Red and Blue Tactics for Real Cyber Conflict

Dan Borges / @1jection
Taylor Sano / @jackson5_sec
Philip Pineda


Adversary emulation offers defenders the ability to view their networks from the perspective of a specific threat actor. Acting on objectives is the end goal for criminals, red teamers, espionage groups, and "APT" teams alike. Maintaining constant access to an environment over long periods of time, is a means to this end. Sometimes attackers can outlive an incident response consultancy or budget, in a commonly observed but scarcely talked about, post incident response setting. There are many well documented talks for gaining domain admin and escalating through an environment but few that discuss what to do once you have active defenders trying to stop you. This talk will discuss methods, tools, and techniques for maintaining long term, persistent access to an environment, in what we like to call the Aggressive and Prepared Threat (AAPT) approach, observed by both criminal and government hacking groups. Essentially, the Aggressive and Prepared Threat is focused on combating defenders for full control of various machines or entire networks. The Aggressive and Prepared Threat usually works on a shorter timeline with more noisy, impactful, and destructive techniques, when compared to more traditional adversaries focusing on stealth. Think of it like a street fight for control of your network. One of the AAPTs core goals is to overwhelm the defense and gain more control of the environment than the defenders. We will explore maintaining access in an environment with strong detection, active incident responders, all while persisting on various systems and maintaining access to the goals over prolonged periods of time. We will demonstrate this methodology through using a combination of open source and custom tools, showing how attackers can beat detection and out live an incident response team. We will also show how defenders can combat this type of adversary and take back their network from such a dominating threat. Join us for a fun time exploring both red and blue tactics for real cyber conflict.

Strategies for your projects: Concept to Prototype

Russell Handorf / @dntlookbehindu
Dragorn / @KismetWireless


You may have thought about "Hey, wouldnt it be cool to build something that does XYZ", or have a protoboard of shields, wires and things that would raise the eyebrow of an airport screener, but are dubious as to your next steps? Join this session where we will cover common design techniques, software and hardware that will get you over the finish line and having parts come in the mail!

Trust in Waves: An introduction to packet radio with AX.25 and elliptic curve cryptography.

Brannon Dorsey

This hands-on workshop will demonstrate how to use cheap chinese radios in combination with audio modem software to create long distance communication networks. We'll start off by introducing the equipment and protocols common to packet radio as well as a brief history of the medium. Participants will encode digital data using audio to transmit messages over UHF and VHF radio frequencies using their own equipment and equipment provided by the instructor. Once the group has a foundational understanding of the technology and how to use it, we'll introduce a new open source protocol and software package called Chattervox[1].

Chattervox is a packet radio chat protocol with support for digital signatures and binary compression; think IRC over radio waves. In the United States, it's illegal to broadcast encrypted messages on amateur radio frequencies. Chattervox respects this law, while using elliptic curve cryptography and digital signatures to protect against message spoofing. Participants will be introduced to the protocol by its author and have the opportunity to influence its development. The protocol has received a warm and exciting welcome by amateur radio enthusiasts, but this workshop will mark the first large-scale use of the protocol by a group. [1]



Brannon Dorsey is an artist, programmer, and security researcher who uses technology and reproducible electronic media to navigate difficult terrain. He employs open software tools to create experiences that excite and empower individuals and collaborative communities rather than create passive users/consumers. Brannon's work encourages a digital literacy that celebrates the truly profound technological era that we now live while remaining skeptical of the ways that this technology is being used on and against us.

Brannon has been featured in various publications and articles, including WIRED, Motherboard, The Creator's Project, Hackaday, Bloomberg, The New York Observer, Boing Boing, The Register, and rtl-sdr. His work has shown in Japan, Mexico, New York City, Chicago, Los Angeles, Miami, Atlanta, Washington D.C., Philadelphia, and his hometown of Richmond, VA, among other places. He has shown in group exhibitions at the Virginia Museum of Fine Arts, the Miami Art Museum, the John F. Kennedy Center for the Performing Arts, and the Smithsonian's American Art Museum.

Detection and Incident Response with osquery

Javier Marcos / @javutin


This workshop is an introduction to osquery, an open source SQL-powered operating system for instrumentation and analytics. Osquery was created by the Facebook Security team and is actively being developed by Facebook and the open source community. It is currently used by many companies for collecting host forensics and proactively hunting for abnormalities.


Javier Marcos is a citizen of the shell and a CYBER practitioner. Current member of the Department of ServerLand Security at BitMEX. Contributor of osquery and creator of the Facebook CTF platform. His happy place is /bin/bash

DNS Security


This talk/workshop will be focusing on DNS, how to run DNS services securely, and other aspects of DNS security. Topics will include DNSSEC, DNS Cookies, TSIG keys, service architectures, and the basics of running your own private resolver.


Charles Rumford works as an IT Architect for the University of Pennsylvania as part of the Network Engineering group. His primary responsibilities are around network architecture with a focus in security, routing, wireless, identity and access management, network usability, network segmentation, and network virtualization. He takes a cross disciplinary approach to solving problems, leveraging his background in Linux systems administration and degree in computer science. His recent completed projects include deployment of an IoT wireless network, a new wireless guest network, campus border firewalls, and network designs for cloud connectivity.

When not moving a mile a minute in the IT world, Charles enjoys knitting, tower bell ringing, spending time with his cat, and riding bikes. He also volunteers for a number of organizations in and beyond the IT community.

Embedded engineering: A simple NFC reader

Dave Riley

Explore the world of embedded computing and make your own NFC reader! We'll be building software and putting some off-the-shelf boards together to make a simple NFC reader to demonstrate what's possible with even very small microcontrollers.


Dave Riley is a former-ish embedded hardware/software/FPGA engineer with a weak spot for vintage and other resource-constrained computers. He currently works at FireEye designing APIs and backends for their products. Like most nerds, he collects hobbies.

Reverse Engineering Web Applications

Jarrod Overson


This session will run down advanced JavaScript debugging techniques that can be used to reverse engineer a production web application. We'll go over how to intercept and modify requests, rewrite JavaScript on the fly, and use the Chrome Devtools Protocol to give you control over the browser runtime. These techniques can also be used to reverse engineer and hook into Electron-based applications like Visual Studio Code and Slack. While the strategies shown are frequently used to reverse engineer web applications they are advanced debugging skills that will help you in everyday development as well.


Jarrod is a Director of Engineering at Shape Security where he led the development of Shape's Enterprise Defense, the service that protects the world's largest companies against automated attacks like credential stuffing. Jarrod is a frequent speaker on modern web threats and cybercrime and has been quoted by Forbes, the Wall Street Journal, CNET. He's the author of O'Reilly's Developing Web Components, creator of Plato, a static analysis tool for web applications, and frequently writes and records topics about reverse engineering and automation.