Paid Training List – The One! DEF CON 33

Communities attending DEF CON

List of names and descriptions of the Paid Trainingsthat will be at DEF CON 33.
These occur during the Mon and Tue after DEF CON. There is an additional charge for these.

A Complete Practical Approach to Malware Analysis & Threat Hunting Using Memory Forensics

Community Map Page – LVCCWest

This 2-day hands-on training teaches the concepts, tools, and techniques to analyze, investigate, and hunt malware by combining two powerful techniques: malware analysis and memory forensics. This course will introduce attendees to the basics of malware analysis, reverse engineering, Windows internals, and memory forensics. Then it gradually progresses into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code, and memory analysis. To keep the training completely practical, it consists of various scenario-based hands-on labs after each module which involves analyzing real-world malware samples and investigating malware-infected memory images (crimewares, APT malwares, Fileless malwares, Rootkits, etc.). This hands-on training is designed to help attendees gain a better understanding of the subject in a short period. Throughout the course, the attendees will learn the latest techniques used by adversaries to compromise and persist on the system. In addition, it also covers various code injection, hooking, and rootkit techniques used by adversaries to bypass forensic tools and security products. In this training, you will also understand how to integrate malware analysis and memory forensics techniques into a custom sandbox to automate malware analysis. After taking this course, attendees will be better equipped with the skills to analyze, investigate, hunt, and respond to malware-related incidents.

Whether you are a beginner interested in learning malware analysis, threat hunting, and memory forensics from scratch or an experienced professional who would like to enhance your existing skills to perform a forensic investigation to respond to an incident or for fun, this training will help you accomplish your goals.

Note: Students will be provided with real-world malware samples, malware-infected memory images, course material, lab solution manual, video demos, custom scripts, and a Linux VM.

Attendees should walk away with the following skills:

How malware and Windows internals work
How to create a safe and isolated lab environment for malware analysis
Tools and techniques to perform malware analysis
How to perform static analysis to determine the metadata associated with malware
How to perform dynamic analysis of the malware to determine its interaction with process, file system, registry, and network
How to perform code analysis to determine the malware functionality
How to debug malware using tools like IDA Pro and x64dbg
How to analyze downloaders, droppers, keyloggers, fileless malwares, HTTP backdoors, etc.
Understanding various persistence techniques used by the attackers
Understanding different code injection techniques used to bypass security products
What is Memory Forensics and its use in malware and digital investigation
Ability to acquire a memory image from suspect/infected systems
How to use open source advanced memory forensics framework (Volatility)
Understanding of the techniques used by the malwares to hide from Live forensic tools
Understanding of the techniques used by Rootkits(code injection, hooking, etc.)
Investigative steps for detecting stealth and advanced malware
How memory forensics helps in malware analysis and reverse engineering
How to incorporate malware analysis and memory forensics in the sandbox
How to determine the network and host-based indicators (IOC)
Techniques to hunt malware
Note: Students will be provided with real-world malware samples, malware-infected memory images, course material, lab solution manual, video demos, custom scripts, and a Linux VM.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/practical-approach-to-malware-analysis-threat-hunting-las-vegas-2025

People:
SpeakerBio: Sajan Shetty

Sajan Shetty is a Cyber Security enthusiast. He is an active member of Cysinfo, an open Cyber Security Community (https://www.cysinfo.com) committed to educating, empowering, inspiring, and equipping cybersecurity professionals and students to better fight and defend against cyber threats. He has conducted training sessions at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, and his primary fields of interest include machine learning, malware analysis, and memory forensics. He has various certifications in machine learning and is passionate about applying machine learning techniques to solve cybersecurity problems.

SpeakerBio: Monnappa K A, Co-Founder at Cysinfo

Monnappa K A is a Security professional with over 17 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book “Learning Malware Analysis.” He is a review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility Plugin Contest 2016. He co-founded the cybersecurity research community “Cysinfo” (https://www.cysinfo.com). He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, FIRST, SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel (http://www.youtube.com/c/MonnappaKA), and you can read his blog posts at https://cysinfo.com

A Practical Approach to Breaking & Pwning Kubernetes Clusters

Community Map Page – LVCCWest

The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.

In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.

By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containersed environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/a-practical-approach-to-breaking-pwning-kubernetes-clusters-las-vegas-2025

People:
SpeakerBio: Madhu Akula

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.

Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.

His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.

Active Directory Attacks for Red and Blue Teams – Advanced Edition

Community Map Page – LVCCWest

More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its AD environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.

This training is aimed towards attacking modern AD with focus on OPSEC and Stealth. The training is based on real world penetration tests and Red Team engagements for highly secured environments. Some of the techniques used in the course:

Introduction to OPSEC and Stealth used in the class.
Offensive .NET and PowerShell tradecraft
Extensive AD Enumeration
Active Directory trust mapping and abuse.
Privilege Escalation (User Hunting, Delegation issues, LAPS abuse, gMSA abuse, SPN Hijacking, Shadow Credentials and more)
Advanced Kerberos Attacks and Defense (Diamond, Golden, Silver ticket, Kerberoast and more)
Advanced cross forest trust abuse (Lateral movement across forest, PrivEsc and more)
Credentials Replay Attacks (Over-PTH, Token Replay, Certificate Replay etc.)
Attacking Entra ID integration (Hybrid Identity)
Abusing trusts for MS products (AD CS, SQL Server etc.)
Persistence (WMI, GPO, Domain and Host ACLs and more)
Monitoring Active Directory
Defenses (JEA, PAW, LAPS, Selective Authentication, Deception, App Allowlisting, MDE EDR, Microsoft Defender for Identity etc.)
Bypassing defenses (MDE, MDI and Elastic)

The course is a mixture of fun, demos, exercises, hands-on and lecture. You start from compromise of a user desktop and work your way up to multiple forest pwnage. The training focuses more on methodology and techniques than tools.

Attendees will get free two months access to an Active Directory environment comprising of multiple domains and forests, during and after the training and a Certified Red Team Expert Exam (CRTE) certification attempt.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/active-directory-attacks-for-red-and-blue-teams-advanced-las-vegas-2025

People:
SpeakerBio: Shaunak, Security Researcher at Altered Security

Shaunak is a security researcher who is highly competent in executing red team operations in enormous enterprise environments with OPSEC considerations and malware development to bypass modern threat detection/prevention solutions. He likes to work on customizing open-source C2s and other tooling to bypass detection.

He works as a Security Researcher at Altered Security – a company focusing on hands-on enterprise security learning – https://www.alteredsecurity.com/

SpeakerBio: Nikhil, Founder at Altered Security

Nikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.

He specializes in assessing security risks in secure environments that require novel attack vectors and “out of the box” approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.

Nikhil is the founder of Altered Security – a company focusing on hands-on enterprise security learning – https://www.alteredsecurity.com/

SpeakerBio: Manthan, Security Researcher at Altered Security

Manthan is a security researcher with a strong passion for enterprise security, red teaming and Active Directory security. He specializes in testing enterprise security defences with a deep understanding of offensive strategies, including EDR evasion and Active Directory attacks. He continuously researches emerging threats, attack techniques, and mitigation strategies to stay ahead of evolving adversaries.

He works as a Security Researcher at Altered Security – a company focusing on hands-on enterprise security learning – https://www.alteredsecurity.com/

Advanced Cloud Incident Response in Azure and Microsoft 365

Community Map Page – LVCCWest

This hands-on two-day training offers a comprehensive guide to incident response in the Microsoft cloud, covering various topics essential for handling threats and attacks. The course starts with an overview of the concepts of the Microsoft cloud that are relevant for incident response. Participants will learn how to scope an incident in the Microsoft cloud and how to leverage it to set up an incident response capability. On the first day you will be immersed in the world of Azure attacks, we cover the different phases of an attack focusing on the evidence an attack leaves and how you can identify attacks based on the available evidence. On the second day we will shift our focus to Microsoft 365. The training covers the different types of evidence available in a Microsoft 365 environment. Participants will gain an understanding of how to acquire data from a Microsoft 365 environment using multiple methods and tools, and how to parse, enrich, and analyze the Microsoft 365 Unified Audit Log (UAL). The best part of the training is that everything you learn you’ll apply with hands-on labs in a CTF like environment. Additionally we have created two full attack scenarios in both Azure & M365 and you’re tasked in the CTF to solve as many pieces of the puzzle as you can.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/incident-response-in-the-microsoft-cloud-last-vegas-2025

People:
SpeakerBio: Korstiaan Stam, Founder and CEO at Invictus Incident Response

Korstiaan Stam is the Founder and CEO of Invictus Incident Response & SANS Trainer – FOR509: Cloud Forensics and Incident Response. Korstiaan is a passionate incident responder, preferably in the cloud. He developed and contributed to many open-source tools related to cloud incident response. Korstiaan has gained a lot of knowledge and skills over the years which he is keen to share.

Way before the cloud became a hot topic, Korstiaan was already researching it from a forensics perspective. “Because I took this approach I have an advantage, because I simply spent more time in the cloud than others. More so, because I have my own IR consultancy company, I spent a lot of time in the cloud investigating malicious behavior, so I don’t just know one cloud platform, but I have knowledge about all of them.” That equips him to help students with the challenge of every cloud working slightly or completely different. “If you understand the main concepts, you can then see that there’s also a similarity among all the clouds. That is why I start with the big picture in my classes and then zoom in on the details. Korstiaan also uses real-life examples from his work to discuss challenges he’s faced with students to relate with their day-to-day work. “To me, teaching not only means sharing my knowledge on a topic, but also applying real-life implications of that knowledge. I always try to combine the theory with the everyday practice so students can see why it’s important to understand certain concepts and how the newly founded knowledge can be applied.”

Advanced Red Team Operations Certification by White Knight Labs

Community Map Page – LVCCWest

White Knight Lab’s Advanced Red Team Operations (ARTO) course is meant to fill in the gaps for senior penetration testers who want to pivot into conducting red team operations against mature enterprise environments.Students will be given a Terraform script that spins up their dedicated lab environment to which they have lifetime access. Students will go through purchasing domains to simulate deploying their red team attack infrastructure. WKL’s instructors will go in-depth regarding using CDNs in GCP, AWS, and Azure for redirectors. At the end of the course, students can test their knowledge by taking the Advanced Red Team Operation Certification exam. In this rigorous, hands-on 48-hour exam, students must gain Domain Admin control over the stigs-corp.local network and accomplish various objectives.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/robert-pimentel-amp-john-stigerwalt-advanced-red-team-operations-certification-dctlv2025

People:
SpeakerBio: John Stigerwalt

John Stigerwalt has worked as a blue teamer, vCISO, developer, senior penetration tester, and red team lead. John served as the F-Secure red team lead for the western hemisphere. He has led long‐term red team engagements in highly complex Fortune 500 companies. He has worked together with Microsoft to increase kernel security for the Windows operating system. He has led training at BlackHat, DerbyCon, and Wild West Hackin’ Fest. He is the author of WKL’s Advanced Red Team Operations course (ARTO). John has the following certifications: OSCP, OSCE, CRTP (Certified Red Team Professional), CRTE (Certified Red Team Expert), and SLAE (Assembly Language and Shellcoding). John is known as one of the most talented offensive cyber security experts in the world and can do whatever is asked of him on a computer.

