0.3 le-tour-du-hack-2026 2026-05-16 2026-05-17 2 00:05 https://speak.enusec.org UTC Track 1 Normal Talk 2026-05-16T09:00:00+00:00 09:00 00:45 Registration opens at this time le-tour-du-hack-2026-32-registration-opens en false https://speak.enusec.org/le-tour-du-hack-2026/talk/9W78TE/ https://speak.enusec.org/le-tour-du-hack-2026/talk/9W78TE/feedback/ Track 1 Lighting Talk 2026-05-16T09:45:00+00:00 09:45 00:15 Opening remarks, does what it says on the tin... le-tour-du-hack-2026-25-opening-remarks Team ENUSEC (Connor, Scott, Lewis, Xander & Eden) en false https://speak.enusec.org/le-tour-du-hack-2026/talk/YS3HC9/ https://speak.enusec.org/le-tour-du-hack-2026/talk/YS3HC9/feedback/ Track 1 Normal Talk 2026-05-16T10:00:00+00:00 10:00 00:30 How do you build cyber resilience when everything is moving fast? This keynote explores engineering thinking, human judgement and designing systems that can be trusted when the stakes are high. le-tour-du-hack-2026-27-keynote-history-s-blueprint-for-cyber-resilience Gemma Barrow en false https://speak.enusec.org/le-tour-du-hack-2026/talk/BDHGW8/ https://speak.enusec.org/le-tour-du-hack-2026/talk/BDHGW8/feedback/ Track 1 Long Talk 2026-05-16T10:30:00+00:00 10:30 01:00 What happens when you stop treating AI like a chatbot and start treating it like an execution engine and give it access to untapped ADHD? le-tour-du-hack-2026-5-automating-chaos-at-scale Andy Gill en This talk explores how to weaponise AI for rapid idea-to-tool pipelines taking half-formed, borderline chaotic ideas and turning them into working tools, side projects, and offensive experiments at speed. Not polished SaaS. Not over-engineered platforms. Building chaos at scale. I’ll walk through how AI can be used to: • Break past the “I’ll build that someday” backlog • Prototype tools in hours instead of weeks • Explore unconventional or “bad” ideas safely and quickly • Chain together automation, code generation, and testing loops • Validate whether something is genuinely useful or just noise Along the way, I’ll look at real examples of AI-assisted builds: from scrappy utilities to fully functional tooling that would never have existed without lowering the barrier to execution. This isn’t about replacing developers. It’s about removing friction and what happens when that friction disappears. true https://speak.enusec.org/le-tour-du-hack-2026/talk/S73CHT/ https://speak.enusec.org/le-tour-du-hack-2026/talk/S73CHT/feedback/ Track 1 Normal Talk 2026-05-16T11:40:00+00:00 11:40 00:30 We will explore the AI landscape, geopolitical challenges and how that impacts your career ! AI bubble (or not ?) will be contextualised in the face a continuous change to provide an opportunity to look at the horizon skills for the future (harder to predict than you think) ! James will demonstrate how he has pivoted his skills in a continuous learning path to ensure relevance to the market needs throughout his career. We will explore the geopolitical situation and what it means for individuals and the challenges for a resilient cyber society Learnings AI and the geopolitical landscape trends and the potential impact on your career. How to develop and maintain your personal resilience in the new evolving landscape. le-tour-du-hack-2026-8-how-does-ai-geopolitics-impact-on-the-cyber-landscape-what-can-you-do-to-hack-your-brain-for-a-resilient-career James K. en true https://speak.enusec.org/le-tour-du-hack-2026/talk/BMXMF8/ https://speak.enusec.org/le-tour-du-hack-2026/talk/BMXMF8/feedback/ Track 1 Normal Talk 2026-05-16T12:40:00+00:00 12:40 00:30 Featuring panellists from Lloyds, this panel discussion will be on working in cyber in large organisations. What is it really like? le-tour-du-hack-2026-7-panel-discussion-what-it-s-really-like-to-work-in-cyber-security-in-a-large-organisation en false https://speak.enusec.org/le-tour-du-hack-2026/talk/N3Z8CW/ https://speak.enusec.org/le-tour-du-hack-2026/talk/N3Z8CW/feedback/ Track 1 Normal Talk 2026-05-16T13:10:00+00:00 13:10 00:30 Join Kerry Archibald for an enlightening talk on securing ATMs in the real world. Drawing on over a decade of experience, this session discusses 15 essential rules for ATM security, debunks persistent industry misconceptions, and examines how criminal groups actually attack