Advanced Wireless Attacks Against Enterprise Networks

Thursday, 1430-1830 in Flamingo, Red Rock VII

Gabriel "solstice" Ryan

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

Skill Level Intermediate

Prerequisites: A previous wireless security background is helpful but certainly not required.

Materials: Students will be required to provide their own laptops. Student laptops must be capable of running virtualization software such as VMWare or VirtualBox, and must have at least one free USB port. The instructor will provide each student with a single external wireless interface for use within the lab environment. Students will be responsible for downloading and installing the lab environment before the start of the workshop.

Max students: 70

Registration: https://www.eventbrite.com/e/advanced-wireless-attacks-against-enterprise-networks-red-rock-vii-tickets-63607316195
(Opens 8-Jul-19)

Gabriel "solstice" Ryan
Gabriel Ryan is an offensive security R&D and consultant at SpecterOps. He is the author of EAPHammer, a toolkit for performing targeted rogue access point attacks against enterprise wireless networks. Gabriel has presented at DEF CON, DerbyCon, Hackfest, and several Security BSides conferences on topics ranging from infrastructure security to access control protocols and red team tradecraft. His professional interests include wireless security, systems internals, low-level programming, and infrastructure automation.

Advanced Wireless Exploitation for Red Team and Blue Team

Thursday, 1430-1830 in Flamingo, Red Rock II

Besim Altinok Founder & CEO,Pentester Training

Bahtiyar Bircan Senior Consultant, Eurocontrol / EATM-CERT

In this workshop, participants will be informed about attacks and defense of the wireless networks. Attendees will learn how to attack and gain access to WPA2-PSK and WPA2-Enterprise wifi networks, bypass network access controls, and gain administrative control over an Active Directory environment.

In addition, Attendees will learn to fight against WiFi Pineapple, KARMA attack and fake access point opening techniques and will develop tools with Scapy. At the end of all this will be an award-winning CTF :)

Areas of focus include:
Basically communication for wifi networks
Understanding how monitor mode works
Collect WiFi data
Gain access to WPA2-PSK and WPA2-Enterprise networks
How can we fight against wifi hackers?
How can I improve the WiFi hacking tool?
CTF

Skill Level Intermediate/Advanced

Prerequisites: .-python scripting - be comfortable in Kali Linux

Materials: Students will need to bring a laptop with at least 8 gigs of RAM, a 64-bit operating system, at least 100 gigs of hard drive space (external drives are fine), and at least one free USB port. In addition, they will need to provide a network card that supports monitor mode and injection. - external - (example: TP-LINK WN722N, Alfa Card .. ) Students will also be required to download and install a virtual lab environment prior to participating in the workshop. Everything else will be provided by the instructor team.

Max students: 40

Registration: https://www.eventbrite.com/e/advanced-wireless-exploitation-for-red-team-and-blue-team-red-rock-ii-tickets-63606797644
(Opens 8-Jul-19)

Besim Altinok
Besim Altinok (@AltnokBesim) has been researching Wi-Fi security for over a decade. He created WiPi-Hunter project against Wi-Fi hackers. He is the author of a book on Wi-Fi security. Besim's work on wireless security has been published in ArkaKapi Magazine and others. He has also spoken at top conferences including BlackHat Europe, Blackhat ASIA, Defcon, and others.

Besim ALTINOK works currently at Barikat Internet Security in Turkey. Besim also founded Pentester Training project.

Bahtiyar Bircan
Bahtiyar Bircan is security enthusiastic with 17 years of experience attacking and securing enterprise IT systems. During his career, he worked on many governments, military and private sector IT security projects.

His experience includes penetration testing, security audit, secure system design, and implementation, virtualization and cloud security, incident response, exploit development, security research, system and network administration.

He is a regular speaker of national and international security conferences like BlackHat, IDC, NATO, OWASP-TR, NOPCon, Tübitak Bilgi Güvenliği Konferans, IstSec, AnkaSec.

Currently, he is a senior security consultant, trainer and managing partner for Barikat Akademi. Previously, he worked in several defense contractors and government agencies, like Tubitak Cyber Security Institute and Havelsan in Turkey. He was a part of numerous security projects for government, military, and public institutions. Also, he is an adjunct instructor teaching cybersecurity at TOBB University. He has authored and contributed to various public/internal tools, training courses, and methodologies.

An Introduction to Deploying Red Team Infrastructure

Thursday, 1430-1830 in Flamingo, Red Rock I

Troy Defty Hacker

Erik Dul Hacker

The use of remote-access malware has never been more prevalent, and in order to replicate or mitigate this threat, an understanding as to how the infrastructure supporting such an attack operates is crucial. From accounting for outbound network filtering controls, to building resilience with redundant inbound proxies, deploying an implant blindly into a target is more complex than 'msf > exploit'.

This workshop aims to build an understanding around how malware Command and Control (C2) infrastructure is designed, built, and configured, and to provide attendees with experience in deploying malware within a realistic network environment. This will include:

- A run-through of a basic red team campaign
- The properties of a solid malware implant
- Spinning-up Command and Control (C2) infrastructure, including burner inbound proxies, etc.
- Configuring an implant to find and utilise outbound routes from a realistic corporate network, and to call back to our new infrastructure
- Basic delivery of malware via common delivery routes
- Gaining a persistent presence, and identifying routes to the campaign objectives

We will be using Meterpreter and the Metasploit framework as the implant supported by Kali Linux, alongside Apache as a reverse proxy; all of which will be cloud-hosted. We will be using a variety of post-exploitation techniques to help attendees get to grips with some of the potential nuances of remote malware interaction (long RTTs, blind command execution, etc.).

