Adversarial Thinking: The Art of Dangerous Ideas - Greg Conti & Tom Cross - DCTLV2026

Name of Training: Adversarial Thinking: The Art of Dangerous Ideas
Trainer(s): Greg Conti & Tom Cross
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm 
Venue: Las Vegas Convention Center
Cost: $2,500 (USD)

Short Summary:

Adversarial thinking is a hacker superpower, and it can be learned. In this fun and engaging course, you’ll develop practical adversarial thinking skills to spot flaws in systems, anticipate adversary behavior, make better risk decisions, build more secure products, and shift fluidly into an attacker’s mindset.

Course Description:

Hackers have a unique way of seeing the world, especially the technological artifacts within it. Where most people see systems as their designers intended, hackers see systems as they truly are, revealing hidden behaviors, unintended uses, and overlooked weaknesses. For centuries, military and intelligence strategists have pursued the same perspective, seeking advantage by understanding how systems and adversaries actually behave rather than how they are assumed to behave. This course immerses you in that way of seeing, pushing past surface-level understanding to expose how real attackers find leverage in complex systems.

This fun, fast-moving, and unique course is a mix of guided discussion, practical exercises, thought experiments, role-playing, and hands-on activities designed to fundamentally change how you see systems and adversaries. You’ll enhance your adversary mindset through hands-on activities like cheating on a test (with prizes!), insider-threat role play, and security challenges such as lock picking, while also uncovering how subtle dependencies and hidden assumptions create exploitable vulnerabilities. You’ll wargame foreign intelligence targeting, deception, and crowd-sourced adversaries, and learn how standards, abstractions, and mental models conceal vulnerabilities attackers exploit every day. Drawing on both hacker culture and military thinking, the course deliberately helps you explore how products, processes, and people are attacked, manipulated, or turned against their creators. You leave with a transformed adversarial mindset and practical techniques you can immediately apply to real-world systems. Come join us!

Course Outline:

DAY 1

Course Introduction – Establishes course goals, expectations, and frames adversarial thinking as an essential and learnable skill rather than a something only a rare few can possess.

Lock Picking and Physical Security – Introduces adversarial thinking through hands-on exploration of lock picking and a presentation on physical security controls, assumptions, and real-world failure modes.

Survey of Adversarial Relationships – Surveys different types of adversarial relationships across technical, social, and organizational contexts to build a shared mental model.

Introduction to Adversarial Thinking – Introduces the foundational concepts, language, and mental models that define adversarial thinking and attacker perspectives.

Adversarial Relationships: Culture vs Counterculture – Explores the origins of the hacker community, how culture, norms, and countercultures shape adversary behavior and create opportunities for both playful hacks and malicious exploitation.

Case Study: HUMINT and Travel – Uses real-world human intelligence and travel scenarios to examine targeting, tradecraft, and defenses.

Reverse Engineering a Company – Teaches students how adversaries analyze organizations to identify structure, incentives, vulnerabilities, dependencies, and points of leverage.

Probing a Company – Explore how adversaries could commit fraud against a notional company. Teams of students develop strategies despite limited resources and a time constraint. Follow-up discussion addresses countermeasures that would frustrate their strategies.

Day 1 Wrap-up and Homework – Synthesize Day 1 material and prepares students for their homework assignment: come up with one or more cheating strategies for the cheating test on Day 2.

DAY 2

Day 2 Introduction – Reorient students to key concepts from Day 1 and frames the second day’s focus on decision-making, deception, and complex adversarial dynamics.

Kobayashi Maru – Students take a test in a proctored environment. To pass the test, they must cheat. If they don’t cheat or get caught cheating they fail the exam. We award prizes for the most innovative strategies, based on a class vote. 

Deception – Examine deception as a core adversarial tool, including how it is constructed, sustained, detected, and countered.

Malware and Adversary Intent – Explore how malware reflects adversary intent, tradecraft, and objectives beyond purely technical indicators. We’ll reverse engineer a simple malware sample as a group exercise. 

Beginner Mind – Introduce techniques for disrupting fixed mental models and approaching adversarial problems with fresh perspective and curiosity. We include an in-depth, real-world, example of how attackers used the difference between the RFC and the actual implementation to find an exploitable vulnerability.

Dangerous Assumptions – Identify common assumptions defenders make and shows how adversaries exploit them to gain leverage. We’ll also show that many a bad day in cybersecurity comes from a flawed assumption.

Case Study: Crowdsourced Adversaries – Examine how large, loosely coordinated groups act as adversaries, using real-world examples to explore scale, motivation, and emergent behavior.

Global Thermonuclear War – This module title is a nod to the movie War Games. Here we discuss the ultimate adversarial environment, war, and how companies can prepare for conflict in an increasingly unstable world. We’ll draw on lessons learned by companies in Ukraine/Russia and Middle East conflicts to present an actionable way to track conflicts that may impact their businesses and be prepared.

Course Wrap-up, Final Exam and Feedback – Consolidate key takeaways, connect concepts across both days, and gather student feedback. 

Difficulty Level:

Beginner to Intermediate

Beginner Definition - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired.

Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Suggested Prerequisites:

No formal prerequisites are required. This course is appropriate for motivated beginners as well as mid-career practitioners in information security and adjacent disciplines who regularly face adversaries or competitive threats. Participants often include security practitioners, engineers, software developers, AI trust and safety professionals, and managers who lead or support technical teams.

While the course uses technical examples, it is not a tool-centric or code-heavy class. Those primarily seeking deep instruction in programming, exploit development, or specific security tools may find the focus less aligned with their goals.

What Students Should Bring:

A devious and cunning mind, or the desire to acquire one :)

What the Trainer Will Provide:

All course materials, exercises, and contest prizes.

Trainer(s) Bio:

Greg Conti is a hacker, maker, and computer scientist. He is a ten-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught hacking and information security techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial, non-profit, and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm. 

Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute. 

Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).
 
Tom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently the Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, and on Mastodon as https://ioc.exchange/@decius. 

Proficiency Exam Option:

This course has the option for a proficiency certificate add-on. If you choose the proficiency add-on, you will complete a written exam that evaluates your understanding of the course content. You must score at least 70% to pass.

Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.