2025-12-13 –, Workshop Room 1
Model Context Protocol (MCP) servers are an emerging integration point between LLMs and external tools - and they’re increasingly attractive targets for attackers. This four-hour, hands-on workshop teaches penetration testers practical methods to discover, enumerate, and exploit MCP servers safely and effectively. Through short demos and guided lab exercises you’ll learn how to intercept and audit MCP traffic, identify mismatches between advertised and actual tools, weaponize tool-response manipulation, and validate guardrails and authentication.
Drawing from real-world penetration tests, participants will learn to intercept and analyze MCP traffic, build custom testing tools, and develop reproducible attack workflows. We'll cover traffic capture techniques, protocol manipulation, authentication bypass methods, and injection attacks specific to MCP architectures. Attendees will work through hands-on labs targeting common implementation flaws, misconfigurations, and trust boundary violations.
This intensive 4-hour hands-on workshop transforms penetration testers into MCP security specialists through practical exploitation techniques derived from real-world assessments. As the Model Context Protocol becomes fundamental to AI application infrastructure, security professionals must understand its unique attack surface.
Participants will master comprehensive MCP security testing methodologies covering twelve critical areas: tool enumeration and discovery techniques to map attack surfaces; identification of dangerous functions and code features that enable exploitation; authentication scheme weaknesses and bypasses; detection of vulnerable libraries and outdated packages; automated reputation analysis using VirusTotal; discovery of hidden tools and undocumented functionality; extraction of embedded secrets and hardcoded credentials; enumeration of embedded email addresses for social engineering vectors; local process spawning vulnerability analysis; temporary file creation exploitation; cross-tool data leakage assessment; and insecure protocol usage identification.
Through hands-on labs, attendees will use custom tools for traffic interception, protocol manipulation, and automated vulnerability discovery. Each module includes practical exercises targeting real MCP implementation flaws, providing immediately applicable skills for professional engagements. Participants leave with a complete testing framework, custom scripts, detailed methodology documentation, and confidence to conduct thorough MCP security assessments. Requirements: laptop with Python 3.8+, Wireshark, and Burp Suite.
Riyaz Walikar is the Chief Hacker at Appsecco, a boutique security consulting company specializing in SaaS products and their AI implementations. He has over a decade of experience in offensive security, hacking his way into web applications, mobile apps, wireless networks, thick clients, and cloud and container-based infrastructure. As part of his professional career, he has led security testing teams at Microland, PwC, Citrix, and Appsecco. He likes to evangelize cybersecurity and has been a speaker/trainer and multiple hacker conferences around the world including BlackHat, DefCON, OWASP AppsecUSA, Nullcon, and c0c0n. He has co-authored 2 books and loves teaching cybersecurity which he does through various online blogs and publications, in-person and online training programs, community talks, conference presentations, and beer sessions.
When he is not writing/breaking code, you can find him dabbling in photography, playing video games, googling for weight loss solutions, stargazing, or laughing at his own jokes.