{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.2"}, "schedule": {"url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/schedule/", "version": "1.2", "base_url": "https://pretalx.hackglasgow.live", "conference": {"acronym": "hack-glasgow-2026", "title": "Hack Glasgow 2026", "start": "2026-08-15", "end": "2026-08-15", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "Europe/London", "colors": {"primary": "#000000"}, "rooms": [{"name": "Stage 1", "slug": "1-stage-1", "guid": "402e6d70-9226-5d1d-9d57-d8b8467d71ef", "description": null, "capacity": 650}, {"name": "Stage 2", "slug": "2-stage-2", "guid": "8b58b7af-a7d1-5835-b37c-db22914bda41", "description": null, "capacity": 160}, {"name": "Workshops", "slug": "3-workshops", "guid": "55fc5f2a-2a6a-5456-b47a-1c05a4b17e50", "description": null, "capacity": 50}], "tracks": [], "days": [{"index": 1, "date": "2026-08-15", "day_start": "2026-08-15T04:00:00+01:00", "day_end": "2026-08-16T03:59:00+01:00", "rooms": {"Stage 1": [{"guid": "14931898-b901-5163-9b06-0a16089bf68c", "code": "9HXXVW", "id": 66, "logo": null, "date": "2026-08-15T09:45:00+01:00", "start": "09:45", "duration": "00:15", "room": "Stage 1", "slug": "hack-glasgow-2026-66-hack-glasgow-2026-opening-remarks", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/9HXXVW/", "title": "Hack Glasgow 2026 opening remarks", "subtitle": "", "track": null, "type": "Organiser remarks", "language": "en", "abstract": "Opening remarks by the Hack Glasgow organisers", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "YDX73V", "name": "Hack Glasgow", "avatar": "https://pretalx.hackglasgow.live/media/avatars/Y9PXAH_Z1TKcdj.webp", "biography": "The **Hack Glasgow** organiser team is made up of:\r\n\r\n- [Gerard Barrett](https://www.linkedin.com/in/gerard-barrett/)\r\n- [David Carson](https://www.linkedin.com/in/davidhgcarson/)\r\n- [Alice McGready](https://www.linkedin.com/in/alicemcgready/)\r\n- [Scott McGready](https://www.linkedin.com/in/scottmcgready/)\r\n- [David McKenzie](https://www.linkedin.com/in/davewmckenzie/)", "public_name": "Hack Glasgow", "guid": "a378f8d1-ae49-5dc2-a94f-e5a7d4389931", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/YDX73V/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/9HXXVW/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/9HXXVW/", "attachments": []}, {"guid": "968ca81b-e6b5-520e-8382-fb019d6dad37", "code": "X7DVV7", "id": 41, "logo": null, "date": "2026-08-15T10:00:00+01:00", "start": "10:00", "duration": "00:25", "room": "Stage 1", "slug": "hack-glasgow-2026-41-redlining-the-soc-the-need-for-speed-in-cyber-defense", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/X7DVV7/", "title": "Redlining the SOC: The Need for Speed in Cyber Defense", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "As attackers increasingly leverage AI to automate, the timeline of cyber attacks is compressing. What once unfolded over days or weeks now happens in minutes. In this environment, speed is no longer a competitive advantage for defenders but a baseline requirement.\r\n\r\nSecurity Operations Centers (SOCs) are being pushed to operate at unprecedented velocity to match these attackers, but many are not designed for sustained high-speed decision-making. Faster detection and response can improve outcomes, but it can also amplify false positives, accelerate poor decisions, and introduce operational instability if not implemented carefully.\r\n\r\nThis talk explores the evolving role of speed in modern cyber defense, examining how AI is reshaping both attacker and defender dynamics. It introduces practical strategies for building a high-velocity SOC that maintains accuracy, control, and resilience: focusing on detection quality, feedback loops, and measured automation. Attendees will leave with a framework for operating at speed without sacrificing effectiveness.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "EBZX73", "name": "Gabrielle Hempel", "avatar": "https://pretalx.hackglasgow.live/media/avatars/EBZX73_Dwa6UJH.webp", "biography": "Gabrielle Hempel is a Security Operations Strategist at Exabeam, specializing in threat intelligence, detection engineering, and AI-driven defense. She holds a master\u2019s degree in cybersecurity/global affairs from NYU and serves as an adjunct professor, bridging academic and real-world security operations. Gabrielle has spoken at industry conferences including Black Hat and DEF CON, and contributes to national cybersecurity efforts through the U.S. Coast Guard Auxiliary and National Guard, where she serves as a Division Chief and Deputy Incident Commander. She is currently pursuing her J.D. with a focus on technology and AI law.", "public_name": "Gabrielle Hempel", "guid": "fe338bfe-cd34-5edb-8d9c-1777363647fd", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/EBZX73/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/X7DVV7/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/X7DVV7/", "attachments": []}, {"guid": "c53e1f72-8cbb-5f75-8ddd-974b00c99de7", "code": "MRLBLF", "id": 17, "logo": null, "date": "2026-08-15T10:30:00+01:00", "start": "10:30", "duration": "00:55", "room": "Stage 1", "slug": "hack-glasgow-2026-17-scientific-hooliganism-the-history-of-hacking", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/MRLBLF/", "title": "Scientific Hooliganism: The History of Hacking", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "We focus so much on the next great exploit, when have we looked back to see where we come from?  Let me take you on a journey back through time, to the first 'hack' ever pulled off. Then, wander with me as we trace the history of our storied profession, from thousands of years ago, all the way to the modern day.\r\n\r\n\r\nI choose to define hacking as \"subverting the rules of a system, in order to force the system to behave in a manner not intended by its creator\". This, to me at least, is the hacker mindset - a burning curiosity to make things behave in a way we are told they should not be able to. It is armed with this definition, that I explore the history of hacking, going back through the ages, addressing the incident in 1903 (from which we get the title of this talk), or even to 1834, when the first real 'cyber attack' was pulled off. We go back even earlier than this, observing how the techniques we use today have their roots in the (mis)behaviour of ancient civilisations.\r\n\r\nI hope we can learn from the past, to help us shape the future of our great industry. Or, at the very least, we can pay homage to the hackers that came before us, as they laid the groundwork for what we all get to do today.