Red and Blue Tactics for Real Cyber Conflict

Dan Borges / @1jection

Taylor Sano / @jackson5_sec

Jase Kasperowicz

Philip Pineda

Length: 4 hours

Adversary emulation offers defenders the ability to view their networks from the perspective of a specific threat actor. Acting on objectives is the end goal for criminals, red teamers, espionage groups, and "APT" teams alike. Maintaining constant access to an environment over long periods of time, is a means to this end. Sometimes attackers can outlive an incident response consultancy or budget, in a commonly observed but scarcely talked about, post incident response setting. There are many well documented talks for gaining domain admin and escalating through an environment but few that discuss what to do once you have active defenders trying to stop you. This talk will discuss methods, tools, and techniques for maintaining long term, persistent access to an environment, in what we like to call the Aggressive and Prepared Threat (AAPT) approach, observed by both criminal and government hacking groups. Essentially, the Aggressive and Prepared Threat is focused on combating defenders for full control of various machines or entire networks. The Aggressive and Prepared Threat usually works on a shorter timeline with more noisy, impactful, and destructive techniques, when compared to more traditional adversaries focusing on stealth. Think of it like a street fight for control of your network. One of the AAPTs core goals is to overwhelm the defense and gain more control of the environment than the defenders. We will explore maintaining access in an environment with strong detection, active incident responders, all while persisting on various systems and maintaining access to the goals over prolonged periods of time. We will demonstrate this methodology through using a combination of open source and custom tools, showing how attackers can beat detection and out live an incident response team. We will also show how defenders can combat this type of adversary and take back their network from such a dominating threat. Join us for a fun time exploring both red and blue tactics for real cyber conflict.


Russell Handorf / @dntlookbehindu

LosT/李智上 / @1o57

Length: 4 hours

Trust in Waves: An introduction to packet radio with AX.25 and elliptic curve cryptography.

Brannon Dorsey

Length: 2 hours

This hands-on workshop will demonstrate how to use cheap chinese radios in combination with audio modem software to create long distance communication networks. We’ll start off by introducing the equipment and protocols common to packet radio as well as a brief history of the medium. Participants will encode digital data using audio to transmit messages over UHF and VHF radio frequencies using their own equipment and equipment provided by the instructor. Once the group has a foundational understanding of the technology and how to use it, we’ll introduce a new open source protocol and software package called Chattervox[1].

Chattervox is a packet radio chat protocol with support for digital signatures and binary compression; think IRC over radio waves. In the United States, it's illegal to broadcast encrypted messages on amateur radio frequencies. Chattervox respects this law, while using elliptic curve cryptography and digital signatures to protect against message spoofing. Participants will be introduced to the protocol by its author and have the opportunity to influence its development. The protocol has received a warm and exciting welcome by amateur radio enthusiasts, but this workshop will mark the first large-scale use of the protocol by a group. [1]


Detection and Incident Response with osquery

Javier Marcos / @javutin

Nick Anderson / @PoppySeedPlehzr

Length: 2 hours

This workshop is an introduction to osquery, an open source SQL-powered operating system for instrumentation and analytics. Osquery was created by the Facebook Security team and is actively being developed by Facebook and the open source community. It is currently used by many companies for collecting host forensics and proactively hunting for abnormalities.

Secure Code Audit - Express Edition.

Manoj Kumar / @cysmanojsah

Ranjith Menon / @ranjith_menon16

Length: 4 hours

This training will help with relevant issues to subsequently demonstrate how to design and develop code defenses into an application.

Our open source tool will help automate some process in the finding. We will show how to use it effectively with full hands on training with CTF developed by us.

DNS Security


Length: 2 hours

This talk/workshop will be focusing on DNS, how to run DNS services securely, and other aspects of DNS security. Topics will include DNSSEC, DNS Cookies, TSIG keys, service architectures, and the basics of running your own private resolver.

Embedded engineering: A simple NFC reader

Dave Riley

Length: 2 hours

Explore the world of embedded computing and make your own NFC reader! We'll be building software and putting some off-the-shelf boards together to make a simple NFC reader to demonstrate what's possible with even very small microcontrollers.

Intro to Electronic Badges

bat / @mzbat

Franklin / @thedevilsvoice

Length: 4 hours

This workshop will introduce participants to #badgelife by breaking down the art of creating electronic badges, from concept to prototype. Topics covered will be artwork, Eagle (PCB design software), breadboard prototypes, components, and the code that brings it all together. Participants must bring laptop, and working knowledge of Github is preferred but not required.