Hack Red Con 2024
-
End the Burnout - 3 things your CISO wishes you knew.
Mark Thacker
-
Doors, Cameras, and Mantraps: Oh, my!
Dylan "The Magician" Baklor
-
Registration Opens
Oct. 25
-
Opening Ceremony
Oct. 25
-
Keynote Round Table - Ed Skoudis, Dave Kennedy, Ken Nevers, Amanda Berlin
Oct. 25
-
Securing Derby 150
Jason PaytonOct. 25
-
Intro to Infrastructure Automation for Offensive Security
Alex MartirosyanOct. 25
-
Creating Intelligence From Malware Samples
Jon "Wally" Prather and Jeff SmealOct. 25
-
CISO Roundtable
Oct. 25
-
Reframing the “Success” of an Offensive Test: Taking a Risk-Based Approach
Celina StewartOct. 25
Tom Porter
Tom is a Senior Red Team Operator at FusionX / Accenture and has spent the last decade consulting with Fortune 100 organizations as an offensive security practitioner. He has spoken or led trainings at several industry conferences, focusing on advanced tradecraft, building high-performing red teams, mentoring in InfoSec, and attacking cloud platforms. He began his career building DevOps pipelines and crafting detections for a Department of Defense blue team, eventually transitioning to PCI-based penetration testing. Prior to his career in cybersecurity, Tom was a professional baseball player, and he now spends most of his free time throwing baseballs in the backyard with his three young children.
https://www.twitter.com/porterhau5
Colbert Zhu
Colbert Zhu is an offensive security consultant with experience in penetration testing, purple teams, and objective-based adversary simulations. Colbert is also an avid Yankees fan and fond of making Excel spreadsheets for fantasy baseball.
Workshop Description:
As more scrutiny is placed on the endpoint, threat actors are turning to DevOps and CI/CD platforms for initial access, escalation, and lateral movement. This workshop will showcase how these platforms can be used to pivot from on-prem to cloud, from cloud to on-prem, and how to push malicious code through pipelines to obtain additional access or establish persistence.
Attendees will get hands-on and perform field-tested, OPSEC-conscious techniques against full CI/CD pipelines. Come add TTPs to your toolkit and see why DevOps is the target-rich environment modern adversaries are looking to exploit.
