 Hello everybody, thank you and welcome back. So with me I actually have a few of my colleagues and colleagues from the retina village. First of all is Savannah, live from Vegas, and Barrett, and also this thing, or Danielle. She is actually handling most of the Discord operations for us and has been instrumental not only doing yesterday but throughout the life of the retina village. So thank you, thank you for your support. So with that I'll pass it to Barrett to do the first announcements of today. Sure, we are finishing up the qualifiers. We ran that for a bit yesterday, a lot of high scores, I think that AI generated was in the lead. We're going to get the scoreboard up here in a sec. In about 13 minutes we're going to open it back up for two hours, we have a few more challenges to throw up there, and then unlike in the previous year, we're going to go ahead and close out qualifiers right in the middle of the day here and then transition into finals and announce who made the cut. Yeah, no we're looking forward to everyone competing in the finals, so we'll be the top 20 teams and they're the ones that will go on to compete today. We definitely want to ask, so when we make that transition to finals, if you have anybody, if you're in the top 20 teams, if anybody on site, come down to the contest area at DEF CON and meet up with us so that we can make sure that we get some face-to-face interaction, we can assign a face to all the different usernames we keep track of, and we have some swag to give out, we want to thank our sponsors for really making this possible. We've got a lot of things to help educate the folks who follow the Red Team Village. Today we've got quite a few interviews, we're just going to talk about some different Red Teaming things, talk about how to get into Red Teaming, and we've got a full schedule today. Yeah, no, we're looking forward to everyone joining today to see all the interviews that we're doing, so you can see the schedule right there that Omar is sharing, so we have a few interviews that we're going to be doing today. Awesome, and then Danielle, if you don't mind actually giving us a little bit behind the scenes of what's actually happening in Discord, what are some of the top questions that you're getting and a lot of the activity there? Sure, yeah, so I want to throw out a reminder that all the communication about this ETF needs to happen on the official DEF CON Discord, and that's going to be in the CE-RedTeam-CTF-Text channel, and if you don't see that, make sure you go into the Rolls channel and subscribe to the Contest and Events emoji there. When you click that, you'll see a bunch of new channels open up for the Contest and Events, and you'll find our channel there. So to reduce the clutter in the official Discord this year, they've made it so you can sign up for particular pieces, so you're not constantly getting inundated with alerts. So all the questions are going to be flowing in there from the participants. Shout out to Johnny C. and a couple of the other RTB folks that we've got keeping a watch in there, helping some of the newer people. They're always instrumental in walking through some people who have never done a CTF through a lot of the intro, some of the trainer boxes getting you started. Our CTF is very new and friendly, so if you've never done one, don't be intimidated, jump on in. There's plenty of things that you can do. Yeah, we encourage you to ask questions. If you're actually competing for one of the top spots, may not get the hints that you're wanting. Remember to try harder, but we encourage you to participate and we look forward to hearing from you. Awesome. Thank you so much. And back to Barrett, when are we expecting to have the new challenges open? You mentioned in 10 minutes or so? 10 minutes, 10 minutes. We're going to open a new challenges. We're going to get the qualifiers back up. So anything that you were working on yesterday, you can pick up today. I also want to put a plug out for what we did yesterday and today with some of the giveaways. We gave away three AWAE test attempts, as well as 60 days of lab. Today, we're giving away three OSCPs. Thanks for thanks to Offset for that. The way we're going to do it is we're going to put a link on this stream that'll take you to a survey and then we'll do a random drawing. We also have a sans course for the first place finalist tomorrow, as well as three OSCP certification attempts with 60 days of lab. So stay tuned. We've got a lot of stuff to give out. Please help take this off our hands and and just watch the stream to know when to enter. Awesome. And once again, thank you to all our sponsors. I'm actually just sharing them real quick in here without you. Has, you know, this event will not be possible, especially yesterday, you know, giving away those three big courses. And I had a lot of follow-ups from the winners yesterday. So they are also saying, you know, thank you. And it was a really cool thing that we actually had a video from one of the official people from Offensive Security. So Savannah, can you tell me more about her? Yes. So we had, she had come up to our booth at DEF CON in person. She's just one of the co-authors of the course. So she recorded a video with us. I think Omar shared it on social media and then also on the stream yesterday. So she's awesome and really cool. And we're looking forward to having her around this week. Awesome. And thank you to Offensive Security for that. And with that, let's go in a quick break. And then we'll come back with a couple of members from our team to to do some of the interviews coming up, especially Matt. Tyler's is actually coming in the next few minutes. So let's take a quick break and we'll be right back. What's up, Red Teamers? What's up, DEF CON? It's your favorite fake, brilliant billionaire investor. My little birdies, cheap, cheap, cheap, cheap, cheap, cheap, cheap, cheap. I like cheap things. That's why I'm rich. They let me know that Lunar Fire is under fire. But that is a Trescomas company. And that's got so much smart shit in it. And so it's unhackable. Or is it? No, it isn't. Not even you, boy and girl geniuses can do it. You would have to be the human equivalents of cars with doors that open like this or like this. Are you? Can you? Will you? Don't. Right. We're back live. So back to you, Savannah. Hi, everyone. So we are releasing a more challenge for the Qols right now. So we have until 12 p.m. Pacific time. And then once that ends, we'll choose the top 20 teams that will go on to the finals and then I'll pass over to Barrett once to add anything else. Yeah, looking at the scoreboard is a lot of fun. Checking out some of the teams we've seen before in other events we've held. This is truly worldwide. It's great that we can do this live right now. You know, we can interact with some of the students on the floor. But we know these teams are all over. We got folks from Poland all over Europe. We know that there's a there's a couple of teams from Africa. A lot of teams from South America. And so it's it's really great that even with the current situation and international international travel being a stunt to that, we can still kind of get together and, you know, kind of playing an event like this and meet up with some folks. I think it's been I think it's been fairly challenging. Some of the challenges that we have. We try to do a wide breadth of different things. I want to make sure there's a lot of a lot of web content out there. We've got a few Ponebles, you know, some some forensics, a couple of things from the blue team perspective going through some packet captures. And we will we'll we'll go on in a little bit with our with our first interview will take a break. We would love some feedback from every player out there. So there is going to be a survey link. We can't do a cheesy thing where you get points for filling out the survey. That is that is an opportunity for us to always improve what we do. So please take the time to to go to that survey. Give some really good feedback if there's anything about a certain challenge that that you thought was was confusing. That always helps us revisit the way that we're presenting the questions and presenting challenges, anything you want to see in the future. I had someone reach out and said, hey, I'd really like to see more Android apps that we can attack. We've done those in the past. I don't think we had any in calls this time, but that's the kind of feedback that that feedback that really guides our next CTO. All right, perfect. And throughout the day, we're going to be making a lot of more announcements for giveaways, as Barrett mentioned before. I'm going to take a quick break, but a few things that I want to highlight as Danielle mentioned, all communications is actually happening in the DEF CON Discord server. In the bottom of your screen, you actually see the actual channel that we're congregating on. And then the second thing you see the schedule link, which is redtonvillage.io slash schedule and the scoreboard is also very easy. Just our website slash scoreboard. So that will take you to the scoreboard that you will just watch or just watch a few minutes ago. So once again, the qualifiers part two is actually now live and we see AI generated still on the top, but that may change. So stay tuned. We're going to go in a quick break now with the red team village. And I'm here today with Ryan Dory and Matt Eidelberg from Optif. Thank you so much for being here today. And I want to thank Optif for being a sponsor for the red team village CTF this year. Your support really helps. And it goes a long way at allowing us to provide a big event, both in person and virtually. Can you tell me a little bit more about Optif? Yeah, absolutely. So to put it very simply, Optif is a pure play cybersecurity partner. And what does that mean? We aim to do security, all security all the time, right? We can help in ways of advisory deployment and even manage operations, right? So ultimately, our goal is very simply to help organize the organizations realize a more effective security program and posture. And for both of you specifically, what do you do at Optif? So I'm a senior director inside of Threat Management, which is a large umbrella, but I specifically have the privilege of leading our Attack and Pen team. So my focus is on the direction of success of that team. And I achieve this largely by enabling the great folks around me, such as Mr. Eidelberg here. Attack and Pen, my primary role is leading the adversarial simulation services. This is our branch that focuses primarily on red and purple team operations. My role in there is not only executing these types of engagements, but also focusing on helping to innovate the team and grow more operators to perform these types of engagements. All right. And for that Attack and Pen practice, why do you like working there? Yeah, so for me, first and foremost, it's the close family atmosphere that we have on the team. And what I mean by that is I've been on the team for almost nine years now. I've been in Attack and Pen the entire time, and I'm not alone in that. There's several other individuals on the team that have been here for a single amount of time, such as Matt himself. So what that yield is a really good dynamic of folks to work well together while we simultaneously pursue our passion of offensive security. And just to add onto that, I would say in a single word, the community. The team itself honestly strives constantly to push the boundaries, to teach each other new things, whether or not it's failures from previous engagements to help educate for future tests or even success stories. It's all about sharing and kind of bolstering each other and through knowledge sharing. Absolutely. And a plug for that, that giving back to the community aspect. I was on your GitHub the other day and I was looking at the Scarecrow and I know I've got that on my list to do a deep dive on after DEFCON. Love the fact that a lot of big players in information security share that research, share that tooling that they create. Yep, that's what we strive to do here. And for your team, what types of people work there? What are their backgrounds? So it's a good variety of backgrounds, right? So we have folks from being a good part of us being veterans to business-minded folks, to engineering folks, et cetera, right? But like I mentioned earlier, there's the ultimate commonality, right? A shared objective of offensive and passion for offensive security testing. And then what we qualify that success really is helping leave our clients better than we found them at the end of the day. And of course, you know, folks have a very specific or can have a specific subset of interest inside the team. That could be IOT to embedded, to wireless, to low-level Windows stuff, to evasion, et cetera, right? So there's definitely some sub-pockets for people to really go a mile deep on. Great. And with such a diverse group, what makes somebody a success in A&P? So aside from technical acumen, which obviously is held, you know, it's an important quality on this specific role, right? Is the ability to show ownership and leadership and give back to the team? Really, you know, owning a specific service or an offering, helping others, mentoring, et cetera, we hold that in incredibly high value. And then, as we mentioned earlier with regard to like Source Zero and Scarecrow, right, is the public thought leadership to help the team immediately and then also give back to the community as well. Yep. And just to add on to that, I would say the eagerness to learn and improve your tradecraft. Honestly, the ones we see that excel the most are the ones that not only focus on themselves, but also make sure that they help their fellow teammates or coworkers, whether or not they're struggling with something or helping to help them also pursue and grow their talents. Those are the ones that I see often have a big success here. That's great. Absolutely. I mean, this is this is a team sport doing what we do. Yeah. For the for the Red Team Village, one thing that we really love to do is offer a lot of environments for training. We do workshops. We participate in a lot of different cons. And one thing you know, we want to do is bring as many people into this community as possible. And so I'd like to ask for both you, you know, what is your advice for people who are interested in cybersecurity as a profession? Yeah, absolutely. So I mean, I'll speak to the path that I took to get here. And I think it holds true to the question, right? But I think it's very important and imperative for folks to have a deep foundational understanding as to how things work, right? So what I mean by that is how does active directory work? How does networking function? How can you manipulate these things to maybe work outside the bounds it was intended to, right? So that can apply to even development, web applications, etc. Oftentimes, I get asked by people that are a bit younger in state and college or whatever, and they're like, hey, should I take this security class and become a pen tester? Well, I would really encourage folks to get a lot of those more foundational understandings to how things work before they move to the stage of trying to, you know, move to the adversarial emulation types part. Yeah, and I would just add to not just focus when you're learning on red team tactics, it's incredibly valuable in the current landscape to focus on both blue and red team. Having that ability to speak both can really augment your skill set. And, you know, this is very much a cat and mouse game-based industry, and just knowing both sides, their playbooks can really help you understand the strength and weaknesses of both sides. So when you're coming up against a red team or a blue team, you know what they are great at and what their weaknesses are to really help plan out those attacks or even your knowledge set to improve on. Those, that is phenomenal advice. This industry is a challenge because there's so much breath and depth that you can take, not to mention that it's evolving every single day. It's impossible to keep up. So you've got to have that thirst for knowledge. And without that foundation, it is quite difficult. I mean, you might throw that exploit and get that, get that shell back. But then the question is, what do you do next? Right? And so great advice. I want to thank both of you for being here today. Thank you again for the sponsorship, looking forward to meeting you in person, and also with Defconn right around the corner, you know, looking to engage with old friends and make some new ones. So thank you again. Absolutely. Thank you for the opportunity. And we're looking forward to seeing some folks out at Defconn. It's Savannah Alizarra, and I am the co-lead of Red Team Village. And today we have Barrett Darnell and Caitlin O'Neill with us from Bishop Fox. And they're going to be one of our sponsors. And we're really thankful for them being a sponsor for our CTF event at Defconn. And I'll go ahead and let them introduce themselves and we're going to get them to know them a little bit better today. Hi, I'm Caitlin. I'm with Recruitment Team here at Bishop Fox. I came over here about three years ago because of our reputation as one of the largest professional services firms focused on offensive security and security as a service. It's been a wild ride, but part of why I stick around is because I love working with such brilliant people. I love that we go out there and break things, build new things, break more things and always working with the latest technologies to keep people safe. So it was a really exciting opportunity for us to sponsor the Red Team Village Capture the Flag this year at Defconn, where we can't wait to meet people virtually and on site and to hopefully find some new ways to grow our team. Hi, Savannah. Nice to see you. I'm Barry Darnell, managing senior operator at Bishop Fox. I'm part of the continuous attack surface testing team, also known as CAST. Well, we're really excited to have you guys on this call today. And I would say the first question that we kind of want to start off with is kind of seeing what you guys would say is the best part of being a sponsor for an event like this. Well, for Bishop Fox, we're avid participants of the Greater InfoSec community and we feel that sponsorship of conferences and efforts like this provide a real tangible value to the community. This CTF in particular provides a tremendous amount of realistic hands-on experiences for those in the offensive security, particularly Red Teamers. Yeah, no, that's that's awesome. And I mean, I'm sure you know this, Barrett, with so many resources out there. Why do you think kind of sponsoring something like this is so important? Well, for one, this resource is free. So that Barrett of Entry is out of the way. Anybody can participate. Secondly, it's realistic. It mimics real life scenarios that we've seen on our customer engagements. And so it's not very esoteric. It's real tools, real situations you might be in. And it's also beginner friendly. It starts off where everybody can join and get something out of it, but the difficulty ramps up. So there's a lot for experienced Red Teamers to hone their skills on. Awesome. I know we've kind of just talked about the benefits that people who are joining the CTF would get out of it, but can you kind of talk about the benefits Bishop Fox receives out of being a sponsor for the Red Team Village CTF event at Defqon? Yeah, well, you know, first and foremost, we always want to give back to the security community. And this is a great way for us to interact with the hundreds, maybe even thousands of attendees and participants, whether they're there in person or virtually. It's great from where I sit as a recruiter because it gives us a chance to meet new talents, people who we maybe haven't engaged with before. And that's really important, especially as we continue to grow our two new service lines, the continuous, continuous attack service testing team that Ferret is on and our Red Team. Yeah, no, I mean, everybody knows in the security community who Bishop Fox is and I'm sure they would love to know about the recruitment. So I guess what types of people do you guys typically look for for the team? Yeah, so, you know, what we need and what we're hiring for can kind of shift month to month. So in the past, if you engage with us and it wasn't a fit, that might be changing. So, you know, always stay in touch. First and foremost, we look for people who are really passionate about security because that's definitely who we are. And, you know, we're always looking for a diversity of thoughts, a diversity of backgrounds. So, you know, we have a lot of people who came from a pretty traditional