This is a heads up that registration for the AvengerCon VII conference and workshops will be closing soon.

Main Event Registration Closes 27 November!

Registration for AvengerCon VII will close at 2359 EST on Sunday, 27 November! Register here today - don't miss this year's event!

NOTE: If you are not MIL/GOV affiliated, you are still welcome to register but we cannot guarantee approval at this time due to the short time frame between now and the event. Registration for attendees requiring manual approval closed on 18 November.

Workshop Registration Tentatively Closes 23 November!

Workshop registration for AvengerCon VII will be tentatively closing at 1700 EST on Wednesday, 23 November! Our partners at MISI are hosting AvengerCon's workshop registration here! You can find descriptions of this year's workshops here!

Remember to register for the main event before registering for workshops! We strongly recommend registering for workshops using the same email that you used to register for the main event so your registration status can be easily verified.

NOTE: Registering for a workshop does not guarantee attendance; registration requests will be reviewed and confirmed by AvengerCon staff. Priority will be generally first-come/first-serve but we will also seek to maximize the number of people that can attend at least one workshop if all slots are filled. You need to register for the main event in order to be granted a seat in a workshop!

At this year's AvengerCon, we are honored to host Katie Moussouris (CEO & Founder, Luta Security), TJ O'Connor (LTC Ret. and Professor, Florida Institute of Technology) and Colin Ahern (Chief Cyber Officer, New York State) for a panel discussion covering "Crowdsourcing Security"! The panel will be moderated by MAJ Steve Rogacki of the 780th MI BDE.

In this 45 minute discussion, our panelists will explore our event theme "crowdsourcing conflict" from a defensive perspective. If "IT armies" are able to crowdsource attacking computer systems, can we crowdsource our security as well? What are the methods we can use to crowdsource our security, and can such methods keep up with crowdsourced attackers and other evolving threats?

You can read more about panelists and discussion topic here.

Workshop registration for AvengerCon VII is open as of 14 November!

Our partners at MISI are hosting AvengerCon's workshop registration here.

You can find the descriptions of this year's workshops here.

Make sure you register for the main event before registering for workshops! We strongly recommend registering for workshops using the same email that you used to register for the main event so your registration status can be easily verified.

NOTE: Registering for a workshop does not guarantee attendance; registration requests will be reviewed and confirmed by AvengerCon staff. Priority will be generally first-come/first-serve but we will also seek to maximize the number of people that can attend at least one workshop if all slots are filled. You need to register for the main event in order to be granted a seat in a workshop!

This is a reminder that registration is open for AvengerCon VII, and it's only two weeks away!

We request that everyone planning to attend AvengerCon this year register before 1700 EST on Friday, 18 November!

Registering by 1700 EST on Friday, 18 November will allow us to review all requests to attend that require manual verification and allow our partners at MISI to prepare for the correct number of in-person attendees.

While we intend to keep registration open until the start of the event, we cannot guarantee that we will be able to review all requests to attend received after 18 November. Early registrants will also get priority for receiving event swag if AvengerCon's attendance this year exceeds the available supply. Remote attendees are also encouraged to register early so that they have time to prepare their Discord accounts for joining the remote event!

We are happy to announce that this year's AvengerCon will feature an official CTF thanks to the generous support of Prof. T.J. O'Connor, the Florida Institute of Technology, and our AvengerCon volunteers!

The AvengerCon VII CTF is a Jeopardy-style event designed for individual competitors. The CTF will start at 0900 EST on 30 November 2022 (workshops day) and end at 1600 EST on 01 December 2022 (the main event day).

CTF challenge categories include web, reverse engineering, pwn, crypto, and forensics!

All AvengerCon attendees are welcome to participate and compete to win, practice your skills, and learn something new! It will be Internet-accessible, allowing both in-person and remote attendees to participate.

As AvengerCon VII approaches, we will send out follow-on instructions on how AvengerCon attendees can register and participate in the CTF!

We are happy to announce that selected presentations from 2020's AvengerCon V are now available for public viewing on DVIDS!

You can now revisit some of your favorite presentations and/or check out the ones you missed!

