how to build your own website for free


The scheduled time is in EDT (UTC -4) - convert to your time here 

Time Title Speaker
0900-0915Opening Remarkscedoxx and Omar (Ωr)
0915-1015HeadHunterPaul Asadoorian
1030-1130Grey Hat SSH : SSH for Hackers and Red TeamsEvan Anderson
1145-1245DDoS Mitigation Fundamentals
Krassimir Tzvetanov
1300-1400Detect complex code patterns using semantic grepDrew Dennison
1415-1515IoT Honeypots and taming Rogue appliancesKat Fitzgerald
1530-1630Detecting and Bypassing Security Mechanisms in Telecom NetworksAli Abdollahi
1645-1745Elevating your career through scientific computing and the cloudRyan Elkins
1800-1900An Opinionated Guide to Scaling Your Company’s SecurityClint Gibler
1915-2015Cuddling the Cozy Bear, Emulating APT29
Jorge Orchilles
2030-2130Hacker RightsChloé Messdaghi
2145-2245Offensive Ops In macOS EnvironmentsCedric Owens
2300-0001The Great Hotel Hack: Adventures in attacking hospitality industryEtizaz Mohsin
0015-0115From Zero to Hero - Journey of vulnerability Identification and DisclosureIbad Shah
0130-0230Stayin’ Alive - Stay safe with insights from confirmed data breaches and incidentsAshish Thapar
0245-0345A Heaven for Hackers: Breaking a Web Security Virtual Appliances Mehmet INCE
0345-0515Extended Break 
0515-0615Deep Dive into Burp Suite and PluginsNicolas Krassas
0630-0730Weaponizing Recon - Smashing Applications for Security Vulnerabilities & ProfitHarsh Bothra
0745-0845COVID-1984: Propaganda and Surveillance during a PandemicMauro Eldritch
0900-1000One Social Profile to Rule Them All – Social Media ExploitationJoey Muniz
1015-11152FA in 2020 and BeyondKelley Robinson
1130-1230RedSourcing: Cyber War Tool Development OutsourcingChristopher Glyer & Nick Carr 
1245-1345Quickstart Guide to MITRE ATT&CK -The Do’s and Don’ts when using the Matrix Adam Mashinchi
1400-1500Vampirism and the Donut EconomyChris Crowley
1500-1600Break - Training Sessions end at 1600 (Track 1 and Track 2)---
1600-1615Closing Remarks and Announcement of Winners of the CTFcedoxx and Omar (Ωr)
Showing entries (filtered from total entries)

Grey Hat SSH : SSH for Hackers and Red Teams

Speaker: Evan Anderson

"The Secure Shell (SSH) was designed to replace telnet/rsh with a secure channel over unsecured networks. SSH is a swiss army knife for red team engagements letting malicious actors accomplish a multitude of interesting tasks.

Aside from providing access to run commands on remote systems SSH can be used to complete a myriad of other activities including hop network boundaries, maintain persistent access, download files, steal credentials, hide access and even configure what commands users run on login. This talk goes through details of how to configure and abuse ssh for a number of red team oriented goals from beginner too advanced. We will cover.

- various SSH clients (windows and unix)

- port fowarding, forward, reverse and dynamic

- authorized keys

- known hosts

- stealing creds from existing SSHD

- Writing custom SSHD servers to steal user creds

- Password spraying

- abusing various config files"


DDoS Mitigation Fundamentals

Speaker: Krassimir Tzvetanov

In this talk the attendees will go over the basics of Denial of Service. It starts with coverage of the different parts of the stack that can be attacked and transitions into a discussion about the currently popular types of DDoS: reflection attacks, SYN flood, Sloworis, etc.

While it covers different attack types, it supplements the attack descriptions with detailed technical explanation of the specific operating system components like sockets, buffers, etc.

Apart from covering specific technique the talk will cover general strategies using external resources such as CDNs and dedicated DDoS mitigation providers, anycast, etc.

The talk is specifically tailored to incident responders who normally do not operate the network but need to be on par with the network operators during an attack, and prepares them to ask the right questions in the planning phases, to help drive towards a resilient architecture.

The talk focuses on the technologies and not on particular vendor implementation.