career paths, you know, school work, but we definitely have folks who are self taught, who are coming from non-traditional backgrounds. You know, we love our folks from the military as well. So there's a lot of different paths that can lead you to working at Bishop Fox and we're really open to exploring all of them. You know, you can always find me on LinkedIn, Caitlin O'Neill, but you can also engage with Bishop Fox on Twitter. We have an awesome social media gal. We have a really fun Twitter account. We're going to be on site in Las Vegas and we're going to be using Twitter to kind of help people find us and also find us for some cool giveaways as well. So definitely check us out there. Yeah, no, it's awesome. I'm sure everyone's looking forward to kind of seeing Bishop Fox ads. I've gone. Did you guys have anything else that you kind of wanted to mention on this call before we end it today? Yeah, I mean, I'm lucky. I just get to show up as a recruiter and a sponsor. I know that all of you guys with the CTF have done so much work. So, you know, thank you for everything you did. I'm really excited to see it all come together and thanks to the Red Team Village for this opportunity. We're really excited to meet everyone. And I just want to say, you know, after months of being on lockdown, I think everyone's itching to get out. This might be the first in person conference for a lot of people. And if you haven't registered yet for Defcon, I highly recommend it. The staff at Defcon is really going above and beyond to make sure that it's a safe environment for all attendees, especially with, you know, the the the latest developments. And so vaccinations will be required and so will mask for everybody at that conference. And so I think it'll be a pretty safe event. We're looking forward to seeing old friends and making new ones. So we hope to see everybody at Defcon this year. Yeah, no, I'm really excited for the event as well. So thank you guys so much for hopping on the call today. And thank you again for Bishop Fox being a sponsor. And we just really appreciate all the help. Thank you, Savannah. Thank you, Savannah. Appreciate it. Knock knock who's there this guy? What's up Red Teamers? What's up Defcon? It's your favorite fake brilliant billionaire investor. My little birdies cheap, cheap, cheap, cheap, cheap, cheap, cheap, cheap, cheap, cheap, cheap. I like cheap things. That's why I'm rich. They let me know that Lunar Fire is under fire. But that is a Trace Gomez company. And that's got so much smart shit in it. And so it's unhackable. Or is it? No, it isn't. Not even you. Boy and girl geniuses can do it. You would have to be the human equivalents of cars with doors that open like this or like this. Are you? Can you? Will you? Don't. Hello, everyone. I'm Barry Darnell from the Red Team Village. And today we are here with Omar Santos from the Red Team Village as well as our guest Ipsac from Hack the Box. Hey guys, what's going on? Ipsac, Hack the Box has been a longtime supporter of the village. Can you tell me more about the company? Yeah, Hack the Box is a hands-on security training platform and our main goal is to make good training readily available to anyone in the world. If you're new to a topic or just the field in general, we have Hack the Box Academy. And it's a guided learning experience, which just means we have written material in hands-on labs. And again, when building this, accessibility was a number one desire. So we created the Pone Box, which allows you to have a whole operating system in your browser. So the machine you're doing this learning on doesn't even have to be powerful. You can do it on like a Chromebook. If for some reason you want to do it on a phone, you can. I wouldn't recommend that. But everything's done within a web browser. If you want to bring your own OS, we also provide a VPN pack for you so you can join your OS to the VPN and go on learning. In addition to the academy, we have unguided learning, which is what we're most famous for. This is the weekly challenges machines or entire like networks we put out on the platform and that we ask people not to publicly talk about these challenges until they retire, which is typically 20 weeks. This is my favorite and what I credit most of my success to because it really enforces building good social relationships that not only help get you the help when you need it, but also when teaching it often validates your understanding of it and it's proven to help memory retention. So I have a lot of friends in my social network that include Barry. I met him through another friend who met him at DerbyCon, which is a similar event of Red Team Village. And the funny thing is both my other friend Kyle and Barry all lived within like 30 miles of each other, but we met like hundreds of miles away. So definitely like important to go view and travel and experience the community because you'll never know who you find and how close people may be. It's a small world. Absolutely. I think we've all been cooped up these last few months here. I think a lot of people are excited to go in person to Las Vegas to attend DEF CON. And so we're really excited to see some of our old friends and make some new ones. Speaking of that community, Hack The Box is a very vibrant community both on their Discord as well as all over Twitter. Can you tell me a little bit more about the people behind Hack The Box? Maybe some projects that you might be working on? Yeah, we have a innovation team that's designed at like pushing what we think is the limit. So typically most of our stuff is either a doctor or a VM or image. And the innovation team is looking into Google Cloud, AWS and Azure to provide a pro lab called BlackSky, which is just based upon those types of features. So if you want to exploit IAM or do a lot of those unique cloud things, BlackSky Lab is going to be that. We also have, as you said, the Discord community. We have Roadrunner who runs that and they help provide a lot of good support and just learning to anyone. In addition to a bunch of CTFs, I think we run the CTF like every other month or something. It's insane. Well, talking about the CTF and talking about all the activities, you know, throughout the years, you guys have supported the Red Team Village tremendously. So first of all, thank you and thank you, Hack the Box. So one of, I got a couple of questions, right? So one of the questions is, you know, what will you say that is the best part about sponsoring community efforts like the Red Team Village CTF this year? I mean, obviously it helps the community grow and most of my like relationships, I can credit almost all my professional success as to leaching off my friend's knowledge because no one can know everything. And I can't speak for anyone at Hack the Box, but I know a bunch of my friends at Hack the Box are super excited to play a CTF built by other people. And we've played the Red Team Village CTF for quite a while. I vaguely remember one, I think two years ago, that involved exploiting a printer, which was new to all of us. We're all like big, binary exploit people, and then through a different architecture at us that we never really experimented with. And it was just a lot of fun to play. So super excited to sponsor an event that we can participate in and learn new things to hopefully put out on our platform in the future. Thank you. Appreciate that. I think that you're hitting my next question, which is why do you think sponsoring the Red Team Village CTF is so important for the community? Yeah. Number one, it's important to, like, with COVID and all, we want to increase our socialization and everything. We've been all cooped up. And the Red Team Village incorporates all of Hack the Box's things. The main thing was being accessible. If you can't travel, you can do it online and form a team. And additionally, if you want, it's available for the high cost of zero dollars, which aligns with kind of our methodology and what we want. All our machines are available for free for a time and then once they retire, then you have to pay a small fee to gain access to it because hosting 150 images permanently would just be expensive. You can't do that for free. Additionally, I believe InfoSec is a unique profession where team building activities have immeasurable impact. If you look at the non- InfoSec teams, they still do team building activities. Like, you have that gimmicky trust fall and escape room, et cetera. And they're doing them just to help build that social bond between co-workers. So you know it's valuable since that's the only thing they care about. In the InfoSec world, we have CTFs. That is just like that on steroids. It has all that same social bonding benefits. Like I mentioned earlier, I play CTFs with Barry. I've played CTFs with OXDF, Mr. Ben, John Hammond, a bunch of people. I just have a lot of fun with playing these CTFs along with co-workers. And in addition to that social bond that you build, it also gives you a lot of techniques that you may be able to immediately provide your work value because you're joining hands with a bunch of other companies to learn things. It wouldn't surprise me if you do the CTF and then find something you can immediately turn around to do on your job. I remember doing almost any pro-lab. I'll use after as an example where the foothold involves exploiting Splunk. And I had a pen test that I kept missing this vector on because I just didn't know it and Mr. Ben put it in that pro-lab. So when I did that, it was just like an eye-opening thing of, oh, God, what have I been missing? So definitely the big social aspect is huge here. Awesome. And I couldn't agree more and once again, thank you. I have one more last question when it's around the benefits that your team actually will receive by participating at the Red Team Village CTF this year. Yeah, Hack the Box and Red Team Village are almost anonymous and what we provide and our methodologies. So the only unfortunate thing is the Red Team Village CTF is a yearly thing where Hack the Box produces new things on a weekly basis. It's probably not to this scale that Red Team Village will be doing just because it's constant. But if you're itching to do more after doing the CTF, definitely check out the platform if you haven't and go over to Hack the Box because I'm sure you'll love the challenges we put on the site. Awesome. So once again, thank you so much for supporting us. Thank you, Hack the Box for sponsoring the Red Team Village. And I hope to see you at DEF CON. Yeah, take care. All right. We're back live. So with me, I have a few more guests and Savannah, what I'm going to do is I'm going to pass it back to you so you can introduce our guests. Okay. Hi, everyone. My name is Savannah and today we have Matthew Adelberg and also Milos and then Jean as well. So we're going to be doing a Red Team interview today. We're going to be asking a few questions to them. Very casual. So I can go ahead and get started if everybody is ready. Yeah, sure. Okay. So I guess I'll start with Matt first and then I'll have Milos and then Jean go next to kind of like answer the question to give some background. But I guess how did you get started in your career, Matt? So I was a help desk analyst that was solely trying to move up towards IT and everything like that. I had a bit of a background in security based from college. And ironically at the time when I was transitioning the company was working for some ransomware and because very few people had a bit of a background on that. I was kind of tasked and realized things are going on and just started doing mitigation and everything like that. And then it was like this layer effect of as we were pulling things apart like we didn't have an IR procedure or anything like that. Basic things and I started having these conversations with people way, way above my pay grade that we need to have this stuff. And the kind of thing was like, oh, you sound smart but you sound like you're doing some support there. And then eventually as I was learning more and more I felt like, you know, the, you know, the policy based sort of things that I was used to reading out of a textbook in college wasn't really the thing I really like, like, you know, the CTFs that we used to do and all the hands on stuff. So I really started getting into looking at pentesting now. There was no, there was no like free service back then. Everything was vulnerable images or anything like that. It's really practice. So in my evenings stuff I was teaching myself real life practical cases using those vulnerable ISOs SQL injection or anything like that. And then eventually I got my offer an offer to go work for my first pentesting firm, a consulting firm up here in Canada. And at that point I just, you know, kind of went from there to meeting a bunch of people, local people where we were all kind of focused on, you know, growing our skill trade and, you know, we all studied together and we eventually did the OACP. And at that point we just kept on going and going. That's how I got started is a very long-winded way of going. That's awesome. I'll go ahead and pass it over to Milos now. Sure. Thanks so much. And hopefully folks can hear me. Okay. I'll apologize for having to take this call unfortunately. So security for me was always kind of a passion. I almost went into physics and then I met with the head professor of physics who steered me into another another career direction if I kind of wanted to look at something that was relatively profitable but I really was kind of interested in security in my early teens. Kind of a lot of people, you know, I just missed the BBS era so it was a lot of kind of like finding like websites, finding IRC servers, hanging out with people and I just kind of started building out my knowledge that that way. I ended up doing in undergrad information security as well which I did here locally in Canada which was really good to reinforce my capabilities and to kind of put myself on the map and started working kind of full-time in the industry as I was still finishing my undergrad and the rest is history just kind of getting more and more into the security space always had a passion for offense. Here we are today. Jean, do you want to go ahead and let's go back to the talk. Sure. So it all started for me basically when I was leaving school I got hired in a Bouchin service provider and I started out as a system engineer so yeah basically I did networking stuff but my primary duty basically was accepting tickets so it was also kind of a service desk role but I got quite tedious for me and it was a lot of repetition as well which I started noticing as time went on so I started automating a lot of stuff in my job because well you see the same things coming over and over again and you start making them automatically so you do save time which gave me two options either do nothing all day get paid and be happy and just move on with my life or level of my own skills and that's what I did so I already had that system engineering background and I started learning about pen testing and network attacks and then basically I got hired by a consulting firm here in Belgium called and because I was already able to do the network infrastructure engagements based on my experience so I started as a network pen tester basically so I could blouse bloodhound and just scan networks for exploits and start pruning stuff but then as time went on and customers got more and more mature I started going and transitioning into red teaming and purple teaming as well so just how it went for me that's awesome and then I guess it would be I'll have Matt go ahead and introduce myself and then Milos and then Jean next to kind of give everyone an idea of where you guys are at now versus how you kind of got started Sure so my name is Matthew Adelberg I am a technical manager at Optiv my primary role is leading our red and purple team under the advisory services in this role I not only just leading and executing on projects but also innovating and research and that is a big part of the role the culture that I try to kind of instill is to not just do these crazy gigs but also kind of give back to communities the articling research anything like that I'm going to turn it over to Milos now to introduce himself Hey folks my name is Milos Zaninovich I am currently the director of the adversary emulation threat hunting as a dedicated digital development team so responsible for red team a threat hunting team as well as the digital development team that develops custom solutions for our cyber analytics team which is largely grounded in machinery and data science as well as our threat hunting and adversary Yeah so my name is Shalfraswa yeah basically I'm the technical red team lead at Inviso which means that I'm not doing the business side of things but I'm more of the guy that does the malware development and do the buy versus builds kind of thing to figure out whether or not we should help ourselves so yeah I lead red teams from a technical point of view and I'm also a sans instructor so I also teach a sans course 699 which is the purple teaming one so yeah that's a bit about me Yeah those are awesome jobs the next question that I have for you guys is to kind of see what kind of tools you guys like the most in your tool set so what are your goals on any engagements you guys are doing with those lines I'll pass it to Matt Thank you so as much as I like to say I have a tool set and stuff I really do try to keep a mindset of there's no such thing as a one tool that fits every solution every time you go up against any type of environment or situation you're always going to have to be very fluid so the ones that with that in that mind the ones that I normally go to obviously a default strike user as well as you know a lot of the open source tools I've developed such as Scarecrow and a few others from that type of perspective of going back around the ones I commonly use anything where between something like a version of safety cats or something that dumps like sharp dump range towards some more stuff about recon such as tools like one is great Vibe if you're not familiar with that one personally my favorite when it comes down to domain reconnaissance but once again like I said I really am someone that believes that customization is the best thing to do it so I'll often take some tools down and kind of remodify them and change them up so they're very different just for a high level success and everything like that so I might take some more GTPs that have come out I'll try to modify them so they really are different than what everyone else is using I hope I mean and that didn't really answer the question but that's just my personal belief around toolings Yeah I'm going to echo a lot of the same of what Matthew's saying there's definitely like stable tools that I think any kind of offensive team will probably leverage but the tools so what's the environment that you're targeting what kind of trade craft is important for utilization so I mean yeah from a C2 perspective on Windows side cobalt strike is a pretty standard stable for a lot of folks over on back in Linux you've got some other open source options that you can do custom development on top of outside of that it is a lot of really kind of adapting to the environment that you're targeting and developing custom tooling on the path so if you're navigating an organization that uses one or multiple EDRs maybe you're looking at techniques to get into kernel mode load your own drivers you know kill some kernel callbacks that are happening it really just kind of depends on what you see ahead of you and of course there's always the notion of kind of tempering trade craft to the defensive team that you were going up against as well coming through a steamroller and targeting targeting objectives with kind of leaving the blue team entirely behind so I would say trade craft depends on what you're trying to do and also the level of capability for the existing blue team in your organization that you're working with yeah I think from my side I very much resonate with what has already been said it all depends on the organization you're facing if you're facing a mature client you're probably not wanting to blast bloodhounds all over the place because that will probably get you caught so it really all depends on your maturity level and what you're facing I do hear cobalt strikes being mentioned a lot it's exactly the same for me we use cobalt strike as well just because adversaries like real life adversaries use it so it makes sense that we kind of emulate that but we also look into some more quote-unquote obscure C2 frameworks that are not that well known yet such as for example Brute Raito from Paranoid Ninja and I heard that MDSec is probably on the verge of