Purple teaming is more than just running attacks; it’s about creating a collaborative, measurable process that strengthens defenses in real time. In this hands-on session, participants will learn how to plan, execute, and track purple team engagements using the free community edition of VECTR. This workshop will cover designing attack scenarios aligned to the MITRE ATT&CK framework; coordinating between offensive testers and defensive analysts; capturing detection, prevention, and incident response data; and using VECTR to document findings, measure control coverage, and create reports with quantifiable metrics. Whether you’re red, blue, or somewhere in between, this session will give you practical skills to run point on purple team exercises and translate attack simulation results into actionable security improvements. Participants will leave with a step-by-step methodology they can immediately apply in their own environments.

We are no longer standing at the edge of the future. We are living inside it. Artificial intelligence, machine learning, and autonomous systems are reshaping power, labor, warfare, and identity. In a hyperconnected world where algorithms move faster than governments and data defines influence, humanity faces a defining question. Do we remain passive users of technology, or do we become active participants in our own evolution? Humanity 2.0 explores human augmentation as a path to maintaining sovereignty and relevance in an era increasingly dominated by intelligent machines. From implanted microchips and bio integrated security systems to brain computer interfaces and cognitive enhancement, this talk examines the convergence of biology and technology not as science fiction, but as an emerging reality. But augmentation without governance becomes vulnerability. As we integrate technology deeper into the human condition, a new frontier of risk emerges. Neural privacy. When thoughts, biometrics, and cognitive patterns become data streams, who owns the mind? Who secures it? What happens when the last domain of human sovereignty, the brain, becomes hackable? Drawing from lived experience at the intersection of cybersecurity, transhumanism, and digital ethics, Len Noe challenges audiences to rethink security beyond networks and endpoints. The next perimeter is the human nervous system.

Common Security Gaps in SMBs is a practical, real-world talk that breaks down the most common weaknesses small and mid-sized businesses struggle with, and why attackers love them. We’ll cover the “usual suspects” like weak identity and access controls, poor patching, misconfigured cloud services, insecure remote access, flat networks, lack of monitoring/logging, and missing backups/incident plans.
The goal is to give leaders and technical teams a clear checklist of what to fix first, quick wins that reduce risk fast, and how to build a simple security baseline without enterprise budgets.

The objective of the workshop is to provide hands-on activity in an integrated IT and OT scenario. Participants will have access to real scenario components and artifacts to perform adversary simulation exercises using TTPs associated with specific threat groups. Throughout the activities, we will correlate the techniques employed with the events observed in the environment.

Each exercise will represent a phase in the exploration of the scenario. At each stage, we will explain the vulnerabilities exploited, demonstrate how the attack unfolds, and map the actions to the MITRE ATT&CK framework.

This hands-on exercise will teach you INFORM, MITRE’s threat-informed defense maturity model. We will quickly learn about INFORM and then dive into a short table-top exercise applying INFROM to a mock organization.
Participants will leave the exercise ready to conduct their own INFORM assessments and build a roadmap to mature their organization’s threat-informed defense.

Nine scenarios. Limited time. Familiar controls. Wrong choices cost you. This is not about solving the problem. It’s about deciding what actually matters - before or during it. You’ll be given real-world situations across identity, access, devices, data, privacy, and AI. Each one represents a failure point - something that looks normal until it isn’t. The question is simple: What do you fix, and where does it actually make a difference? A lot of options will look right. Not all of them are.
You’ll see 9 scenarios laid out. Each one describes a real failure. You’ll have a set of controls in front of you.
Your job is to:
● pick what actually prevents or limits the damage
● assign it to the scenario
● and move forward
Some scenarios need one control. Some need a combination. Some are designed to make the obvious answer look right when it isn’t. You’ll see immediately what holds up and what doesn’t. You can adjust as you go, but the clock is working against you.

This is a hands-on event where you will get a chance to work through the full Threat Emulation lifecycle. Pick from a chosen set of threat actors to research, develop an emulation plan from actionable Threat Intelligence, and then kick off your emulation in a Domain ripe for your exploitation.

Based on a live APT28 campaign reported in March 2026, this workshop reconstructs the full BadPaw/MeowMeow kill chain - from PNG steganography loader to multi-channel exfiltration - first through manual lab simulation, then as a continuous adversarial emulation campaign in SCYTHE. Participants leave with a repeatable validation methodology and concrete detection gap findings.

- Understand APT28's BadPaw/MeowMeow attack chain across 9 phases
- Reproduce post-compromise techniques in a controlled lab environment
- Map observed behaviors to MITRE ATT&CK with accurate TTP tagging
- Translate a manual lab exercise into a repeatable SCYTHE threat profile
- Read and act on a SCYTHE ATT&CK Coverage Report to remediate detection gaps