Common Security Gaps in SMBs is a practical, real-world talk that breaks down the most common weaknesses small and mid-sized businesses struggle with, and why attackers love them. We’ll cover the “usual suspects” like weak identity and access controls, poor patching, misconfigured cloud services, insecure remote access, flat networks, lack of monitoring/logging, and missing backups/incident plans.
The goal is to give leaders and technical teams a clear checklist of what to fix first, quick wins that reduce risk fast, and how to build a simple security baseline without enterprise budgets.

We are no longer standing at the edge of the future. We are living inside it. Artificial intelligence, machine learning, and autonomous systems are reshaping power, labor, warfare, and identity. In a hyperconnected world where algorithms move faster than governments and data defines influence, humanity faces a defining question. Do we remain passive users of technology, or do we become active participants in our own evolution? Humanity 2.0 explores human augmentation as a path to maintaining sovereignty and relevance in an era increasingly dominated by intelligent machines. From implanted microchips and bio integrated security systems to brain computer interfaces and cognitive enhancement, this talk examines the convergence of biology and technology not as science fiction, but as an emerging reality. But augmentation without governance becomes vulnerability. As we integrate technology deeper into the human condition, a new frontier of risk emerges. Neural privacy. When thoughts, biometrics, and cognitive patterns become data streams, who owns the mind? Who secures it? What happens when the last domain of human sovereignty, the brain, becomes hackable? Drawing from lived experience at the intersection of cyber security, transhumanism, and digital ethics, Len Noe challenges audiences to rethink security beyond networks and endpoints. The next perimeter is the human nervous system.

The objective of the workshop is to provide hands-on activity in an integrated IT and OT scenario. Participants will have access to real scenario components and artifacts to perform adversary simulation exercises using TTPs associated with specific threat groups. Throughout the activities, we will correlate the techniques employed with the events observed in the environment.

Each exercise will represent a phase in the exploration of the scenario. At each stage, we will explain the vulnerabilities exploited, demonstrate how the attack unfolds, and map the actions to the MITRE ATT&CK framework.

A practical, hands-on session where participants actively engage in adversary and ransomware simulation exercises within a guided lab environment. Attendees will emulate real-world attack techniques, including initial access, lateral movement, and ransomware execution, while assessing defensive controls and validating detection and response capabilities. The session emphasizes realistic scenarios, structured operational workflows, and mapping activity to frameworks like MITRE ATT&CK to ensure measurable outcomes.
Participants will gain practical, hands-on experience executing each stage of the simulation themselves, ensuring they leave with repeatable methodologies and the confidence to apply them directly in their own environments.

Nine scenarios. Limited time. Familiar controls. Wrong choices cost you. This is not about solving the problem. It’s about deciding what actually matters - before or during it. You’ll be given real-world situations across identity, access, devices, data, privacy, and AI. Each one represents a failure point - something that looks normal until it isn’t. The question is simple: What do you fix, and where does it actually make a difference? A lot of options will look right. Not all of them are.
You’ll see 9 scenarios laid out. Each one describes a real failure. You’ll have a set of controls in front of you.
Your job is to:
● pick what actually prevents or limits the damage
● assign it to the scenario
● and move forward
Some scenarios need one control. Some need a combination. Some are designed to make the obvious answer look right when it isn’t. You’ll see immediately what holds up and what doesn’t. You can adjust as you go, but the clock is working against you.

This hands-on workshop at Adversary Village RSAC 2026 provides a 20-minute deep dive into software supply chain attacks through practical exercises. The session will focus on the TTPs that DPRK-affiliated threat actors use to compromise software engineers, with particular emphasis on "Contagious Interview" campaigns. Participants will engage in CTI-based targeting and identification of key techniques, blending practical hunting exercises in GitHub and NPM to discover malicious packages and repositories in the wild with adversary emulation scenarios that walk through the complete attack chain.
The workshop will demonstrate how threat actors evade detection, while also teaching defenders how to detect and prevent these increasingly common supply chain threats. By experiencing these attacks from the adversary's perspective, participants will gain critical insights into real-world compromise techniques.

Based on a live APT28 campaign reported in March 2026, this workshop reconstructs the full BadPaw/MeowMeow kill chain - from PNG steganography loader to multi-channel exfiltration - first through manual lab simulation, then as a continuous adversarial emulation campaign in SCYTHE. Participants leave with a repeatable validation methodology and concrete detection gap findings.

- Understand APT28's BadPaw/MeowMeow attack chain across 9 phases
- Reproduce post-compromise techniques in a controlled lab environment
- Map observed behaviors to MITRE ATT&CK with accurate TTP tagging
- Translate a manual lab exercise into a repeatable SCYTHE threat profile
- Read and act on a SCYTHE ATT&CK Coverage Report to remediate detection gaps