launching their their own C2 implant as well so we're probably going to start looking into that when that releases just to see what it's all about and yeah it's very much as already been mentioned it's about modifying the already existing tooling out there you don't necessarily have to reinvent the wheel if you just know obfuscation and just replacing certain strings you can break a lot of detections already so yeah it comes down to what you're facing and it comes down to your own skills as well whether you're not you're able to create your own tooling how much time you have and yeah whether or not you can obfuscate or just stringly basically stuff to just break signatures that's awesome and I know you can tell everyone about the workshop before you do have to drop and I'll be I'll be doing a live workshop at the the adversary emulation village so it's like the friend the friendly village that is just nearby so I'll be doing a live workshop there about C sharp basically it's a very accessible workshop so I tried to make it as accessible and what's what's going on there it's also it also has its own workbook where you can do some exercises as well and it's about reflection basically so we're leveraging the the C sharp or dotnet frameworks built in reflection capabilities to create some loaders and basically expand upon them so we start with a very very simple one that is just loading another C sharp assembly from disk and then we expand that to also be able to fetch it and then it passes and all that good stuff that's that's awesome I'd recommend anyone who's watching right now definitely go to that workshop definitely get some good information out of that it's sharp the C sharp sorry if you need to drop you're welcome to drop I will be dropping now so thanks for having me see you around bye so Milos and Matt the next question anyone who's interested and I know obviously like you can't just like jump into red teaming but if somebody wanted to kind of go towards that path what would you recommend for them to kind of get started and what should they do to kind of work towards up to that path so pass it to Matt first sure so I would say and I think it's pretty much the best way to describe at the wall and see what sticks whereas with red teaming it's more of a surgical knife cutting through and it's really focused on stealth so trying to get into pen testing I would say the first thing you got to learn is the core foundations understanding having a good solid background active directory windows environments is pretty much a critical I would say scripting next different languages can be very useful having those as a big foundation and as you transition as you kind of mentioned from it's not just a direct B line to red teaming but as you go down that path you'll start to get really passionate about things and also trying to improve your trade crafts one of the biggest things when people ask me about red teaming is that if you're solid pen test or for X amount of years the next step is challenge yourself take your same customization you know removing strength and stuff but taking the challenge to say that I want to rebuild if I rely on say tool X a lot and it does something well what are the artifacts or something like that how can I improve on it so that way I'm more evasive that I'm not I'm still having that same high level success but now I'm focusing not just on that success vector but on that visibility vector when you start adding those two it's almost a blended long background and you start to learn and it just kind of opens up doors and knowledge that kind of just springboards you once you start down the path you kind of go into a different whole other gear that's the best way I can describe to recommend is just constantly learn and try to improve on your trade craft starting with the fundamentals and then adding on complexity yeah so I think I think from my perspective I echo a lot of the same I mean there's a couple of factors right if you're kind of already in security then maybe maybe you're you're broke to moving towards rectangular towards the offensive space would be a little different I would say if you're someone who isn't in security at all and you're looking to kind of reach into that environment I think DEF CON has a lot of really good local communities where you can start bridging connections with people who are in the industry a lot of fairly large cities have their own security groups security groups that are focused on outside of that there's plenty of free online material that you can learn from to give you some sort of basis and understanding like to really just calibrate your compass and set your bearings in terms of what direction you want to go in or to learn for cybersecurity if you're if you're already in offense or you're in cybersecurity you want to kind of move into the direction of red teaming it's kind of an interesting question I think certain skill sets within red teaming or conducive who doesn't necessarily have an offensive background and kind of allowing them to grow they can develop that capability over time so we kind of get success bringing in for example really savvy as a level developers into our red team and turning them into kind of a very deep backbone for developing custom implants loaders malware whatever it may be and then at the same time upskilling them with red team skill sets and better understanding of it's very I think most people who are in red teaming and have kind of been in this field or doing this type of offensive security for some time then you're typical kind of vulnerability assessment to penetration testing to penetration testing with social engineering so that eventually doing something called red teaming you know while the trade craft may be similar the goals, objectives and the purpose of those two exercises are entirely different and they don't necessarily intersect as much as people might think but I think that the past really kind of depends on where someone's starting from in terms of bettering yourself and preparing yourself to become a more effective red teamer it is really about this ability to assimilate information quickly and then adapt to unexpected obstacles right so Matthew talks about this notion of like upskilling or trade craft like there are stable tools that be used when you appeal those covers back when you begin to understand the fundamentals of operating systems that most red teamers are targeting these days and really start to level side your horizon allows you to better understand where is the current trade craft developed where are things focusing where are they focusing to that direction and that really kind of allows you to get a better idea of where things may go in the future and also to better understand you know what kind of IOCs or indicators as your trade craft leave behind really allowing you to be more comprehensive in both the offensive and the technical detection or technical perspective so I know it's not really an answer to the question this is a difficult question to answer I would say it depends where you're starting but if you're starting from ground zero you're not in this industry at all you want to kind of start to meet some people just every major town passing this towards or a slide chat or local meetup that happens where you kind of start building your connections Twitter's another good place to start getting some decent information you got to be a little bit of unnecessary data but it is a good place to get some good information that if you're in the industry it's really just about you know constantly pushing the learning and going forward understanding more fundamentals around the operating systems in your targeting how do they function why do they function that way and in that in and of itself bring ideas to you in terms of future trade currency So both of you guys what you just kind of went there I think that was honestly like really good information for anyone who's watching to kind of like take away because you can't stress enough that you can't just kind of like jump into red teaming or pen testing you kind of have to build and have a foundation and kind of build your way up to that kind of path it's not just something that you just jump right into so both Milo's and Matt's advice is definitely a good advice to kind of take from so we're kind of wrapping up with the questions now and I just kind of wanted to ask Milo's and Matt there's anything else that you guys kind of wanted to bring up before we end the interview we do appreciate having you guys on and kind of pass it back to see if you guys have anything else that you want to mention I mean you want to go first Milo? I'm going to do just want to plug in necessarily offensively with PSE basically if you're new to this industry don't bring yourself up to risk it's a really easy and there's a lot of we're going to be quite directly with this one and there's a lot of kind of this notion of like you know if you're not doing cybersecurity you can't succeed in this industry do research for eight hours honestly I can tell you you still want to have time to kind of keep your sanity into the system I know it's not really kind of maybe in the same vein but I think it's a topic to mention the people that are coming doing this industry because yeah and just to echo that I will say definitely I'm a big believer in research and as I've been mentioning a lot about is tradecraft but you have to keep that in a bubble and keep your life in that equal bubble as you're moving forward don't look over and see oh my god look at what everyone else is publishing all this stuff I gotta better myself I gotta push myself three times harder no don't don't look at it like that you should look at it as like look at what's the great stuff coming out of this community and I'm contributing I see a lot of people who are starting out who are great honestly brilliant researchers who do amazing stuff but they get so burnt out or they get so upset that they don't even ever publish their own content because they're afraid of what happens when it comes out just do it for yourself like this industry is hugely about sharing open source in the community anything like as Milich kind of mentioned Discord, Twitter everything like that I know that there has been some kind of things that you know has you kind of mentioned but where I would say is do it for yourself and at the end of the day make sure you know that okay I'm stepping away I'm going to go do something else work-life balance is very important and I mean I even myself you know 18 hour work days where you know I finish work and I just start researching I'm very passionate a lot of people who know me know that's pretty much true I you know live and breathe and monitor security and stuff but like recently if I can say one bit of advice you know more than technological advice if you walk out of here is balance your life there's always going to be a new expert there's always me something new but your family is the one thing that should be always in the forefront is the most important thing or your personal health so I mean I guess that wasn't probably the answer you were expecting the most important thing I can pass on to anyone that's starting out in this industry or anything like that is don't look at everyone else's work focus on yourself and know when it's time to go walk away from the computer and you know have other things important in your life I gotta can I add one more thing that I think is worth mentioning as well you may find that like if you're coming into this industry it's certainly valuable to have someone that can mentor you if you kind of have the ability to have someone they also find that this industry is very much so like well you need to learn things on your own and you don't want to help each other right especially in the offensive space I don't insist to be like a consistent trend there is help but there isn't kind of like as much typical mentorship as you might see in other areas so I would just say like look if you want help reach out to people and if a couple people snub you don't beat yourself up and like some people are going to be jerks in any industry the world is big enough there's enough people working in this industry now that you'll eventually come across someone who's a decent human being who's willing to help you out who's willing to give you some pointers and lead you in a direction everyone was always there right no one was born knowing all of this stuff couldn't agree more yeah I was gonna say like that was awesome advice I don't think that that was bad advice at all because Matt stresses to me all the time like Savannah like don't burn yourself out I'm like okay Matt it's really hard to kind of like bounce back so I mean I just want to thank both of you Matt and Milo for coming on today and kind of giving some advice to people that are watching and we look forward to having you guys in the future and if you want to mention your handles for anyone to follow you or to reach out or anything feel free to do that now but we're gonna go ahead and kind of wrap things up sure so my handles right now represent my message but the one thing I'll maybe mention is much like Jean I am doing a talk today at 115 PDT at the adversarial village check it out it's all about tradecraft and adversarial bypassing of EDRs for payloads the title of the talk is operation bypass catch my payload if you can if you're interested in anything along that line I think you know there's it'll be a lot of great stuff and there's gonna be some releases attached to that so definitely check it out if you're interested in this type of stuff I'm good on my end I don't generally associate my online with an actual person so I'll see you around I guess thanks for listening thank you so guys so much for joining today we're gonna go ahead and cut it to a break now awesome thank you we're going in a break real quick and before we go into the break let me share the statistics right now on the the scoreboard AI generated still in the first place CPT is second and neutrino canon actually moved from fourth to third and if you don't know what we're talking about of course you know the qualifiers part two are now live you can see the scoreboard at the link that I'm sharing at the bottom of the screen and you can also see the schedule of all the interviews and all the panels that we're they're taking place today in the bottom of the screen as well so with that thank you again guys I really appreciate it and we're going to break thanks again knock who's there this guy what's up red teamers what's up def con my favorite fake brilliant billionaire investor my little birdies cheap cheap cheap cheap cheap cheap cheap cheap cheap I like cheap things that's why I'm rich they let me know that lunar fire is under fire but that is a tres comas company and that's got so much smart shit in it and so it's unhackable or is it no it isn't not even you boy and girl geniuses can do it you would have to be the human equivalents of cars with doors that open like this will you gaunt all right we're back and just going back to the ctf quals the scoreboard in first place we still have a generated second ept and actually neutrino can and just went down to fourth so Hector's boys just took the lead but not by much now with that said what I'm going to do is I'm going to pass it back to Barrett even though he's not in the camera I'm going to let him introduce our next guest and take it away all right everyone we have an exciting interview next we've got three people that I think most folks on the stream are familiar with with their tools and some of the work that they've done I'll let them introduce themselves starting with you Matt cool how's it going I'm Matthew Bryan or my handles mandatory online I currently lead the red team at staff and write a lot of tooling in my spare time stuff like that so hey I'm Neero I'm like a tech lead manager on the Google red team so I lead the team and work on daily exercises and health programs my name is I'm the red team lead at Bishop Fox which is a consulting firm we do a variety of security testing but recently yeah I lead the red team and we do basically the full gamut of red team operations thank you so much for taking some time out of death con I know there's a lot to pack in for our stream especially with a lot of love to provide a lot of advice for folks that are building their offensive security skills and especially as they're kind of elevating through that a lot of folks have aspirations of being on a red team and so I'd like to start off just just by asking each of you how'd you get started in this career yeah so I guess my start was definitely probably the start was probably just me taking a lot of my personal time folks that I could find but I think it's probably one of the biggest in terms of the knowledge shift it was like probably being a consultant actually an efficient box just taking every time anything I didn't know I'd like write it down and go and cram it and so that really really helped the amount I was able to know and understand and then you know after that ended up doing like private security stuff and sort of moved you want to go next to it yeah so I've always been into computers in general I grew up like going to land parties and my parents like never allowed me to have an internet connection at home so I actually got into security through like building Wi-Fi antennas to steal my neighbors internet connection so I could play video games online at home and then it really snowballed from there I started getting into programming I guess I kind of stumbled into security and like both of them they kind of started security early for me it was more like I just stumbled into it I graduated from undergrad doing computer science and I was hired into a role to do testing and then on the first year of my internship I found out that it's more security than testing so just like started from there did the application I did my masters in security tried consulting for a bit and then entered into Google did a lot of like assessment interviews like design interviews code reviews and stuff and then started working on redeeming exercises alongside really smart people and just pick it up from there but yeah kind of stumbled into it and things worked out as I started working towards it I think that's one of the cool things about like the secure very wide variety of backgrounds like you have a master's degree Matt and I dropped out of college so but it's you know there's no like one background that people really come from into the industry it's really open to anybody's background like at our firm like we had somebody who's like a medical doctor and just like got bored with medicine and came and became like a hacker for a little while so those are very unique things I think about security right now absolutely you don't have to have a pedigree to get here that's great just a passion speaking in a much great segue you know what makes you really passionate about what you're doing right now yeah so I mean I think the biggest thing is just like it's always like completely new challenges and like the problem space is like never like maybe you're completely in house you don't know anything about it you have to like just be like alright today I'm gonna like learn this thing and like figure it out so it's like never boring and like boring is always what I just like the most so I think it's probably my favorite part about it yeah it's like solving puzzles like everyday someone gives you something new it's also one thing that people don't talk about often it's a satisfying feeling when it gives way but it's also like frustrating to get there but the journey of like figuring out how something works taking it apart finding the fastest way to get to what you need I think that keeps things new every single time yeah I think I'm in a similar boat so and I think there's a slight difference between like being on an internal red team versus a consulting red team you know being a consultancy we work for a variety of departments in different industries there's always a different tech stack you know you might be hacking you know some type of manufacturing facility one week and a couple weeks later you'll be you know going after something you know some tech company or something and so you know one will have like a windows domain and the other there's no windows machines it's all macbooks or like Chromebooks or something and so you kind of you kind of get exposed to just just everything from you know systems that have been laying around for 10 years to things that are sort of in the serverless like application stacks and more sort of hipster tech so I like to call it so I think there's also the capabilities of notings will probably vary a lot as well