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "D7LDEF", "name": "Liam Follin (gr4y-r0se)", "avatar": "https://pretalx.hackglasgow.live/media/avatars/D7LDEF_JQw1rBR.webp", "biography": "Liam was a Dual CHECK Team Leader and is now a Principal Security Researcher at a global bank, but really just a nerd with a love of hacking web apps. He loves writing tools, training pentesters, and nice Irish whiskey. Not necessarily in that order.", "public_name": "Liam Follin (gr4y-r0se)", "guid": "369ce9fa-d4ba-5900-a8f2-fbf531cab841", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/D7LDEF/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/MRLBLF/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/MRLBLF/", "attachments": []}, {"guid": "1c6a6df7-cf52-5190-9452-af015c11eb2b", "code": "PVTV8U", "id": 58, "logo": null, "date": "2026-08-15T11:30:00+01:00", "start": "11:30", "duration": "00:25", "room": "Stage 1", "slug": "hack-glasgow-2026-58-the-era-of-the-self-propagating-cloud-worm-dissecting-the-shai-hulud-campaigns", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PVTV8U/", "title": "The Era of the Self-Propagating Cloud Worm: Dissecting the \"Shai-Hulud\" Campaigns", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "The distinction between \"code security\" and \"cloud security\" has evaporated. In late 2025, the \"Shai-Hulud\" campaigns demonstrated a significant evolution in adversary tradecraft: the weaponization of the open-source ecosystem to launch self-propagating worms that pivot from development environments to cloud control planes. This talk dissects the anatomy of this campaign, which compromised over 25,000 repositories and 350 organisations. We will provide a deep dive into the adversary\u2019s use of automation to scale infections at a rate of 1,000 repositories every 30 minutes, their use of \"cross-victim exfiltration\" to obfuscate attribution, and the deployment of novel persistence mechanisms like GitHub Discussion backdoors. Attendees will gain a technical understanding of how supply chain attacks have shifted from static malicious packages to dynamic, environment-aware worms.\r\n\r\nSummary & Tactical Analysis:\r\n\r\n\r\n1. Shift in Focus: The CI/CD Pipeline as the Primary Target \r\nTraditional adversary models assume the target is a production server or a developer laptop. Our analysis of the Shai-Hulud infection data reveals a decisive shift in adversary focus toward the build pipeline.\r\n\u2022 Environment Fingerprinting: We analysed the malware\u2019s execution logic, discovering distinct behavioural branches based on the environment. The malware checks environment variables (e.g., process.env.GITHUB_ACTIONS, process.env.BUILDKITE) to determine if it is running in a CI environment.\r\n\u2022 Synchronous Execution: In CI environments, the malware forces synchronous execution to ensure payload delivery completes before the ephemeral runner terminates. This \"environment awareness\" represents a maturation in supply chain malware, designed specifically to exploit the trust implicit in automated build processes.\r\n\r\n2. Tactical Evolution: Automation and Speed \r\nThe Shai-Hulud campaign is a case study in how adversaries are using automation to outpace human response teams.\r\n\u2022 The Velocity of Compromise: Incident data shows that the worm replicated at a rate of approximately 1,000 new malicious repositories every 30 minutes.\r\n\u2022 AI-Generated Payloads: Forensic analysis of the malicious scripts (setup_bun.js) suggests the adversary utilised AI to generate payload variations. We observed distinct stylistic patterns - some seemingly AI-generated, others copy-pasted - indicating the adversary is using LLMs to lower the barrier to entry and rapid-fire polymorphic code to evade static analysis.\r\n\r\n3. New Tradecraft: Cross-Victim Exfiltration \r\nPerhaps the most significant shift in behavior observed is the technique of \"Cross-Victim Exfiltration,\" which complicates attribution and takedowns.\r\n\u2022 The Tactic: Rather than exfiltrating data to a single attacker-controlled server, the worm utilised the credentials of Victim A to create a public repository, which then served as the exfiltration drop-site for Victim B\u2019s secrets.\r\n\u2022 The Impact: This technique turns victim infrastructure into part of the attack distribution network. Defenders looking for \"unusual outbound traffic\" to known bad IP addresses failed to detect the exfiltration because the traffic was directed toward legitimate, high-reputation GitHub domains owned by other compromised organisations.\r\n\r\n4. Novel Persistence: The \"Discussion\" Backdoor \r\nThe presentation will detail a previously unseen persistence mechanism discovered during our reverse engineering of the Shai-Hulud payload.\r\n\u2022 Mechanism: The malware injects a workflow file (discussion.yaml) that triggers only when a new \"Discussion\" is created in the repository.\r\n\u2022 Implication: This allows the adversary to re-execute arbitrary code on the compromised machine simply by posting a comment in the repository's discussion tab, bypassing standard triggers like push or pull_request that are more heavily monitored. While we successfully validated this exploit in a lab setting, it represents a dangerous evolution in \"living off the land\" within SCM platforms.\r\n\r\nConclusion:\r\nThe Shai-Hulud campaign signals that adversaries have successfully bridged the gap between code repositories and cloud runtime environments. By analysing these shifts - from environment-aware execution to cross-victim obfuscation - defenders can better anticipate the next generation of automated supply chain threats.\r\n\r\nSources:\r\nhttps://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack \r\nhttps://www.wiz.io/blog/shai-hulud-2-0-aftermath-ongoing-supply-chain-attack \r\nhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack \r\nhttps://www.wiz.io/blog/github-attacks-pat-control-plane", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "8GMBLK", "name": "Scott McCracken", "avatar": "https://pretalx.hackglasgow.live/media/avatars/KVYZZZ_bGADrjr.webp", "biography": "Scott McCracken is a Principal Solutions Engineer at Wiz, specialising in Cloud Security, Threat Detection and Response, and Runtime Security. His career spans software engineering, DevOps, cloud architecture, and security, helping organisations design, scale, and defend modern cloud environments.