BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.hackglasgow.live//hack-glasgow-2026//talk//JNFRZ
 7
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-hack-glasgow-2026-JNFRZ7@pretalx.hackglasgow.live
DTSTART;TZID=GMT:20260815T130000
DTEND;TZID=GMT:20260815T135500
DESCRIPTION:In this dual-perspective session\, a red teamer and blue teamer
  join forces to pull back the curtain on the cat-and-mouse game between at
 tackers and defenders. By presenting both sides of the same example engage
 ment\, we'll show how easy it is to spot pentesters in the wild\, what mis
 takes give them away\, and how SOC analysts can use that knowledge to tell
  the difference between authorised testing and genuine threats\, cutting f
 alse positives and keeping focus on what matters.\n\nWe'll walk through th
 e same scenarios from opposite sides of the fence\, covering the tradecraf
 t\, the slip-ups\, and the detection opportunities that only become clear 
 when you understand both viewpoints. From the red team side\, that means b
 eing honest about the OPSEC failures that creep in under real engagement c
 onditions\, the tool signatures we know defenders can spot and hope they w
 on't\, and the gap between how pentesters work and how real adversaries ac
 tually operate.\n\nFrom the blue team side\, we'll cover what defender vis
 ibility actually looks like during an example engagement\, why testers beh
 ave differently to regular users\, and how context determines whether an a
 lert is worth acting on or just noise.\n\nReal adversaries don't always op
 erate the way pentesters do\, and that gap matters for detection. We'll lo
 ok at why some approaches hold up against both and others don't\, includin
 g how living-off-the-land techniques appear from each side of the fence\, 
 and what lateral movement and credential usage actually looks like when it
 's genuine compromise rather than a scheduled test.\n\nEnvironment-aware d
 etection outperforms generic rule sets\, and we'll back that up with case 
 studies from both perspectives: authorised activity that triggered alerts 
 and real threats that didn't. We'll also cover how red team feedback sharp
 ens detection logic over time and keeps alert fatigue from becoming a cove
 rage problem.
DTSTAMP:20260611T152626Z
LOCATION:Stage 1
SUMMARY:The Hunted Becomes the Hunter: Catching Red Teamers and Pentesters 
 and Spotting Adversarial Patterns - Andy Gill\, Alex Close
URL:https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/JNFRZ7/
END:VEVENT
END:VCALENDAR