as like how you approach like detection in environments and from a red team perspective the beyond core zero core environments you don't even necessarily need like code running on machines like when people think about persistence they think about code running on machines somewhere but in the sort of the beyond core world it's more about like credentials because the attacker you as the attacker always have access to like the authentication so the way our approaches to different you know TTPs depending on the target environment we always try to sort of push the boundaries in those different environments that's a good example of just like the fact that nothing's ever the same different stuff like even something that you would always take for granted where it's just like okay well at least in every engagement like I'm going to have like an implant or something it's going to be like a first you really think how you do it so and Matt's presentation she's giving today I think it's a really good example of some of the stuff I don't know if you want to yeah give a quick pitch for that but please do yeah so I'm doing a talk today at Defcon the pre-recorded video actually is already online the slides are but it's you know about G Suite Google Workspace and Apps Script and sort of the security model behind these things and you know it talks about some really interesting features like you know you know you can have an implant that persists past wiping your laptop all sorts of stuff like this so it really delts into this sort of weird world where it's like okay well you know we have a company that really takes the heart the zero trust sort of thing how could we still survive and like you know get access and you know do lateral movement stuff like that one of the other things I really like to get into and that's one thing that I think I find often on red teams is like not necessarily exploiting vulnerabilities but misconceptions about how certain pieces of technology work often bears very good fruit for the red teams yeah is that good yeah I think that's kind of a distinction that red team has between pentesting and red team is like you're not trying to find all the bugs you're trying to find the fastest way to support the systems as well and a lot of times the processes or the people kind of give way before the systems themselves yeah yeah so with such a dynamic environment you know I think there's no end to the amount of tools and the amount of platforms you can study the different technologies what are some of the tool sets that the three of you like to use I can probably give a flood to theirs because like we use a bunch of open source tools as well and we use seed oil and stuff as well as curse chrome which is like the chrome extension we use yeah so I'm the co-author of open source a C2 framework called sliver we use that pretty extensively internally we have some internal sort of extensions on top of it but I also am a user of the cursed chrome extension that Matt wrote we use that pretty extensively again in sort of like these beyond corp situations it's particularly good for getting around U2F it's a really difficult security control to get around and I see it becoming more and more popular because it kind of takes like credential fishing off the table and password spraying and some of these like very effective sort of low risk from detection early on in an engagement approaches to getting initial access but yeah we use curse chrome quite a bit as well as like some of the techniques you developed for injecting it into the runtime of existing extensions we wrote some stuff around yeah sliver is sort of our go to if we want native code running on machine it's cross platform runs on Mac OS Windows Linux as well as like free BSD basically anything go can cross compile to sliver can probably run on in some capacity certain features that are platform specific but yeah we use it quite bit so we use sliver as well super useful especially for the cross compiling it's very useful because trying to find something that works reasonable functionality is like not as easy as it sounds so yeah actually in addition to like all the open source projects a lot of things that I find I use is actually just like when people do research or they write a blog post and they kind of describe like different attacks like that actually something that I use quite a bit like there's like I remember doing some research into like okay well like how can we exploit the OSX platform what does that look like and just reading like blog posts that even just broke down existing malware attacks that people discussed that well not directly like code it was like taking those snippets and like working those and using them as a starting point to build our own payload that's something that I use quite a bit as well so yeah I think that's in my experience training sort of junior red teamers that's often like the steepest learning curve is sort of being you know in pen testing you deal a lot with like proofs of concept and I was in application security before sort of switching to red teaming sometimes you'll you'll add some flavor and like you know to just show impact but I think one of the learning curves that people experience when coming over to red teaming is you actually have to like weaponize the stuff and deploy it and actually get it all to work and you need it to work like fairly reliably in an environment that you don't necessarily have like it's it's generally not realistic to have a test work you have to have a lot of contingencies and you have to bake that into your code into your payloads into your operating procedures like into everything so as well as just being able to take those because oftentimes you'll do research on a target you'll find like a POC that was published but you know it won't work and it's a little broken or it doesn't work in the way that you value a skill set and I think it's it's one that juniors have a hard time acquiring sometimes Yeah, I will say that I think that one of the one of the things that I really encourage people to get in the habit of is even if you're in app sec and you're not doing red taping like taking the time to write proof of concepts like the full thing it's not just like even if it's yeah it's a proof of concept that's not just going to get used just like weaponize across that scripting vulnerability it'll take your understanding of what's going on from like oh I mean a like I understand all the things that can actually do with this and like the real danger and so when people ask you things like what's the impact you are like can't they terribly speak right so Yeah, a band alert box is for cross-site scripting examples efficient boxes like you have to write a real payload this this is a question that I think a lot of folks interpret differently in terms of like their answer but there's a lot of misnomers out there and in our industry how would you define you know like what is a red team or a red team what makes that unique from other types of titles so we would say like red teaming is where you're simulating an adversary so you're trying to copy their actual TDPs you're trying to work towards an objective and you're trying to show how they would get to that objective and how they would achieve their goals so it's very catered around who are you simulating what is the attacker profile you picked what are the objectives right there so it's not so much as like find every issue in a system it's like get to that point the fastest way possible in a way that it makes sense for that attacker profile that you picked so that is the main distinction I would say between a red team and between like a pen test or an assessment that's great the way I think about it is you know it's all offensive security testing so like there's a lot of overlap but to me the primary distinctions are you know in a target within a certain timeframe stealth is usually not a concern and the primary objective of a pen test is to reduce the attack surface of the target whether that's a network or an application a red team is more goal oriented and you're generally actually trying to use the fewest number of vulnerabilities to achieve a goal because that will more or less translate into your exposure to detection like if you find one way to get domain admin on a red team you're probably not going to go back and try to find a pen test because in a pen test again you're trying to reduce attack surface you want to find as much stuff as possible red team is just like can a goal be achieved and often you're trying to emulate specific adversaries because the outcome that you want from a red team is to increase the organization's detection and response capabilities or to exercise them you know a lot of organizations have you know procedures and stuff written down on paper so you know you really want muscle memory when it comes to responding to incidences and the red team can sort of help build that muscle memory within an organization versus again like a and red teams sort of are generally more broadly scope it's about people you know social engineering is often involved it's not necessarily just about technical vulnerabilities and a pen test is generally always focused on technical vulnerabilities I think they're the one thing that for people who are you know very very good on the just like the hacking side of things that people who are like well the next way really easily they know all that the biggest thing that I think for them that for me to like basically convey to them is like you know I'm always sprazing stuff is in like okay I am the person we're emulating my bosses and say what would I actually do here right like what I do something is crazy is like what we're pulling off just that makes sense like because you know you can always do crazy attacks but when you're you're really trying to emulate like what Joe mentioned like the detection response side of things you want to make sure you're actually doing a real simulation that's helpful there and to add to that like it's about adding value is it like you're actually testing the controls in place you're testing the detection and response capabilities be it you want to see it to this point so the value added is more for the organization that kind of has some security capabilities already so if it's an organization that's newer in terms of security building on security red teaming is a little bit like jumping the gun in some ways yeah we certainly see a lot of that in consulting and usually what I'll tell clients is like if you haven't done a lot of pen tests so you definitely don't want a red team like you kind of want to start with pen tests and work your way up towards red team program within the organization so yeah you can especially find that you can run situations where like you know you have a bunch of issues that you know are broken and you're like well this is broken this is broken if you do a red team a lot of times you're just going to like it's the law it's taking fruit right you're going to go for what's easiest you're not going to waste time so you might end up with something that's just like here's the problems you already knew about like go fix them so you know attack surface reduction versus that exactly so yeah pen tests are a very useful tool within you know these are all components within a mature security program and an organization it's not a you don't want to do just red teams you don't want to do just pen tests you know that's great advice and I think that the definitions you provided that should be the standard because I think you hit on all those important points and I think there is a strong distinction but you know areas of offensive security and so thank you for providing that you know as we're as we're nearing the end here you know I'd like to again I mentioned that we have a lot of folks who are either getting into offensive security or they're kind of level up their skills what personal advice or recommendations would you have for those folks that are learning a couple of things actually like this is true for anything in security understand how to see that things break and go with it like understand how the tool works understand why something broke understand how to fix it and I think that will be valuable in any phase of security but especially in red team because it's not just about breaking something it's about like weaponizing it like what Joanne Manifry said the other aspect I would say is like learn to code I think this is like a super underrated skill in our industry scripting and coding super essential so understanding those tools for the use case in is very valuable yeah I generally learn things by writing a tool to do it even as I think there's there can be a lot of value in reinventing wheels if it's like an educational thing so definitely I agree wholeheartedly everything Neera said I also read a lot like I'm a prolific reader I have I read almost every security book that comes out and so at least I find a lot of value I know everyone learns differently so you also kind of have to understand how you learn but for me reading is a huge part of how I learn things so I definitely recommend reading as much as possible so yeah so some of this I think the security environment today is a little different from when I was sort of learning stuff because there's more I've always learned just like especially when you sort of get your first job in the space your work with people it's like don't be afraid to as much as possible when they see something new whether they present something really learn from it and like extract that technique and use it yourself because a lot of times security at least in my experience there's a lot of hidden knowledge it's just like oh some random person does some trick you could easily just like not notice it it's easier to say like I know all the stuff I won't listen to for new stuff but really always keep an open mind and be like okay so that actually this person was able to get this working so what are you doing that I didn't do that I can absorb and like learn from and the other thing I'll say is like you don't have to be born a genius to do this job I definitely am not like I wasn't born an extremely smart person so I gotta say it's like a lot of like me banging my head I get the same that's 100% exactly what I ran into and it's completely fine like you know there's no there's no magical like only these people can do it everybody just takes time learning your own pace like keep trying so but yeah definitely understanding like how like one of my favorite security books and Matt knows that's the tangled web which is it's a little dated at this point but it's it's it's the title is like you know how to secure it doesn't teach you like there's nothing in there about like burp or you know sequel injection or anything like that that's often you know there's other great books on those topics like the web hackers handbook but tangled web is just about like how browsers work and like the different quirks and like the different RFCs and like how different URLs are parsed between different browsers and all the nuances with that and I found that to be like one of the best like security books I've ever read like it's more like I've ever read like there's a crack and there's this you know just like it's just like that's the because you're you know there's a huge net problem because I mean there are people who who who who who who who who who explain it, that means you go back, read, understand, come back, and do it better. So writing is a super valuable skill in the industry. That's the Feynman technique. But yeah, I can certainly say it from a consultancy, Bishop Fox is pretty heavy on the writing skills. To the point where we often, or I think we still do this, we give writing challenges to applicants while they're going through the application process to see, because we want to gauge how good they are at writing, and that's definitely an underrated skill. I definitely created it. Yeah, I've even taken, like, leaving consulting going to the private security world, it still is super useful, just in the fact that if you're going to write up a report, it looks so much better. And it's such a better quality of work when you can send an email that looks really good, or you can write a report that looks very formal and easy to navigate. That skill is super transferable, so. Absolutely. Thank you again so much for taking some time out of the short period where we get to all get together and see our old friends. We've got some more on the agenda. Again, I can't thank you enough. We're going to kick it back over to Omar in the studio, and we'll go on break. Awesome, and I like that. I like the studio part. So thank you again, guys. I really appreciate your help and collaboration here. Amazing thoughts in there. Now I want to announce something that I'm going to put Barrett on the spot. But we stay tuned for some upcoming giveaways. We're going to be announcing a few throughout the days. Yesterday, we gave three AWA courses with 60-day labs for offensive security. Today, stay tuned. We're going to be announcing several forms where you can participate. And basically, you will just provide your CTF handle and your Discord handle. And we'll, of course, look for you. But yesterday, we actually had three winners. And as a matter of fact, that's what I'm going to do in a few seconds. I'm going to go into a break, and I'm going to show you a quick video from Offensive Security congratulating those winners. So once again, thank you so much for sharing your knowledge today. And with that, let's go in a break. Thanks for having me. Congratulations, guys. We also have Siren from Offensive Security. Hello. Thank you for the shout-out, some of the AWA winners. Absolutely. So shout-out to all the AWA weekletters. We love to have you. Thank you so much for taking our courses and getting the vouchers, whatever it may be. Congratulations. We always encourage you to come back. And we have many more certifications in Offensive Security. We just launched 365. So that's a year round for many, many things. And it's 20% discounted. So by all means, swim by the website and check it out. And congratulations to each and every one of you who actually got it. It comes out now at the end of the week. All right, bye, everyone. Now who's there, this guy? What's up, red teamers? What's up, Def Con? It's your favorite fake, brilliant billionaire investor. My little birdies. Cheep, cheap, cheap, cheap, cheap, cheap, cheap, cheap. I like cheap things. That's why I'm rich. They let me know that Lunar Fire is under fire. But that is a Threscomas company. And that's got so much smart shit in it. And so it's unhackable. Or is it? No, it isn't. Not even you, boy and girl geniuses can do it. You would have to be the human equivalents of cars with doors that open like this or like this. Are you? Can you? Will you? Don't. The Red Team Village. And today, we are here with Omar Santos from the Red Team Village, as well as our guest, Ipsak, from Hack the Box. Hey, guys, what's going on? Ipsak, Hack the Box has been a longtime supporter of the village. Can you tell me more about the company? Yeah, Hack the Box is a hands-on security training platform. And our main goal is to make good training readily available to anyone in the world. If you're new to a topic or just a field in general, we have Hack the Box Academy. And it's a guided learning experience, which just means we have written material and hands-on labs. And again, when building this, accessibility was our number one desire. So we created the Pone Box, which allows you to have a whole operating system in your browser. So the machine you're doing this learning on doesn't have to be powerful. You can do it on a Chromebook. If for some reason you want to do it on a phone, you can. I wouldn't recommend that. But everything's done within a web browser. If you want to bring your own OS, we also provide a VPN pack for you so you can join your OS to the VPN and go on learning. In addition to the academy, we have unguided learning, which is what we're most famous for. This is the weekly challenges machines or entire networks we put out on the platform and that we ask people not to publicly talk about these challenges until they retire, which is typically 20 weeks. This is my favorite and what I credit most of my success to because it really enforces building good social relationships that not only get you the help when you need it, but also when teaching, it often validates your understanding of it and it's proven to help memory retention. So I have a lot of friends in my social network that include Barry. I met him through another friend who met him at DerbyCon, which is a similar event of Red Team Village. And the funny thing is both my other