All-Day – Capture the Flag (in-person and remote). More details to come (Sponsored by HacktheBox)
March 10th Conference Talks
Location: Embassy Suites by Hilton San Antonio Landmark, 5615 Landmark Pkwy, San Antonio, TX 78249
0830 – Registration, pick-up shirts and Con swag
0900 – Welcome and introductions
0915 – Keynote: Conversations w/ a Fortune 5 CISO – Aimee Cardwell and Cat Goodfellow, Optum
1000 – Keynote: Farming for Red Teams – Dominic Chell, MDSec
1100 – Offensive WASM, Joe DeMesy, Bishop Fox
A brief history of WASM/WASI and then dive into the upcoming Sliver v1.6 release, which includes a prototype feature that allows operators to encode C2 traffic using WASM-based callback functions. These WASM-based encoder functions can be dynamically loaded at runtime by both the server and the implant. We’ll discuss the limitations of the technology (e.g. performance) , how the network encoder interface works, as well as potential future applications of the technology.
1200 – Lunch Break (catered)
1300 – Pre-Windows 2000 Backdoors and Bypasses, Garrett Foster, Optiv
In active directory, possession or control of computer accounts facilitate several cases of abuse for red teamers such as persistence, lateral movement, and privilege escalation. With this in mind, defenders have hardened environments to prevent arbitrary creation of machines or to join machines to the domain. This presentation will demonstrate how administrators are mistakenly introducing backdoors into their environments and how red teamers can leverage these backdoors to bypass restrictions domain restrictions to perform their malicious actions and potentially add new TTPs to their toolkit.
1400 – Docker for Hackers, Evan Anderson, Randori
Docker for hackers is a deep dive on leveraging docker. In this session we will walk through how to use docker to quickly build repeatable test environments, cross compile tools, and other useful ways hackers can use docker to improve their day to day for research or operations.
1500 – A DevOps Approach to Red Team Infrastructure – Build It Better Faster Stronger, John Simonelli, Optum
In this talk I will go over my DevOps approach to solving these issues to meet the demands of an agile and rapidly moving red team. We will go over integrating Atlantis on AWS Fargate and github to build all of your infrastructure with Terraform at the speed of a git push. Drastically cut down the deployment of servers to a mere 1 or 2 minutes utilizing Packr and Ansible.
1600 – Storytelling for Red Teams, Ryan Linn, Wells Fargo
Working towards the right objectives with the right business and technical content is only half the equation for successful ops. The other part that is required is getting someone to care enough to want to make changes. This talk will focus on multiple areas of op design with the intention of getting the broadest audience interested and driving resolution.
1700 – Lessons Learned from C2 Development, Cody Thomas, SpecterOps
This talk goes into the technical details for the evolution of the Mythic C2 Frameworks’ microservice architecture. This covers operational topics like user experience and design; engineering topics like scaling and performance; and agent developer topics like libraries and scripting. The goal of this talk is not to tell you exactly how to design a C2 framework, but to instead illustrate design decisions that come into play as you design, test, and use a C2 framework operationally.
1800 – Giveaways
1830 – AfterCon – TopGolf (sponsored by SpecterOps)
FiestaCon