Adversarial Thinking: The Art of Dangerous Ideas

Community Map Page – LVCCWest

Hackers have a unique perspective on the world and in particular on the technological artifacts within it. When most people look at a high tech system, they see what they were meant to see by the people who created it. Hackers see technology as it truly is, not as it was meant to be, and this way of looking at things enables hackers to discover possibilities that were never intended in the first place.

For centuries, military and intelligence strategists have sought to view the world from a similar perspective – a perspective that can see the hidden possibilities and weaknesses in things and take advantage of them to create unexpected results.

This unique course draws lessons from both the hacker community and from military thinking in order to deepen your ability to understand adversaries and see things the way that adversaries see them.

Honing this skill is particularly valuable for people who are building technological systems that might be subject to misuse and need to be able to anticipate that misuse. Whether you are an aspiring red teamer, a hardware engineer, software developer or product owner striving to understand how your product will be abused, or you work in fraud detection, risk analysis, election security, or any other domain where you face an adversary, you’ll find this course a valuable addition to your skill set.

We will…

Survey adversarial thinking in a wide range of domains
Review the history of hacking and phone phreaking and understand how they influenced the development of a way of thinking about technology
Explore lock picking and physical security
Iteratively decompose an organization or complex system to find its most critical dependencies and develop methods of attacking those dependencies successfully
Consider how one might creatively steal from your employer and what controls are necessary to prevent this from happening
Examine how and why you might be targeted by foreign intelligence
Practice cheating on a test
Understand how the mental models we develop for how things work can prevent us from seeing how they actually work
See how levels of abstraction in computer technology can hide vulnerabilities
Learn how to read technical standards and see the things that they fail to say
Practice fooling your customers by offering products with unstated capabilities
Explore how state cyber operations are organized and could target your organization
Study the crowdsourcing of adversaries, as seen in Ukraine
Explore dangerous security assumptions
Investigate deception techniques
Practice detecting and role-playing insider threats
And much more…

After completing the course you’ll leave with:

An improved offensive mindset and ability to identify weaknesses and other unintended characteristics of systems.
Heightened awareness of non-obvious threats and threat actors across the spectrum of the cyber, information, cognitive, and physical domains.
Practical tools and techniques to better assess security risk and employ security controls.
A deeper understanding of threat actor TTPs and countermeasures in areas such as: state-level cyberspace operations, electronic warfare and surveillance, supply chain compromise, hardware implants, deception operations, human intelligence collection, physical security, influence operations, targeting methodologies, and novel threat intelligence analytic techniques, among numerous other topics.
Improved critical thinking techniques via an understanding of how the world, its threat actors, and the enterprise security environment behave in practice, not how defenders assume it to be.
An enhanced ability to fluidly shift from the mindset of a defender into that of an attacker, and back again.
Diverse sources of additional information to aid participants’ continued self-development.

This interesting and fast-moving class will include hands-on exercises to apply and reinforce the skills learned. You’ll leave this course with a fresh perspective and a toolkit of techniques to better accomplish your mission. Come join us.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/adversarial-thinking-the-art-of-dangerous-ideas-las-vegas-2025

People:
SpeakerBio: Tom Cross

Tom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently an independent security consultant, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, and on Mastodon as https://ioc.exchange/@decius.

SpeakerBio: Greg Conti, Co-Founder and Principal at Kopidion

Greg Conti is a hacker, maker, and computer scientist. He is a nine-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught Adversarial Thinking techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm.

Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute.

Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).

AI SecureOps: Attacking & Defending AI Applications and Services

Community Map Page – LVCCWest

Can prompt injections lead to complete infrastructure takeovers? Could AI applications be exploited to compromise backend services? Can data poisoning in AI copilots impact a company’s stock? Can jailbreaks create false crisis alerts in security systems? This immersive, CTF-styled training in GenAI and LLM security dives into these pressing questions. Engage in realistic attack and defense scenarios focused on real-world threats, from prompt injection and remote code execution to backend compromise. Tackle hands-on challenges with actual AI applications to understand vulnerabilities and develop robust defenses. You’ll learn how to create a comprehensive security pipeline, mastering AI red and blue team strategies, building resilient defenses for LLMs, and handling incident response for AI-based threats. Additionally, implement a Responsible AI (RAI) program to enforce ethical AI standards across enterprise services, fortifying your organization’s AI security foundation.

By 2026, Gartner, Inc. predicts that over 80% of enterprises will engage with GenAI models, up from less than 5% in 2023. This rapid adoption presents a new challenge for security professionals. To bring you up to speed from intermediate to advanced level, this training provides essential GenAI and LLM security skills through an immersive CTF-styled framework. Delve into sophisticated techniques for mitigating LLM threats, engineering robust defense mechanisms, and operationalizing LLM agents, preparing them to address the complex security challenges posed by the rapid expansion of GenAI technologies. You will be provided with access to a live playground with custom built AI applications replicating real-world attack scenarios covering use-cases defined under the OWASP LLM top 10 framework and mapped with stages defined in MITRE ATLAS. This dense training will navigate you through areas like the red and blue team strategies, create robust LLM defenses, incident response in LLM attacks, implement a Responsible AI(RAI) program and enforce ethical AI standards across enterprise services, with the focus on improving the entire GenAI supply chain.

This training will also cover the completely new segment of Responsible AI(RAI), ethics and trustworthiness in GenAI services. Unlike traditional cybersecurity verticals, these unique challenges such as bias detection, managing risky behaviors, and implementing mechanisms for tracking information are going to be the key challenges for enterprise security teams.

By the end of this training, you will be able to:

Exploit vulnerabilities in AI applications to achieve code and command execution, uncovering scenarios such as cross-site scripting, injection attacks, insecure agent designs, and remote code execution for infrastructure takeover.
Conduct GenAI red-teaming using adversary simulation, OWASP LLM Top 10, and MITRE ATLAS frameworks, while applying AI security and ethical principles in real-world scenarios.
Execute and defend against adversarial attacks, including prompt injection, data poisoning, model inversion, and agentic attacks.
Perform advanced AI red and blue teaming through multi-agent auto-prompting attacks, implementing a 3-way autonomous system consisting of attack, defend and judge models.
Implement LLM security scanners to detect and protect against injections, jailbreaks, manipulations, and risky behaviors, as well as defending LLMs with LLMs.
Build and deploy enterprise-grade LLM defenses, including custom guardrails for input/output protection, security benchmarking, and penetration testing of LLM agents.
Establish a comprehensive LLM SecOps process to secure the supply chain from adversarial attacks and create a robust threat model for enterprise applications.
Implement an incident response and risk management plan for enterprises developing or using GenAI services.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/abhinav-singh-ai-attacks-defense-las-vegas-2025

People:
SpeakerBio: Abhinav Singh

Abhinav Singh is an esteemed cybersecurity leader & researcher with over a decade of experience across technology leaders, financial institutions, and as an independent trainer and consultant. Author of “Metasploit Penetration Testing Cookbook” and “Instant Wireshark Starter,” his contributions span patents, open-source tools, and numerous publications. Recognized in security portals and digital platforms, Abhinav is a sought-after speaker & trainer at international conferences like Black Hat, RSA, DEFCON, BruCon and many more, where he shares his deep industry insights and innovative approaches in cybersecurity. He also leads multiple AI security groups at CSA, responsible for coming up with cutting-edge whitepapers and industry reports around safety and security of GenAI.

APT Tactics: Lazarus, Ransomware, and Advanced Exploitation

Community Map Page – LVCCWest

APT Tactics: Lazarus, Ransomware, and Advanced Exploitation is an intermediate-level course designed to immerse participants in the sophisticated techniques and operations used by Advanced Persistent Threats (APTs) such as the Lazarus Group. This hands-on course provides deep insights into their tactics, including ransomware deployment, lateral movement, and data exfiltration, with a focus on real-world scenarios.

Students will learn to leverage tools and techniques like RDP, PSExec, and SMB for lateral movement across enterprise networks, exploit vulnerabilities like Log4J (CVE-2021-44228), and deploy ransomware not just on systems but also on enterprise backups. The course includes training on stealing high-value assets, such as cryptocurrency wallets, and crafting comprehensive campaigns against both Windows and Linux environments.

In addition to simulating ransomware attacks, participants will practice disabling Endpoint Detection and Response (EDR) systems, explore Bring Your Own Driver (BYOD) attack techniques, and emulate high-profile breaches, such as the WannaCry ransomware outbreak. Through engaging labs and carefully constructed emulation exercises, attendees will apply these techniques in realistic scenarios, gaining a thorough understanding of both offensive operations and the defensive strategies needed to counter them.

Students Will Be Provided With:

Lifetime Access to Course Material, plus 1-month Lab Access
Exclusive Course Swag
Certificate of Completion

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/apt-tactics-lazarus-ransomware-advanced-exploitation-las-vegas-2025

People:
SpeakerBio: Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC Security

Jake “Hubble” Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.

SpeakerBio: Dr. Anthony “Coin” Rose, Director of Security Research and Chief Operating Officer at BC Security

Dr. Anthony “Coin” Rose is the Director of Security Research and Chief Operating Officer at BC Security, as well as a professor at the Air Force Institute of Technology, where he serves as an officer in the United States Air Force. His doctorate in Electrical Engineering focused on building cyber defenses using machine learning and graph theory. Anthony specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. Anthony has presented at security conferences, including Black Hat, DEF CON, HackMiami, RSA, HackSpaceCon, Texas Cyber Summit, and HackRedCon. He also leads the development of offensive security tools, including Empire and Moriarty.

Attack and Defend Software Supply Chain

Community Map Page – LVCCWest

In today’s interconnected world, software development relies heavily on third-party components—up to 80% of your code could come from external sources. This reliance creates a complex web of dependencies, making your software supply chain a prime target for cybercriminals. Securing it is no longer optional; it’s essential.

This hands-on course takes a comprehensive approach to attacking and securing the software supply chain. In the first section, you’ll assume the role of a sophisticated attacker, infiltrating an enterprise through its supply chain partners. You’ll learn how to compromise developer laptops, code repositories, CI/CD pipelines, internal registries, and even production environments. Once you’ve seen how vulnerabilities can be exploited, we’ll pivot to defense.

