Actions Panel
Hack Red Con
Hack Red Con 2022 is a Cyber Security Conference, Training and Networking.
When and where
Date and time
Location
Hyatt Regency Louisville 320 West Jefferson Street Louisville, KY 40202
Map and directions
How to get there
Refund Policy
About this event
Hack Red Con Overview
Hack Red Con is Sept 7 - Sept 11 2022 is a Cyber Security Conference, Training and Networking 4 day event with an emphasis on Red/Blue Teaming, Pen Testing, Social Engineering, and all aspects of Off Sec.
The Conference aims to connect Cyber Security Experts , Companies, Educators, Influencers, Investors, Entrepreneurs and Federal, State, Local Government Agencies together.
This 4 day event will have 2 intense training (Sept 7 and 8) days of the latest in Off Sec Education by the industries top hackers and industry experts. The following 2 conference days (Sept 9 and 10) will include world class key note speakers, industry talks, roundtables, events including Hack the Flag, Jeopardy and Kentucky Bourbon, Lock Hack Challenges, Hack Career Meet & Great, Invest in Cyber, and of course the sickest Swag and Gear Giveaways.
Apart from the work, Hack Red Con will have night party events with Local Bourbon Vendors, live major bands and a Block Party outside of the hotel.
If you are in the Off Sec community, you don't want to miss this Bad Ass Event!
What to Expect at Hack Red Con
Talks
Talks at Hack Red Con are at the core of conference. Global influencers, off sec professionals and academia will share and cover a wide range of topics including the new research, industry trends, tools, latest issues, risk and compliance within information security.
Attendees will have the opportunity to learn about the latest topics on social engineering, vulnerabilities and security research on infrastructure, data centers, cloud computing, mobile devices and web apps during discover research, round tables, expert panels and Q and A's.
Keynote Round Table Day 1
Discussion from top security experts on topics like: how to stay positive in the current virtual workplace, how in demand are cyber security jobs, what does the future of cyber security look like, what can someone new do to break into the field. Followed up with a QA from the audience.
Zach Stashis
Moderator, Founder Hack Red Con & Red Seer Security
Charles Shirer
CEO Global Wave Consulting
Katrina Khanta
Cyber Solutions Engineer II
Ed Skoudis
President SANS Institute
War Stories Covert Physical, Wireless, and Red Team Assessments Against Government and Commercial Clients.
Brent White
Covert Entry Specialist
Tim Roberts
Covert Entry Specialist
War Stories Covert Physical, Wireless, and Red Team Assessments Against Government and Commercial Clients.
For each issue, they'll dive into techniques used to trick security guards into handing over access cards, employees allowing keyloggers to be plugged into systems, bypassing expensive access controls into Data Centers, C-Level executives handing over laptops, and MUCH more.
Topic TBD
TBD
Jeff Jarecki
CISO, Volta
In Rust I Trust Using Rust with the Offensive Mindset
Using the Rust programming language during a penetration test the success and failures and what I learned from it.
Charles Shirer
CEO GlobalWave Consulting, Pentester, Senior RedTeamer
Digital Forensics & Incident Response (DFIR) - Mobile Forensics
Katrina Khanta will provide an overview Digital Forensics & Incident Response (DFIR), present her smartphone forensics research, and discuss how you can leverage your current skills to succeed in the Cybersecurity industry. This presentation aims to eliminate self-doubts and inspire the audience to pursue their curiosities through various methods and techniques on how to get started.
Katrina Khanta
Cyber Solutions Engineer II - The Walt Disney Company | M.Sc. Cybersecurity & IT | Sec+ | Pursuing Doctorate of Science in Cybersecurity
AWS IAM Privilege Escalation Redux
You have gained access to an AWS account but lack permissions to complete your objectives. You attempt every privilege escalation path documented online, but none of them are successful. The objectives now seem impossibly distant; your battery is low and it’s getting dark.
This talk will present a set of IAM privilege escalation paths that I have not seen documented online* accompanied by anecdotes of adventures in cloud security. Attendees will learn new tricks for IAM privilege escalation in AWS along with a methodology for evaluating potential priv esc paths.
int eighty (of Dual Core)
int eighty (he/him) is a computer crime enthusiast, and the rapper in Dual Core. Occasional memes and hacking content on Twitter as @int0x80.