• Cars CAN Be Secure Or: How to Stop Worrying and Make ICS Unhackable for <$5 (Brent Stone and Ken Tindell)
• Hacking Government Bureaucracy (Greg Conti)
• Color by Numbers: Inside a Dharma Ransomware-As-A-Service Attack (Sean Gallagher)
• Weapon of Mass Destruction: A Look at the Ransomware Pandemic (Fernando Tomlinson)
• Kerberos Abuse: A Recap of the Three-Headed Dog (Alberto Jose Rodriguez Sanchez)
• Rapid Application Development for Emergency Response Scenarios (Matthew Wagner)
• Thanks SpaceX! Client-side JavaScript for the Win! (Stephen Willson)

The presentation schedule for AvengerCon VII has been released! You can find it on the schedule page.

We are honored to be hosting Peiter "Mudge" Zatko and Sarah Zatko as our keynote speakers for AvengerCon VII! The keynote is scheduled as the first presentation of the event on Thursday, 01 December 2022.

Please see below for their biographies!

Peiter "Mudge" Zatko

Peiter “Mudge” Zatko is considered one of the pioneers of modern infosec/cybersecurity. He was responsible for early research into the practical use of buffer overflows. He published some of the first security texts and code demonstrating early vulnerabilities such as code injection, side-channel/timing attacks, and information leaks. In addition he has had numerous technical papers published in peer reviewed journals.

Mudge has testified to the US Congress multiple times in addition to having a long history of teaching and lecturing at universities, military academies, and government agencies (IC). He was the initial author of L0phtCrack and a pioneer in early BGP attacks, which he made famous in testimony to the US Senate referencing how to 'take down the Internet in 30 minutes.'

In 2010 he took an appointed position as a Department of Defense official within the Defense Advanced Research Projects Agency (DARPA), where he was responsible for helping reboot how the DoD invested in cybersecurity R&D (and how to quantify aspects of full spectrum Computer Network Operations (CNO) ). Many of his contributions and programs have continued and been adopted throughout different parts of the DoD and IC. For his contributions Mudge was awarded the Medal for Exceptional Public Service; the highest medal that can be bestowed upon a non-career civilian from the Office of the Secretary of Defense. Mudge and Sarah were both inducted into the Order of Thor at the Army Cyber Institute. After his tenure at DARPA he held senior leadership and executive positions at Motorola, Google, Stripe, and Twitter. He and Sarah then co-founded the 501(c)3 organization Cyber-ITL after receiving a call from the White House.

More recently in continuation of his mission to improve the world and perform his civic duties, Mudge followed appropriate legal processes and became a lawful whistleblower.

Sarah Zatko

Sarah Zatko has a bachelor’s in Math with Computer Science from MIT and a Master’s in Computer Science from Boston University. She has worked in the computer security field for over a decade for government contractors such as BBN Technologies, The Institute for Defense Analysis (a Federally Funded Research and Development Center), and commercial companies like IBM or L0phtcrack, LLC.

Sarah also has a strong interest in security education and has presented several talks on the subject at Hope, Shmoocon, and West Point. Most recently, Sarah has been working on methods for automated software safety assessment at Cyber ITL, and has presented research and findings from that work at Defcon, BlackHat, and to US lawmakers. She is also currently advising multiple orgs on issues relating to IoT safety and software labeling.

Registration for AvengerCon VII has opened! Register today here!

Who is eligible to attend?

The event is open to all service members and employees of U.S. Cyber Command, Department of Defense, and related partners supporting cyberspace missions. Anyone who can verify their MIL/GOV status with access to their official .gov or .mil email address is automatically eligible to attend.

I do not have a .gov or .mil email address, can I attend?

Anyone who has a MIL/GOV affiliation or directly supports the U.S. Cyber Command mission or AvengerCon are also eligible attend. Please provide a description of your role, organization, and a government contact who can verify your support in the justfication field of the registration form. We will reach out at a later date to verify your affiliation.

We may consider other requests to attend on a case-by-case basis as the capacity of our event allows. We can't guarantee attendance to everyone, but if you are really interested in attending, please get in touch with us through the conference registration or contact forms.

