Red Team Village, c0c0n 2020

c0c0n 2020

Red Team Village

Going virtual this year

Red Team Village ( is a community driven combat readiness platform for Adversarial attack simulation and Red teaming. This community is managed by a group of cyber security and red team tactics enthusiasts.
A red teamer needs to be skilled in every aspect of offensive security. We can consider this as a platform to share tactics, techniques, and tools related to various domains of adversarial attack simulation.
We have been organizing workshops, talks, demonstrations, open discussions, Capture the flag challenges and other exercises at Cyber Security conferences for the past 4 years.
We do design real life corporate CTF scenarios with the same network architecture and defensive mechanisms. The CTF players needs to do the red teaming against this infrastructure which protected and monitored by Blue teams.

Village agenda

17th, 18th September, 2020

1. Talks on Red teaming tactics and Adversarial attack simulation (30 - 45 minutes)

2. Training/Workshop on Adversarial attack simulation, Red teaming and Offensive cyber security (2 - 4 hours)

3. Open discussions - Discord

Technical workshops:

17th September, 2020 14:45 IST to 00:30 IST

Red Team Workshop 1: Advanced SSRF Exploitation


Server-Side Request Forgery (SSRF) is a vulnerability class in which an attacker can make the application send requests on their behalf. As a basic exploitation scenario, an attacker might be able to access internal applications, perform port scan and use the application host as proxy. We will be focusing on advance attack scenarios as well. This workshop will be covering the understanding of Server-Side Request Forgery (SSRF), how to identify the SSRF sink, exploiting SSRF, bypassing SSRF, real-time attack scenarios including the cloud exploitation, risk and remediation. The syllabus as seen below:
1. Basics of SSRF
2. Identifying SSRF Sink
3. Exploiting SSRF
4. Leveraging various URL schema
5. Bypassing SSRF filters
6. Real-time attack scenarios
7. Exploiting SSRF in the Era of cloud
8. Defense against SSRF
9. Interesting Case Studies

The objective of the workshop is to provide hands-on practical experiences to understand SSRF risks. The workshop will start with the basics of SSRF and deep dive into SSRF exploitation and finally remediation.

Savan Gadhiya,Principal Security Consultant at NotSoSecure

Savan Gadhiya is working as a Principal Security Consultant at NotSoSecure. He completed his masters in IT Systems and Network Security in 2013. He has more than 6 years of experience in IT Security and 9 years of experience in Information Technology. He is one of the members in developing Advanced Web Hacking Labs of NotSoSecure. He can be found on Twitter @gadhiyasavan. He has delivered a workshop on Server-Side Request Forgery at BSides Ahmedabad 2019 and a few talks in Nullcon monthly meetups.

Red Team Workshop 2: Practical Mobile App Attacks By Example


If you are the kind of person who enjoys workshops with practical information that youcan immediately apply when you go back to work, this workshop is for you, all action, nofluff :) Attendants will be provided with training portal access to practice some attack vectors,including multiple mobile app attack surface attacks, deeplinks and mobile app dataexfiltration with XSS. This includes: Lifetime access to a training VM, vulnerable apps topractice, guided exercise PDFs and video recording explaining how to solve theexercises.This workshop is a comprehensive review of interesting security flaws that we havediscovered over the years in many Android and iOS mobile apps:
An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirementssuch as password vaults and privacy browsers, security issues in government-mandatedapps with considerable media coverage such as Smart Sheriff, apps that report humanright abuse where a security flaw could get somebody killed in the real world, and more.
The workshop offers a thorough review of interesting security anti-patterns and how theycould be abused, this is very valuable information for those intending to defend or findvulnerabilities in mobile apps.This workshop is for those who are intending to broaden their knowledge of mobilesecurity with actionable information derived from real-world penetration testing of mobileapps.Please come caffeinated, the audience will be challenged to spot vulnerabilities at anymoment :)

Abraham Aranguren, CEO, Security Trainer, Director of Penetration Testing - 7A Security

After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity(​​), a company specializing in penetration testing of web/mobile apps,infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB,OWASP Global AppSec and many other events. Former senior penetration tester / teamlead at Cure53 (​​) and Version 1 (​​). Creator of “PracticalWeb Defense” - a hands-on eLearnSecurity attack / defense course(​​), OWASP OWTF project leader, an OWASP flagshipproject (​​), Major degree and Diploma in Computer Science, some certs: CISSP,OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard.
He writes on Twitter as ​@7asecurity​​ @7a_ ​​@owtfp​ or ​​. Multiple presentations, pentest reports and recordings can be found at