friend Kyle and Barry all lived within like 30 miles of each other. But we met like hundreds of miles away. So definitely important to go view and travel and experience the community because you'll never know who you find and how close people may be. It's a small world. Absolutely. I think we've all been cooped up these last few months here. I think a lot of people are excited to go in person to Las Vegas to attend DefCon. And so we're really excited to see some of our old friends and make some new ones. Speaking of that community, Hack the Box is a very vibrant community, both on their Discord as well as all over Twitter. Can you tell me a little bit more about the people behind Hack the Box, maybe some projects that you might be working on? Yeah, we have a innovation team that's designed at pushing what we think is the limit. So typically, most of our stuff is either a Docker or a VM or image. And the innovation team is looking into Google Cloud, AWS, and Azure to provide a pro lab called BlackSky, which is just based upon those types of features. So if you want to exploit IAM or do a lot of those unique cloud things, BlackSky Lab is going to be that. We also have, as you said, the Discord community. We have Roadrunner who runs that. And they help provide a lot of good support and just learning to anyone. In addition to a bunch of CTFs, I think we run the CTF like every other month or something. It's insane. Well, talking about the CTF and talking about all the activities, throughout the years, you guys have supported the Red Team Village tremendously. So first of all, thank you and thank you, Hack the Box. So I got a couple of questions, right? So one of the questions is, what will you say that is the best part about sponsoring community efforts like the Red Team Village CTF this year? I mean, obviously it helps the community grow. And most of my relationships, I can credit almost all my professional success as to leaching off my friend's knowledge, because no one can know everything. And I can't speak for anyone at Hack the Box, but I know a bunch of my friends at Hack the Box are super excited to play a CTF built by other people. And we've played the Red Team Village CTF for quite a while. I vaguely remember one, I think, two years ago that involved exploiting a printer, which was new to all of us. We're all like big, binary exploit people, and that threw a different architecture at us that we never really experimented with. And it was just a lot of fun to play. So super excited to sponsor an event that we can participate in and learn new things to hopefully put out on our platform in the future. Thank you. Appreciate that. I think that you're hearing my next question, which is, why do you think sponsoring the Red Team Village this year is so important for the community? Yeah. Number one, it's important to, like, with COVID and all, we want to increase our socialization and everything. We've been all cooped up. And the Red Team Village incorporates all of hack the boxes things. The main thing was being accessible. If you can't travel, you can do it online and form a team. And additionally, if you want, it's available for the high cost of $0, which it aligns with kind of our methodology and what we want. All our machines are available for free for a time. And then once they retire, then you have to pay a small fee to gain access to it because hosting 150 images permanently would just be expensive. Can't do that for free. Additionally, I believe InfoSec is a unique profession where team building activities have immeasurable impact. If you look at the non-infoSec teams, they still do team building activities. Like, you have that gimmicky trust fall and escape room, et cetera. And they're doing them just to help build that social bond between coworkers. So you know it's valuable since that's the only thing they care about. In the InfoSec world, we have CTS that is just like that on steroids. It has all that same social bonding benefits. Like I mentioned earlier, I play CTS with Barry. I've played CTS with OXDF, Mr. Ben, John Hammond, a bunch of people I just have a lot of fun with playing these CTS along with coworkers. And in addition to that social bond that you build, it also gives you a lot of techniques that you may be able to immediately provide your work value because you're joining hands with a bunch of other companies to learn things. It wouldn't surprise me if you do the CTF and then find something you can immediately turn around to do on your job. I remember doing almost any pro-lab. I'll use offshore as an example where the foothold involves exploiting Splunk. And I had a pen test that I kept missing this vector on because I just didn't know it. And Mr. Ben put it in that pro-lab. So when I did that, it was just like an eye-opening thing of, oh God, what have I been missing? So definitely the big social aspect is huge here. Awesome. And I couldn't agree more. And once again, thank you. I have one more last question when it's around the benefits that your team actually will receive by participating at the Red Team Village CTF this year. Yeah. Hack the Box and Red Team Village are almost anonymous in what we provide and our methodologies. So the only unfortunate thing is the Red Team Village CTF is a yearly thing while Hack the Box produces new things on a weekly basis. It's probably not to the scale that Red Team Village will be doing just because it's constant. But if you're itching to do more after doing the CTF, definitely check out the platform if you haven't and go over to Hack the Box because I'm sure you'll love the challenges we put on the site. Awesome. So once again, thank you so much for supporting us. Thank you, Hack the Box, for sponsoring the Red Team Village. And I hope to see you at DEF CON. Yeah, take care. All right, welcome back everybody. So we are on time right now. I think that just in a few more minutes, the finals will start and the qualifiers will end. So with that, I'll pass it back to Barrett and Savannah. Hi, everyone. So before we kind of get started with announcing the winners at noon, specific time, we are gonna be doing a giveaway for an OSCP voucher. So Omar is going to be sharing the OSCP survey to Google Form so you can submit it and we're gonna choose someone at random to win the actual OSCP voucher for 60 days. So you'll be able to play in the lobby for 60 days and then also take the exam. So it's a really good opportunity if you wanna get the OSCP. And then the remainder of the day, we're gonna have at 2 p.m. Henry from Sands and then at 3 p.m. we're gonna have Bruce Schneier and then at 4 p.m. we're gonna have Andy doing keyboard building. So we're really looking forward to that. So once Omar, he has it linked right there so that entered the win the OSCP giveaway. So once we get all the submissions from there, we'll announce the winner later on. Omar, was it anything else that you kind of wanted to add before we're kind of like waiting until noon to? No, I think that from my side, quick reminder, all the conversation, of course, is happening at the DEF CON Discord server and the channel, the specific channels in the bottom of the screen. Just amazing how many flags actually people were submitting in the CTF and the participation. So I cannot wait until you guys share some of the statistics a little bit later and of course, announce the winners. And once again, the link to enter the giveaway is in the bottom of the screen. We're gonna have two more giveaways later. So if you are not the lucky person, you still have two more chances later today. So with that, I'll pass it back to you. Yeah, we are just five minutes away from closing the quals. We've had a lot of really, really impressive scores. It's great to see all these teams. I was told that Hack Street Boys are gonna do a song after we close out. Son of Anton is doing great in fourth place. Our friends over at Neutrino Canon are trying to get back up higher on the scoreboard. But yeah, we've got a lot of familiar names here. It's great to see that these teams come back and play the CTF. We are gonna finish out this Jeopardy board style and we're gonna go into finals. We've got a really impressive network that we wanna share with everyone. And so once we get to noon and we close everything out, we're gonna take the top 20 teams and that's just gonna move to finals. We're gonna have an hour break between when we close out quals and when we kick off finals. I will make another announcement when we get there. Let me go check Discord. I did wanna talk about how many flags we have, which I did not get the end to me. And while you do that, let me share the schedule for today. Basically, let me shift my screen real quick. As Savannah mentioned, we are now about to kick off the finals in a few minutes of 1 p.m. Pacific time. We're closing the quals right now in the next four minutes. And then we have a few interviews coming up. We have a combined effort within the community, especially in participation with the AI village at 4 p.m. So that's actually a panel that I will be participating with Bruce Snyder and a few others. So stay tuned. There's a lot of other activities actually happening. And with that, let me share the screen again for the scoreboard AI generated. They're kicking behind, kicking butt and behind them is EPT. Just three more minutes. Three more minutes. Some overall stats. We had 645 registered teams, a total of 2,127 different players. Our overall, like our capped out score is 11,970 total possible points. And that is across 124 different challenges. So we had a lot there on the scoreboard. And I love to see just the submission numbers. Since we've been doing this, just for this last day and a half, we've had 10,000 correct black submissions and 10,000 incorrect black submissions. So that's quite a bit, a lot of activity there. Yeah, and as a matter of fact, I'm actually trying to create banners as we speak to actually share those numbers. So 10,850 correct submissions, even though I put right in there, but you know, they're correct. And then that's an impressive number. Even if you actually submitted a run submission, that's okay, they're all, it counts as actually your plan, your learning. Hopefully you're having fun. And with that, let me actually share also, again, the scoreboard side by side. So back to you. Yeah, you know, if you just keep on submitting the, I'm not gonna, maybe just be the correct one. And please don't submit to the OCP course giveaway 8,000 times. I think somebody put it in burp, in burp. And we got a ton of submissions, same person. So let's just keep that down to one. We've got three more. We have three total that we're gonna give out today. Feel free to just, you know, send them to Barry's DMs. And another thing is, if you actually submit multiple of them, you will be disqualified. So we'll just ignore you, you know. So just make sure that you don't vomit because, you know, I will do the same. We have to wait for this to be ready. But I won't do that. Now, we are half less than a minute left. So. If you're holding flags, you better submit them. Yeah. Yeah, look at that. Look at this fourth and fifth place. Nutrino cannon is trying, it's trying to go to fourth. 30 seconds left. Actually, I can do a countdown with that. So let's do a 30-second countdown. Let's do a 30-second countdown from now. All right, those 30 seconds, so I'm pretty fast. All right, so we are closed out. Oh, no, I was just gonna pass it over to Barry. Hey, scroll down a little bit, Omar. Let's see where we're on the cut here. Right there. So, unfortunately, dark wolf solutions. It looks like you were just shy of the points to making the finals. We've got CIA and above all of those teams are now in the finals. What I'm asking is for just the team lead, the team captain, please DM Knopp researcher on Discord. Let him know what team you're on as well as what email was used to register that team so we can validate that information. We've got an hour now where we're gonna transition. We're gonna get you a package that has your VPN, your VPN configuration for your own private network. So for everyone who's watching, so what the final is to do now is we're gonna move into our scenario where we have two Windows networks that will be stood up in a cloud environment. For safety, we're gonna keep everything contained within a VPN, so it's a little bit gamified. Just keep that in mind, but you'll be able to have your whole team connected to that VPN. One thing that we always recommend is especially if you have a big team because we know those top five, 10 teams are really huge teams. We try to do things to kind of slow down a huge team. The infrastructure itself, the instances that we're using, you can't have 45 shells on, so you're gonna have to work together. There's gonna be little pieces of Intel here and there that you wanna share across. And just in general, you wanna work together as a team on this next part. It's gonna be fairly immersive. The scenario that we talked about, we called this thing Lunar Fire, kind of a plan of words for the SolarWinds. When we started designing this, that was one of the top stories. We thought that that would be the sensational thing that would still be holding true today. Little did we know that 400 other things were just huge news in this industry with all the ransomware, especially the things that have affected a lot in the physical realm. So Lunar Fire is our theme that should cue you in that there's a supply chain attack involved in our scenario. You've got two networks. One of them has a very small attack surface. Well, another one has something that you can go after and your whole point is to get through that first network and pivot into the next one by hijacking that supply chain and getting into the next one. I think I wanna stop talking so I don't give it any more hints. Good luck, everyone, take a break. Yeah, no, good luck, everyone, like Barrett said. And there's anything else you wanna mention, Omar. Feel free to add it. I'm just gonna drop a little hint for one of my boxes. I'm just gonna say I like notes. That's the hint for mine. So good luck and I'll pass it back to Omar. I've got one more thing to say. So for folks, because a lot of these teams we saw last year. So one thing I will say is that the OS intelligence aspect of this is not as heavy as it was last year. I know that we had a lot of flags with that. I just don't want you to spend a whole lot of cycles there. We had a whole 24-hour period where we had flags everywhere. We had them on Myspace, LinkedIn. I think like we made a big GeoCities website and put it up there. So this one, it's fairly light, but there is some. It's gonna be spawned off of that one website that we shared earlier, the LunarFire.dev. Keep in touch on DM with NOP Research. We wanna make sure we get contact with all the teams. And what we've tried to do is put some minor hints in those personas we created that'll help you out in the files. So if you have a big team, go ahead and set some people focused on that to make sure you grab those hints. Awesome. And once again, congratulations to the 20 teams that we have in the screen right now. So as Barrett mentioned, some of these are not new to the Red Team Village. So thank you again for supporting the Red Team Village and playing along. And I know that Neutrino Canon actually is pretty much in every single CTF out there for the Red Team Village. So good to see you here. And with that, let's actually go in a quick break and we'll be announcing the winners of the OSCP course. So as a matter of fact, if you just join the giveaway link is in the bottom of the screen. And I'll leave it there doing the break for you to participate and we'll announce the winners at 1 p.m. East Pacific time. All right. So with that, let's go in a break. There this guy. What's up Red Teamers? What's up Def Con? It's your favorite fake, brilliant billionaire investor. My little birdies, cheap, cheap, cheap, cheap, cheap. I like cheap things. That's why I'm rich. They let me know that Lunar Fire is under fire. But that is a Trace-Golmas company. And that's got so much smart shit in it. And so it's unhackable. Or is it? No, it isn't. Not even you, boy and girl geniuses can do it. You would have to be the human equivalents of cars with doors that open like this or like this. Are you? Can you? Will you? Don't. It is Savannah Lazara and I am the co-lead of Red Team Village. And today we have Barrett Darnell and Caitlin O'Neill with us from Bishop Fox. And they're gonna be one of our sponsors and we're really thankful for them being a sponsor for our CTF event at DEF CON. And I'll go ahead and let them introduce themselves and we're gonna get them to know them a little bit better today. Hi, I'm Caitlin. I'm with Recruitment Team here at Bishop Fox. I came over here about three years ago because of our reputation as one of the largest professional services firms focused on offensive security and security as a service. It's been a wild ride, but part of why I stick around is because I love working with such brilliant people. I love that we go out there and break things, build new things, break more things and always working with the latest technologies to keep people safe. So it was a really exciting opportunity for us to sponsor the Red Team Village Capture the Flag this year at DEF CON where we can't wait to meet people virtually and on site and to hopefully find some new ways to grow our team. Hi, Savannah. Nice to see you. I'm Barrett Darnell, managing senior operator at Bishop Fox. Part of the continuous attack surface testing team also known as CAST. Well, we're really excited to have you guys on this call today. And I would say the first question that we kind of want to start off with is kind of seeing what you guys would say is the best part of being a sponsor for an event like this. Well, for Bishop Fox, we're avid participants of the Greater InfoSec community. And we feel that sponsorship of conferences and efforts like this provide a real tangible value to the community. This CTF in particular provides a tremendous amount of realistic hands-on experiences for those in the offensive security, particularly red teamers. Yeah, no, that's awesome. And I mean, I'm sure you know this, Barrett, with so many resources out there. Why do you think kind of sponsoring something like this is so important? Well, for one, this resource is free. So that barrier of entry is out of the way. Anybody can participate. Secondly, it's realistic. It mimics real life scenarios that we've seen on our customer engagements. And so it's not very esoteric. It's real tools, real situations you might be in. And it's also beginner-friendly. It starts off where everybody can join and get something out of it, but the difficulty ramps up. So there's a lot for experienced red teamers to hone their skills on. Awesome. And I know we've kind of just talked about the benefits that people who are joining these CTF would get out of it, but can you kind of talk about the benefits Bishop Fox receives out of being a sponsor for the Red Team Village CTF event at DEFCON? Yeah, well, you know, first and foremost, we always want to give back to the security community. And this is a great way for us to interact with the hundreds, maybe even thousands of attendees and participants, whether they're in person or virtually. It's great from where I sit as a recruiter because it gives us a chance to meet new talent, people who we maybe haven't engaged with before. And that's really important, especially as we continue to grow our two new service lines, the continuous attack service testing team that Barrett is on and our Red Team. Yeah, no, I mean, everybody knows in the security community who Bishop Fox is, and I'm sure they would love to know about the recruitment. So I guess what types of people do you guys typically look for for the team? Yeah, so, you know, what we need, what we're hiring for can kind of shift month to month. So in the past, if you engaged with us and it wasn't a fit, that might be changing. So, you know, always stay in touch. First and foremost, we look for people who are really passionate about security because that's definitely who we are. And, you know, we're always looking for a diversity of thoughts, a diversity of backgrounds. So, you know, we have a lot of people who came from a pretty traditional career paths, you know, school, work, but we definitely have folks who are self-taught, who are coming from non-traditional backgrounds. You know, we love our folks from the military as well. So there's a lot of different paths that can lead you to working at Bishop Fox and we're really open to exploring all of them. You know, you can always find me on LinkedIn, Caitlin O'Neill, but you can also engage with Bishop Fox on Twitter. We have