2025-04-28 –, MAIN TRACK
Not all Red Team engagements are spearphish > mimikatz > profit. If nothing else, this talk proves that some jobs still involve crawling around car parks at night and hiding in bushes with a high gain antenna to gain your objective.
Traditionally, cyber incidents and Red Team operations focus on compromising Windows devices as an initial infection vector but for modern cloud native companies, this approach simply doesn’t work.
In this talk, we will explore how we compromised an Electric Vehicle to infiltrate a corporate Smartphone, leveraging legitimate applications and protocols to move laterally and achieve full compromise of the environment.
We will demonstrate the chaining of low code (and in some cases ancient techniques), abstract attack vectors targeting atypical devices and platforms and the abuse of protocols and inbuilt applications to conduct a full scale breach of the environment.
When Red Teaming a multinational technology company with an extensive security budget we had to think outside the box in order to leverage new attack pathways to gain a foothold in their environment where typical Red Teaming methodologies simply weren’t viable.
Using readily available hardware and almost no code, we were able to abuse both application protocols and inbuilt applications to gain persistent access via a chained attack across multiple devices to gain system level access to a customer environment.
This talk will focus on a modified real world scenario which included:
Denial of BlueTooth service (conceptual due to legal implications)
Wireless BadUSB
Modified Metasploit for Android
Abuse of Android Debugging Tool (ADB) to gain persistent reverse shell over Mobile Service (not USB)
Abuse of ADB for real time screen recording and interaction
Network enumeration via ADB
Using ADB as a pivot for further compromise of the environment
Exfiltration of VPN configuration and subsequent abuse of MFA
Undetectable data exfiltration via mobile service
This talk highlights how devastating attacks are still easily possible with a very low price entry point and virtually undetectable by most Security Tools. This talk will feature a live demo (if the demo gods deem it so) and aim to encourage aspiring penetration testers to think outside of the (Windows) box when approaching their objectives.
Tim is a highly experienced Cybersecurity expert with over two decades in both offensive and defensive cybersecurity, having built & led Incident Response (IR), Red Team, and Blue Team operations and developed technological platforms to revolutionize Incident response at scale.
A Major in the British Army Cyber Reserves, Tim serves as a Subject Matter Expert to the British Ministry of Defence (MoD) specializing in both defensive and offensive security.
Having led hundreds of engagements globally, Tim has a wealth of experience in both defending and exploiting every conceivable industry vertical along with an astute knowledge of what technologies and processes work and where gaps lay in existing solutions and security programs.
Prior to Co-founding ThreatLight, Tim’s career included significant technical and leadership positions in top cybersecurity and technology firms, such as Accenture, Cybereason, Symantec, Airbus and Thales, contributing to his broad knowledge and innovative approach in the field.
Lisa is a seasoned cybersecurity executive with nearly two decades of global experience in high-growth
startups, where she has built business units, delivery functions, and customer-facing teams from the
ground up. She has led go-to-market efforts and driven long-term customer value.
A veteran of the Intelligence Directorate of the Israel Defense Forces, Lisa brings a mission-focused,
outcome-driven mindset shaped by her exposure to high-stakes, complex environments.
She is the CEO and Co-founder of ThreatLight. Previously, she was a founding executive at Cybereason
Japan, helping establish its presence and lead it to market leadership and later served as Global EVP of
Security Services Strategy & Planning, leading the design and growth of Cybereason’s Security services.
Based in Tokyo since 2013, Lisa sits on the Advisory Board of ISIC Japan. Most recently she was named
one of The Most Inspiring Women in Cybersecurity 2025.