Red Team Workshop 3: Detect Hunt and MITRE


The workshop will be based on a real-world attack scenario such as advanced persistent threats (APT) and hunting malicious artefacts efficiently. Get hands-on with the latest APT detections and threat investigations with MITRE TTPs that enriches blue team detection techniques. We will be using a threat hunting platform like Elastic including SIEM and machine learning in efficiently finding known unknown and unknown unknowns. We will also utilize the MITRE ATT&CK framework through-out the exercise.
LAB 0: Familiarising yourself with the Lab Setup
LAB 1: Analyse and Visualise with real time monitoring.
LAB 2: Overview of Elastic SIEM
LAB 3: Hunt the artifacts with MITRE TTPs.
LAB 4: Using the Detection Engine
LAB 5: Using Cases for collaborative incident response

Aravind Putrevu, Developer Advocate at Elastic

Aravind is passionate about evangelizing technology, meeting developers, and helping in solving their problems. He is a backend developer and has eight years of development experience. Currently, he works at Elastic as Developer Advocate and looks after the Developer Relation function of India, South East Asia. Previously, He worked at McAfee Antivirus as a Sr. Software Engineer in Cloud Security Domain. He has a deep interest in Search, Machine Learning, Security Incident Analysis, and IoT tech. In his free time, he plays around Raspi or an Arduino.

Haran Kumar, Solutions Architect - Security Specialist at Elastic

Skills driven and passionate security professional with extensive experience in SOC architecture, SIEM log Management, Endpoint security, Incident Response and cybersecurity operations. Currently living his security passion by helping projects and prospects in architecting security solutions with Elastic stack. Working as a solutions architect managing cybersecurity use cases as security specialist with Elastic.

Red Team Workshop 4: Red Team Physical Security: Lockpicking Workshop


To be announced

Kevin McPeake, Peak Security

For more than 30 years, Kevin McPeake has been a author, keynote speaker, innovator, pioneer and leader in cybersecurity and technological risk management domains. And the connection of cybersecurity to shareholder value is truly encoded into both his DNA and his career history. In 1991, Kevin invented the first product and co-founded one of the first two-way radio tower monitoring companies, Location Data Systems, Inc., which was wholly acquired by Motorola in 1995. In 1998, he co-founded Trust Factory, the first full-services cybersecurity consulting firm The Hague, which is now considered the cybersecurity capital of the Netherlands. He was the first public figure (2000) to call for making cybersecurity a function of Finance, rather than Technology, as a means to improve governance, organizational agility, and remove many of the business blockers, conflicts of interests, and high overheads that often affects security teams when cybersecurity operates as a function of Technology or Operations departments. He went on to implement this structure in two GSM companies - Orange (2004) and T-Mobile Netherlands (2015). He is the founder and driver behind Peak Security, a cybersecurity boutique focused on providing a sustainable ecosystem of security solutions, products and services, located in the center of The Hague, Netherlands.

Red Team Village - Technical Talks

18th September, 2020 14:00 IST to 01:30 IST

Village activities Kickoff - 14:00 IST
Adam Laurie, Global Security Associate Partner and Lead Hardware Hacker at IBM X-Force Red

Adam Laurie is a security consultant working in the field of electronic communications, who specializes in reverse engineering of secure embedded systems. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other minicomputers, and then on various Unix, Dos and CP/M based microcomputers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company that rapidly grew to become Europe's largest specialist in that field (A.L. Downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world's first CD ripper, 'CDGRAB'. At this point, he became interested in the newly emerging concept of 'The Internet', and was involved in various early open source projects, the most well-known of which is probably 'Apache-SSL', which went on to become the de-facto standard secure web server.

Since the late Nineties he has focused his attention on security and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centers housed in underground nuclear bunkers as secure hosting facilities. Adam aka "Major Malfunction" has been a senior member of staff at DEFCON since 1997 and is the POC for the London DEFCON chapter DC4420. Over the years has given presentations on forensics, magnetic stripe, EMV, InfraRed, RF, RFID, Terrestrial and Satellite TV hacking, and, of course, Magic Moonbeams. He is the author and maintainer of the open-source python RFID exploration library 'RFIDIOt'.

Antriksh Shah, Founder at, Co-Founder Nullcon International Security Conference

Antriksh is a Security Analyst from Goa. He is associated with null The Open Security Communities initiatives and organizing its annual flagship conference called as nullcon. His area of interest lies in VAPT, Web Application Security, Network Auditing & Forensics. He is very active with Pune Cyber Crime Branch and assisting them with investigation cases.

