Last Day to Save $350 or Get A GIAC Cert Attempt Included with Online Training!

Pen Test HackFest Summit & Training

Bethesda, MD | Mon, Nov 13 - Mon, Nov 20, 2017
This event is over,
but there are more training opportunities.

Featured Pen Test HackFest Summit Information

icon Webcasts

Pen Test HackFest Summit Chairman

Ed Skoudis

icon Featured Presentation


How To Defend Against
Penetration Testers...and Win

Monday, Nov. 13 - 10:00-10:35 am
More Information

icon Summit Speakers


View our Summit Speaker biographies here!

Summit Agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Monday, November 13, 2017
Time Presentation Speaker
9:00-9:15 am Welcome & Opening Remarks

Ed Skoudis, Fellow, SANS Institute @edskoudis

9:15-10:00 am Hack Your Head

Tim Medin, Founder, Red Siege; Certified Instructor, SANS Institute @TimMedin

10:00-10:35 am How To Defend Against Penetration Testers...and Win

Paul Asadoorian, Security Weekly, CEO; Offensive Countermeasures, CEO @securityweekly

10:35-11:00 am Networking Break and Vendor Expo
11:00-11:35 am Escaping Alcatraz: Breaking out of Application Sandboxed Environments

Kirk Hayes, Senior Security Consultant, Rapid7 @kirkphayes

11:35 am - 12:10 pm Searching the Void - IPv6 Network Reconnaissance

Kevin Tyers, Information Security Engineer @WarOnShrugs

12:10-1:30 pm Networking Luncheon
1:30-2:05 pm Being Offensive in the Workplace

Derek Rook , Penetration Tester @_r00k_

2:05-2:40 pm Introduction to Reverse Engineering for Penetration Testers

Stephen Sims, Senior Instructor, Author SEC660 and SEC760, SANS Institute @Steph3nSims

2:40-3:00 pm Networking Break and Vendor Expo
3:00-3:35 pm 2> 1: Teaming Up for Social Engineering Adventures

Jen Fox, Sr. Security Consultant, VioPoint @j_fox

3:35-4:10 pm Emulating Adversary Tactics - Safely - in Industrial Networks; or, How Not to be an A**hole in ICS

Robert M. Lee, Founder & CEO, Dragos Inc., Certified Instructor, Author, FOR578 & ICS515, SANS Institute @robertmlee

4:10-4:45 pm Honey, Please Don't Burn Down Your Office: Fun with Smart Home Automation

Ed Skoudis, Fellow, SANS Institute @edskoudis

5:30-8:30 pm Paint the Town Red
Tuesday, November 14, 2017
Time Presentation Speaker
9:00-9:45 am Propelling Your Pen Test Career Into the Next Decade

Joshua Wright, Director, Counter Hack; Senior Instructor, SANS Institute @joswr1ght

9:45-10:20 am Navigating the River of Woe to Epic Vulnerability Assessments

Matt Toussain, Founder, Spectrum Information Security; Instructor, SANS Institute; Active Duty Officer, US Air Force @0sm0s1z

10:20-10:45 am Networking Break and Vendor Expo
10:45-11:20 am Panel - What the Heck is Purple Teaming, Really?

Moderator: Ed Skoudis, Fellow, SANS Institute


11:20 am - 12:15 pm Using the Metasploit Hardware Bridge to Attack Non-Ethernet Systems

Craig Smith, Research Director of Transportation Security, Rapid7; Author, The Car Hacker's Handbook

12:15-1:30 pm Lunch
1:30-2:05 pm Lies, Damn Lies, and Pen Tests

Tom Liston, Senior Security Consultant, DarkMatter, LLC - Abu Dhabi @tliston

2:05-2:35 pm WAF-aiki: Pen Test Techniques Against a Web Application Firewall

Greg Owen, Senior Principal Security Engineer, Vantiv @gowenfawr

2:35-3:10 pm Signal Safari: Investigating RF Controls with RTL-SDR

Katie Knowles, Security Consultant, MWR Infosecurity @_sigil

3:10-3:40 pm Networking Break and Vendor Expo
3:40-4:15 pm Privesc Playground

Jake Williams, Founder, Rendition Infosec; Certified Instructor & Course Author, SANS Institute @MalwareJake

6:30-9:30 pm Core NetWars Tournament