Sample of my present & past research publications & presentations


Black Hat Arsenal USA – 2024 – Splunk Attack Range

Hackmiami – Introduction to LangChain – March 2024

STRT – Detecting WS FTP Server exploitation with Attack Range – Oct 2023

Hackmiami – Robots 101 – Interacting Attacking AI Robot – May 2023

STRT – CISA Top 10 Malware – January 2023

A DCO Force-Multiplier; STRT Detections of Destructive Payloads July 2022 

STRT – Industroyer2 – June 2022

STRT – AcidRain – May 2022

STRT – CPE Destructive software – April 2022

STRT – Threat Update Caddy Wiper – April 2022

STRT – Threat Update Double Zero Destructor – March 2022

STRT-Detecting HermeticWiper & Ransomware Decoy Mar 2022

Malpedia STRT links 

Rod Soto @ infoconDB

STRT-TA02- Threat Advisory. Destructive Software-Jan 2022

Approaching Linux Post Exploitation with Splunk Attack Range. SPLUNK STRT – Jan 2022

DEF CON 29 Cloud Village – Rod Soto – Detection Challenges in Cloud Connected Credential Attacks

Black Hat Europe 2021 – Git Wild Hunt. A Tool for Hunting Leaked Credentials

Black Hat Arsenal USA 2021- Git Wild Hunt

Due to Less Pollution, Secrets Stored on the Cloud are Now Clearly Visible – RSA USA Conference 2021

Detecting Trickbot with Splunk

Hackmiami Meetup 02-06-2021 Whatsapp, Telegram & Signal attack vectors

Hakin9 – Splunk Attack Range

Kitploit – GitWildHunt A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt

Black Hat Arsenal Europe 2020 – git-wild-hunt: Pwn API and leaked secrets

Purple Team Summit 2020 – Adversarial Attack Range with Splunk

Blog – Detecting Ryuk using Splunk Attack Range

Blog – Detecting CVE-2020-1472 Using Splunk Attack Range (mentioned in DHS Emergency Directive 20-04 *)

Blog – Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials

DEF CON Safe Mode Red Team Village – Rod Soto – Have My Keys Been Pwned API Edition

Blog -Approaching Azure Kubernetes Security

Blog – Approaching Kubernetes Security — Detecting Kubernetes Scan with Splunk

Blog – Splunk Attack Range Now With Caldera and Kali Linux

Blog – Use Cloud Infrastructure Data Model to Detect Container Implantation (MITRE T1525)

Rod Soto – Jose Hernandez. Texas Cyber Summit Junegle summit 2020. Attacking the sub surface. Adversarial simulation lab. 

Rod Soto – Jose Hernandez. DEFCON Red Team Village May-hem online summit 2020. Red Teaming Devops. 

Rod Soto – Jose Hernandez. Hackmadrid %27 Online Meetup. Red Teaming Devops (In Spanish – Espanol)

Rod Soto – Attacking & Defending Against Drones. Pacific Hackers Online Meetup 2020. 

Rod Soto – Phil Royer Splunk .CONF 2019 Use Splunk SIEMulator to Generate Data for Automated, Detection, Investigation, and Response

Rod Soto – Victor Fang – A Smart Contract Killchain How the first Blockchain APT – DEF CON 27 Block Chain Village

Rod Soto – Jose Hernandez – Using Splunk or ELK for Auditing AWS GCP Azure Security – DEF CON 27 Cloud Village

Bsides SFO 2019 – Profiling “VIP Accounts” Access Patterns in User-Centric Data Streams

Art Into Science Conference (AcoD) Austin – Ops track 01/30/19 – Profiling “VIP Accounts” Access Patterns – Rod Soto, Joseph Zadeh, Xioadan Li

Shellbot Crimeware Re-Emerges in Monero Mining Campaign (Dark Reading)

BSides Las Vegas 2018 – I am the cavalry

IATC – Cavalry is ALL OF US – Joshua Corman, Beau Woods, Rod Soto, Travis Moore & Heath Wickline

DEFCON XXVI – Defcon Demo Labs – Chiron

Black Hat Arsenal USA 2018 – Chiron

Identiverse 2018  – SMS Vulnerabilities in Identity Management

SAMBA Protocol Vulnerabilities Threat Advisory – 2018 – JASK

Domain Impersonation / IDN Campaigns TA – 2018 – JASK

DerbyCon 2017 – Chiron Home based ML IDS with Joseph Zadeh

Black Hat EU 2016 – Splunk 

Hackmiami Conference 2017 – Detection of webshells in compromised perimeter assets using ML algorithms

RSA Conference 2017 – Automated Prevention of Ransomware with Machine Learning and GPOs

DEFCON 2016 – Packet Hacking Village Dynamic Population discovery for Lateral Movement Detection

Hackmiami Conference 2015 – Biohacking – Implantable chip attack vector Demo video

Aktaion – Signatureless Threat Detection. Open source ML tool for ransomware detection

The Lambda Defense: Functional Paradigms of Defense for Cybersecurity

BSides Orlando 2014 – Civilianization of War, paramilitarization of cyberspace and its implications for infosec pros

AKAMAI State of The Internet Q4-2014

DDoS attacks against global markets PLXSert – White Paper

Yummba web injects AKAMAI/PLXSert

Zeus Crimeware kit PLXSert