m4lwhere
Zero-day hunting is learnable, not legendary. This talk explores how US Cyber Team coaches transform rookies into community-minded researchers who locate fresh bugs in live open-source code, build reliable proofs-of-concept, and perform responsible disclosure and CVE assignment. This training is completed by US Cyber Team athletes to prepare for Attack/Defense competitions when performing in international competitions. Attendees will learn how this is approachable to find 0-days, use SAST tools, triage alerts, weaponize findings, and perform responsible disclosure. We connect technical drills to career wins and share metrics that prove junior athletes become better at competitions while earning credentials and credibility.
m4lwhere
US Cyber Team Attack/Defense Coach
Chris brings over 13 years of experience in Penetration Testing, Incident Response, Risk Evaluation, Threat Intelligence, and System Administration. While Active Duty, Chris was the Incident Management Lead for the Navy Cyber Defense Operations Command where he specialized in response to attacks on classified and unclassified Navy networks across the globe. Throughout his career, Chris has provided actionable information for stakeholders to make informed decisions about reducing risk to the lowest possible levels, resulting in over 30 CVEs attributed to his work.
Chris has co-authored The Hack is Back: Techniques to Beat Hackers at Their Own Games and has created content on HackTheBox, TryHackMe, and Cybrary. He is an avid CTF player and has recently taken the #1 individual and #1 team position in the National Cyber League, while also operating as the Attack/Defense coach for the US Cyber Team.
Mr. Haller was awarded GIAC Security Expert #329 and has over 30 other certifications.