Reading list:

https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
https://ionize.com.au/reverse-https-meterpreter-and-empire-behind-nginx/
https://medium.com/@truekonrads/reverse-https-meterpreter-behind-apache-or-any-other-reverse-ssl-proxy-e898f9dfff54

Skill Level Intermediate

Prerequisites: Basic knowledge of networking, Meterpreter/Metasploit Framework, basic Linux administration, knowledge of basic Windows privilege escalation

Materials: Laptop, 8GB RAM, Kali as a base or a VM, with all updates applied Ethernet cable

Max students: 24

Registration: https://www.eventbrite.com/e/an-introduction-to-deploying-red-team-infrastructure-red-rock-i-tickets-63439433052
(Opens 8-Jul-19)

Troy Defty
Having worked in the UK InfoSec industry for around five and a half years at Deloitte and later Context Information Security, Troy abandoned a dreary sun-less London and has been working in the Australian industry out of Sydney for nearly a year with PS+C Pure Hacking. His interest and experience is largely in bespoke penetration testing engagements (red teaming, scenario-based assessments, etc.), with broad coverage across the penetration testing spectrum. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and being bad at golf.

Erik Dul
Erik's first encounter with IT security was when he discovered the fascinating internals and configurability of ISDN NT boxes. Since then he has worked in various network security roles, spending the last few years as a penetration tester in the UK and Australia. He is currently heading up the offensive security team of PS+C Pure Hacking in Sydney. His main professional focus is scenario based and bespoke engagements, with particular interest in network and embedded device security. When not hard at work, you can find him somewhere close to the water, or playing tennis.

Analysis 101 for Hackers and Incident Responders

Thursday, 1430-1830 in Flamingo, Red Rock IV

Kristy Westphal Hacker

You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and malware analysis, we will review numerous quick methods to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren't meant to be found, but we'll also discuss how to make the best of any conclusion that you reach.

Skill Level Beginner/Intermediate

Prerequisites: Security Operations Center background helpful, but not required. Operating Systems and Network basics helpful. A curiosity to figure out stuff is mandatory!

Materials:Bring a laptop with OS of your choice. You will need the Kali Linux (suggest VM or Virtual Box) and free Splunk (Splunk Light) installed ahead of time. You will also need to download sample files from this link: https://drive.google.com/drive/folders/1wimiz_aEHQxqQIxhBeTrePICnvR5r6b6?usp=sharing

Max students: 80

Registration: https://www.eventbrite.com/e/analysis-101-for-hackers-and-incident-responders-red-rock-iv-tickets-63606992226
(Opens 8-Jul-19)

Kristy Westphal
Kristy Westphal is a versatile information technology professional with specific experience in providing advisory and management services in the area of information security and risk. She currently runs an incident response team at a large organization in Tempe, AZ. Specializing in leadership and program development, specific expertise in security areas includes: process analysis, risk assessments, security awareness programs, operating system security, network security, incident handling, vulnerability analysis and policy development.

Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises

Thursday at 12:00 in DC101, Paris Theatre
45 minutes | Demo

Andreas Baumhof Vice President Quantum Technologies, QuintessenceLabs Inc.

Shor's Algorithm for factoring integer numbers is the big threat to cryptography (RSA/ECC) as it reduces the complexity from exponential to polynomial, which means a Quantum Computer can reduce the time to crack RSA-2048 to a mere 10 seconds. However current noisy NISQ type quantum computers are very limited to something like 16 bit RSA keys. And the quality of the current qubits is so bad that error-correction comes at a massive cost of at least 100 times the amount of qubits.

While the world is pre-occupied whether we have universal quantum computers big enough for Shor's algorithm, Quantum Annealing is stealing the show with having factored a 20-bit number just in January this year using 97 qubits. And these qubits are actually good enough to factor bigger numbers. If we assume a linear scalability, we'd "only" need around 10,000 qubits to factor a 2048bit RSA key. D-Wave announced a quantum computer with 5,640 qubits, so that puts it within reach soon.

So, could Quantum Annealing be more of a threat to cryptography than Shor's algorithm on universal quantum computers? How do these algorithms work? How do they achieve a polynomial complexity to what traditional computers need exponential time? What impact will this have on the competition from NIST for the design of post-quantum-cryptography algorithms?

Andreas Baumhof
Andreas Baumhof is Vice President Quantum Technologies at Quintessence Labs. He is responsible for all developments relating to Quantum Technologies such as Quantum Random Number Generator, Quantum Key Distribution or Quantum Computing in general. Before this role, Andreas was CTO for ThreatMetrix Inc, the global leader in digital identities, where he was responsible for software engineering. He helped lead the company to a very successful exit and a 830m USD acquisition by Lexis Nexis/RELX. Andreas holds a mathematics degree from the University of Munich. In his spare time he enjoys mountain biking, snowboarding and spending time with his family.

Twitter: @abaumhof
LinkedIn: https://www.linkedin.com/in/abaumhof/

Breaking Google Home: Exploit It with SQLite(Magellan)

Thursday at 11:00 in DC101, Paris Theatre
45 minutes | Demo, Exploit

Wenxiang Qian Senior security researcher at Tencent Blade Team

YuXiang Li Senior security researcher at Tencent Blade Team

HuiYu Wu Senior security researcher at Tencent Blade Team

Over the past years, our team has used several new approaches to identify multiple critical vulnerabilities in SQLite and Curl, two of the most widely used basic software libraries. These two sets of vulnerabilities, which we named "Magellan" and "Dias" respectively, affect many devices and software. We exploited these vulnerabilities to break into some of the most popular Internet of things devices, such as Google Home with Chrome. We also exploited them on one of the most widely used Web server (Apache+PHP) and one of the most commonly used developer tool (Git).

In this presentation, we will share how we try to crack the Google Home from both hardware and software aspects, get and analyze the newest firmware, solve the problem, and introduce new methods to discover vulnerabilities in SQLite and Curl through Fuzz and manual auditing. Through these methods, we found "Magellan", a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite ( CVE-2018-20346, CVE-2018-20505 CVE-2018-20506 ) We also found "Dias", two remote memory leak and stack buffer overflow vulnerabilities in Curl ( CVE-2018-16890 and CVE-2019-3822 ). Considering the fact that these vulnerabilities affect many systems and software, we have issued a vulnerability alert to notify the vulnerable vendor to fix it.

