Pankaj Sharma

Security Researcher

SquareX

Pankaj has a deep-rooted interest in cybersecurity, he dedicates his work to exploring the intersection of real-world threats and practical defenses.

Speaker sessions

Copycat - Identity Stealer Extension

Modern enterprises face escalating threats from sophisticated browser-based identity attacks that operate within legitimate authenticated sessions, bypassing traditional security controls like EDRs, SASE, and firewalls. This hands-on session equips blue team defenders with practical experience defending against ten real-world browser-based identity attack vectors using the open-source "Copycat" identity attack simulator extension.

13:00
Thu
04 Dec

Stage: Arsenal 1

Sessions Type: Demo

Angry Magpie: DLP Bypass Simulator

This session demonstrates critical vulnerabilities in enterprise Data Loss Prevention (DLP) systems through Angry Magpie, an open-source toolkit that exposes how attackers can bypass endpoint DLP solutions using browser-based techniques. We'll explore the fundamental architectural limitations of current DLP implementations, which fail to provide adequate protection in browser environments. The presentation will showcase four primary "Data Splicing" attack techniques: data sharding, ciphering, transcoding, and channel smuggling. Through live demonstrations against leading DLP solutions, attendees will witness how easily these protections can be circumvented and learn practical countermeasures for strengthening their organization's data security posture.