Dhillon ‘L33tdawg’ Kannabhiran, Founder / Chief Executive Officer, Hack In The Box

Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder and Chief Executive Officer of Hack in The Box, organiser of the HITBSecConf series of network security conferences which has been held annually for over a decade in various countries including Malaysia, The Netherlands and The UAE! Prior to quitting his day job over a decade ago, Dhillon started off at the height of the dotcom craze as a technology journalist with PC World, ZDnet, MIS Asia and CNet. When the bubble burst, he moved on to a Malaysian telco as Chief IT Officer to spend his days in the world of Cisco AS5300s, in a land of the packet, switched networks at a time when Asterisk did not just mean Today, he spends his days surrounded by emails in between messing with AI and machine learning models, while spearheading all of HITB’s strategic efforts while taking the global HITB team on crazy adventures around the world.

Manu Zacharia, President at ISRA

Information Security evangelist with more than 23 years of professional experience. CEO – HackIT Technology and Advisory Services (Singapore, India, UAE) - External Consultant to Kerala State IT Mission / Computer Emergency Response Team (Kerala) – CERT-K from Feb 2016 to Jul 2016. Awarded the prestigious Microsoft Most Valuable Professional - MVP award consecutively for four years (2009, 2010, 2011 and 2012) in Enterprise Security stream. Also honored with the prestigious Asia Pacific Information Security Leadership Achievements Award for 2010 from (ISC)² under Senior Information Security Professional Category. Awarded the Nullcon Black Shield Awards for 2014 under the Community Star category for contribution to community in terms of knowledge sharing, administration, communication, proliferation. Founder of c0c0n International Hacking & Information Security Conference and also Information Security Day Initiatives.

Abhijith B R , Abx, Founder and Lead Operator at Red Team Village

Abhijith has more than a decade of experience in the Information and Cyber Security domain. Leading offensive security operations for a global FinTech company. Formerly the Deputy Manager - Cyber Security at Nissan Motor Corporation, previously employed with EY as a Senior security analyst. Abhijith is the founder of, a red teaming community which actively organizes hacking villages and CTF competitions, also acts as the Lead Organizer of DEFCON Group Trivandrum ( He has recently started running blog.

Talk 1: The Burnout Talk


Have you ever felt like no matter how much sleep you get, you feel exhausted? Struggle to concentrate? Having trouble balancing work and personal life? Or perhaps feel your work is your life? Burnout. We all go through it at one point. It feels like you are low on battery and it can cause emotional and physical issues. Mental health is an ongoing issue within infosec before and during COVID-19. There's a fine balance between hacking and personal life. Majority of the time, they cross over. This talk shares an overview of the warning signs, symptoms, and practices to prevent burnout and how to deal with burnout to keep balanced.

Chloe Messdaghi, VP of Strategy at Point3 Security

Chloé Messdaghi is the VP of Strategy at Point3 Security. She is an ethical hacker advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WeAreHackerz (formerly known as WomenHackerz) & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.

Talk 2: It’s Not a Vulnerability, It’s a Feature


How many times have you heard “it’s not a vulnerability (or bug), it’s a feature” after finding some functionality that you are sure can be used maliciously? It happens quite frequently. There is an entire project called Living of the Land Binaries and Scripts (LOLBAS) that features Microsoft signed binaries and scripts that allow attackers to leverage the built-in features for their own good. This happens a lot and it is why we want to talk about how the offensive security industry has evolved and matured from CVEs to TTPs. While finding bugs and vulnerabilities pays, how can one benefit from when it is “a feature”? By creating, sharing, and selling TTPs, we can all benefit from the work that was already done but vendors don’t want to pay for.

Jorge Orchilles, Chief Technology Officer of SCYTHE

Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years. ‍He co-authored the Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, and is the author of Microsoft Windows 7 Administrator’s Reference. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science. Jorge speaks English, Spanish, and Portuguese, in decreasing levels of fluency. When he’s not hacking, teaching, or writing, you’ll find him watching and playing soccer.

Talk 3: Zero trust networks: Opportunities and challenges for red team Ops


Work from home is on the rise (thanks COVID), and with it, proponents of the zero-trust model are also gaining in popularity. But what does this entail for red team operations? What will hacking enterprises look like in the upcoming few years?