machines in practice. Kerry also tackles one of the toughest problems defenders face: why proven protections so often go unapplied. le-tour-du-hack-2026-16-securing-atms-101 /media/le-tour-du-hack-2026/submissions/Z9VD7V/work_photo_ykSGise_Lf3KQBG.webp Kerry Archibald en true https://speak.enusec.org/le-tour-du-hack-2026/talk/Z9VD7V/ https://speak.enusec.org/le-tour-du-hack-2026/talk/Z9VD7V/feedback/ Track 1 Normal Talk 2026-05-16T13:40:00+00:00 13:40 00:30 You've popped a Kubernetes cluster. You've got admin creds. Now the real question is how do you stay? Kubernetes abstracts away enormous complexity across multiple layers, from container runtimes to cluster APIs and each of those layers has dark corners where an attacker can set up shop and go unnoticed for months or even years. This talk is a post-exploitation deep dive into Kubernetes persistence. We'll walk through a compromised cluster layer by layer, demonstrating how attackers can escape to cluster nodes, spin up containers invisible to kubectl, abuse the Kubelet API to dodge audit logging and admission control, and create phantom credentials that survive long after the initial breach is forgotten. If defenders aren't watching every layer of the stack, they won't see you coming, or going. le-tour-du-hack-2026-21-ghosts-in-the-cluster-hiding-in-kubernetes-for-years Rory McCune en false https://speak.enusec.org/le-tour-du-hack-2026/talk/EEMPKG/ https://speak.enusec.org/le-tour-du-hack-2026/talk/EEMPKG/feedback/ Track 1 Normal Talk 2026-05-16T14:20:00+00:00 14:20 00:30 I would like to propose a talk exploring the broader cybercriminal ecosystem, drawing on my experience as an Intelligence Analyst at CrowdStrike. The talk will introduce key concepts in Cyber Threat Intelligence (CTI) and how analysts use it to track and understand adversary behaviour, before exploring how eCrime operates as a structured, business-like underground economy. During the session I will focus on real threat actors I track in my day-to-day work, offering attendees a rare, practitioner-level insight into how adversaries operate at scale. I believe CTI remains an underrepresented career path in the industry, and I hope this talk will inspire students — particularly those drawn to analytical rather than purely technical roles — to consider it as a rewarding and exciting avenue within cyber security. le-tour-du-hack-2026-20-the-ecrime-ecosystem-how-cybercriminals-operate-and-how-we-track-them David Rowney en false https://speak.enusec.org/le-tour-du-hack-2026/talk/DNQMKH/ https://speak.enusec.org/le-tour-du-hack-2026/talk/DNQMKH/feedback/ Track 1 Long Talk 2026-05-16T14:50:00+00:00 14:50 01:00 Last year at LTDH I did a talk on ClickFix — the fake-CAPTCHA trick that gets users to paste malicious commands into the Run dialog. I thought I was done with the topic. A year on, ClickFix has grown a family. FileFix moves the trick to File Explorer. ConsentFix (APT29) does it through OAuth and bypasses MFA and passkeys without ever touching the endpoint. CrashFix deliberately breaks your browser, then offers the fix. And a DPRK-nexus actor used a ClickFix-style fake job interview to compromise an Axios maintainer putting 100M weekly npm downloads in the blast radius. Part one: how the family grew up. Part two: how we catch them — SIEM queries, Conditional Access, browser hardening, the lot. Part three: why none of this stays solved, because custom ClickFix GPTs and AI-generated lures are about to make the next variant cheaper than the last. le-tour-du-hack-2026-24-meet-the-fixers-how-one-social-engineering-technique-spawned-a-family-and-how-to-catch-it Cameron Cottam en false https://speak.enusec.org/le-tour-du-hack-2026/talk/VHZED7/ https://speak.enusec.org/le-tour-du-hack-2026/talk/VHZED7/feedback/ Track 1 Normal Talk 2026-05-16T15:50:00+00:00 15:50 00:30 Do hackers take holidays? Join me as I discuss a real DFIR incident where a employees brand new device is compromised via SEO poisoning, and find out how Christmas saved a company from a full-scale ransomware attack! le-tour-du-hack-2026-22-the-nightmare-before-christmas Samantha Varley en false https://speak.enusec.org/le-tour-du-hack-2026/talk/NNBFMC/ https://speak.enusec.org/le-tour-du-hack-2026/talk/NNBFMC/feedback/ Track 1 Long Talk 