You are here: Home » The Event » Workshops


All workshops are on Friday 12th July. You must have a valid conference ticket as well as a ticket for the workshop you want to attend to be allowed in. We will be checking when you buy tickets and on the door.

Location to be confirmed later, but it will be somewhere in Hallam, probably the same area as last year.


  • Your Primer To Mental Health First Aid


  • The PWN Shop Lollipop
  • How to fit threat modelling into fast lifecycles
  • So what do kids do at SteelCon?


  • PowerShell and Offensive WMI
  • WTF is CTI?
  • When USB Devices Attack – Zero to Hero Workshop
  • IPv6 Workshop


  • Attacking websites from the other direction
  • PowerShell and Offensive WMI
  • WTF is CTI?

The PWN Shop Lollipop

Neil Lines and Andy Gill

2 hours

The PWN Shop Lollipop workshop will teach all those attending, offensive arts which replicate the real world (APT) and red teaming, covering modern remote social engineering techniques, think payload creation, mail gateway bypass techniques, weaponized documents (macros, OLE’s + more) and the like. The workshop will be laid-back, fun and easy to follow.

Neil Lines is a security consultant working for Pen Test Partners. Working for over eight years in security and ten in IT based roles. A senior tester who specialises in red teaming, physical and remote social engineering, infrastructure and application testing. Neil regularly performs guest lectures on offensive testing techniques and has spoken and presented workshops at many security conferences.

Sir Andy Gill is a published global author, senior security consultant also working for Pen Test Partners. Working for over six year in IT security. Andy specialises in red teaming, physical and remote social engineering, infrastructure and application testing. He is quickly becoming a regular presenter across security conferences.

IPv6 Workshop

Roxana Kovaci

2 hours

This workshop will include an introduction to IPv6 technology, followed by current security assessment toolset that support IPv6 and concluded with hands-on IPv6 VM challenges for everyone to apply what they’ve learnt.

All candidates must bring their own laptop, capable of both Wi-Fi and Ethernet connections in order to connect to the workshop’s lab network. The laptop should have the ability to run Virtual Machines. A Kali VM will be required as well for attacking the workshop’s lab VMs. The student must have administrative rights over the laptop (and VMs) in order to install any software that may be required.

My first time delivering an official conference workshop, although I have been delivering small workshops, talks and training internally for other colleagues or junior security consultants. I’m an enthusiastic pentester, always eager to improve my current knowledge and develop new skills, specialising in infrastructure hacking.

How to fit threat modelling into fast lifecycles

Irene Michlin

2 hours

The earlier in the lifecycle you pay attention to security, the better are the outcomes. Threat modelling is one of the best techniques for improving the security of your software. It is a structured method for identifying weaknesses on design level. However, people who want to introduce it into their work on existing codebase often face time pressure and very rarely can a company afford “security push”, where all new development stops for a while in order to focus on security. Incremental threat modelling that concentrates on current additions and modifications can be time-boxed to fit the tightest of agile life-cycles and still deliver security benefits. Full disclosure is necessary at this point – threat modelling is not the same as adding tests to the ball of mud codebase and eventually getting decent test coverage. You will not be able to get away with doing just incremental modelling, without tackling the whole picture at some point. But the good news are you will approach this point with more mature skills from getting the practice, and you will get a better overall model with less time spent than if you tried to build it upfront. We will cover the technique of incremental threat modelling, and then the workshop will split into several teams, each one modelling an addition of a new feature to a realistic architecture. The participants will learn how to find the threats relevant to the feature while keeping the activity focused (i.e. not trying to boil an ocean). This session targets mainly developers, qa engineers, and architects, but will be also beneficial for scrum masters and product owners.

This session targets mainly blue teams, as well as software developers, qa engineers, and architects, but will be also beneficial for scrum masters and product owners.

Irene Michlin is a security consultant at IBM. Previously, Irene worked as software engineer, architect, and technical lead. Her professional interests include securing development life-cycles and architectures.

Your Primer To Mental Health First Aid

James Stevenson


The Computer Security industry, just like other tech industries, is falling behind when it comes to adopting mental health first aid principles in the workplace. Understanding how you can support yourself and others when going through mental health experiences is just as important in both your personal and professional lives. From understanding mental health terminology to covering the basics of mental health first aid this workshop will set you off on the right track.

Outcome of The Workshop:

This guided workshop seeks to breakdown some key techniques that can be added to your Mental Health Awareness toolbox. We’ll go through each of these key areas, rising similarities between physical and mental health first aid. After each section we’ll break off into groups to further develop our understanding of the techniques.

  • What is mental health?
  • The spectrum of mental health.
  • What are frames of reference.
  • Making a stress container.
  • The principles of first aid.
  • Tips for signposting.