Hidden Threat of Social Media - Social Engineering & OSINT
Learn how, terrorists, criminals, and spies, “bad guys” take the seemingly innocuous information your employees post online and use it to compromise your company's network. Specifically, participants will learn how these “bad guys” use this information to create infected e-mails/documents that will compromise your network. In these instances, it does not matter how robust your IT budget is, because the offender has totally bypassed it.
Stacy M. Arruda
FBI - Supervisory Special Agent Retired & Founder & CEO of Arruda Group
Bootstrapping your AppSec program
Bootstrapping your AppSec program. We dive into what I have learned from being apart of growing AppSec programs with companies like 1Password and Red Canary. We will take a look at secure SDLC, social engineering a culture and leadership that works. Application security is a strange place in InfoSec and I want to make it better and more effective while not hindering business. This talk was a great success at RVAsec this year.
David Girvin
Security Engineer at Red Canary
Spilling the Beans: How to Spot a Bad Pentest
Ever wondered what the magic is behind a penetration test? Did you receive a pentest report that does not line up with your expectations? Do you want to get more out of your consulting partners or want to know the secret to landing that job at a consulting firm? Come join us as we spill the beans and disclose how the (halal) sausage is made. We will discuss pentesting from the perspective of both the client and the consultant. If you're looking to land a job at a consultancy, this talk is for you too. As we peel the curtain and talk through real-world examples, everyone walks out with the magic sauce.
Qasim Ijaz
Director of Offensive Security
Andrew Clinton
Director of Cyber Security
Malware Research & Reverse Engineering, Elastic Security, Threat Hunter, Detection, SecOps - Talk TBD
TBD (Virtual)
Tennisha Martin
Founder Black Girls Hack, Advisory Board Member RaicesCyberOrg, CEO of BGH Security Corporation
Threat Intelligence, National Security - Real life stories - Talk Topic TBD
TBD
Colin Glover
Cyber Security Advisor. Cybersecurity Infrastructure Security Agency, Department of Homeland Security
Talk about Infosec, Redteam, Pentesting, Cybersecurity, and Offensive Security -
Talk Topic TBD
Tyler Robinson
Managing Director of Offensive Security & Research at Trimarc
The Intersection of Control Systems and Privacy Data, Security. - Talk Topic TBD
TBD
Kelli Tarala
Principal and Founder of Enclave Security, SANS Author and Instructor
Improv Comedy as a Social Engineering Tool
Have you ever gotten an “urgent call about your car warranty” or a demand that “you need to pay the IRS by credit card right now”? Social Engineering is the practice of talking your way into or out of situations, and is often employed by the underhanded, but can also be used to defend against those very attacks.
The rules of improv comedy can apply to many social interactions, including bluffing your way to compromise a target. The constantly changing situations of improv are great practice for accepting unexpected circumstances, and happily going with the flow.
Dave Mattingly was a NASA rocket scientist while also a comedy and punk radio DJ. He led a sci-fi and RPG publishing company, while writing anti-terrorism software for DHS. He’s an itinerant preacher, entrepreneur, award-winning speaker, and occasional improv comic. In short, he doesn’t know what he wants to do when he grows up.
Dave Mattingly
Data Master, Tech Speaker, Entreprenerd, OSINT Wonk, Preacher, Publisher, All-Purpose Geek, 413 Experience on Clubhouse
Red Teaming, Pen Testing, Research
This talk will include what is different about red teaming, how to tie it and upgrade your pentesting, working with blue teams,. how to start a detection and engineering Ops team. Developing your purple team from your red team. Simple tricks to upgrade your red team to a response and readiness team.
Joe Brinkley
Director of Offensive Security Innovation, Research and Advanced Testing at OnDefend
Threat Analysis - Talk TBD
TBD
Klint Walker
Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency, U.S. DHS
Have you tried taking it apart and putting it back together again? An introduction to Hardware Hacking.
With an ever increasing number of gizmos, gadgets, and circuits being produced for widespread consumption, the ability to comprehend the deep mysterious inner workings of electronics is becoming a vital skill set. Get ready to fall down the electron hole as we break down how to break into hacking hardware devices.