2026-05-16T16:20:00+00:00 16:20 01:00 A live demonstration of modern BEC attacks, MFA bypass, and how attackers monetise trust. le-tour-du-hack-2026-2-hot-singles-in-your-area-want-your-session-tokens Michael Varley en We’re going to log into someone else’s email account - and they’re going to help us do it! From phishing to MFA bypass to session hijacking, this session walks through a real-world BEC attack chain end-to-end. Then we ruin the attacker’s day by showing exactly how to stop it. false https://speak.enusec.org/le-tour-du-hack-2026/talk/Z9MJ8X/ https://speak.enusec.org/le-tour-du-hack-2026/talk/Z9MJ8X/feedback/ Track 1 Normal Talk 2026-05-16T17:20:00+00:00 17:20 00:30 AI models like Mythos are finding exploitable vulnerabilities faster than the industry can disclose, patch, or write signatures for them. The inevitable consequence: a flood of 0-days in the wild. Every signature-based detection you own is, by definition, blind to them. This talk makes the case that statistical anomaly detection is no longer an optional "ML in security" side quest. It's the only class of detection that can catch the exploitation of things nobody knows exist yet. Drawing on production experience building ML detection, we'll cover what works, what doesn't, and why your UEBA tab isn't going to save you. le-tour-du-hack-2026-11-no-signature-no-problem-detecting-the-coming-0-day-flood Aidan McLaughlin en Detection engineering has always been a race: find a vuln, reverse the exploit, write a signature, push it out, hope you beat the attackers. That race was losing even before automation. With AI-driven vulnerability discovery, the race is over. The discovery rate is about to dwarf the signature-authoring rate by orders of magnitude, and a meaningful fraction of those findings will be weaponised before any defender has them. That leaves one brute mathematical fact: you cannot write a signature for something you don't know exists. The only detection strategy that survives this world is one that looks for the effects of exploitation rather than its fingerprints. Statistical anomaly detection. In this talk we'll cover: The supply-side economics of AI vuln discovery, and why 0-day proliferation is structurally inevitable rather than speculative Why signature-based detection breaks down in this regime, with numbers What "anomaly detection" actually means (time-series, graph, distribution-based), and the crucial distinctions most vendors blur Real examples: detections that caught novel behaviour in production vs. the ones that generated 400 alerts a day The analyst UX problem: explainability, triage, and why most ML detections die in the SOC A pragmatic starting point for teams without a PhD on staff This is a hardened follow-up to a talk given at Cyber Scotland Connect in 2025, updated for a world where vulnerability discovery itself has been automated. false https://speak.enusec.org/le-tour-du-hack-2026/talk/GBRHXN/ https://speak.enusec.org/le-tour-du-hack-2026/talk/GBRHXN/feedback/ Track 1 Lighting Talk 2026-05-16T17:50:00+00:00 17:50 00:15 The remarks that close le-tour-du-hack-2026-26-closing-remarks Team ENUSEC (Connor, Scott, Lewis, Xander & Eden) en false https://speak.enusec.org/le-tour-du-hack-2026/talk/JEDJGG/ https://speak.enusec.org/le-tour-du-hack-2026/talk/JEDJGG/feedback/ Track 1 Long Talk 2026-05-16T18:30:00+00:00 18:30 01:00 At this time, the afterparty at the Fountainbridge Fox will begin. 18+ only, have wristbands ready le-tour-du-hack-2026-33-afterparty en false https://speak.enusec.org/le-tour-du-hack-2026/talk/T3RRT7/ https://speak.enusec.org/le-tour-du-hack-2026/talk/T3RRT7/feedback/ Track 2 Normal Talk 2026-05-16T11:40:00+00:00 11:40 00:30 While organizations spent years training users against email phishing, attackers quietly perfected vishing attacks that bypass MFA and turn helpful helpdesk staff into unwitting accomplices - causing billions in damages across retail, automotive, and gaming industries. This talk combines real red-team war stories with a live AI voice cloning demo to show how modern vishing works and what defences actually stop it. le-tour-du-hack-2026-13-you-ve-been-ph0ned-how-attackers-compromise-organisations-via-telephone-social-engineering Luiz S en While just about everyone has trained users not