FiestaCon 2023 Agenda

March 9th CTF

  • All-Day – Capture the Flag (in-person and remote). More details to come (Sponsored by HacktheBox)

March 10th Conference Talks

Location: Embassy Suites by Hilton San Antonio Landmark, 5615 Landmark Pkwy, San Antonio, TX 78249

  • 0830 – Registration, pick-up shirts and Con swag
  • 0900 – Welcome and introductions
  • 0915 – Keynote: Conversations w/ a Fortune 5 CISO – Aimee Cardwell and Cat Goodfellow, Optum
  • 1000 – Keynote: Farming for Red Teams – Dominic Chell, MDSec
  • 1100 – Offensive WASM, Joe DeMesy, Bishop Fox
    • A brief history of WASM/WASI and then dive into the upcoming Sliver v1.6 release, which includes a prototype feature that allows operators to encode C2 traffic using WASM-based callback functions. These WASM-based encoder functions can be dynamically loaded at runtime by both the server and the implant. We’ll discuss the limitations of the technology (e.g. performance) , how the network encoder interface works, as well as potential future applications of the technology.
  • 1200 – Lunch Break (catered)
  • 1300 – Pre-Windows 2000 Backdoors and Bypasses, Garrett Foster, Optiv
    • In active directory, possession or control of computer accounts facilitate several cases of abuse for red teamers such as persistence, lateral movement, and privilege escalation. With this in mind, defenders have hardened environments to prevent arbitrary creation of machines or to join machines to the domain. This presentation will demonstrate how administrators are mistakenly introducing backdoors into their environments and how red teamers can leverage these backdoors to bypass restrictions domain restrictions to perform their malicious actions and potentially add new TTPs to their toolkit.
  • 1400 – Docker for Hackers, Evan Anderson, Randori
    • Docker for hackers is a deep dive on leveraging docker. In this session we will walk through how to use docker to quickly build repeatable test environments, cross compile tools, and other useful ways hackers can use docker to improve their day to day for research or operations.
  • 1500 – A DevOps Approach to Red Team Infrastructure – Build It Better Faster Stronger, John Simonelli, Optum
    • In this talk I will go over my DevOps approach to solving these issues to meet the demands of an agile and rapidly moving red team. We will go over integrating Atlantis on AWS Fargate and github to build all of your infrastructure with Terraform at the speed of a git push. Drastically cut down the deployment of servers to a mere 1 or 2 minutes utilizing Packr and Ansible.
  • 1600 – Storytelling for Red Teams, Ryan Linn, Wells Fargo
    • Working towards the right objectives with the right business and technical content is only half the equation for successful ops. The other part that is required is getting someone to care enough to want to make changes. This talk will focus on multiple areas of op design with the intention of getting the broadest audience interested and driving resolution.
  • 1700 – Lessons Learned from C2 Development, Cody Thomas, SpecterOps
    • This talk goes into the technical details for the evolution of the Mythic C2 Frameworks’ microservice architecture. This covers operational topics like user experience and design; engineering topics like scaling and performance; and agent developer topics like libraries and scripting. The goal of this talk is not to tell you exactly how to design a C2 framework, but to instead illustrate design decisions that come into play as you design, test, and use a C2 framework operationally.
  • 1800 – Giveaways
  • 1830 – AfterCon – TopGolf (sponsored by SpecterOps)