Detect complex code patterns using semantic grep

Speaker: Drew Dennison

We’ll discuss a program analysis tool we’re developing called Semgrep. It's a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed Smegrep (then sgrep) while at Facebook. He’s now working on Semgrep full time with us at r2c.

Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis we’ve written and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.

For example, find subprocess calls with shell=True in Python using the query:, shell=True)

This will even find snippets like:

import subprocess as s'rm {args}', shell=True)

Or find hardcoded credentials using the query:

boto3.client(..., aws_secret_access_key=”...”, aws_access_key_id=”...” )


IoT Honeypots and taming Rogue appliances

Speaker: Kat Fitzgerald

Honeypots AND IoT security, all in one place? Yes, why YES I tell you, and this is it! Oh sure, honeypots are not new, but how they are used is what makes this talk just a little bit different. Presented for your viewing pleasure will be IoT specific honeypot configurations, some deployed with k8s (some not) and how they are used to not only trap attacks against your IoT devices but also detect attacks FROM a compromised IoT device.

The critical points for this entire presentation will be planning, building and deploying IoT honeypots in real scenarios and showing how they can protect against rogue appliances. This is not just a theoretical talk!"


Detecting and Bypassing Security Mechanisms in Telecom Networks

Speaker: Ali Abdollahi

One of the most complicated network is mobile telecom network. There are some segments includes signaling, charging, packet data, Radio etc. Still there are many security holes that allow attackers to compromise the network and however telecom companies enable security mechanisms and put some security devices. In this talk, I will cover common vulnerabilities, well-known security mechanisms like SMS Home Routing, telecom security Hardware like signaling firewall, Fake BTS detector, Packet-Switch network firewalls and all ways to bypass these security solutions and finally give you some tips and tricks to detect and prevent these type of activities.


Elevating your career through scientific computing and the cloud

Speaker: Ryan Elkins

Scientific compute platforms provide unlimited scalability, extensive integration, and ease-of-adoption for citizen developers. As these platforms are used to solve the world’s most challenging problems, the same principles can be applied to overcome systemic security program deficiencies. By combining scientific compute platforms with the global reach and unlimited compute resources of the cloud, you can elevate both your own security career as well as the overall maturity of your program.

Join this session to jump into the world of scientific computing and begin to utilize the technologies to iteratively increase your knowledge, build a library of information, generate metrics and dashboards, and integrate common security silos to establish a risk-based, data-driven security program.


An Opinionated Guide to Scaling Your Company’s Security

Speaker: Clint Gibler

There have been hundreds of blog posts and conference talks about DevSecOps and scaling security. As a busy security professional, it can be difficult to stay on top of the current state of the art.

Don’t worry, I’ve put in the time for you.

This talk distills the unique tips and tricks, lessons learned, and tools discussed in a vast number of blog posts, conference talks, and in-person discussions with security engineers at dozens of companies into an opinionated guide to systematically scaling your company's security. This talk is about results: tools and hyped approaches that don't work will be called out.

Topics covered include:

* Principles, mindsets, and methodologies of highly effective security teams

* Valuable security primitives to invest in, upon which high leverage initiatives can be built

* Security metrics and creating a data-driven security program 

* High value engineering projects that can eliminate classes of bugs

* How and where to integrate security automation into the CI/CD process in a high signal, low noise way

* Building a continuously monitored and self-healing cloud environment

* Vulnerability management, asset inventory, automating detection and response, threat modeling, and more

* Useful open source tools

You’ll leave this talk with an understanding of the current state of the art in DevSecOps, links to tools you can use, resources where you can dive into specific topics of interest, and most importantly, an actionable path forward for taking your security program to the next level."


Cuddling the Cozy Bear - Emulating APT29

Speaker: Jorge Orchilles

 Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. 

In this talk, we will learn about APT29 “Cozy Bear”, how they operate and what their objectives are. We will create an adversary emulation plan using C2 Matrix to pick the best command and control framework that covers the most TTPs. We will spend at least half the talk live demoing the attack with various tools that emulate the adversary behaviors and TTPs.


Hacker Rights

Speaker: Chloé Messdaghi

Sixty percent of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This fear is based on socially constructed beliefs. This talk dives into the brain's response to fear while focusing on increasing public awareness in order to bring legislation that supports ethical hackers, ending black hoodie and ski mask imagery, and encourage organizations to support bilateral trust within their policies.


