Hack Red Con Overview

Hack Red Con is Sept 7 - Sept 11 2022 is a Cyber Security Conference, Training and Networking 4 day event with an emphasis on Red/Blue Teaming, Pen Testing, Social Engineering, and all aspects of Off Sec.

The Conference aims to connect Cyber Security Experts , Companies, Educators, Influencers, Investors, Entrepreneurs and Federal, State, Local Government Agencies together.

This 4 day event will have 2 intense training (Sept 7 and 8) days of the latest in Off Sec Education by the industries top hackers and industry experts. The following 2 conference days (Sept 9 and 10) will include world class key note speakers, industry talks, roundtables, events including Hack the Flag, Jeopardy and Kentucky Bourbon, Lock Hack Challenges, Hack Career Meet & Great, Invest in Cyber, and of course the sickest Swag and Gear Giveaways.

Apart from the work, Hack Red Con will have night party events with Local Bourbon Vendors, live major bands and a Block Party outside of the hotel.

If you are in the Off Sec community, you don't want to miss this Bad Ass Event!

What to Expect at Hack Red Con

Talks

Talks at Hack Red Con are at the core of conference. Global influencers, off sec professionals and academia will share and cover a wide range of topics including the new research, industry trends, tools, latest issues, risk and compliance within information security.

Attendees will have the opportunity to learn about the latest topics on social engineering, vulnerabilities and security research on infrastructure, data centers, cloud computing, mobile devices and web apps during discover research, round tables, expert panels and Q and A's.

Keynote Round Table Day 1

Discussion from top security experts on topics like: how to stay positive in the current virtual workplace, how in demand are cyber security jobs, what does the future of cyber security look like, what can someone new do to break into the field. Followed up with a QA from the audience.

Zach Stashis

Moderator, Founder Hack Red Con & Red Seer Security

Charles Shirer

CEO Global Wave Consulting

Katrina Khanta

Cyber Solutions Engineer II

Ed Skoudis

President SANS Institute

War Stories Covert Physical, Wireless, and Red Team Assessments Against Government and Commercial Clients.

Brent White

Covert Entry Specialist

Tim Roberts

Covert Entry Specialist

War Stories Covert Physical, Wireless, and Red Team Assessments Against Government and Commercial Clients.

For each issue, they'll dive into techniques used to trick security guards into handing over access cards, employees allowing keyloggers to be plugged into systems, bypassing expensive access controls into Data Centers, C-Level executives handing over laptops, and MUCH more.

Topic TBD

TBD

Jeff Jarecki

CISO, Volta

In Rust I Trust Using Rust with the Offensive Mindset

Using the Rust programming language during a penetration test the success and failures and what I learned from it.

Charles Shirer

CEO GlobalWave Consulting, Pentester, Senior RedTeamer

Digital Forensics & Incident Response (DFIR) - Mobile Forensics

Katrina Khanta will provide an overview Digital Forensics & Incident Response (DFIR), present her smartphone forensics research, and discuss how you can leverage your current skills to succeed in the Cybersecurity industry. This presentation aims to eliminate self-doubts and inspire the audience to pursue their curiosities through various methods and techniques on how to get started.

Katrina Khanta

Cyber Solutions Engineer II - The Walt Disney Company | M.Sc. Cybersecurity & IT | Sec+ | Pursuing Doctorate of Science in Cybersecurity

AWS IAM Privilege Escalation Redux

You have gained access to an AWS account but lack permissions to complete your objectives. You attempt every privilege escalation path documented online, but none of them are successful. The objectives now seem impossibly distant; your battery is low and it’s getting dark.

This talk will present a set of IAM privilege escalation paths that I have not seen documented online* accompanied by anecdotes of adventures in cloud security. Attendees will learn new tricks for IAM privilege escalation in AWS along with a methodology for evaluating potential priv esc paths.

int eighty (of Dual Core)

int eighty (he/him) is a computer crime enthusiast, and the rapper in Dual Core. Occasional memes and hacking content on Twitter as @int0x80.

Hidden Threat of Social Media - Social Engineering & OSINT

Learn how, terrorists, criminals, and spies, “bad guys” take the seemingly innocuous information your employees post online and use it to compromise your company's network. Specifically, participants will learn how these “bad guys” use this information to create infected e-mails/documents that will compromise your network. In these instances, it does not matter how robust your IT budget is, because the offender has totally bypassed it.

