HACKER SUMMER CAMP 2023 GUIDES — Part Fifteen: Hack Red Con

DCG 201
20 min readAug 18, 2023

--

Welcome to the DCG 201 Guides for Hacker Summer Camp 2023! This is part of a series where we are going to cover all the various hacker conventions and shenanigans both In-Person & Digital! This year in 2023 somehow bigger than it was in 2022 and thus we will have a total of 15 guides spanning 3 Months of Hacker Insanity!

As more blog posts are uploaded, you will be able to jump through the guide via these links:

HACKER SUMMER CAMP 2023 — Part One: Surviving Las Vegas & Virtually Anywhere

HACKER SUMMER CAMP 2023 — Part Two: Capture The Flags & Hackathons

HACKER SUMMER CAMP 2023 — Part Three: SummerC0n

HACKER SUMMER CAMP 2023 — Part Four: Zero Gravity by RingZero

HACKER SUMMER CAMP 2023 — Part Five: The Diana Initiative

HACKER SUMMER CAMP 2023 — Part Six: BSides Las Vegas

HACKER SUMMER CAMP 2023 — Part Seven: Black Hat USA

HACKER SUMMER CAMP 2023 — Part Eight: SquadCon by Black Girls Hack

HACKER SUMMER CAMP 2023 — Part Nine: DEFCON 31

HACKER SUMMER CAMP 2023 — Part Ten: USENIX + SOUPS

HACKER SUMMER CAMP 2023 — Part Eleven: Chaos Computer Camp

HACKER SUMMER CAMP 2023 — Part Twelve: Wikimania 2023

HACKER SUMMER CAMP 2023 — Part Thirteen: HackCon XI

HACKER SUMMER CAMP 2023 — Part Fourteen: Blue Team Con

HACKER SUMMER CAMP 2023 — Part Fifteen: Hack Red Con

HACKER SUMMER CAMP 2023 — Part Sixteen: SIGS, EVENTS & PARTIES

Hack Red Con

Date & Time: Friday, September 8th — Saturday, September 9th

Location: Louisville Slugger Museum & Factory (800 W Main St, Louisville, KY 40202)

Website: https://www.hackredcon.com/

Tickets: https://www.eventbrite.com/e/hack-red-con-2023-tickets-664038877157

Virtual Platform(s): https://discord.gg/WWUyUJZZCC

Schedule: https://www.hackredcon.com/agenda

Live Streams:

N/A

Virtual Chat: Discord

Affordability: One flat rate of $250 for both days in-person workshops, talks, villages and on-site activities.

Code Of Conduct: https://www.hackredcon.com/code-of-conduct

Hack Red Con 2023 is a unique Cyber Security Conference that spans two action-packed days. This event includes comprehensive training, workforce development, and valuable networking opportunities. The con will feature a diverse range of talks and training sessions covering Red, Blue, and Purple topics.

The primary objective of this conference is to foster connections among Cyber and InfoSec Professionals, Companies, Educators, Influencers, Entrepreneurs, as well as Federal, State, and Local Government Agencies.

Beyond the professional engagements, Hack Red Con also offers an evening party event, complete with Bourbon distillery and tours of the Louisville Slugger Museum.

We know this is an odd choice to end all of Hacker Summer Camp with as it it takes place near the end of actual Summer and a month after the Vegas set but we this this is the perfect way to end it. A newer younger convention, the Red after Blue, smaller yet growing convention with a truly local feel, shockingly affordable by comparison to others in our guides, with a unique perspective and replacing the void left by a much bigger convention in the same area with who screwed up their chance a long time ago.

If you are in the local Middle-South-East area (or want to do a road trip), experience how many of the mega cons on this list started out and help one grow into one day the next DEFCON, please give this one a chance!

HOW DO I HAVE FUN WITH OUT THE MITCH MCCONNELL EATING ME IN MY SLEEP?

