html web templates

Day 1 - August 7th, 2020

All times are in PDT (Las Vegas, NV, USA) time. You can convert the times to your timezone here.

0730-0800Opening RemarkscedoXx & Omar Ωr
0800-0900Red Teaming: Born from the Hacker CommunityChris Wysopal
0915-1015Knock knock, who's there? Identifying assets in the cloudNahamSec and StaticFlow
1030-1130Panel: The Joy of Coordinating Vulnerability DisclosureCRob (Red Hat); Panelists: 
Lisa Bradley (Dell), 
Katie Noble (Intel), 
Omar Santos (Cisco), 
Anders Fogh (Intel), 
Daniel Gruss (TU Graz)
1145-1245How to hack SWIFT, SPID, and SPEI with basic hacking techniques
(from a Red Team Perspective)
Guillermo Buendia
1300-1400Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмерыAllie Mellen
1415-1515Grey Hat SSH: SShenanigansEvan Anderson
1530-1630Yippee-Ki-Yay MFA'er - Bypassing Multi-Factor Authentication with Real-Time Replay
Session Instantiation Attacks
Justin Hutchens
1645-1745Enumerating Cloud File Storage GemsMichael Wylie
1800-1900Total E(A)gressionAlvaro Folgado Rueda
1915-2015Password cracking beyond 15 characters and under $500Travis Palmer
2030-213050 Shades of Sudo AbuseTyler Boykin
2145-2245ATTPwn: Adversarial Emulation and Offensive Techniques
Collaborative Project
Pablo Gonzalez &
Fran Ramirez
2300-0001ERPwnage - A Red Team Approach to Targeting SAP
Austin Marck
Showing entries (filtered from total entries)

Day 1 - Speakers

Red Teaming: Born from the Hacker Community

Chris Wysopal is currently Veracode's CTO and Co-Founder. He is responsible for the company's software security analysis capabilities. One of the original vulnerability researchers and a member of L0pht Heavy Industries, Chris has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for 15 years. Back in 1997 he first got paid for hacking someone else's network and later a company's web application. Chris was hooked and has been performing security testing one way or another since.

NahamSec currently works as the Head of Hacked Education at HackerOne by day, and a hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100+ of web and mobile applications for companies such as Yahoo, Google, Airbnb, Snapchat, The US Department of Defense, Yelp, and more. He also cofounded Bug Bounty Forum, a community of 500+ active hackers sharing ideas and their experiences. He also streams live hacking on Twitch, and create educational content about hacking on YouTube. 

Tanner Barnes (aka @_StaticFlow_) Software engineer and hacker who develops tools for the Cyber Security world. You can find the tools I build on stream here at

CRob (Red Hat) moderator
Panelists: Lisa Bradley (Dell), Katie Noble (Intel), Omar Santos (Cisco), Anders Fogh (Intel), and
Daniel Gruss (TU Graz)

Guillermo Buendia is a Red Team Lead in one of the biggest insurance companies in the USA, he has worked for many Financial Institutions for the last 8 years.  He has presented his previous research in DEF CON, BSidesLV, BSides Manchester, Hackfest, etc.

Allie Mellen - I’ve spent several years in cybersecurity and have been recognized globally for my security research. Over the past year, I have helped organize and execute multiple election security tabletop exercises with participants from the FBI, Secret Service, Department of Homeland Security, and state law enforcement. In these sessions, it’s hackers versus law enforcement as an exercise in what attackers can do to disrupt Election Day and what the government is prepared to do - or should be prepared to do - to stop them..

Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.

Justin Hutchens (“Hutch”) is a seasoned cyber-security professional who specializes in vulnerability management, attack simulations, penetration testing, and red teaming. In 2008, Hutch began his information security career doing Threat and Vulnerability Management for the United States Air Force. Since separating from the Air Force, he has gone on to lead multiple penetration testing teams in both consulting and internal capacities. He has also achieved a Master’s degree in Computer Security Management and multiple information security certifications to include CISSP, GPEN, GWAPT, and OSCP. Hutch has significant experience in the field and has led assessments in nearly every industry and vertical. He is skilled in coding in Python, JavaScript, PowerShell, and Bash -- and emphasizes the importance of automation for both assessment methodology and development of internal processes.

Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more. Twitter: @TheMikeWylie.

Rebujacker works as a Product Security Engineer at Salesforce. He has multiple years of experience performing penetration tests, security assessment against different technologies, building automation tools for this purpose and performing application level research. In the recent years his field of study has been focused into red teaming and automation. The combination of his application level security and pentesting knowledge leads him to build tools/implants that blends-in better with nowadays cloud infrastructure and application stack of tested organizations.  Working recently in its main project: Siesta Time Implant Framework for red teamers, presented in last Defcon Red team Village. Last progress includes new persistence and stealthier network modules.

Travis Palmer is a Red Team Engineer at Intercontinental Exchange and a certified OSCP and OSCE. Most recently he has been a "surprise" backup speaker at DEFCON 27, DEFCON Red Team Village Staff, and a speaker at Wild West Hacking Fest and Cisco Offensive Summit. He is a fan (and sometimes-contributor) of a number of simulator/sandbox video games, and keeper of too many unfinished hardware projects. In his video games he enjoys long assaults on the beach, and dancing jets in the rain.

Tyler Boykin is a former 0602 (USMC), hobbyist infosec geek, and is a Security Engineer with By Light Professional IT Services LLC currently developing features for CyberCENTS (a By Light Offering). He currently holds a variety of industry credentials to include OSCE, OSCP, CISSP, CCNP, CCDP, and many others.

Pablo Gonzalez has a University degree in Computing Engineering and Master's degree in Cybersecurity. He has presented at Black Hat Europe Arsenal (2017, 2018, 2019), BlackHat USA Arsenal 2020, EkoParty 2018, 8dot8 Chile, DragonJAR Colombia, RootedCON, LeHACK 2019, etc. He is a Microsoft MVP 2017-2020. Pablo has written several computer security books, including Metasploit for Pentesters, Ethical Hacking, Pentesting with Kali, Metasploit hacking, Got Root and PowerShell pentesting. He is also a co-founder of flu-project and the founder of hackersClub. With more than 10 years working in cybersecurity and teaching several masters in cybersecurity in Spain, he is currently working as Project/Team Manager and Security Researcher at Telefonica (Ideas Locas department).

Fran Ramirez has a University degree in Computing Engineering, a Certificate of higher education in Industrial and Digital Electronics, and a Master's degree in Cybersecurity. He has experience working as an IT Senior System Engineer in the USA and Canada, consolidating IT technologies and datacenters. He began working as a Security Researcher at Telefonica and ElevenPaths in 2017. Francisco has also co-written books about Docker and Machine Learning, and been a speaker at Mobile World Congress (Barcelona), Black Hat Europe Arsenal (London), Hacktivity (Hungary), LeHack (Paris) and many other conferences.

Austin Marck (@icryo) is a research lead at RSMUS LLP. He leads ERP security testing efforts against SAP. His offensive experience is targeted at emerging security threat emulation and responsible vulnerability disclosure.
Wastes most of his time on: CTF, HackTheBox, IoT, Software Defined Radio, Hardware hacking, Paramotoring, Climbing, & Bourbon

(c)2020, Red Team Village