\r\nScott is particularly interested in the messy intersection between cloud infrastructure, runtime behaviour, and software supply chain risk, where theoretical security controls meet real-world attacker tradecraft. Outside of work, you\u2019ll usually find him running trails and exploring the mountains.", "public_name": "Scott McCracken", "guid": "43c48268-fc48-5d38-b3bc-97b4819c41e3", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/8GMBLK/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PVTV8U/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PVTV8U/", "attachments": []}, {"guid": "494a618d-b2fc-53e0-82ef-7804854d6ce3", "code": "JNFRZ7", "id": 9, "logo": null, "date": "2026-08-15T13:00:00+01:00", "start": "13:00", "duration": "00:55", "room": "Stage 1", "slug": "hack-glasgow-2026-9-the-hunted-becomes-the-hunter-catching-red-teamers-and-pentesters-and-spotting-adversarial-patterns", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/JNFRZ7/", "title": "The Hunted Becomes the Hunter: Catching Red Teamers and Pentesters and Spotting Adversarial Patterns", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "In this dual-perspective session, a red teamer and blue teamer join forces to pull back the curtain on the cat-and-mouse game between attackers and defenders. By presenting both sides of the same example engagement, we'll show how easy it is to spot pentesters in the wild, what mistakes give them away, and how SOC analysts can use that knowledge to tell the difference between authorised testing and genuine threats, cutting false positives and keeping focus on what matters.\r\n\r\nWe'll walk through the same scenarios from opposite sides of the fence, covering the tradecraft, the slip-ups, and the detection opportunities that only become clear when you understand both viewpoints. From the red team side, that means being honest about the OPSEC failures that creep in under real engagement conditions, the tool signatures we know defenders can spot and hope they won't, and the gap between how pentesters work and how real adversaries actually operate.\r\n\r\nFrom the blue team side, we'll cover what defender visibility actually looks like during an example engagement, why testers behave differently to regular users, and how context determines whether an alert is worth acting on or just noise.\r\n\r\nReal adversaries don't always operate the way pentesters do, and that gap matters for detection. We'll look at why some approaches hold up against both and others don't, including how living-off-the-land techniques appear from each side of the fence, and what lateral movement and credential usage actually looks like when it's genuine compromise rather than a scheduled test.\r\n\r\nEnvironment-aware detection outperforms generic rule sets, and we'll back that up with case studies from both perspectives: authorised activity that triggered alerts and real threats that didn't. We'll also cover how red team feedback sharpens detection logic over time and keeps alert fatigue from becoming a coverage problem.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "XNUJSD", "name": "Andy Gill", "avatar": "https://pretalx.hackglasgow.live/media/avatars/XNUJSD_wnnRTAe.webp", "biography": "Andy has been working in the industry for a little over 15 years, working across the spectrum of red and blue with a short stint of GRC peppered in. A seasoned pentester turned adversarial simulation specialist with deep interests in helping blue teams better understand how to hunt out adversaries in the wild and better his tradecraft in the process. He is also an avid believer in paying it forward and continues to write blog posts and help others in the industry where he can by mentoring, posting, sharing content and trying to enable those around him to improve.", "public_name": "Andy Gill", "guid": "e9c6a59f-039e-57ba-a743-d980ec1b89be", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/XNUJSD/"}, {"code": "NRGKJD", "name": "Alex Close", "avatar": "https://pretalx.hackglasgow.live/media/avatars/NRGKJD_b5ANFor.webp", "biography": "Alex has worked in within the cyber sector for 6 years in both blue and red team roles across Pe testing and  Security Analyst.", "public_name": "Alex Close", "guid": "c445942c-81a4-56a0-ab5e-2a30fd84f1ae", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/NRGKJD/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/JNFRZ7/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/JNFRZ7/", "attachments": []}, {"guid": "c115650c-1213-54b9-a259-c5e5c627a9f0", "code": "FSPLPX", "id": 60, "logo": null, "date": "2026-08-15T14:00:00+01:00", "start": "14:00", "duration": "00:55", "room": "Stage 1", "slug": "hack-glasgow-2026-60-farewell-windows-10-glory-to-linux-a-tragedy-in-2-acts", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/FSPLPX/", "title": "Farewell Windows 10, glory to Linux! A tragedy in 2 acts.", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "On October 14, 2025, billions of people received an ultimatum: pay 25 pounds or see their computer security compromised. This 'virus,' pre-installed on machines ten years earlier, triggered a dreaded ransomware. You guessed it, it's called Windows 10. Still present on over 400 million machines too old to be updated, it represents a major security risk. Following a study of the technical, environmental, and political consequences of the end of Windows 10, Helen of Troy herself will remind us how Microsoft and Windows act as a Trojan horse within our computers and our institutions. She will also provide a quick overview of the best Linux distributions and alternative free software to evict as much as possible Microsoft from our digital walls. And like Antigone before her, she will encourage the world to defy the scandalous disposal of our ageing hardware.\r\n\r\n_As Helen once brought ruin dressed in beauty's sacred guise,\r\nSo Windows comes with marketing that hides monopolies' lies.\r\nWhen your machine arrives with Windows pre-installed at birth,\r\nThere come with it a dozen programs of questionable worth!\r\nAnd push by push, warnings, pop-ups, defaults set...\r\nDark patterns woven into one entangling net.\r\nA gentle nudge becomes a guided way\r\nUntil the path becomes the only way._", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "PVCTVS", "name": "Marie Dubremetz / Helen of Troy", "avatar": "https://pretalx.hackglasgow.live/media/avatars/3D7YS9_4kKvGvI.webp", "biography": "Marie Dubremetz is a research engineer at Uppsala University. She is also an activist within associations (Raoull.org, Fripost.org), to free the web from Big Tech.  \r\nAs an academic, she has observed from within our institution the invasiveness of Microsoft technology.  \r\nFinally, she has a degree in Classics and often plays impro theatre.", "public_name": "Marie Dubremetz / Helen of Troy", "guid": "50235bf0-bf2a-5433-8e95-5346531abb3e", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/PVCTVS/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/FSPLPX/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/FSPLPX/", "attachments": []}, {"guid": "b2042cd7-f162-50a7-ba46-a66e29e51975", "code": "APUKRG", "id": 25, "logo": null, "date": "2026-08-15T15:30:00+01:00", "start": "15:30", "duration": "00:55", "room": "Stage 1", "slug": "hack-glasgow-2026-25-securing-the-connected-skies-lessons-from-real-world-aviation-testing", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/APUKRG/", "title": "Securing the connected skies: Lessons from real-world aviation testing", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "Modern aircraft are among the most connected machines on earth, combining IT, operational technology, and advanced communication systems. This connectivity delivers efficiency and innovation but also creates new challenges for security and safety. \r\nIn this session, Ken Munro draws on years of practical testing and collaboration across the aviation sector to look at how connectivity impacts resilience, from electronic flight bags and wireless maintenance systems to passenger Wi-Fi and satellite communications. He explains how security findings are identified, disclosed responsibly, and addressed in partnership with manufacturers, airlines, and regulators.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "BZFZCQ", "name": "Ken Munro", "avatar": "https://pretalx.hackglasgow.live/media/avatars/BZFZCQ_4zcgGOt.webp", "biography": "Ken Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He regularly blogs on everything from ICS issues in maritime security to hacking cars and the Internet of Things. This has led to regular appearances on TV and BBC News online as well as the broadsheet press. \r\n \r\nKen has become a voice for reform and legislative change, briefing UK and US government departments as well as being involved with various EU consumer councils. He has also spoken about ICS and IIoT security issues at various events including the Maritime Cyber Security Summit, and CMA Shipping.\r\n \r\nHe\u2019s also not averse to getting deeply techie, regularly participating in hacking challenges and demos at RSA, Black Hat, 44CON, DEF CON and BSides amongst others. Ken is also a member of the CVE Board.", "public_name": "Ken Munro", "guid": "24142a3e-612f-5e3a-a581-cd8daa04bb2f", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/BZFZCQ/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/APUKRG/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/APUKRG/", "attachments": []}, {"guid": "a541ccfc-a455-5c5f-b996-1b911d74b6b8", "code": "N3KAAN", "id": 12, "logo": null, "date": "2026-08-15T16:30:00+01:00", "start": "16:30", "duration": "00:55", "room": "Stage 1", "slug": "hack-glasgow-2026-12-it-takes-a-hardware-village-the-making-of-the-whose-slide-10-year-anniversary-badge", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/N3KAAN/", "title": "It Takes A Hardware Village - The Making of the Whose Slide 10 Year Anniversary Badge", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "To build or not to build? Well, after the first time you make an LED go blink, that isn\u2019t even a question. Things escalate exponentially after that first hardware success. It took me 6 months from the first time I really dove into a kit from HackerBoxes.com, fumbling the entire way, to creating my first ever badge for the 10 year anniversary for my Whose Slide Is It Anyway contest at DEF CON 34. \r\n\r\nThis talk begins at the beginning, from re-learning how to solder a single pin, to staring at a KiCad screen questioning any positive thing my mother ever told people about me. I will lay bare every failure that led to every success in the goal of putting some bling around the necks of our contestants. \r\n\r\nUltimately, this is a talk about community. No amount of Google searches, no stack of datasheets, nor any number of AI prompts can match the criticality of being able to lean on a community of makers all hell bent on conquering code and electricity. To get from prototype to PCB, it truly takes a hardware village.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "9CQARA", "name": "rand0h", "avatar": "https://pretalx.hackglasgow.live/media/avatars/9CQARA_9AE9Wz3.webp", "biography": "rand0h is a co-founder of his local DEF CON group, DEF CON 610 in Easton, Pennsylvania, United States, show-runner of the Whose Slide Is It Anyway contest at DEF CON, & a DEF CON SOC Goon. A hacker & a storyteller, he just does things.", "public_name": "rand0h", "guid": "00d7ccec-6db6-534a-8bf7-fb59bd98b52e", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/9CQARA/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/N3KAAN/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/N3KAAN/", "attachments": []}, {"guid": "40ff7097-8a5d-5e62-bebc-7b0154ccb9a4", "code": "WLWUDN", "id": 67, "logo": null, "date": "2026-08-15T17:30:00+01:00", "start": "17:30", "duration": "00:15", "room": "Stage 1", "slug": "hack-glasgow-2026-67-hack-glasgow-2026-closing-remarks", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/WLWUDN/", "title": "Hack Glasgow 2026 closing remarks", "subtitle": "", "track": null, "type": "Organiser remarks", "language": "en", "abstract": "Hack Glasgow organiser closing remarks", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "YDX73V", "name": "Hack Glasgow", "avatar": "https://pretalx.hackglasgow.live/media/avatars/Y9PXAH_Z1TKcdj.webp", "biography": "The **Hack Glasgow** organiser team is made up of:\r\n\r\n- [Gerard Barrett](https://www.linkedin.com/in/gerard-barrett/)\r\n- [David Carson](https://www.linkedin.com/in/davidhgcarson/)\r\n- [Alice McGready](https://www.linkedin.com/in/alicemcgready/)\r\n- [Scott McGready](https://www.linkedin.com/in/scottmcgready/)\r\n- [David McKenzie](https://www.linkedin.com/in/davewmckenzie/)", "public_name": "Hack Glasgow", "guid": "a378f8d1-ae49-5dc2-a94f-e5a7d4389931", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/YDX73V/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/WLWUDN/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/WLWUDN/", "attachments": []}], "Stage 2": [{"guid": "fbad6f8d-5607-5e21-9963-6507887f6ae0", "code": "LF9TTL", "id": 52, "logo": null, "date": "2026-08-15T10:00:00+01:00", "start": "10:00", "duration": "00:25", "room": "Stage 2", "slug": "hack-glasgow-2026-52-xterminating-liability-through-spreadsheet-malware", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LF9TTL/", "title": "Xterminating Liability through Spreadsheet Malware", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "What does compliance and accounting have in common? We both have a platform for everything but still default to using Excel. Why? Laziness, cost, ease of use (allegedly) and we're just used to it. Throughout this talk, I'm going to go over all the different ways that I've implemented an ISMS and additional security standards, why I keep going back to spreadsheets even when other tools exist. Death by spreadsheet is something we all experience at some point, and you then get the choice to embrace chaos, and begin to evangelise to all the holy ways of VBA, or you can run and hide, and justify those expensive compliance platforms.