|0730-0800||Opening Remarks||cedoXx & Omar Ωr|
|0800-0900||Red Teaming: Born from the Hacker Community||Chris Wysopal|
|0915-1015||Knock knock, who's there? Identifying assets in the cloud||NahamSec and StaticFlow|
|1030-1130||Panel: The Joy of Coordinating Vulnerability Disclosure||CRob (Red Hat); Panelists: |
Lisa Bradley (Dell),
Katie Noble (Intel),
Omar Santos (Cisco),
Anders Fogh (Intel),
Daniel Gruss (TU Graz)
|1145-1245||How to hack SWIFT, SPID, and SPEI with basic hacking techniques |
(from a Red Team Perspective)
|1300-1400||Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры||Allie Mellen|
|1415-1515||Grey Hat SSH: SShenanigans||Evan Anderson|
|1530-1630||Yippee-Ki-Yay MFA'er - Bypassing Multi-Factor Authentication with Real-Time Replay |
Session Instantiation Attacks
|1645-1745||Enumerating Cloud File Storage Gems||Michael Wylie|
|1800-1900||Total E(A)gression||Alvaro Folgado Rueda|
|1915-2015||Password cracking beyond 15 characters and under $500||Travis Palmer|
|2030-2130||50 Shades of Sudo Abuse||Tyler Boykin|
|2145-2245||ATTPwn: Adversarial Emulation and Offensive Techniques |
|Pablo Gonzalez &|
|2300-0001||ERPwnage - A Red Team Approach to Targeting SAP
Red Teaming: Born from the Hacker Community
Chris Wysopal is currently Veracode's CTO and Co-Founder. He is responsible for the company's software security analysis capabilities. One of the original vulnerability researchers and a member of L0pht Heavy Industries, Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for 15 years. Back in 1997 he first got paid for hacking someone else's network and later a company's web application. Chris was hooked and has been performing security testing one way or another since.
NahamSec currently works as the Head of Hacked Education at HackerOne by day, and a hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100+ of web and mobile applications for companies such as Yahoo, Google, Airbnb, Snapchat, The US Department of Defense, Yelp, and more. He also cofounded Bug Bounty Forum, a community of 500+ active hackers sharing ideas and their experiences. He also streams live hacking on Twitch, and create educational content about hacking on YouTube.
CRob (Red Hat) moderator
Panelists: Lisa Bradley (Dell), Katie Noble (Intel), Omar Santos (Cisco), Anders Fogh (Intel), and
Daniel Gruss (TU Graz)
Guillermo Buendia is a Red Team Lead in one of the biggest insurance companies in the USA, he has worked for many Financial Institutions for the last 8 years. He has presented his previous research in DEF CON, BSidesLV, BSides Manchester, Hackfest, etc.
Allie Mellen - I’ve spent several years in cybersecurity and have been recognized globally for my security research. Over the past year, I have helped organize and execute multiple election security tabletop exercises with participants from the FBI, Secret Service, Department of Homeland Security, and state law enforcement. In these sessions, it’s hackers versus law enforcement as an exercise in what attackers can do to disrupt Election Day and what the government is prepared to do - or should be prepared to do - to stop them..
Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.
Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more. Twitter: @TheMikeWylie.
Rebujacker works as a Product Security Engineer at Salesforce. He has multiple years of experience performing penetration tests, security assessment against different technologies, building automation tools for this purpose and performing application level research. In the recent years his field of study has been focused into red teaming and automation. The combination of his application level security and pentesting knowledge leads him to build tools/implants that blends-in better with nowadays cloud infrastructure and application stack of tested organizations. Working recently in its main project: Siesta Time Implant Framework for red teamers, presented in last Defcon Red team Village. Last progress includes new persistence and stealthier network modules.
Travis Palmer is a Red Team Engineer at Intercontinental Exchange and a certified OSCP and OSCE. Most recently he has been a "surprise" backup speaker at DEFCON 27, DEFCON Red Team Village Staff, and a speaker at Wild West Hacking Fest and Cisco Offensive Summit. He is a fan (and sometimes-contributor) of a number of simulator/sandbox video games, and keeper of too many unfinished hardware projects. In his video games he enjoys long assaults on the beach, and dancing jets in the rain.
Tyler Boykin is a former 0602 (USMC), hobbyist infosec geek, and is a Security Engineer with By Light Professional IT Services LLC currently developing features for CyberCENTS (a By Light Offering). He currently holds a variety of industry credentials to include OSCE, OSCP, CISSP, CCNP, CCDP, and many others.
Pablo Gonzalez has a University degree in Computing Engineering and Master's degree in Cybersecurity. He has presented at Black Hat Europe Arsenal (2017, 2018, 2019), BlackHat USA Arsenal 2020, EkoParty 2018, 8dot8 Chile, DragonJAR Colombia, RootedCON, LeHACK 2019, etc. He is a Microsoft MVP 2017-2020. Pablo has written several computer security books, including Metasploit for Pentesters, Ethical Hacking, Pentesting with Kali, Metasploit hacking, Got Root and PowerShell pentesting. He is also a co-founder of flu-project and the founder of hackersClub. With more than 10 years working in cybersecurity and teaching several masters in cybersecurity in Spain, he is currently working as Project/Team Manager and Security Researcher at Telefonica (Ideas Locas department).
Fran Ramirez has a University degree in Computing Engineering, a Certificate of higher education in Industrial and Digital Electronics, and a Master's degree in Cybersecurity. He has experience working as an IT Senior System Engineer in the USA and Canada, consolidating IT technologies and datacenters. He began working as a Security Researcher at Telefonica and ElevenPaths in 2017. Francisco has also co-written books about Docker and Machine Learning, and been a speaker at Mobile World Congress (Barcelona), Black Hat Europe Arsenal (London), Hacktivity (Hungary), LeHack (Paris) and many other conferences.
Austin Marck (@icryo) is a research lead at RSMUS LLP. He leads ERP security testing efforts against SAP. His offensive experience is targeted at emerging security threat emulation and responsible vulnerability disclosure.
Wastes most of his time on: CTF, HackTheBox, IoT, Software Defined Radio, Hardware hacking, Paramotoring, Climbing, & Bourbon