An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.













NEWS | March 1, 2024

AvengerCon VIII – Army Cyber’s homegrown hacker con returns

By Steven Stover 780th Military Intelligence Brigade (Cyber)

AvengerCon VIII is an annual computer security conference hosted by the 780th Military Intelligence Brigade (Cyber) to benefit the hackers of the U.S. Cyber Command and the Department of Defense and took place at the Georgia Cyber Innovation & Training Center, February 28 and 29.

This year’s event was hosted in partnership with the Army Cyber Institute, the Army Cyber Command Technology and Innovation Center (ArCTIC), and the Cyber Infusion Innovation Center.

“AvengerCon is a computer security conference hosted by members of the 780th Military Intelligence Brigade,” said Capt. Jake Heybey, a 17C, cyberspace operations officer with the 780th MI Brigade (Cyber), and one of the lead organizers for AvengerCon VIII. “It has stuff like presentations, three tracks of speakers, we host training workshops, and we also run small village activities for attendees to participate in.”

Heybey said the event is important for three reasons.

“One is outreach. The Georgia Cyber Innovation & Training Center is a perfect example of what we’re looking for in terms of getting elements from the federal government, state governments, academia, and private industry to all be in one space and learn from and influence each another.”

The second reason is building a culture within the DoD. A big part of why we started AvengerCon was trying to get junior service members and Civilians within our units to reach out and experience the broader culture represented by larger conferences, like Black Hat or DefCon,” added Heybey. “We wanted AvengerCon to be kind of a stepping stone. If you wanted to experience or participate in that broader culture, AvengerCon can be your first and that friendly venue to start.”

And third, it’s really important to us that AvengerCon is an all-volunteer event,” said Heybey. “It’s always been a grassroots driven event and that contributes to the unit’s culture and really binds the various units together, and while we have volunteers mostly from the 780th Brigade, we also have volunteers from across Army Cyber Command, and even some from other services.”

Day one of AvengerCon was chock-full of workshops including: an introduction to module writing for the Flipper Zero; a hands-on Python programming workshop presented by Army Maj. Brent Stone, Cyber Solutions Development Detachment, U.S. Army Cyber Command (CSD-ARCYBER); an Introduction to Rootkit Development by Clark Wood, Boston Cybernetics Institute; Threat Hunting with Security Onion by Bryant Treacle, Security Onion Solutions; Introduction to Symbolic Execution by Jeremy Blackthorne, Boston Cybernetics Institute; a hands-on workshop where the participants learned GitLab CI/CD concepts and how to write effective pipelines; and Recorded Future invited attendees to participate in an exclusive Capture-the-Flag (CTF) event tailored specifically for their Department of Defense, U.S. Intelligence Community, and Federal partners.

Day two began with a talk from Col. Stephen Hamilton, Technical Director of the Army Cyber Institute, who discussed the confluence of “Leadership and Technology.”

Hamilton recalled being told by a general officer “you don’t have to be technical to be a good leader. True, that’s true. This is the viewpoint of the Army – leadership’s important; technical abilities, if you have them, kind of cool.”

However, to make his point when talking about the Army cyber branch, Hamilton used a quote from Capt. Benjamin Allison, currently a research scientist at West Point, “An officer cannot assume risk, if they cannot understand the risk.

His argument was to strengthen your leadership and technical abilities.

Following Hamilton’s remarks, the AvengerCon VIII keynote speaker was Army Col. Matthew Vea. Vea has worked at the National Security Agency supporting the nation’s intelligence requirements with cyber in both civilian and military capacities, and talked about the origins of Army Cyber.

Vea talked about the current stark divide between the senior folks, who he calls ‘staffers’ and the junior folks, who are the ‘doers.’ He mentioned that it might be a “strange way” to start a keynote; however, the resources to fix that gap were present at AvengerCon, both the seniors and the juniors.

The senior folks were the one originally called upon by General Ray Odierno to develop and grow the cyber branch, and while they were not necessarily the ones with the right backgrounds and made mistakes, they should be recognized for getting the force where it is today.

“To really maximize the potential of our branch, we basically have to take our heads out of the sand and acknowledge the gorilla in the room,” said Vea. “The message here isn’t that we’re a terrible branch, like I said earlier, we can’t grow and move forward unless we’re honest with ourselves about the mistakes that we made.”

“The advantage right now, though, is at least the O-5, O-6 tier groups (lieutenant colonels, colonels) are a gap point. Whereas before we’re talking about folks who have never done any of this before, the current generation has been at least CMT or NMT leads (Combat Mission Team / National Mission Team); been a mission commander at least, been with you while you conducted missions,” Vea explained they are the bridge to where the branch is going to. “My challenge for you is presence. Get away from your desks, get away from the staff (folks), and spend time with the ‘doers’. You need to understand the stress operators have, working an eight-to-12-hour op (operations), requiring absolute perfection to avoid creating an international incident, day after day after day. While also thinking I was supposed to be home at four to pick up the kids from school and if I’m in a SCIF (sensitive compartmented information facility) I can’t call them to let them know to walk home. Once you can articulate these challenges on your own without asking someone to tell me what to say then you can use your rank to push back on the really bad good idea faeries.”

