Events will take place during conference on November 19th, 2022 BUY TICKETS

Password Cracking hands on techniques by Irvin Lemus 4PM-6PM PST

OWASP TOP 10 API workshop by Zach Heller 2Pm-4PM PST 

Using ./HAVOC to Emulate Attacker Infrastructure - Tom D'Aquino - Nov 19th 10:00-12:00 PM PST

NoQRTR CTF - Nov 19th 11am - 6pm PST 

Lockpicking Village - 11am - 6pm PST 


Password Cracking hands on techniques by Irvin Lemus
Hands on two hour workshop on how to use password cracking tools in the most effective manner. Bring your computer and have fun cracking passwords with Irvin. 

Irvin Lemus 

Irvin Lemus, CISSP has been in the industry for over 15 years. Irvin has been involved with cybersecurity competitions as a trainer, coach, mentor and creator. He is currently a Cyber Range Engineer for By Light, the Bay Cyber League Competitions Coordinator and SkillsUSA Contest Chair. Irvin has spoken at various cybersecurity conferences and creates cyber competitions regularly. He describes himself as, “A professional troublemaker who loves hacking all the things.”

OWASP TOP 10 API workshop by Zach Heller 

Abstract: A foundational element of innovation in today’s app-driven world is the Application Programming Interface, or API. Unlike traditional web applications that manage data handling on the server and send pre-rendered resources to the browser, APIs perform only data processing and leave the rendering to the client. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and have increasingly become a target for attackers. In this workshop, you’ll exploit the Top Ten API vulnerabilities in real-life scenarios and modify existing API code to mitigate the vulnerabilities you just exploited, leveraging the Avatao learning platform.

Prerequisites: a computer with a browser, the ability to read and write code, and basic command-line experience.
Presenter: Zach Heller ( - Cybersecurity Consultant, M.S. in Computer Science, Ethical Hacking Educator, Head of Cybersecurity Curriculum Development at The Coding School.

Using ./HAVOC to Emulate Attacker Infrastructure

In this workshop, you will learn how to leverage the open source ./HAVOC framework ( to automatically provision attacker infrastructure and orchestrate attack activities through the use of ./HAVOC playbooks.


Personal laptop 

Personal AWS account 

Not required but nice to have:

Experience with AWS

Experience with Python3


Tom D'Aquino is a cybersecurity practitioner with over 20 years of experience architecting, implementing and validating cybersecurity solutions. Tom works in an official capacity as the Director of Security Validation for Vectra AI where he specializes in testing and validating the capabilities of Vectra AI's technology in the lab and in customer environments. Tom is also the creator and primary developer of the open source ./HAVOC framework and, in his spare time, he produces and hosts the ./HAVOC podcast


NOQRTRCTF - Saturday November 19th - 11am - 6pm PST

A hacking competition based on real life scenarios including state sponsor, APT tools, where players are faced with realistic scenarios and with the possibility of performing real target exploitation. BUY TICKETS


Lock picking Village - Saturday November 19th - 11am - 6pm PST

Come join and learn the art of picking locks and physical security.