an awesome social media gal. We have a really fun Twitter account. We're going to be onsite in Las Vegas and we're gonna be using Twitter to kind of help people find us and also find us for some cool giveaways as well. So definitely check us out there. Yeah, no, it's awesome. I'm sure everyone's looking forward to kind of seeing Bishop Fox at DefCon. Did you guys have anything else that you kind of wanted to mention on this call before we end it today? Yeah, I mean, I'm lucky. I just get to show up as a recruiter and a sponsor. I know that all of you guys with the CTF have done so much work. So, you know, thank you for everything you did. I'm really excited to see it all come together. And thanks to the Red Team Village for this opportunity. We're really excited to meet everyone. And I just want to say, you know, after months of being on lockdown, I think everyone's itching to get out. This might be the first in-person conference for a lot of people. And if you haven't registered yet for DefCon, I highly recommend it. The staff at DefCon is really going above and beyond to make sure that it's a safe environment for all attendees, especially with, you know, the latest developments. And so vaccinations will be required and so will masks for everybody at that conference. And so I think it'll be a pretty safe event. We're looking forward to seeing old friends and making new ones. So we hope to see everybody at DefCon this year. Yeah, no, I'm really excited for the event as well. So thank you guys so much for hopping on the call today. And thank you again for Bishop Fox being a sponsor. And we just really appreciate all the help. Thank you, Savannah. Thank you, Savannah. Appreciate it. I'm Bear Darnell with the Red Team Village. And I'm here today with Ryan Dory and Matt Eidelberg from Optiv. Thank you so much for being here today. And I want to thank Optiv for being a sponsor for the Red Team Village CTF this year. Your support really helps and it goes a long way at allowing us to provide a big event both in person and virtually. Can you tell me a little bit more about Optiv? Yeah, absolutely. So to put it very simply, Optiv is a pure play cybersecurity partner. And what does that mean? We aim to do all security all the time, right? We can help in ways of advisory deployment and even manage operations, right? So ultimately, our goal is very simply to help organizations realize a more effective security program and posture. And for both of you specifically, what do you do at Optiv? So I'm a senior director inside of Threat Management, which is a large umbrella, but I specifically have the privilege of leading our attack and pen team. So my focus is on the direction of success of that team. And I achieve this largely by enabling the great folks around me such as Mr. Eidelberg here. Attack and Pen, my primary role is leading the adversarial simulation services. This is our branch that focuses primarily on red and purple team operations. My role in there is not only executing these types of engagements, but also focusing on helping to innovate the team and grow more operators to perform these types of engagements. All right, and for that attack and pen practice, why do you like working there? Yeah, so for me, first and foremost, it's the close family atmosphere that we have on the team. And what I mean by that is I've been on the team for almost nine years now. I've been in attack and pen the entire time and I'm not alone in that. There's several other individuals on the team that have been here for a similar amount of time, such as Matt himself. So what that yield is a really good dynamic of folks to work well together while we simultaneously pursue our passion of offensive security. And just to add onto that, I would say in a single word, the community, the team itself honestly strives constantly to push the boundaries to teach each other new things, whether or not it's failures from previous engagements to help educate for future tests or even success stories. It's all about sharing and kind of bolstering each other and through knowledge sharing. Absolutely, and a plug for that, that giving back to the community aspect, I was on your GitHub the other day and I was looking into Scarecrow and I know I've got that on my list to do a deep dive on after DEF CON. I love the fact that a lot of big players in information security share that research, share that tooling that they create. Yep, that's what we strive to do here. And for your team, what types of people work there? What are their backgrounds? So it's a good variety of backgrounds, right? So we have folks from being, a good part of us being veterans to business-minded folks, to engineering folks, et cetera, right? But like I mentioned earlier, there's the ultimate commonality, right? Of a shared objective and passion for offensive security testing. And then what we qualify that success really is helping leave our clients better than we found them at the end of the day. And of course, you know, folks have a very specific or can have a specific subset of interest inside the team. That could be IOT to embedded, to wireless, to low-level Windows stuff, to evasion, et cetera, right? So there's definitely some sub-pockets for people to really go a mile deep on. Great, and with such a diverse group, what makes somebody a success in A&P? So aside from a technical acumen, which obviously is held, you know, it's an important quality on this specific role, right? Is the ability to show ownership and leadership and give back to the team? Really, you know, owning a specific service or an offering, helping others, mentoring, et cetera. We hold that in incredibly high value. And then as we mentioned earlier with regard to like Source Zero and Scarecrow, right, is the public thought leadership to help the team immediately and then also give back to the community as well. Yep, and just to add onto that, I would say the eagerness to learn and improve your trade craft. Honestly, the ones we see that excel the most are the ones that not only focus on themselves, but also make sure that they help their fellow teammates or coworkers, whether or not they're struggling with something or helping to help them also pursue and grow their talents. Those are the ones that I see often have the basic success here. That's great, absolutely. I mean, this is a team sport doing what we do. Yep. For the Red Team Village, one thing that we really love to do is offer a lot of environments for training. We do workshops. We participate in a lot of different cons. And one thing we want to do is bring as many people into this community as possible. And so I'd like to ask for both of you, what is your advice for people who are interested in cybersecurity as a profession? Yeah, absolutely. So I'll speak to the path that I took to get here and I think it holds true to the question, right? But I think it's very important or imperative for folks to have a deep foundational understanding as to how things work, right? So what I mean by that is how does Active Directory work? How does networking function? How can you manipulate these things to maybe work outside the bounds it was intended to, right? So that can apply to even development, web applications, et cetera. Oftentimes, I get asked by people that are a bit younger in college or whatever and they're like, hey, should I take this security class and become a pen tester? Well, I would really encourage folks to get a lot of those more foundational understandings to how things work before they move to the stage of trying to move to the adversarial emulation types part. Yep, and I would just add to not just focus when you're learning on red team tactics, it's incredibly valuable in the current landscape to focus on both blue and red team. Having that ability to speak both can really augment your skill set. And this is very much a cat and mouse game-based industry and just knowing both sides, their playbooks can really help you understand the strengths and weaknesses of both sides. So when you're coming up against, say, a red team or a blue team, you know what they are great at and what their weaknesses are to really help plan out those attacks or even your knowledge set to improve on. Those, that is phenomenal advice. This industry is a challenge because there's so much breath and depth that you can take not to mention that it's evolving every single day. So it's impossible to keep up. So you've got to have that thirst for knowledge. And without that foundation, it is quite difficult. I mean, you might throw that exploit and get that shell back. But then the question is, what do you do next, right? And so great advice. I want to thank both of you for being here today. Thank you again for the sponsorship, looking forward to meeting you in person and also with DEF CON right around the corner, you know, looking to engage with old friends and make some new ones. So thank you again. Absolutely, thank you for the opportunity. And we're looking forward to seeing some folks out at DEF CON. Welcome, everyone. I'm Barrett Darnell with the Red Team Village and I'm here today with Ryan Dory and Matt Eidelberg from Optif. Hi, everybody. And thank you so much for being here today. And I want to thank Optif for being a sponsor for the Red Team Village CTF this year. Your support really helps and it goes a long way at allowing us to provide a big event both in person and virtually. Can you tell me a little bit more about Optif? Yeah, absolutely. So to put it very simply, Optif is a pure play cybersecurity partner. And what does that mean? We aim to do all security all the time, right? We can help in ways of advisory, deployment and even manage operations, right? So ultimately our goal is very simply to help organizations realize a more effective security program and posture. And for both of you specifically, what do you do at Optif? So I'm a senior director inside of Threat Management, which is a larger umbrella, but I specifically have the privilege of leading our Attack and Pen team. So my focus is on the direction of success of that team. And I achieve this largely by enabling the great folks around me such as Mr. Eilberg here. Attack and Pen, my primary role is leading the adversarial simulation services. This is our branch that focuses primarily on red and purple team operations. My role in there is not only executing these types of engagements, but also focusing on helping to innovate the team and grow more operators to perform these types of engagements. All right, and for that Attack and Pen practice, why do you like working there? Yeah, so for me, first and foremost, it's the close family atmosphere that we have on the team. And what I mean by that is I've been on the team for almost nine years now. I've been in Attack and Pen the entire time and I'm not alone in that. There's several other individuals on the team that have been here for a similar amount of time, such as Matt himself. So what that yield is a really good dynamic of folks to work well together while we simultaneously pursue our passion of offensive security. And just to add on to that, I would say in a single word, the community. The team itself honestly strives constantly to push the boundaries, to teach each other new things, whether or not it's failures from previous engagements to help educate for future tests or even success stories. It's all about sharing and kind of bolstering each other and preserve knowledge sharing. Absolutely, and a plug for that, that giving back to the community aspect. I was on your GitHub the other day and I was looking into Scarecrow and I know I've got that on my list. I do a deep dive on after DEF CON. I love the fact that a lot of big players in information security share that research, share that tooling that they create. Yep, that's what we strive to do here. And for your team, what types of people work there? What are their backgrounds? So it's a good variety of backgrounds, right? So we have folks from being a good part of us being veterans to business minded folks, to engineering folks, et cetera, right? But like I mentioned earlier, there's the ultimate commonality, right? Of a shared objective and passion for offensive security testing. And then what we qualify that success really is helping leave our clients better than we found them at the end of the day. And of course, you know, folks can have a specific subset of interest inside the team. That could be IOT to embedded, to wireless, to low level windows stuff, to evasion, et cetera, right? So there's definitely some pockets for people to really go a mile deep on. Great, and with such a diverse group, what makes somebody a success in A&P? So aside from a technical acumen, which obviously is held, you know, it's an important quality on this specific role, right? Is the ability to show ownership and leadership and give back to the team? Really, you know, owning a specific service or an offering, helping others, mentoring, et cetera. We hold that in incredibly high value. And then as we mentioned earlier, with regard to like Source Zero and Scarecrow, right, is the public thought leadership to help the team immediately and then also give back to the community as well. Yep, and just to add onto that, I would say the eagerness to learn and improve your trade craft. Honestly, the ones we see that excel the most are the ones that not only focus on themselves, but also make sure that they help their fellow teammates or coworkers, whether or not they're struggling with something or helping to help them also pursue and grow their talents. Those are the ones that I see often have the day's success here. That's great, absolutely. I mean, this is a team sport doing what we do. Yep. For the Red Team Village, one thing that we really love to do is offer a lot of environments for training. We do workshops. We participate in a lot of different cons. And one thing we want to do is bring as many people into this community as possible. And so I'd like to ask for both of you, what is your advice for people who are interested in cybersecurity as a profession? Yeah, absolutely. So I'll speak to the path that I took to get here and I think it holds true to the question, right? But I think it's very important and imperative for folks to have a deep foundational understanding as to how things work, right? So what I mean by that is how does Active Directory work? How does networking function? How can you manipulate these things to maybe work outside the bounds it was intended to, right? So that can apply to even development, web applications, et cetera. Oftentimes I get asked by people that are a bit younger in college or whatever and they're like, hey, should I take this security class? I'm gonna become a pen tester. Well, I would really encourage folks to get a lot of those more foundational understandings just how things work before they move to the stage where they're trying to move to the adversarial emulation types part. Yep, and I would just add to not just focus when you're learning on red team tactics, it's incredibly valuable in the current landscape to focus on both blue and red team. Having that ability to speak both can really augment your skill set. And this is very much a cat and mouse game-based industry and just knowing both sides, their playbooks can really help you understand the strengths and weaknesses of both sides. So when you're coming up against, say, a red team or a blue team, you know what they are great at and what their weaknesses are to really help plan out those attacks or even your knowledge set to improve on. Those, that is phenomenal advice. This industry is a challenge because there's so much breath and depth that you can take not to mention that it's evolving every single day. So it's impossible to keep up. So you've gotta have that thirst for knowledge. And without that foundation, it is quite difficult. I mean, you might throw that exploit and get that shell back, but then the question is, what do you do next, right? And so, great advice. I wanna thank both of you for being here today. Thank you again for the sponsorship, looking forward to meeting you in person and also with DEF CON right around the corner, you know, looking to engage with old friends and make some new ones. So thank you again. Absolutely, thank you for the opportunity and we're looking forward to seeing some folks out at DEF CON. Yep. Great, welcome back everybody. And with me, I have not researcher Ann Savanna. But before we get started and announce the winner of the OACP course, let's go over some of the statistics about the CTF that we shared earlier, but you know, we have a little bit better format now. So with that, I'll pass it back to Savanna and Knopp. Oh, great. Thanks a lot. Omar and I definitely appreciate all the teams, you know, that played in the qualification round. It was really great. Great interaction in the channel and everything like that. A lot of movement on the scoreboard, even all the way up into the last few minutes of it. So it was great to see all that. And there's definitely some teams that were in that top 20 that kind of got knocked out of that last minute. So it was awesome competition. I really enjoyed it. But as you can see there, 1,360 users, 645 teams. So really awesome, almost 12,000 points available there. And then, you know, kind of like what we talked about earlier, there's about 20,000 flag submissions total, you know, half from right, half from wrong, but it was a great competition like going on there. Yeah, I'm more excited to finally actually get to start the finals. So in the next few minutes, if you haven't received the email yet, you will in the next few minutes with the connection pack for the VPN to be able to play in the finals. So if you have not sent the email for your captain, then you need to send it to knock researcher right here to make sure he can get that information too, so you can start the finals with your team. And then we can go ahead and announce the winner for the OSCP voucher. Do you want to, yep, so it's good speed. So congratulations, good speed for winning that. We'll go ahead and get the voucher over to you. And then we're actually gonna be doing another survey. So we will be announcing that soon. And then that will be the next voucher that will be given out for the OSCP. So I know everyone's really eager to start these final rounds. Just give us a moment here as we kind of finish up this stream as well as getting the emails sent out. So in each one of those emails, we're gonna have a connection pack. So we have an open VPN connection as well as a welcome message, which has a few hints, also kind of suggestions. Please read that. It's very imperative that you read that otherwise you will not be successful. So with that, once we get that sent out, you'll be able to go to the scoreboard. Hopefully everyone's logged in on that. So I've DMed everyone the scoreboard for their team to register at. Obviously if you haven't DMed me after this stream is over, I'll be able to get back to you and send you everything to log in there. But you will definitely get the connection pack via whatever email you registered with or that I confirm. So with that, we'll be starting to kick that off. Hey, Barrett, how are we doing on the email? All right, it's only two minutes. So in two minutes here, you'll be actually getting that back. So definitely kind of like what Barry was talking about earlier, maybe not as full on the OSIN on some of the socials, but there definitely is information out there. So just keep on digging, look around, see what we have out there, a lot of good information. So with that though, I'm trying to think here, we can see here, there we go. So while you pull this up, I want to thank the sponsors again, without you, this event will not be happening at all. So thank you, thank you, thank you. You have been seeing some of the prerecorded interviews with some of the sponsors in there, so especially Bishop Fox. That's right, that's right. And Optif as well, so thank you. Yeah, thank you. All right, so we're definitely here in a couple of minutes, you'll get that, it'll actually be, you sense it? All right, so right now, you should be receiving an email with the open VPN configs. We have 10, or sorry, 18 teams registered so far. So definitely hit me up in a DM after this, make sure that I'll get you registered. But all the teams that at least we have emails for, we'll get a connection packet this time, and all the challenges should be visible at this time. So with that, for the challenges, the flags mission will be based on host name. So host name and then the flag, and then you'll be able to kind of go through there and hopefully find each one. So it's more of a scenario, so it's not very necessarily as like when you're challenge A or whatever, as you go through