Offensive Ops In macOS Environments

Speaker: Cedric Owens

This talk is centered around approaches, techniques, and tools that can be used in offensive operations in environments with large numbers of macOS devices. Though Windows still retains the lion's share when it comes to endpoint operating system market share, a lot of tech companies will often have more mac endpoints than Windows. Therefore, I believe it is important for both offensive and defensive engineers to understand attack vectors for these types of environments. 


The Great Hotel Hack: Adventures in attacking hospitality industry

Speaker: Etizaz Mohsin

Ever wondered your presence exposed to an unknown entity even when you are promised for full security and discretion in a hotel? Well, it would be scary to know that the hospitality industry is a prime board nowadays for cyber threats as hotels offer many opportunities for hackers and other cybercriminals to target them and therefore resulting in data breaches. Not just important credit card details are a prime reason, but also an overload of guest data, including emails, passport details, home addresses and more. Marriot International where 500 million guests' private information was compromised sets for one of the best examples. Besides data compromise, surgical strikes have been conducted by threat actors against targeted guests at luxury hotels in Asia and the United States. The advanced persistent threat campaign called Darkhotel infected wifi-networks at luxury hotels, prompted the victim to download the malware and thus, succeeded in specifically targeting traveling business executives in a variety of industries and all its prevalence seems to have no end yet. 

For a broader look, this time a popular internet gateway device for visitor based networks commonly installed in hotels, malls and other places that provides guests temporary access to Wi-Fi was examined. To see, how the guests and the hotels both have a serious stake in this, we will discourse about the working of guest Wi-Fi systems, different use cases and their attack surfaces: device exploitation, network traffic hi-jacking, accessing guest's details and more. Common attacks and their corresponding defenses will be discussed. This talk will contain demos of attacks to reveal how the remote exploitation of such a device puts millions of guests at risk.


A Heaven for Hackers: Breaking a Web Security Virtual Appliances

Speaker: Mehmet INCE

Most security products require to be placed in the heart of the organization's IT configuration. Even though we are highly paranoid and security aware about every single third party tool that we include in our IT structure; we lose these concerns when it comes to security products. We forget to see that even though these are security products in their nature; they are not necessarily secure in terms of their operation; despite the fact that they require much more permission than any other software. 

In this talk, I will take you through the steps of vulnerability research, which attack vectors were more promising than the others, which critical vulnerabilities were easier to find, how was the exploiting phase and much more. To do that, I will be using one of my 0day remote code execution exploit that targets Trend Micro Web Security product, which uses a combination of 3 different vulnerabilities to gain RCE as a case-study.


Weaponizing Recon - Shamshing Applications for Security Vulnerabilities & Profit

Speaker: Harsh Bothra

The process of penetration testing starts with the "Reconnaissance Phase". This phase, if performed carefully, always provides a winning situation. However, Often in the application security and bug bounty hunting, recon is mapped to finding some assets and uncovering hidden endpoints only & is somewhat under-utilized. Recon is the most crucial thing in application security and bug bounties which always keeps you separated from a competing crowd and gives easy wins.

In "Weaponizing Recon - Weaponizing Recon - Shamshing Applications for Security Vulnerabilities & Profit", will cover the deepest and most interesting recon methodologies to be one step ahead of your competition and how to utilize the tools and publicly available information to map your attack surface & maximize the profit. During the talk, we will cover:

1. Introduction to Recon

2. Basic Recon 101

3. Mapping Attack Surface with Basic Recon

4. Weaponizing Recon to Hit Attack Surface

5. Recon Hacks 101

6. Practical Offensive Recon

7. Automating Recon for Profit

8. Finding Vulnerabilities with Recon

9. Creating your own Recon Map

10. Practical Examples & Demonstrations


 COVID-1984: Propaganda and Surveillance during a Pandemic

Speaker: Mauro Eldritch

What does a propaganda apparatus look like from the inside? How do groups dedicated to setting trends and censoring the opposition act? What if your government forces you to install an app that tracks you during the pandemic? What if we infiltrate a sock puppet account to understand all this better?

