Le Tour Du Hack

Registration opens at this time

Opening remarks, does what it says on the tin...

How do you build cyber resilience when everything is moving fast? This keynote explores engineering thinking, human judgement and designing systems that can be trusted when the stakes are high.

Come pick locks

What happens when you stop treating AI like a chatbot and start treating it like an execution engine and give it access to untapped ADHD?

We will explore the AI landscape, geopolitical challenges and how that impacts your career ! AI bubble (or not ?) will be contextualised in the face a continuous change to provide an opportunity to look at the horizon skills for the future (harder to predict than you think) !

James will demonstrate how he has pivoted his skills in a continuous learning path to ensure relevance to the market needs throughout his career.
We will explore the geopolitical situation and what it means for individuals and the challenges for a resilient cyber society
Learnings
AI and the geopolitical landscape trends and the potential impact on your career.
How to develop and maintain your personal resilience in the new evolving landscape.

While organizations spent years training users against email phishing, attackers quietly perfected vishing attacks that bypass MFA and turn helpful helpdesk staff into unwitting accomplices - causing billions in damages across retail, automotive, and gaming industries. This talk combines real red-team war stories with a live AI voice cloning demo to show how modern vishing works and what defences actually stop it.

Featuring panellists from Lloyds, this panel discussion will be on working in cyber in large organisations. What is it really like?

Hiding in Plain Sight - OSINT CTF

Join Kerry Archibald for an enlightening talk on securing ATMs in the real world. Drawing on over a decade of experience, this session discusses 15 essential rules for ATM security, debunks persistent industry misconceptions, and examines how criminal groups actually attack machines in practice. Kerry also tackles one of the toughest problems defenders face: why proven protections so often go unapplied.

This is a story all about how video takes up WAY more data than you think, a bit of history, and a dive into how we play with quality, motion vectors and even how our eyes perceive colour to compress it.

You've popped a Kubernetes cluster. You've got admin creds. Now the real question is how do you stay? Kubernetes abstracts away enormous complexity across multiple layers, from container runtimes to cluster APIs and each of those layers has dark corners where an attacker can set up shop and go unnoticed for months or even years.

This talk is a post-exploitation deep dive into Kubernetes persistence. We'll walk through a compromised cluster layer by layer, demonstrating how attackers can escape to cluster nodes, spin up containers invisible to kubectl, abuse the Kubelet API to dodge audit logging and admission control, and create phantom credentials that survive long after the initial breach is forgotten. If defenders aren't watching every layer of the stack, they won't see you coming, or going.

Short overview of the importance of breaking out of a purely technical silo to examine the policy and human factors that play an increasing role in cybersecurity

I have been doing bug bounties for like 6 years now. I have seen most of the people use the scanners to find the issues however those scanners are not that much effective. As someone who has worked as a security expert for six years, I would say that the most interesting exploits are those that cannot be detected through any scanners. The subject of this lecture is manual testing where you go through the application to find the issues in it by yourself that where you find the most interesting stuff which the scanners can't

I would like to propose a talk exploring the broader cybercriminal ecosystem, drawing on my experience as an Intelligence Analyst at CrowdStrike. The talk will introduce key concepts in Cyber Threat Intelligence (CTI) and how analysts use it to track and understand adversary behaviour, before exploring how eCrime operates as a structured, business-like underground economy. During the session I will focus on real threat actors I track in my day-to-day work, offering attendees a rare, practitioner-level insight into how adversaries operate at scale. I believe CTI remains an underrepresented career path in the industry, and I hope this talk will inspire students — particularly those drawn to analytical rather than purely technical roles — to consider it as a rewarding and exciting avenue within cyber security.

Cyber attacks don’t start with alerts — they start long before, hidden in data.

This talk explores how Cyber Threat Intelligence (CTI) transforms raw data into actionable insights, enabling defenders to move from reactive to proactive security.

Through real-world examples, including large-scale event targeting scenarios, we’ll break down how attackers operate, how defenders detect them, and how you can start threat hunting effectively.

Last year at LTDH I did a talk on ClickFix — the fake-CAPTCHA trick that gets users to paste malicious commands into the Run dialog. I thought I was done with the topic.

A year on, ClickFix has grown a family. FileFix moves the trick to File Explorer. ConsentFix (APT29) does it through OAuth and bypasses MFA and passkeys without ever touching the endpoint. CrashFix deliberately breaks your browser, then offers the fix. And a DPRK-nexus actor used a ClickFix-style fake job interview to compromise an Axios maintainer putting 100M weekly npm downloads in the blast radius.

Part one: how the family grew up. Part two: how we catch them — SIEM queries, Conditional Access, browser hardening, the lot. Part three: why none of this stays solved, because custom ClickFix GPTs and AI-generated lures are about to make the next variant cheaper than the last.

Life sucks. Between the chaos of work/uni life and personal life, it can be hard to make time for some R&R. We will be discussing what you can do to better manage the chaos as well as activities you can do to unwind and disconnect from the world for a bit.

Do hackers take holidays? Join me as I discuss a real DFIR incident where a employees brand new device is compromised via SEO poisoning, and find out how Christmas saved a company from a full-scale ransomware attack!

History is full of people making terrible decisions with absolute confidence. “Dumb Shit in History Part 3” dives into absurd real-world events — including fake armies, corpse trials, poisoned aristocrats, and wars over almost nothing — before drawing uncomfortable parallels to modern cyber security. Equal parts comedy, history lesson, and cautionary tale.

A live demonstration of modern BEC attacks, MFA bypass, and how attackers monetise trust.

AI models like Mythos are finding exploitable vulnerabilities faster than the industry can disclose, patch, or write signatures for them. The inevitable consequence: a flood of 0-days in the wild. Every signature-based detection you own is, by definition, blind to them. This talk makes the case that statistical anomaly detection is no longer an optional "ML in security" side quest. It's the only class of detection that can catch the exploitation of things nobody knows exist yet. Drawing on production experience building ML detection, we'll cover what works, what doesn't, and why your UEBA tab isn't going to save you.

The remarks that close

At this time, the afterparty at the Fountainbridge Fox will begin. 18+ only, have wristbands ready

When we will admit attendees into the space for the CTF on day 2

Welcome and CTF Kickoff

CTF competition before lunch

Lunch break during the CTF

CTF resumes after lunch

CTF ends, we'll hand out the prizes