Our workshops run from 9 to 5 on the Friday before the main event. Tickets are free for anyone who has a main event ticket. If you don’t have a main event ticket, and pick up a workshop ticket, it will be cancelled, we will also be checking on the day, so please don’t make a wasted trip if all you get is a workshop ticket.
Also, please look at the timings of the sessions and don’t take overlapping tickets. We have very limited numbers due to the size of the rooms, so grabbing a ticket for everything so you can decide later will get all your tickets cancelled. Only take tickets for sessions which you can physically get to.
This is our schedule, you can click here to see an easier to read version.
9 - 1 (4 Hours) - PG
Container Security and Hacking with Docker and Kubernetes - PG
Rory McCune / Iain Smart
This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We’ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems.
There will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters.
Prerequisites – Familiarity with basic Docker commands and Linux command line use will be helpful, but we’ll provide step-by-step instructions for people who are less familiar with them.
A laptop with a web browser that does not have strict filtering in place (e.g. no white-list only corporate proxies).
2 - 5 (3 Hours) - PG
From Pods to Policies: Practical Threat Detection in Container Environments - 18
Nishaanth Guna
In this hands-on workshop, we dive into the unique security challenges of containerised environments and how to detect threats effectively at the container and host level. We’ll explore common attack paths and misconfigurations in containerised infrastructure—like privilege escalation/breakout attempts, unauthorized access to resources and misuse of container runtimes—and how these differ from traditional host-based threats.
You’ll learn how to practically detect malicious activity tailored to containers, using audit policies, custom Sigma rules or by leveraging existing Falco rules. We’ll walk through real-world examples and discuss how to interpret alerts in the context of container operations.
By the end of this session, you’ll understand:
* Why investigations in containerized systems require a different mindset and approach
* How to incorporate these practices into your existing detection and response workflow
* The key security issues and attack vectors in containerized environments
* How to write and tune detections for some of the container-specific activity
This workshop is ideal for SOC analysts, detection engineers, and security practitioners who want to enhance their visibility and response capabilities in container-first infrastructures.
9 - 11 (2 Hours) - PG
U-ART, U-Boot, U-Pwn: Dumping IoT Firmware the Hard Way
Lewis Patten
Most IoT devices are more talkative than their manufacturers intended. In this workshop, you’ll learn how to identify and connect to UART debug ports, leverage U-Boot’s built-in capabilities to dump firmware from flash memory, and reverse engineer the extracted binaries to understand what’s running under the hood. We’ll work through the full pipeline, from identifying UART pins on PCBs, to analyzing ELF binaries in Ghidra. Suitable for beginners with some comfort at a Linux command line, and familiarity with C.
11 - 1 (2 Hours) - PG
Sim-Adversary - Training the Red Team Mindset
David Viola
Join Prism infosec’s Head of Red Team on a workshop in which he will explain the role, responsibilities and skills needed to be a red team manager.
Together, we’ll play through a red team scenario, making decisions about our attack path based on the threat intelligence pack we are working with. We’ll examine the attack path, discuss the thought processes behind our decisions and the likely conversations we need to have with clients and regulators.
2 - 5 (3 Hours) - PG
Realism by Design: Building Cyber Exercises People Can't Game
@cybersecurity
Most CTFs and training labs fail at one crucial thing: realism. Finding a perfectly placed flag.txt on an isolated Apache server doesn’t prepare anyone for the chaotic, noisy reality of a live enterprise breach. And when exercises feel artificial, participants learn to game the environment – following breadcrumbs and spotting challenge logic – instead of thinking like real attackers or defenders.
This workshop is about designing cyber exercises that fix that. We’ll break down what separates a genuinely useful exercise from a forgettable one: how to build network environments that feel authentic without unnecessary complexity, how to use narrative and realistic background noise to create pressure and context, how to calibrate difficulty and pacing so participants build skills rather than hit walls, and how to close the gaps that let people “game” a scenario instead of solving it.
Then you’ll put it into practice. Working in small teams as exercise architects, you’ll use a live cyber range platform to design, build, and deploy a short scenario from a real brief. The session ends with teams playtesting each other’s work and critiquing what makes an exercise effective.
Whether you design training for a SOC team, run CTFs for your community, or teach security in a classroom, you’ll leave with a repeatable framework for building immersive exercises that actually develop the skills they claim to.
Bring a laptop with a browser. No prior cyber range experience needed.