The official political propaganda and digital surveillance in Argentina are not new. However, in the last fifteen years, both phenomena have adopted in their favor a new technological approach worthy of study, with the emergence of companies dedicated to manufacturing online trends; cyber militancy groups aimed at setting up debates, responding to them or denouncing rival trends in a coordinated way; the project to establish an exclusive social network for pro-government and “against the establishment” militants (sponsored by the Government itself); the rise of state digital surveillance after the implementation of a Cyber ​​Patrol Protocol, and the permanent monitoring of citizens through a mandatory mobile government application during the COVID-19 Pandemic. This work aims not only to review the previous events, but also to detail the two greatest milestones of political propaganda and digital surveillance in Argentina today: the political propaganda apparatus on social networks and the digital privacy abuses caused by the government application CUIDAR-COVID19 (ar.gob.coronavirus). For the first case, a fictitious account (sock puppet) will be infiltrated within the propaganda apparatus on social networks to achieve a detailed technical dissection of its entire operation (including its interventions and actors). Our own cyber intelligence tool, Venator.lua, will be used to obtain and process data. The following section will be devoted to the study of privacy abuses caused by the mandatory government application CUIDAR-COVID19, reverse engineering it and analyzing its source code.


One Social Profile to Rule Them All – Social Media Exploitation

Speaker: Joey Muñiz

If you have been on the internet the last 10 years, then you likely are using some form of social media. You probably have heard of phishing however, could social media be used for phishing and what potential danger could occur from social media sources? Find the answer to those and other phishing related questions based on a real penetration test that leveraged phishing as a means to deliver advanced exploitation. The speaker is the author of various penetration testing, forensics and SOC best practices titles giving his real world experience with social media exploitation.


Stayin’ Alive - Stay safe with insights from confirmed data breaches and incidents

Speaker: Ashish Thapar

Walk through the insights of the 2020 Data Breach Investigations Report (DBIR) to see how cybersecurity threat patterns are changing, who are the threat actors, understand their motivations, know their actions and learn about what could be the prioritized countermeasures to defend against these cyber adversaries in the new decade. The session will also cover some on-ground tips for the cyber defenders as learnt from the trenches.


Quickstart Guide to MITRE ATT&CK -The Do’s and Don’ts when using the Matrix

Speaker: Adam Mashinchi

Given the increasing awareness and use of the MITRE ATT&CK Matrix as a common language between Red Teams, Blue Teams,and executives, a growing number of organizations are utilizing the framework in inappropriate ways. This talk will provide the audience with a very fast yet very practical overview of ATT&CK, as well as how it is being utilized well and not so well in the industry. From periodic tables to minesweeper, and from CALDERA to Atomic Red Team, we will go over a list of the do’s and don’ts to get the most value from the ATT&CK matrix.


2FA in 2020 and Beyond

Speaker: Kelley Robinson

Security professionals agree: SMS based Two-factor Authentication (2FA) is insecure, yet thousands of companies still employ this method to secure their customer-facing applications. This talk will look at the evolution of authentication and provide a data driven analysis of the tradeoffs between the different types of factors available. Join us as we explore the modern landscape of 2FA and debate the relative merits of SMS and its alternatives.

We'll dive into a detailed comparison of methods like SMS, Soft Tokens, Push Authentication, and WebAuthn. From cryptographic security strength to end-user experience, we will break down the benefits and downsides for the different methods and provide guidance for choosing the right methods for your business. Finally, we'll walk through some real world examples of how different organizations implemented 2FA and provide a framework for threat modeling customer authentication.


Vampirism and the Donut Economy

Speaker: Chris Crowley

Large corporate interests provide mobile devices in a voraciously competitive marketplace. To satisfy their thirst for profit, your participation is required. To assure you stay on the treadmill and attached to the letting devices, your mobile phones provide (unhealthy) rewards with diminishing pleasure effect, so you vainly seek stronger sensations of satisfaction.

How can you defend yourself without forgoing the benefit of modern mobile devices which keep your data at risk. This (not groundbreaking) talk will show some techniques for you to assess your personal privacy risk of the apps that run on your phone, so you can placate the succubus and become aware of what it is trying to take from you.

© Copyright 2020  DEF CON Red Team Village and Texas Cyber Summit - All Rights Reserved