We will disclose the details of "Magellan" and "Dias" for the first time and highlight some of our new vulnerability exploitation techniques. In the first part, we will introduce the results of our analysis on hardware, how to get the newest firmware from simulating an update request, and attack surface of Google Home. We will show how to use Magellan to complete the remote exploit of Google Home, we will also give a brefing talk about how to use Dias to complete the remote attack on Apache+PHP and Git. Finally, we will summarize our research and provide some security development advice to the basic software library developers.

Wenxiang Qian
Wenxiang Qian is a senior security researcher at the Tencent Blade Team. He is focusing on security research of IoT devices. He also do security audits for web browsers. He was on the top 100 of annual MSRC list (2016 & 2017 ). He published a book called "Whitehat Talk About Web Browser Security ".

Twitter: @leonwxqian

YuXiang Li
YuXiang Li is a senior security researcher at Tencent Blade Team, specialized in the study of Mobile Security and IoT Security. He has reported multiple vulnerabilities of Android and received acknowledgments from vendors(Google/Huawei). He was a speaker of HITB AMS 2018 and XCON 2018.

Twitter: @Xbalien29

HuiYu Wu
HuiYu Wu is a senior security researcher at Tencent Blade Team. Now his job is mainly focus on IoT security research and mobile security research. He was also a bug hunter, winner of GeekPwn 2015, and speaker of DEF CON 26 , HITB 2018 AMS and POC 2017.

Twitter: @DroidSec_cn

Constructing Kerberos Attacks with Delegation Primitives

Thursday, 1000-1400 in Flamingo, Red Rock VII

Elad Shamir Managing Security Consultant, The Missing Link Security.

Matt Bush Security Consultant, The Missing Link Security

Kerberos delegation is a dangerously powerful feature that allows services to impersonate users. Due to the complexity of Kerberos delegation attacks, they are often overlooked or left unexplored. However, the introduction of Resource-based Constrained Delegation substantially widens the Kerberos attack surface, making it more important than ever for security professionals to engage with this challenge. This workshop will offer security professionals a deep dive into Kerberos delegation and demonstrate how it can be abused for privilege escalation and lateral movement.

We will open with a crash-course in Microsoft's Kerberos implementation and its delegation features, from the fundamentals of Kerberos authentication, through legacy unconstrained delegation, to classic constrained delegation. We will offer demos and hands-on labs to experiment with abusing these features.

In the second half of the workshop, we will cover resource-based constrained delegation, explain the differences between classic constrained delegation and resource-based constrained delegation, and explore novel attack primitives including:

- Compromising hosts by modifying Active Directory computer objects
- Bypassing restrictions on protocol transition to impersonate arbitrary users
- Compromising a host by abusing the ticket-granting-ticket of a computer account
- Performing local privilege escalation on Windows 10 and Windows Server 2016/2019 hosts by abusing account profile pictures
- Performing remote code execution on SQL Servers through directory listing abuse
- Achieving hostless domain persistence

Participants will get an opportunity to try the above attacks in a lab environment.

We will also explore mitigating controls, as well as detection opportunities.

Skill Level Intermediate

Prerequisites: Basic familiarity of Windows and Active Directory environments

Materials: A laptop with the ability to connect to a VPN and establish an RDP connection with a remote host.

Max students: 70

Registration: https://www.eventbrite.com/e/constructing-kerberos-attacks-with-delegation-primitives-red-rock-vii-tickets-63606378390
(Opens 8-Jul-19)

Elad Shamir
Elad Shamir leads a team of talented security consultants and operators as the Managing Security Consultant at The Missing Link Security. Elad has a passion for red teaming, and extensive experience in identifying security design flaws in complex systems. He enjoys abusing intended functionality in novel attack techniques and chaining seemingly innocuous security issues in elaborate scenarios.

Matt Bush
Matt Bush is a security consultant and operator at The Missing Link Security. Matt's current research focuses on developing and weaponizing novel tradecraft for advanced threat simulation.

DEF CON 101 Panel

Thursday at 15:00 in DC101, Paris Theatre
105 minutes

Highwiz

Nikita

Will

n00bz

Shaggy

SecBarbie

Tottenkoph

The DEF CON 101 Panel is the place to go to learn about the many facets of DEF CON and to begin your DEF CONian Adventure. The idea is to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). It is a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about all things DEF CON so you, dear reader, can get the best experience possible. The panel will end with the time honored tradition of "Name the n00b" where lucky attendees will be brought up on stage to introduce themselves to you and earn the coveted 101 n00b handle. Don't worry if you don't make it on to the stage, you can stick around for the n00b party after the panel and get your handle then!

Highwiz
HighWiz is born of glitter and moon beams and he has all the right moves. He is the things that sweet dreams are made of and nightmares long to be... Years ago, with the help of some very awesome people*, he set about to create an event that would give the n00bs of DEF CON a place to feel welcomed and further their own pursuit of knowledge. For years he has held onto the simple tenet that "You get out of DEF CON what you put into it". HighWiz is the fabled Man on the Mountain whom people seek to gain a taste of his forbidden knowledge. He is a rare sighting at DEF CON only to be glimpsed by those lucky few. HighWiz is a member of the DEF CON CFP Review Board and Security Tribe.

