Skip to content
  • Sign In
  • Try Now
View all events
Penetration Testing / Ethical Hacking

Red Team and Bug Bounty Conference

Published by Pearson

Intermediate content levelIntermediate

Join cybersecurity industry experts Jason Haddix, Jeff Foley, and Sandra Stibbards in conversation with Omar Santos

  • Exclusive Insights from Cybersecurity Industry Experts and Founders: This conference offers a unique opportunity to hear directly from the minds behind the cutting-edge tools and techniques used in the field. Attendees will learn from the founder of the OWASP Amass Project and a seasoned professional in adversarial reconnaissance, among other experts.
  • Live Demonstrations and Hands-On Experience: The Red Team Bug Bounty Conference places a strong emphasis on practical, hands-on experiences. Attendees will not only learn about the theoretical aspects of adversarial reconnaissance, attack surface mapping, and open-source intelligence, they also will get to see these techniques demonstrated live and practice them in WebSploit—a controlled lab environment.
  • Interactive Q&A: Participate in interactive Q&A sessions after each presentation, providing attendees the opportunity to ask questions, share their insights, and engage in lively discussions.

Welcome to the Red Team Bug Bounty Conference, an exclusive virtual conference focused on the cutting-edge tools, tactics, and techniques used in cybersecurity and ethical hacking. This 3-hour summit offers a wealth of insights from industry experts and hands-on experiences to elevate your skill set using a Red Team approach, where the speakers will instruct through emulating malicious attackers to identify vulnerabilities, weaknesses, and potential entry points that real attackers could exploit. Each section starts with an industry expert exploring a specific Bug Bounty tool or method followed by live demos taught in a workshop fashion, where you can watch or follow along. Each segment then ends with a Q&A where the demo will be broken down and you can ask questions.

Industry expert, author, and trainer Omar Santos will guide the conversation and share insights. Sections include:

  • Adversarial Reconnaissance with seasoned professional, Jason Haddix, offers a deep dive into the tools and strategies used by adversaries, red teamers, and bug bounty hunters during the reconnaissance phase. You'll get a live walkthrough of various tools, making this a must-attend for anyone in the offensive security, ethical hacking, and bug bounty (bug hunting) space.
  • Exploring the Future of Attack Surface Mapping and the OWASP Amass Project with Jeff Foley, the founder of the Amass Project, will enlighten us with an overview of the project's future direction and its immense potential in advancing ethical hacking and cybersecurity.
  • OSINT for Hackers: Unveiling the Power of Open-Source Intelligence with Sandra Stibbards then provides an exciting journey through the world of OSINT, with hands-on demonstrations and discussions on leveraging public data sources for offensive security.

The Red Team Bug Bounty Conference is a unique chance for cybersecurity enthusiasts, ethical hackers, bug bounty hunters, red teamers, and IT professionals to come together, learn, share, and shape the future of offensive cybersecurity. Join us for an immersive and dynamic experience in the world of ethical hacking!

What you’ll learn and how you can apply it

  • How to Master Adversarial Reconnaissance: Understand the tools and techniques used by adversaries, red teamers, and bug bounty hunters during reconnaissance.
  • How to Attack Surface Mapping: Learn about the importance and application of attack surface mapping in identifying potential vulnerabilities.
  • How to Leverage the OWASP Amass Project: Gain insights into the functionalities and future direction of the Amass Project, a key tool for ethical hacking.
  • How to Unleash the Power of OSINT: Discover how to effectively gather, analyze, and use open-source intelligence (OSINT) in your cybersecurity endeavors.

And you’ll be able to:

  • Conduct thorough and effective reconnaissance on target organizations using the discussed tools and techniques.
  • Utilize the OWASP Amass Project to map out and understand your organization's attack surface and identify potential vulnerabilities.
  • Apply open-source intelligence (OSINT) methodologies to gather, analyze, and use public information for better threat identification and mitigation.
  • Integrate the learned concepts into your existing security workflows, ultimately enhancing your organization's overall cybersecurity posture.

This live event is for you because...

  • You're an active or aspiring bug bounty hunter. Whether you're an established bug bounty hunter or a newcomer looking to enter the field, this conference will provide essential knowledge and practical skills to enhance your bug-hunting capabilities.
  • You want to excel in offensive security techniques. If your goal is to excel in adversarial reconnaissance, attack surface mapping, and leveraging open-source intelligence—all crucial for effective bug bounty hunting—this conference is an ideal learning opportunity.
  • You aim to learn from industry leaders. The conference brings together founders and leaders in the cybersecurity field, offering insights and expertise that can help elevate your bug bounty strategies.
  • You want to engage with a community of fellow bug bounty hunters, cybersecurity professionals, and ethical hackers, enabling knowledge sharing, collaboration, and potential partnerships in future bug bounty pursuits.

