AvengerCon VII has concluded! Thanks to our keynote speakers, Mudge and Sarah Zatko, our panelists, Colin Ahern, Katie Moussouris, and TJ O'Connor, and all our speakers, village hosts, and workshop instructors for a fantastic conference!
Speaker videos will be published per the speaker's preferences on DVIDS as we process and upload them.
DefenseScoop has published an article covering the event, featuring interviews with CPT Jacob Heybey and MAJ Neil Milchak, organizers for this year's and last year's events respectively.
This is a heads up that registration for the AvengerCon VII conference and
workshops will be closing soon.
Main Event Registration Closes 27 November!
Registration for AvengerCon VII will close at 2359 EST on Sunday, 27
November! Register here today - don't miss this
year's event!
NOTE: If you are not MIL/GOV affiliated, you are still welcome to register
but we cannot guarantee approval at this time due to the short time frame
between now and the event. Registration for attendees requiring manual approval
closed on 18 November.
Workshop registration for AvengerCon VII will be tentatively closing at
1700 EST on Wednesday, 23 November! Our partners at MISI are hosting
AvengerCon's workshop registration here! You can find
descriptions of this year's workshops here!
Remember to register for the main event before
registering for workshops! We strongly recommend registering for workshops
using the same email that you used to register for the main event so your
registration status can be easily verified.
NOTE: Registering for a workshop does not guarantee attendance;
registration requests will be reviewed and confirmed by AvengerCon staff.
Priority will be generally first-come/first-serve but we will also seek to
maximize the number of people that can attend at least one workshop if all
slots are filled. You need to register for the main event in order to be
granted a seat in a workshop!
In this 45 minute discussion, our panelists will explore our event theme
"crowdsourcing conflict" from a defensive perspective.
If "IT armies" are able to crowdsource attacking computer systems, can we
crowdsource our security as well? What are the methods we can use to
crowdsource our security, and can such methods keep up with crowdsourced
attackers and other evolving threats?
You can read more about panelists and discussion topic
here.
Workshop registration for AvengerCon VII is open as of 14 November!
Our partners at MISI are hosting AvengerCon's workshop registration
here.
You can find the descriptions of this year's workshops
here.
Make sure you register for the main event before
registering for workshops! We strongly recommend registering for workshops
using the same email that you used to register for the main event so your
registration status can be easily verified.
NOTE: Registering for a workshop does not guarantee attendance;
registration requests will be reviewed and confirmed by AvengerCon staff.
Priority will be generally first-come/first-serve but we will also seek to
maximize the number of people that can attend at least one workshop if all
slots are filled. You need to register for the main event in order to be
granted a seat in a workshop!
This is a reminder that registration is open for
AvengerCon VII, and it's only two weeks away!
We request that everyone planning to attend AvengerCon this year register
before 1700 EST on Friday, 18 November!
Registering by 1700 EST on Friday, 18 November will allow us to review all
requests to attend that require manual verification and allow our partners at
MISI to prepare for the correct number of in-person attendees.
While we intend to keep registration open until the start of the event, we
cannot guarantee that we will be able to review all requests to attend received
after 18 November. Early registrants will also get priority for receiving event
swag if AvengerCon's attendance this year exceeds the available supply. Remote
attendees are also encouraged to register early so that they have time to
prepare their Discord accounts for joining the remote event!
We are happy to announce that this year's AvengerCon will feature an official
CTF thanks to the generous support of Prof. T.J. O'Connor, the Florida
Institute of Technology, and our AvengerCon volunteers!
The AvengerCon VII CTF is a Jeopardy-style event designed for individual
competitors. The CTF will start at 0900 EST on 30 November 2022 (workshops day)
and end at 1600 EST on 01 December 2022 (the main event day).
CTF challenge categories include web, reverse engineering, pwn, crypto, and
forensics!
All AvengerCon attendees are welcome to participate and compete to win,
practice your skills, and learn something new! It will be Internet-accessible,
allowing both in-person and remote attendees to participate.
As AvengerCon VII approaches, we will send out follow-on instructions on how
AvengerCon attendees can register and participate in the CTF!
We are honored to be hosting Peiter "Mudge" Zatko and Sarah Zatko as our
keynote speakers for AvengerCon VII! The keynote is scheduled as the first
presentation of the event on Thursday, 01 December 2022.
Please see below for their biographies!
Peiter "Mudge" Zatko
Peiter “Mudge” Zatko is considered one of the pioneers of modern
infosec/cybersecurity. He was responsible for early research into the practical
use of buffer overflows. He published some of the first security texts and code
demonstrating early vulnerabilities such as code injection, side-channel/timing
attacks, and information leaks. In addition he has had numerous technical
papers published in peer reviewed journals.