In the second section, we’ll build and secure a GitHub organization, configure repositories, and implement best practices to mitigate risks. You’ll learn how to secure IaC (Infrastructure as Code) assets, validate third-party code, and remediate vulnerabilities to ensure end-to-end protection.

Through practical exercises, you’ll apply these strategies to safeguard your developer environments, CI/CD pipelines, and production systems. By the end of the course, you’ll have the knowledge and tools to turn your software supply chain into a security strength rather than a liability.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/attack-and-defend-software-supply-chain-las-vegas-2025

People:
SpeakerBio: Anant Shrivastava

Anant Shrivastava is a highly experienced information security professional with over 15 years of corporate experience. He is a frequent speaker and trainer at international conferences, and is the founder of Cyfinoid Research, a cyber security research firm. He leads open source projects such as Tamer Platform and CodeVigilant, and is actively involved in information security communities such as null, OWASP and various BSides Chapters and DefCon groups.

Attacking & Securing CI/CD Pipeline Certification (ASCPC) by White Knight Labs

Community Map Page – LVCCWest

The Attacking and Securing CI/CD course is an on-demand and self-paced program designed to equip participants with the knowledge and skills to identify vulnerabilities and implement security measures within Continuous Integration and Continuous Deployment (CI/CD) pipelines. This course combines theoretical knowledge with practical, hands-on labs that simulate real-world scenarios in a CI/CD environment.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/raunak-parmar-attacking-securing-ci-cd-pipeline-certification-ascpc-by-white-knight-labs-dctlv2025

People:
SpeakerBio: Raunak Parmar, Senior Cloud Security Engineer at White Knight Labs

Raunak Parmar works as a senior cloud security engineer at White Knight Labs. His areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He enjoys researching new attack methodologies and creating open-source tools that can be used during cloud red team activities. He has worked extensively on Azure and AWS and is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon, Nullcon, RootCon, and also at local meetups.

Azure Cloud Attacks for Red & Blue Teams – Advanced Edition

Community Map Page – LVCCWest

Azure and Entra ID are widely used by enterprises for a variety of purposes. There is a huge offering of services across various categories in Azure – Identity, Compute, Networking, Storage, Databases, Analytics, Security and many more.

Azure, like any other cloud, changes rapidly and Microsoft keeps adding new defenses both as improvements and new security service offerings. This advanced class is designed to help security professionals to understand, analyze and practice attacks in an enterprise-like live multi-tenant Azure environment that has effective security controls in place.

Non-exhaustive list of topics: – Introduction to attack methodology and tools – Microsoft Identity Platform – Understanding Authorization grant flow and Device code Phishing – Dynamic Device Code Phishing – Understanding and abusing Family of Client IDs (FOCI) – Abusing minimal privileges for signing JWT assertions – Executing attacks across tenants using Cross-tenant access settings – Abusing Privileged Identity Management (PIM) role assignments – Abusing GitHub actions – Cloud to on-prem lateral movement – Abusing Microsoft Entra Kerberos – Token extraction from applications – Setting up custom Azure infrastructure for Illicit Consent Grant – Understand Azure Lighthouse and Abuse service provider permissions – Cloud to on-prem lateral movement – Abusing Arc-enabled servers and extensions – Bypassing Defenses like MFA (Authentication Strength, Phishing-resistant and more) – Evading Conditional Access Policies and Continuous Access Evaluation

You get two months access to a live Azure lab environment containing multiple tenants during and after the class and an attempt to Certified by AlteredSecurity Red Team Expert for Azure (CARTE) certification.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/altered-security-azure-cloud-attacks-for-red-blue-teams-advanced-las-vegas

People:
SpeakerBio: Keanu, Altered Security

Keanu is an information security researcher from Belgium with several years of hands-on experience performing penetration tests and red team assessments for organizations, and currently leads an offensive security team. While he has a passion for all offensive cybersecurity topics, he mostly specializes in Active Directory, Azure AD and Social Engineering.

He has presented at security conferences such as BruCon, and is the author of the Microsoft 365 and Entra attacking toolkit GraphSpy. He is an instructor for various Azure Red Teaming courses with Altered Security – a company focusing on hands-on enterprise security learning – https://www.alteredsecurity.com/

Azure Cloud Attacks for Red & Blue Teams – Beginner Edition

Community Map Page – LVCCWest

More than 95 percent of Fortune 500 use Azure today! A huge number of organizations use Azure AD (Entra ID) as an Identity and Access Management platform. This makes it imperative to understand the risks associated with Azure as it contains an enterprises infrastructure, apps, identities and a lot more!

In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge.

This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.

All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss detecting and monitoring for the techniques we use.

The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools. If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you!

Following topics are covered:

Introduction to Azure
Discovery and Recon of services and applications
Enumeration
Initial Access Attacks (Enterprise Apps, App Services, Function Apps, Insecure Storage, Phishing, Consent Grant Attacks)
Enumeration post authentication (Storage Accounts, Key vaults, Blobs, Automation Accounts, Deployment Templates etc.)
Privilege Escalation (RBAC roles, Azure AD Roles, Across subscriptions)
Lateral Movement (Pass-the-PRT, Pass-the-Certificate, Across Tenant, cloud to on-prem, on-prem to cloud)
Lateral Movement (Across Tenant, cloud to on-prem, on-prem to cloud)
Persistence techniques
Data Mining
Defenses, Monitoring and Auditing (CAP, PIM, Microsoft Defender for Cloud, JIT, Risk policies, MFA, MTPs, Azure Sentinel)
Bypassing Defenses
Defenses, Monitoring and Auditing

Attendees will get free two months access to an Azure environment comprising of multiple tenants and a Certified by AlteredSecurity Red Team Professional for Azure (CARTP) certification attempt.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/altered-security-azure-cloud-attacks-for-red-blue-teams-beginner-las-vegas-2025

People:
SpeakerBio: Nikhil, Founder at Altered Security

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.

Nikhil is the founder of Altered Security – a company focusing on hands-on enterprise security learning – https://www.alteredsecurity.com/

Beginner’s Guide to Attacks and Defenses

Community Map Page – LVCCWest

Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive a DEF CON Human Badge with their registration

We will survey modern attack and defense techniques at an introductory level. We will demonstrate all the techniques, and participants will perform hands-on projects practicing with the tools. We will provide beginner-friendly instructions, a live CTF scoreboard, and personal assistance.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/sam-bowne-team-beginners-guide-to-attacks-and-defenses-dctlv2025-4-day-training

People:
SpeakerBio: Sam Bowne, City College San Francisco

Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.

SpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at Amazon

Kaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.

SpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional Services

Irvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, “A professional troublemaker who loves hacking all the things.”

SpeakerBio: Elizabeth Biddlecome, Consultant and Instructor

Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to cripting languages in cybersecurity competitions, hackathons, and CTFs.

Binary Exploitation on Windows

Community Map Page – LVCCWest

Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive DEF CON Human Badge with their registration

This four-day intensive training is designed to guide participants from foundational reverse engineering to advanced exploitation techniques on Windows systems, culminating in hands-on real-world applications.

Day 1: Basics of Reverse Engineering

Kick off with an introduction to tools like x64dbg and Ghidra, while refreshing your knowledge of computer architecture and assembly. Through demos and challenges, you’ll solidify your skills in analyzing binaries, understanding program behavior and identifying memory corruptions.

Day 2: Basics of PWNing

Learn to combine reverse engineering with exploit development. Explore pwntools for crafting exploits, write shellcode, and build your first stack-smashing exploit for Windows through guided exercises and challenges.

Day 3: Advanced PWNing

Dive into bypassing modern mitigations such as Stack Canaries, SEH, ASLR, and mastering ROP techniques. Hone your skills with practical challenges tailored to simulate real-world vulnerabilities.

Day 4: The Real World

Apply your knowledge to exploit your first real-world application or analyze modern Windows exploit proof-of-concepts. Gain insights into advanced bug classes, Control Flow Integrity (CFI), and more.

The final goal is for you to write an exploit for a VirtualBox VM escape n-day utilizing what you have learned!

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/binary-exploitation-on-windows-las-vegas-2025

People:
SpeakerBio: Kolja, Security Researcher and Trainer at Neodyme

Kolja works as a Security Researcher and Trainer at Neodyme. He specializes on Windows and Active Directory security. He has found Vulnerabilities in widely used security products and has extensive Pentesting and Red Teaming experience.

SpeakerBio: Felipe “localo”

Felipe, aka localo, is a skilled and accomplished hacker renowned for his proficiency in developing memory corruption exploits. With a solid track record, he has consistently excelled in major hacking competitions such as Pwn2Own, showcasing his ability to identify and exploit vulnerabilities effectively. Felipe has earned major bug bounties and has impactful vulnerabilities to his name.

BRIDGING THE GAP – An Introduction to IoT Security from Serial to Bluetooth

Community Map Page – LVCCWest

Dive into the world of hardware hacking with this intensive, hands-on class that bridges the gap between software security and physical hardware. Over the course of two action-packed days, you’ll learn to identify and exploit vulnerabilities common in IoT devices, medical equipment, and embedded systems. Starting with hardware basics and circuit board analysis, you’ll quickly progress to mastering essential interfaces like UART, SPI, and JTAG. Get hands-on experience with industry software tools while learning to extract firmware, bypass authentication systems, and analyze Bluetooth Low Energy (BLE) implementations. Perfect for security professionals, researchers, and hardware enthusiasts, this course combines real-world case studies with practical exercises using actual devices. You’ll leave equipped with a solid foundation in hardware security assessment, understanding common attack vectors, and knowing how to integrate hardware security testing into your product development lifecycle. Bring your curiosity – we’ll provide the hardware!

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/bridging-the-gap-an-introduction-of-iot-security-from-serial-to-bluetooth-las-vegas-2025

People:
SpeakerBio: Will McCardell, Lead Offensive Security Engineer at Praetorian

Will McCardell is a Lead Offensive Security Engineer at Praetorian and a member of the IoT Penetration Testing team. He has a decade of software engineering and offensive security experience as well as a deep passion for hardware testing.

SpeakerBio: Garrett Freibott, Senior Security Engineer at Praetorian

Garrett Freibott is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. He has experience in open-source software development, application penetration testing, and enterprise software security. Garrett has a B.S. in Computer Science from Arizona State University and the OSCP.

SpeakerBio: Cody Hein, Senior Security Engineer at Praetorian

Cody Hein is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. His background includes audio video systems engineering and US Army Space operations, including SATCOM and other RF communications. He specializes in hardware reverse engineering, firmware analysis, and RF wireless communications with a focus on securing connected devices. Cody is passionate about lifelong learning and dedicated to sharing knowledge with others.