*Some (but not all) of the people HighWiz would like to thank for helping to make 101 into what it is today : Runnerup, Wiseacre, Nikita, Roamer, Shaggy, Lockheed, Pyr0, Zac, V3rtgio, 1o57, Neil, Sethalump, AlxRogan, Jenn, Zant, MalwareUnicorn, Clutch, TheDarkTangent, Siviak, Tuna, Ripshy, Valkyrie, Suggy, Flipper and all the members of Security Tribe. Shout outs to Security Tribe, GH, QC and The LonelyHackersClub

Twitter: @HighWiz

Nikita
DEF CON, Director of Content & Coordination. Wife & Mom. Chicken Soup repairwoman. SecurityTribe. ☠🦄🌈🤓 Into: hacks 💡 snacks 🌮 shellacs 💅🏻

Twitter: @Niki7a

Will
Will was summoned to life through the trials of fire, fueled by the alcohol and excitement of DEF CON 25. He arose from those ashes of his former life into a malware making, maple syrup drinking n00b with a new attitude on life and lots of fury to share. On a path of creation and destruction, Will is on a relentless quest to conquer anyone that doubts him and maybe one day leave a mark that is just nearly as bright as the Phoenix itself.

n00bz
(or his n00bzness or el n00berino if you’re not into the whole brevity thing) pays the bills by working for a Silicon Valley company protecting the F500 doing Compliance and IT Security Globally by way of Wall Street and D&T. He grew up tying up phone lines across South Florida with his Bosun whistle. His love for all things wireless are due to his love of software defined radio and hatred of getting up to change the TV channel when the remote was lost. He has spoken at DEF CON, HackMiami (%27), DerbyCon and when advised of his right to remain silent, plead the fif!

Shaggy
Shaggy is a penetration tester by day and a renaissance man at night. He enjoys mastering new things and breaking anything put in front of him. When he is not messing around with technology he is making things with wood, performing card tricks, and seducing the masses with his warm gently voice.

SecBarbie
Known on the dark web as “l'initiateur du parti” and “не стоит недооценивать ее”, Erin Jacobs (best known as @SecBarbie) has been attending DEF CON for over 15 years. Erin is a member of the DEF CON CFP Review Board, has DJed both DEF CON and DEF CON China, is an organizer of DC 312, and a past DEF CON speaker. Outside of DEF CON, she’s a Founding Partner at Urbane Security, an avid traveler, and a fan of great Champagne, wine, and dining. You can find more about her under @SecBarbie, or, if you’re up for the challenge, dunes hinder sniff huddle auburn meeting arsenic wizard dizzy lipstick spying enmity highway muppet woven woken puffin atlas python iris sprig mouth yellow hexagon hexagon ;)

Tottenkoph
Tottenkoph has been going to DEF CON for over 10 years and has spent the past several cons volunteering as the Workshop department lead as well as serving on the Workshop Review Board. Tottie has spoken on things from security flaws in digital billboards to drunken insights on what random episodes of Babylon 5 *really* meant. She thinks the perfect date is April 25th, overuses exclamation points in text-based comms, and is excited to have a chance to meet/speak with more new attendees!

Exploiting Windows Exploit Mitigation for ROP Exploits

Thursday at 10:00 in DC101, Paris Theatre
45 minutes | Demo

Omer Yair Endpoint Team Lead at Symantec

“A concept is a brick. It can be used to build a courthouse of reason. Or it can be thrown through the window.” ― Gilles Deleuze

Ever since Smashing the Stack For Fun And Profit was published by Aleph One almost a quarter century ago the security world has completely changed the way it defends exploitation. Canary stack, DEP, ASLR, CFI and various other mitigation techniques were developed to address various exploit techniques. Yet, ROP remains a prominent practice employed by many exploits even today.

ROP is the most common exploitation method for attackers to mutate memory bugs on target process into malicious executable code. “Next Gen” endpoint security products try to address ROP and other exploitation methods. Windows embraces many mitigation techniques as well. However, these mitigation features such as CFG can in fact be leveraged and increase ROP’s attack surface and allow it to even bypass exploit protections!

If you are intrigued by ROP, want to learn about methods in Windows that protect against ROP and how to bypass them - this talk is for you! On top of that a novel method of bypassing ROP mitigation of most products will also be revealed.

Omer Yair
Omer is End-Point team lead at Symantec (formerly Javelin Networks). His team focuses on methods to covertly manipulate OS internals. Before Symantec he was a malware researcher at IBM Trusteer for two years focusing on financial malware families. In the past he has worked at Algotec for six years developing medical imaging software and at IDF's technology unit for three years as dev team lead. Omer lectured on DerbyCon 8, Virus Bulletin and Zero Nights conferences. In his free time he revives historical photographic processes.

Twitter: @yair_omer

From EK to DEK: Analyzing Document Exploit Kits

Thursday, 1000-1400 in Flamingo, Red Rock I

Josh Reynolds Senior Security Researcher, Crowdstrike

Exploit Kits haven't disappeared, they've simply moved to Microsoft Office. Traditional Exploit Kits (EKs) have the ability to fingerprint and compromise web browser environments, but with the advent of sandboxing and advanced security measures, there has been a shift toward using the Microsoft Office environment as a primary attack surface. Document Exploit Kits (DEKs) leverage DCOM, ActiveX controls, and logic bugs to compromise machines by packing multiple exploits into a single file.

In this workshop you will learn how to analyze exploits, shellcode, and infection chains produced by modern Document Exploit Kits such as ThreadKit and VenomKit.

This workshop is aimed at security professionals who are interested in gaining experience with reverse engineering, malware analysis and exploit development. Previous experience in any of these areas will assist the attendee in completing the workshop successfully in a timely fashion. The skills learned in this workshop are most applicable to those who work or are interested in blue team areas, such as those in security operations centers (SOCs), incident responders, intel analysts, and reverse engineers. Those who work or are interested in red team areas will find the content applicable for re-implementation for use in offensive exercises.

The following tools will be used in this workshop:

- rtfobj for OLE object extraction
- x64dbg for dynamic analysis of exploits, shellcode, and infection chains
- procmon and procexp for dynamic analysis of infection chains
- IDA Pro for static analysis of vulnerable applications and shellcode
- ffdec for static analysis of Adobe Flash exploits
- FakeNet-NG and Wireshark for network traffic analysis

Skill Level Intermediate

Prerequisites: .- A basic understanding of Microsoft Windows operating system internals
- A basic understanding of exploit development
- A programming background with C/C++ and/or x86 assembly
- Experience with debugging binary applications
- Optional: Experience with reverse engineering and/or malware analysis on Microsoft Windows

Materials: Students will be provided with a virtual machine to use during the workshop. They will need to bring a laptop that meets the following requirements:
- The laptop must have VirtualBox installed and working (VMWare is not supported).
- The laptop must be able to allocate 2GB of RAM to a guest OS, and provide a stable amount of RAM to the host OS.
- The laptop must have at least 60GB of disk space free but 100GB of free space is preferred.
- The laptop must be able to mount USB storage devices (please ensure that you have the appropriate adapter if needed).

