Adversarial Mindset Village

This one’s for those with a bit of the outlaw in them. It’s all about learning to think like the bad guys, emulating their tactics, techniques, and procedures to fortify your defenses. After all, if you want to catch a bandit, you’ve got to think like a bandit.

Adversarial Mindset Village at BsidesTLV 2023

For the first time in BSidesTLV history, we are excited to introduce the Adversarial Mindset Village! This year’s event will host various engaging activities designed to immerse attendees in adversary simulation, emulation, malicious mindset, threat intelligence, and purple teaming. We invite you to join us in this groundbreaking initiative and be part of a collaborative effort to shape the future of cybersecurity.

Schedule

10:00 - 10:10: Opening Remarks by Ohad Zaidenberg

10:15 - 10:40: Becoming A Better Adversary: An Exploration into the adversarial mindset by Gal Bitansky

10:45 - 11:10: A Ransomware Battle Royal: The Cybersecurity Battle You Can’t Afford to Lose: A Dive into the intelligence behind ransomware by Danna Pelleg and Sharon Fisher

11:15 - 12:00: Keynote - Red Team Tales: 7 Years of Physical Penetration Testing: An engaging narrative of real-world red teaming experiences by our keynote speaker, Justin Wynn

12:15 - 12:40: AI Red Teaming LLMs: A cutting-edge look into red teaming for large language models by Alex Polyakov

12:45 - 13:10: Recon for the Win: Unveiling the power of OSINT and Reconnaissance for red teamers by Lior Sibonny Leibovitz

14:15 - 15:15: Panel Discussion - From Intelligence to Adversary Simulation: An in-depth discussion moderated by Stav Shulman with panelists Ido Rozen, Dr. Amit Elazari, and Hanna Meyerfeld

15:20 - 15:35: Demo: Backdooring like an APT by Dor Alt

15:40 - 16:05: Closing Keynote - Finding Your Adversarial Voice: Empowering Insights by Jamie Williams on finding and using your adversarial voice

16:05 - 16:10: Final Words by Ohad Zaidenberg

Our Vision

The Adversarial Mindset is a dynamic and engaging community initiative that’s all about Adversary simulation, Adversary Tactics, Life, Adversary Philosophy, Threat Actors Emulation, and Purple Teaming. Our goal is to provide a platform for professionals and enthusiasts to hone their skills and develop new tactics, techniques, and procedures to combat modern cyber threats. At BSidesTLV, we’ll host technical talks, live demos, panel discussions, and hands-on activities to help you explore the latest tools and techniques in Adversary simulation and Purple teaming and to help you understand better the attackers' mindset and TTP, to create better defensive and offensive capabilities. Whether you’re a seasoned cybersecurity pro or just starting out, we’ve got something for everyone. Join us at the Adversarial Mindset, and let’s make a tangible impact on the cybersecurity world together!

Opening Session: Becoming A Better Adversary

Gal Bitansky We can always learn a new trick, unlock a new achievement - or just get better. This talk will discuss the complex relationship with defenders and how it can make you a better person (by assisting them to better prepare for a real adversary) and a better red teamer (by learning their limitations). We will provide concrete scenarios and practical lessons from our personal experience.

Bio: Gal is an experienced researcher from sunny Tel-­Aviv. He is a “full stack researcher”, poking anything from x86 malware binaries, ICS protocols to classic web security. He likes to share his thoughts and experiments on-stage using simple concepts and tools to demonstrate surprising results. Some of his previous work contains an evasion technique for sandboxes, a proof-of-concept malware built purely in copy-paste, and a free update-able vaccination framework.

A ransomware battle royal: The cybersecurity battle you can’t afford to lose

By Danna Pelleg, Sharon Fisher In this “Ransomware Battle Royal” session, we will explore the different motivations behind these attacks, such as financial gain through Ransomware-as-a-Service (RaaS) and geopolitical motives of various groups. We will also discuss the high-level kill chain of a destructive ransomware attack and the various techniques used in these attacks, including real-life examples. Through this session, attendees will better understand the latest tactics ransomware attackers use and learn how to protect their businesses from these dangerous threats. Whether you are a cybersecurity professional, a business owner, or simply interested in the evolving threat landscape, this session is a must-attend. Join us for an informative and engaging discussion on the cybersecurity battle you can’t afford to lose.

Bio: Danna Pelleg is a seasoned Cybersecurity Manager with over a decade of experience. Currently, she leads the Managed Threat Detection and Response Global Hunters Team at Cato Networks' cybersecurity research lab. Pelleg’s expertise lies in creating and implementing threat-hunting strategies, leveraging advanced tools and technologies, and providing actionable insights to clients. She is well-versed in the latest threat intelligence and hunting techniques, which she applies in her current role. Before joining Cato Networks, Pelleg led the cybersecurity research lab at Trusteer, IBM.