SpeakerBio: Aaron Wasserman, Senior Security Engineer at Praetorian

Aaron Wasserman is an accomplished IoT penetration tester with a passion for uncovering hardware vulnerabilities. He is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. Aaron is dedicated to advancing cybersecurity practices and sharing knowledge within the community. He holds both a Masters and Bachelor’s from Georgia Tech’s School of Electrical and Computer Engineering and also several offensive security certifications including the ACIP and OSCP.

Cloud Native Kill Chain

Community Map Page – LVCCWest

Pentesting in the cloud goes beyond basic EC2 exploitation. This course bridges the gap between traditional pentesting skills and modern cloud-native environments. Learn how identity, critical assets, and cloud-native tactics are leveraged to identify vulnerabilities in AWS and Kubernetes environments.

The instructor, a former pentester and current cloud platform architect, shares practical techniques – from bypassing noisy scans to leveraging cloud backends for data exfiltration – used daily in professional settings. Gain actionable skills to elevate your cloud pentesting game.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/cloud-native-kill-chain-las-vegas-2025

People:
SpeakerBio: Will Kline, Technical Director at Dark Wolf Solutions

Will’s a Technical Director at Dark Wolf Solutions, where he spends his time wrangling DevOps and cybersecurity. He’s a DEF CON addict and loves CTFs – his team once snagged a Black Badge at the IoT! He’s also been known to geek out about Kubernetes vulnerabilities and is stoked to share what he’s learned.

Cyber Threat Intelligence Analysis (CTIA) by Deloitte

Community Page – Unknown

This course presents the fundamentals of cyber threat intelligence (CTI) and guides analysts in the application of intelligence to defensive operations. The threat environment is growing more complex and correspondingly, costs to businesses affected by malevolent activity are also increasing. As malicious software incorporates more advanced counter-detection techniques, standard anti-virus (AV) software and intrusion detection and prevention systems (IDS/IPS) become less effective. Allow lists and sandboxing technologies may mitigate many host-based attacks, but additional analysis and attribution methodologies of advanced actors are needed to identify and prioritize threats to the network.

This course applies the intelligence cycle to the full-spectrum exercise of proactive network defense. When properly employed, this process fosters a cyber environment of pre-emptive action. Network defenders and operators are provided with the required necessary tactics, techniques, and procedures (TTPs) to generate timely and relevant intelligence. Such intelligence informs stakeholders and applies network fortifications before compromise.

Links:
More Info – https://training.defcon.org/products/matthew-lamanna-attilio-bonaccorso-cyber-threat-intelligence-analysis-ctia-by-deloitte-dctlv2025

People:
SpeakerBio: Matt “Tri Star” Lamanna, Deloitte

Matt “Tri Star” Lamanna is a retired Master Sergeant, USAF. During active duty Matt spent 15 years as a Signals Intelligence Analyst, and 5 years offensive cyber operator/cyber threat intelligence analyst. For the past 6 years at Deloitte he has been a defensive cyber operations integration expert supporting Space Systems Command, Prototype and Innovation Delta on Kirtland AFB, NM. Matt’s also deputy program manager for a USSF SPICES contract overseeing a cyber threat intelligence team supporting the USSF Delta 6 SOC. He is also part of the PMO for Deloitte’s US Cyber Capture the Flag portfolio. Lastly, Matt is a CTIA curriculum developer and instructor as part of Deloitte’s Advanced Cyber Training portfolio.

SpeakerBio: Attilio Bonaccorso, Deloitte

Attilio Bonaccorso is a Specialist Master in Deloitte’s Cyber Detect & Respond offering, with 20 years’ experience in Cyber Threat Intelligence and Intelligence Analysis. He is a former Intelligence Community member with the National Security Agency, the Office of the Director of National Intelligence, the National Counterintelligence Executive Office, Fleet Cyber Command, and the National Security Council as Director of Cybersecurity in President Obama’s administration. Over the course of his career he specialized in SIGINT Development, as well as cyber policy, and was an NSA Adjunct Faculty member. Attilio is also a former professor from American University in Washington, DC where he taught Cybersecurity Risk Management. Attilio holds a Master’s Degree in Electrical Engineering with focuses in Cyber warfare and Cybersecurity from the Naval Postgraduate School, and a Master’s Degree in Diplomacy from Norwich University with a focus in Terrorism.

Deep Dive into Fuzzing

Community Map Page – LVCCWest

Fuzzing is a technique of identifying software vulnerabilities by automated corpus generation. It has produced immense results and attracted a lot of visibility from security researchers and professionals in the industry, today fuzzing can be utilized in various ways which can be incorporated into your secure SDLC to discover vulnerabilities in advance and fix them. Attendees will be emulating techniques which will provide a comprehensive understanding of “Crash, Detect & Triage” of fuzzed binaries or software. In “Deep dive into fuzzing” we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.

Finding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day softwares have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/deep-dive-into-fuzzing-las-vegas-2025

People:
SpeakerBio: Zubin Devnani

Zubin Devnani is a red teamer by trade, who has identified multiple vulnerabilities in commonly used software. He is a trainer at Blackhat and has delivered multiple workshops, including PHDays and Hacktivity. Utilizes his fuzzing skills in his day to day trade to identify new ways of breaking into enterprises! Blogging at devtty0.io and tweets on @p1ngfl0yd.

SpeakerBio: Dhiraj Mishra

Dhiraj Mishra is an active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at Blackhat, BruCON, 44CON and presented in conferences such as Ekoparty, NorthSec, Hacktivity, PHDays, Hack in Paris & HITB. In his free time, he blogs at www.inputzero.io/www.fuzzing.at and tweets on @RandomDhiraj.

Dodging the EDR bullet: A Training on Malware Stealth Tactics

Community Map Page – LVCCWest

“Dodging the EDR bullet” Training is an intensive, hands-on course designed to equip cybersecurity professionals with cutting-edge skills in malware evasion techniques. Dive deep into Windows security components, antivirus systems, and EDRs while mastering the full malware lifecycle—from initial access to advanced in-memory evasion and kernel-level persistence. Through a systematic approach to memory management and process manipulation, participants will learn how to bypass modern detection strategies and build stealthy malware components. The course focuses on cultivating a research-driven mindset, enabling attendees to understand and analyze detection strategies provided by the Windows OS and then craft their own techniques to evade them.

By the end of the training, participants will have gained a solid foundation in malware analysis and development, enabling them to craft sophisticated command-and-control (C2) payloads and maintain persistence while remaining undetected.

* All students are expected to sign an NDA with the trainer to avoid unauthorized sharing of training materials *

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/dodging-the-edr-bullet-a-training-on-malware-stealth-tactics-las-vegas-2025

People:
SpeakerBio: Giorgio “gbyolo” Bernardinetti, Lead Researcher at System Security division of CNIT

Giorgio “gbyolo” Bernardinetti is lead researcher at the System Security division of CNIT. His research activities are geared towards Red Teaming support activities, in particular design and development of advanced evasion techniques in strictly monitored environments, with emphasis on (but not limited to) the Windows OS, both in user-space and kernel-space. He has been a speaker for DEFCON32 Workshops and Red Team Village HacktivityCon 2021.

SpeakerBio: Dimitri “GlenX” Di Cristofaro, Security Consultant and Researcher at SECFORCE LTD

Dimitri “GlenX” Di Cristofaro is a security consultant and researcher at SECFORCE LTD where he performs Red Teams on a daily basis. The main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. He enjoys malware writing and offensive tools development as well as producing electronic music in his free time.

Everyday Ghidra: Practical Windows Reverse Engineering

Community Map Page – LVCCWest

Reverse engineering is the process of uncovering the principles, architecture, and internal structure of a piece of software or hardware. It can be used for various purposes, such as improving compatibility, enhancing security, understanding program behaviour, and even vulnerability research. However, reverse engineering can also be challenging, especially when dealing with complex and modern Windows binaries.

That’s why you need Ghidra, a powerful and open-source software reverse engineering framework developed by the National Security Agency (NSA). Ghidra can help you perform in-depth analysis of Windows binaries, using its rich set of features and tools. Whether you want to reverse engineer malware, understand software internals, or find vulnerabilities, Ghidra can handle it and this course will guide your steps.

In this course, you will learn how to use Ghidra effectively to reverse engineer Windows binaries. While Ghidra is at the heart of our curriculum, we go far beyond a simple user manual. This course is designed to help you master Windows reverse engineering techniques by using Ghidra as your primary tool. You will start with the basics of Ghidra, such as creating projects, importing and analyzing binaries, and using Ghidra’s native tools. You will then learn how to customize Ghidra to suit your needs, such as building custom data types and configuring optimal analysis. From there, you will complete progressive labs that will teach you to apply both static and dynamic analysis techniques to dive deep into Windows application behavior using Ghidra’s Windows-specific features and scripts.

Practical Exercises: – Reverse Engineering Windows Malware – Learn to statically analyze a Windows malware sample and identify its malicious behavior. – Dynamically Debugging a Windows RPC Server – Gain insight to into Windows RPC and learn how to dynamically inspect a Windows servers with Ghidra’s Debugger – Patch Diffing and Root Cause Analysis of a Windows CVE – Learn how to use Ghidra’s Patch Diffing to compare two versions of a Windows binary and identify the changes made to fix a vulnerability and find its root cause.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/everyday-ghidra-practical-windows-reverse-engineering-las-vegas-2025

People:
SpeakerBio: John McIntosh, Security Researcher and Lead Instructor at @clearseclabs

John McIntosh @clearbluejar is a security researcher and lead instructor @clearseclabs, a company that offers hands-on training and consulting for reverse engineering and offensive security. He is passionate about learning and sharing knowledge on topics such as binary analysis, patch diffing, and vulnerability discovery. He has created several open-source security tools and courses, which are available on his GitHub page. He regularly blogs about his research projects and experiments on his [website] (https://clearbluejar.github.io), where you can find detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra. With over a decade of offensive security experience, speaking and teaching at security conferences worldwide, he is always eager to learn new things and collaborate with other security enthusiasts.

Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access

Community Map Page – LVCCWest

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory.

For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.

I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers.

Note: This training was sold out at DEF CON 2024 and received very positive feedback from students. That’s why we’re bringing it back to Las Vegas for DEF CON 2025.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/hands-on-full-stack-pentesting-laboratory-las-vegas-2025

People:
SpeakerBio: Dawid Czagan, Founder and CEO at Silesia Security Lab

Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan’s LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).

Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).

Hack the Connected Plant!

Community Map Page – LVCCWest

Tired of legacy ICS systems? Attend this training to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!

This training is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.

We’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Edge device and soft-PLCs to control a small-scale industrial process simulation.

