UniCon, our very own Unicorn Conference, is a free conference for the entire purple team: security researchers, developers, red teamers, blue teamers, and digital forensics and incident responders taking place on August 20!
The SCYTHE Marketplace will be released at the event. The SCYTHE Marketplace opens up SCYTHE’s synthetic malware creation platform to trusted third party developers so that they can turn their experience and expertise into new capabilities for a vibrant security ecosystem. Customers can integrate these cutting-edge modules into their SCYTHE campaigns and advance their security exercises. The SCYTHE platform is a centralized environment to identify security blindspots for Blue Teams, multiply Red Team resources, and amplify behaviors for Purple Teaming.
The event will feature keynote presentations by Olaf Hartong and John Strand, an introduction to our Software Development Kit, an Engineering Panel, Module Lightning Talks, and a brand new CTF!
Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specialises in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects. Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular. He maintains a blog at https://olafhartong.nl
John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.
We have a brand new CTF that will debut. This one is for the entire Purple Team, whether you are Red Team, Security Operations, Hunt Team, or Digital Forensics and Incident Response. We all need to know what our payloads do before deploying them in an environment. We will create various synthetic malware and you will need to tell us what they do!
We’ve detected malicious activity on an endpoint after a recruiter downloaded a resume.doc which executed some sort of malware. We were able to take that endpoint offline before it could do any major damage (we think), but we’d like you to investigate what exactly the executable does. This CTF will be 3 levels and require you to run 3 different pieces of synthetic malware and analyze what it does. Level 1 and 2 are question/answer format while level 3 asks you to go way deeper. More details coming soon!