build a website

Day 3 - August 9th, 2020

All times are in PDT (Las Vegas, NV, USA) time. You can convert the times to your timezone here.

0100-0200PatrOwl - Red flavour of SOC automationNicolas MATTIOCCO
0215-0315Reviewing MS08-067, Illustration Of An Old ChapterEtizaz Mohsin
0330-0430RedTeamOps - Managing Red Team Infrastructure as a Red TeamerMert Can Coskuner
0445-0545From Discovery to DisclosureIbad Shah
0600-0700Hacking Zoom: a Hacker's Journey into Zoom SecurityMazin Ahmed
0715-0815PWN The WorldChris Kubecka
0830-0930Autonomous Security Analysis and Penetration Testing (ASAP)Ankur Chowdhary
0945-1045Kubernetes Goat - Vulnerable by Design Kubernetes Cluster EnvironmentMadhu Akula
1100-1200Breaking the Attack ChainCorey Ham & Matt Eidelberg
1215-1315Hashes; Smothered, Covered, and Scattered: Modern Password Cracking as a MethodologyLee Wangenheim
1330-1430You’re Adversary Within - The Golden Age of Insider ThreatsAdam Mashinchi
1500-1600Have my keys been pwned? - API EditionJose Hernandez and
Rod Soto
1600-1700Red Team Village Closing Ceremony and Announcement of Winners of CTF and CyberWraith cedoXx and Omar Ωr
1700-1800DEF CON Closing Ceremony 
Showing entries (filtered from total entries)

Day 3 - Speakers

Nicolas MATTIOCCO is an information security expert since 12 years and was involved in various security consulting engagements from penetration tests to global risk assessments and security operations implementation. Today, he is working as a red teamer and in automating security operations at a large scale.

Etizaz Mohsin is an information security researcher and enthusiast. His core interest lies in low level software exploitation both in user and kernel mode, vulnerability research, reverse engineering. He holds a Bachelors in Software Engineering and started his career in Penetration Testing. He is an active speaker at international security conferences. He has achieved industry certifications, the prominent of which are OSCP, OSCE, OSWP, OSWE, OSEE, CREST CRT, CPSA, EWPTX, CEH.

Mert Can Coşkuner is a Security Engineer at Trendyol. He is maintaining a security blog at

Ibad Shah
Professional Red Teamer in daylight and Security Researcher at night.

Mazin Ahmed is a security consultant who specializes in AppSec and offensive security. He is passionate about information security and has previously found vulnerabilities in Facebook, Twitter, Linkedin, and Oracle to name a few. Mazin is the developer of a number of popular open-source security tools that have been integrated into security testing frameworks and distributions. Furthermore, Mazin’s research of WAF security has earned the 4th place on top web hacking techniques of 2015 award. Mazin also built FullHunt, the next-generation vulnerability intelligence platform.

Chris Kubecka - "Fearless and powerful speaker, saves countries, fights cyber terrorism, advises several governments as a subject matter expert on cyber warfare national defense. Profiled by major media in the USA and Europe. USAF military combat veteran, former military aviator, and USAF Space Command. Defends critical infrastructure and handles country level cyber incidents, cyberwarfare, and cyber espionage. Reconnected Saudi Aramco international business operations & established digital security after the world’s most devastating cyberwarfare attack. Developing the highest level of exploit code against IT/IOT/ICS SCADA control systems whilst working with governments. Involved in the world’s biggest hacks, advising nations, NATO, Europol, Interpol exposing corruption and national security risks.
“She is a go-to professional for governments. There are only a certain number who can both frame the problem conceptually and put it in straight fuc**** English so somebody can understand. And she can do that.”

Ankur Chowdhary is a PhD candidate at Arizona State University (ASU). His research interests include Cloud Security, Software Defined Networks, and application of Artificial Intelligence and Machine Learning in the field of cybersecurity. Ankur has over 5 years of cybersecurity industry experience. He has worked for companies like CSC Pvt. Ltd., Republic Services, Blackberry Pvt. Ltd., and Bishop Fox. Ankur has co-authored over 25 research papers and one textbook in the field of cybersecurity. Ankur co-founded cybersecurity startup CyNET LLC (2017). Ankur has been quite active in cybersecurity education. Ankur was ASU’s National Cybersecurity Defense Competition (NCCDC) captain (2015-2018), and he is current team coach (2018-). He co-founded hacking club DevilSec in 2019 to teach offensive and defensive security to students at ASU.

Madhu Akula is creator of Kubernetes Goat, security ninja, published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26 & 27), BlackHat USA (2018 & 19), USENIX LISA (2018 & 19), O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19 & 20), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon (2018, 19), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams."

Corey Ham & Matt Eidelberg are principal consultants/leaders within Optiv's advanced services sub-team. Together they have 13 years combined experience delivering offensive security engagements for clients, along with personal tool development and research. Matthew has presented at multiple conferences across North America.

Lee Wangenheim works as a security consultant for the Attack and Penetration team at Optiv. As part of his job he helps to maintain the teams password crackers as well as perform enterprise password audits for various clients. After fielding several questions from the team about best practices, he set out to define the methodology a modern consultant can use to attack passwords they find on an engagement.

José Hernandez is a Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks from “anonymous” and “lulzsec” against Fortune 100 companies. As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. While working at Splunk as a Security Architect, he built and released an auto-mitigation framework that has been used to automatically fight attacks in large organizations. He has also built security operation centers and run a public threat-intelligence service. Although security information has been the focus of his career, José has found that his true passion is in solving problems and creating solutions. As an example, he built an underwater remote-control vehicle called the SensorSub, which was used to test and measure toxicity in Miami's waterways.

Rod Soto worked at Prolexic, Akamai, Caspida. Won BlackHat CTF in 2012. Co-founded Hackmiami, Pacific Hackers meetup and conferences.

Adam Mashinchi is SCYTHE's VP of Product Management where he leads the project management, design, and quality assurance departments for SCYTHE's product portfolio. Before SCYTHE, Adam defined and managed the development of enterprise security and privacy solutions with an emphasis on usable encryption at a global scale and led numerous technical integration projects with a variety of partners and services.

(c)2020, Red Team Village