The first day will be dedicated to introducing the new cybersecurity challenges faced by modern Industrial Control Systems, and doing hands-on exercises on AWS pentesting, soft-PLC exploitation

On the second day we’ll reflect on the updated threat models and then we’ll spend the full day working on a realistic Capture-the-Flag exercise, where we’ll have to go from 0 to impacting a small industrial setup. The CTF will be guided, with answers given on a regular basis, so that all attendees can capture all the flags. We’ll end this exciting day with the takeaways of the exercise, and what could be done to prevent & detect the attacks we performed.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/arnaud-soullie-hack-the-connected-plant-dctlv2025

People:
SpeakerBio: Arnaud Soullié, Senior Manager at Wavestone

Arnaud Soullié is a Senior Manager at Wavestone, a global consulting company. For 15 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He has spoken at numerous security conferences on ICS topics, including: BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, and DEFCON. He is also the creator of the DYODE project, an open source data diode aimed at ICS. He has taught ICS cybersecurity trainings since 2015.

Hacking Cryptography: Attacks, Tools, and Techniques

Community Map Page – LVCCWest

Crypto related bugs are super common. OWASP even ranks “Cryptographic Failure” as the second most common security vulnerability class in software. Yet, very often these vulnerabilities are overlooked by developers, code auditors, blue teamers and penetration testers alike. Because, let’s face it: Nobody knows how cryptography works.

During the course you will:

understand how modern cryptography works.
find common crypto vulnerabilities in real software.
write crypto exploits for real software (and an IoT device).

Using case studies from our own pentesting and red teaming engagements, we’ll introduce core concepts of applied cryptography and how they fail in practice.

This course turns you into a powerful weapon. You will know how applied cryptography works, how it’s commonly misused in the field and how this leads to exploitable bugs. That means, by the end of the course you will be among the very selected group of people that can identify, avoid and exploit vulnerabilities in code using crypto.

No prior knowledge required!

Learning Objectives

Learn how modern cryptography operates. Learn what kind of guarantees are given by certain primitives, and which aren’t.
Understand how crypto primitives are combined into protocols.
Learn how cryptography is often misused in practice and how this misuse can be exploited.
Write exploits for systems using cryptography in an inappropriate way.
Evaluate program code that uses cryptography for proper usage.
Identify cryptographic schemes and potential vulnerabilities in black-box tests.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/hacking-cryptography-attacks-tools-and-techniques-las-vegas-2025

People:
SpeakerBio: Ruben Gonzalez, Security Researcher and Trainer at Neodyme

10 years in offensive security research
Security Researcher and Trainer at Neodyme
Auditor of crypto code for multiple large industry projects
Part-time PhD candidate for applied cryptography at the Max Planck Institute
Multi-time DEFCON CTF, Hack-A-Sat, HITB ProCTF and Google CTF finalist
Founder and Chair of the RedRocket Hacking Club
Linkedin: https://www.linkedin.com/in/rugond/

SpeakerBio: Benjamin Walny, Senior Penetration Tester at Cure53

5 years in offensive security research
Senior Penetration Tester at Cure53
Code auditor for countless (web) applications
Profound interest in real-world attacks on cryptography
Multi-time DEFCON CTF finalist

Hacking Modern Web Apps: Master the Future of Attack Vectors

Community Map Page – LVCCWest

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long are the days since web servers were run by perl scripts apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server.

Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web app platform. Ideal for Penetration Testers, Web app Developers as well as everybody interested in JavaScript/Node.js and Modern app stack security.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with:

1 hour workshop – https://7asecurity.com/free-workshop-web-apps

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/modern-web-apps-master-the-future-of-attack-vectors-las-vegas-2025

People:
SpeakerBio: Abraham Aranguren

After 17 years in itsec and 24 in IT, Abraham Aranguren is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications.

SpeakerBio: Anirudh Anand

Anirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Principal Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 9 years. In his free time, he participates in CTF competitions along with Team bi0s (#1 security team in India according to CTFtime). His bounties involve vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and Flipboard.

Anirudh is an open source enthusiast and has contributed to several OWASP projects with notable contributions being in OWTF and Hackademic Challenges Project. He has presented/trained in a multitude of conferences including BlackHat US 2020, OWASP NZ 2021, HackFest CA 2021, c0c0n 2019, BlackHat Arsenal 2019, BlackHat Europe Arsenal 2018, HITB Dubai 2018, Offzone Moscow 2018, Ground Zero Summit Delhi 2015 and Xorconf 2015.

SpeakerBio: Ashwin Shenoi

Ashwin Shenoi is an avid application security enthusiast who currently works as a Senior Security Engineer at CRED and likes to break into applications and automate stuff. He is part of team bi0s, the top ranked CTF team according to CTFTime. He heads the Web Security team at team bi0s and is also the core challenge setter and organiser of the various editions of InCTF and the other CTFs organised by team bi0s. He has also presented talks in various security meet-ups and conferences including BlackHat Asia and BlackHat USA. He does a fair share of breaking into open source applications services and has also been awarded several CVEs for the same.

Hands-on Car Hacking & Automotive Cybersecurity

Community Map Page – LVCCWest

As automobiles increase their reliance on advanced connectivity and autonomy systems, they become more vulnerable to cyber-attacks. This class introduces participants to car hacking with in-depth case studies of automotive security research and guided, hands-on activities to instill mastery in the use of automotive technologies such as CAN and diagnostic protocols such as UDS and XCP. All hardware and software needed for the course is supplied by the instructor.

Participants will learn:

In-depth details of the automotive cybersecurity industry and car hacking incidents from the past
In-depth understanding of vehicle attack surfaces and how they have been exploited by researchers in the past, including in-depth case studies
Details of in-vehicle networking technologies used in the automotive industry and how they have been used to hack vehicles
Hands-on operation of CAN bus networking equipment to hack cars including
Reading CAN bus data
Sending CAN bus data
Reverse engineering CAN bus data
Executing attacks on a vehicle CAN bus
Using vehicle diagnostic protocols to read and write information to vehicle ECUs

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/car-hacking-and-automotive-cybersecurity-las-vegas-2025

People:
SpeakerBio: Kamel Ghali

Kamel Ghali is an 8 year veteran of the automotive cybersecurity industry and the VP of international affairs of the Defcon Car Hacking Village. He has extensive cyber physical systems security experience and has worked as a vehicle penetration tester, security consultant, and trainer in the United States and Japan. He speaks fluent English, Arabic, and Japanese, and volunteers in cybersecurity communities around the world spreading awareness for the need for cybersecurity in transportation systems.

Harnessing LLMs for Application Security

Community Map Page – LVCCWest

This comprehensive course is designed for developers and cybersecurity professionals seeking to harness the power of Generative AI and Large Language Models (LLMs) to enhance software security and development practices. Participants will gain a deep understanding of LLM functionality, strengths, and weaknesses, and learn to craft effective prompts for diverse use cases. The curriculum covers essential topics such as embeddings, vector stores, and Langchain, offering insights into document loading, code analysis, and custom tool creation using Agent Executors.

Course highlights:

Hands-on techniques like Retrieval-Augmented Generation(RAG) and Few-Shot Prompting for secure code analysis and threat modeling.
Integration of AI into security tasks to identify vulnerabilities and improve overall application security.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/llms-for-application-security-las-vegas-2025

People:
SpeakerBio: Seth Law, Founder & Principal at Redpoint Security

Seth utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.

SpeakerBio: Ken Johnson, Co-Founder and CTO at DryRun Security

Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.

Hunting for Hackers by Deloitte

Community Page – Unknown

The “Hunting for Hackers” course provides a baseline level of knowledge designed to train cybersecurity professionals to actively defend critical computer systems. The course exposes participants to a “Think like the Adversary” mindset to actively detect sophisticated and tailored adversary attacks. This course is designed to prepare cybersecurity professionals to Hunt within their network for evidence of adversary presence not previously detected by automated enterprise security devices and software.

Rather than simply reacting to network attacks, participants of this cyber threat hunting training learn methods to interrogate systems and analyze data proactively and remotely. This empowers participants to proactively discover systems targeted by an adversary. Participants learn how to discover malicious code, and evidence of adversary presence and lateral movement within a network. Throughout the program, instructors share their experience in cybersecurity, operations, and tool development. This provides participants an appreciation of the challenges they may face in countering the cyber adversary.

Students will receive 6 months of access to our virtual lab environment to continue practicing concepts learned during this course.

Links:
More Info – https://training.defcon.org/products/bobby-thomas-hunting-for-hackers-by-deloitte-dctlv2025

People:
SpeakerBio: Kyle Smathers, Deloitte

Kyle Smathers is a Specialist Master at Deloitte Risk & Financial Advisory and a seasoned cybersecurity professional with a knack for problem-solving and developing capabilities. He has served as an Air Force officer and continues his service as a reservist, bringing over a decade of experience with cutting-edge cybersecurity platforms, training, and missions. His innovative contributions have gained significant recognition, earning him an invitation to contribute to the design of the Air Force’s ‘Interceptor’ cyber threat hunting platform. In his free time, he is either with his family, riding his bicycle or working on a house project.

SpeakerBio: Bobby Thomas, Deloitte

Bobby Thomas has over 20 years of experience in cyber operations, network analysis, exploitation, and incident response. He possesses a comprehensive background in cyber network operations from planning to execution, intelligence operations, management, technical training course development and revision. Bobby currently works on Deloitte’s Advanced Cyber Training Team, Cyber Assessment Team, and Threat Hunting Team. He has his master’s degree in cyber security and multiple industry leading certifications to include: CISSP, GCFA, GNFA, GCFE, CEH, and Security+. During his off time he enjoys trying new restaurants and traveling with his family.

Influence Operations: Tactics, Defense, and Exploitation

Community Map Page – LVCCWest

Please note: This two-day training will be offered on Saturday and Sunday (August 9-10). Participants will receive a DEF CON Human Badge with their registration

It is indeed all about the information. Information is power—and those who control it hold the reins. This course dives deep into the topic of Influence Operations (IO), teaching you how adversaries manipulate, deceive, and control the flow of information to achieve their objectives. From destabilizing governments to swaying elections and ruining careers, IO is a tool used by state and non-state actors alike. The question is, how do you defend against it?

In this fast-paced, hands-on course, we’ll break down how IO is planned, executed, and defended against. You’ll gain the skills and knowledge to not only recognize and counteract these operations but to protect yourself, your organization, and even your country from their impact.

What You’ll Learn:

IO Strategies & Tactics: From the basics to advanced techniques, understand how influence operations shape public opinion, corporate behavior, and political landscapes.
Psychological Operations (PSYOP): Explore the manipulation of biases, emotions, perceptions, and actions to control outcomes.
Deception and Counterdeception: Learn how deception campaigns are crafted, and how to spot and disrupt them.
Military Doctrine & TTPs: Understand military frameworks for IO and adapt them for defending against threats.
Incident Response & Defensive Tactics: Equip yourself with practical strategies for detecting and defending against IO campaigns targeting individuals and organizations.
Crafting Messages & Understanding Propagation: Learn the art of creating and spreading messages to achieve specific goals—while also learning how to counter malicious ones.
Real-World Case Studies: From deceptive news to social media manipulation, analyze recent IO campaigns to understand their impact and develop defensive strategies.
Live IO Campaign Contest: Compete in a live “best IO campaign” contest, applying the techniques you’ve learned during the course to test your strategies.

