Material:\nGithub Repository with the solution 
 to the workshops\n\nFinal Notes\nThis training is designed for security en
 gineers\, SOC analysts\, incident responders\, and anyone who wants to tru
 ly understand AWS security through hands-on work. By the end of the sessio
 n\, you’ll have a deep understanding on how real attack and defense tech
 niques work in AWS\, being able to understand the hardening requirements\,
  replicate attacks\, generate detection use cases\, and execute forensic t
 echniques.
DTSTAMP:20260507T203850Z
LOCATION:Workshop 2
SUMMARY:AWS Security - The Purple Team Way. - Santiago Abastante
URL:https://cfp.nsec.io/2026/talk/E7LDLH/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-2026-FG7TGU@cfp.nsec.io
DTSTART;TZID=EST:20260515T163000
DTEND;TZID=EST:20260515T170000
DESCRIPTION:What’s more frightening than a 0-day? A series of false negat
 ives combined with the false sense of security in an unprepared Security O
 perations Team.\nToday\, most AWS detection and response strategies rely o
 n CloudTrail and GuardDuty\, with logs shipped to a SIEM\, the heart of se
 curity monitoring. But few teams account for the complexity of this supply
  chain: multiple moving parts\, permissions\, policies\, and inevitable de
 lays. These blind spots create opportunities for attackers to quietly dism
 antle detection controls.\nIn this demo-driven talk\, I’ll explore the c
 oncept of Cloud Antiforensics. Using a real scenario with AWS API calls sh
 ipped to Datadog and a decoupled GuardDuty instance reporting to Discord\,
  I’ll show how an attacker can disrupt log collection and evade detectio
 n within the delay window.\nThe goal is not just to demonstrate attacks\, 
 but to raise awareness: centralizing everything in a SIEM is not enough. W
 e must design anti-antiforensics mechanisms that operate independently\, e
 nsuring resilience even when attackers target the detection pipeline itsel
 f.
DTSTAMP:20260507T203850Z
LOCATION:Ville-Marie
SUMMARY:Practical AWS Antiforensics - Santiago Abastante
URL:https://cfp.nsec.io/2026/talk/FG7TGU/
END:VEVENT
END:VCALENDAR