--[ Physical Workshops

--[ App Ambush: HackerOne @ AvengerCon CTF


Nick Zajciw, is a Community Manager at HackerOne where he focuses on recruiting and engaging HackerOne's community of hackers. Prior to HackeOne he spent four years as Senior Manager, Cyber Initiatives at bwtech@UMBC and was a Venture for America fellow. He is a graduate of University of Michigan and has a graduate certificate in Cybersecurity Operations from UMBC.


Join HackerOne, the leaders in crowdsourced security in a CTF challenge while at AvengerCon. HackerOne will be running a half-day hybrid CTF event (available both to those attending in-person and virtually). Our CTF will feature flags of varying difficulty as you progress through the levels. Those with entry to advanced knowledge of web application hacking will enjoy the challenges we have in store for the event. Prizes will be awarded for the top 3 participants in the event and will be announced at the Event.

In 2018, HackerOne launched Hacker101, one of the largest free resources to learn to hack online. Hackers have access to CTF levels of varying difficulty covering a range of topics and techniques, while being constantly updated. As part of our mission to empower the world to build a safer internet, HackerOne has paid out $150M+ in bug bounties, manages a discord of 57,000 aspiring hackers, and supports both our customers and community through exclusive challenges and Live Hacking Events.


Laptop, access to the internet, and basic understanding of web application security.

--[ Capture the Flag With Vectra AI


Hone your adversarial, analysis and hunting skills by experiencing firsthand how attackers plot, ploy and work their way into organizations in a simulated enterprise environment.

Join this hands-on, interactive Red and Blue Team Workshop where you will:

  • Learn the techniques and tactics of different critical attack vectors

  • Practice how attackers exploit network vulnerabilities

  • Test the visibility of a network detection and response (NDR) solution through a self-paced, free play format

  • Analyze behavior-based indicators post-compromise without signature matching

  • Launch deeper incident investigations into attacks


No special tools are required. Security experts are available for individual support, tips and tricks during this interactive workshop.

--[ Guarding Against Ransomware With Free and Open Elastic Security


Free and open Elastic Security empowers teams with limited resources to collect, analyze, and search across large amounts of security data at scale. Learn how to protect your enterprise from ransomware, malware, and other malicious techniques by eliminating blindspots and getting full visibility into your networks and systems with Elastic. Principal Solutions Architect Michael Young will introduce you to the Elastic Platform, showcase how Elastic Security allows users to ingest and retain large volumes of data for augmented threat hunting, and provide a live demo of how it all works. You'll also see how Elastic defines the potential of XDR for cybersecurity teams and delivers limitless free and open XDR, SIEM, and endpoint capabilities built on a single platform.

Attendees will have the opportunity to participate in a live Capture the Flag (CTF) exercise to investigate a real-life security incident. You'll experience how Elastic Security builds on the power of the Elastic Stack to deliver out-of-the-box capabilities that help security operations teams do their jobs more effectively. This CTF will be open for the whole event and will have our solutions architect team readily available to assist you.

--[ Hands-on Exercise With Elastic Machine Learning Features


Search is the connective tissue that drives real-time, multi-INT discovery in national security. With a single query, the right search tool can detect anomalies and predict outcomes with machine learning. Elastic is a search platform that empowers analysts to centralize and search every intelligence data point in a single stack, illuminating anomalies in an intuitive interface with no data science knowledge required.

Join this workshop to try out Elastic's powerful algorithms and see how they learn patterns from your data so you can quickly identify areas of greatest interest, problems with services or infrastructure, and attacks that can compromise your integrity. You'll get a live demonstration of Elastic's supervised and unsupervised machine learning features and have an opportunity to have your questions answered by the experts.


--[ Intro to Reversing and Exploitation


Jeremy Blackthorne (@0xJeremy) is an instructor at the Boston Cybernetics Institute (BCI), where he develops and delivers cybersecurity curriculum to the military. Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Jeremy has published research at various academic and industry conferences. He served in the Marine Corps 2002 - 2006 as a rifleman and scout sniper, and is an alumnus of RPISEC.


Reverse engineering is an essential skill for many tasks in cybersecurity such as malware analysis, vulnerability discovery, and exploitation. In this 6-hour course, we teach students how to use hex editors, disassemblers, and debuggers on x86/x64 binaries in Linux as applied to these various tasks.

This is a majority hands-on course with theory and lecture as needed. Exercises balance fundamentals with modern applications. After completing this course, students will have the practical skills to apply reverse-engineering in their day-to-day work.

We provide a virtual machine, bundled with free software, exercises, and educational materials.

--[ Ransomware, Exorcising Alastor


Are you brave enough to try and fight back against a live ransomware infection in a Windows network? You will be pitted against our latest malware sample Alastor in a live environment and charged with trying to stop the infection from spreading and trying to recover the critical files that have been lost.

Participants will be asked to assume the role of a forensic investigator or malware analyst and placed in a live virtual Windows 10 environment. The Alastor infection will launch without warning and participants will be divided into two groups:

Forensic Investigators

The forensic investigator must be able to examine a live system that has been infected or where an infection just took place. They should use forensic techniques to attempt to identify the malware that caused the infection. The forensic investigator should be able to examine network communications to identify any Internet connected assets the malware may communicate with during infection for command and control. The forensic investigator may be required to examine C2 servers to identify vulnerabilities that could be leveraged to gain access and identify decryption details. The forensic investigator should be able to develop indicators of compromise for an active infection and hopefully develop mitigations to prevent any further infection such as firewall restrictions or Windows Defender security policy changes.

Malware Analysts

The malware analyst should be able to examine a Windows binary without uploading to VirusTotal or any Internet connected virus scanner or sandboxing site(s). They should be able to identify embedded strings, instructions, configuration files and ideally identify embedded code. The malware analyst should be able to identify indicators of compromise and write pattern matching rules or signatures that they can share with future investigators or examine other systems for potential infections.

These groups need to work together to attempt to stop active infections and prevent spread of Alastor to new hosts within the environment. They will need to study the infected hosts, the network communications and the actual malware samples themselves if they can identify them. We will provide guiding hints to help move the story along but may also inhibit the investigation if we find skilled participants are going to rush to a solution alone without helping their team solve the problem.

--[ Threat Hunting With Jupyter


Moving beyond prepared data presentation (think dashboards) to rapid triage and automation of threat discovery is a must these days. One of the easiest entries into this is by utilizing tools such as Jupyter, and information providers APIs such as Virus Total, Shodan and AlienVault.

In this class, we will cover basic Python scripting syntax to gather, transform, and explore data. We'll also process log files so that Indicators of Compromise (IoC) can be investigated. Then, we'll output findings in data visualizations through the use of Python libraries like Matplotlib and Pandas and html based forced directed graphs.

Topics we will cover:

  • STiX/TAXII 2.0: Threat Intelligence Exchange Systems for conveyance of information

  • Threat Information Providers API Access Queries: AlienVault, MISP, Mitre ATT&K Models

  • Data Grooming and Filtering

  • Processing Suspected Threat Activity for Discovery and Mitigation

  • Jupyter Notebooks

  • Python

  • Java Script

  • HTML

Specific tools and packages will include:

  • TI providers : Lookup IoCs across multiple TI providers; Built-in providers include AlienVault OTX, IBM XForce, VirusTotal, Shodan

  • Vtlookup: Virus Total API access for IoC processing

  • IP Geo: We'll look at two packages - GeoLiteLookup (Maxmind) and IPStackLookup

  • Eventcluster: Summarization of large numbers of events into clusters of different patterns using unsupervised ML modules.