By the end of the course, you’ll not only have a deep understanding of how IO is executed, but you’ll also walk away with practical tools to defend against these attacks. You’ll learn how to recognize the signs of manipulation, understand the motivations behind IO, and develop countermeasures to protect against them.

In a world where information is weaponized, knowing how to protect yourself is no longer optional. Whether you’re securing yourself, an organization, protecting a political campaign, or defending a nation, this course is your toolkit for navigating the complex and increasingly dangerous world of influence operations.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/influence-operations-tactics-defense-and-exploitation-las-vegas-2025

People:
SpeakerBio: Tom Cross

SpeakerBio: Greg Conti, Co-Founder and Principal at Kopidion

Loudmouth Security – Offensive IoT Exploitation

Community Map Page – LVCCWest

As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices. Participants will learn to interact with hardware debug capabilities, communicate with memory devices, and virtualize and analyze firmware. The course also covers various hardware attacks including glitching and side channel attacks, as well as diving into communications protocols, including Bluetooth, Zigbee, Thread and Matter. Participants will gain hands-on experience with industry tools and techniques. This course is suitable for security professionals, penetration testers, and hackers with basic programming and computer system knowledge, and equips them with skills to discover new vulnerabilities in IoT devices.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/offensive-iot-exploitation-las-vegas-2025

People:
SpeakerBio: Loudmouth Security, Loudmouth Security

The Loudmouth Security team consists of renowned security consultants and researchers with extensive experience in the cybersecurity industry. Collectively, they bring decades of expertise, with team members holding prestigious Black Badges from the IoT CTF at DEF CON 26. Several team members have been regular contributors to IoT Village and are now founders of the new Embedded Systems Village, where they continue to push the boundaries of security research.

The team excels at explaining complicated technical findings to executive management teams and has spent years mentoring younger hackers entering the field. Their teaching abilities stem from a shared passion for cybersecurity and dedication to continuous learning. They constantly seek out new information and insights, which they incorporate into their courses to provide the most up-to-date and relevant training possible.

Loudmouth Security’s experts bring diverse specializations to the table. The team includes accomplished PCB designers with extensive hardware knowledge, professionals with backgrounds in IT administration for industrial and manufacturing companies, and specialists in the virtualization of embedded devices. Key team members have performed research on some of the most unusual and advanced embedded systems, discovering and disclosing significant bugs in the process.

As highly skilled trainers, the Loudmouth team is always eager to share their collective knowledge and experience, helping organizations stay ahead of the latest cyber threats.

Medical Device Penetration Testing

Community Page – Unknown

Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive DEF CON Human Badge with their registration

The topic of the course is offensive security testing of medical devices and the impact this has on the future of medical device production. The course is a seasoned entry/mid level to advanced course. The students will be learning all that the trainers know about Medical Device hacking and the things they have learned in their interactions as testers with these devices. This is inclusive of skills such as:

Network attacks against medical protocols
Reverse engineering binaries for exploitation
Attacking medical devices using peripheral devices
Defense bypasses to common defenses used in medical devices
And more

Links:
More Info – https://training.defcon.org/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training

Offensive Cyber Security Operations: Mastering Breach and Adversarial Attack Simulation Engagements

Community Map Page – LVCCWest

This hands-on workshop has been created to provide participants with a better understanding of offensive security operations, breach and adversary simulation engagements. The goal is to enable participants to simulate their adversaries based on the industry which their organization is in, including both known and unknown adversaries.

Participants will learn to emulate various threat-actors safely in a controlled, enterprise level environment. Also, the training will help participants learn to simulate unknown adversaries by choosing a wide variety of offensive tradecraft, TTPs and planning attack simulation engagements effectively.

All machines in the lab environment will be equipped with AV, Web proxy, EDR and other Defense systems. The training management platform will have modules/videos of each attack vector used in the lab environment and step-by-step walkthrough of the attack path. The training is intended to help the attendees to assess the defenses and evaluate the security controls deployed in their organization against motivated adversaries.

This training will provide participants access to a breach simulation lab range, where they will be able to perform a full red team-attack simulation scenario in guided mode. Each step of the attack chain will be explained, along with the TTPs used, starting from initial access to exfiltration.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/offensive-cyber-security-operations-mastering-breach-and-adversarial-attack-simulation-engagements-las-vegas-2025

People:
SpeakerBio: Abhijith “Abx” B R

Abhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive cyber security specialist, red team consultant, security researcher, trainer and public speaker.

Currently, he is building Breachsimrange.io and is involved with multiple organizations as a consulting specialist to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and security professionals.

Abhijith was responsible for building and managing offensive security operations and adversary simulation for a prominent FinTech company called Envestnet, Inc. In the past, he held the position of Deputy Manager – Cyber Security at Nissan Motor Corporation, and prior to that, he worked as a Senior Security Analyst at EY.

As the founder of Adversary Village (https://adversaryvillage.org/), Abhijith spearheads a community initiative focused on adversary simulation, adversary-tactics, purple teaming, threat actor/ransomware research-emulation, and offensive cyber security. Adversary Village is part of DEF CON Villages and organizes hacking villages at prominent events such as the DEF CON Hacking Conference, RSA Conference etc.

Abx also acts as the Lead of an official DEF CON Group named DC0471. He is actively involved in leading the Tactical Adversary project (https://tacticaladversary.io/), a personal initiative that centers around offensive cyber security, adversary attack simulation and red teaming tradecraft.

Abhijith has spoken at various hacking and cyber security conferences such as, DEF CON hacker convention – Las Vegas, RSA Conference – San Francisco, The Diana Initiative – Las Vegas, DEF CON 28 safemode – DCG Village, Opensource India, Security BSides Las Vegas, BSides San Francisco, Hack Space Con – Kennedy space center Florida, Nullcon – Goa, c0c0n – Kerala, BSides Delhi, etc.

Offensive Development Practitioner Certification (On-Site) by White Knight Labs

Community Map Page – LVCCWest

Dive deep into cutting edge techniques that bypass or neuter modern endpoint defenses. Learn how these solutions work to mitigate their utility and hide deep within code on the endpoint. The days of downloading that binary from the internet and pointing it at a remote machine are over. Today’s defenses oftentimes call for multiple bypasses within a single piece of code.

This course is designed to take you deep into defensive and offensive tooling – an apex attacker must know the own indicators of compromise (IOCs) they’re creating and the artifacts they’re leaving behind.

Imagine, you are a novice red teamer and you have been tasked with leading a 16-week full-scope red team engagement against a highly mature Fortune 50 company. No, Metapsloit and Mimikatz are not going to work. Do you take your ball and go home? Nope, it’s time to build a lab and see what is going to bypass their tech stack.

Do you phish from the external? Maybe an illicit consent grant in Azure? What loader do I use? Is process injection even going to be necessary? Stop being lost in the offensive cyber sauce; get informed and get to work. WKL’s flagship course, Offensive Development, is meant to prepare red teamers and blue teamers for the present day cyberwar. These are not last year’s TTPs, WKL will be teaching hyper-current tools and techniques that are being used in current red team operations.

The Offensive Development course is not focused on theory, students will be given a Terraform script that spins up their own isolated AWS lab environment that has several fully patched Windows virtual machines that have various EDR products installed and a fully licensed version of the Cobalt Strike C2 framework.

The pace of finding new offensive cyber techniques that bypass modern detection moves slightly faster than the defense can handle. This course will help red teamers and blue teamers understand the current state of the red/blue war and where the community is heading next, the kernel.

Your lab environment is yours to keep continuing honing your skills. Although the EDR and Cobalt Strike licenses will expire, and the Earth may turn to dust, your AWS lab environment will live forever.

Although the OD course comes with Cobalt Strike, students are free to install whichever C2 framework they’re most comfortable with. Students will receive an additional Ubuntu workstation in their lab environment to install whatever additional tooling they feel is necessary.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/offensive-development-practitioner-certification-by-whiteknightlabs-las-vegas-2025

People:
SpeakerBio: Jake Mayhew

Jake Mayhew is an experienced cybersecurity professional with a particular emphasis on offensive security, especially internal & assumed breach penetration tests. In addition to several years in consulting performing penetration tests & offensive security engagements for clients in a wide range of industries, he has also served on internal red teams and currently leads the red team at UPMC.

SpeakerBio: Greg Hatcher

Greg Hatcher served seven years as a green beret in the United States Army’s 5th Special Forces Group. During that time, Greg went on multiple combat deployments, working on small teams in austere locations to serve America’s best interests. After Greg transitioned from the military in 2017, he devoted himself to developing a deep understanding of networking and then pivoted quickly to offensive cyber security. He has taught at the NSA and led red teams while contracting for CISA. He has led training at Wild West Hackin’ Fest and virtually on the AntiSyphon platform. Greg has spoken at GrrCON and is an active member of the West Michigan Technology Council. He enjoys spending time with his family, lifting heavy things, and running long distances.

Red Team Tunneling, Pivoting, and Redirection by Deloitte

Community Page – Unknown

This Red Team Tunneling, Pivoting, and Redirection course provides participants with an understanding of how an attacker approaches the exploitation process. While gaining access to and once on the network, participants learn the techniques adversaries use to hide from detection and gain access to multiple different private networks by creating tunnels and pivots. This course provides participants with a baseline understanding of the tactics, techniques, and procedures an attacker uses to gain access to a network and pivot to different hosts. These concepts are then expanded through labs and lectures to provide a deeper understanding of exploitation and tunneling.

Students will receive 6 months of access to our virtual lab environment to continue practicing the concepts they are taught in this course.

Links:
More Info – https://training.defcon.org/products/eric-stride-kyle-mccool-red-team-tunneling-pivoting-and-redirection-by-deloitte-dctlv2025

People:
SpeakerBio: Kyle McCool, Deloitte

Kyle is a senior Detect & Respond Cyber Threat Intelligence Analyst and Cyber Instructor with over ten years of experience in Cyber Threat Intelligence and Intelligence Analysis. He is a US Army veteran serving with the Special Operations Command, National Security Agency, and the United States Cyber Command where he specialized in intelligence, cyber operations, cyber training, and Geo-Political affairs as a Russian language and cultural expert. Kyle holds several industry certifications including GIAC Certified Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Security Essentials (GSEC), CompTIA Networking +, EC-Council Certified Threat Intelligence Analyst, and is a certified NSA Adjunct Faculty member.

