2025-12-13 –, Workshop Room 2
Think attackers are only winning with zero-days and nation-state malware? Think again. Most compromises start with the boring stuff... default creds, sloppy file shares, and scheduled tasks hiding in plain sight.
In this hands-on workshop, you’ll learn how to turn those “harmless” admin oversights into full domain compromise.
Guided by an experienced infrastructure penetration tester and former sysadmin, you’ll practice:
- Abusing everyday network protocols for maximum gain
- Sniffing out and weaponising default credentials
- Turning scheduled tasks into privilege-escalation jackpots
- Digging through file shares to uncover scripts, secrets, and PII
- This is the stuff scanners like Nessus won’t catch but attackers absolutely will.
What you’ll take away:
- An attacker’s eye for spotting security blind spots in your own environment
- Practical skills you can use to validate and harden systems
- A toolbox of quick wins to shut down common attack paths
If you’re an IT admin or engineer, this is your chance to flip the script, outsmart attackers at their own game, and leave with skills that will instantly raise your security game.
Simon is co-founder and CTO of Punk Security. He approaches DevSecOps from an infrastructure background with 20 years of experience in the field and a focus on cyber security and automation. Simon’s experience is diverse, having served as an engineer in the Royal Air Force and working across various industries, including government, manufacturing, finance, and technology, delivering automation and information security.
He is a keen Python and .NET CORE developer and a huge open source advocate, having authored a suite of open source tools himself.