to click suspicious emails, attackers have quietly moved to the channel nobody prepared for: the phone. From retail giants and luxury brands to automotive manufacturers and casino operators - all have suffered massive financial damages from attacks that started with something as simple as a phone call. Drawing from real world red teaming engagements, Luiz will walk through the modern vishing playbook: how attackers research targets, craft believable pretexts, pressure helpdesks into breaking their own security policies, and bypass multi factor authentication that was supposed to end credential theft. The talk includes a live AI voice cloning demonstration, honest discussion of the ethical challenges in realistic social engineering testing, and practical defences that go beyond "just be suspicious of phone calls". true https://speak.enusec.org/le-tour-du-hack-2026/talk/FEEBJU/ https://speak.enusec.org/le-tour-du-hack-2026/talk/FEEBJU/feedback/ Track 2 Normal Talk 2026-05-16T13:10:00+00:00 13:10 00:30 This is a story all about how video takes up WAY more data than you think, a bit of history, and a dive into how we play with quality, motion vectors and even how our eyes perceive colour to compress it. le-tour-du-hack-2026-4-the-dark-sorcery-of-video-encoding Del Angel Stormreul en Video takes up a LOT of data. Each pixel is 3 bytes if you're only using 8 bit colour and the numbers get wild as resolution, framerate and bit depth goes up. How does video encoding work in general? What improvements have we seen throughout history? Could the planet's infrastructure survive a world without video compression? Should you maybe use GPU encoding for your video projects? (Spoiler: Yes) Time to dig into one of those things we never even think about, let alone take for granted - Video encoding. false https://speak.enusec.org/le-tour-du-hack-2026/talk/FZX9DN/ https://speak.enusec.org/le-tour-du-hack-2026/talk/FZX9DN/feedback/ Track 2 Lighting Talk 2026-05-16T13:40:00+00:00 13:40 00:15 Short overview of the importance of breaking out of a purely technical silo to examine the policy and human factors that play an increasing role in cybersecurity le-tour-du-hack-2026-19-not-just-tech-the-people-and-politics-of-cyber Imogen McCall en false https://speak.enusec.org/le-tour-du-hack-2026/talk/SAGKR7/ https://speak.enusec.org/le-tour-du-hack-2026/talk/SAGKR7/feedback/ Track 2 Normal Talk 2026-05-16T14:20:00+00:00 14:20 00:30 I have been doing bug bounties for like 6 years now. I have seen most of the people use the scanners to find the issues however those scanners are not that much effective. As someone who has worked as a security expert for six years, I would say that the most interesting exploits are those that cannot be detected through any scanners. The subject of this lecture is manual testing where you go through the application to find the issues in it by yourself that where you find the most interesting stuff which the scanners can't le-tour-du-hack-2026-15-testing-what-the-scanner-missed-a-bug-bounty-perspective Suresh Aydi en false https://speak.enusec.org/le-tour-du-hack-2026/talk/TYSGCW/ https://speak.enusec.org/le-tour-du-hack-2026/talk/TYSGCW/feedback/ Track 2 Long Talk 2026-05-16T14:50:00+00:00 14:50 01:00 Cyber attacks don’t start with alerts — they start long before, hidden in data. This talk explores how Cyber Threat Intelligence (CTI) transforms raw data into actionable insights, enabling defenders to move from reactive to proactive security. Through real-world examples, including large-scale event targeting scenarios, we’ll break down how attackers operate, how defenders detect them, and how you can start threat hunting effectively. le-tour-du-hack-2026-9-from-data-to-defense-real-world-cyber-threat-intelligence-threat-hunting Ayush Aggarwal en This session dives into the practical side of Cyber Threat Intelligence (CTI) and Threat Hunting, focusing on how defenders can anticipate, detect, and respond to modern cyber threats. We will begin by understanding what threat intelligence really means beyond buzzwords, covering its lifecycle, types, and how it integrates into real security operations. The session then explores attacker behavior using frameworks like MITRE ATT&CK and the Cyber Kill Chain, helping attendees