darkartslogo
Briefing

Event Schedule

Event Starts On: June 7, 2022 8:00,AM
Event Ends On: June 9, 2022 3:00,PM
Briefings
Date
Time
Speaker
Briefing Details
Dark Arts Opening
June 7, 2022
09:00:00am

Opening and welcome to the Dark Arts Village

Attack on Cloud
June 7, 2022
09:30:00am

Tired of using GUIs to provision infrastructure for Game Days and CTFs? This briefing introduces participants to threat emulation at scale, using infrastructure as code (IaC). IaC is a natural partner in offensive attack simulations; with it, organizations can quickly provision and configure sandbox environments to test their code and platform security posture, before someone else does. Learn how to deploy AWS cloud resources using intentionally vulnerable Terraform templates, leveraging code to replicate insecure architectural patterns. Presenters will demonstrate findings from exploiting the latter to launch an Ethereum cryptominer with CloudFormation. From credential access to impact, this offensive attack simulation will take participants through the MITRE ATT&CK Enterprise Cloud Matrix. Finally, discover open source tooling to audit and threat model codified deployments and implement secure infrastructure development best practices to mitigate risk with policy-as code.

Cooking Cyber Recipes with CyberChef
June 7, 2022
11:00:00am

CyberChef is known as the "The Cyber Swiss Army Knife" and is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without dealing with complex tools or algorithms. In this presentation, the presenter will show you what the tool can do and the basics of creating recipes using operations like simple encoding like XOR and Base64, compression and decompression of data, calculating hashes and checksums, and much more.

Violent Python 3
June 7, 2022
12:00:00pm

Violent Python 3 Workshop Description Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. In hands-on projects, participants will create tools and hack into test systems, including: Port scanning Login brute-forcing Port knocking Cracking password hashes Sneaking malware past antivirus engines With just a few lines of Python, it's easy to create a keylogger that defeats every commercial antivirus product, from Kaspersky to FireEye. What You Need: I recommend a Kali Linux 2 computer, real or virtual. However, you can use some other type of Linux, or Mac OS X, or even Windows with Python 2.7 installed. However, you can't do these projects with a default Chromebook or iPad. Level V also requires a Windows computer (real or virtual).

Crypto CTF
June 7, 2022
02:00:00pm

Crypto CTF Lets be real. Cryptography is not an approachable field. “Cryptographic Failures” takes the #2 spot on OWASP Top 10:2021; and for good reason. Factoring large primes and calculating modular inverses is dizzying. What is base64, anyway? This session gently introduces participants to foundations of classic and modern cryptography through a CTF style adventure. This session assumes no prior knowledge of cryptography.

Mastering OSINT for Cybersecurity Professionals
June 7, 2022
04:00:00pm

Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt and publicly available sources) to produce actionable intelligence. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence in answering classified, unclassified, or proprietary intelligence requirements across the previous intelligence disciplines

Dark Arts Village Opening
June 8, 2022
09:00:00am

Opening of the Dark Arts Village

Net Analysis w/ Wireshark
June 8, 2022
09:15:00am

Net Analysis w/ Wireshark

Attack Surface Management
June 8, 2022
11:00:00am

Attack Surface Management

Sock Puppets
June 8, 2022
01:00:00pm

An online identity created, and used, for purposes of deception. A sockpuppet purports to be an independent party that supports, approves of, or agrees with some agent (a person, organization, agency, or state), but is in fact created and controlled by that agent, and has no independent existence. Common uses of sockpuppets include plausibly deniable hacking or information operations, provocation, and astroturfing (creation of the illusion of grassroots support).

Threat Hunting w/ Splunk
June 8, 2022
02:00:00pm

Threat Hunting w/ Splunk

Kubernetes (In)Security
June 8, 2022
04:00:00pm

Kubernetes (In)Security Why are more and more companies moving to the Private & Hybrid Cloud? Why is everybody talking about Kubernetes? Is it good? Is it Secure? In this talk you will learn about the basics of Kubernetes and how it works, then you will explore common attack vectors used against Kubernetes infrastructure ("The threat matrix of Kubernetes") as well as protections you can put in place to mitigate risk and stop attackers (RBAC, Security Context, Network Policies, Pod Security Policies, OPA, etc.) A short hands-on experience CTF in a local Kubernetes environment, when completed with the training attendees can play it (https://github.com/Alevsk/dvka)

Prey v Hunter
June 8, 2022
05:00:00pm

Prey v Hunter

Dark Arts Opening
June 9, 2022
09:00:00am

Dark Arts Opening

Dark Side Twitter
June 9, 2022
09:30:00am

Dark Side Twitter

Windows Internals
June 9, 2022
11:00:00am

Windows Internals

Alpacattack
June 9, 2022
01:00:00pm

Alpacattack

SBX3-TIL4: Offensive Capture the Flag 101
June 7, 2022
04:45:00pm

Sandbox Training Space - SBX3-TIL4: Offensive Capture the Flag 101 - Guided Beginner CTF

SBX3-WIL3: Web Application Hacking 101
June 8, 2022
02:25:00pm

Sandbox Training Space - SBX3-WIL3: Web Application Hacking 101

Building a Cloud-Based Pentesting Platform
June 9, 2022
01:00:00pm

Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. This ability to test externally facing systems is nothing new and has been done over the years using various configurations. In this presentation attendees will learn how to build a cloud-based pentesting environment useful to pentesters, red teamers, and bug bounty hunters. Moscone South Level 2 - RSAC Sandbox Stage

RSA Conference is where the cybersecurity world comes together. For four days, you’ll gain insights, join conversations and experience solutions that could make a huge impact on your organization and your career. With so much change happening in our industry, we’re here to help you stay ahead of it all. We’re excited to be back in San Francisco, but a Digital Pass is also available for those who cannot attend live.

However you experience RSAC 2022, you’ll come away with knowledge and insights that will spark ideas and help you make the game-changing decisions that will transform the way you protect the world from threats.

The Dark Arts Village will be live in-person at the RSA Conference June 7-9 hosting Labs, Training, Competitions and a whole lot of Knowledge Transfer.

We will also be hosting a Virtual Speaker series at the same time, so if you cant make it in person, don’t worry you won’t be left out, we will have some of the brightest minds in the world speaking on Cybersecurity, check it out right here June 7th to the 9th.

Schedule of Events Onsite

Schedule for Virtual