Prerequisites

  • An understanding of basic cybersecurity concepts and terminologies. Knowledge in areas such as the different types of cyber threats, threat vectors, and the various stages of cyber attacks can be beneficial.
  • Familiarity with IT and networking concepts. Attendees should be comfortable with general IT and networking concepts. This includes understanding network protocols, server-client architecture, web technologies, and the functioning of the Internet.
  • Experience with the Linux command line. Given that many of the tools discussed and demonstrated will be command-line based, attendees would benefit from prior experience in using command-line interfaces.
  • Even if you are a beginner with a strong interest in cybersecurity and a willingness to learn, this conference can still provide valuable insights and foundational skills in offensive security techniques.

Course Set-up

  • You can follow along during the presentation with the WebSploit Labs learning environment created by Omar Santos.

Recommended Preparation

Recommended Follow-up

Schedule

The time frames are only estimates and may vary according to how the class is progressing.

Omar Santos: Welcome and Introductions (10 minutes)

Jason Haddix: Adversarial Reconnaissance (30 minutes)

This segment will dive into the world of adversaries, red teamers, and bug bounty hunters and feature common tactics, techniques, and procedures (TTPs) used for extensive recon on their targets. Taught using live demos, the workshop will be performed on LIVE targets, so fasten your seatbelts! This workshop is a must-see for anyone in the offensive security space.

  • Explore the TTPs used when targeting an organization and its people.
  • Understand email acquisition, technology profiling, external attack surface, and more.
  • See common tools and tips and tricks in the recon cyber kill chain in live hands-on labs.

Jason Haddix is the CISO and “Hacker in Charge” at BuddoBot, a world-class adversary emulation consultancy. He has a distinguished 15-year career in cybersecurity, previously serving as the CISO of Ubisoft, head of Trust/Security/Operations at Bugcrowd, director of penetration testing at HP, and lead penetration tester at Redspin. Jason has also authored many talks on offensive security methodology, including speaking at DEF CON, Black Hat, OWASP, RSA, Nullcon, SANS, IANS, BruCon, Toorcon, and many more. Find him on X / Twitter @jhaddix

Omar and Jason Discussion + Q&A (15 min)

Break – 10 mins

Jeff Foley: Exploring the Future of Attack Surface Mapping and the OWASP Amass Project (30 minutes)

Explore the future direction of the Amass Project and its potential to advance the field of ethical hacking and cybersecurity with the project’s founder, Jeff Foley. Amass is a cutting-edge open-source intelligence collection engine designed to enable cybersecurity professionals to discover and map the attack surface of their organizations' exposures on the Internet. This segment will explore

  • How this technology can be leveraged to help organizations identify potential vulnerabilities and mitigate risks.
  • How attack surface mapping—the process of identifying all the points of entry that an attacker could use to penetrate a target organization—enables security programs to proactively identify and address potential weaknesses in their security postures.
  • Learning through a demonstration of attack surface mapping, highlighting its features and capabilities, and discussing how it can be integrated into existing security workflows.

Jeff Foley served in the United States Air Force Research Laboratory from 2001 to 2017 as a contractor specializing in cyber warfare research and capabilities engineering. He was also a subject matter expert for Offensive Cyber Warfare Research & Development and director of penetration testing at Northrop Grumman. Jeff has developed penetration testing training curriculum and taught trainers to utilize the material across the international organization. He has also taught and spoken at various academic institutions on the topics of offensive security and penetration testing during his time in this profession. Find him on X / Twitter @jeff_foley

Omar and Jeff Discussion + Q&A (15 min)

Break – 10 mins

Sandra Stibbards: OSINT for Hackers: Unveiling the Power of Open-Source Intelligence (30 minutes)

In the ever-evolving digital landscape, information is the key to unlocking new possibilities and opportunities. Open-Source Intelligence (OSINT) has emerged as a valuable tool for hackers and cybersecurity enthusiasts, providing a wealth of publicly available information to enhance their understanding and exploit potential vulnerabilities. Join us for an immersive presentation as we delve into the world of OSINT for hackers, exploring its capabilities, methodologies, and real-world applications. This segment will

  • Explore the real-life concepts of OSINT and its role in reconnaissance as well as how to target and exploit vulnerabilities
  • Discover a wide range of OSINT sources, including social media platforms, publicly accessible databases, and online forums
  • Teach through hands-on exercises how to effectively gather, analyze, and leverage publicly available information to gain an advantage in your cybersecurity endeavors
  • Apply OSINT techniques to a controlled environment

Sandra Stibbards has worked extensively as a private investigator and owns Camelot Investigations. Specializing in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, social engineering, and more, she is an investigative expert who has worked both domestically and internationally. Find her on X / Twitter @camelotinv

Omar and Sandra Discussion + Q&A (15 min)

Class Q&A (15 min)

Your Host

  • Omar Santos

    Omar Santos is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the lead of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. Omar is the author of over 20 books, numerous video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs.

    linkedinXlinksearch