2026 Workshops

In this beginner-friendly, hands-on workshop, participants will walk through the full attack chain of a real-world Fancy Bear (APT28/GRU) intrusion - from the initial phishing email to command & control - guided by a purpose-built interactive training platform.

What to expect:
The workshop is structured across five chapters, each building on the last: threat actor background, payload delivery, exploitation, persistence & installation, and command & control. Participants work hands-on with real artefacts (phishing email headers, a weaponised RTF document, malware samples, and a C2 implant) and answer quiz questions via an interactive platform to validate their findings along the way - making progress immediately visible and keeping the session engaging for all skill levels.

What you will learn:
▪️ How to analyse phishing emails and extract indicators from mail headers
▪️ How to identify and dissect malicious Office documents (including MIME type mismatches and OLE/COM object abuse triggering CVE-2026-21509)
▪️ Persistence techniques: file staging, scheduled task abuse, and LSB steganography in PNG files
▪️ How to reverse simple string obfuscation (XOR + Base64) using CyberChef
▪️ How threat actors repurpose legitimate open-source tools (Covenant C2 framework) and abuse trusted cloud services to blend into normal traffic
▪️ All tools demoed/used throughout the workshop (e.g. oletools, CyberChef, and Covenant) are free and open-source, making every technique immediately reproducible.

Who should attend:
No prior malware analysis experience is required. Basic familiarity with the command line and a curiosity for how attacks actually work is all you need. Security students, CTF players, sysadmins, and blue teamers looking to build intuition for real-world threat actor tradecraft will get the most out of this session.

What to bring:
A laptop with internet access. All you need is a web browser, a text editor and an archive tool to unpack ZIP (AES-256) archives - other than that, no prior setup is required.

About the instructor
Marius Genheimer is a DFIR Specialist and Threat Researcher with the SECUINFRA Falcon Team. He specializes in malware analysis and defensive security training.

Pack your laptop and your curiosity, it's time to stop reading about APTs and start deconstructing them. See you at the workshop!

Capture the Flag (CTF) challenges are a powerful way to learn reverse engineering and vulnerability research, but many participants struggle to understand how experts solve them. This hands-on workshop walks through real DEF CON CTF challenges step by step, demonstrating the tools and techniques used to analyze binaries and discover vulnerabilities.

About the instructor
Georgia Weidman is a penetration tester, security researcher, and founder of Bulb Security, a cybersecurity consulting firm, and Shevirah, a venture-backed mobile security company. She is the author of Penetration Testing: A Hands-On Introduction to Hacking, and her work has been featured internationally in print and broadcast media.

Her research, supported by a DARPA Cyber Fast Track grant, focuses on identifying real-world attack paths across modern enterprise environments, including mobile ecosystems, backend services, and emerging technologies. She has taught and presented at venues on six continents, including Black Hat, DEF CON, RSA, Oxford University, NSA, and West Point.

In addition to her research and industry work, Georgia teaches cybersecurity at multiple universities and focuses on making complex security concepts accessible to a wider audience.

Language models are being dropped into production pipelines, security tools, and autonomous agents faster than anyone can audit them, and the attack surface is wide open. This workshop takes you through three layers of offensive AI attack, hands-on. You will learn how to hijack model behavior through prompt injection, turn AI pentesting agents against themselves, and surgically disable safety alignment by ablating specific layers inside the model.

Every section includes a live demo and exercises you run yourself. By the end you will understand not just how these attacks work, but why they work, and what that means for any system that trusts a language model.

About the instructor
Andrea Brosio is an Offensive Security Engineer with 6+ years of experience in red teaming: malware development, EDR evasion techniques and building offensive tooling. Currently building AI driven pipelines for automated vulnerability discovery and exploitation.

Time to turn offensive AI against itself. Pack your laptop and let's go!

Bash isn't just an interface to your daily laptop - it's a weapon. In this hands-on workshop, we'll push bash beyond its typical use, leveraging it for hacking, data processing, automation, and real-world security applications. Whether you're crafting exploits, analyzing massive datasets, or automating reconnaissance, this session will equip you with the skills to turn bash into your ultimate hacking tool.

To take part in the workshop, please bring your own laptop.

About the instructor
Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist. He began programming at age 7, and by grade 9 was already writing machine code directly in a hex editor during lunch breaks. Renowned for uncovering and responsibly disclosing critical vulnerabilities in national and international systems, he is an expert in network flow analysis, reverse engineering, and social engineering. A lifelong command-line enthusiast, he uses bash daily for hacking, automation, and large-scale data processing.

He is the author of the jailbreak tool for MikroTik RouterOS and played a pivotal role in developing e-Saeima, the world's first fully remote legislative system used by the Latvian Parliament. Today, Kirils serves as lead researcher at Possible Security.

Master the shell and leave the flashy tools behind. Join us to turn your terminal into a weapon and we'll see you there!