In-Person Event

Meet Us in Vegas for Black Hat, BSidesLV and DEF CON

Las Vegas, NV

Aug 05th - Aug 12th, 2023

Practitioner-first cloud security is here.

Powered by unrivaled open-source initiatives, our solutions are built by practitioners for practitioners, and designed to help security teams eliminate risks and threats everywhere. Visit our experts at Booth 2140 to learn how you can level up security operations with Rapid7 cloud security. 

We’re also celebrating 20 years of Metasploit. Don’t miss your chance to take home some limited edition anniversary swag. See you in Vegas!

RAPID7 AT BLACK HAT

VISIT BOOTH #2140 IN THE BUSINESS HALL AUG 9-10 FOR:

PERSONALIZED DEMOS

See firsthand how we help you manage risk and eliminate threats across any environment. Sign up in advance so we know you’re coming!

Pre-register for a meeting or demo

RAPID7 EXPERTS

Visit our booth to join in our Metasploit Framework Hands-On Lab. Or learn how Rapid7 can help you at one of our theater presentations and to discuss your specific security challenges with Rapid7 experts in the booth.

LIMITED EDITION T-SHIRTS

In honor of The Metasploit Project’s 20th anniversary, Rapid7 is launching a special edition t-shirt and we invited members of the community to have a hand in its creation. You’re definitely going to want one of these!

RAPID7 SESSIONS

Sat, Aug 05, 2023
10:00 AM - 7:00 PM

Black Hat Training - Digging Deeper with Velociraptor

Sat, Aug 05, 2023
10:00 AM - 7:00 PM

Speakers:  Mike Cohen, Digital Paleontologist, Rapid7

Velociraptor is the most advanced, open source, endpoint visibility tool that everyone is talking about! Have you ever needed to respond to an incident in a large enterprise network? Have you wondered how many of your 10,000 endpoints are compromised? You know you should be hunting for common forensic artifacts but how do you do it in a scalable way, in a reasonable time? Well… now you can! This updated training course will teach you how to make the most of Velociraptor - taught by the developers of Velociraptor themselves!

Room: Potomac D (Session purchase required)
Sessions on August 5th (10am - 7pm) and August 6th - 8th (9am - 6pm)

Session Link

Pre-register

Tue, Aug 08, 2023
5:00 PM - 5:45 PM

BSIDESLV - Security Data Science Teams: A Guide to Prestige Classes

Tue, Aug 08, 2023
5:00 PM - 5:45 PM

Speakers:  Erick Galinkin, Principal Artificial Intelligence Researcher, Rapid7

Ground Truth

As more of security becomes driven by data, a menagerie of job titles have cropped up across the industry. Data Scientist, ML Engineer, Data Engineer, AI Researcher, and more have become de rigeur job titles – but the lines between each role remain blurry, especially for early career and non-data folks.

In this talk, we talk about where the skills of these roles overlap, how to pursue a security data career, and crucially, offer some hot takes on why maybe we need some clearer lines.

Session Link

Pre-register

Wed, Aug 09, 2023
11:30 AM - 12:30 PM

Black Hat Sponsor Session - The Art of Unified Defense: Confidently Secure Hybrid Environments

Wed, Aug 09, 2023
11:30 AM - 12:30 PM

Speakers:  Jeffrey Gardner, Practice Advisor - Detection & Response, Rapid7, and Devin Krugly, Practice Advisor - Vulnerability Risk Management, Rapid7

Attackers taking advantage of your environment and living off the land? Check. Vulnerabilities and zero days moving beyond the on-prem environment and into the cloud? Check. Isolated teams, non-aligned initiatives, and no shared mission? Check.

Yes, hybrid is where it's at — but it also gives you the makings of a perfect storm. In this session, we will put your mind at ease as they demystify the complexities of hybrid environments, sharing strategies for evolving cyber risk management across digitally complex ecosystems and forging a shared, cross-functional cyber defense.

Room: Mandalay Bay K

Session Link

PRE-REGISTER

Thu, Aug 10, 2023
1:00 PM - 2:30 PM

Black Hat Arsenal - Modern Active Directory Attacks with the Metasploit Framework

Thu, Aug 10, 2023
1:00 PM - 2:30 PM

Speakers:  Spencer McIntyre, Manager, Security Research, Rapid7

Active Directory is the foundation of the infrastructure for many organizations. As of 2023, Metasploit has added a wide range of new capabilities and attack workflows to support Active Directory exploitation. This Arsenal demonstration will cover new ways to enumerate information from LDAP, attacking Active Directory Certificate Services (AD CS), leveraging Role Based Constrained Delegation, and using Kerberos authentication.

The Kerberos features added in Metasploit 6.3 will be a focal point. The audience will learn how to execute multiple attack techniques, including Pass-The-Ticket (PTT), forging Golden/Silver Tickets, and authenticating with AD CS certificates. Finally, users will see how these attack primitives can be combined within Metasploit to streamline attack workflows with integrated ticket management. The demonstration will also highlight inspection capabilities that are useful for decrypting traffic and tickets for debugging and research purposes.

Room: Business Hall - Arsenal Station 4

Session Link

 

Pre-register

Fri, Aug 11, 2023
10:00 AM - 12:00 PM

DEF CON - Demo Labs Presentation

Fri, Aug 11, 2023
10:00 AM - 12:00 PM

Speakers:  Spencer McIntyre, Manager, Security Research, Rapid7

Come by the Committee Boardroom for a demo labs presentation on Metasploit framework. 

Room: Committee Boardroom

Pre-register

Sat, Aug 12, 2023
11:00 AM - 12:00 PM

DEF CON Panel: AI Caramba! A DC Interface on Machine Learning

Sat, Aug 12, 2023
11:00 AM - 12:00 PM

Moderator: Austin Carson, Founder & President, SeedAI

Panelists: Erick Galinkin, Principal Artificial Intelligence Researcher, Rapid7 with Dr. Rumman Chowdhury, CEO, Humane Intelligence and former director of Twitter ML Ethics, Transparency, and Accountability; Kellee Wicker, Director of S&T, Wilson Center; and Tim Ryer, Legislative Assistant to U.S. Senate Majority Leader Chuck Schumer

This session will explore how we can combine the expertise of DEF CON attendees with the political will and specialized knowledge networks in the Administration and around DC to create wise policy for AI. Topics covered will include how the two communities can support each other and create a virtuous cycle of information conveyance and policy progress? What should the next steps of this work be - how do we move beyond the Biden EO? In this session we'll have top experts in policy and the hacker community come together to discuss what that can look like and how to be mutually conscientious of what our experiences and priorities may be.

Location: Policy Village

Pre-register

Rapid7 at DEF CON

Thu, Aug 10th - Sun, Aug 13th, 2023

In addition to Spencer McIntyre's session on Metasploit framework (see above) come on by to these villages to meet our experienced researchers and see them in action. 

AI Village
Erick Galinkin, Principal Artificial Intelligence Researcher, will be in the AI Village supporting talks and events, including a White House supported public evaluation of AI tools from Google, Microsoft, OpenAI and Anthropic. (Learn more)
AI Village at DEF CON 31

IoT Village
Deral Heiland, Principal Security Researcher, IoT, is back in the IoT Village with more hands-on hardware hacking exercises not to be missed.
IoT Village at DEF CON 31