Stacy M. Arruda

FBI - Supervisory Special Agent Retired & Founder & CEO of Arruda Group

Bootstrapping your AppSec program

Bootstrapping your AppSec program. We dive into what I have learned from being apart of growing AppSec programs with companies like 1Password and Red Canary. We will take a look at secure SDLC, social engineering a culture and leadership that works. Application security is a strange place in InfoSec and I want to make it better and more effective while not hindering business. This talk was a great success at RVAsec this year.

David Girvin

Security Engineer at Red Canary

Spilling the Beans: How to Spot a Bad Pentest

​Ever wondered what the magic is behind a penetration test? Did you receive a pentest report that does not line up with your expectations? Do you want to get more out of your consulting partners or want to know the secret to landing that job at a consulting firm? Come join us as we spill the beans and disclose how the (halal) sausage is made. We will discuss pentesting from the perspective of both the client and the consultant. If you're looking to land a job at a consultancy, this talk is for you too. As we peel the curtain and talk through real-world examples, everyone walks out with the magic sauce.

Qasim Ijaz

Director of Offensive Security

Andrew Clinton

Director of Cyber Security

Malware Research & Reverse Engineering, Elastic Security, Threat Hunter, Detection, SecOps - Talk TBD

TBD (Virtual)

Tennisha Martin

Founder Black Girls Hack, Advisory Board Member RaicesCyberOrg, CEO of BGH Security Corporation

Threat Intelligence, National Security - Real life stories - Talk Topic TBD

TBD

Colin Glover

Cyber Security Advisor. Cybersecurity Infrastructure Security Agency, Department of Homeland Security

Talk about Infosec, Redteam, Pentesting, Cybersecurity, and Offensive Security -

Talk Topic TBD

Tyler Robinson

Managing Director of Offensive Security & Research at Trimarc

The Intersection of Control Systems and Privacy Data, Security. - Talk Topic TBD

TBD

Kelli Tarala

Principal and Founder of Enclave Security, SANS Author and Instructor

Improv Comedy as a Social Engineering Tool

Have you ever gotten an “urgent call about your car warranty” or a demand that “you need to pay the IRS by credit card right now”? Social Engineering is the practice of talking your way into or out of situations, and is often employed by the underhanded, but can also be used to defend against those very attacks.

The rules of improv comedy can apply to many social interactions, including bluffing your way to compromise a target. The constantly changing situations of improv are great practice for accepting unexpected circumstances, and happily going with the flow.

Dave Mattingly was a NASA rocket scientist while also a comedy and punk radio DJ. He led a sci-fi and RPG publishing company, while writing anti-terrorism software for DHS. He’s an itinerant preacher, entrepreneur, award-winning speaker, and occasional improv comic. In short, he doesn’t know what he wants to do when he grows up.

Dave Mattingly

Data Master, Tech Speaker, Entreprenerd, OSINT Wonk, Preacher, Publisher, All-Purpose Geek, 413 Experience on Clubhouse

Red Teaming, Pen Testing, Research

This talk will include what is different about red teaming, how to tie it and upgrade your pentesting, working with blue teams,. how to start a detection and engineering Ops team. Developing your purple team from your red team. Simple tricks to upgrade your red team to a response and readiness team.

Joe Brinkley

Director of Offensive Security Innovation, Research and Advanced Testing at OnDefend

Threat Analysis - Talk TBD

TBD

Klint Walker

Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency, U.S. DHS

Have you tried taking it apart and putting it back together again? An introduction to Hardware Hacking.

With an ever increasing number of gizmos, gadgets, and circuits being produced for widespread consumption, the ability to comprehend the deep mysterious inner workings of electronics is becoming a vital skill set. Get ready to fall down the electron hole as we break down how to break into hacking hardware devices.

