BSidesAugusta 2025

BSidesAugusta 2025

Dark Capabilities: When Tech Companies Become Threat Actors
2025-10-25 , Track 1 - Plug N Play

For decades, tech companies have been stuck on the defensive, absorbing blow after blow from state and state-enabled threat actors while their governments prove unable or unwilling to protect them.

This talk challenges that status quo and asks: how can companies legally and decisively fight back? To be clear, this isn’t a rehashed “hack back” debate. Instead, we apply the military concept of Effects Based Operations (EBO) to explore the spectrum of outcomes companies can impose, individually or in concert with allies, on their adversaries.
By adopting an effects-based mindset, companies can create real consequences at scale where governments will not or cannot act. Possible effects include disrupting threat infrastructure, denying access to products and services, degrading adversary systems, shaping public opinion, destroying hardware or software, corrupting or altering data, and collecting actionable intelligence.

The conversation becomes even more compelling when we consider what happens if EBO becomes normalized inside large corporate security teams: scaling operations beyond isolated proof-of-concept actions, building playbooks of legally reviewed options, operating across multiple domains (physical, digital, and cognitive), and coordinating collective actions where companies and organizations pool authorities and capabilities to magnify impact.

Greg Conti is a hacker, maker, and computer scientist. He is Principal at Kopidion, a cyber security training and professional services firm. Greg is a long-time Defcon, Black Hat, and infosec community speaker and trainer. Formerly he served on the West Point faculty for 16 years where he led their cybersecurity research and education programs, and has published approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg is a graduate of West Point, Johns Hopkins, and Georgia Tech.

Tom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.