Talk Schedule

Type: Intermediate–Advanced Focus: Adversary emulation, detection engineering, IR workflows Style: Fast, offensive-defensive, “learn by attacking and defending”

Cloud platforms like Amazon Web Services (AWS) are foundational to many critical infrastructures and enterprise applications, making them prime targets for attackers. In this session, we will not only explore the most relevant attack vectors cybercriminals use to compromise AWS infrastructures but will also simulate these attacks using known threat actor techniques in an adversary emulation context. From initial access to hardcore persistence, this talk will provide a comprehensive look at how attackers operate in AWS environments.

We will take a technical journey through the tactics, techniques, and procedures (TTPs) employed by attackers at every stage of the threat lifecycle, aligned with the MITRE ATT&CK framework. We’ll start by reviewing common methods of initial access, such as exploiting exposed credentials or vulnerabilities in services like IAM, Lambda, and EC2. From there, we’ll detail how attackers escalate privileges, move laterally, and evade detection from tools like CloudTrail.

The session will conclude with an in-depth look at advanced persistence techniques in AWS, including the manipulation of IAM policies, backdooring Lambda functions or Docker containers, and tampering with logs. Along the way, we’ll demonstrate how security teams can implement defensive and detection strategies to mitigate these risks. By leveraging AWS-native services and third-party tools, attendees will learn how to enhance their incident response capabilities.

This hands-on workshop will give attendees practical, technical insights into AWS security, adversary behavior, and how to better defend against sophisticated, persistent attacks. A full hands-on experience, this presentation ensures deep technical immersion.

Requirements: Participants should have the following ready before the training: AWS CLI installed Terraform installed GitHub account for cloning lab repos Knowledge of AWS Security Fundamentals

An email with detailed setup instructions will be sent beforehand. Provided Material: Github Repository with the solution to the workshops

Final Notes This training is designed for security engineers, SOC analysts, incident responders, and anyone who wants to truly understand AWS security through hands-on work. By the end of the session, you’ll have a deep understanding on how real attack and defense techniques work in AWS, being able to understand the hardening requirements, replicate attacks, generate detection use cases, and execute forensic techniques.

AI agents represent a fundamental shift for security practitioners. They can automate tedious workflows, act as a co-pilot while you build custom tooling that was previously out of reach, and - when integrated into a well-designed system - serve as an intelligent analyst alongside you.

This workshop shows you all three. You'll learn to direct AI agents effectively, then apply those skills to customize and use a complete threat hunting system that combines deterministic processing with AI-assisted analysis.

What You'll Build A working threat hunting pipeline:

• Endpoint telemetry via Sysmon - process creation, network connections, file operations
• Network telemetry via Zeek - connection logs, DNS queries, HTTP traffic
• A deterministic receptor that harmonizes both sources, correlates events using four-tuple matching, and ranks suspicious activity using DuckDB
• Agent integration where an agent assists with investigation, pattern analysis, and detection refinement

The deterministic layer does the heavy lifting. The agent provides contextual analysis on what surfaces. You make the final call.

What You'll Learn Beyond the system itself, you'll learn the practices that make agent collaboration effective: - Structuring projects so agents understand your environment, optimize outputs, and retain "memory" - Integrating systems that ensure you not only become effective at delivering results, but ensure you continue learning while working with agents ("anti-brainrot systems") - Context management + intuition - learn how to optimize your interaction with agents - Learn how to extend agent capabilities, when MCPs are the right call, when they are not - Agentic coding best practices - staying on top of what's being built, not outsourcing your thinking - Building reusable skills for repeatable security workflows - Hooks and guardrails for safe, automated agent operation

Who Should Attend Threat hunters, detection engineers, SOC analysts, and security practitioners who want to integrate AI agents into their workflow - whether for building tools, automating analysis, or hunting threats.

Requirements - Laptop with terminal access - Model access - I will be using Claude Code, but the course is agnostic - you can use any model to provide inference.