Max students: 24

Registration: https://www.eventbrite.com/e/from-ek-to-dek-analyzing-document-exploit-kits-red-rock-i-tickets-63438831252
(Opens 8-Jul-19)

Josh Reynolds
Joshua Reynolds is a Senior Security Researcher with CrowdStrike, where he performs malware reverse engineering and intelligence analysis. Joshua has presented at BSides Calgary, BSides Edmonton and RSAC focusing on Ransomware, malicious document analysis and cryptojacking malware. He is also the co-author of the SAIT Polytechnic Information Systems Security diploma malware analysis course.

Hacking Medical Devices

Thursday, 1000-1400 in Flamingo, Red Rock II

Jay Radcliffe Hacker

Fotios Chantzis Security Researcher

In the world of connected devices some are more dangerous than others. Devices that connect our bodies to a network are especially intriguing. These devices are often fraught with vulnerabilities and security concerns. In this workshop participants will have an opportunity to learn about different medical devices and explore their attack surfaces. There will be a collection of connected medical devices on-premise that we will scan, take-apart, and explore. Some of the topics in the course will include: network scanning for medical devices, firmware analysis, vulnerability hunting, Wireless/RF analysis, and hardware analysis and assessment.

We will cover vulnerabilities on the insecure DICOM protocol. We are going to showcase how to leverage pynetdicom to write python scripts for attacking DICOM and exploit insecurely configured PACS servers leading to the extraction of sensitive PHI (Protected Health Information). DICOM, being a highly complex protocol, can also allow for other attack vectors such as embedding PE malware. Another aspect of the training will cover vulnerabilities found in IoT infrastructure with a focus on IP cameras and video management servers. These often run insecure protocols like zeroconf and have web portals that are easily authentication brute-forceable and poorly configured. We are specifically going to examine the WS-Discovery protocol which provides some interesting attack vectors by putting too much trust on the local network.

Hands-on exercises will be conducted by the students throughout the training for each section under the guidance of the instructors.

Skill Level Intermediate

Prerequisites: None

Materials: Laptop with Wired Ethernet connection (NOT Wireless)

Max students: 40

Registration: https://www.eventbrite.com/e/hacking-medical-devices-red-rock-ii-tickets-63605552921
(Opens 8-Jul-19)

Jay Radcliffe
Jay Radcliffe (CISSP) has been working in the computer security field for over 20 years. Coming from the managed security services industry as well as the security consultation field, Jay has helped organizations of every size and vertical secure their networks and data. Jay presented ground-breaking research on security vulnerabilities in multiple medical devices and was featured on national television as an expert on medical device cyber-security. As a Type I diabetic, Jay brings a lifetime of being a patient to helping medical facilities secure their critical data without compromising patient care. Not only is Jay a prolific public speaker, but also works with legal firms on expert witness consultation related to IoT and cyber security issues. Jay holds a Master's degree in Information Security Engineering from SANS Technology Institute, as well as a Bachelor's degree in Criminal Justice/Pre-Law from Wayne State University. SC Magazine named him one of the Top Influential IT Security Thinkers in 2013.

Fotios Chantzis
Fotios (Fotis) Chantzis is a principal information security engineer at a major healthcare delivery organization, where he manages and conducts technical security assessments on medical devices and clinical support systems as well as engaging in penetration tests and red team exercises. Fotis has over 10 years of experience in the information security industry, which includes time spent researching network protocol vulnerabilities and developing security tools. He has been a contributor to the Nmap project since 2009, when he wrote the Ncrack network authentication cracking tool and has published a video course on "Mastering Nmap". His research on network security includes exploiting the TCP Persist Timer (Phrack #66) and inventing a stealthy port scanning technique by abusing XMPP. He is a regular speaker in conferences of the information security industry and has been lately leading the technical segment of the Defcon Biohacking Village. His most recent research focus has been on medical device & IoT security.

Hacking the Android APK

Thursday, 1430-1830 in Flamingo, Red Rock V

Ben Hughes Hacker

Liana Parakesyan Hacker

Mattia Campagnano Hacker

This cross-discipline, hands-on training will walk participants through Android application testing and APK reversing basics. The tools and techniques imparted in this training will help guide APK analysis, mobile threat research, and mobile application penetration testing. Free and open source tools will be emphasized, while recognizing the potential role of commercial tools in static and dynamic analysis of APKs. The training will conclude with a CTF-style competition requiring participants to use their new skills to dissect actual Android applications including malicious APKs, vulnerable APKs, and custom APKs. A VM with the necessary tools and APKs will be provided.

Skill Level Beginner/Intermediate

Prerequisites: Previous mobile development or general pen testing experience is helpful, but not required.

Materials: Students will need to bring to participate: Students will need to bring their own Windows/Linux/macOS laptop with 8+ GB RAM, WiFi, USB, and VirtualBox or VMware installed. A VM will be made available to students for download beforehand, as well as available on USB flash drives at the start of the workshop. A LIMITED number of physical, rooted Android devices will be available for students to share during the workshop; students are also welcome to bring their own physical, rooted Android devices for use during the workshop.

Max students: 40

Registration: https://www.eventbrite.com/e/hacking-the-android-apk-red-rock-v-tickets-63607020310
(Opens 8-Jul-19)

Ben Hughes
Ben (@CyberPraesidium) brings over 12 years of diverse experience in cyber security, IT, and law. He leads Polito's commercial services including vulnerability assessments, penetration testing, incident response, forensics, and threat hunting. Prior to joining Polito, Ben worked on APT hunt teams at federal and commercial clients. He holds CISSP, GCFA, GWAPT, and Splunk Power User certifications.