DRIVING

AIRPORT

BUS SYSTEM

FULL MAP:

https://www.ridetarc.org/wp-content/uploads/2021/01/TARC-System-Map_Reduced-download.pdf

DESTINATIONS & CULTURE

Hack Red Con Mission

Education

  • Professional Training
  • K — 12 Education
  • Certification
  • Cyber Content
  • Job Placement

Workforce Development

  • Diverse Hacker
    Communities
  • Mentoring
  • Networking
  • Podcast
  • Content
    Development
  • Community Protection Program
  • Black Badge Exchange

Awareness

Introduce ​Cyber Security to Communities:

  • Low Income
  • Rural
  • Women
  • Minorities
  • Veterans

Resources

  • Tools
  • Research
  • Info Sec
  • Repositories
  • Market Data
  • Financial Aid
  • Scholarships
  • Blogs
  • Podcasts
  • News

MUSEUM RECON

Louisville Slugger Museum & Factory (800 W Main St, Louisville, KY 40202)

Active Conference Hours: 9 AM — 5 PM EST

The conference main area floor will be on the 3rd of the Museum (Skybox Floor). Tracks and Villages will be spread out through the 1st, 2nd, & 3rd Floors.

Registration, Fireside Talks, Vendors & Villages: Skybox — 3rd Floor

Knuckleball Track: Theater — 1st Floor

Curveball Track: Dugout — 2nd Floor

Slider Track: Dugout/Garage — 2nd Floor

Villages & Competitions at Hack Red Con 2023

Adversary Village

Hosted by White Knight Labs

WKL’s Adversary Village consist of 4 challenge stations where each participant has their own isolated virtual environment that is spun up with Terraform.

The environment has 9 different machines in it consisting of: Kali, Windows, and an Ubuntu box as well.

The Windows machines have various EDR products installed, ie Crowdstrike, Cylance, Windows ATP, etc.

If participants are successful at landing beacons on 3 of the EDR machines, they can interview with WKL for an engineering position.

Everyone that attempts the Adversary Village will automatically be entered into a raffle to win a training voucher for a cybersecurity course and a bottle of bourbon (if 21 yo).

We coined this CTF style event Periwinkle village. We wanted to provide a purple team experience with realistic items you can take back to your corporation. The CTF environment will have around 100 questions.

The first half of the CTF questions are non-lab ‘101’ and ‘201’ questions. These are cyber security, sysadmin, web app, and network admin general questions.

The following ‘301’ and ‘401’ questions, we will grant teams access to an Arkime instance to figure out what type of attacks performed and other supplementing information to answer them.

The Arkime instance is a full packet capture and additionally will have Suricata IDS events. You will perform incident response and break down the attack methods.

Periwinkle Village

We coined this CTF style event Periwinkle village. We wanted to provide a purple team experience with realistic items you can take back to your corporation. The CTF environment will have around 100 questions.

The first half of the CTF questions are non-lab ‘101’ and ‘201’ questions. These are cyber security, sysadmin, web app, and network admin general questions.

The following ‘301’ and ‘401’ questions, we will grant teams access to an Arkime instance to figure out what type of attacks performed and other supplementing information to answer them.

The Arkime instance is a full packet capture and additionally will have Suricata IDS events. You will perform incident response and break down the attack methods.

Lockpicking & Covert Entry Village

Come on by the lockpicking village to get hand-on practice at picking a variety of different locks. Discuss physical security and social engineering attacks and techniques, as well as how to fix this these things.

Career and Workforce Village

TBA

Training at Hack Red Con 2023

September 8th

Two-hour professional training workshops conducted by industry experts.

General Admission ticket required upon entry.

Location

Jefferson Community and Technical College (JCTC) — 110 W Chestnut St, Louisville, KY 40202

These training will be hosted in the Health & Science building of the campus. Public city parking will be available nearby.

DCG 201 HACK RED CON WORKSHOP HIGHLIGHTS

Malware Training

Date & Time

September 8, 2023 | All 4 Blocks will be taught throughout the day, in 2-hour intervals

Location

In-Person

Jefferson Community and Technical College (JCTC) — 110 W Chestnut St, Louisville, KY 40202

Come join White Knight Labs as they teach customized courses on malware development!

Topics that will be covered are: AMSI/ETW bypass, writing shellcode, writing BOFS, malleable C2 profile, various process injection techniques, hiding strings and imports, and more.

Block 1 — Intro to AV Evasion — 9:00 AM — 11:00 AM

  • hiding malicious strings
  • hiding malicious imports in the IAT
  • pros/cons of encryption/encoding shellcode

Block 2 — PE/COFF Primer — 11:00 AM — 1:00 PM

  • sections and purposes of the PE file format
  • storing shellcode in different sections
  • using and writing BOFs

Block 3 — Process Injection and Loaders — 2:00 PM — 4:00 PM

  • vanilla local and remote process injection
  • kernel callback for shellcode execution
  • Dirty Vanity and MockingJay

Block 4 — Writing Shellcode by Hand — 4:00 PM — 6:00 PM

  • intro to Assembly and memory registers
  • using nasm
  • assembly obfuscation

Requirements:

  • Participants should have basic knowledge of the following: AV/EDR, C/C# programming, C2 basics, Windows APIs
  • Participants need to bring the following: laptop /w 16GB RAM minimum and 1 x external monitor is recommended
  • The following software should be installed: IDA community, nasm, WSL2, VS Code
  • This is deeply technical hands-on training, get a night’s sleep and drink coffee. All the coffee.

Attacking DevOps Pipelines

Date & Time

September 8, 2023 | 9:00 AM — 1:00 PM

Location

In-Person

Jefferson Community and Technical College (JCTC) — 110 W Chestnut St, Louisville, KY 40202

This training lab will walk students through practical, field-tested red team attacks against popular DevOps platforms. Students will get hands-on as they attack the fictitious World of Baseball Analysis (WOBA) LLC, a leader in advanced baseball scouting and research. Students will be taught how to identify escalation pathways through software development pipelines, CI/CD systems, and automation frameworks as they try to gain access to WOBA’s intellectual property and flagship software platform.

Students will be exposed to TTPs pulled from real-world adversary simulations against source code repositories, build servers, credential vaults, automation tools, and Infrastructure-as-Code (IaC) platforms.

Requirements:
A laptop with an OpenVPN client, browser, and RDP/SSH client. Students will receive an OpenVPN configuration file that provides access to the training environment.

Attendee cap:
50

Build Your Cyber Fortress: A Hands-On Workshop on Setting Up a Free Home Lab with LimaCharlie​

Date & Time

September 8, 2023 | 9:00 AM — 6:00 PM

Location

In-Person

Jefferson Community and Technical College (JCTC) — 110 W Chestnut St, Louisville, KY 40202

In the ever-evolving landscape of cybersecurity, practical skills and hands-on experience are invaluable assets. “Build Your Cyber Fortress: A Hands-On Workshop on Setting Up a Free Home Lab with LimaCharlie” offers participants an engaging and immersive experience at Hack Red Con. This workshop aims to empower cybersecurity enthusiasts and professionals with the knowledge and tools necessary to create a home lab leveraging LimaCharlie’s powerful, yet accessible, security infrastructure.​

LimaCharlie, known for its enduring detection and response capabilities, provides users with an efficient and budget-friendly platform. This workshop covers the essential steps in setting up a home lab with LimaCharlie, and guides participants through the configuration of critical security components. The participants will learn how to harness LimaCharlie’s features to monitor and analyze security events, thereby simulating a real-world Security Operations Center (SOC) environment.​

By the end of this hands-on workshop, the participants will be adept at deploying LimaCharlie for personal skill enhancement or even small-scale organizational security. In addition to setup and deployment, the workshop will touch upon best practices for using LimaCharlie to detect, investigate, and respond to security incidents in a controlled environment. This workshop serves as a stepping stone for aspiring cybersecurity professionals and an opportunity for seasoned practitioners to refine their skills.​

Participants are encouraged to bring their laptops to engage with the workshop’s interactive components fully.​

Turning Data Into Intelligence / Intelligence from Data Dumps​

Date & Time

September 8, 2023 | 2:00 PM — 4:00 PM​

Location

In-Person

Jefferson Community and Technical College (JCTC) — 110 W Chestnut St, Louisville, KY 40202

This workshop teaches the attendee the basics of network intelligence analysis and gives considerations for developing “Cleaner” visuals. This workshop will focus on both people, indicators of compromise, and a technique known as master merging.​

In this workshop we will focus on data dumps and show how advanced analytical methodologies can be applied. We will cover the intelligence cycle and how you can modify it to suit your needs, indexing raw data, creating templates, production, social network analysis, and master merging.​

There are no systems that are inherently required but the workshop leader will be using I2 Analyst V 9.1.2. Other programs that are free and can be utilized are:

Digital Forensic — Practical and Necessary Skills

Date & Time

September 8, 2023 | 4:00 PM — 6:00 PM

Location

In-Person

Jefferson Community and Technical College (JCTC) — 110 W Chestnut St, Louisville, KY 40202

2 hour workshop focused on building essential skills necessary for digital forensics and their practical applications. The workshop will cover MFT to timeline creation and analysis, Event Log review — learn tips and tricks to speed up your analysis, Malicious Code De-Obfuscation, and learn how to build a Dynamic Malware analysis lab and efficiently evaluate malware.​

4th Talk Track — Public Fireside Talks

Throughout the conference day, we will host a 4th speaking area. This area will serve as a ‘Fireside Talk’ area, hosting public talks by individuals who would like to speak on various cyber security topics. Speakers may sign up for a talking slot on a first come, first serve basis.

Fireside Talks may include:

  • Securing Your Cloud Environment — Colin Glover
  • Yourself as a Service (YaaS) — Robert “ltnbob” Theisen
  • Hunting 0 day’s for fun and profit — Cameron Maerz
  • Exploring the Dark Side: Introduction to Threat Hunting — Marissa Page

Evening Events

Location: Louisville Slugger Museum & Factory — 800 W Main St, Louisville, KY 40202

Evening Events Hours: 8 PM — 12 AM EST

Come join us for evening events at the Slugger Museum after dark!

Auction + Awards: 8:00 PM — 9:00 PM

Bourbon and Bat Giveaway: TBA

After Party Keynote: 9:00 PM — 10:00 PM

Hacker Jeopardy: 10:00 PM — 11:00 PM

Artwork: https://www.deviantart.com/koioo/art/Matrix-Extra-Crispy-2139724

Slide Shenanigans: 11:00 PM — Midnight

Stay tuned for more details on our after party & award ceremony!

DCG 201 TALK HIGHLIGHTS FOR HACK RED CON 2023 (EST)

This is the section where we have comb through the entire list of talks on both days and list our highlights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention schedule beforehand and make up your own talk highlight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizarre. (Sometimes, all three!)

Common Cloud Misconfigurations​

10:00 AM — 10:45 AM

Mark Gaddy​ ~ Cyber Security Club

In this presentation, I give an overview of different cloud misconfigurations with a focus on Amazon Web Services. As well as remediation techniques and breaches that occurred from these misconfigurations.​

Speaker Bio:

Mark Gaddy recently graduated from the University of West Florida with a degree in Cyber Security. At the University of West Florida, Mark was President of the Cyber Security Club, competing in both red and blue team competitions. Currently, Mark is working towards doing more vulnerability research and gaining certifications in the offensive security space. ​

The Unforeseen Battlefield:
Small Businesses as the New Frontline in National Cybersecurity

10:00 AM — 10:45 AM

Nick Gipson ~ Founder/CEO, Gipson Cyber

The advent of the digital age has not only streamlined business processes but also brought along with it the increased risk of cyber threats. Recent trends indicate a shift in hacker focus from large corporations to unsuspecting targets such as small businesses, including mom-and-pop stores. The paper, titled “The Unforeseen Battlefield: Small Businesses as the New Frontline in National Cybersecurity,” delves into the evolving cybersecurity landscape and analyzes the multi-faceted repercussions of cyber-attacks on small businesses and the consequent ripple effects on national security. Using a case study approach, the paper illustrates the real-life example of a mom-and-pop store that suffered a cyber attack, setting the stage for an in-depth exploration of the motives behind targeting small enterprises. The study underscores how seemingly innocuous entities, such as a small family-run business, can inadvertently become conduits for large-scale attacks on critical infrastructure and government systems. The paper also addresses the potential for aggregated data from multiple small-scale attacks to be used in more sophisticated, targeted attacks against national security interests. By illuminating the cascading effects of breaches in small business security, this paper advocates for a more inclusive approach to national cybersecurity strategies, emphasizing the need for awareness, education, and more robust security measures among small business owners.

Speaker Bio:

Nick Gipson is a seasoned cybersecurity expert renowned for his expertise in incident response, security research, and leadership as the CEO of Gipson Cyber. With nearly a decade of experience, Nick has been instrumental in safeguarding organizations from cyber threats. His published research and industry recognition demonstrates his profound knowledge and innovative insights. As a sought-after speaker and educator, Nick empowers others with his wealth of knowledge, driving proactive cybersecurity practices. Through his visionary leadership, Gipson Cyber remains at the forefront of the industry, offering comprehensive solutions in an ever-changing threat landscape. Nick Gipson’s unwavering commitment to cybersecurity continues to make a remarkable impact, securing organizations and raising awareness worldwide.

How To (Not) Crash UNIX

11:00 AM — 11:45 AM

Barbi Howell ~ CISSP, CRISC, CISA

This presentation is for those who may use Linux such as Kali, Parrot, RedHat, or Ubuntu, but are not experts in UNIX commands. Instead of “How to use ls, cd, chown,” this talk covers “what does the && do in ‘apt-get update && apt-get upgrade’ ?” The goal is less memorization and less looking up syntax and more understanding of why. The talk ends with real world stories of syntax errors causing system degradation and outages.

Speaker Bio:

Barbi is an IT Security Director specializing in Governance Risk and Compliance (GRC) and a former UNIX Sys Admin. A natural leader with a technical background, she is known for effective team building and promoting work-life balance. Barbi resides in Louisville, Kentucky and is a member of professional organizations such as Kentuckiana ISACA chapter. She assisted coordinating regional InfoSec conference, Louisville Metro Infosec Conference (2014–2017). She holds a bachelor’s degree in Computer and Information Science and her certifications are not limited to CISSP, CISM and CISA.

Drone Penetration — Testing Lessons Learned

11:00 AM — 11:45 AM

Jonathan Perez~ Dark Wolf Solutions

In this talk, I give an overview of the lessons learned while performing penetration testing and supply chain analysis on UAS platforms for the Blue UAS and Green UAS programs. Topics include industry trends, common problems, and thoughts on the future of this space.

Speaker Bio:

Jon Perez is a Technical Program Manager with Dark Wolf Solutions specializing in Cybersecurity and Autonomous Systems. He is responsible for overseeing Dark Wolf’s support of the Blue UAS and Green UAS programs in addition to other non-UAS programs. He strongly believes in leading with empathy and focuses his efforts on removing sources of friction so his stellar teams can thrive.

Jon holds a B.S. and M.S in Electrical Engineering from the Georgia institute of Technology. He would go on to spend the early years of his career pursuing electromagnetics research and secure software development as part of the Georgia Tech Research Institute. He currently resides in Atlanta, Georgia where he spends his free time relaxing with his family and writing music.

Incident Response Playbook-101: The importance of an Incident Response Playbook and how to create one.

12:00 PM — 1:00 PM

Yaamini Barathi Mohan ~ VxRail Security at Dell

With the increase in security incidents happening across companies, Incident response teams are in the spotlight. An Incident Response Playbook will help the team organize the process and provide guidance during the time of chaos.