Red teaming and penetration testing are core practices of the cyber security audit landscape. Both of these practices rely on the ability to execute offensive software tools that are normally detected as malicious by antivirus software. To achieve the execution of these tools on systems where antivirus software are installed, operators rely on several techniques to evade detection. In practice, detection evasion is, too often, ill-informed guesswork. A better methodology for evasion would allow for more efficient, and therefore more affordable campaigns thus contributing to more cyberresilient organisations.

This presentation will discuss some of my ongoing Ph.D. research into methodologies for deducing information about detection capabilities present in antivirus software solutions. I propose a black-box approach based on software probes, mutations and the logical implications of their detection to identify antivirus capabilities. Correct identification of these capabilities would allow evasion techniques to be applied intently and minimally, reducing chances of unexpected detections and decreasing time spent on evading antivirus software.

This talk covers a big Security Operation Center (SOC)’s journey through maturing our detection engineering practice by implementing detection as code (DaC) principles.

What we will cover: 1. Our starting point (where a lot of SOCs are): no DaC, manually modifying rules in a SIEM; 2. What is DaC and why it’s a game-changer for detection engineers; 3. Why we chose Sigma as the backbone of our DaC practice; 4. Our gradual transition to DaC 5. A real case study of how Sigma + DaC made changing SIEM so much easier.

Intended audience: people who create or manage detection rules in a SOC, people who want to increase the quality and stability of the rules you maintain and people who are interested in how DevOps principles can be applied to security operations.

Security Operation Centers (SOCs) are used by companies to defend themselves against cyber-attacks. These SOCs monitor logs collected from the enterprise network such as process activity, authentication events and netflow, to identify attacks or compromises. These security teams must navigate numerous alerts generated from a wide range of security controls using both rules and Machine Learning (ML) to identify malicious activity. This is even more so the case in large-scale SOCs, or for companies offering Managed Detection and Response (MDR).

This talk showcases a multi-step approach used in a modern large-scale managed SOC that manages thousands of enterprise networks, demonstrating how it can successfully identify a real infostealer attack through multiple layers of filtering and processing. Through a two-week period containing 9.7 trillion event logs, the presented approach combines alert deduplication, individual rule-based and ML based detectors, alert suppression, and a supervised ML based alert prioritization model to dramatically reduce the noise, so that security analysts can pinpoint the infostealer activity.

Windows shortcut (.LNK) files have remained a popular attack vector over several decades, yet their underlying format is still largely archaic and remains the "gift that keeps on giving" by presenting new opportunities for abuse, even in 2026.

If you believe minor bypasses like adding spaces to an LNK's target (CVE-2025-9491) are the limit of LNK exploitation, this session will change your mind.

We will show previously undocumented LNK techniques that actually allow for more deceptive payload delivery/command execution. We will look at why these new techniques 'work', compare them to existing LNK tricks, and discuss the implications for defenders.

The research methodology behind these new findings, which involved black-box testing of Microsoft's LNK implementation, will be discussed during this session; demonstrating how adopting the "hacker's mindset" helped uncover these LNK tricks.

Next to this, this session will introduce an open-source tool designed to assist security professionals, red teams, and researchers in generating and experimenting with advanced LNK payloads. This tool aims to enhance the ability to simulate and defend against shortcut-based attacks, thereby improving Windows endpoint security.

Internet shutdowns are often described as a single action — “turning the Internet off.” In practice, they are the result of carefully orchestrated, multi-layered technical controls applied across national infrastructure. Building on my previous talk at BSides, which introduced the fundamental mechanisms of Internet censorship and shutdowns, this session presents a deeper and more comprehensive technical analysis of the 2026 Internet blackout in Iran.

This talk treats large-scale censorship not as a political phenomenon, but as a network engineering and security operation. We examine who has the technical authority to execute shutdowns, how different censorship techniques are layered and coordinated, and when specific tactics are selectively deployed to maximize impact while maintaining internal network functionality.