Keynote: Red Team Tales: 7 Years of Physical Penetration Testing

By: Justin Wynn Have you ever wondered how physical penetration tests are conducted? What it would be like to actually rob a bank or how someone can gain access to the most physically secure buildings in existence? Is it really as easy as walking through the front door and asking to visit the server closet, or are people creeping in at the middle of the night, face painted, wearing tactile-necks? The answer is YES. In this exclusive presentation, I’ll be covering 7 action-packed years of physical penetration tests, with stories of breaking into banks, water treatment facilities, skyscrapers in NYC, courthouses in Iowa, and cheese-packing facilities in the middle of nowhere. We’ll turn everything you know about physical security upside down - case in point, the cheese factory was by far the most secure. I’ll show you how we did it, the characters we met along the way, and share some of the greatest never before told stories.

Bio: Justin Wynn is a Director at Coalfire who specializes in physical security and regularly performs network, application, wireless, and social engineering penetration tests. You may be familiar with his wrongful arrest while testing courthouses in Iowa. He’s Keynoted conferences and conducted over 350 penetration tests and physical engagements. His past times include bank robbing, critical infrastructure parkour, and inventing new tools+techniques for physical security. @redteamwynns

AI Red Teaming LLM’s

by: Alex Polyakov Explore the world of AI Red Teaming Large Language Models (LLMs) - their origins, current challenges, and future possibilities. With advancements in ChatGPT and other LLMs, risks such as data extraction, prompt injection, jailbreaks, poisoning, and logic manipulation attacks remain. As LLMs become more common in business applications, it is crucial to have AI Red Teaming skills.

Bio: Alex Polyakov is a Secure AI pioneer and Cybersecurity veteran, founder of Adversa.AI, Chair at IEEE, and Forbes Technology Council member. He has almost 20 years of practical experience in cybersecurity, from penetration tester to C-level executive. He has found over 200 vulnerabilities, presented his research at over 100 conferences in 30+ countries, published dozens of whitepapers, released two books, and multiple trainings including the first practical MOOC about securing AI.

Reconnaissance for Red Teamers

By: Lior Sibonny Leibovitz This session will dive into OSINT and recon world in the black hat hackers and red teamers. we will discuss the difference between those approaches and learn about techniques and usage of relevant tools.

Bio: Lior Sibonny Leibovitz, red team operator @ CYE

Panel Discussion: From Intelligence to Adversary Simulation

Moderator: Stav Shulman Panelists: Ido Rozen, Dr Amit Elazari, Hanna Meyerfeld

Bio: Ido Rozen is an accomplished Cyber and Fraud leader at Transmit Security. He is renowned for his expertise in managing teams of superstar security researchers and data/threat intelligence analysts. Ido effectively oversees a wide range of responsibilities, including web application security, bot detection, client and device fingerprinting, behavioral analysis, and the classification of malicious web users and fraudsters. Ido has a strong background at industry-leading companies like securedTouch (acquired by Ping Identity) and Forter. Dr. Amit Elazari is the Co-Founder and CEO of OpenPolicy, the world’s first tech-enabled policy and advocacy company, aiming to democratize technology policy and access to lobbying. Hanna Meyerfeld is Polyglot, with background in webint and physical red teaming, Hannah Meyerfeld is the Threat Intelligence Platform Lead for Accenture Security, Europe. Jeremy Makowski is a cyber intelligence expert who has worked in various environments over the past twelve years, including academia, high-tech, military, and law enforcement. My field of expertise is cyber intelligence, including strategy, collection, research, and analysis, and the lead of Cyber HUMINT operations on criminal and terrorist activities within cyberspace. I have trained many civilian analysts and Military and Law Enforcement officers on the Deep & Dark Web environments, Cyber intelligence collection, and Cyber HUMINT operations.

Closing Keynote: Finding Your Adversarial Voice

by Jamie Williams Adversary emulation is all about seeing and feeling systems from the perspective of an adversary, but unlike real adversaries we can’t forget to capture and deliver this wisdom to our friends the defenders.

Bio: Principal Adversary Emulation Engineer / MITRE ATT&CK® for Enterprise Lead Jamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads technique development for ATT&CK for Enterprise and has also led other teams that help shape and deliver the “adversary-touch” within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).

Leadership

Ohad Zaidenbeg Ohad Zaidenberg is a highly accomplished intelligence specialist with a focus on cyber threat intelligence. He currently serves as the Head of Intelligence at ABInbev, the world’s largest brewer, where he is responsible for leading and managing the core intelligence function and efforts of the organization. With his deep expertise in the field, Ohad works to establish threat intelligence actionable items that help organizations prioritize the threats they need to allocate resources to combat. He also has a unique approach to disseminating intelligence, especially for red teams, to make their operations more efficient and effective. This year, Ohad founded the Adversary Village at BsidesTLV

Our Code of Conduct:

All attendees, speakers, sponsors and volunteers at our conference are required to agree with the following code of conduct. Our Code Of Conduct can be found here.

Keep your eyes on the horizon, as more details will be riding into town as we get closer to the main event at BSidesTLV 2023. It’s sure to be a hoedown you won’t want to miss!