2025-12-13 –, Rookie Track 1
Phishing is no longer a specialist skillset - it’s researchable, reproducible, and for criminals, even rentable. For my dissertation project, I built a phishing simulation tool from scratch and ran it with real participants. Even in that controlled, academic setting, people still fell for the lures.
That was a sobering lesson… If I could create this as a student, then what does it mean to an attacker with malicious intentions?
I will share the story of a realisation I had during my 14-week journey developing a phishing simulation tool for my dissertation project. Building the platform from scratch - scheduling campaigns, personalising emails, tracking interactions, parsing logs into risk categories, and visualising results - revealed how easily humans can be tricked.
Midway through that journey, an alarming thought struck me: if I, as a student, could build this tool, then modern “vibe coders” - using LLMs and low-code tools - could recreate similar tools far faster, for malicious purposes.
And the reality is even more terrifying. Attackers no longer need technical skills at all - ready-made phishing kits are widely available through Phishing-as-a-Service platforms. Many come with built-in detection evasion, allowing anyone with money to launch sophisticated attacks and stay ahead in the ongoing race between attackers and defenders.
This talk connects lessons from my project to the rise of Phishing-as-a-Service, and asks what it means for defenders when humans remain the weakest link.
Hi, I’m Ada - originally from Poland and I discovered my passion for cybersecurity about five years ago. Since then, I’ve been exploring the many layers of this ever-evolving field.
After recently graduating, I’ve stepped into a consultancy role that allows me to bridge the technical and human sides of cybersecurity by helping organisations stay secure while building awareness and collaboration.
Outside the cyber world, you’ll often find me running, swimming, or playing tennis (and I’m excited to be adding cycling to that list soon!).