Liana Parakesyan
Liana has a wide range of experience in cybersecurity. She has created tailored cybersecurity frameworks for companies and federal agencies. She has a background in building cybersecurity labs for clients, consulting on Defense-in-Depth strategies based on threat modeling, and performing penetration testing. She holds a Master's degree in Cybersecurity and has earned the Security+, CEH, and CISSP certifications.

Mattia Campagnano
Mattia brings a wide range of experience in IT and cybersecurity, including as Desktop Support with the Italian agency for foreign trade and as a SOC analyst with a major US cybersecurity company. He has worked with SIEMs and conducted penetration testing. He has two Associate's of Applied Science degrees from Stark State College (Cyber Security & Forensics and Network Security, Linux Database Admin). He also has an MBA from Università di Napoli Federico II (Italy) and Security+ certification.

Hacking Wi-Fi for Beginners

Thursday, 1000-1400 in Flamingo, Red Rock III

Alex Hammer Hacker

Penelope 'Pip' Pinkerton

Wi-Fi attack capability is an important part of any hacker's toolbox. Wi-Fi extends the perimeter of a supposedly-secure network to sidewalks, parking lots, and trendy coffee shops. But many hackers don't know how Wi-Fi is simultaneously both easy and difficult to attack. To understand this duality, hackers must get hands-on time attacking all kinds of networks. You really need to see both success and failure, both self-inflicted and environmental, to fully understand how to compromise Wi-Fi networks.

This workshop isn't targeted at Faraday-level attendees. We assume that you know what a laptop and Wi-Fi is and continue from there. What you'll be doing in this workshop is:

0. Determining your desired result of the attack
1. Reconnoitering Wi-Fi networks and RF spectrum
2. Identifying and prioritizing network and station targets
3. Determining the best attack type for identified targets
4. Hacking the bejeezus out of the target while avoiding detection
You'll do all of these amazing things with your laptop and Kali Linux. Kali has an exceptional set of Wi-Fi hacking tools built right in that you'll become much more familiar with during this session. You'll use a variety of tools to identify networks and connected stations, conduct broadcast denial of service attacks, capture authentication handshakes, and crack session keys.

Pip and Alex will demonstrate some techniques using different hardware like spectrum analyzers and noise generators so you can decide whether those are tools you want to add to your toolbox as well. However, none of those tools are necessary for the workshop, and many hackers never need anything beyond a laptop, Kali, a good wordlist, and practice.

We'll tweet any last minute workshop updates or preparation steps from @alexhammeratt.

Skill Level Beginner

Prerequisites: Basic familiarity with Kali Linux and a basic understanding of Wi-Fi

Materials: A laptop running Kali Linux (NO virtual machines) and a Wi-Fi adapter that supports monitor mode (either a built-in or external USB WNIC is fine). Attendees should arrive with their laptop fully charged and their Kali fully updated.

Max students: 90

Registration: https://www.eventbrite.com/e/hacking-wi-fi-for-beginners-red-rock-iii-tickets-63605681305
(Opens 8-Jul-19)

Alex Hammer
Alex Hammer started hacking as a phreak using a Blue Box and running his own BBS. He's been hacking networks and computers for his entire career. Alex has worked as a computer forensic investigator, a penetration tester, and a security software architect. He has also written books and taught numerous classes on penetration testing, ethical hacking, and network defense. His specialties are PKI, Wi-Fi cracking, and teasing Pip when an 802.11 standard totally ignores standard security practices.

Penelope 'Pip' Pinkerton is a veritable Goddess of Wi-Fi and all things RF. She is an expert in radio design, RF behavior, and IEEE standards, and holds an Extra level ham radio license. Pip has taught countless corporate IT staff Wi-Fi topics including security, site survey, RF coverage, and Wi-Fi configuration and management. She has worked at or with many of the large Wi-Fi chipset and device manufacturers and has provided input on standards. Her specialties are knowing pretty much every field defined in every 802.11 standard and making fun of Alex when he doesn't know one.

Hacking Wifi

Thursday, 1430-1830 in Flamingo, Red Rock VIII

Philippe Delteil Computer Science Engineer

Victor Faraggi Student, University of Chile

Ilana Mergudich Thal Student, University of Chile

Wireless Networks (Wifi) are the most used type of network nowadays and most people don't know really how vulnerable they are, even WPA/WPA2 Enterprise.

In this workshop we will cover most wifi encryptions being used today, how they work behind the scenes and the theory of the cracking process. Also, you will be able to apply this knowledge on the spot with some real-life-scenario wifi networks.

Some encryptions are mathematically difficult to crack, where the cracking process could take lifetimes. But not to worry, there still are ways to get around this with an attack called Man-in-the-middle (MITM). Be wary! You never know to whom's Internet Access Point you're connecting and who's eavesdropping on you.

Ever wondered how to get somebody's passwords of a website? After this workshop you will be able to supplant a website without the victim ever knowing it with Wifiphishing or DNS Spoofing the client's router.

What to know before
Linux commands (sed, awk, grep and the basic ones)
Basic shell scripting
Basic knowledge about WEP/WPA/WPA2/WPS

What you will learn
How wifi security works
How to audit a wireless network
How to perform and automate Wifi attacks (WEP/WPA/WPA2 (personal & enterprise)/WPS)
How to use the cloud to crack passwords (GpuHash.me, AWS EC2)
How to use your own GPU to crack passwords. (in case you have one)

How technical is the class
40% theory and concepts
60% writing and testing commands/scripts and attacking wifis.

What tools are we going to use
aircrack-ng (ifconfig, iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng, airbase-ng, airdecap-ng)
Reaver (reaver, wash)
Radius Servers (radiusd)
Pyrit
tshark/Wireshark/tcpdump
Ettercap

What to read in advance Vivek Ramachandran & Cameron Buchanan, 2015, Kali Linux Wireless Penetration Testing Beginner's Guide, Birmingham B3 2PB, United Kingdom.