Sparkles

Cyber Security Engineer - Red Team at Emerson

Purple Team Talk - TBD

TBD

Alex Kot

AVP of Cyber Security, Aveanna Healthcare

From exploiting my smart-home into controlling thousands of smart-devices around the world - Virtual from Tel Aviv, Isreal

In our scenario, thousands of HDL smart devices could have been exploited & remotely controlled in the wild. 4 unique vulnerabilities have been found and presented here - We show how they can be utilized by a sophisticated attacker to stealth-access smart-devices remotely, change, control and take advantage of their data. Also, we show how a full data-extraction of smart-devices managing accounts: private data and credentials could have been extracted as well. This unique attack scenario demonstrates the high-security impact of deploying IoT devices over any organization, especially when using dedicated IoT hardware and proprietary components which are interconnected and even remotely managed. A coordinated responsible disclosure was done and thankful to HDL responsiveness & approach - All was fixed.

Barak Sternberg

Offensive Security. Founder @ Wild Pointer Hacker-In-Residence, Advisor YL Ventures

How to Rob a Bank Over the Phone

ROBBING A BANK OVER THE PHONE - HOW AN EXPERT SOCIAL ENGINEER CAN CONVINCE YOU TO DO ANYTHING.

In this intense keynote, Joshua brings the audience along for the ride on one of the most advanced social engineering attacks he's ever executed - robbing a bank over the phone.

Joshua Crumbaugh

CEO & Chief Hacking Officer PhishFirewall

Free Training and Labs:

K-8 and 9-12 with Cyber.Org

Hardware Auto CAD = How to create a PCB

Penetration Testing

Social Engineering

Threat Intelligence

Incident Response

Professional Paid 2-Day Training and Labs:

*This course is scheduled for Sept. 7 and 8th. the training course has a 10 person minimum. If classes are not able to meet minimum attendees, we will provide a full 100% refund. The cost for this 2-day course is $1,500.00 per person.

The training at Hack Red will be taught by leading subject matter experts in Offensive Security and Penetration Testing. The emphasis of the training will be Red and Blue Team centric and have an emphasis on teaching the most relevant skill sets, software and devices, content, knowledge being used in the industry today. Our trainings are interactive and hands on so attendees will gain real life experience that can be used in their war chest of resources.​

​Penetration Testing for Network and System Admin with Qasim Ijaz and Jake Nelson

The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to:

1. Perform a comprehensive penetration test against Active Directory environments.

2. Spot a bad penetration test.

We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.

Class Schedule:

Day 1:

What does a good pen test look like?

Pre-assessment activities

Passive and active information gathering

Vulnerability analysis in an Active Directory environment

Exploitation

Day 2

Post exploitation

Lateral movement

Domain privilege escalation

Reporting

A Note to Prospective Students:

An introductory penetration testing class like this will only be beneficial to students who intimately know computer networking and have Windows administration experience. Existing experience with Windows command line, Linux administration, and Active Directory is highly recommended. For example, students should know how a packet traverses from point A to point B on the OSI model, and what HTTP GET and POST requests look like. Students should be comfortable with the Linux command line as our primary attack host will be Linux-based.

Students should bring a laptop capable of running a Kali Linux VM and connecting to a wireless network. A VirtualBox image of customized Kali Linux will be provided. Instructors will not provide support for VMWare, Parallels, Hyper-V, or other virtualization platforms.

Lab connectivity guide and Kali Linux image will be provided to students a week before the class.

Instructor Bios:

Qasim "Q" Ijaz is a Senior Security Consultant at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the "dry" business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.

Jake Nelson is a Security Consultant at Blue Bastion Security. He comes from Linux and Unix administration background. Jake has worked in a variety of industries and has been pentesting for the last 3 years. Teaching students has been a favorite part of his previous jobs and that has resulted in helping to teach clients how to better secure their networks.

Events

To stay true to our roots as off sec hackers, Hack Red Con plans to have next level events at the conference including Live bands and entertainment parties, Hacker Breakfast and competitions with prizes, life time free passes and custom swag for winning the Capture the Flag, Hacker Jeopardy, Lock Pick Challenges and Who's slide is it anyways?.

Where is Hack Red Con located?

Hyatt Regency Louisville, Kentucky

320 W Jefferson St, Louisville, KY 40202

How To Book Hotel Rooms at the Hyatt Regency Louisville

https://www.hyatt.com/en-US/group-booking/SDFRL/G-HRED

Hack Red Con Website:

www.HackRedCon.com

Sponsored by: