Opening and welcome to the Dark Arts Village

Tired of using GUIs to provision infrastructure for Game Days and CTFs? This briefing introduces participants to threat emulation at scale, using infrastructure as code (IaC). IaC is a natural partner in offensive attack simulations; with it, organizations can quickly provision and configure sandbox environments to test their code and platform security posture, before someone else does. Learn how to deploy AWS cloud resources using intentionally vulnerable Terraform templates, leveraging code to replicate insecure architectural patterns. Presenters will demonstrate findings from exploiting the latter to launch an Ethereum cryptominer with CloudFormation. From credential access to impact, this offensive attack simulation will take participants through the MITRE ATT&CK Enterprise Cloud Matrix. Finally, discover open source tooling to audit and threat model codified deployments and implement secure infrastructure development best practices to mitigate risk with policy-as code.

CyberChef is known as the "The Cyber Swiss Army Knife" and is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without dealing with complex tools or algorithms. In this presentation, the presenter will show you what the tool can do and the basics of creating recipes using operations like simple encoding like XOR and Base64, compression and decompression of data, calculating hashes and checksums, and much more.

Violent Python 3 Workshop Description Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. In hands-on projects, participants will create tools and hack into test systems, including: Port scanning Login brute-forcing Port knocking Cracking password hashes Sneaking malware past antivirus engines With just a few lines of Python, it's easy to create a keylogger that defeats every commercial antivirus product, from Kaspersky to FireEye. What You Need: I recommend a Kali Linux 2 computer, real or virtual. However, you can use some other type of Linux, or Mac OS X, or even Windows with Python 2.7 installed. However, you can't do these projects with a default Chromebook or iPad. Level V also requires a Windows computer (real or virtual).

Crypto CTF Lets be real. Cryptography is not an approachable field. “Cryptographic Failures” takes the #2 spot on OWASP Top 10:2021; and for good reason. Factoring large primes and calculating modular inverses is dizzying. What is base64, anyway? This session gently introduces participants to foundations of classic and modern cryptography through a CTF style adventure. This session assumes no prior knowledge of cryptography.

Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt and publicly available sources) to produce actionable intelligence. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence in answering classified, unclassified, or proprietary intelligence requirements across the previous intelligence disciplines

Opening of the Dark Arts Village

Net Analysis w/ Wireshark

Attack Surface Management

An online identity created, and used, for purposes of deception. A sockpuppet purports to be an independent party that supports, approves of, or agrees with some agent (a person, organization, agency, or state), but is in fact created and controlled by that agent, and has no independent existence. Common uses of sockpuppets include plausibly deniable hacking or information operations, provocation, and astroturfing (creation of the illusion of grassroots support).

Threat Hunting w/ Splunk

Kubernetes (In)Security Why are more and more companies moving to the Private & Hybrid Cloud? Why is everybody talking about Kubernetes? Is it good? Is it Secure? In this talk you will learn about the basics of Kubernetes and how it works, then you will explore common attack vectors used against Kubernetes infrastructure ("The threat matrix of Kubernetes") as well as protections you can put in place to mitigate risk and stop attackers (RBAC, Security Context, Network Policies, Pod Security Policies, OPA, etc.) A short hands-on experience CTF in a local Kubernetes environment, when completed with the training attendees can play it (https://github.com/Alevsk/dvka)

Prey v Hunter

Dark Arts Opening

Dark Side Twitter

Windows Internals

Alpacattack

Sandbox Training Space - SBX3-TIL4: Offensive Capture the Flag 101 - Guided Beginner CTF

Sandbox Training Space - SBX3-WIL3: Web Application Hacking 101

Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. This ability to test externally facing systems is nothing new and has been done over the years using various configurations. In this presentation attendees will learn how to build a cloud-based pentesting environment useful to pentesters, red teamers, and bug bounty hunters. Moscone South Level 2 - RSAC Sandbox Stage