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "A7JCRB", "name": "Aaron Kelly", "avatar": "https://pretalx.hackglasgow.live/media/avatars/WBZTS8_Ff77ZTB.webp", "biography": "Aaron is an information security and technology engineer who secures Critical National Infrastructure and national interests across the North West of England. He advises Defence, Nuclear and Oil & Gas organisations and implements pragmatic security frameworks for SMEs. His standout achievement is leading an ISO27001 transition to the 2022 standard in seven weeks, and he\u2019s currently supporting SMEs to make meaningful security choices that enable business opportunities.\r\n\r\nA student of Computing & IT at The Open University and a member of the British Computer Society, Aaron combines hands\u2011on technical implementation with governance, compliance and assurance expertise. He focuses on delivering measurable risk reduction, rapid certification readiness, and resilient controls tailored to high\u2011assurance environments.\r\n\r\nOutside work he\u2019s an avid reader, craft\u2011beer enthusiast and amateur radio operator, volunteering with the Raynet amateur radio emergency communications service.", "public_name": "Aaron Kelly", "guid": "f3128f2d-6b5c-514c-8b2b-5b8d073f81b8", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/A7JCRB/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LF9TTL/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LF9TTL/", "attachments": []}, {"guid": "b11e5aa8-ca15-501a-88a7-31bb3fa47670", "code": "7AYQRW", "id": 11, "logo": null, "date": "2026-08-15T10:30:00+01:00", "start": "10:30", "duration": "00:55", "room": "Stage 2", "slug": "hack-glasgow-2026-11-six-years-of-ipv6", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/7AYQRW/", "title": "Six Years of IPv6", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "After six long years, I'll (hopefully) have submitted my PhD thesis looking at IPv6 scanning. I'd love to share a few highlights of stuff I've learnt in that time, focusing on these themes:\r\n- 'Ethical scanning of IPv6 scanning is difficult (but important!)': a short tour of my experimental setup I used to run IPv6 scans (rough around the edges, but lovingly crafted), and a few papers which were very important to my work over the past few years. Very happy to bring my printed copies of these to the talk as props, they're covered in all sorts of post-it notes and handwritten notes at this point.\r\n- 'Rate-limiting is vital': sounds like obvious advice, but IPv6 defences are often not up to the standard of IPv4. Rate-limiting at the recipient end of unsolicited IPv6 scans does a lot to limit reconnaissance - it's no longer enough to assume we're safe because it's a large address space, it's a niche protocol, we have network address translation (NAT), etc. I have some scans that show how we can detect rate-limiting thresholds and address allocation patterns in different networks with no prior info.\r\n- 'IoT devices are IPv6 capable, but at what cost?': this is a more detailed look at one of the papers in the first section ('One Bad Apple Can Spoil Your IPv6 Privacy' - Saidi et al., 2022), plus additional work I did for address analysis (and, hopefully, some actual IoT scans). IPv6-enabled IoT devices can be a hazard in terms of user privacy from IPv6 addresses alone - some big name brands still embed MAC addresses in public IPv6 addresses, which can be used to track users across different networks even if every other device on their network uses IPv6 privacy addresses.\r\n- 'One loudmouth can expose the entire operation': this section is original work, building on the previous section. An unexpected side-effect of insecure MAC-derived IPv6 addresses is that a single sign-in attempt from a suspected IoT IPv6 address can reveal botnet-like sign-in activity - we can use info from this one sign-in attempt to see many other IPv4 and IPv6 addresses attempting similar sign-ins across large numbers of accounts.\r\n- 'IPv6 should be part of the blue team toolbox': it's no longer a niche, hobbyist protocol, (un)fortunately - it's really important for fellow blue teamers to understand that malicious behaviour is happening over IPv6, how to analyse it in logs, and how to handle IPv6 IoCs effectively. It might also be useful for red teamers to know there's probably gaps in the IPv6 fence...\r\n- 'Conclusions': IPv6 scans are hard to run, but there's a lot of us doing them. IPv6 is still not implemented securely in IoT devices, which has positives and negatives. Evil over IPv6 is no longer theoretical and needs to be defended against.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "FK8R38", "name": "Vi", "avatar": "https://pretalx.hackglasgow.live/media/avatars/FK8R38_VsdMh10.webp", "biography": "I'm a PhD student studying IPv6 at University of Glasgow. I also worked as a SOC analyst then as a threat hunter in industry alongside my studies.", "public_name": "Vi", "guid": "7f5c65c3-d70d-5338-88cf-f26a626a9e07", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/FK8R38/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/7AYQRW/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/7AYQRW/", "attachments": []}, {"guid": "079cc35e-d727-5851-af25-d2eb580e3d10", "code": "LPEK99", "id": 50, "logo": null, "date": "2026-08-15T11:30:00+01:00", "start": "11:30", "duration": "00:25", "room": "Stage 2", "slug": "hack-glasgow-2026-50-colour-monsters-and-listening-to-vicky", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LPEK99/", "title": "Colour Monsters, and Listening to Vicky", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "Listening is not so much a key skill as a necessary task in cyber security: even if you're not good at it you should still do it.\r\n\r\nI wasn't, once, till the incident with Vicky made so ashamed I knew I should be. I'm still not but I try.\r\n\r\nIn (semi) retirement I now work at preschool: where listening, and supporting, and helping deal with emotional and intellectual and physical challenges are a really big part of the job.\r\n\r\nHere I will talk about how we can make time and space to listen, and to let people be heard,  and in so doing make sure Vicky doesn't become the most vulnerable point in our attack surface. (Also, of course, treating her like human being).", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "HNPMJS", "name": "Chris Bore", "avatar": "https://pretalx.hackglasgow.live/media/avatars/HNPMJS_xzvCqs9.webp", "biography": "Nuclear Physicist to embedded computing to cyber security, by way of medical imaging and defence. Now working at preschool.", "public_name": "Chris Bore", "guid": "d9e2c92c-24bb-53b4-b808-79ea7248fa2f", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/HNPMJS/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LPEK99/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LPEK99/", "attachments": []}, {"guid": "981032e1-4d1b-5b6e-9522-dde48143ab64", "code": "PUNXHC", "id": 18, "logo": null, "date": "2026-08-15T13:00:00+01:00", "start": "13:00", "duration": "00:25", "room": "Stage 2", "slug": "hack-glasgow-2026-18-ghost-in-the-hiring-machine-how-to-spot-fake-personas-before-they-re-on-your-payroll", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PUNXHC/", "title": "Ghost in the Hiring Machine: How to Spot Fake Personas Before They're on Your Payroll", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "People are getting hired and trusted every day. Some of them do not exist at all, yet they still pass interviews, collect paychecks, and gain access to sensitive systems. Campaigns attributed to the DPRK have shown that this threat is very real. So how do you catch a ghost with a resume?