Speaking
dade has spoken primarily on red team topics at security conferences, but is also interested in expanding into talks on cross-functional security disciplines, security engineering as a business enabler, resilience as a risk mitigant, dependency management, etc.
Presentations
Upcoming
Past
Free Your Mind: Battling Our Biases
Slides and Transcript
Where: BSides Las Vegas // Las Vegas, NV
When: August 6-7, 2024
Abstract: Being a beginner doesn’t have to be all bad. Being an expert doesn’t always mean you’re the best person to solve a problem. Whether you’re brand new or you’ve been in the industry since the Morris worm ran rampant, join us for a session of introspection and hopefully take away a few new perspectives and tools for improving the way you think.
Fraud, Abuse, and How I Accidentally Ruined Christmas
slides not available
Where: Undisclosed // SF Bay Area, CA
When: March 12, 2024
Abstract: A small company, a smaller red team operation. We set out to identify flaws in our anti-fraud and anti-abuse processes, and show the impact of these problems in a way that would get leadership on board for fixing them. Boy howdy did we succeed. In this talk, we’ll discuss how we approached our first red team engagement at a small fintech startup, how we worked around extremely sensitive PII limitations, and how our very lean team was able to use this adversarial engagement to predict an incident that hadn’t happened yet. An incident that we uncovered one week before Christmas.
Building Continuous Reconnaissance into Red Team Operations
slides
Where: aRcTicCON // Minneapolis, MN
When: May 9, 2019
Abstract: Internal red teams deal with an environment that is both constantly changing and seemingly not changing at all. As red teams, it is our responsibility to provide an attacker’s perspective of the network. Traditionally this happens in the form of point in time assessments that may span anywhere from a few days to several months and focus on an objective. This talk proposes an additional service for your red team to provide – a continuously monitored attacker’s perspective of the attack surface. This can be used to enable more timely attack simulations and enable the team to proactively detect flaws in the environment. This talk explores some types of data that can be collected continuously and the value that it can provide to a red team. It will also introduce tooling to automate network scanning for continuous data.
Red Teaming the Red Team
slides (draft)
Where: BSides PDX // Portland, OR
When: October 21, 2017
Abstract: Everyone thinks red teaming is awesome, but what happens when the red team becomes a target?
Appearances
Podcasts
Darknet Diaries #92 - The Pirate Bay
Where: darknet diaries
When: May 11, 2021
Abstract: I’m not actually featured in this episode, however it does feature a The Pirate Bay themed sea shanty that I wrote. Still counts.
Offensive Security Podcast #3
Where: anchor.fm | spotify | apple podcasts
When: May 1, 2021
Abstract: In this action-packed episode, hosts TJ Null and FalconSpy sit down with 0xdade. Here are some of topics they discuss:
- How 0xdade broke into InfoSec
- 0xdade’s OSCP advice
- The importance of note taking and communication skills in InfoSec
- The most important quality of a pentester or red teamer
- 0xdade’s project, Natlas - what it is and what it does
- Advice for those who want to develop and release their own tools for the community
- How 0xdade wound up writing and recording the hip-hop/rap song, “Red Team”
Darknet Diaries #35 - Carbanak
Where: darknet diaries
When: April 02, 2019
Abstract: Briefly appear in the intro to speak on ATM hacking in Hollywood. If there’s one thing I’m known for, it’s my knowledge of fictional hacking in entertainment.