The analysis spans multiple layers of the stack. At the routing level, we examine BGP route withdrawals, path manipulation, and international transit isolation. At the access and transport layers, we analyze ISP-level service suppression, mobile network data blackouts, and traffic throttling. At the protocol and application layers, we explore deep packet inspection (DPI), protocol fingerprinting, encrypted traffic degradation, and selective blocking of VPNs, QUIC, and TLS-based services.

Special attention is given to the role of national intranet architectures, which allow domestic services to remain reachable while international connectivity collapses, creating the illusion of partial availability. The session also addresses the technical limits of alternative access methods, including satellite Internet, and why such technologies are not a universal solution under state-scale controls.

Using timelines, traffic behavior, and protocol-level indicators, the talk demonstrates that modern Internet shutdowns are graduated, adaptive, and measurable rather than binary events. Attendees will learn how these techniques manifest on the wire, how they can be detected from inside and outside the affected region, and why many common circumvention strategies fail under coordinated, nation-state enforcement.

This presentation is intended for security professionals, network engineers, and researchers interested in Internet resilience, censorship measurement, and large-scale network interference, offering a technically grounded continuation of prior research and real-world observations.

GitHub gives attackers something they love: a place where identity, automation, and production changes meet. Once they’re in, the path from “read access” to “shipping malicious code” can be disturbingly short.

In this talk, we walk through realistic attack paths into GitHub organizations, starting with initial access techniques like device-code phishing and the abuse of trusted GitHub Apps (including the GitHub CLI). From there, we explore how different credential types enable access long-lived Personal Access Tokens that often persist on developer machines, and short-lived automation credentials like GITHUB_TOKEN that can still leak through logs, artifacts, or misconfigured workflows and then be leveraged to move laterally or expand privileges.

We highlight tactics we’ve developed and researched post-initial access: how you can abuse sensitive workflows, exploit approval and review dynamics, and find paths around policy guardrails like “protected” pipelines and code-signing rulesets. We’ll also discuss tradeoffs attackers make to reduce forensic visibility and delay detection in environments where GitHub’s native telemetry is limited.

We close with practical defender takeaways: detection strategies and response playbooks focused on the signals that matter and how to improve monitoring coverage in the places GitHub is hardest to observe.

Attendees will leave with a shared framework that’s useful on both sides of the table. Defenders will get a checklist for reducing risk across identities, tokens, integrations, and Actions workflows plus concrete ideas for building higher-signal detection and response in places where visibility is lacking. Red teams will gain a realistic map of where GitHub controls tend to break down in practice, along with a set of hypotheses to test during assessments that go beyond “find a secret in a repo.” The goal is to walk out with sharper intuition for how small weaknesses chain into meaningful impact, and practical ways to either validate that risk (red teams) or eliminate it (blue teams) without grinding delivery to a halt.

Security researchers push the boundaries of what’s possible. (Nation-state) threat actors push the boundaries of what’s exploitable. In many cases, threat actors adopt public research for their operations, but there are also many examples where threat actors use novel techniques to compromise cloud environments before researchers publish their findings.

In this talk, a cloud security researcher and a threat intelligence analyst team up to explore how cutting-edge cloud attack research is rapidly weaponized by espionage threat groups. We’ll walk through real-world examples where newly published techniques – intended to educate defenders – were adopted and operationalized by nation-state actors targeting cloud environments. The focus of the talk will be on Entra ID and Microsoft 365 attacks, exploring both the technical mechanics behind the tools and techniques, why threat actors are interested in utilizing them and real-world example of research adoption. Examples of techniques cover include device code phishing, authorization code phishing (ConsentFix) and the adoption of open source security tools.

This session highlights how attack paths that may seem highly theoretical at first glance can pose a significant and immediate threat to organizations operating in the cloud. What starts as a proof-of-concept in a blog can quickly become a part of a threat actor’s playbook.