Mudge has testified to the US Congress multiple times in addition to having a
long history of teaching and lecturing at universities, military academies, and
government agencies (IC). He was the initial author of L0phtCrack and a pioneer
in early BGP attacks, which he made famous in testimony to the US Senate
referencing how to 'take down the Internet in 30 minutes.'
In 2010 he took an appointed position as a Department of Defense official
within the Defense Advanced Research Projects Agency (DARPA), where he was
responsible for helping reboot how the DoD invested in cybersecurity R&D (and
how to quantify aspects of full spectrum Computer Network Operations
(CNO) ). Many of his contributions and programs have continued and been
adopted throughout different parts of the DoD and IC. For his contributions
Mudge was awarded the Medal for Exceptional Public Service; the highest medal
that can be bestowed upon a non-career civilian from the Office of the
Secretary of Defense. Mudge and Sarah were both inducted into the Order of Thor
at the Army Cyber Institute. After his tenure at DARPA he held senior
leadership and executive positions at Motorola, Google, Stripe, and Twitter.
He and Sarah then co-founded the 501(c)3 organization Cyber-ITL after receiving
a call from the White House.
More recently in continuation of his mission to improve the world and perform
his civic duties, Mudge followed appropriate legal processes and became a
lawful whistleblower.
Sarah Zatko
Sarah Zatko has a bachelor’s in Math with Computer Science from MIT and a
Master’s in Computer Science from Boston University. She has worked in the
computer security field for over a decade for government contractors such as
BBN Technologies, The Institute for Defense Analysis (a Federally Funded
Research and Development Center), and commercial companies like IBM or
L0phtcrack, LLC.
Sarah also has a strong interest in security education and has presented
several talks on the subject at Hope, Shmoocon, and West Point. Most recently,
Sarah has been working on methods for automated software safety assessment at
Cyber ITL, and has presented research and findings from that work at Defcon,
BlackHat, and to US lawmakers. She is also currently advising multiple orgs on
issues relating to IoT safety and software labeling.
Registration for AvengerCon VII has opened! Register today
here!
Who is eligible to attend?
The event is open to all service members and employees of U.S. Cyber Command,
Department of Defense, and related partners supporting cyberspace missions.
Anyone who can verify their MIL/GOV status with access to their official .gov
or .mil email address is automatically eligible to attend.
I do not have a .gov or .mil email address, can I
attend?
Anyone who has a MIL/GOV affiliation or directly supports the U.S. Cyber
Command mission or AvengerCon are also eligible attend. Please provide a
description of your role, organization, and a government contact who can verify
your support in the justfication field of the registration form. We will
reach out at a later date to verify your affiliation.
We may consider other requests to attend on a case-by-case basis as the
capacity of our event allows. We can't guarantee attendance to everyone, but if
you are really interested in attending, please get in touch with us through the
conference registration or contact forms.
The 2022 Russian invasion of Ukraine prompted the Ukrainian government to
create a volunteer "IT Army1" and challenged online supporters worldwide to
participate in a pro-Ukraine campaign using the means at their disposal -
including information operations2, OSINT analysis3, and offensive cyber
operations4. Hacktivist use of these techniques with the goal of achieving
smaller political goals is an established phenomenon and comes with a mixed
history of success. Ukraine’s active solicitation of volunteer support and the
scale of volunteer involvement in the context of the largest armed conflict
seen in Europe since the Second World War suggests the possibility of states
attempting to leverage crowdsourcing as a force multiplier in future conflicts.
We’re calling this phenomenon "Crowdsourcing conflict," and it is the theme we
invite you all to consider at this year’s AvengerCon!
Recruiting volunteers worldwide enabled Ukraine to create a massive and loosely
organized cyber collective that has conducted information operations2,
effects operations3, and provided OSINT analysis4 to support their cause.
The IT Army’s broad base of volunteer support also serves as a demonstration of
popular opposition to Russia’s invasion.
However, Ukraine’s online volunteer army also comes with risks and limitations.
How can volunteers be vetted and coordinated, especially in wartime? What if
civilian infrastructure or the wrong targets get attacked? Should these
volunteers be considered combatants? Does volunteer cyber activity or public
OSINT research risk doing more harm than good by ruining intelligence sources
or by notifying the adversary of OPSEC failures5? And how can we
objectively assess the effectiveness or volume of volunteer activities in a
news environment saturated by an active information operations battle, that
promotes flashy stories over measured analysis, and that is bound to miss the
activities of stealthy and subtle actors?
How could Ukraine (or another nation or non-state actor) more effectively
employ crowdsourced online support in a conflict? How could a nation prevent or
defend against crowdsourced efforts targeting them? And how could a nation
better leverage crowdsourced methodologies to improve their overall
cybersecurity defensive posture?