Join me to understand:

  • Why a Playbook is extremely important in the Incident Response process
  • What a Playbook is
  • How to build one for your company from scratch.

‘Flagged’: Tracking Photo Geo-Locations Using Overpass-Turbo

1:00 PM — 1:45 PM

Anna Quinn ~ Rapid7

​In the talk, I will show how I can track images, videos, and more from photos and videos uploaded to social media without using metadata.

Speaker Bio:

Anna has a mixed IT background of over two years’ experience in system hardening, threat hunting, and blue and red team operations, as well as 3 years’ experience in IT in helpdesk and sysadmin roles. She joined Rapid7 as a penetration testing consultant in January of 2023. At Rapid7, Anna provides in-depth overviews on new exploitation techniques within the realms of Open-Source Intelligence (OSINT) and internal network penetration testing, specializing in Active Directory exploitation and pivoting. Anna also has expansive lab building experience — developing Application Programming Interfaces (APIs) for research and exploit development. In addition to this, Anna builds wireless labs, lockpicking environments, and Active Directory deployments for testing and research purposes. Anna also develops custom tools and scripts for the Rapid7 pentest team. Industries she has conducted penetration testing for and worked with closely include the financial, healthcare, social media, education, and energy industries.

Abusing IPv6 on the Public Internet

2:00 PM — 2:45 PM

TheTechromancer ~ Hacker, Black Lantern Security

As an attacker, what could you do if you had 4,722,366,482,869,645,213,696 IP addresses?

This is not a talk about mitm6 or DHCPv6. Instead we will focus on how IPv6 can be used for new and nefarious purposes on the Internet.

We’ll get technical, demoing live attacks with TREVORproxy — a special SOCKS proxy that splits your web traffic into a billion different source IPv6 addresses. We’ll demo how to use this to bypass WAFs, password smart lockouts, and other rate-limiting mechanisms.
Then we’ll cover each of the major cloud providers, their progress in deploying IPv6, and how they’re vulnerable to these methods. Finally, we’ll explore the kwirks and limitations of IPv6 attacks, and tricks for making them as effective as possible.

Speaker Bio:

TheTechromancer is a hacker at Black Lantern Security. When he’s not pentesting, he enjoys writing hacking tools in Python, and speaking about them at conferences. He is an avid believer in open source software, and by the way he runs Arch Linux. He remains largely absent from the social media scene except on Github and ArtStation. He has some certifications, but asks that you judge him not by the color of his certs, but by the content of his Github profile. When provoked, he is likely to rant about Microsoft. Despite all these things he’s actually a pretty friendly person.

Serving Soft Skills All Day

3:00 PM — 3:45 PM

Sienna Delvasto

Deciding for a career change can seem intimidating when you’re making the jump from a soft-skill-driven field such as hospitality to Cybersecurity, however, it doesn’t have to be. From the outside looking in, Cybersecurity can seem like an industry with heavy dependency on technical skills, though technical skills may be helpful for some roles, soft skills can be just as important (if not more). To ease the stress of this transition, this talk will be drawing the similarities between day-to-day activities as a server/bartender to that of a cybersecurity analyst. From juggling orders, running the expo window to working the closing section, you can leverage these skills to have a successful career in cybersecurity.

Speaker Bio:

Sienna Delvasto has been in the Cybersecurity industry for 5 years. While attending Gwinnett Technical College as a Computer Science Major she was introduced to Cybersecurity (love at first shell) and decided to focus her goals on that career field. In her time in the field, she started in Vulnerability Management, moved into Penetration Testing and is currently focused in Application Security. Prior to being in Cybersecurity she has spent 7 years in the service/hospitality industry and brought the skills gained from those years of experience into her career in Cybersecurity.

Is it a Feature? Is it a Vulnerability? It’s Active Directory.

4:00 PM — 4:45 PM

Qasim Ijaz ~ Director of Offensive Security, Blue Bastion Security

This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).

Speaker Bio:

Qasim “Q” Ijaz is the Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the “dry” business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.

--

--

DCG 201
DCG 201

Written by DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org

No responses yet