In March of 2025, the Model Evaluation & Threat Research (METR) group introduced AI task time horizons as a method for measuring the length of tasks that models can autonomously complete coherently. They demonstrated rapid growth in capabilities across frontier systems: effectively showing a doubling every \~7 months. While this framework has primarily been applied to general software and knowledge work, its implications for adversarial domains remain largely unexplored.

In this talk, I present work I've done with Sean Peters and Jack Payne, extending METR’s methodology to offensive cybersecurity workflows, alongside a complementary human baseline study to ground and interpret model performance.

Motivated by the desire to better understand offensive model capabilities, we assembled realistic multi-step offensive task sequences by leveraging a suite of industry standard benchmarks. Both human participants and frontier models were evaluated across increasing task lengths to quantify sustained autonomy, coherence, and failure modes.

Initial results indicate that AI task horizons in offensive cyber are already meaningful and extending rapidly. In several domains, models can chain complex tool-driven actions resembling early-stage intrusion playbooks rather than isolated exploitation steps. The human study provides critical context, highlighting where models approach or diverge from human performance as task length increases.

The talk will cover the experimental design, empirical findings, and key limitations, emphasizing how horizon-based evaluation combined with human grounding surfaces trends that may not be observable by standalone, static benchmarks.

Finally, this work is positioned as exploratory research. It raises questions about whether similar horizon trends appear in defensive workflows: how could we measure defensive task horizons, and what methods would allow meaningful comparisons to offensive performance? If the trend does not replicate in defense, what interventions, tooling, or policy changes could help close the gap? This framing invites further investigation and provides a roadmap for research and practitioner engagement in understanding and mitigating offense–defense asymmetries under AI automation.

Abstract: Traditional defensive measures alone are proving insufficient against determined adversaries. This talk introduces a systematic approach to implementing effective deception solutions by using BloodHound's OpenGraph framework to map and deploy deceptive attack paths across AD and third-party enterprise technologies.

This talk moves beyond basic honeypots and canary tokens. This presentation demonstrates how to build discoverable deceptions that actually entice attackers. We'll explore how understanding existing attack paths in your environment is crucial to creating believable deceptions that adversaries will naturally encounter and attempt to exploit.

Key Topics Covered: - Attack Path-Driven Deception Design: Using attack path analysis to identify optimal deception placement points and create realistic adversary scenarios - OpenGraph for Deception Mapping: Extending beyond Active Directory to model deceptive attack paths across Git repositories, configuration management systems, and cloud services - Practical Implementation Examples: Live demonstrations including AD CS deception using Certiception, repo-based deceptions with GitHound, infrastructure deceptions through AnsibleHound and SCCMHound

We can't trust the images and videos we see online anymore. Recent generative AI improvements support the creation and modification of convincing digital media in quasi real time. We live in an era where these fakes are routinely shared online to influence public opinion, even by elected officials themselves!

Fortunately, technologies exist to embed cryptographic signatures and watermarks in these digital assets, proving their origin. The C2PA specification is being adopted by many technology providers, camera manufacturers, and news media organizations. Major deployments have started in 2025 and will accelerate in 2026.

In high-risk contexts (conflict zones, protests, corruption reporting) creators might be reluctant to share certified images and videos for fear of retribution. Is there a way to reconcile the need for authenticated assets and the privacy of their creators? The answer is yes!

In this talk, we'll explore cryptographic options to provide privacy to those who capture and share digital assets, enabling anonymous yet verifiable content. We'll present an open-source prototype that augments the C2PA specification by using blind signatures and zero-knowledge proofs to hide the signer's identity. These technologies offer the best of both worlds: enabling the public, reporters, and whistleblowers to share sensitive authentic digital media with strong privacy protections, which would increase trust in our content ecosystems.

