c0c0n 2021
Adversary Village

Kristopher Willis

Principal Security Engineer, Prelude Research, Inc.

Kristopher WillisKristopher Willis is a Principal Cyber Security Researcher at Prelude. Kris has both his Masters in Computer Security Fundamentals, CSE and Bachelors in Information Studies from the University of South Florida. During his time at the University of South Florida, Kris played numerous capture the flag (CTF) competitions and was a 2-term President of Whitehatters Computer Security Club (WCSC). Kris has since gone on to professionally compete, organize, and create challenges for CTFs. Professionally, Kris has experience within Academia, DoD contracting (both small and large), and within the DOE National Lab space. Kris was a technical lead on AFRL BlackBadge program which facilitated DARPA Cyber Grand Challenge (CGC). Kris was also a technical lead on ACT and ACT2 programs delivering operationally ready offensive cyber tools. Kris’s primarily technical background is in software vulnerability research, automated program analysis, program synthesis, and offensive cyber tool development.

Workshop: Introduction to Adversary Emulation with Prelude Operator

The modern cybersecurity landscape is an escalating arms race between attackers and defenders - attackers are constantly researching and building new techniques and tools while defenders try to identify, detect, and respond to them. Using automation tools that emulate attacker methodologies, defenders can perform simple, repeatable attacks to drive their detection engineering efforts, security validation tasks, and ultimately improve processes. This entry level class will take students through the basics of setting up and using Operator to perform basic adversary emulation tasks and investigate how that can be used to create a continuous defensive evaluation process.

Core Topics/Course Content:

Basics of offensive infrastructure and command and control (C2) tools
Basics of threat modeling and parsing Cyber Threat Intelligence (CTI)
How to use Operator to construct and launch basic adversaries
Basics of planning cyber exercises (Plan, Brief, Execute, Debrief - PBED cycle)
How to build a continuous defensive evaluation/improvement process


Computer/Laptop (Windows, Linux, macOS)
Basic knowledge of using a Shell environment (Powershell, Bash, etc)


Computer/Laptop (Windows, Linux, macOS) - need Administrator privileges
Recommend Ubuntu 20.04/Kali 2021+, Windows 10+, macOS 11.6+
[Optional]: AWS free tier account (provisioning redirectors and test servers)

Who should attend:

Students/individuals interested in general cybersecurity topics
Blue team/defenders (tools, techniques, processes)
Red team/purple team (tools, techniques, processes)
Management looking for process improvement methodologies

What to expect:

Hands-on labs based around the core content
Actually using a C2 framework, building basic adversary profiles, and running them against systems

What not to expect:

Death by powerpoint slides
Extreme technical on any topic in particular