the environment, you will come across the different flags, and you'll be able to kind of correlate each one of those flags with the host name, as well as, you know, whether it's a file name or something else, it'll be indicative of which flag it is. You know, there's no issues submitted that flag multiple times, just to ensure, you know, you're on the right challenge. So with that, everyone should have an email at this time, as well as logged in on the scoreboard, everything is visible. So good luck to all the contestants out there. Good luck. Omar, do you want to... Oh, I think you're muted, Omar. I am muted, I am not sure. All right. So they don't hear me typing. The third one is, of course, go ahead. Omar, we'll get you the updated scoreboard for the new teams. Everyone's just getting logged in right now. But that is their top 20 teams, so each one of those are, you know, getting their connection, they're getting connected right now, starting to log into the environment, and obviously it'll be a kind of a slow start as they figure out exactly, you know, what the scenario, the beginning of the scenario, what it kind of looks like. So a lot of clues that are out there, both within the welcome message, as well as most. And then if you might have seen some things publicly before, please go back and check them again. You know, some of them might have been updated with some new information that you didn't see before. Awesome. So if you just joined us, or at least if Goodspeed just joined us, you know, congratulations. You're the winner of the first OSCP course of the day. We have two more, so stay tuned. We're gonna be actually, you know, providing the form where you can sign up in the next few minutes. And one quick reminder, if you actually submit more than one submission, you're automatically disqualified. So just submit once if you actually want to win. If not, you will be automatically disqualified. So with that, let's go in a quick break and we'll be back in the next few minutes. Thanks again. Bye. Now who's there, this guy? What's up Red Teamers? What's up Defconn? It's your favorite fake, brilliant billionaire investor. My little birdies, cheap, cheap, cheap, cheap, cheap, I like cheap things, that's why I'm rich. They let me know that Lunar Fire is under fire, but that is a Therese Gomez company. And that's got so much smart shit in it. And so it's unhackable. Or is it? No, it isn't. Not even you, boy and girl geniuses can do it. You would have to be the human equivalents of cars with doors that open like this or like this. Are you? Can you? Will you? Don't. I'm Bear Darnell with the Red Team Village and I'm here today with Ryan Dory and Matt Eidelberg from Optif. Hi everybody. How's it going? Ryan and Matt, thank you so much for being here today and I want to thank Optif for being a sponsor for the Red Team Village CTF this year. Your support really helps and it goes a long way at allowing us to provide a big event both in person and virtually. Can you tell me a little bit more about Optif? Yeah, absolutely. So to put it very simply, Optif is a pure play cybersecurity partner and what does that mean? We aim to do all security all the time. We can help in ways of advisory deployment and even manage operations. So ultimately our goal is very simply to help organizations realize a more effective security program and posture. And for both of you specifically, what do you do at Optif? So I'm a senior director inside of Threat Management which is a large umbrella but I specifically have the privilege of leading our Attack and Pen team. So my focus is on the direction of success of that team and I achieve this largely by enabling the great folks around me such as Mr. Eidelberg here. Attack and Pen, my primary role is leading the adversarial simulation services. This is our branch that focuses primarily on red and purple team operations. My role in there is not only executing these types of engagements but also focusing on helping to innovate the team and grow more operators to perform these types of engagements. All right and for that Attack and Pen practice, what do you like working there? Yeah, so for me, first and foremost, it's the close family atmosphere that we have on the team. And what I mean by that is I've been on the team for almost nine years now. I've been in Attack and Pen the entire time and I'm not alone in that. There's several other individuals on the team that have been here for a similar amount of time such as Matt himself. So what that yield is a really good dynamic of folks to work well together while we simultaneously pursue our passion of offensive security. And just to add onto that, I would say in a single word, the community. The team itself honestly strives constantly to push the boundaries to teach each other new things, whether or not it's failures from previous engagements to help educate for future tests or even success stories. It's all about sharing and kind of bolstering each other and through knowledge sharing. Absolutely and a plug for that, that giving back to the community aspect, I was on your GitHub the other day and I was looking into Scarecrow and I know I've got that on my list to do a deep dive on after DEF CON. I love the fact that a lot of big players in information security share that research, share that tooling that they create. Yep, that's what we strive to do here. And for your team, what types of people work there? What are their backgrounds? So it's a good variety of backgrounds, right? So we have folks from being a good part of us being veterans to business minded folks, to engineering folks, et cetera, right? But like I mentioned earlier, there's the ultimate commonality, right? Of a shared objective of offensive and passion for offensive security testing. And then what we qualify that success really is helping leave our clients better than we found them at the end of the day. And of course, you know, folks have a very specific or can have a specific subset of interest inside the team. That could be IOT to embedded, to wireless, to low level window stuff, to evasion, et cetera, right? So there's definitely some sub-pockets for people to really go a mile deep on. Great, and with such a diverse group, what makes somebody a success in A&P? So aside from technical acumen, which obviously is held, you know, it's an important quality on this specific role, right? Is the ability to show ownership and leadership and give back to the team? Really, you know, owning a specific service or an offering, helping others, mentoring, et cetera, we hold that in incredibly high value. And then as we mentioned earlier with regard to like Source Zero and Scarecrow, right, is the public thought leadership to help the team immediately and then also give back to the community as well. Yep, and just to add onto that, I would say the eagerness to learn and improve your trade craft. Honestly, the ones we see that excel the most are the ones that not only focus on themselves, but also make sure that they help their fellow teammates or coworkers, whether or not they're struggling with something or helping to help them also pursue and grow their talents. Those are the ones that I see often have the best success here. That's great, absolutely. I mean, this is a team sport doing what we do. Yep. For the Red Team Village, one thing that we really love to do is offer a lot of environments for training. We do workshops. We participate in a lot of different cons. And one thing we wanna do is bring as many people into this community as possible. And so I'd like to ask for both of you, what is your advice for people who are interested in cybersecurity as a profession? Yeah, absolutely. So I'll speak to the path that I took to get here and I think it holds true to the question, right? But I think it's very important and imperative for folks to have a deep foundational understanding as to how things work, right? So what I mean by that is how does Active Directory work? How does networking function? How can you manipulate these things to maybe work outside the bounds it was intended to, right? So that can apply to even development, web applications, et cetera. Oftentimes I get asked by people that are a bit younger in saying college or whatever and they're like, hey, should I take this security class and become a pen tester? Well, I would really encourage folks to get a lot of those more foundational understandings to how things work before they move to the stage of trying to move to the adversarial emulation types part. Yep, and I would just add to not just focus when you're learning on red team tactics, it's incredibly valuable in the current landscape to focus on both blue and red team. Having that ability to speak both can really augment your skill set. And this is very much a cat and mouse game-based industry, and just knowing both sides, their playbooks can really help you understand the strengths and weaknesses of both sides. So when you're coming up against, say, a red team or a blue team, you know what they are great at and what their weaknesses are to really help plan out those attacks or even your knowledge set to improve on. Those, that is phenomenal advice. This industry is a challenge because there's so much breath and depth that you can take, not to mention that it's evolving every single day. It's impossible to keep up, so you've got to have that thirst for knowledge. And without that foundation, it is quite difficult. I mean, you might throw that exploit and get that shell back, but then the question is, what do you do next, right? And so, great advice. I want to thank both of you for being here today. Thank you again for the sponsorship, looking forward to meeting you in person and also with DEF CON right around the corner, you know, looking to engage with old friends and make some new ones, so thank you again. Absolutely, thank you for the opportunity and we're looking forward to seeing some folks out at DEF CON. Yep, thank you. Oh, and I forgot. Who's there, this guy? What's up, red teamers? What's up, DEF CON? It's your favorite fake, brilliant billionaire investor. My little birdies, cheap, cheap, cheap, cheap, cheap, cheap, cheap, cheap, cheap. I like cheap things, that's why I'm rich. They let me know that Lunar Fire is under fire, but that is a Threskomas company. And that's got so much smart shit in it. And so it's unhackable. Or is it? No, it isn't. Not even you, boy and girl geniuses can do it. You would have to be the human equivalents of cars with doors that open like this or like this. Are you? Can you? Will you? Don't. Well, from the Red Team Village, and today we are here with Omar Santos from the Red Team Village, as well as our guest Ipsak from Hack the Box. Hey guys, what's going on? Ipsak, Hack the Box has been a long time supporter of the village. Can you tell me more about the company? Yeah, Hack the Box is a hands-on security training platform and our main goal is to make good training readily available to anyone in the world. If you're new to a topic or just a field in general, we have Hack the Box Academy. And it's a guided learning experience, which just means we have written material and hands-on labs. And again, when building this, accessibility was our number one desire. So we created the Pone Box, which allows you to have a whole operating system in your browser. So the machine you're doing this learning on doesn't even have to be powerful. You can do it on like a Chromebook. If for some reason you wanna do it on a phone, you can, I wouldn't recommend that. But everything's done within a web browser. If you wanna bring your own OS, we also provide a VPN pack for you so you can join your OS to the VPN and go on learning. In addition to the Academy, we have unguided learning, which is what we're most famous for. This is the weekly challenges machines or entire like networks we put out on the platform and that we ask people not to publicly talk about these challenges until they retire, which is typically 20 weeks. This is my favorite and what I credit most of my success to because it really enforces building good social relationships that not only help get you the help when you need it, but also when teaching, it often validates your understanding of it and it's proven to help memory retention. So I have a lot of friends in my social network that include Barry, I met him through another friend who met him at DerbyCon, which is a similar event of Red Team Village. And the funny thing is both my other friend, Kyle and Barry all lived within like 30 miles of each other, but we met like hundreds of miles away. So definitely like important to go view and travel and experience the community because you'll never know who you find and how close people may be. It's a small world. Absolutely. I think we've all been cooped up these last few months here. I think a lot of people are excited to go in person to Las Vegas to attend DEF CON. And so we're really excited to see some of our old friends and make some new ones. Speaking of that community, Hack the Box is a very vibrant community both on their Discord as well as all over Twitter. Can you tell me a little bit more about the people behind Hack the Box? Maybe some projects that you might be working on? Yeah, we have a innovation team that's designed at like pushing what we think is the limit. So typically most of our stuff is either a Docker or a VM or image. And the innovation team is looking into Google Cloud, AWS and Azure to provide a pro lab called BlackSky which is just based upon those types of features. So if you want to exploit IAM or do a lot of those unique cloud things, BlackSky Lab is going to be that. We also have, as you said, the Discord community. We have Roadrunner who runs that and they help provide a lot of good support and just learning to anyone. In addition to a bunch of CTFs. I think we run the CTF like every other month or something, it's insane. Well, talking about the CTF and talking about all the activities throughout the years you guys have supported the Red Team Village tremendously. So first of all, thank you and thank you Hack the Box. So one of, I got a couple of questions, right? So one of the questions is, what will you say that is the best part about sponsoring community efforts like the Red Team Village CTF this year? I mean, obviously it helps the community grow and most of my like relationships and I can credit almost all my professional success as to leaching off my friend's knowledge because no one can know everything. And I can't speak for anyone at Hack the Box but I know a bunch of my friends at Hack the Box are super excited to play a CTF built by other people. And we've played the Red Team Village CTF for quite a while. I vaguely remember one, I think two years ago that involved exploiting a printer which was new to all of us. We're all like big binary exploit people and that threw a different architecture at us that we never really experimented with and it was just a lot of fun to play. So super excited to sponsor an event that we can participate in and learn new things to hopefully put out on our platform in the future. Thank you, appreciate that. I think that you're hitting my next question which is why do you think sponsoring the Red Team Village this year is so important for the community? Yeah, number one, it's important to like with COVID and all, we want to increase our socialization and everything. We've been all cooped up and the Red Team Village incorporates all of Hack the Box's things. The main thing was being accessible. If you can't travel, you can do it online and form a team. And additionally, if you want, it's available for the high cost of $0 which it aligns with kind of our methodology and what we want. All our machines are available for free for a time and then once they retire, then you have to pay a small fee to gain access to it because hosting 150 images permanently would just be expensive, can't do that for free. Additionally, I believe Infosec is a unique profession where team building activities have immeasurable impact. If you look at the non-infosec teams, they still do team building activities. Like you have that gimmicky trust fall and escape room, et cetera. And they're doing them just to help build that social bond between coworkers. So you know it's valuable since that's the only thing they care about. In the Infosec world, we have CTFs. That is just like that on steroids. It has all that same social bonding benefits. Like I mentioned earlier, I play CTFs with Barry. I've played CTFs with OXDF, Mr. Ben, John Hammond, a bunch of people I just have a lot of fun with playing these CTFs along with coworkers. And in addition to that social bond that you build, it also gives you a lot of techniques that you may be able to immediately provide your work value because you're joining hands with a bunch of other companies to learn things. It wouldn't surprise me if you do the CTF and then find something you can immediately turn around to do on your job. I remember doing almost any pro lab. I'll use offshore as an example where the foothold involves exploiting Splunk. And I had a pen test that I kept missing this vector on because I just didn't know it and Mr. Ben put it in that pro lab. So when I did that, it was just like an eye-opening thing of, oh, God, what have I been missing? So definitely the big social aspect is huge here. Awesome. And I couldn't agree more. And once again, thank you. I have one more last question when it's around the benefits that your team actually will receive by participating at the DefCon Red Team Village CTF this year. Yeah. Hack the Box and Red Team Village are almost anonymous and what we provide and our methodologies. So the only unfortunate thing is the Red Team Village CTF is a yearly thing while Hack the Box produces new things on a weekly basis. It's probably not to the scale that Red Team Village will be doing just because it's constant. But if you're itching to do more after doing the CTF, definitely check out the platform if you haven't and go over to Hack the Box because I'm sure you'll love the challenges we put on the site. Awesome. So once again, thank you so much for supporting us. Thank you, Hack the Box, for sponsoring the Red Team Village. And I hope to see you at DefCon. Yeah, take care. This is Savannah Azera and I am the co-lead of Red Team Village. And today we have Barrett Darnell and Caitlin O'Neill with us from Bishop Box. And they're gonna be one of our sponsors. So I'm really thankful for them being a sponsor for our CTF event at DefCon. And I'll go ahead and let them introduce themselves and we're gonna get them to know them a little bit better today. Hi, I'm Caitlin. I'm with recruitment team here at Bishop Box. I came over here about three years ago because of our reputation as one of the largest professional services firms focused on offensive security and security as a service. It's been a wild ride, but part of why I stick around is because I love working with such brilliant people. I love that we go out there and break things, build new things, break more things and always working with the latest technologies to keep people safe. So it was a really exciting opportunity for us to sponsor the Red Team Village Capture the Flag this year at DefCon, where we can't wait to meet people virtually and on site and to hopefully find some new ways to grow our team. Hi, Savannah, nice to see you. I'm Berek Darnell, managing senior operator at Bishop Box, part of the continuous attack surface testing team also known as CAST. Well, we're really excited to have you guys on this call today. And I would say the first question that we kinda wanna start off with is kinda seeing what you guys would say is the best part of being a sponsor for an event like this. Well, for Bishop Box, we're avid participants of the Greater Info Set Community and we feel that sponsorship of conferences and efforts like this provide a real tangible value to the community. This CTF in particular provides a tremendous amount of realistic hands-on experiences for those in the offensive security, particularly Red Teamers. Yeah, no, that's awesome. And I mean, I'm sure you know this, Berek, with so many resources out there. Why do you think kinda sponsoring something like this is so important? Well, for one, this resource is free. So that barrier of entry is out of the way. Anybody can participate. Secondly, it's realistic. It mimics real-life scenarios that we've seen on our customer engagements. And so it's not very esoteric. It's real tools, real situations you might be in. And it's also beginner-friendly. It starts off where everybody can join and get something out of it, but the difficulty ramps up. So there's a lot for experienced Red Teamers to hone their skills on. Awesome. And I know we've kinda just talked