Thursday, August 20, 2020
10:00 am - 5:30 pm ET

UniCon, our very own Unicorn Conference, is a free conference for the entire purple team: security researchers, developers, red teamers, blue teamers, and digital forensics and incident responders taking place on August 20!

The SCYTHE Marketplace will be released at the event. The SCYTHE Marketplace opens up SCYTHE’s synthetic malware creation platform to trusted third party developers so that they can turn their experience and expertise into new capabilities for a vibrant security ecosystem. Customers can integrate these cutting-edge modules into their SCYTHE campaigns and advance their security exercises. The SCYTHE platform is a centralized environment to identify security blindspots for Blue Teams, multiply Red Team resources, and amplify behaviors for Purple Teaming.

The event will feature keynote presentations by Olaf Hartong and John Strand, an introduction to our Software Development Kit, an Engineering Panel, Module Lightning Talks, and a brand new CTF!

Join the UniCon Discord!

Register Here

Keynote Presenters

Olaf Hartong

Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specialises in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects. Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular. He maintains a blog at

John Strand

John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.

Current Agenda

Time (Eastern Time)



10:00 am - 10:15 am


Bryson Bort & Jorge Orchilles

10:15 am  - 11:00 am

Morning Keynote

Olaf Hartong

11:00 am - 12:00 pm

Intro to SDK
and Module Ideas

Adam Mashinchi & Jorge Orchilles

12:00 pm - 1:00 pm

Lunch Break / CTF / Module Development Q&A


1:00 pm - 1:45 pm

Afternoon Keynote

John Strand

1:45 pm - 2:05 pm

Lightning Talk - Offensive Python

Marcello Salvati

2:05 pm - 2:25 pm

Lightning Talk - VM awareness/ detection


2:25 pm - 2:45 pm

Lightning Talk - Kerberoasting

Tim Medin

2:45 pm - 3:00 pm

Coffee Break

3:00 pm - 3:30 pm

Evolutionary History of Red Team / OffSec

Matt Devost

3:30 pm - 4:00 pm

Hackers Rights

Chloé Messdaghi

4:00 pm - 4:30 pm

Engineer AMA Panel

Ateeq Sharfuddin & Adam Mashinchi

4:30 pm - 5:30 pm

Happy Hour
Breakout Groups

To Be Announced

Capture the Flag

We have a brand new CTF that will debut. This one is for the entire Purple Team, whether you are Red Team, Security Operations, Hunt Team, or Digital Forensics and Incident Response. We all need to know what our payloads do before deploying them in an environment. We will create various synthetic malware and you will need to tell us what they do!

We’ve detected malicious activity on an endpoint after a recruiter downloaded a resume.doc which executed some sort of malware. We were able to take that endpoint offline before it could do any major damage (we think), but we’d like you to investigate what exactly the executable does. This CTF will be 3 levels and require you to run 3 different pieces of synthetic malware and analyze what it does. Level 1 and 2 are question/answer format while level 3 asks you to go way deeper. More details coming soon!