Felix Meggison
Felix Meggison is a Red Team Operator with over six years of experience in offensive security, specialising in adversary emulation, Active Directory exploitation, and cloud-native attack simulation. He has led red team operations across multiple sectors, delivering realistic attack scenarios that test both technical controls and organisational resilience. Passionate about bridging the gap between red and blue teams, Felix often turns attack insights into practical detection strategies. His recent focus has been on IPv6-based internal attacks and their often-overlooked detection opportunities.
Session
Most organisations assume IPv6 is “not in use.” In reality, it’s silently enabled on modern operating systems and creates an attack surface defenders rarely monitor.
In this 45-minute session, I’ll walk through the full IPv6 attack chain I’ve used in penetration testing engagements, from a single rogue packet to domain persistence. Using a pre-recorded demo, I’ll show how attackers spin up rogue DHCPv6/DNS servers, push malicious configurations, capture authentication traffic, and relay credentials into Active Directory. Abuse cases include credential relaying, domain machine joins, and Active Directory Certificate Services (ADCS) exploitation.
Then we’ll flip to the defender’s view. I’ll highlight Indicators of Compromise that signal rogue IPv6 activity, such as unexpected DNS/DHCPv6 advertisements and anomalous neighbour announcements, along with practical detection queries and hardening strategies for Windows-heavy environments.