\r\nAttendees will learn practical OSINT techniques for spotting fake personas and receive a checklist for thorough background checks. They will see these methods applied through two cases based on a true story, illustrating how these personas succeeded, how one could have been prevented, and where OSINT reaches its limits.\r\nThese techniques not only help attendees detect fake personas but also provide practical ways to protect their own privacy and control what personal information is visible online.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "XWYSSG", "name": "Michael Reimsbach", "avatar": "https://pretalx.hackglasgow.live/media/avatars/XWYSSG_AE9FDsE.webp", "biography": "Michael is a Product Security Specialist at SAP, working with the SAP Cloud Infrastructure security team. His focus areas include vulnerability management, secrets management, and building secure internal services.\r\nHe obtained multiple industry certifications such as OSCP, GCPN, and CISSP. A healthy dose of paranoia led him to explore OSINT and the surprising power of publicly available information. Beyond his day-to-day work, Michael is an active member of the cybersecurity community and helps organize BSides Luxembourg.", "public_name": "Michael Reimsbach", "guid": "76a69fae-0b3e-58d8-b2f2-3400b548d5a9", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/XWYSSG/"}, {"code": "MFPPGU", "name": "Rishi (@rxerium)", "avatar": "https://pretalx.hackglasgow.live/media/avatars/MFPPGU_OkVJGLa.webp", "biography": "Rishi is a London-based security researcher with experience in vulnerability research, threat intelligence, and enterprise risk analysis. His work focuses on identifying zero-day vulnerabilities and emerging CVEs, with a particular interest in building detection logic before threats are publicly weaponised.\r\n\r\nHe works across both offensive and defensive disciplines, developing threat models grounded in real-world TTPs, writing detection rules, and automating reconnaissance to uncover exposed assets at scale. Attack surface management and OSINT are areas he keeps coming back to, specifically the challenge of mapping exposure that organisations often don't know exists.\r\n\r\nOutside of his day job, Rishi contributes to open source security tooling through Project Discovery and OWASP, part of the leadership team of the UK OSINT Community, and occasionally speaks at community events including DEF CON and BSides.", "public_name": "Rishi (@rxerium)", "guid": "4be79509-3cad-5d2b-9d1f-22a7480e5578", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/MFPPGU/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PUNXHC/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PUNXHC/", "attachments": []}, {"guid": "893d87cc-160a-58ec-82c2-9f7b8bbc977e", "code": "QE39N8", "id": 20, "logo": null, "date": "2026-08-15T13:30:00+01:00", "start": "13:30", "duration": "00:25", "room": "Stage 2", "slug": "hack-glasgow-2026-20-please-oh-please-stick-to-the-rfcs", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/QE39N8/", "title": "Please, oh please, stick to the RFCs", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "\"Please, oh please, stick to the RFCs\" is both my technical recommendation and a plea for my sanity while testing certain web applications. My talk will firstly explore some pre-requisites, such as; My path to being a web application tester, what an RFC is and what circumstances made me realise that this needed to be heard.\r\n\r\nRFCs are written to guide the usage and application of protocols, with the HTTP-related RFCs being the main focus. I will highlight parts from the RFC that directly relate to vulnerability classes application frequently see and discuss how just like a software update, RFCs that are obsoleted, are done so for a good reason.\r\n\r\nWhile I\u2019m sure there will be at least one person in Leeds (most likely a colleague or friend I\u2019ve convinced to attend), who would enjoy a pure RFC discussion, I prefer my talks to be practical. They\u2019re built around stories and scenarios that shaped my mindset, including the path and people who influenced me along the way. Importantly, I will share real-life examples from tests I\u2019ve conducted to back up my points and to show both how interesting the vulnerabilities caused by ignoring RFCs can be, and how frustrating they are to test in practice.\r\n\r\nFor the newer generation (either getting into or starting) of testers, you will hopefully learn a bit about RFCs, could application practice and hear some cool stories which may inspire a couple more web application testers! \r\n\r\nFor the current testers, particuarly the app ones, you will share my pain of non-sensical application behaviour impacting testing, see a couple more cool war stories and might learn just a little bit more about some hidden details in the RFC!\r\n\r\nSo whether you are wanting to learn more about RFCs, or simply hear some fun stories, feel free to come along!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "KLPX9J", "name": "Ehren Osborne", "avatar": "https://pretalx.hackglasgow.live/media/avatars/KLPX9J_L6yz4AB.webp", "biography": "Hi there! I am Ehren, a CHECK team member working at KPMG in Leeds (though I am from South Wales!).\r\nI am a huge web application enthusiast and spend alot of my free time researching and studying obscure application vulnerabilties, recently delving into creating labs to demonstrate some of them!