Skill Level Beginner

Prerequisites: Shell scripting basic skills Basic Linux Commands Basic networks knowledge

Materials: Laptop with Kali Linux (native or virtual machine). Wireless network card adapter (ALFA models, AWUS036NHA or similar) that allows packet injection. (NOTE: STUDENTS WILL NEED TO BRING THEIR OWN ADAPTER)

Max students: 60

Registration: https://www.eventbrite.com/e/hacking-wifi-red-rock-viii-tickets-63607346285
(Opens 8-Jul-19)

Philippe Delteil
Philippe Delteil is Computer Science Engineer from the University of Chile, he gave his first talk at Defcon 26 Skytalks, called "Macabre stories of a hacker in the public health sector", his country's government sent 3 officials to record the talk, over 3 Ministries shut down all their information systems afraid that Philippe would reveal some serious bugs and that Defcon attendees would hack the government, but the systems only were down from friday to monday, the only days hackers work. While living in Brazil he hacked over 3,000 wifi routers of the biggest ISP. Most of the time, he gives classes for free in various topics: CTF, pentesting, programming, Basic computer knowledge. He's been working with Wifi hacking during the last 3 months. He has a company with a very clever name: Info-sec.

Victor Faraggi
Victor Faraggi is a student of Computer Science Engineering at the University of Chile. He has developed an interest for Mobile Development, Privacy and, of course, Computer Security. This year, he has been working as a mobile developer in his University Campus. His free time is spent between analog photography, family, friends and HTB. He's also a former student of Philippe's workshop 'Introduction to Pentesting and CTF's'. That's how they met. Now, together with Ilana Mergudich, they bring Wifi Hacking workshop that has already been done in this year's first Defcon China. He remembers dearly the little boy of 15 years old that played OverTheWire wargame's, coming to Defcon 27 is another step in his life.

Ilana Mergudich Thal
Ilana Mergudich Thal is a Computer Science student at Universidad de Chile. She spent a semester in Sweden studying computer security and is currently specializing in cryptography. Trainee at Info-Sec doing Wifi hacking research. Works as a teaching assistant for mathematical and theoretical computer science courses and teaches computational thinking/programming to young children in schools. She became the first woman to represent her university internationally in competitive programming.

Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.

Thursday at 13:00 in DC101, Paris Theatre
45 minutes | Demo, Exploit

Philippe Laulheret Senior Security Researcher @ McAfee Advanced Threat Research

From small business to large enterprise, VOIP phones can be found on nearly every desk. But how secure are they? What if your phone was spying on every conversation you have?

This talk is an introduction to hardware hacking and as a case study I’ll use the [REDACTED] Deskphone, a device frequently deployed in corporate environments. I’ll use it to introduce the tools and methodology needed to answer these questions.

During this talk, attendees will get a close up look at the operations of a hardware hacker, including ARM disassembly, firmware extraction using binwalk, micro-soldering to patch an EEPROM and get a root shell over UART, and ultimately uncover an already known decade-old bug that somehow remained unnoticed in the device’s firmware.

Beyond the case study I will also address alternative tactics; some did not work, others may have but were not the lowest-hanging fruit. When it comes to hardware hacking, the process is as important as the result; knowing that there are multiple ways to reach the end goal helps researchers remain confident when hurdles arise. After the talk, attendees will have an increased distrust towards always-on devices; however, they will have the background knowledge to investigate the products and systems they encounter daily.

Philippe Laulheret
Philippe Laulheret is a Senior Security Researcher on the McAfee Advanced Threat Research team. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex system and get them to behave in interesting ways. He previously talked about Reverse Engineering PSX game at Bsides PDX, created & contributed to some Hardware Hacking CTF when working at Red Balloon Security and shared the love of tearing apart VOIP phones during ad-hoc workshops at multiple conferences (Summer Con, Hardware Hacking Village, etc.)

Twitter: @phLaul

Introduction to Cryptographic Attacks

Thursday, 1000-1400 in Flamingo, Red Rock VIII

Matt Cheung Hacker

Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.

Skill Level Intermediate

Prerequisites: Students should be comfortable with modular arithmetic and the properties of XOR. Experience in Python or other similar language will be a plus.

Materials: A laptop with VMWare or VirtualBox installed and capable of running a VM.

Max students: 30

Registration: https://www.eventbrite.com/e/introduction-to-cryptographic-attacks-red-rock-viii-tickets-63607132646
(Opens 8-Jul-19)

Matt Cheung
Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given talks and workshops at the Boston Application Security Conference and the DEF CON Crypto and Privacy Village.

Learning to Hack Bluetooth Low Energy with BLE CTF

Thursday, 1000-1400 in Flamingo, Red Rock IV

Ryan Holeman Global Security Overlord, Atlassian

BLE CTF is a series of Bluetooth low energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively teach a new concept to the user. For this workshop, we will step through a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.

If you have done BLE CTF in the past, this class is still valuable. This class will be based off of a complete rewrite of BLE CTF which is being released as version 2.0. It will still have many of the challenges from 1.0, but restructured, where every flag is hosted in a completely separate GATT service. Along with the v1.0 flags, new new version allows for more advanced challenges which were not possible in the past.

To prepare for the workshop, please follow the the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md

Skill Level All

Prerequisites: None

Materials: Preferably a Linux box with a bluetooth controller or a bluetooth usb dongle. An OSX or Windows machine with a Linux VM and usb passthough works as well but should be setup and tested before the workshop. The workshop exercises run on a relatively cheap piece of hardware (ESP32). If attendees want to bring their own to get flashed, we can assist. If they want to buy one, I sell them pre-flashed for $20.

