Workshops

You are here: Home » The Event » Workshops

Here are our workshop speakers who have confirmed so far. There are a small number left to confirm, once we have everyone we will release the schedule.

Using a Free Threat Modelling Tool to Ensure Secure Configuration From the Start (3 hours)

Andrea Jones

This workshop will give you the chance to learn how to develop custom templates for Microsoft’s free Threat Modelling Tool, including all the sources of information you can draw on and how to link to common frameworks such as NIST and ISO27001. By the end of the session you should be able to produce useful reports and will understand more about how the tool works.

A brief introduction to locksport (3 hours)

James Williams

Ever wanted to learn how to pick locks? This is the workshop for you! We will cover the theory and practice of picking locks, introduce locksport as a hobby and cover some other methods for non destructive entry that the red teamers among us may find interesting. By the end of this workshop you’ll be able to disassemble and rebuild a lock, understand the core concepts of picking, open a few locks and understand some of the common non-destructive entry techniques used by locksmiths and red team operators. Basic tools will be provided, or feel free to bring your own.

From Pods to Policies: Practical Threat Detection in Container Environments (3 hours)

Cliff Martin/Nishaanth Guna

In this hands-on workshop, we dive into the unique security challenges of containerised environments and how to detect threats effectively at the container and host level. We’ll explore common attack paths and misconfigurations in containerised infrastructure—like privilege escalation/breakout attempts, unauthorised access to resources and misuse of container runtimes—and how these differ from traditional host-based threats.

You’ll learn how to write practical detection rules tailored to containers, using audit policies, custom Sigma rules or by leveraging existing Falco rules, to spot suspicious behaviour in real-time. We’ll walk through real-world examples and discuss how to interpret alerts in the context of container operations.

By the end of this session, you’ll understand:

  • Why investigations in containerized systems require a different mindset and approach
  • How to incorporate these practices into your existing detection and response workflow
  • The key security issues and attack vectors in containerized environments
  • How to write and tune detections for some of the container-specific activity

This workshop is ideal for SOC analysts, detection engineers, and security practitioners who want to enhance their visibility and response capabilities in container-first infrastructures.

Playing with Pipelines (3 hours)

Iain Smart

This hands-on security workshop delves into the growing threat landscape of CI/CD exploitation and supply chain compromises. Participants will explore how attackers target modern software delivery pipelines, gaining practical experience identifying vulnerabilities in build systems, dependency management tools, and artefact repositories, instructed by people who have been attacking CI for close to a decade.
Through guided lab exercises, attendees will execute attacks against vulnerable CI/CD environments, including credential theft from build logs, pipeline configuration manipulation, and dependency substitution attacks, as well as discussing where Pipeline shenanigans interact with traditional infrastructure penetration testing. We’ll also discuss more involved supply-chain attacks and the evolving protections to defend against these.

Coding Burp Extensions (2 hours)

Paul Johnston

Burp has a powerful extension API to augment its core functionality. In this workshop we will look at a number of lab sites that have particular behaviour that makes them challenging to test using Burp. We will code extensions that allow Burp to work around the tricky behaviours and enable effective testing. This is a hands on workshop and you will need a laptop with Java, IntelliJ and Burp installed. Burp Community is sufficient for most of the labs, but Burp Professional is required for some. Some experience using Burp and some Java programming experience is beneficial.

Intro to .NET Exploitation (4 hours)

Sina (@SinSinology)

  • Topics:
  • Reversing .NET targets
  • Introduction to .NET vulnerabilities
  • Basics of deserialization exploits in .NET

Requirements:

  • Windows VM (don’t use an ARM machine)
  • Basic knowledge of c# or any .net based languages
  • Basic of any reverse engineering is a must (x86, etc)

Do You Wanna Build a Think Tank? (4 hours)

James Bore

Think tanks are reliable, trustworthy, staffed by experts, and put out good research to support their policy campaigns.

Right?

Some are. Most, aren’t. In this workshop you’ll contribute to building a think tank, from scratch, around a policy goal. Along with producing a website and ‘research’ papers to support the goal, we’ll create a press release, and you’ll come to understand just how much flim-flam goes on behind the scenes at fake tanks.

Requirements: Laptop

Using PowerShell to Explore Windows (4 hours)

Guy Leech

Learn how to explore Windows systems using PowerShell.

Using a Free Threat Modelling Tool to Ensure Secure Configuration From the Start (3 hours)

Andrea Jones

This workshop will give you the chance to learn how to develop custom templates for Microsoft’s free Threat Modelling Tool, including all the sources of information you can draw on and how to link to common frameworks such as NIST and ISO27001. By the end of the session you should be able to produce useful reports and will understand more about how the tool works.