Schedule
| Time | Track 1 | Track 2 | Workshop |
|---|---|---|---|
| 9:30-10:00 | Arrivals and check-in at The Tavern | ||
| 10:00-10:10 | Welcome - Committee | ||
| 10:10-10:55 | Keynote: Secure Delivery Over Untrusted Networks - Holly Grace Williams | ||
| 11:00-11:25 | Opsec Lessons from Ukraine - Vic Harkness | Supply Chain Attacks: You Can’t Depend on Anyone - Zoheb Ainapore | Backdoors and Breaches |
| 11:30-11:55 | Patriotism for Hire: An OSINT Investigation - Peter Neve | Accessible Security for 1.3 Billion Disabled People - Aliyu G. Yisa | Backdoors and Breaches |
| 12:00-12:25 | The misinformation economy - Aidan Lynch | Backdoors and Breaches | |
| 12:30-13:20 | Lunch - The Tavern | ||
| 13:20-13:45 | Unlocked and Leaked - Darren McDonald & Craig Blackie | Ocean data is existentially important! How we're working towards security strategies for Marine Autonomous Science - Owain Jones | AI in Security Operations: From Hype to Hands-On - Jymit Singh |
| 13:50-14:15 | Custom built NFC/RFID blinky hexagon - Bryan Watkins von Schuh | ||
| 14:20-15:15 | When Blue Team Tools Become Red - Michael Mullen | Beacon Butty & Raspberry Pi: A Meal Deal for C2 Detection - Dave Marsh | |
| 15:15-15:30 | Break | ||
| 15:30-15:55 | Threat Modelling OpenSource - Kyverno and the Kubernetes Kraken - Tom Cope | The metrics that lied to leadership - Luigi Ritacca | Backdoors and breaches |
| 16:00-16:25 | From Prompt to Payload: Defending Al-Driven Tools in Adversarial Setting - Shubham Mishra | Phishing Education is Broken: Training Humans to Spot Attacks That Actually Work - Endurance Imasuen | Backdoors and breaches |
| 16:30-17:00 | Resilience Is Not a PDF: Proving Recovery Before the Incident - Richard Dosumu | Backdoors and breaches | |
| 17:05-17:30 | Closing remarks | ||
| 17:30-??:?? | Drinks! Bar Tab sponsored by Interrupt Labs - The Dice Tower | ||
-
Hardening Distributed Edge Systems for Secure Package Delivery Over Untrusted Networks
This talk will cover lessons learned from securing latency-sensitive edge platforms operating over untrusted networks; with a focus on command integrity and reliable task execution in contested environments.
We'll cover building the system, from the ground up with threat modelling considerations and practical mitigations against interception, spoofing, and system disruption.
The talk walks through building operator-controlled systems that maintain trust, enforce intent, and ensures deliveries arrived exactly where they're meant to. -
TW: This talk is about an active warzone, and will contain discussions of serious injury and death.
When you hear the sirens, what do you do? Run for the nearest air-raid shelter that you’ve previously located? Hide in the bathroom? Down your pint because there’s no point in dying sober? Opsec as a humanitarian volunteer in Ukraine very much depends upon your personal risk appetite. In this talk I will discuss what I have learned during my time in Ukraine, discuss the factors that go into the opsec decision making process, and give my opinion on what actually matters.
-
Modern applications depend on a growing web of open-source packages, build tools, CI/CD systems, SaaS integrations, and cloud services. That dependency chain creates a wide attack surface and if one trusted component is compromised, the impact can reach far beyond the original target.
In this talk, we’ll break down real-world supply chain attacks, including compromised npm packages, CI/CD takeovers, SaaS breaches, and cloud credential theft. We’ll look at how attackers turn trusted components into entry points, what the blast radius looks like in practice, and why these incidents are so effective.
Through practical examples, we’ll explore how these attacks work, what impact they have in real environments, and how to defend against them with actionable, developer-friendly controls. Attendees will leave with a clearer mental model of supply chain risk and concrete steps to reduce it. -
An OSINT investigation into the people behind the flags that appeared on lamposts around the country over the last year. This is a 101 introduction into setting up sock accounts and protecting your identity for OSINT and HUMINT investigations, and what I found when investigating these groups.
-
Over 1.3 billion people worldwide live with a disability. That is 16% of the global population. These people face the same cyber threats as everyone else, but the security controls, training, and tools designed to protect them often exclude them entirely. In some cases, they even face more threats than non-disabled people. From password managers to authentication systems, security tools and security awareness, barriers exist that harm the security of people and organisations. On the other hand, assistive technologies also need to be protected from cyber attacks.
-
A quick and non-technical dive into the world of online misinformation operations and the Freakonomics that encourage them. From Government funded election interference to online clout chasing, misinformation now makes up a substantial portion of the online ecosystem and its negative impact are spilling over into the real world in more and more dramatic ways.
-
Modern Dell systems claim a locked BIOS protects against physical attackers, password screen, Secure Boot enforcement, IOMMU-protected DMA, signed firmware updates. We'll show two reasons it doesn't. First: disabling preboot DMA protection by flipping a single NVRAM byte; the BIOS setup screen still cheerfully reports DMA enabled. Second: a bug that lets us pull BIOS passwords out in cleartext. Both attacks reduce to read-modify-write of the SPI flash with a SOIC clip and a cheap programmer. The talk covers the bugs, the tooling, and what it means for deployed Dell hardware.
