Lightning Talks

Lightning talk: The Security No One Sees: From 0s and 1s to People.

Speakers: Ayo Marcolino and Céu Balzano

When? Monday, from 3:30 PM to 4:00 PM

Summary: In this talk, we will uncover the invisible layer of digital security that goes beyond systems and code: people security. The journey begins with an understanding of the technical fundamentals—the 0s and 1s that form the basis of our digital infrastructure—and evolves into the crucial role individuals play in protecting our information and systems.

We will explore how security is not just a matter of technology but also of human behavior and awareness. We will discuss how training and a strong security culture impact our ability to face and mitigate threats. The talk will cover practical strategies to engage all team members, foster a security mindset, and promote best practices that help protect the organization’s digital and physical environment.

Mini Bio Ayo Marcolino: As Head of Digital Education at CULTSEC, Ayô promotes technological innovation in education, focusing on democratizing access to information for vulnerable social groups. A specialist in developing and implementing educational tools for digital literacy and cybersecurity, Ayô facilitates inclusive learning tailored to the specific needs of each audience, aiming for transformative outcomes in training and capacity-building programs.

Mini Bio Céu Balzano: As Head of Information Security, I am responsible for developing, implementing, and managing information security awareness programs within organizations. I have worked at companies such as Nubank, Dlocal, and EBANX, and I am currently a director at CULTSEC. I monitor the effectiveness of security awareness programs by analyzing metrics such as click rates on security training modules and results from phishing simulations. Regular reports were provided to management to demonstrate improvements in employee awareness and security posture.

Lightning talk: iFood’s Secure Path to LLM Integration: Privacy Protection and Threat Prevention

Speaker: Emanuel Valente

When? Monday, from 10:30 AM to 11:00 AM

Summary: This talk will introduce iFood’s solution for providing access to third-party and open-source Large Language Models (LLMs). We will explore how this solution effectively addresses privacy requirements within LLM applications, ensuring robust data protection. Additionally, we will share insights from our ongoing research to identify and prevent attacks on LLMs, highlighting our strategies for mitigating potential threats.

Mini-bio: Emanuel Valente is the Principal Cybersecurity Engineer at iFood, the largest food tech company in Latin America, where he leads the security engineering team in designing and implementing cutting-edge cybersecurity solutions. With over a decade of experience, Emanuel specializes in diverse security domains, including cloud and edge security, runtime security, and AI security. He is also a dedicated researcher, contributing to the ML security community through his work with research groups at the University of São Paulo and Aeronautics Institute of Technology (ITA). His expertise and insights have earned him speaking engagements at prestigious conferences, including Defcon and Bsides LV in 2024. Additionally, he actively contributes to the OWASP Top 10 for LLM Apps and remains committed to advancing cybersecurity technology through research collaborations and public speaking.

Lightning talk: Defeating behavior detection of remote code injection abusing shared sections and handle inheritance

Speaker: Rafael Salema Marques

When? Wednesday, from 3:30 PM to 4:00 PM

Abstract: The injection of arbitrary code into a remote process is a well-known technique exploited by malware. As defenders continue to intensify their efforts to uncover these actions, attackers must develop new techniques and attack variations to evade detection. In this talk, I will present a novel approach to remote code injection that utilizes shared sections and handle inheritance between generations of processes to defeat behavior detection techniques. Additionally, I will provide a detailed explanation and a proof of concept (PoC).

Mini-bio: Rafael Salema Marques (SWaNk) is an old-school VX who defines himself as a malware enthusiast. He has been coding malware since the early 2000s and is currently leading a small and dynamic Red Team. He also delivers lectures, campaigns, and training on malware development, analysis, and reverse engineering. His MSc research focused on using an artificial immune system approach to detect rootkit activities, while his PhD research introduced a novel method for detecting pivot attacks. SWaNk’s main skills are in offensive security, creating new malware techniques to bypass defense solutions and penetrate audited networks. Always available for coffee, beer, and malware projects.

Lightning talk: Bug Bounty: the reward program for identifying and reporting bugs

Speaker: Bruno Telles

When? Thursday, from 10:30 AM to 11:00 AM

Abstract: I will introduce the concept of Bug Bounty and VDP, discussing a bit about the history of the concept and how it is being applied today, as well as presenting it as a concept that accelerates the maturity of cybersecurity in companies and institutions. I will also talk about the term hacker and how companies can view hackers as allies.

Mini-bio: Bruno Telles is the co-founder and COO of BugHunt, a leading cybersecurity company in Bug Bounty, a reward program for identifying vulnerabilities.

Lightning talk: From Physical Access to Domain Admin in a Bank

Speaker: Filipe Balestra

Mini-bio: Filipe Balestra has been working in the field of information security since the 1990s. He is the founder and partner of PRIDE Security, where he currently works in offensive security. Throughout his career, he has worked with various consultancies in Brazil and abroad, contributing significantly to the security community with articles published in magazines, e-zines, and blogs. Among his publications, the co-authored article for Hakin9 magazine stands out, as it was selected as the best article from the first 100 issues of the magazine, along with another article for Phrack Magazine.

In addition to his publications, Filipe is known for identifying vulnerabilities in both open source and commercial software projects, including the Kernel of FreeBSD/NetBSD, Solaris, and QNX, among others. Filipe is also one of the organizers of the Hackers to Hackers Conference (H2HC), the oldest offensive security event in Latin America, reinforcing his influence and commitment to the evolution of information security in the region.