Our workshops run from 9 to 5 on the Friday before the main event. Tickets are free for anyone who has a main event ticket. If you don’t have a main event ticket, and pick up a workshop ticket, it will be cancelled, we will also be checking on the day, so please don’t make a wasted trip if all you get is a workshop ticket.
Also, please look at the timings of the sessions and don’t take overlapping tickets. We have very limited numbers due to the size of the rooms, so grabbing a ticket for everything so you can decide later will get all your tickets cancelled. Only take tickets for sessions which you can physically get to.
This is our schedule, you can click here to see an easier to read version, or you can download it here
2 - 5 (3 Hours) - PG
Using a Free Threat Modelling Tool to Ensure Secure Configuration From the Start
Andrea Jones
This workshop will give you the chance to learn how to develop custom templates for Microsoft’s free Threat Modelling Tool, including all the sources of information you can draw on and how to link to common frameworks such as NIST and ISO27001. By the end of the session you should be able to produce useful reports and will understand more about how the tool works.
2 - 5 (3 Hours) - PG
A brief introduction to locksport
James Williams
Ever wanted to learn how to pick locks? This is the workshop for you! We will cover the theory and practice of picking locks, introduce locksport as a hobby and cover some other methods for non destructive entry that the red teamers among us may find interesting. By the end of this workshop you’ll be able to disassemble and rebuild a lock, understand the core concepts of picking, open a few locks and understand some of the common non-destructive entry techniques used by locksmiths and red team operators. Basic tools will be provided, or feel free to bring your own.
2 - 5 (3 Hours) - 18
From Pods to Policies: Practical Threat Detection in Container Environments
Cliff Martin/Nishaanth Guna
In this hands-on workshop, we dive into the unique security challenges of containerised environments and how to detect threats effectively at the container and host level. We’ll explore common attack paths and misconfigurations in containerised infrastructure—like privilege escalation/breakout attempts, unauthorized access to resources and misuse of container runtimes—and how these differ from traditional host-based threats.
You’ll learn how to write practical detection rules tailored to containers, using audit policies, custom Sigma rules or by leveraging existing Falco rules, to spot suspicious behaviour in real-time. We’ll walk through real-world examples and discuss how to interpret alerts in the context of container operations.
By the end of this session, you’ll understand:
• Why investigations in containerized systems require a different mindset and approach
• How to incorporate these practices into your existing detection and response workflow
• The key security issues and attack vectors in containerized environments
• How to write and tune detections for some of the container-specific activity
This workshop is ideal for SOC analysts, detection engineers, and security practitioners who want to enhance their visibility and response capabilities in container-first infrastructures.
2 - 5 (3 Hours) - PG
Playing with Pipelines
Iain Smart
This hands-on security workshop delves into the growing threat landscape of CI/CD exploitation and supply chain compromises. Participants will explore how attackers target modern software delivery pipelines, gaining practical experience identifying vulnerabilities in build systems, dependency management tools, and artifact repositories, instructed by people who have been attacking CI for close to a decade.
Through guided lab exercises, attendees will execute attacks against vulnerable CI/CD environments, including credential theft from build logs, pipeline configuration manipulation, and dependency substitution attacks, as well as discussing where Pipeline shenanigans interact with traditional infrastructure penetration testing. We’ll also discuss more involved supply-chain attacks and the evolving protections to defend against these.
11 - 1 (2 Hours) - PG
Coding Burp Extensions
Paul Johnston
Burp has a powerful extension API to augment its core functionality. In this workshop we will look at a number of lab sites that have particular behaviour that makes them challenging to test using Burp. We will code extensions that allow Burp to work around the tricky behaviours and enable effective testing. This is a hands on workshop and you will need a laptop with Java, IntelliJ and Burp installed. Burp Community is sufficient for most of the labs, but Burp Professional is required for some. Some experience using Burp and some Java programming experience is beneficial.
9 - 1 (4 Hours) - PG
Intro to .NET Exploitation
Sina (@SinSinology)
Topics:
Reversing .NET targets
Introduction to .NET vulnerabilities
basics of deserialization exploits in .NET
Requirements:
Windows VM (don’t use an ARM machine)
Basic knowledge of c# or any .net based languages
Basic of any reverse engineering is a must (x86, etc)
9 - 11 (2 Hours) - 15
Reverse Engineering Windows Kernel-Mode Drivers
Michael Rowley
This hands-on workshop explores the nuanced world of Windows kernel-mode drivers and how they can be exploited on modern systems. Designed for security researchers, analysts, developers, or just curious people in general!
If you’re taking part in the hands-on part of this workshop, you’ll need to bring a laptop with Ghidra installed. The hands-on examples do assume basic knowledge of reverse engineering/assembly, but anybody is welcome to come along regardless of background/experience!
9 - 1 (4 Hours) - PG
Using PowerShell to Explore Windows
Guy Leech
Learn how to explore Windows systems using PowerShell
9 - 1 (4 Hours) - PG
Do You Wanna Build a Think Tank?
James Bore
“Think tanks are reliable, trustworthy, staffed by experts, and put out good research to support their policy campaigns.
Right?
Some are. Most, aren’t. In this workshop you’ll contribute to building a think tank, from scratch, around a policy goal. Along with producing a website and ‘research’ papers to support the goal, we’ll create a press release, and you’ll come to understand just how much flim-flam goes on behind the scenes at fake tanks.
Requirements: Laptop”