Wietze ,
Wietze has been hacking around with computers for years. Originally from the Netherlands, he currently works as a Lead Threat Detection & Response Engineer in London. As a cyber security enthusiast and threat researcher, he has presented his findings on topics including attacker emulation, PowerShell obfuscation, DLL Hijacking and command-line shenanigans at a variety of security conferences. By sharing his research, publishing related tools and his involvement in the open-source projects such as LOLBAS, HijackLibs and ArgFuscator, he aims to give back to the community he learnt so much from.
Talk: Trust me, I'm a Shortcut - new LNK abuse methods
Talks will be streamed on YouTube and Twitch for free.
Windows shortcut (.LNK) files have remained a popular attack vector over several decades, yet their underlying format is still largely archaic and remains the "gift that keeps on giving" by presenting new opportunities for abuse, even in 2026.
If you believe minor bypasses like adding spaces to an LNK's target (CVE-2025-9491) are the limit of LNK exploitation, this session will change your mind.
We will show previously undocumented LNK techniques that actually allow for more deceptive payload delivery/command execution. We will look at why these new techniques 'work', compare them to existing LNK tricks, and discuss the implications for defenders.
The research methodology behind these new findings, which involved black-box testing of Microsoft's LNK implementation, will be discussed during this session; demonstrating how adopting the "hacker's mindset" helped uncover these LNK tricks.
Next to this, this session will introduce an open-source tool designed to assist security professionals, red teams, and researchers in generating and experimenting with advanced LNK payloads. This tool aims to enhance the ability to simulate and defend against shortcut-based attacks, thereby improving Windows endpoint security.