At this year’s AvengerCon, we invite the community to explore the capabilities,
limitations, and consequences of crowdsourcing conflict, how it can enable (or
place at risk) the security of our Nation, and influence conflicts of the
present and future.
Ukrainian officials launched an volunteer "IT Army" days after the 24 February start of the invasion and provided tasking directions using a Telegram channel to conduct distributed denial of service (DDoS) and other cyberattacks against specific Russian governmental and corporate targets and succeeded at temporarily rendering many of their targets unavailable. The Ukrainian "IT Army" continues to operate to this day, conducting both DDoS attacks and other operations under its brand. ↩
The Belarusian Cyber Partisans, previously known for activities protesting the Lukashenko regime including a massive leak of Belarusian KGB files infected the Belarus’s state-run railroad system with ransomware to disrupt the deployment of Russian forces prior the invasion. ↩
We are pleased to announce that the following presentations from AvengerCon VI
are (finally) available for public viewing and enjoyment!
Whether you missed these presentations at last year's event, want to revisit
your favorites, learn something new, or just want to get hyped for this year's
event, we encourage you to check them out!
NOTE: If you are looking for a presentation from last year that is not
listed below, please note that not all presentations from the event will be
released for public viewing to respect the publicity preferences of our
presenters.
The AvengerCon VII call for content is now closed. A big thanks to everyone who
stepped up and submitted a proposal for this year!
Over the next couple of weeks, AvengerCon volunteers will be reviewing and
selecting content from the proposals, informing everyone whether their
proposals were accepted or not, and confirm the availability of all accepted
presenters, workshop instructors, and village organizers.
We can't wait to share what this year's AvengerCon has in store for you! Keep
an eye out later this month for content announcements!
Have something cool you wanted to submit for the call for content for
AvengerCon this year but weren't able to prepare it before the original 15
September 2022 deadline?
Well you're in luck! The deadline for the calls for presentations, villages,
and workshops have been extended to 2359 EDT on 28 September 2022!
FYSA, based on the number of proposals we have received so far and timesolts on
our schedule, AvengerCon VII still has capacity for more presentations,
villages and workshops! If you submit a complete proposal for a presentation,
village, or workshop today, it has a VERY good chance of getting accepted!
AvengerCon is nothing without its community! Come share your passion: whether
it be a talk on a project or hobby, a hands-on activity, or a particular skill
you think would benefit the community, we would love to showcase your work.
We are now accepting proposals for presentations, villages, and workshops for
AvengerCon VII!
The calls for content will close at 2359 EDT on 15 September, 2022.
Head here to submit a presentation proposal,
here to submit a village proposal,
here to submit a workshop proposal, or find the links on
the avengercon.com sidebar to submit!
AvengerCon is nothing without its community! Come share your passion: whether
it be a talk on a project or hobby, a hands-on activity, or a particular skill
you think would benefit the community, we would love to showcase your work.
AvengerCon will be supporting a hybrid-event model and we will work with you to
make sure your contribution is a success whether you will be participating
in-person or remotely.
Please reach out through the website contact form with any
questions!
Call for Presentations
Join our ranks of presentation speakers at AvengerCon! We're searching for 15 -
45 minute presentations on diverse topics from policy thoughts to technical
demonstrations and anything in between. Presentations covering the fundamentals
as well as advanced research or niche topics are equally welcome.
If you think it's important to the community, we'll hear it.
We are seeking both experienced and first-time presenters!
Call for Villages
AvengerCon is looking to host a variety of villages this year showcasing the
diverse set of skill sets in the cybersecurity world!
Past villages have included topics like lockpicking, ICS/SCADA pen-testing, RF
hacking, network recon, CTFs, and more!
We are always looking to add new villages or CTFs to our event; so don’t
hesitate to submit a proposal if you are interested in hosting a village!
Call for Workshops
Teach a workshop at AvengerCon! Do you have an idea for a workshop and want to
help others on their journey to l33t? Submit a workshop proposal for your
chance to train fellow hackers in your area of expertise!
We are looking for a diverse range of workshop topics at every difficulty
level. Workshops could either be half-day (3 hours) or full-day (6 hours) for
approximately 15-30 students.
AvengerCon returns for 2022! AvengerCon VII is scheduled as a hybrid in-person
and virtual event on November 30th and December 1st 2022!
AvengerCon is a free security event hosted every fall by the Maryland
Innovation and Security Institute to benefit the hackers of the U.S. Cyber
Command community and the U.S. Army 780th Military Intelligence Brigade. The
event is open to all service members and employees of U.S. Cyber Command and
Department of Defense personnel supporting cyberspace missions.
AvengerCon will feature presentations, hacker villages, training workshops, and
other content provided by motivated members of the AvengerCon community!
Stay tuned for more announcements about AvengerCon VII!
To learn more about our previous events, check out the links below: