Tim Shipp
Tim is a highly experienced Cybersecurity expert with over two decades in both offensive and defensive cybersecurity, having built & led Incident Response (IR), Red Team, and Blue Team operations and developed technological platforms to revolutionize Incident response at scale.
A Major in the British Army Cyber Reserves, Tim serves as a Subject Matter Expert to the British Ministry of Defence (MoD) specializing in both defensive and offensive security.
Having led hundreds of engagements globally, Tim has a wealth of experience in both defending and exploiting every conceivable industry vertical along with an astute knowledge of what technologies and processes work and where gaps lay in existing solutions and security programs.
Prior to Co-founding ThreatLight, Tim’s career included significant technical and leadership positions in top cybersecurity and technology firms, such as Accenture, Cybereason, Symantec, Airbus and Thales, contributing to his broad knowledge and innovative approach in the field.
Session
Not all Red Team engagements are spearphish > mimikatz > profit. If nothing else, this talk proves that some jobs still involve crawling around car parks at night and hiding in bushes with a high gain antenna to gain your objective.
Traditionally, cyber incidents and Red Team operations focus on compromising Windows devices as an initial infection vector but for modern cloud native companies, this approach simply doesn’t work.
In this talk, we will explore how we compromised an Electric Vehicle to infiltrate a corporate Smartphone, leveraging legitimate applications and protocols to move laterally and achieve full compromise of the environment.
We will demonstrate the chaining of low code (and in some cases ancient techniques), abstract attack vectors targeting atypical devices and platforms and the abuse of protocols and inbuilt applications to conduct a full scale breach of the environment.