2026-05-16 –, Track 2
While organizations spent years training users against email phishing, attackers quietly perfected vishing attacks that bypass MFA and turn helpful helpdesk staff into unwitting accomplices - causing billions in damages across retail, automotive, and gaming industries. This talk combines real red-team war stories with a live AI voice cloning demo to show how modern vishing works and what defences actually stop it.
While just about everyone has trained users not to click suspicious emails, attackers have quietly moved to the channel nobody prepared for: the phone. From retail giants and luxury brands to automotive manufacturers and casino operators - all have suffered massive financial damages from attacks that started with something as simple as a phone call.
Drawing from real world red teaming engagements, Luiz will walk through the modern vishing playbook: how attackers research targets, craft believable pretexts, pressure helpdesks into breaking their own security policies, and bypass multi factor authentication that was supposed to end credential theft.
The talk includes a live AI voice cloning demonstration, honest discussion of the ethical challenges in realistic social engineering testing, and practical defences that go beyond "just be suspicious of phone calls".
Luiz leads the Offensive Security practice at Bridewell and has 2 decades of experience as a penetration tester, red team manager and leader.
He is a Chartered Cyber Security Professional (ChCSP), holds an MSc in Information Security from Royal Holloway along with various industry certifications.
Luiz has a particular interest in user-driven attacks, and leveraging social engineering to bypass technical controls.