Max students: 80

Registration: https://www.eventbrite.com/e/learning-to-hack-bluetooth-low-energy-with-ble-ctf-red-rock-iv-tickets-63605954121
(Opens 8-Jul-19)

Ryan Holeman
Ryan Holeman resides in Austin Texas where he works as the Global Security Overlord on Atlassian's Security team. He is also an advisor for the endpoint security software company Ziften Technologies. He received a Masters of Science in Software Engineering from Kent State University. His graduate research and masters thesis focused on C++ template metaprograming. He has spoken at many respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. He has also published papers though venues such as ICSM and ICPC . You can keep up with his current activity, open source contributions and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.

Purple Team CTF

Thursday, 1430-1830 in Flamingo, Red Rock III

Sam Bowne Proprietor, Bowne Consulting

Elizabeth Biddlecome Senior Researcher, Bowne Consulting

Practice red and blue team skills in this fun, CTF-style workshop. Attendees will configure free Linux servers in the Google cloud to detect intrusions using Suricata, log files, and Splunk, and attack them with a Linux cloud server using Metasploit, Ruby, and Python scripts. They will also use Splunk to analyze ransomware and brute-force attacks and perform attribution, using archived event data from a realistic multi-server Windows corporate domain.

All workshop materials are freely available on the Web, and will remain available after the workshop. All required software and cloud resources are free to use.

Skill Level Intermediate

Prerequisites: Familiarity with basic networking and security concepts.

Materials: A computer with a Web browser and a credit card (the credit card won't be charged). All the systems used are free and in the cloud.

Max students: 90

Registration: https://www.eventbrite.com/e/purple-team-ctf-red-rock-iii-tickets-63606850803
(Opens 8-Jul-19)

Sam Bowne
Sam Bowne is the proprietor of Bowne Consulting and an instructor at City College San Francisco, and has been teaching hacking and security classes for ten years. He has presented talks and workshops at Defcon, HOPE, RSA, BSidesLV, BSidesSF, and many other conferences. He has a CISSP and a PhD and is a DEF CON Black Badge co-winner.

Elizabeth Biddlecome
Elizabeth Biddlecome is a senior researcher at Bowne Consulting, an independent consultant, and a part-time instructor at City College San Francisco, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

Pwning Serverless Applications

Thursday, 1000-1400 in Flamingo, Red Rock V

Abhay Bhargav Founder, we45

Nithin Jois

Tilak Thimmappa

Serverless Technology (Functions as a Service) is fast becoming the next "big thing" in the world of distributed applications. Especially with widespread support from cloud vendors, this technology is going to only become more influential. However, like everything else, Serverless apps are subject to a a wide variety of attack possibilities, ranging from attacks against access control tech like Function Event Injection, JWTs, to NoSQL Injection, to exploits against the apps themselves (deserialization, etc) escalating privileges to other cloud components.

This workshop is replete with hands-on labs and presents a red-team perspective of the various ways in which testers can discover and exploit serverless applications to compromise sensitive information, and gain a deeper foothold into cloud database services, IAM services and other other cloud components. The workshop also features real-world serverless implementations, specifically to highlight the lack of frameworks, tooling and security mechanisms that makes life much harder for developers to implement, therefore, easier for attackers to compromise

Skill Level Beginner

Prerequisites: None

Materials: Laptop with ability to access WiFi networks. Admin/Root access to an AWS Account. Free Tier works.

Max students: 50

Registration: https://www.eventbrite.com/e/pwning-serverless-applications-red-rock-v-tickets-63606059436
(Opens 8-Jul-19)

Abhay Bhargav
Abhay Bhargav is the Founder of we45, a focused Application Security Company. Abhay is a builder and breaker of applications. He is the Chief Architect of "Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework.

He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world's first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to his work in Application Security Automation, he has created "ThreatPlaybook", a unique open-source framework that marries Threat-Modeling (as-Code) with Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, namely Containers, Orchestration and Serverless Architectures.

Abhay is a speaker and trainer at major industry events including DEF CON 25 and 26, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan) and so on. He will be training at BlackHat USA 2019. He writes on IT and IT Security-focused areas in his blog. Abhay is the author of two international publications "Secure Java: For Web Application Development" and "PCI Compliance: A Definitive Guide"

Nithin Jois

Tilak Thimmappa

Web2Own: Attacking Desktop Apps From Web Security's Perspective

Thursday at 14:00 in DC101, Paris Theatre
45 minutes

Junyu Zhou Security Researcher in Tencent Security Xuanwu Lab

Ce Qin Security Researcher in Tencent Security Xuanwu Lab

Jianing Wang Security Researcher in Tencent Security Xuanwu Lab

People are always talking about binary vulnerabilities when attacking desktop applications. Memory corruptions are always costly to find. Meanwhile, mitigations introduced by operating systems make them harder to be exploited. More and more applications are using hybrid technologies, so we can try web security tricks to pwn them reliably with less effort.

Our presentation will summarize attack surfaces and methods to find security issues in desktop applications. In particular, we will explicate some real-world cases, such as chaining multiple vulnerabilities (information leaking, CSP bypass, opened debugging port) to achieve RCE in a specialized IDE, sensitive file leaking in famous editors, privileged APIs abusing in many IM applications and so on. During our research, we find some issues actually reside in popular libraries. These flaws may affect more applications than we will demonstrate in this talk.

Web security knowledge is usually unfamiliar to desktop application developers. Attacking desktop apps using web security tricks is a non-competitive "blue ocean". Our presentation will focus on many design misconceptions and implementation mistakes in desktop applications. By sharing these representative lessons, we hope to help desktop application developers improve the security of their products.

Junyu Zhou
Junyu Zhou, Security Researcher in Tencent Security Xuanwu Lab, CTF player from 0ops/A*0*E, is focusing on vulnerability research and web application security. Speaker of HITB2018Dubai and ZeroNights2018.

Ce Qin
Ce Qin, Security Researcher in Tencent Security Xuanwu Lab for 3 years, focus on software security, mainly on browser and Desktop software.

Jianing Wang
Jianing Wang, Security Researcher in Tencent Security Xuanwu Lab, member of Syclover, is focusing on vulnerability research and web application security.