When you think of hacking browsers, you perhaps think of V8 heap exploitation, deep-dive fuzzing, crazy sandbox escapes, and so on. But what if I told you that you can still find vulnerabilities in major browsers that don’t require any technical knowledge? Bugs you can even run into by accident!

In this talk, I’ll take you through my journey of how I “accidentally“ found a vulnerability in Google Chrome. And how that led me to find 2 more vulnerabilities in Chrome as well as 2 vulnerabilities in Mozilla Firefox and many more bugs in other products.

So if you’re keen to find out how I could, with minimal user-interaction, steal your private GitHub repositories, then this talk is for you!

Have you ever wondered how to run code inside a different process? Or, for that matter, why you would WANT to run code in another process?

I originally entered the security world writing cheats for Windows games - Starcraft, Warcraft II, and similar late-90s games. The tools are functionally lost to the ages, but the techniques I used have served me for years: not only can you use process injection to cheat at video games, it's useful for so much more: adding, changing, bypassing, or even calling code in a foreign process can help with fuzzing, reverse engineering, malware detection, and so much more!

But for a technique so commonly used, there isn't really a "standard" way to do it, especially on Linux!

One day, I read a blog discussing how hard it was to do on Linux. I thought, "that can't be right, it's easy on Windows!" and set out to prove them wrong. Days later, I had accidentally written a debugger and learned way, way too much about the ptrace API and /proc filesystem!

In this talk, I'll demonstrate the tooling I built and why it might be more useful than you might think to do this yourself!

En 1865, Jules Verne envoie des hommes sur la Lune depuis la Floride. En 1969, Apollo 11 décolle de Cap Canaveral. En 1984, William Gibson décrit le cyberespace comme une "hallucination consensuelle". Quarante ans plus tard, nous y vivons. La science-fiction n'est pas une prédiction — c'est un laboratoire d'idées où le futur se prototype avant d'exister.

Cette conférence propose un voyage entre imaginaire et innovation, entre les pages des romans d'hier et les laboratoires d'aujourd'hui.

Dans un premier temps, nous revisiterons quelques anticipations célèbres : les tablettes tactiles de Star Trek, les oreillettes de Fahrenheit 451, la vidéosurveillance de 1984, les voitures autonomes de Total Recall.

Puis nous plongerons dans des innovations moins médiatisées mais plus disruptives. Que pouvons-nous puiser dans la Science-Fiction pour deviner ce que notre futur proche nous réserve avec les découvertes actuelles : IA générative, calcul quantique.

Enfin, nous explorerons un territoire encore plus radical : l'informatique biomoléculaire. Des chercheurs travaillent aujourd'hui sur des systèmes de calcul qui se nourrissent de sucre et de lumière. Stockage de données dans des molécules, calcul biologique, interfaces vivantes — nous sommes à l'aube d'une révolution dont peu de gens mesurent l'ampleur. Là encore, que nous raconte les grandes imaginations sur ces sujets en devenir ?

Pour conclure, nous combinerons ces briques pour imaginer des scénarios possibles. Certains existent déjà dans la littérature de science-fiction. D'autres restent à écrire. Vous repartirez j'espère avec l'envie d'identifier les futurs souhaitables et ceux que nous voulons éviter.

Car penser le futur n'est pas un luxe intellectuel. C'est une responsabilité. En tant que technologues, chercheurs, hackers, citoyens, nous avons le pouvoir d'orienter la trajectoire. La science-fiction d'hier est la science d'aujourd'hui. La science-fiction d'aujourd'hui sera le monde de nos enfants.

Le futur ne se prédit pas. Il se choisit.

This presentation will focus on AnsibleHound, a collector that adds Ansible WorX and Ansible Tower attack paths to BloodHound. Additionally, we will conduct a thorough exploration of Ansible exploitation and abuse through attack path management. This will enable both attackers and defenders to identify hybrid attack paths.