understand how adversaries think, move, and exploit systems. A key part of the talk will focus on threat hunting — how to proactively search for threats using indicators of compromise (IOCs), behavioral patterns, and attacker TTPs. We will also walk through a real-world inspired case study based on large-scale global events (such as international sporting events). By the end of the session, attendees will: Understand how to apply CTI in real environments Learn how to identify high-value detection signals (TTPs vs IOCs) Gain a beginner-friendly roadmap to start threat hunting Be able to think like both an attacker and a defender This talk is designed for students, beginners, and intermediate cybersecurity enthusiasts who want practical, actionable insights not just theory. true https://speak.enusec.org/le-tour-du-hack-2026/talk/QS9WQH/ https://speak.enusec.org/le-tour-du-hack-2026/talk/QS9WQH/feedback/ Track 2 Normal Talk 2026-05-16T15:50:00+00:00 15:50 00:30 Life sucks. Between the chaos of work/uni life and personal life, it can be hard to make time for some R&R. We will be discussing what you can do to better manage the chaos as well as activities you can do to unwind and disconnect from the world for a bit. le-tour-du-hack-2026-10-burning-the-candle-at-all-ends-a-burnout-talk Kit en true https://speak.enusec.org/le-tour-du-hack-2026/talk/T7937A/ https://speak.enusec.org/le-tour-du-hack-2026/talk/T7937A/feedback/ Track 2 Normal Talk 2026-05-16T16:20:00+00:00 16:20 00:30 History is full of people making terrible decisions with absolute confidence. “Dumb Shit in History Part 3” dives into absurd real-world events — including fake armies, corpse trials, poisoned aristocrats, and wars over almost nothing — before drawing uncomfortable parallels to modern cyber security. Equal parts comedy, history lesson, and cautionary tale. le-tour-du-hack-2026-14-dumb-shit-in-history-3-0 Jon en false https://speak.enusec.org/le-tour-du-hack-2026/talk/QFVNJL/ https://speak.enusec.org/le-tour-du-hack-2026/talk/QFVNJL/feedback/ Track 3 Long Talk 2026-05-16T10:00:00+00:00 10:00 01:30 Come pick locks le-tour-du-hack-2026-28-lockpicking-physical-security-village en false https://speak.enusec.org/le-tour-du-hack-2026/talk/7DSCQG/ https://speak.enusec.org/le-tour-du-hack-2026/talk/7DSCQG/feedback/ Track 3 Long Talk 2026-05-16T13:10:00+00:00 13:10 01:00 Hiding in Plain Sight - OSINT CTF le-tour-du-hack-2026-17-hiding-in-plain-sight-osint-ctf-workshop Luiz S en Open Source Intelligence (OSINT) CTF true https://speak.enusec.org/le-tour-du-hack-2026/talk/ZR3GKH/ https://speak.enusec.org/le-tour-du-hack-2026/talk/ZR3GKH/feedback/ Track 1 Long Talk 2026-05-17T09:30:00+00:00 09:30 01:00 When we will admit attendees into the space for the CTF on day 2 le-tour-du-hack-2026-34-doors-open-day-2 en false https://speak.enusec.org/le-tour-du-hack-2026/talk/RJMCQN/ https://speak.enusec.org/le-tour-du-hack-2026/talk/RJMCQN/feedback/ Track 1 Lighting Talk 2026-05-17T10:30:00+00:00 10:30 00:15 Welcome and CTF Kickoff le-tour-du-hack-2026-30-welcome Team ENUSEC (Connor, Scott, Lewis, Xander & Eden) en false https://speak.enusec.org/le-tour-du-hack-2026/talk/KEESQ9/ https://speak.enusec.org/le-tour-du-hack-2026/talk/KEESQ9/feedback/ Track 1 Long Talk 2026-05-17T10:45:00+00:00 10:45 01:15 CTF competition before lunch le-tour-du-hack-2026-37-ctf-morning en false https://speak.enusec.org/le-tour-du-hack-2026/talk/EDFY3Z/ https://speak.enusec.org/le-tour-du-hack-2026/talk/EDFY3Z/feedback/ Track 1 Long Talk 2026-05-17T12:00:00+00:00 12:00 01:00 Lunch break during the CTF le-tour-du-hack-2026-35-lunch-day-2 en false https://speak.enusec.org/le-tour-du-hack-2026/talk/89DEJE/ https://speak.enusec.org/le-tour-du-hack-2026/talk/89DEJE/feedback/ Track 1 Long Talk 2026-05-17T13:00:00+00:00 13:00 03:30 CTF resumes after lunch le-tour-du-hack-2026-36-ctf-resumes en false https://speak.enusec.org/le-tour-du-hack-2026/talk/BCNJVW/ https://speak.enusec.org/le-tour-du-hack-2026/talk/BCNJVW/feedback/ Track 1 Lighting Talk 2026-05-17T16:30:00+00:00 16:30 00:10 CTF ends, we'll hand out the prizes le-tour-du-hack-2026-38-ctf-prizes-and-event-ends en false https://speak.enusec.org/le-tour-du-hack-2026/talk/MUEAY9/ https://speak.enusec.org/le-tour-du-hack-2026/talk/MUEAY9/feedback/