SpeakerBio: Eric Stride, Deloitte

Eric is a Specialist Executive at Deloitte. He is recognized for eminence in offensive cyber operations (OCO) for the US military, and cyber defense capability development & security operations in the commercial sector. Previously as an independent consultant, he advised clients on cybersecurity technology, operations, & management. Prior roles include CTO, overseeing cybersecurity service delivery to clients, and SVP, leading R&D. He has 22 yrs experience in Defense, Security, & Justice (DS&J). 12 yrs active duty USAF, with 5 at NSA. He supported highly technical cyber ops at USAF, NSA, & US Cyber Command. At the USAF, he established the 1st regional cyber combat msn team; commanded an OCO unit & a DCO Sq; served as OCO SME to the acquisition office; co-authored the 1st weapons & tactics manual addressing OCO; was the 1st OCO evaluator at the NAF level. At NSA, he worked dev & ops; a CNODP alum; was deputy chief of cyber ops at NSA-Georgia. He currently serves part-time as a Reserve Colonel, supporting the 67th Cyberspace Wing.

RFID and Electronic Physical Access Control System Hacking

Community Map Page – LVCCWest

Practical security is the foundation of any security model. Beyond firewalls and network hardening, government and enterprise alike must consider how security infrastructure safeguards digital, material, and human assets. Physical security is foundational to the ability to resist unauthorized access or malicious threat.

In this training developed by world-renowned access-control expert Babak Javadi, students will be immersed in the mysteries of PACS tokens, RFID credentials, readers, alarm contacts, tamper switches, door controllers, and back-haul protocols that underpin Physical Access Control Systems (PACS) across the globe. The course provides a holistic and detailed view of modern access control and outlines common design limitations that can be exploited. Penetration testers will gain a practical understanding of what PACS looks like in the field, and how to intercept, clone, downgrade, replay, and bypass one’s way through the system. Defenders, designers, and directors will come with away with best practices and techniques that will resist attacks.

Participation will include hands-on practical experience with tools, exploits, and refined methods for compromising modern Physical Access Control Systems.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/rfid-and-electronic-physical-access-control-system-hacking-las-vegas-2025

People:
SpeakerBio: Deviant Ollam, Director of Education at Red Team Alliance

While paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam also sat on the Board of Directors of the US division of TOOOL –The Open Organisation Of Lockpickers — for 14 years… acting as the the nonprofit’s longest-serving Board Member. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing’s best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a SAVTA certified safe technician, a GSA certified safe and vault inspector, member of the International Association of Investigative Locksmiths, a Life Safety and ADA Consultant, and an NFPA Fire Door Inspector. At multiple annual security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, Los Alamos National Lab, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.

SpeakerBio: Bryan Black, Red Team Alliance

Bryan Black is a seasoned physical security professional and esteemed assessment specialist with a comprehensive expertise spanning various facets of site security. His areas of specialization encompass video surveillance, intrusion detection/prevention, access control, network infrastructure, and penetration testing. With an illustrious track record of over a decade, he has collaborated closely with local and state law enforcement, federal and intelligence agencies, as well as prominent private sector corporations. Through these partnerships, he has been instrumental in advising clients and businesses on navigating the constantly evolving threat landscape. He is frequently acknowledged for his discerning critique of prevailing installations and practices within the industry. During his leisure hours, he leverages his engineering background and personal maker space to engage in product development. His endeavors encompass the meticulous design and refinement of innovative tools and procedures aimed at optimizing the efficiency and efficacy of both red and blue team engagement protocols.

SpeakerBio: Babak Javadi, Red Team Alliance

Babak Javadi is the President and Founder of The CORE Group, and one of the original co-founding Directors of TOOOL, The Open Organisation of Lockpickers. As a keystone member of the security industry, he is well-recognized expert in professional circles hacker community. Babak’s expertise extends to a wide range of security disciplines ranging from high security mechanical cylinders to alarm systems & physical access control systems. Over the past fifteen years Babak has presented and provided trainings a wide range of commercial and government agencies, including Black Hat, The SANS Institute, the USMA at West Point, and more.

Simulated Adversary: Tactics & Tools Training

Community Map Page – LVCCWest

Ever wondered what it’s like to be the Villian? Have a propensity for chaos and a penchant for mischief? Seize the opportunity to unleash your inner “bad guy” in a legal and controlled environment. This class, led by Adversary for Hire, Jason E. Street, will teach you how to think and attack like an adversary.

You will learn advanced intelligence gathering techniques and explore non-traditional tactics from one of the most twisted minds in the industry. Using real-world examples along with hands-on practical training, Jayson’s approach highlights the human side of cyber compromise. He will introduce you to the Security Awareness Engagement methodology, which he uses in the field to reveal real-world threats without negative impacts to targets. This methodology employs practical simulations of social engineering attacks.

In addition to simulating remote attacks like phishing and vishing, students will learn how to craft and deploy physical attack payloads with the Hak5 Bash Bunny. Each student will receive a Bash Bunny to take home and use in their new life as a simulated adversary.

This class focuses on the paramount threat to any person or organization: other humans. It provides in-depth understanding of each element in a social engineering attack and where social engineering falls on the kill chain. More importantly, you will leave with an in-depth understanding of how simulated adversaries and social engineering awareness can help people and organizations protect themselves. Sign up for DEF CON’s most mischievous training and leave with new skills you will use for life.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/simulated-adversary-tactics-tools-training-las-vegas-2025

People:
SpeakerBio: Kenny Hess, Advanced Security Engineer at Secure Yeti

Kenny Hess is an Advanced Security Engineer at Secure Yeti. He is a trusted security consultant who has built a career around developing and testing secure, mission-critical systems for national governments, state agencies, and international corporations. Additionally, he has been able to help businesses of all sizes develop security policies and programs for classified and unclassified systems. Kenny has a B.A. in Journalism and Broadcasting and an M.S. in Telecommunications Management from Oklahoma State University. Because of this diverse educational background, he is able to connect with his clients through clear communication backed by technical expertise. When he’s not desperately urging people to use a password manager, you might find him in the kitchen trying a new recipe, or at the airport lounge en route to adventure. Whether he’s hacking people, systems, or ingredients, Kenny Hess is always ready to add a dash of fun to everything he does.

SpeakerBio: Jayson E. Street, Chief Adversarial Officer at Secure Yeti

Jayson E. Street referred to in the past as: a “notorious hacker” by FOX25 Boston, “World Class Hacker” by National Geographic Breakthrough Series, and described as a “paunchy hacker” by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.

He is the Chief Adversarial Officer at Secure Yeti and the author of the “Dissecting the hack: Series” (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He’s spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.

He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!

He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time’s persons of the year for 2006.

SOC 101 – SOC 1 Analyst Bootcamp

Community Map Page – LVCCWest

This course introduces students to Security Operations Center (SOC) skills and tools, providing a comprehensive foundation in the essential skills required for SOC analysts. Through extensive hands-on exercises and labs that mirror real-life SOC tasks and technologies, students will gain a practical, skill-based understanding of modern security operations.

Key areas of focus will include text handling, packet dissection, and analysis, adversarial simulation, and detection engineering, equipping students with the expertise needed for various SOC tasks. The course emphasizes practical, foundational skills to ensure students are prepared to excel at core SOC tasks, this course will also introduce students to AI tools that improve SOC efficiency, accuracy, and response time in a rapidly evolving security landscape.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/soc-101-soc-1-analyst-bootcamp-las-vegas-2025

People:
SpeakerBio: Rod Soto, Detection Engineer and Researcher at Splunk Threat Research Team

Rod Soto has over 15 years of experience in information technology and security. He has worked in Security Operations Centers as a support engineer, soc engineer, security emergency response, and incident response. He is currently working as a detection engineer and researcher at Splunk Threat Research Team and has previously worked at Prolexic/AKAMAI, Splunk UBA, JASK (SOC Automation).

Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and Red Alert ICS CTF at DEFCON 2022 contest. He has spoken at ISSA, ISC2, OWASP, DEFCON, RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN.

Software Defined Radios

Community Map Page – LVCCWest

Software Defined Radios (SDRs) are a powerful tool that has made the once-obfuscated domain of the electromagnetic spectrum open to anyone with a low-cost laptop and radio. From both an offensive and defensive perspective, an enormous attack surface, with many legacy devices and protocols, is open for exploitation. SDR 101 is a course designed for cyber security professionals of all skill levels who want to start working with RF signals and SDRs.

This class is a beginner’s introduction to practical Software Defined Radio applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn’t know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/software-defined-radios-101-las-vegas-2025

People:
SpeakerBio: Richard Shmel

Richard Shmel is an experienced research and development engineer focusing on radio communications and digital signals processing applications. He has over a decade of experience as an RF engineer and embedded software developer working on prototype radio systems and DSP frameworks. Disappointed by the lack of introductory SDR material he could give to new engineers, he decided to write his own training courses to help fill the gap. Richard has had the privilege of teaching SDR workshops and training at various local and national cyber security conferences – including DEF CON – for many years now. He is passionate about teaching RF/DSP and wireless technology, and will happily talk for hours on the subject if given the chance. Learn more at https://www.rnstechsolutions.com/.

Solving Modern Cybersecurity Problems with AI

Community Map Page – LVCCWest

Artificial Intelligence (AI) and Large Language Models (LLMs) have emerged as robust and powerful tools that have redefined how many approach problem solving. In 2023, the industry saw a surge of interest in AI and Cybersecurity experts struggled not only to threat model LLMs but to leverage them effectively. Our training presents a comprehensive educational framework aimed at equipping students with the necessary skills to not only build their own LLM toolkits but to leverage AI and LLMs to solve both simple and complex problems unique to their own environments.

The training begins with a brief overview of AI including the differences between LLM, generative AI, and myriad of other emerging AI technologies. After introductions we will give students access to our private GitHub to access all the tools and scripts needed for the class. From there students will deploy their own LLM in our cloud environment for use in the class while we explain the basics, operational constraints of running AI, on-prem vs cloud, and the basics of troubleshooting their AI environments.

Next we will demonstrate how to select high quality data from their environment and give them example data via our private GitHub. From there we will walk students through transforming this data and making it operationally effective and efficient for their AI. We will cover various types of data common to Cybersecurity environments, protentional issues with certain data types, and how to make the most of opensource to help transform the data. Students will apply the model to the LLM.

Lastly, we will cover many use cases in how students can use this AI and data to solve various problems and add value to their environment. Examples include training data to write YARA/SIGMA rules, analyzing alerts to add rankings to help prioritize and avoid alert fatigue, training the AI to work with common opensource tools such as OpenSearch, using AI to improve operational security by catching bad behaviors/patterns, improving application observability by adding context to “weird” behavior, leveraging AI as middleware to add contextual data between disparate platforms, and more! All use cases will be performed by students live and in-class.

