free simple website templates

Day 0 - August 6th, 2020

All times are in PDT (Las Vegas, NV, USA) time. You can convert the times to your timezone here.

0730-0800Announcements and RemarkscedoXx & Omar Ωr
0800-0900The Bug Hunter’s MethodologyJason Haddix
0915-1015Securing AND Pentesting the Great Spaghetti Monster (k8s)Kat FItzgerald
1030-1130Guerrilla Red Team: Decentralize the AdversaryChristopher Cottrell
1145-1245Evil Genius: Why you shouldn't trust that keyboardMauro Caceres & 
Farith Perez
1300-1400Combining notebooks, datasets, and cloud for the ultimate automation factoryRyan Elkins
1415-1515Deep Dive into Adversary Emulation - Ransomware EditionJorge Orchilles
1530-1630Introducing DropEngine: A Malleable Payload Creation FrameworkGabriel Ryan
1645-1745Zero Trust - A Vision for Securing Cloud and Redefining SecurityVandana Verma
1800-1900What college kids always get wrong, the art of attacking newbies to blueteamForrest Fuqua
1915-2015Android Malware AdventuresKürşat Oğuzhan AKINCI & 
2030-2130Making Breach and Attack Simulation Accessible and Actionable with Infection Monkey - from IT to the C-suiteShay Nehmad
2145-2245Android Application Exploitation Kyle Benac (aka @B3nac) 
2300-midnightOffensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security TestingKaustubh Padwad
Showing entries (filtered from total entries)

Day 0 - Speakers

Jason Haddix is the Head of Security for a leading videogame production company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before joining Bugcrowd Jason was the Director of Penetration Testing for HP Fortify and also held the #1 rank on the Bugcrowd leaderboard for two years. He is a hacker and bug hunter through and through and specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children. 

Kat FItzgerald - @rnbwkat - Drummer, hacker, defender against rogue appliances #IoT, diver, photographer, lover of fine tequilas & dancing flamingos. CEO

Christopher Cottrell is a security engineer and leader, focusing most of my career on offensive operations. I have built red teams, contributed to published works, open-sourced tools, and publicly discussed adversarial techniques. When I am not doing operations, I am refining long term strategy, uplifting the security community through red team mentoring programs, or learning about new adversarial techniques. 

Ryan Elkins leads the cloud security architecture program for Eli Lilly and Company. Elkins has over 12 years of security experience leading programs across the financial, insurance, and pharmaceutical industries. Throughout his career, he has developed cloud and application security programs, managed a global security services center, performed security consulting, and has led a global information security program. Elkins holds the CISSP and CCSP certifications, a bachelors degree in Computer Technology, and a masters degree in Information Security.

Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He led the offensive security team at Citi for over 10 years; a SANS Certified Instructor; author of Security 564: Red Team Exercises and Adversary Emulation; founding member of MITRE Engenuity Center of Threat-Informed Defense; CVSSv3.1 working group voting member; co-author of a Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry; ISSA Fellow; and NSI Technologist Fellow. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science. 

Gabriel Ryan is an offensive security engineer at SpecterOps with nearly 8 years of programming experience in C and Python. Previously, he worked at Gotham Digital Science, where he was heavily involved in their research program GDS Labs. He is the creator and active developer of EAPHammer, a weaponized version of hostapd for performing rogue access point attacks against WPA/2-EAP networks. He is also credited with the first working bypass of 802.1x-2010, along with improvements to existing techniques for bypassing 802.1x-2004. Gabriel's most recent research involved novel proof-of-concept attacks against WPA3's "Enhanced Open." His current endeavors involve deep dives into Kerberos abuse on both Windows and Linux platforms.

Vandana Verma 
President @Infosecgirls , Board-BoD @owasp , Leader @OWASPBangalore , WoSec, Work @IBM Co-organizer @bsidesdelhi

Kürşat Oğuzhan Akıncı is a Security Engineer at Trendyol. He is also a team leader of Blackbox Cyber Security which is Turkey's first cyber security volunteer group, coordinator and mentor of Turkcell CyberCamp and Turkish Airlines CyberTakeOff. In his free time Kürşat is performing security researches in the form of bug bounty in which he has found several vulnerabilities in critical institutions such as NSA as well as helping Mert Can to break into C&Cs.

Mert Can Coşkuner is a Security Engineer at Trendyol. He is maintaining a Penetration Testing and Malware Analysis blog at In his free time Mert Can is performing mobile malware research and threat intelligence.

Shay Nehmad is a lead developer at Guardicore, where he is working on the Infection Monkey, an open-source breach and attack simulation tool. Over the last few years in the IDF, Shay amassed extensive experience in both Information Security and Software Development.

Forrest Fuqua (JRWR) - JRWR creator of Hatchan, 3 years of NECCDC (Collegiate Cyber Defense Competition) Redteam, and defense industrial base cybersecurity pentester / auditor has been seeing all the mistakes everyone is making and works hard to try and get people to understand why its important to get your shit together.

Kyle Benac (aka @B3nac) currently works as a full time Security Researcher at Acronis SCS. Prior to this, he obtained his Bachelors of Science in Software Development and Security while active duty Air Force. He really enjoys hacking Android applications and participating in bug bounty programs. Creator of the InjuredAndroid Capture the Flag (CTF) training application and developer of HackerOne’s BountyPay Android application. Listed as a Top Contributor for the OWASP mobile security testing guide with over 58 contributions to the manual. 

Kaustubh is a Product security Assurance Manager at Reliance Jio Platform limited, his main work include Securing JIO’s Cutting Edge Enterprise, Consumer, and SMB(small,Medium,Big) business products. His main area of interest is Device security,Reverse engineering, discovering RCE,Priv-esc bugs in proprietary or close source devices. He was Null champion, He had deliver more than dozens of talk in null meet and he was champion for 3 years in null community. Also he was a speaker at Owasp SeaSide 2020,Bsides Boston 2020. Some of his works are published in SecurityWeek, ExploitDB, and have more than Dozens of CVE, Recently he was the winner of SCADA CTF @ nullcon 2019.

(c)2020, Red Team Village