Who is This Workshop For:

This workshop is for anyone interested in Mental Health Awareness. From people looking to support friends or colleagues, to people with years of experience in dealing with mental health experiences. Come to this workshop if you’re interested in adding a few more tools to your mental health awareness toolbox.

My name’s James and i’m a software engineer at BT Security. I’m also a trained event first aider with the British Red Cross, as well as a trained mental health first aider via Mental Health England. Since picking up these skills I’ve run workshops in workplaces and conferences to help draw out the similarities between mental health and physical first aid.

PowerShell and Offensive WMI

Chris Truncer

2 hours

WMI has been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. Even with the recent surge in WMI use, not everyone knows how to interact with it. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario. Want to read files, perform a directory listing, detect active user accounts, run commands (and receive their output), download/upload files, and do all of the above (plus more) remotely?

The goal for this workshop will be to enable students to walk away with an understanding of how WMI, a service installed and enabled by default since Windows 2000, is utilized by attackers, demystify interacting with the service locally and remotely, and give students the ability to leverage WMI in the same manner as attackers.

Christopher Truncer (@ChrisTruncer) is a red teamer with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Chris began developing toolsets that are not only designed for the offensive community, but can enhance the defensive community’s ability to defend their network as well.


Matthew Haynes

2 hours

CTI (Cyber Threat Intelligence) is deemed by many as nothing more than a marketing buzzword, a role typically given to interns and junior analysts… but there are claims a CTI capability can act as a force multiplier to make SOCs up to 10x more effective, it can help predict the future of Threats, and why do top CTI positions command such high salaries?

This workshop is aimed at those with little to no knowledge of CTI. Whether you’re an entry level SOC analyst or seasoned Malware Reverse Engineer, this workshop aims to introduce the fusion of two practices and offer a glimpse of it’s potential; one that is way beyond a google search and reporting the news. The workshop will be a blended mix of theory and practical, using refined methodologies and vendor tools, so don’t forget to bring your laptop, tuxedo and Martini!

Matthew Haynes (@MrMDHaynes) – CTI Analyst @Freelance

Matt has worked with a wide variety of industries from Finance to Manufacturing, Military and Government. He has created CTI services from green fields to supporting mature global teams to enhance their CTI capability further as well as adjacent teams such as SOC, IR, FOR, MWRE by utilising CTI practices. When the time permits, Matt endeavours to support the community through events such as this, assessing at the Cyber Security Challenge UK or writing for

When USB Devices Attack – Zero to Hero Workshop

Tim Wilkes and Nick Simpson

2 hours

USB devices have been with us now for over 20 years. They have posed a security risk to organizations, which is not always as understood as well as it could be. This workshop will look at USB devices and how they work, including practical exercises in making your own USB keyboard perform tasks on your behalf.

Participants will require a laptop with a USB port (USB C will require an adapter to USB A). The workshop assumes zero prior knowledge of programming, but a background in C or Powershell would be useful.

Tim (@timmehwimmy) is a failed electronic engineer who ended up being a sysadmin, which then landed him in security. Tim has always loved building and tinkering, which is Partly why this workshop came about.

Nick (@ns1mmo) is a computer forensics and security graduate. He was also the vice president of the ethical hacking society at Leeds Beckett. He has a particular interest in IoT, which led to his final year project in developing threat models for IoT devices.

So what do kids do at SteelCon?

Tanya Feesh

Probably 2 hours
A selection of things that the kids will be doing in their Saturday track, but for adults. We will work it out the exact details on the day, but it could include robots, crayons, electricity and sellotape.

Tanya works in outreach and education for Pimoroni. She helped out at the kids track in 2017 then took over running it in 2018 and was loved by everyone who attended.

Attacking websites from the other direction

Kevin Smith and David Betteridge

2 hours
In the modern age of software development, automation is the key to getting features to our clients. In this session we will look at different automation tools that allow us to achieve fast stable features, limiting regressing any bugs. We will look at different types of source control and how these are used to allow engineers to collaborate on building software together, build server and how these are used to ensure a healthy code base and automate repetitive tasks. We will also dive in to different types of application deployments and how these are provisioned and managed to keep them healthy when live.

All this automation limits the amount of human error; however, most automation tools have more access to production environments to do their job. We’ll look at common mistake’s developers make while building these environments and how these can be compromised.

The session is aimed at anyone who is interested in how a normal development life cycle works, it be split in to a short presentation and then we’ll have a hands-on bounty hunting to find keys and secrets. Participants will require a working laptop with any operation system.

Kevin Smith is software engineer working at ByBox. He is the organiser of dotnet York and dotnetsheff, and he casually speaks and helps at user groups and conferences. He is always keen to contribute to open source projects. He has worked across a broad range of domains including: law, travel, finance and analytics.

David Betteridge is a software architect working at Proactis Group. When not working or out running he organises the York Code Dojo group and is also a co-founder of the YorkDevelopers charity. Like most people here his interests include computer security.