This session will delve into an emerging advanced technique designed to bypass Endpoint Detection and Response (EDR) systems. This technique enables attackers to conceal their malicious activities and evade EDR monitoring and detection by leveraging low-level Windows APIs and manipulating system call user-mode hooking mechanisms. By doing so, attackers can bypass traditional EDR defenses, evade file scanning, behavior monitoring, and other protective measures, while establishing persistent control.

"Is Your Company Secure? Don't just wait for vulnerability found from security vendors, bug bounty hunters, or real-world attacks! Do it by yourself."

This session introduces the initial phase of penetration testing: reconnaissance. I will share how to use free online tools and open-source tools to uncover potential security risks. Attendees will understand how public information can be used for possible attacks.

I hope attendees will be able to conduct basic reconnaissance, find out potential security risks and reduce security risks earlier after this session. 

Why not fight back when you are attacked by hackers? You will find more interesting things when you fight back against hackers. In addition to C2 server, you can also obtain more hacker toysand funny information. This will help you strengthen your own defense.

As enterprises increasingly prioritize cybersecurity, Endpoint Detection and Response (EDR) has become a critical defense tool. However, as adversaries continuously refine their tactics, the arms race between blue teams and red teams grows ever more intense. In this ongoing battle, every improvement in detection is met with new evasion techniques, driving a continuous cycle of adaptation and escalation.

In this session, we will explore the evolution of EDR detection strategies in recent years and analyze how attackers leverage obfuscation techniques to conceal malicious activities, abuse Windows Subsystem for Linux (WSL) to bypass traditional security solutions, and exploit Windows Filtering Platform (WFP)—as seen in EDRSilencer—to manipulate EDR operations. Through real-world case studies, we will examine the challenges these techniques pose to EDR detection and discuss how blue teams can develop proactive defense strategies, shifting from reactive detection to active deception, ensuring EDR remains a step ahead in the ever-evolving threat landscape.

Red Goes Purple: CTEM, BAS & MITRE ATT&CK in Real-World Red Team Ops

This talk dives into next-level Red Teaming, where CTEM and BAS aren’t checkboxes but offensive weapons. With cyber threats evolving, it’s time to move past outdated pentesting and systematically identify, exploit, and reduce attack surfaces before adversaries do.

At the core is MITRE ATT&CK, but most teams still treat it as a checklist. I’ll show you how to weaponize ATT&CK, integrating CTEM and BAS to expose blind spots, disrupt blue teams, and stress-test real-world defenses.

We’ll also explore Generative AI (GenAI) in offensive security—attackers are already using AI-driven polymorphic malware, automated recon, and adaptive social engineering. If you're not integrating GenAI into your ops, you’re already behind.

Expect hard-hitting case studies on evasion tactics, AI-assisted attacks, and turning threat intel into real adversary emulation. No fluff, no compliance talk—just raw Red Team strategies to push security beyond its limits. If you’re ready to hack smarter, move faster, and break defenses the right way, this session is for you.

As EDR solutions continue to evolve, red teams face growing challenges in evading detection, making Defense Evasion a core priority in modern adversary simulation. Among the many techniques available, Loaders play a critical role in executing malicious payloads—particularly Reflective Loaders, which offer exceptional flexibility and stealth, making them a powerful weapon in the red team arsenal.

This session delves into the concept of Reflective Loaders, mapping them against EDR bypass strategies. We will explore how these loaders evade memory scanning, behavioral analysis, and other detection mechanisms, providing practical insights into their strengths and limitations. By bridging the gap between offensive techniques and defensive strategies, this session equips enterprise security teams with the technical knowledge needed to enhance threat detection and response, fortifying defenses against increasingly sophisticated adversaries.

This session will delve into enhancing the stealth of red team operations, ensuring their actions remain covert and effective. We will explore network anonymization technologies such as DoH, ECH, and Domain Fronting; management and configuration of Payloads and C2 Servers, covering both commercial and open-source tools like Cobalt Strike and Meterpreter. Additionally, we will discuss techniques such as Injection and API usage to increase operational concealment, along with practical considerations for using tools like Mimikatz, BloodHound, and Impacket.

The presentation will also address challenges posed by modern antivirus and endpoint protection through exploring technologies like AMSI and ETW, and methods to bypass them. This helps red team members avoid security detections and prevent triggering alerts during missions. Through this lecture, participants will learn how to maintain the secrecy of red team activities across various security environments while enhancing the effectiveness and precision of red team exercises.

Autonomous AI agentic systems transform cybersecurity through independent decision-making and risk mitigation without human intervention. Through advanced algorithms and continuous learning, they prioritize and neutralize exposed vulnerabilities while aligning cybersecurity with business objectives. AI agents liberate human analysts by executing tasks removing exposed risks from digital assets.

One of the most significant challenges for CISOs and security leaders is not just defending against attacks or mitigating vulnerabilities but also developing a high-performing security team. Security professionals constantly manage incidents, patches, and updates, yet a reactive approach is neither scalable nor sustainable.

To build long-term resilience, organizations must prioritize proactive skill development. Red Team Assessment, rooted in real-world attack scenarios, offers one of the most effective ways to strengthen security capabilities. Beyond technical skills, these exercises help security leaders assess team readiness, refine incident response strategies, and align security investments with business objectives.

This session will explore how offensive security strategies — from cyber range simulations and penetration testing to full-scale Red Team Assessment — can drive measurable improvements in security posture. By leveraging these exercises effectively, CISOs can transform them from routine drills into strategic initiatives that enhance enterprise-wide defense and risk management.