\r\nIn my spare time I boulder and play competitive counter strike, feel free to chat to me about any of the above!", "public_name": "Ehren Osborne", "guid": "11b51e0e-3008-5e4c-aa11-91d35cbc76c9", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/KLPX9J/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/QE39N8/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/QE39N8/", "attachments": []}, {"guid": "22a42252-0afa-5e57-b22e-6fabcb9115e8", "code": "KMGMF9", "id": 36, "logo": null, "date": "2026-08-15T14:00:00+01:00", "start": "14:00", "duration": "00:55", "room": "Stage 2", "slug": "hack-glasgow-2026-36-invisible-battlefields-cyber-threat-intelligence-during-geopolitical-conflicts", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/KMGMF9/", "title": "Invisible Battlefields: Cyber Threat Intelligence During Geopolitical Conflicts", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "Geopolitical conflict increasingly unfolds in and through cyberspace, where state and non-state actors exploit uncertainty, disruption, and ambiguity to advance their strategic objectives. This presentation will explore the role of cyber threat intelligence (CTI) as a cornerstone of organisational cybersecurity strategy during periods of geopolitical tension. Drawing on recent real world conflicts and the cyber campaigns and incidents that accompanied them, the session will demonstrate how CTI enables organisations to shift from a posture of passive defence to proactive resilience. Attendees will gain insight into how intelligence led approaches can inform executive decision-making, enhance internal organisational coordination, and support strategic planning in these volatile times.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "UYBQVZ", "name": "Cian Heasley", "avatar": "https://pretalx.hackglasgow.live/media/avatars/UYBQVZ_VUcC8K9.webp", "biography": "I work in threat intelligence.", "public_name": "Cian Heasley", "guid": "d0f666e9-6005-5fae-b1a6-a814d093e38a", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/UYBQVZ/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/KMGMF9/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/KMGMF9/", "attachments": []}, {"guid": "c9768206-6c25-5e0b-a31d-a665e0e0759c", "code": "FJNQYB", "id": 38, "logo": null, "date": "2026-08-15T15:30:00+01:00", "start": "15:30", "duration": "00:55", "room": "Stage 2", "slug": "hack-glasgow-2026-38-the-forensic-war-on-privacy-advances-mobile-phones", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/FJNQYB/", "title": "The Forensic War on Privacy Advances: Mobile Phones", "subtitle": "", "track": null, "type": "Talk (50 minutes + 5 minutes Q&A)", "language": "en", "abstract": "With every software and hardware update released, security improvements are introduced, whether it\u2019s because of a new or known vulnerability or just for personal security. <br> This talk will discuss the effect those security improvements have on the digital forensic ability to obtain data and the mitigations taken to navigate the challenges they bring.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "CNYLLM", "name": "Lauren Spokes", "avatar": "https://pretalx.hackglasgow.live/media/avatars/CNYLLM_sMHkilu.webp", "biography": "Lauren has worked in Digital Forensics across both the public and private sector with roles of data retrieval from digital devices and data analysis. \r\nOutside of work Lauren enjoys dancing, socialising and is slowly learning Italian.", "public_name": "Lauren Spokes", "guid": "2f4db1f1-f675-517b-82ef-d8f21177e852", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/CNYLLM/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/FJNQYB/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/FJNQYB/", "attachments": []}, {"guid": "d701cfe7-a402-5571-aaf7-5ad8aefba46f", "code": "LJDXM3", "id": 65, "logo": null, "date": "2026-08-15T16:30:00+01:00", "start": "16:30", "duration": "00:25", "room": "Stage 2", "slug": "hack-glasgow-2026-65-the-model-knows-what-works-they-all-asked-the-same-thing", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LJDXM3/", "title": "The Model Knows What Works. They All Asked the Same Thing.", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "The Commonality Problem in AI-Assisted Offensive Code Develeopemnt. \r\n\r\nSince the public debut of ChatGPT, the security community has continued to focus on the wrong question. The issue is not whether AI can generate malware that capability is already established. More importantly, it is not the most significant development.\r\n\r\nThis talk focus three evidence-based ways genAI is reshaping the offensive security landscape, along with a fourth emerging risk that is closer than many defenders assume.\r\n\r\nFirst is code convergence. When different threat actors rely on the same genAI systems, the resulting malicious code begins to show structural similarities. This is not due to coordination, but to shared training data and model behavior. As a result, detection systems designed tend end to catch only lower-skill actors, while more advanced operators evade detection. \r\n\r\nSecond is novel technique synthesis. Similar to how AI in drug discovery evolved from searching known compounds to generating entirely new ones, genAI is likely to produce offensive techniques that do not exist in current datasets. Evidence from various research initiatives shows the integrations with LLMs, and academic research into automated exploit generation supports this shift from replication to creation.\r\n\r\nThird is the two-world problem. genAI does not impact all threat actors equally. Disclosures from Microsoft and OpenAI identified multiple state-linked groups and actors using LLMs o support offensive activity. This talk analyses what each tier gains, what each tier does not, and why a single defensive response to \u201cthe AI threat\u201d is already insufficient.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "BYBSBF", "name": "Jinto Antony", "avatar": "https://pretalx.hackglasgow.live/media/avatars/HBGPNS_JAQLCnZ.webp", "biography": "Jinto Antony is a Senior Investigator at WithSecure, based in the UK, where he leads digital forensics and incident response engagements. Over a 20-year career, he has investigated intrusions spanning a wide range of threat actors and industry sectors.\r\n\r\nHis open-source projects and community platforms include Kanvas for incident response case management, Zeek App for threat hunting, OneTracker.org, and BlogTrace.com.\r\n\r\nHe has presented at the SANS DFIR Summit Europe, Black Hat Europe , CONFidence Conference , and multiple BSides events.\r\n\r\nHis current research focuses on how generative AI is reshaping the threat actor tradecraft particularly the convergence of AI-generated malicious code across independent threat actors, based on post-incident response engagements.", "public_name": "Jinto Antony", "guid": "ace0a02f-4ac5-5cc0-bb7f-55fbce282b1c", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/BYBSBF/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LJDXM3/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/LJDXM3/", "attachments": []}, {"guid": "ce3afe73-0eb3-52db-bab7-3dd27e2445fd", "code": "RWF3YW", "id": 54, "logo": null, "date": "2026-08-15T17:00:00+01:00", "start": "17:00", "duration": "00:25", "room": "Stage 2", "slug": "hack-glasgow-2026-54-disassocia-via-tion-tcas-spoofing-in-aviation", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/RWF3YW/", "title": "Disassocia(via)tion: TCAS Spoofing in Aviation", "subtitle": "", "track": null, "type": "Talk (20 minutes + 5 minutes Q&A)", "language": "en", "abstract": "As we live in an ever connected world, Aviation has been the forefront of connecting us all together, with ATLEAST more than 2 planes in the sky at any given time [Declyn S., 2026], It's important for airplanes to know where each other are to prevent accidents. One of the ways this is handled by onboarding systems is Traffic Collision Avoidance System (TCAS), which alerts the pilots of any nearby traffic and to change altitude. These systems are critical for preventing mid-air collisions. However, it has been shown that these things can be spoofed, to make it seem as if there are \"phantom\" aircraft in the air, causing the pilot to react. This presentation will act as an awareness piece for TCAS Spoofing, in efforts of emulation for research, whilst also the implications of such feats, and it's importance in mitigation and research.