[Speakers]
Adversary Village at
DEF CON 33

DEF CON 33 Schedule

Roxey Davis

Cybersecurity Storyteller | COO, Women's Society of Cyberjutsu | GRC Security Analyst | Threat Intel Enthusiast & Inclusive Defense Advocate

Roxey Davis is a passionate cybersecurity leader, storyteller, and advocate for inclusive defense. With a background in Security Operations, Threat Intelligence, and Governance, Risk, and Compliance (GRC), they specialize in turning complex threats into collaborative learning opportunities for all skill levels. Currently serving as a GRC Security Analyst and the Chief Operating Officer of the Women's Society of Cyberjutsu, Roxey helps create spaces where underrepresented voices can lead, learn, and thrive.

Their work bridges technical expertise with empathy-driven strategy, focusing on threat-informed defense, insider risk, and building communities where defenders support each other like a well-formed pack. Whether coordinating purple team exercises, launching mentorship programs, or gamifying security awareness, Roxey believes cybersecurity isn’t just about tools — it’s about people, purpose, and preparing before the full moon rises.

They’ve spoken at BsidesNOLA and are known for their creative, interactive sessions that blend storytelling, threat models, and the occasional supernatural metaphor.

Hands-on workshop : From Intel to Emulation: Turning Threat Actor Trends into Defensive Muscle

Friday | Aug 8th 2025
Adversary Village workshop stage | Las Vegas Convention Center
Adversary Emulation

This hands-on workshop teaches you how to track current threat actor activity, build emulation plans from real-world intelligence, and test them safely to improve your organization’s defenses. You'll learn how to gather and interpret TTPs using open-source tools like VirusTotal, ANY.RUN, and MalwareBazaar, then turn that into executable emulation using tools like CALDERA or Atomic Red Team. We’ll finish by analyzing your test results and identifying where your detections and policies may fall short.
What You’ll Learn:
- Where to find current threat actor behaviors
- How to safely emulate threat activity in a controlled lab
- How to analyze outcomes and recommend detection or control improvements.

Prerequisites:
Basic knowledge of MITRE ATT&CK, virtualization (VMs), and security operations. Familiarity with command line is helpful but not required.

Detailed workshop outline:

  • 0:00 – 0:10 | Intro & Setup
    • Workshop goals & flow
    • What threat emulation is and isn’t
    • Quick poll: who's used CTI or emulation before?
  • 0:10 – 0:30 | Threat Actor Trend Spotting
    • Live demo: VirusTotal, ANY.RUN, MalwareBazaar, Exploit DB
    • Walkthrough: extracting TTPs from recent campaigns
    • Map findings to MITRE ATT&CK
  • 0:30 – 1:00 | Emulation Plan Creation
    • Pick one real-world actor or TTP set
    • Convert into test steps using Atomic Red Team / CALDERA
    • Discuss where this fits in the kill chain or MITRE framework
  • 1:00 – 1:30 | Safe Emulation Execution
    • Demo: running 1–2 techniques in a virtual lab
    • Operational safety reminders (e.g., NEVER on prod)
    • Viewing logs/artifacts (ELK/Splunk/shell)
  • 1:30 – 2:00 | Analysis & Application
    • Review what happened: Did we detect? Where are the gaps?
    • Discuss improving detection rules or hardening controls
    • Share-back: what will you take back to your org?

Access Everywhere.


Join Adversary Village Discord Server.

Join Adversary Village official Discord server to connect with our amazing community of adversary simulation experts and offensive security researchers!