The 2022 Russian invasion of Ukraine prompted the Ukrainian government to create a volunteer "IT Army¹" and challenged online supporters worldwide to participate in a pro-Ukraine campaign using the means at their disposal - including information operations², OSINT analysis³, and offensive cyber operations⁴. Hacktivist use of these techniques with the goal of achieving smaller political goals is an established phenomenon and comes with a mixed history of success. Ukraine’s active solicitation of volunteer support and the scale of volunteer involvement in the context of the largest armed conflict seen in Europe since the Second World War suggests the possibility of states attempting to leverage crowdsourcing as a force multiplier in future conflicts.

We’re calling this phenomenon "Crowdsourcing conflict," and it is the theme we invite you all to consider at this year’s AvengerCon!

Recruiting volunteers worldwide enabled Ukraine to create a massive and loosely organized cyber collective that has conducted information operations², effects operations³, and provided OSINT analysis⁴ to support their cause. The IT Army’s broad base of volunteer support also serves as a demonstration of popular opposition to Russia’s invasion.

However, Ukraine’s online volunteer army also comes with risks and limitations. How can volunteers be vetted and coordinated, especially in wartime? What if civilian infrastructure or the wrong targets get attacked? Should these volunteers be considered combatants? Does volunteer cyber activity or public OSINT research risk doing more harm than good by ruining intelligence sources or by notifying the adversary of OPSEC failures⁵? And how can we objectively assess the effectiveness or volume of volunteer activities in a news environment saturated by an active information operations battle, that promotes flashy stories over measured analysis, and that is bound to miss the activities of stealthy and subtle actors?

How could Ukraine (or another nation or non-state actor) more effectively employ crowdsourced online support in a conflict? How could a nation prevent or defend against crowdsourced efforts targeting them? And how could a nation better leverage crowdsourced methodologies to improve their overall cybersecurity defensive posture?

At this year’s AvengerCon, we invite the community to explore the capabilities, limitations, and consequences of crowdsourcing conflict, how it can enable (or place at risk) the security of our Nation, and influence conflicts of the present and future.

References

1. https://foreignpolicy.com/2022/04/11/russia-cyberwarfare-us-ukraine-volunteer-hackers-it-army/

   Ukrainian officials launched an volunteer "IT Army" days after the 24 February start of the invasion and provided tasking directions using a Telegram channel to conduct distributed denial of service (DDoS) and other cyberattacks against specific Russian governmental and corporate targets and succeeded at temporarily rendering many of their targets unavailable. The Ukrainian "IT Army" continues to operate to this day, conducting both DDoS attacks and other operations under its brand. ↩

2. https://www.wsj.com/articles/ukraines-internet-army-of-nafo-fellas-fights-russian-trolls-and-rewards-donors-with-dogs-11664271002 ↩

3. https://www.bellingcat.com/news/2022/03/17/hospitals-bombed-and-apartments-destroyed-mapping-incidents-of-civilian-harm-in-ukraine/ ↩

4. https://www.washingtonpost.com/world/europe/belarus-hack-cyber-partisans-lukashenko/2021/09/14/5ad56006-fabd-11eb-911c-524bc8b68f17_story.html, https://risky.biz/RB634/, https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/

   The Belarusian Cyber Partisans, previously known for activities protesting the Lukashenko regime including a massive leak of Belarusian KGB files infected the Belarus’s state-run railroad system with ransomware to disrupt the deployment of Russian forces prior the invasion. ↩

5. https://risky.biz/BTN6/, https://risky.biz/RBTALKS2/

   For a more detailed discussion of these risks and limitations, please review these podcast episodes. ↩

We are pleased to announce that the following presentations from AvengerCon VI are (finally) available for public viewing and enjoyment!

Whether you missed these presentations at last year's event, want to revisit your favorites, learn something new, or just want to get hyped for this year's event, we encourage you to check them out!

NOTE: If you are looking for a presentation from last year that is not listed below, please note that not all presentations from the event will be released for public viewing to respect the publicity preferences of our presenters.

• Breaking Down the Buzzwords: DevOps and Agile in the Cybersecurity Community (CPT Olivia Brundage and 1LT Eric Koch)
• It's All Fun in Games (COL Travis Hartman)
• Protect Yourself From Gamer Input (Capt. Rob Guiler)
• Practical Online Privacy (CPT Alex Master)
• Languages (not Python) and Cyber - Linguists in the InfoSec Field (CPT Garrett Guinivan)
• Back to Basics - Why Your 10 Million USD SIEM Won't Stop the Bad Guys (CPT Mark Klink)
• Selling Cyber - How to Engage Senior Leaders and Build a Village to Achieve Your Goal (MSG Chuck Weissenborn)
• Insights into Foreign SCADA Bots Probing US OT Assets (Philip Trainor)

The AvengerCon VII call for content is now closed. A big thanks to everyone who stepped up and submitted a proposal for this year!

Over the next couple of weeks, AvengerCon volunteers will be reviewing and selecting content from the proposals, informing everyone whether their proposals were accepted or not, and confirm the availability of all accepted presenters, workshop instructors, and village organizers.

We can't wait to share what this year's AvengerCon has in store for you! Keep an eye out later this month for content announcements!

Have something cool you wanted to submit for the call for content for AvengerCon this year but weren't able to prepare it before the original 15 September 2022 deadline?

Well you're in luck! The deadline for the calls for presentations, villages, and workshops have been extended to 2359 EDT on 28 September 2022!

FYSA, based on the number of proposals we have received so far and timesolts on our schedule, AvengerCon VII still has capacity for more presentations, villages and workshops! If you submit a complete proposal for a presentation, village, or workshop today, it has a VERY good chance of getting accepted!

AvengerCon is nothing without its community! Come share your passion: whether it be a talk on a project or hobby, a hands-on activity, or a particular skill you think would benefit the community, we would love to showcase your work.

This is a reminder that the call for content for AvengerCon VII is open through 15 September, and you still have some time to submit a proposal!

Head here to submit a presentation proposal, here to submit a village proposal, here to submit a workshop proposal!

Please reach out through the website contact form with any questions!

We are now accepting proposals for presentations, villages, and workshops for AvengerCon VII!

The calls for content will close at 2359 EDT on 15 September, 2022.

Head here to submit a presentation proposal, here to submit a village proposal, here to submit a workshop proposal, or find the links on the avengercon.com sidebar to submit!

AvengerCon is nothing without its community! Come share your passion: whether it be a talk on a project or hobby, a hands-on activity, or a particular skill you think would benefit the community, we would love to showcase your work.

AvengerCon will be supporting a hybrid-event model and we will work with you to make sure your contribution is a success whether you will be participating in-person or remotely.

Please reach out through the website contact form with any questions!

Call for Presentations

Join our ranks of presentation speakers at AvengerCon! We're searching for 15 - 45 minute presentations on diverse topics from policy thoughts to technical demonstrations and anything in between. Presentations covering the fundamentals as well as advanced research or niche topics are equally welcome.

If you think it's important to the community, we'll hear it.

We are seeking both experienced and first-time presenters!

Call for Villages

AvengerCon is looking to host a variety of villages this year showcasing the diverse set of skill sets in the cybersecurity world!

Past villages have included topics like lockpicking, ICS/SCADA pen-testing, RF hacking, network recon, CTFs, and more!

We are always looking to add new villages or CTFs to our event; so don’t hesitate to submit a proposal if you are interested in hosting a village!

Call for Workshops

Teach a workshop at AvengerCon! Do you have an idea for a workshop and want to help others on their journey to l33t? Submit a workshop proposal for your chance to train fellow hackers in your area of expertise!

We are looking for a diverse range of workshop topics at every difficulty level. Workshops could either be half-day (3 hours) or full-day (6 hours) for approximately 15-30 students.

AvengerCon returns for 2022! AvengerCon VII is scheduled as a hybrid in-person and virtual event on November 30th and December 1st 2022!

AvengerCon is a free security event hosted every fall by the Maryland Innovation and Security Institute to benefit the hackers of the U.S. Cyber Command community and the U.S. Army 780th Military Intelligence Brigade. The event is open to all service members and employees of U.S. Cyber Command and Department of Defense personnel supporting cyberspace missions.

AvengerCon will feature presentations, hacker villages, training workshops, and other content provided by motivated members of the AvengerCon community!

Stay tuned for more announcements about AvengerCon VII!

To learn more about our previous events, check out the links below:

• AvengerCon III – Ars Technica
• AvengerCon IV – Ars Technica
• AvengerCon V – 780th MI BDE BYTE magazine
• AvengerCon VI - 780th MI BDE BYTE magazine