We'll review together major trends surrounding cyber security in the zero-trust era - and not marketing concepts, buzz words or academic theory. This talk will look at the future of network security, how our favourite vendors are aligning their tool stack for 0-trust security, but also the up and rising start-ups that have already raised millions of $ to help enterprises implement zero trust.

Dan Levy, Senior Manager at EY Israel Advanced Security Center

Dan is a senior manager from EY's advanced security center in Israel, where he specialises in offensive security and automation projects. I overlook advanced technical projects in the fields of web/mobile/network/cloud security as well as lead large scale cyber security programs for global corporations.
His professional engagements include - Led the development and deployment of automation solution to accelerate vulnerability management processes and align with risk profile; drastically reducing manual work of InfoSec team and number of high-risk vulnerabilities in the network.- Managing large scale Attack & Pen programs global companies, effectively assessing the security of hundreds of systems on a yearly basis.- Coordinating and leading “Purple Team” war game attack simulations, providing client with holistic visibility of its threat detection and incident response capabilities.At EY, I’ve advised governments, major financial institutions, Media & Entertainment corporations and technology companies in reducing cyber security risk.

Talk 4: Offensive & Scope Based Recon


The process of penetration testing starts with the “Reconnaissance Phase”. This phase, if performed carefully, always provides a winning situation. However, often in the application security and bug bounty hunting, recon is mapped to finding some assets and uncovering hidden endpoints only & is somewhat under-utilized. Recon is the most crucial thing in application security and bug bounties which always keeps you separated from a competing crowd and gives easy wins. In “Offensive Recon”, will cover the deepest and most interesting recon methodologies from mapping new assets to automating the security vulnerabilities, signature-based findings to be one step ahead of your competition, and how to utilize the tools and publicly available information to map your attack surface & maximize the profit. Most of the time due to lack of streamlined Recon process given the scope, people end up wasting time looking for the resources which may not be in scope or are not fruitful provided the engagement. Given that, Scope Based Recon is another methodology that enables one to identify what to look for in a specific scope provided. He will be launching a Scope Based Recon tool Project Bheem which is a collection of handy scripts & existing tools under a single window to perform Scope Based Recon.

Harsh Bothra, Cyber Security Analyst at Detox Technologies

Harsh Bothra is currently working as a Cyber Security Analyst at Detox Technologies. Holding a bachelor's degree in Computer Science & Engineering, his major interests revolve around Information Technology and Security. He is a part-time Bug Hunter on Bugcrowd (Currently ranked under Top 150 Researchers & MVP Q1) and Synack Red Team Member. He has spoken at various security events and conferences such as Cyber June'gle by Defcon Red Team Village & Texas Cyber, Bugcrowd LevelUp0x07, OWASP & Defcon local chapters. Harsh has authored two books on Hacking especially focusing on beginners. One of the books authored by Harsh has been previously recommended by NITTR-Chandigarh, AICTE (Govt. of India bodies). He holds 50+ Hall of Fames from various companies. He loves to talk about various cybersecurity stuff and has carried out a lot of sessions related to Cyber Security, Ethical Hacking & Application Security. He is always ready to support and mentor people the best way he can.

Talk 5: Introducing SniperPhish: A Web-Email Spear Phishing Toolkit


Social engineering exercise such as Phishing campaigns are commonly used to test employees' awareness in a company/organization. This exercise involves mostly the combination of phishing emails and websites. An effective campaign requires sophisticated methods starting from designing a phishing website to executing payload at the target in an undetectable manner. One of the timeconsuming process is that when multiple campaigns involving both email and website are what all data to be tracked and the difficulty to centrally track and consolidate. Other than tracking common information such as link clicks, user IP, etc., the phishing website contains different fields for each page, and capturing those data always requires manual coding. In addition, hosting, encrypting, and managing payloads used for phishing exercise requires some manual effort.
SniperPhish is an advanced Web-Email spear-phishing toolkit developed to conduct professional phishing assessments. The abstract idea behind this toolkit is to conduct, combine, and centrally track all campaigns that involve email and phishing websites. SniperPhish can easily be integrated with the phishing website containing multiple pages and track users together with email campaigns. The advanced customization in the report generation tool helps to export the results in multiple output formats with no or minimal customization later. In addition to the core campaign module, SniperPhish also supports hosting payloads, encrypt them, and converting them to FUD using methods such as reflective DLL/PE.

Gem George, Security Consultant

Gem George is a security consultant focused on Vulnerability Assessment and Penetration Testing. Gem has over 4 years of experience in the security field and passionate about attending CTFs and security tool developments. He has been acknowledged by tech giants such as Google and Cisco for reporting vulnerabilities and holds several CVEs in his name. He is also a volunteer of Google as a Product Expert (Google PE) supporting on Gmail and Google Accounts.

