WWHF @ Mile High 2025

"A Hacker's Guide to Mindfulness" aims to explore the intersection of mindfulness practices and the hacker mindset. Hacker’s are already uniquely trained to question assumptions and just “see what happens”; this is the core curiosity needed to unlock the cheat codes in life via various mindfulness practices.  This workshop will give attendees an introduction to a large amount of mindfulness practices relating them to things most of us do every day in our infosec jobs. We won't just talk about these techniques, we will go through these exercises so the attendees can do them at least once together and have a solid starting point to expand their practice after the workshop.

Workshop topics:
* Core Programming: Understanding how our beliefs were programmed into us at an early age and what we can and should do about that.
* Limiting Beliefs: Identifying and overcoming limiting beliefs that hinder personal and professional growth.
* Brules (Bullshit Rules): Examining and challenging societal and industry norms that may be limiting or outdated.
* Meditation: Exploring different meditation practices and their benefits for mental clarity, stress reduction, and improved focus.
* Breathwork: Techniques for using breathwork to manage stress, increase energy levels, and enhance mindfulness.
* Burnout: Strategies for preventing and recovering from burnout in the fast-paced world of hacking and programming.
* Distraction: Techniques for minimizing distractions and increasing productivity in coding and problem-solving tasks.
* Life Purpose: exploring who am I?, where am I going? and a different approach to goal setting
* Spiritual DevOps: Applying principles of DevOps to spiritual growth, including continuous improvement and collaboration.

Dive into the dynamic world of Open Source Intelligence (OSINT) with this two-hour workshop designed to give you a tantalizing taste of practical online investigations and threat hunting. Led by a seasoned professional, this immersive session offers a condensed yet impactful introduction to essential OSINT techniques.  Experience the power of hands-on learning as you engage in live demonstrations, exploring key concepts such as operational security (OpSec), search engine queries, username and phone number lookups, social media reconnaissance, breached records analysis, government data exploration, network reconnaissance, historical records, and essential documentation, all within the span of this engaging workshop. Through interactive exercises and guided discussions, participants will gain a glimpse into the world of OSINT.  Join us for this brief yet immersive journey into the realm of online investigations and threat hunting, and take your first step towards mastering the art of OSINT.

Social engineering is, in 2024, one of the most successful methods of breaching organizations. In this workshop we are taking a  “defense through offense” approach to illuminating the principles and techniques adversaries use to trick humans into helping them achieve their goals.  By thinking like the attackers we can be better prepared to handle these situations.  This is a hands-on workshop requiring interaction with other humans to work through various scenarios. Come prepared to socialize!

Vishing—using phone calls as an attack vector—remains an effective and often underestimated form of social engineering. In this hands-on workshop, Jason Downey, a Penetration Tester for Red Siege, will walk you through how attackers conduct reconnaissance, build convincing pre-texts, and execute successful vishing scenarios. With its low risk and high reward, vishing is a technique both penetration testers and defenders need to understand. This workshop isn’t just for red teamers—defenders will gain valuable insights into processes and strategies that can help prevent and detect vishing attacks. The session concludes with an interactive AI-powered Vishing CTF, where you’ll have the chance to practice and refine your skills in a fun, realistic environment.

Your organization’s recent red teaming exercise revealed critical gaps in detecting advanced attacks, which bypassed the out-of-the-box detections. Your Azure environment proved to be containing several misconfigurations, which led to a comprehensive breach.

In this workshop we will explain several common misconfigurations that can lead to a severe compromise. We'll provide access to an environment which has some of these misconfigurations applied. You will simulate a successful device code phishing attempt after which you will collect data with AzureHound which data we will use to find possible attack paths. We will teach you how to find some of these misconfigurations and how to detect or remediate them.

The lab will have 1 challenge in there that will award a prize to the first to successfully exploit it.

Requirements:
Non corporate laptop with internet access
Docker installed, ideally with a working BloodHound installation.