Our presentation will provide you with three key takeaways:

1. Discovery and offensive knowledge for Ansible exploitation
2. Integrate Ansible in the identity surface using AnsibleHound
3. Hybrid attack paths exploitation between Active Directory, Ansible and Github

For years, we wrote the defensive manuals. We built the "Living Off The Pipeline" (LOTP) inventory and released poutine to help you find the vulns. We even spoke at NorthSec about the theoretical risks of Build Pipeline compromise.

We have bad news: The Threat Actors were "in the room" taking notes.

In early 2025, we found the "smoking gun." A Threat Actor on BreachForums laid out the full attack plan for a 0-day compromise of a major Open Source project, giving a direct shout-out to our poutine scanner and LOTP research as the source. Our defensive work has become their offensive playbook.

In this talk, we stop playing defense.

Introducing SmokedMeat: The "Metasploit for CI/CD."

Our research team has a saying: 2025's Build Pipelines look like the average 2005 PHP Web App in terms of secure coding. They are wide open to "pwn requests" and command injections that lead to secrets exfiltration or privilege escalation via overprivileged tokens. SmokedMeat is the first Open Source Red Team framework designed to commoditize these compromises, demonstrating exactly what happens when a Threat Actor turns your infrastructure against you.

We will demonstrate a full exploitation chain: pivoting from unprivileged anonymous access on public repositories to private repository and intellectual property theft, the "gone in 60 seconds" jump from a workflow runner directly to permanent Cloud Admin, and the ability to escape ephemeral job contexts to implant permanent backdoors on your build infrastructure.

The era of "awareness" is over. This talk is a live demonstration of why your current CI/CD security strategy is already obsolete.

This talk will expand on concepts explored in my NSEC 2025 talk "Stolen Laptops : A brief overview of modern physical access attacks"

We will deep-dive into the subject of Direct Memory Access attacks against modern windows operating systems, exploring together some of the primary countermeasures employed to protect computers from physical attackers.

Notably, we will discuss the implementation and interaction of various defensive technology at the physical, firmware, and operating system layers.

This includes things like UEFI security, hardware whitelisting, firmware DMA protection and virtualization features (VT-d, VT-x, AMD-Vi), and their interaction with critical OS layer protection mechanisms including Virtualization-Based Security (VBS) and Kernel DMA Protection. We will discuss techniques used by attackers to neutralize or bypass these mechanisms to enable a DMA attack against Windows 11.

The talk culminates with an in-depth presentation of a novel tool I developed called DMAReaper. The tool allows attackers with physical access to Disable Kernel DMA Protection via a pre-boot DMA attack even when a system has all modern protection mechanisms enforced.

We will discuss the research that supported the tool's creation and the precise operations being performed against system RAM in order to locate and destroy the DMAR ACPI table required for Kernel DMA Protection to function. This talk includes a multiple video demonstrations of the tool being used to compromise a modern workstation running Windows 11.

5G networks are being opened up at every layer and attackers are paying attention. On the radio interface, we assess what operators actually deploy: is encryption enabled? Is integrity protection enforced on signaling and user plane? Are null ciphers still accepted? How well is the network isolated from external access? These fundamentals still fail more often than you'd think.

The 5G core runs on cloud-native REST-based architectures where a single misconfigured network function can expose subscriber data or provide persistence into critical infrastructure. We demonstrate this live using our open-source 5GC API Pentest Burp Suite extension automating NF discovery, IMSI enumeration, credential extraction, and API fuzzing against a 5G core. OpenRAN disaggregates the radio access network into open interfaces between O-RU, O-DU, O-CU, and the RIC - creating attack surfaces that didn't exist in monolithic base stations. And now CAMARA, the industry initiative exposing network capabilities through standardized APIs, gives third parties access to device location, SIM swap, and number verification, with security models still maturing.

This talk walks through real assessments and attacks at each layer from verifying radio protections to exploiting core APIs and examining how some endpoints could enable surveillance and fraud.