Sreehari Haridas, Operator at Red Team Village

Sreehari is an experienced Security Researcher, who has 3 years of professional experience. He is a Web application Penetration tester and a renowned Bug Bounty Hunter. Currently, Sreehari is working as a Cyber Security Engineer at UST Global, formerly a security consultant with EY. Being a security enthusiast, he has tested various applications and websites for vulnerabilities and has received 50+ Hall of fame in different companies like Google, Sony, Adobe, eBay etc. He also has interest in reverse engineering techniques and exploits development He has bagged 3rd place in Asia region for the Global Cyberlympics Capture the flag (CTF) competition and 6th position in international Capture the flag platform. He was involved in organizing Red Team Village - Red vs Blue CTF at C0c0n security conference., 2019. Sreehari is a member of DEFCON Group Trivandrum (, and an operator/CTF builder at Red Team Village community. ( He was a board member of OWASP Kerala chapter and an active volunteer at Kerala Police Cyberdome.

Talk 6: Inside the Mind of a Threat Actor: Beyond Pentesting


Red team is a commonly misunderstood offensive security discipline. Red team has been used as a general term for all areas of offensive security just as blue team for defensive security. True red teaming goes Beyond Pentesting and into more adversarial emulation. While there are overlapping skills, there are differences that will be discussed as Phillip shares his experience of going from a pentester to a red teamer. In this talk, you will learn about the different areas that make up red team operations, common tools, and the path to becoming a red teamer. In this presentation, you will learn about resources helpful for a path into red teaming.

Phillip Wylie, Senior Red Team Lead

Phillip Wylie is the Senior Red Team Lead for a global consumer products company, Adjunct Instructor at Dallas College, and The Pwn School Project founder. With over 22 years of experience, he has spent the last 8 plus years as a pentester. His passion for mentoring and education inspired him to start teaching and to found The Pwn School Project a bi-monthly cybersecurity educational meetup. Phillip teaches Pentesting and Web App Pentesting at Dallas College. He is a “The Uncommon Journey” podcast cohost, and co-author of “The Pentest Blueprint: Starting a Career as an Ethical Hacker” published by Wiley Publishing.

Talk 7: Supercharging your initial foothold in Red Team engagements


This talk covers multiple ways in which Red Teamers can establish an initial foothold into the external infrastructure of an organization. Since every organization is working remote these days, this talk will concentrate more on attack vectors surrounding remote infra, especially Office 365 and Exchange. The talk will also introduce NTLMRecon for discovering a needle in the haystack while performing attacks on large organizations.

Sachin S Kamath, Offensive Security Lead at Axiata

Sachin is an experienced Red/Purple teamer who’s currently working as the Offensive Security Lead at Axiata. He enjoys exploiting Active Directory environments and laughing at really stupid misconfigurations. Sachin is an active open-source contributor and believes in giving back to the community - so much so that he will send you two zero-day exploits if you send one to him. When not breaking into things, he enjoys playing COD4MW and DoTA2.

Talk 8: Awesome Privilege Escalation


Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries. Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain. Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible paths, so pentesters need to use several tools and do some manual recon to check for everything. During this talk Carlos will present a suite of open source privesc enumerators that he have created called PEASS (Privilege Escalation Awesome Scripts Suite). The goal of this suite is to check and highlight every possible privesc path so professionals don’t need to execute several different tools and can very easily find the vulnerabilities. At the moment, this suite contains the most complete and user friendly privesc enumerators for Windows (in .Net and bat) and Unix (Linux, MacOS, OpenBSD, FreeBSD). Notice that independently of the technical level of the audience they will learn some new privilege escalation vector.
Carlos will be publishing his notes and Awesome PrivEsc scripts after th talk.

Carlos Polop Martin, Senior Pentester at Sec-1 (Claranet)

Carlos Polop is a Spanish Telecommunications Engineer by the UPM, Master in Cybersecurity by the UC3M, OSCP, CRTP and OSWE. He has worked as a Pentester in PWC Spain, as Security Specialist in the Department of Defence of Spain, and currently working as Senior Pentester in SEC-1 (Claranet) based in London. He is a also a hackaton and CTF player (SirBroccoli on HackTheBox). Carlos publishes his research on the website -

Closing Notes

Red Team Village Operators

Join our Discord Server
connect with the Red Team Village community!

Village Operators

Village Partners