Jason Haddix

Jason Haddix

CEO, Arcanum Information Security

With a multifaceted background in cybersecurity, Jason boasts a distinguished career encompassing leadership, technical expertise, and a passion for knowledge sharing. Previously, they spearheaded global information security efforts at Ubisoft, safeguarding over 20,000 employees. Their diverse experience includes leading penetration testing initiatives for Fortune 100 companies and directing operations for teams of security engineers. Jason thrives in both hands-on assessment roles and strategic leadership, having overseen the triage of over 22,000 vulnerabilities in just a two-year period. Beyond their core strengths in web, network, and mobile security, Jason possesses a comprehensive skillset encompassing various security domains. Their dedication extends beyond the workday, with contributions to information security publications and participation in renowned conferences like DEFCON and Blackhat.

Presentation Abstract

Red, Blue, Purple, AI

‘Red, blue, and purple AI’ reverse-engineers the cybersecurity responsibilities of practitioners and modern security programs. It aims to augment these practitioners with practical and useful AI tools. This talk isn’t about the future state of AI and ML; it’s about taking home concrete strategies and prompts to empower your security team. We will break down these strategies into helpers for red teams, blue teams, and purple teams. Jason will also provide overviews on how to create your own best-in-class prompts based on his experience with OpenAI’s ChatGPT-4 and having a top 500 GPT in the GPT store. Expect a wide variety of topics that will not only give you superpowers but also inspire you to augment other parts of your job.

Section Overview:

Red topics include API and algorithm setup, phishing with AI, using AI to bypass EDR signatures, using AI to create physical access tool scripts, using AI to augment C2 infrastructure, using AI to build vulnerability management and vulnerability scanning templates, and using AI as an assistant for web analysis and as an augment to Burp Suite.

Blue topics include an overview of the open source security stack, using AI to help you develop templates for Suricata, Yara, OSQuery, Semgrep, and more, and to design associated policies for security programs to support blue teams. Code scanning using GitHub and Semgrep is also covered.

Purple topics cover adversarial emulation, table topping, and atomics using today’s AI tools.