Adversary Village is a community initiative and part of DEF CON Villages, which primarily focuses on adversary simulation, purple teaming, adversary emulation, and adversary tradecraft. The village covers a wide range of topics, including offensive cyber security, threat/APT/ransomware simulation, breach and adversarial attack simulation, adversary tactics, research on nation-statesponsored threat-actors, adversary intelligence, adversarial mindset and hacker survival skills.
The goal of Adversary Village is to build an open security community for researchers and organizations developing innovative approaches to offensive cyber security, adversary simulation/emulation, and purple teaming.
At a diverse range of conferences, we coordinate villages, capture-the-flag competitions, Hands-on activities, panel discussions, live demos, technical talks and workshops to engage and educate the security community.
Over the years, we have successfully hosted Adversary Village at various conferences, including some of the biggest in the world, such as the DEF CON hacker convention in Las Vegas and the RSA Conference in San Francisco.
There will be complimentary hoodies (yes, the iconic adversary village hoodies), cool stickers, village coins, badges, and various other swags for the village participants.
Hands-on hacking activities:
There will be hands-on hacking activities for the participants regardless of their experience and knowledge level. The hands-on hacking activities include gamified version of table-top exercises, defense-evasion contests, adversary simulator booth, ransomware-threat actor emulation etc.
We will be hosting a simulated environment meant to recreate enterprise infrastructure, operational technology environment, which serves targets for various attack simulations.
Technical workshops:
Adversary Village will feature a limited number of deep technical workshops focused on advanced adversary tradecraft and techniques.
Workshop 1: Leveraging Rust for Offensive Security
Trainers
&
(15 Nov, 2024 - 12:00 - 15:00)
(16 Nov, 2024 - 14:00 - 16:00)
This hands-on, two-day training session will focus on leveraging the Rust programming language to implement offensive security techniques. Rust’s unique combination of memory safety and performance makes it a good choice for cybersecurity professionals looking to build robust tools. Participants will gain practical skills in developing Rust-based offensive capabilities, with a focus on process injection and DLL hijacking. By the end of this course, attendees will have a good understanding of how to use Rust to create reliable, and effective tools for offensive security operations.
The first day will dive into process injection methods, a key technique for stealthy code execution and bypassing security controls. This session will cover the fundamental concepts of process injection and demonstrate how to implement various techniques using Rust. Through guided examples, participants will learn how to inject code into processes.
Prerequisites:
A laptop with Windows or Linux OS, Familiarity with basic programming concepts.
Workshop 2: Precision Threat tactics adversary techniques on enterprise environments
November 16, 2024
11:00 - 13:00
The workshop covers the importance of post exploitation research in enterprise environments and use cases. This also covers scenarios that can help people to analyze adversary tactics to get a taste of defensive security. This workshop winds up by introducing the importance of purple teaming and much needed collaboration between red and blue team to better secure their product environments.
Table of Content
- The importance of post exploitation research in enterprise environment
- Importance of Authenticated enumeration and some commonly targeted scenarios de-militarized zones
- Use case for targeted authenticated enumeration on simulated enterprise network
- Understanding and identifying lateral movement scenarios - cross network and to cloud
- Use case for targeted lateral movements on the environment
- Analyzing detection possibilities for the post exploitation activities with enterprise security controls
- Analyzing using Opensource SIEM for the attack detections
- Web Application Purple Team Case Study [Exercise]
- Importance of Purple teaming in enterprise environments and conclusion
Prerequisites:
A laptop with Windows or Linux OS