Sparkles
Cyber Security Engineer - Red Team at Emerson
Purple Team Talk - TBD
TBD
Alex Kot
AVP of Cyber Security, Aveanna Healthcare
From exploiting my smart-home into controlling thousands of smart-devices around the world - Virtual from Tel Aviv, Isreal
In our scenario, thousands of HDL smart devices could have been exploited & remotely controlled in the wild. 4 unique vulnerabilities have been found and presented here - We show how they can be utilized by a sophisticated attacker to stealth-access smart-devices remotely, change, control and take advantage of their data. Also, we show how a full data-extraction of smart-devices managing accounts: private data and credentials could have been extracted as well. This unique attack scenario demonstrates the high-security impact of deploying IoT devices over any organization, especially when using dedicated IoT hardware and proprietary components which are interconnected and even remotely managed. A coordinated responsible disclosure was done and thankful to HDL responsiveness & approach - All was fixed.
Barak Sternberg
Offensive Security. Founder @ Wild Pointer Hacker-In-Residence, Advisor YL Ventures
How to Rob a Bank Over the Phone
ROBBING A BANK OVER THE PHONE - HOW AN EXPERT SOCIAL ENGINEER CAN CONVINCE YOU TO DO ANYTHING.
In this intense keynote, Joshua brings the audience along for the ride on one of the most advanced social engineering attacks he's ever executed - robbing a bank over the phone.
Joshua Crumbaugh
CEO & Chief Hacking Officer PhishFirewall
Free Training and Labs:
K-8 and 9-12 with Cyber.Org
Hardware Auto CAD = How to create a PCB
Penetration Testing
Social Engineering
Threat Intelligence
Incident Response
Professional Paid 2-Day Training and Labs:
*This course is scheduled for Sept. 7 and 8th. the training course has a 10 person minimum. If classes are not able to meet minimum attendees, we will provide a full 100% refund. The cost for this 2-day course is $1,500.00 per person.
The training at Hack Red will be taught by leading subject matter experts in Offensive Security and Penetration Testing. The emphasis of the training will be Red and Blue Team centric and have an emphasis on teaching the most relevant skill sets, software and devices, content, knowledge being used in the industry today. Our trainings are interactive and hands on so attendees will gain real life experience that can be used in their war chest of resources.
Penetration Testing for Network and System Admin with Qasim Ijaz and Jake Nelson
The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to:
1. Perform a comprehensive penetration test against Active Directory environments.
2. Spot a bad penetration test.
We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.
Class Schedule:
Day 1:
What does a good pen test look like?
Pre-assessment activities
Passive and active information gathering
Vulnerability analysis in an Active Directory environment
Exploitation
Day 2
Post exploitation
Lateral movement
Domain privilege escalation
Reporting
A Note to Prospective Students:
An introductory penetration testing class like this will only be beneficial to students who intimately know computer networking and have Windows administration experience. Existing experience with Windows command line, Linux administration, and Active Directory is highly recommended. For example, students should know how a packet traverses from point A to point B on the OSI model, and what HTTP GET and POST requests look like. Students should be comfortable with the Linux command line as our primary attack host will be Linux-based.
Students should bring a laptop capable of running a Kali Linux VM and connecting to a wireless network. A VirtualBox image of customized Kali Linux will be provided. Instructors will not provide support for VMWare, Parallels, Hyper-V, or other virtualization platforms.
Lab connectivity guide and Kali Linux image will be provided to students a week before the class.
Instructor Bios:
Qasim "Q" Ijaz is a Senior Security Consultant at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the "dry" business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.
Jake Nelson is a Security Consultant at Blue Bastion Security. He comes from Linux and Unix administration background. Jake has worked in a variety of industries and has been pentesting for the last 3 years. Teaching students has been a favorite part of his previous jobs and that has resulted in helping to teach clients how to better secure their networks.
Events
To stay true to our roots as off sec hackers, Hack Red Con plans to have next level events at the conference including Live bands and entertainment parties, Hacker Breakfast and competitions with prizes, life time free passes and custom swag for winning the Capture the Flag, Hacker Jeopardy, Lock Pick Challenges and Who's slide is it anyways?.
Where is Hack Red Con located?
Hyatt Regency Louisville, Kentucky
320 W Jefferson St, Louisville, KY 40202
How To Book Hotel Rooms at the Hyatt Regency Louisville
https://www.hyatt.com/en-US/group-booking/SDFRL/G-HRED
Hack Red Con Website:
www.HackRedCon.com