To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
10:00
10:00
30min
Opening Ceremony

Blue Team Village Opening Ceremony

Main Stage
10:30
10:30
60min
CTH 101: Part I & II
Tino aka Paladin316, CerealKiller

Introduction to Cyber Threat Hunting & Threat Hunting Methodologies

Project Obsidian: 101 Track (0x41)
Project Obsidian: 101 Track (0x41)
10:30
60min
IR Analysis: Part I & II
juju43

IR analysis in two parts; Part I: Know Yourself, Know Your Logs, Part II: MSTICPY and Velociraptor Collection & Offline Analysis.

Project Obsidian: Kill Chain Track (0x42)
Project Obsidian: Kill Chain Track (0x42)
10:30
60min
Insider Threats (InT): Hindsight and Foresight
plug, aviditas

Fact vs Fiction: Starting at zero how to approach and handle an InT incident from a real-world use case, and then an overview of how InT is both the same and yet different from a traditional incident.

Foe vs Friend: For the right peas of mind, a primer on using a post-mortem to shift into preparation to proactively manage InT risks, plus how to preclude the usual pitfalls to promote positive reinforcement and minimize paranoia.

Project Obsidian
Main Stage
11:30
11:30
60min
CTH: (n)Map Exploration: A Great Time in Remote Destinations
SamunoskeX

Can we find activity within the corporate network that might be suspicious?

Project Obsidian: Kill Chain Track (0x42)
Project Obsidian: Kill Chain Track (0x42)
11:30
60min
IR 101: Part I, II, III
CountZ3r0, ChocolateCoat, Cyb3rhawk

IR Foundations & Analyst Mindset and Quality Assurance

Project Obsidian: 101 Track (0x41)
Project Obsidian: 101 Track (0x41)
11:30
60min
Security Engineering for Adversarial Emulation and Red Teaming
plug, sandw1ch

Securing Engineering is a core element of security. In this session, you will hear how the Obsidian Engineers collaborated with the Red Team to architect and build this year's Obsidian adversary simulation environment. PS: You will be able to make your own too!

Project Obsidian
Main Stage
13:30
13:30
60min
Forensic Analysis: Part I & II
Omenscan, Danny D. Henderson Jr (B4nd1t0)

Forensics analysis; Part I: Forensics Analysis: Insider Threat, Part II: Forensics Analysis: Pivoting from IT to OT

Project Obsidian: Kill Chain Track (0x42)
Project Obsidian: Kill Chain Track (0x42)
13:30
60min
IR 101: Part IV, V
juju43

IR 101 covering Analyst Mindset and Quality Assurance Processes.

Project Obsidian: 101 Track (0x41)
Project Obsidian: 101 Track (0x41)
13:30
60min
OT: Why OT Cybersecurity Engineers Drink So Much
ThatDeadGuy

A brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.

Project Obsidian: Kill Chain Track (0x42)
Main Stage
15:00
15:00
60min
SOC Panel: Finding, Keeping, and Caring for the Best People
Carson Zimmerman, Alissa Torres, Christopher Crowley, Russ McRee

Come hear 4 SOC veterans discuss some of the most challenging topics in SOCs today. People are our most important asset, but recruiting, retention, and career growth continue to be a sore spot for many. Trying to break into the field? Been laid off? Worried about training or outsourcing? This panel is for you. We share with you what we’ve learned over the years; along the way we will spice it up with some war stories and hard won lessons.

Panels/Interactive Content
Main Stage
16:00
16:00
120min
Monroeville Live: An IR Tabletop for the Rest of Us
Litmoose, Gwyddia, Matt Mahler, Shea Nangle, Dave Collins, Nathan Case, Nina Alli

This is an interactive incident response tabletop workshop in a “game show”-type format. Attendees will work through a crisis response scenario designed exclusively for a live studio audience and will have the opportunity to describe how they might handle progressive stages of an emerging incident. Their responses will be evaluated by our “celebrity” judges who will balance a light tone with meaningful feedback that participants can use both to work through the problem sets presented and to learn to guide their teams through a real IR. Wrong answers allowed and encouraged; all experience and tech levels welcome.

Panels/Interactive Content
Main Stage
10:30
10:30
60min
CTH: Log4j - The Silent Menace Among Us
Cyb3rhawk

The recent Log4j vulnerability has been making headlines and causing significant harm to organizations that rely on Apache Log4j for logging. In this talk, we'll go beyond the headlines and provide a deep dive into threat hunting techniques and their application in detecting vulnerabilities like Log4j.

Project Obsidian: Kill Chain Track (0x42)
Project Obsidian: Kill Chain Track (0x42)
10:30
60min
DE: Breaking the Rule
Oldmonk

The what, how and process of detection engineering.

Project Obsidian: 101 Track (0x41)
Project Obsidian: 101 Track (0x41)
10:30
60min
IR/4n6: Obsidian DFIR - Gang aft agley
plug, Omenscan, CountZ3r0

Come listen to some grouchy, well worn Incident Responders talk about the planning and reality of staging a live fire DFIR simulation, and how even well planned exercises, just like any other IR never go as planned.

Project Obsidian
Main Stage
11:30
11:30
60min
(n)Map Exploration: A Great Time in Remote Destinations
SamunoskeX

Can we find activity within the corporate network that might be suspicious?

Project Obsidian
Main Stage
11:30
60min
DE: Building a Detection Alert From a Threat Hunt
kobaltfox

A review of the detection engineering cycle and a walkthrough taking a threat hunt report and building a SIEM alert.

Project Obsidian: Kill Chain Track (0x42)
Project Obsidian: Kill Chain Track (0x42)
11:30
30min
Forensics 101 Part I & II
Danny D. Henderson Jr (B4nd1t0), Gyle_dC

Introduction to Forensics: Part I & II

Project Obsidian: 101 Track (0x41)
Project Obsidian: 101 Track (0x41)
13:30
13:30
30min
CTH 101: Part III, IV, V
Tino aka Paladin316, Cyb3rHawk

CTH 101: Threat Hunting Techniques, Case Studies and Labs, Conclusion and Next Steps

Project Obsidian: 101 Track (0x41)
Project Obsidian: 101 Track (0x41)
13:30
60min
So you want to become a Detection Engineer
plug, CerealKiller, Oldmonk, kobaltfox

Security is nothing without visibility, join a group of practitioners as they outline ways to get you started in detection engineering.

Project Obsidian
Main Stage
13:30
60min
Why OT Cybersecurity Engineers Drink So Much
ThatDeadGuy

A brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.

Project Obsidian
Project Obsidian: Kill Chain Track (0x42)
15:45
15:45
60min
Arson Herders: An IR Guide to Fighting and Lighting Fires
Litmoose, Tina Velez (Mugwump Jones), Matt Linton, Matt Wagenknecht (dis0wn)

Join three of our seasoned (and sometimes crispy) Digital Forensics and Incident Response heavy hitters as they relay their tales from the front lines fighting against active threat actors, insider oopsies, and general misconfigurations. The catch? A holistic approach to security can involve lighting some fires of your own. The discussion will cover how the hot, hot flames of an incident touch everyone -- from C-levels to admins, intel to the red team. Come bask in the warm glow (while enjoying the cool Vegas AC), and be sure to stay for the Q & A!

Panels/Interactive Content
Main Stage
17:00
17:00
60min
It’s not that your threat intelligence IOCs are worthless…
Mick/nohackme, Charlie, Lauren Proehl, Silas Cutler

From discovery to dissemination, the value of cyber threat intelligence rapidly decreases to the point of uselessness. Why? It’s complicated. Does it have to be? Join us for a lively discussion on threat intelligence from discovery and dissemination, and how to find value in the valueless.

Panels/Interactive Content
Main Stage