When students leave the training they will leave with the tools they need to go back to their employer and apply what they have learned to effect immediate and impactful change. All tools and scripts will be available for students to copy and fork onto their own personal GitHub accounts. Students will also be allowed to export the tools they create in class from our private cloud environment following the training (number of days yet to be determined).

Our training is designed to bring a holistic educational approach and empower students with the knowledge, skills, and ethical awareness necessary to harness the full potential of LLMs in solving cybersecurity problems. By equipping the next generation of cybersecurity professionals with these capabilities, we aim to foster innovation, resilience, and accountability in the ever-evolving landscape of digital security.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/solving-modern-cybersecurity-problems-with-ai-las-vegas-2025

People:
SpeakerBio: “K” Singh, Senior Incident Response Consultant at CrowdStrike

“K” Singh is currently a Senior Incident Response Consultant at CrowdStrike. Previously an Incident Response Consultant and the Forensic Lab Manager for the Global Incident Response Practice at Cylance – “K” has worked with multiple Fortune 500 companies, sector-leading firms, and healthcare organizations in a variety of engagements ranging from Incident Response to Traditional “Dead Disk” Forensics and E-Discovery. Additionally, “K” is also part of the Operations team for WRCCDC-handling infrastructure for the competition’s core cluster, student environments, Social Media outlets, and liaising between the Red Team and other teams to ensure the competition runs smoothly.

SpeakerBio: Michael “Bluescreenofwin” Glass, Founder at Glass Security Consulting

Michael Glass AKA “Bluescreenofwin” is currently a Principal Security Engineer providing security leadership for one of the largest streaming technology companies in the world specializing in Blue Team, SecOps, and Cloud. Michael has been in the hacking and security scene for over 15 years working for a wide variety of organizations including government, private, and non-profit. Using this diverse background he has founded the company “Glass Security Consulting” in order to provide world class Cybersecurity instruction for Information Security Professionals and Hackers alike.

Tactical OSINT for Pentesters – DEFCON Edition

Community Map Page – LVCCWest

This DEFCON Edition of our Tactical OSINT for Pentesting training program not only focuses on OSINT but also focuses on in-depth attack tactics using the information collected in the earlier phases. This course will focus on a wide range of tools and techniques for performing real-world reconnaissance in order to launch targeted attacks against modern and dynamic infrastructures.

We will take a deep dive into various modern methodologies for extracting useful information from the internet. Furthermore, we will cover how this extracted information can be used in attack scenarios to get an initial foothold in multiple ways within an organisation’s network beyond the firewall and further exploit it to gain and maintain elevated access. The course will cover topics like:

Mapping the Modern Attack Surface
Comprehensive Subdomain Enumeration
Exploring Dark Web
Hunting 3rd Party SaaS Apps
Hunting & Attacking API Endpoints
Supply Chain Enumeration & SBOM
Template Based Scanning
Attacks using Recon from Docker Image, EBS volumes, etc.
Exploring Mobile Applications for Attack Chaining
Practical Social Engineering, etc.

This 2-day course takes a hands-on approach to indulge the participants in real-world scenarios, simulated lab environments, and case studies in order to get proficient in techniques and methodologies. Each participant will also be provided ONE MONTH FREE ACCESS to our Hybrid-Cloud Based Private Lab mimicking the modern age infrastructure, as well as decoy accounts and the organization’s social presence, where they can practice the skills learned during the course.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/tactical-osint-for-pentesters-defcon-edition-las-vegas-2025

People:
SpeakerBio: Shubham Mittal, CEO at RedHunt Labs

Shubham Mittal is the CEO of RedHunt Labs, a leading 360-degree Attack Surface Management platform. Previously, he served as the CTO of Neotas and co-founded Recon Village, an OSINT-focused mini-conference at DEFCON. He is a review board member at BlackHat Asia, BlackHat Europe, RootConf, and Pycon India (Information Security Track).

He has trained and presented to various government organizations, and security firms, and at notable conferences such as Black Hat, DEFCON, HackMiami, Nullcon, and various government orgs. Shubham has a strong foothold in OSINT, Recon, Cybersecurity, and Product Engineering. His expertise covers Offensive and Defensive security, Open Source Intelligence, and Perimeter Security. Actively involved in the Null-Open Security Community, Shubham prefers working from the command line and using the vi editor.

SpeakerBio: Kumar Ashwin, Security Researcher at RedHunt Labs

Kumar Ashwin is a Security Researcher at RedHunt Labs with a strong background in offensive and defensive security, Ashwin specializes in OSINT, web, cloud, and software supply chain security, bringing a unique perspective to tackling modern security challenges.

Ashwin has delivered presentations and conducted training sessions for security professionals at renowned conferences like x33fcon, BSides, and c0c0n. He has also actively contributed to security communities such as null – The Open Security Community, Winja, and DEFCON Cloud Village, creating CTF challenges and sharing insights through different engagements.

Ashwin’s expertise encompasses security engineering, offensive and defensive security where his practical experience and innovative approaches have been pivotal in assisting organizations in strengthening their security posture and safeguarding their digital assets.

SpeakerBio: Dhruv Shah, Information Security Professional

Dhruv Shah is an information security professional with over 14+ years of expertise in application, mobile, network, and cloud security. He has co-authored the books “Kali Linux Intrusion and Exploitation” and “Hands-on Pentesting with BurpSuite” by Packtpub. Dhruv has delivered advanced web hacking and Hacking and securing cloud Infrastructure classes and trained at major cybersecurity conferences such as Black Hat USA, Europe, and Asia, as well as other notable events like Hack in Paris, BSides Lisbon, Texas Cyber Summit etc. He has provided security training to clients across the UK, EU, and USA. He is a core member of Recon Village at Defcon. His online presence is under the handle @snypter.

Vulnerability Research and Exploitation on Edge Devices

Community Map Page – LVCCWest

Edge devices attacks are on the rise. They provide attackers with an easily identifiable network entry point due to their deliberate internet exposure. Edge devices encompass a wide variety of different solutions such as virtual private network (VPN) servers, firewalls, load balancers, routers, mail systems, etc., and therefore they represent one of the most attractive targets for criminals and nation-state entities to establish initial access inside victim networks. Furthermore, bug bounty programs are increasingly looking for these types of vulnerabilities.

Whether you want to create a working proof of concept with only a few public technical details as a starting point, reproduce a 1-day exploit through patch diffing or discover new 0day vulnerabilities on your own, this class aims to teach and show students the approaches, techniques and tools to do so. No bullsh*t XSS or missing secure cookie attribute vulnerabilities here. Anything less than critical impact/RCE is banned from this course. What is really scary, students don’t need to be l33t hackers to discover and exploit vulnerabilities with the potential of having devastating impacts in the edge device world.

If your answer to some of the following questions is yes, then this course is for you:

Stumbled upon a technical blog post that describes an edge device vulnerability but does not provide all the details necessary to create a weaponized poc? Students will be shown how to overcome all the untold obstacles and create a working poc.
Do you suspect a vendor did not tell all the truth when they released a security advisory and tended to minimize the real impact of a vulnerability? Students will see how often vendors’ claims can be subverted, for example by turning a client-side issue into a server-side flaw or a post-auth bug into a pre-auth vulnerability.
Concerned a vendor did not follow the good rule of thumb that would suggest, after a vulnerability becomes public domain, to fix all the issues that follow the same pattern? Students will learn how common it is in the edge devices world to be able to discover bypasses of a previously fixed vulnerability, getting additional CVEs for fun and profit.
Interested in creating a weaponized poc for a vulnerability but no access to a patched firmware image? This course explains how to create a working RCE exploit just by following the little crumbles left in security advisories, starting from a vulnerable firmware image and without performing patch diffing.

This course is one of a kind. You can find courses teaching how to hack a mobile device, a hardware device, an IoT device, but no specific course for edge devices is currently available.

Other valuable points students will learn are:

Create weaponized 1-day exploits via patch diffing
Exploitation of edge device vulnerabilities without patch diffing
Learn how to weaponize patched edge devices vulnerabilities even in absence of technical details/poc
Fundamentals of edge device virtual images reverse engineering
Bypass vendor patches
Properly re-assessing criticality of edge device vulnerabilities
Understand how to approach and what to prioritize during the edge device’s vulnerability research process

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/marco-ortisi-vulnerability-research-and-exploitation-on-edge-devices-dctlv2025

People:
SpeakerBio: Marco Ortisi

Marco has been professionally dealing with IT security since 1999. After several experiences in Italy and abroad as penetration tester, vulnerability researcher, team leader and ultimately red team manager, he went through a midlife crisis that made him decide to switch back to vulnerability research/analysis (especially 0days) and rediscover the pleasure of being the only person into his own business reporting line. Speaker & trainer at Blackhat, BruCON, hackinbo, e-privacy.

Windows Payload Development: EDR Evasion and Initial Access Tradecraft

Community Map Page – LVCCWest

This training is a hands-on, immersive course designed to teach participants the art of crafting evasive Windows payloads while navigating and bypassing modern Endpoint Detection and Response (EDR) systems. Through a blend of theory and practical exercises, attendees will gain a deep understanding of payload development, focusing on techniques that enhance stealth, modularity, and effectiveness in offensive operations.

Key topics include payload formats, memory-resident execution, process injection, and advanced evasion strategies. Participants will explore the use of living off the land binaries (LOLBins), design modular implants with secure communication, and develop packers to obfuscate payloads and evade detection. By the end of the course, students will possess the knowledge and skills to craft realistic initial access vectors and deploy sophisticated payloads capable of evading modern defensive controls.

Links:
More Info – https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/windows-payload-development-edr-evasion-and-initial-access-tradecraft-las-vegas-2025

People:
SpeakerBio: Rey “Privesc” Bango, Security Consultant at BC Security

Rey “Privesc” Bango is a Principal Cloud Advocate at Microsoft and a Security Consultant specializing in red teaming at BC Security. At Microsoft, he focuses on empowering organizations to leverage transformative technologies such as Artificial Intelligence and Machine Learning, prioritizing trust, security, and responsible use. He is an experienced trainer and speaker, presenting and teaching at cybersecurity conferences, including Black Hat and DEF CON. His work continues to bridge the gap between cutting-edge technological advancements and the critical need for secure, ethical implementation in today’s world.

SpeakerBio: Kevin Clark, Red Team Instructor at BC Security

Kevin Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security, with a diverse background in software development, penetration testing, and offensive security operations. Kevin specializes in initial access techniques and Active Directory exploitation. He has contributed to open-source projects such as PowerShell Empire and developed custom security toolkits, including Badrats and Ek47. A skilled trainer and speaker, Kevin has delivered talks and conducted training sessions all over the country at cybersecurity conferences, including Black Hat and DEF CON, and authors a cybersecurity blog at https://henpeebin.com/kevin/blog.