about the benefits that people who are joining these CTF get out of it, but can you kinda talk about the benefits Bishop Fox received out of being a sponsor for the Red Team Village CTF event at DEF CON? Yeah, well, you know, first and foremost, we always wanna give back to the security community. And this is a great way for us to interact with the hundreds, maybe even thousands of attendees and participants, whether they're in-person or virtually. It's great from where I sit as a recruiter because it gives us a chance to meet new talents, people who we maybe haven't engaged with before. And that's really important, especially as we continue to grow our two new service lines, the continuous attack service testing team that Barrett is on and our Red Team. Yeah, no, I mean, everybody knows in the security community who Bishop Fox is, and I'm sure they would love to know about the recruitment. So I guess what types of people do you guys typically look for for the team? Yeah, so what we need and what we're hiring for can kind of shift month to month. So in the past, if you engage with us and it wasn't a fit, that might be changing. So always stay in touch. First and foremost, we look for people who are really passionate about security because that's definitely who we are. And we're always looking for a diversity of thoughts, a diversity of backgrounds. So we have a lot of people who came from pretty traditional career paths, school work, but we definitely have folks who are self-taught, who are coming from non-traditional backgrounds. We love our folks from the military as well. So there's a lot of different paths that can lead you to working at Bishop Fox and we're really open to exploring all of them. You can always find me on LinkedIn, Caitlin O'Neill, but you can also engage with Bishop Fox on Twitter. We have an awesome social media gal. We have a really fun Twitter account. We're going to be onsite in Las Vegas and we're gonna be using Twitter to kind of help people find us and also find us for some cool giveaways as well. So definitely check us out there. Yeah, no, it's awesome. I'm sure everyone's looking forward to kind of seeing Bishop Fox ads of Khan. Did you guys have anything else that you kind of wanted to mention on this call before we end it today? Yeah. I mean, I'm lucky. I just get to show up as a recruiter and a sponsor. I know that all of you guys with the CTF have done so much work. So thank you for everything you did. I'm really excited to see it all come together and thanks to the Red Team Village for this opportunity. We're really excited to meet everyone. And I just wanna say, after months of being on lockdown, I think everyone's itching to get out. This might be the first in-person conference for a lot of people. And if you haven't registered yet for DEF CON, I highly recommend it. The staff at DEF CON is really going above and beyond to make sure that it's a safe environment for all attendees, especially with the latest developments. And so vaccinations will be required and so will masks for everybody at that conference. And so I think it'll be a pretty safe event. We're looking forward to seeing old friends and making new ones. So we hope to see everybody at DEF CON this year. Yeah, no, I'm really excited for the event as well. So thank you guys so much for hopping on the call today. And thank you again for Bishop Fox being a sponsor and we just really appreciate all the help. Thank you, Savannah. Thank you, Savannah. Appreciate it. We had no problem. I can't hear you, can you hear me? I was double muted. All right, so once again, congratulations, good speed. You're the first winner of the OSCP course here today. We're gonna announce another giveaway in the next few minutes. So look out in the bottom of your screen. In the next few minutes. And with that, I'll pass it back to Barrett. Hey folks, welcome back. I've got our next guest here. I'm gonna be speaking with Henry Van Gothen from SANS. Hi, thanks Barrett. Thanks for having me on the show. And we want to talk about some of the curriculum. I've been involved with SANS for quite a bit. First as a student and then as an instructor. And so SANS is a sponsor for this event. We have a free SANS course that we're giving out for the first place team of finals. So that's a great prize. You can take that in any modality, whether it's gonna be live online or in one of our in-person events. And so I invited Henry onto the stream so we can just kind of talk about the curriculum. The first thing, you know, let's talk about the offensive operations curriculum. Can you kind of go over what that focuses on? Absolutely. And so we've got a slide on the screen here basically. We, you know, Steve Sims is our technical director for the offensive operations curriculum. And if you've watched what's happened in probably about the last several months, we've transformed what was formally for a long, long time the SANS pen testing curriculum to a offensive operations curriculum. And I'll cover some of the breakout basically as to why we did that. You know, one of the main reasons though was we covered the, you know, a lot of the baseline of, you know, the, I guess, how can I phrase it here? Basically TTP awareness basically and Josh writes security 504 course and then what to do with regard to instant handling. We covered a lot of the vulnerability scanning and vulnerability assessment threat modeling stuff in Matt Toussaint's security 460 course over at the top there. And then we go deep dive in, you know, with network authorized network pen testing in Tim Medine's security 560 course in the center there in that pen testing comprehensive area. We also go, you know, cover many other aspects to include, you know, web, even a new cloud, web app databases, everything else, including even a new cloud pen testing course as well. That's over on the right there written by Moses Frost. And there's a new cert for that one as well, just to call that out since it's new, the GCPN. But one of the things that we noticed was in addition to these various areas, we needed to grow a little bit more to serve the purple team community, the red team community specifically, specifically in talking with Barrett, with Georgia Chiles, previously talking with Joe West and James Tubberbell also. We had a single course that had started in the red team area, but we wanted to grow the curriculum to be a little bit more comprehensive. So, Omar, can I ask you to slide to the second slide please? So the second slide there now covers a little bit more of the, whoop, are we going on the foundational still? We're on foundational, yes. So next slide after this one please. It should say specialized top left. There we go, that's the one, all right, perfect. All right, so let me just chat about that one for a second basically. So, you know, we wanted to add additional breadth depth in the offensive operations curriculum where it wasn't just pen testing per se basically, but we cover a lot of the different aspects. Red teaming, if you read Georgia Chiles' course, basically if you take in the course, you understand we start with the scanning, the reconnaissance, basically we move on to a little bit more of the social, we move to the weaponization, we move to the delivery, we move to the reporting, the measurements. Obviously always working with the blue team, measuring, training, trying to get better basically. And one of the things that we have identified is that we need additional depth and breadth basically on the red teaming side, in addition to the one course that's mentioned at the bottom right there, which is Georgia Chiles' course. And so we wanted to expand things a little bit more and that's what we've got with the various areas now. So top left there is the specialized pen testing area, variety of courses that are listed. I'll call out real quick just a couple of things. The Security 467 course written by Dave Shackleford and James Leitevedal actually goes live on September 8th. So that's in literally a month from now. So I just wanted to alert the community about that. Also the Security 550, the active defense cyber space trapping, attack disruption and cyber deception course goes live on November the 15th at our Pentas Hackfest event. We've been waiting for quite some time for that course to come back basically and it's finally made it back. And then finally, last but not least, it's listed I think on the next slide but we've got an IOT pen testing course in addition to some additional red team courses that are coming as well. For sure, it's amazing how much specialization can happen with this field. We started with talking about the foundational material. I've been teaching 660 for a bit now and just when you go to the talks, you see all the different villages, there's all these niches that people can dive in. So it's nice to see more and more material around the things that interest folks. I know with 660, we have half the course we talk about advanced pen testing and then we get into exploit development. And a story that Steve likes to tell when he wrote the course was he had an idea for just an exploit development course 10 years ago. And at the time, the community really wasn't ready just to, there wasn't a big enough market just to do exploit development. So 660 was born where we talked about advanced pen testing, talked about exploit development and it was also a little bit easier for folks to get their employers to sponsor that because maybe they're in an offensive security role but not necessarily something that warranted exploit development. Nowadays, there's a huge market for exploit development, people wanting that knowledge. And so you showed us what was the past, what's the future, what's this evolution in red team training from SANS? And so if we go to the third slide here, thank you, there it is. Over on the right side, we've got some new courses that are in development right now. I've alluded to a couple over on the left side, like at the bottom there, the IOT pen testing course, that one actually comes out on September 29th. It is live right now on the website, Larry Pesci, James Leyte Vidal and Steve Walbro just wrote that course and it's gonna be a great new course. In addition to that though, over on the right side, top right and specific to this community, to the red team and community, we've got a brand new five day red team operations course that's coming. Now, we've had red team operations courses previously, if you will. So at least the security five, six, four course, originally written by Joe Vest and James Tupperbell back in 2016, 2017 timeframe. And then rewritten by George Orchiles plus C2 matrix integration and a variety of other things basically that enhanced that course when it was rewritten in 2019 by George Orchiles. But we still only have a two day course and what we wanted to develop here was get a little bit more depth on the red teaming and get a little bit more breadth as well. And so I will quickly highlight three courses and then I think the best thing I can do is I'll describe what I'm aware of but I think there's gonna be the better person to ask about five, six, five specifically. But five, six, five in summary, a five day red team operations course basically, everything from the concepts of red team operations and performing high value adversary emulation all the way into the deep dive basically of using various tools, which ones work best in which situations. And then obviously doing what we do best which is measuring people, processes, technology, everything else. And obviously doing both the overall management of it but most importantly also the deep dive technical for growing red team operators as well. In addition to that, the course below at security 670 that's our red team operations, Windows tool development that course is currently in depth from Jonathan Ryder and he is taking time to cover what we consider a gap in offensive programming right now by essentially working on tool development, working on enumeration, working on gaining a foothold basically and then obviously just gaining persistence in the space and then obviously more advanced techniques and Ryder is hoping to have that course out I believe in the Q4 later part of this year. Finally, I'll list one more that's not currently listed on here but it is a brand new development course as well and that's Matt Toussaint's security 665 which is gonna be an advanced red team operations course that's in very initial stages of development. But with that all said, I'm sitting next to the author of security 565 red team operations of the new five day course. I'd rather actually turn it around and ask you what's new, what's different between that security 564 course of the past, the two day version and the new five day version that you're writing in security 565? Absolutely, so we're shooting for a Q1 next year release of the beta version of the course. So what I've been working on is this five day course with a six day of a fully immersive environment. The focus, the title is red team operations and assume breach and the course is sandwiched between some of the soft skills that are often overlooked when people think about red team, right? Of course, you've got the technical aspects of having strong tradecraft, getting that initial foothold, doing that lot of our movement, spending a lot of time in active directory, being comfortable with the tools and the way that things are set up but there's a lot about red teaming that I think us can get overlooked and that's about really understanding what your purpose is as a red team. Why are you there in the first place? Whether you're an internal red team or a consulting red team, I often feel that your goal is to make that blue team better, right? If you do a pen test and you find a lot of issues, you deliver those, there's not a whole lot of collaboration that happens, it kind of depends on the contract, but you might come back a year later and still see some of those things. As a red teamer, you wanna do that adversary emulation, it's almost like giving the test to the blue team. Hey, these are the TDPs we're gonna use. They're well documented. We're going to stick with this and this is how you can grade your systems as long as we give you that scorecard we're gonna emulate this adversary, you can make sure all of your detection and response are set out properly. And so it's very specific, but what we can walk away from after that engagement is knowing that all of those controls are in place and they're working properly, right? We're able to validate and test them. So I think some of that is important on the front and the back end and then the three days in the middle we're gonna do a lot of deep dive into active directory, go beyond what we do in some of the other courses and stance curriculum. Excellent. And let's see here. Did we talk about the purple team tactics course? We did not yet actually. So there are two existing purple team courses right now. So there's security 599 written by the Enviso team, basically, but Eric Van Buggenhout and Steve Sims. And that course essentially goes into all the different techniques that adversaries use, specifically advanced adversaries, but then each step in the kill chain, how defenders can actually help stop the adversaries as early in the kill chain as possible. And then of course there's another course right on the tail of that, the security 699 purple team tactics course. That one's written by Eric Van Buggenhout of the Enviso team again and Jim Shoemaker as well of Sands. And that course is a little bit more on the red side, more with emulating specific adversaries. So I wanna say and I'm going off memory here, he emulates three to four different advanced groups if you will basically threat actor groups and then actually walks through and helps individuals to prep from both the red team perspective of emulating them and then obviously, what you would do to help the purple team side as well basically or to help both the red and the blue side as well. I'm really excited about the way that the curriculum is just expanding and going deeper into all these different topics. Another thing we've done with the offensive operations curriculum is we have a discord server out there. It allows students to communicate with instructors after the course is done. We obviously have our platform that we use when we do the training, but this is great to circle back with folks. You can reach out to the instructors, can kind of talk about what you've used after the course. And so that's out there on Discord. I'll put a link out on our platform later. And are there any other resources that Sands has? Yeah, in addition to the discord, which I think that's you and that's John Gornflow, right? I believe in addition to that, we've also got Sands.org free and that's just simply S-A-N-S dot O-R-G slash free basically. Anyone can go there, whether you're looking for webcasts, posters, various distributions to include one that we have called Slingshot basically. That's a multi-use distribution basically, whether there's white papers, blog articles or blogs, sorry, white papers, anything else that you're looking for, whether you're new to cyber or experienced and you're just looking for more things, more details basically or more depth. It's all available at Sands.org slash free. Also, one last thing that I'll put out there as well, there's some free CTFs that they're doing these days as well. So Ed Skotis and the team basically Simon Burn and several others just did one for the DefCon event and Black Hat event that was going on in addition to that. It always puts on, counteract always puts on the Sands Holiday Hack Challenge. So be aware of that, that will also be listed and tied into Sands.org free as well. Great, I appreciate you coming out. Hey, thank you for having me. While we're here, I want to do one more thing and that is I know we recently announced on the website that we had certified you as an instructor. Again, that was totally unrelated to me coming out here, but it was nice because all the starters actually aligned for once instead of taking six months between when we see each other and whatever else may happen. But I got a call from Lisa Peterson who is somebody that I know you know very well and all of our Sands instructors know very well and she truly has been, the Shopa is probably the best way to put it to get instructors from new instructors all the way through certified status. She is just good people for always guiding somebody through the various wickets of the process and everything else and it falls into the process as well and getting people from A to Z. She called me specifically and asked if she could bring me something because she knew I was gonna come out and see you and that is I've got a plan that is your Sands certified instructor plaque and I know we announced it to you a week ago and we changed the website but I wanted to say congrats. And seriously, thanks for all of you. Thanks for everything that you are doing to increase the knowledge in the community, to increase obviously people's awareness of things such as the 660 course that you and Steve Sims and many others, Jim Schumacher, many others teach but in addition to that the work that you're doing on the red team side as well and with the course that you're writing as well. So I definitely look forward to many other great things to come and thank you again. Thanks, Henry. Thanks, I appreciate it. Oh, I'm gonna kick it back over to Omar in the studio. We are gonna close out the stream because coming up next is our joint panel with the AI Village and we are, we're gonna finish out for today for all the players that are in finals right now keep that communication on Discord if you run to any issues. Thank you for signing up with the finals. As I mentioned, I just wanna say this one more time we are gonna leave the scenario up because there's a lot going on there. Despite the fact that we're doing the hybrid event here we will leave everything up. It'll be minimally supported but then we're gonna finish things up tomorrow morning and see how everyone's doing. So back to you Omar. Awesome, thank you so much. Congratulations again. Hey, thanks. That was awesome. Can you show the, get a mic? Sure. Microphones in the front. There you go. All right. Yeah. I'm actually taking a picture right now. I'll do that. Awesome. I am doing that. All right. So funny AP or Barrett, I mean I'll mention, please check out the scoreboard it's in the bottom of the screen. Please continue to communicate with each other even though, you know, we're in the finals go to the red team village CTF channel in the Discord server from DEF CON. And with that, congratulations again and we're going to break in a few seconds. Thanks again. Thank you again for having me.