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "VCH9J9", "name": "Se\u00e1n Guthrie", "avatar": "https://pretalx.hackglasgow.live/media/avatars/WKTW7K_AH2IBSs.webp", "biography": "I am a cyber threat intelligence analyst in the aviation sector, currently based in Yorkshire. I have been in the aviation sector for four years (with hopes to being in it for years to come). I think planes are cool and I like talking about them... also the best plane is the Concorde (R.I.P Supersonic Bird of Prey), which would of been 50 years old this year :(", "public_name": "Se\u00e1n Guthrie", "guid": "c27a78e6-7c00-5f2e-854f-ba28cf64aa21", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/VCH9J9/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/RWF3YW/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/RWF3YW/", "attachments": []}], "Workshops": [{"guid": "ab63a28d-8ea6-5730-87eb-242a5ed6d2b5", "code": "3S9UZP", "id": 16, "logo": null, "date": "2026-08-15T13:00:00+01:00", "start": "13:00", "duration": "02:00", "room": "Workshops", "slug": "hack-glasgow-2026-16-understanding-alert-1", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/3S9UZP/", "title": "Understanding alert(1)", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "*What is JavaScript? Who is a HTML and what are they doing in my browser?* If you ask these sort of questions - this is the workshop for you. You may have heard of Cross-Site Scripting in passing, you may not have, but after this you will understand what it is, what you can do with it, and be well on your way to finding it in simpler web apps.\r\n\r\nCross-Site Scripting (XSS for short) is one of the fundamental vulnerabilities all junior AppSec professions need to have a solid grasp of. Understanding why XSS is an issue, how it is introduced into applications, and ultimately how to begin finding it is a vital step on anyones AppSec journey.\r\n\r\nWe will start with a basic overview of what a website is made up of (HTML/JS/CSS), then the difference between dynamic and static pages, and onto how user-supplied content ends up in pages. We then move onto exploring how we might provide malicious content, exploring what we used to demonstrate execution (`alert(1)`) . This workshop is supported by custom labs to reinforce the learning.\r\n\r\nWhilst this is aimed at complete beginners, by the end of the two hours you should have a solid understanding of what XSS is, but more importantly *why* it ends up in applications. This depth of understanding will help any person within the AppSec field.\r\n\r\nThis is a workshop aimed at folks brand new to web security, or people wanting to get into AppSec in the future.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "D7LDEF", "name": "Liam Follin (gr4y-r0se)", "avatar": "https://pretalx.hackglasgow.live/media/avatars/D7LDEF_JQw1rBR.webp", "biography": "Liam was a Dual CHECK Team Leader and is now a Principal Security Researcher at a global bank, but really just a nerd with a love of hacking web apps. He loves writing tools, training pentesters, and nice Irish whiskey. Not necessarily in that order.", "public_name": "Liam Follin (gr4y-r0se)", "guid": "369ce9fa-d4ba-5900-a8f2-fbf531cab841", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/D7LDEF/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/3S9UZP/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/3S9UZP/", "attachments": []}, {"guid": "23f8d66c-720e-5965-8b89-0acf532323e9", "code": "PLYJZL", "id": 30, "logo": null, "date": "2026-08-15T15:30:00+01:00", "start": "15:30", "duration": "02:00", "room": "Workshops", "slug": "hack-glasgow-2026-30-fireball-won-t-fix-this", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PLYJZL/", "title": "Fireball Won\u2019t Fix This", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Your kingdom has a problem: the Shared Drive of Destiny is now the Shared Drive of Gibberish, the Helpdesk is on fire (metaphorically\u2026 probably), and a hooded messenger has left a ransom rune on the gates demanding tribute in untraceable coin. \r\n\r\nParticipants form an adventuring party where fantasy classes map to real-world roles. The facilitator (Dungeon Master) unleashes timed encounters and injects: phishing goblins breach the tavern, the SIEM turns out to be a mimic, the backup vault is cursed, the status page becomes prophecy, and the Executive Dragon arrives demanding \u201ca quick update\u201d every six minutes.\r\n\r\nPlayers must make real response decisions under comedic pressure, scoping, containment, access lockdowns, restoration prioritisation, stakeholder messaging, and executive trade-offs, while the dice introduce just enough chaos to feel like a real incident. No D&D experience required. Expect teamwork, memorable lessons, and a post-game debrief that turns your party\u2019s near-misses into concrete improvements for runbooks, escalation paths, and resilience planning.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "VLZ8J9", "name": "Ryan Standbridge", "avatar": "https://pretalx.hackglasgow.live/media/avatars/VLZ8J9_KIeWb5Z.webp", "biography": "Ryan Standbridge is a Principal Incident Response consultant at Reliance Cyber who has spent years turning up after things have gone badly wrong. He leads high-severity ransomware, BEC, and intrusion responses, and delivers the IR plans, playbooks, and tabletop exercises that organisations hope they never need.\r\n\r\nHe's also watched enough incidents unfold to have strong opinions about why most of them were worse than they needed to be, and it's rarely a tooling gap.", "public_name": "Ryan Standbridge", "guid": "b21f7e67-42a3-5065-9305-53dbad2cfdcf", "url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/speaker/VLZ8J9/"}], "links": [], "feedback_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PLYJZL/feedback/", "origin_url": "https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PLYJZL/", "attachments": []}]}}]}}}