Vea said the second fix is for the ‘doers’. He said a lieutenant pretty much summarized your fix when she said “We need all the old guys to retire so we can replace them.”

“She wasn’t wrong, but you’ll never have the leaders you want if you don’t stay in the Army,” explained Vea. “Basically, in about ten more years, there won’t be any excuse for any of these leadership, senior positions to be filled by someone else, never been an operator, never been an analyst, or never been an developer. Do the math, a second lieutenant operator in 2015, that first round, by 2033, (Soldier) should be an 0-6. Same with the NCO side. (Soldier) should be a sergeant major, a command sergeant major.”

“My challenge again to the doers. Don’t quit the Army,” reemphasized Vea.

The third fix, Vea explained, is on the Army Reserve support side of Cyber.

“There’s already a lot of operators, analysts, (developers) in the Reserves, but none of us are aligned with missions that actually support those training certifications” said Vea, and he’s made the decision to stay in the Army Reserves to try and address that.

Following the key note address, the rest of day two provided attendees with options to attend one of three presentation tracks taking place throughout the day, and a panel discussion focused on the recent innovations and mass proliferation of AI-driven tools, including large language models (LLMs) such as OpenAI’s ChatGPT, and other generative AI systems capable of creating or modifying text, audio, image, and video content.

The panel – Kevin Dwyer, VP of Engineering at Black Cape; Maj. Ian Garrett, U.S. Army Reserve and CEO/co-founder of Phalanx; and Dr. Ravi Starzl, Adjunct Professor at Carnegie Mellon University, hosted by 1st Lt. Adrian Naaktegeboren, U.S. Army Cyber Protection Brigade – explored topics including the current state of these tools, their current and potential uses supporting cybersecurity applications and U.S. government cyberspace operations, limitations and security flaws of these systems including prompt injection, and the potential consequences of this technology for the world's larger information environment.

Army Maj. Skyler Onken, a 17C, is an Individual Mobilization Augmentee (IMA) Soldier with the 780th Military Intelligence Brigade (Cyber). IMAs are part of the Select Reserve and are an integral part of our modern-day force. Onken was one of the original organizers of AvengerCon.

“AvengerCon started as an idea years ago (in 2015 at an overcrowded Johnny Rockets)… The brigade was sending a number of people out to Las Vegas for DefCon and Black Hat. I was really fortunate to go,” said Onken. “One day, I was sitting the with Steve Rogacki, another member of the brigade, we were discussing how it would be super valuable for the entirety of the force to get exposed to this hacker culture, hacker community, and how, obviously, it wasn’t feasible to fly everyone out to Vegas – so what if we did something of our own where we used the opportunity for the public sector to come in and interact with the military, especially within cyber and bring that hacker culture to Soldiers, many of whom join the Army interested in cyber, but haven’t really been exposed to the hacker culture and that’s where we came up with the idea.”

The very first event was very small in scope, just under a hundred people, added Onken, and was named AvengerCon because A Company, 781st MI Battalion (Cyber) was nicknamed the Avengers, and it originally included only Soldiers and Civilians from the Avengers.

“After (the first) AvengerCon, we decided that it would be more beneficial for people if it was more inclusive, so we decided to go away from having a classified environment to just a purely unclassified environment where we could bring in more people and that would encourage more participation as well as bring in those industry people that we kind of always wanted to involve,” said Onken. “So, in year two we did (the event) at McGill Training Center (Fort George G. Meade, Maryland)… we brought in a car hacking village, an IOT hacking village, we got the same people that do the lock-picking village at DefCon (The Open Organisation Of Lockpickers, or TOOOL), the population grew, we made invitations for people outside the unit to make it as joint as possible.”

According to Onken, over the years AvengerCon has continued to evolve. Outgrowing McGill, and was, until recently, held at the MISI DreamPort facility in Columbia, Md. This year marks the first time the event has been held outside the state where the 780th MI Brigade is headquartered, and marks new partnerships and sponsors in Augusta, Ga., the home of U.S. Army Cyber Command, and where two of the brigade’s battalions – the 782d MI Battalion (Cyber), and 11th Cyber Battalion reside – as well as our sister unit, the Cyber Protection Brigade, the Cyber Center of Excellence, and U.S. Army Cyber School.

This year’s event also introduced the first ever electronic badge for AvengerCon called the “8-8-8 badge.” This conference badge doubled as a scavenger hunt to encourage participants to see all the conference has to offer. Participants either could collect codes and light up the LEDs, or hack the badge and bypass the contest altogether.

Returning AvengerCon volunteer, Army Capt. Richard Shmel, Army Cyber Institute, personally developed and made more than 300 electronic badges for this year’s event.

“Recruiting the next generation of volunteers has always been critical for ensuring the longevity of AvengerCon,” said Army Maj. Neil Milchak, one of the lead AvengerCon VIII organizers. “With the move of AvengerCon to Georgia this year, we were especially reliant on finding a cadre of supporters in the Fort Eisenhower area. We were blessed to find a host of talented and motivated Soldiers and Civilians from the 782d MI BN, 11th Cyber BN, and others from the greater ARCYBER community to lead and help. I’m excited to see how these new contributors will drive the future of AvengerCon!”

“Everywhere and Always...In the Fight!”