Blue Team Village Opening Ceremony

Introduction to Cyber Threat Hunting & Threat Hunting Methodologies

IR analysis in two parts; Part I: Know Yourself, Know Your Logs, Part II: MSTICPY and Velociraptor Collection & Offline Analysis.

Fact vs Fiction: Starting at zero how to approach and handle an InT incident from a real-world use case, and then an overview of how InT is both the same and yet different from a traditional incident.

Foe vs Friend: For the right peas of mind, a primer on using a post-mortem to shift into preparation to proactively manage InT risks, plus how to preclude the usual pitfalls to promote positive reinforcement and minimize paranoia.

Can we find activity within the corporate network that might be suspicious?

IR Foundations & Analyst Mindset and Quality Assurance

Securing Engineering is a core element of security. In this session, you will hear how the Obsidian Engineers collaborated with the Red Team to architect and build this year's Obsidian adversary simulation environment. PS: You will be able to make your own too!

Forensics analysis; Part I: Forensics Analysis: Insider Threat, Part II: Forensics Analysis: Pivoting from IT to OT

IR 101 covering Analyst Mindset and Quality Assurance Processes.

A brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.

Come hear 4 SOC veterans discuss some of the most challenging topics in SOCs today. People are our most important asset, but recruiting, retention, and career growth continue to be a sore spot for many. Trying to break into the field? Been laid off? Worried about training or outsourcing? This panel is for you. We share with you what we’ve learned over the years; along the way we will spice it up with some war stories and hard won lessons.

This is an interactive incident response tabletop workshop in a “game show”-type format. Attendees will work through a crisis response scenario designed exclusively for a live studio audience and will have the opportunity to describe how they might handle progressive stages of an emerging incident. Their responses will be evaluated by our “celebrity” judges who will balance a light tone with meaningful feedback that participants can use both to work through the problem sets presented and to learn to guide their teams through a real IR. Wrong answers allowed and encouraged; all experience and tech levels welcome.

The recent Log4j vulnerability has been making headlines and causing significant harm to organizations that rely on Apache Log4j for logging. In this talk, we'll go beyond the headlines and provide a deep dive into threat hunting techniques and their application in detecting vulnerabilities like Log4j.

The what, how and process of detection engineering.

Come listen to some grouchy, well worn Incident Responders talk about the planning and reality of staging a live fire DFIR simulation, and how even well planned exercises, just like any other IR never go as planned.

Can we find activity within the corporate network that might be suspicious?

A review of the detection engineering cycle and a walkthrough taking a threat hunt report and building a SIEM alert.

Introduction to Forensics: Part I & II

CTH 101: Threat Hunting Techniques, Case Studies and Labs, Conclusion and Next Steps

Security is nothing without visibility, join a group of practitioners as they outline ways to get you started in detection engineering.

A brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.

Join three of our seasoned (and sometimes crispy) Digital Forensics and Incident Response heavy hitters as they relay their tales from the front lines fighting against active threat actors, insider oopsies, and general misconfigurations. The catch? A holistic approach to security can involve lighting some fires of your own. The discussion will cover how the hot, hot flames of an incident touch everyone -- from C-levels to admins, intel to the red team. Come bask in the warm glow (while enjoying the cool Vegas AC), and be sure to stay for the Q & A!

From discovery to dissemination, the value of cyber threat intelligence rapidly decreases to the point of uselessness. Why? It’s complicated. Does it have to be? Join us for a lively discussion on threat intelligence from discovery and dissemination, and how to find value in the valueless.

Game session

Project Obsidian panel discussion: Who, What, When, Where, and How

Blue Team Village Closing Ceremony