You may see this referenced as CVE-2026-40639.
-
The National Oceanography Centre hosts the largest collection of Autonomous Underwater Vehicles (AUVs) in Europe. The data these gather is invaluable to some really high-impact science, from coast to deep ocean.
Their Information Security is key, but thinking "nobody is going to hack the scientists!" often leaves it forgotten or de-prioritised.
This talk will introduce you to Boaty, the current state of infosec in our niche of maritime robotics for environmental science, our vision for keeping the scientific data supply chain trustworthy, and the first steps we’ve been taking towards it. -
AI in Security Operations: From Hype to Hands-On
The security industry is drowning in AI promises. This workshop cuts through the noise. Drawing on real-world experience building AI-assisted security operations at scale, this hands-on session gives practitioners a grounded, no-hype introduction to where AI actually moves the needle in a SOC, and where it introduces new risk if deployed carelessly. Participants will work through practitioner-focused use cases: threat detection engineering, alert triage, incident response acceleration, and log analysis. Labs are built around Anthropic's Claude Model Context Protocol, and their Agent Skills and Subagents curriculum, giving attendees direct, transferable experience with tooling they can use from day one.
The session covers not just capability, but responsibility: how to architect AI pipelines that are auditable and controlled, the evidence integrity challenges AI introduces to security workflows, the real threat of prompt injection in analyst pipelines, and how to design human-in-the-loop systems that don't collapse under operational pressure. Attendees will leave with reusable patterns, a critical framework for evaluating AI security tooling, and hands-on exposure to techniques they can apply in their own environments immediately — no prior AI experience required.
-
Showing off a custom-built implant, maybe bringing along a musical actuator, who knows
-
This talk explores a growing pattern: attackers increasingly re-purpose defensive tools such as backup, monitoring, and incident-response software defenders deploy. We’ll break down real world examples such as using Veeam infrastructure for data staging/exfiltration preparation, leveraging network monitoring platforms for reconnaissance and persistence, then connecting these to wider industry trends like full memory capture for lsass dumping workflows and the malicious use of DFIR/endpoint tooling (e.g., Velociraptor). Attendees will leave with practical detection ideas, architectural hardening guidance, and a threat-model for the defensive stack itself.
-
C2 attacks are rising — and most home and small-business networks have essentially zero chance of detecting one. How did we get here, and what can we actually do about it? Beacon Butty is a Raspberry Pi-powered detection stack that can identify C2 beacons on your LAN using similar techniques to enterprise SOCs — but is both open-source and inexpensive.
-
We all use open source software every day, but do we take the time to validate the security assumptions made by these projects? In this talk, we will discuss threat modelling processes, why they are important, and how to perform them effectively. We will walk through our Kyverno threat model, discuss discoveries (and CVEs!) made along the way, including how to best secure your Kyverno deployments.
-
Why metrics matter, common pitfalls of security operations metrics. (Mean Vs median, false positive Vs benign positive, and other pitfalls), why many SOC metrics unintentionally distort operational reality, and how measurement changes analyst behaviour, often negatively
the difference between measuring alerts, investigations, and actual security outcomes -
In this talk, we explore the growing security challenge of Al/ML systems that leverage external tools, APIs, or "agentic" components (for example, function-calling, plugins, or orchestrated tool chains). Attackers are evolving tactics to inject malicious instructions, poison tool metadata, or orchestrate cross-tool attacks to subvert seemingly benign pipelines.
I will present real-world scenarios showing how prompt injection, tool poisoning, name collisions, and orchestration abuse can lead to data leakage, privilege escalation, or unintended commands. Throughout, we focus on how and why the attacker is able to manipulate the system, not just that they can. Then, I will propose a layered defense strategy combining input sanitization, approval flows, sandboxing, anomaly detection, and human-in-the-loop checkpoints.
This session is designed for both practitioners and aspiring defenders; you don't need to be an Al researcher to benefit, but we'll go deep enough into technical nuance to give you actionable ideas. You'll leave with a clear mental model of how Al tool chains can be exploited and concrete paths to strengthen them. -
Phishing is still quite effective despite years of security awareness training, revealing a disconnect between people's knowledge and their behavior under duress. The failure of traditional, compliance-driven training to alter actual behavior is examined in this talk. It demonstrates how users react to actual attack scenarios based on experience creating a phishing awareness application. In order to improve decision-making, the session emphasizes behavioral design and experience learning. Attendees will witness how training through experience, rather than teaching, helps create more self-assured, security-aware people through a live simulation demonstration.
-
The CrowdStrike outage showed how one trusted supplier can disrupt critical services globally. Advanced’s ransomware incident affected NHS 111, while the British Library’s cyber-attack caused a long and painful recovery. The lesson is clear: resilience is not a PDF, and recovery plans only matter if they survive reality. This talk shows how security teams can map critical services, expose hidden dependencies, test severe-but-plausible scenarios safely, and build evidence that recovery actually works before an incident, auditor, customer, or regulator asks the uncomfortable question.