Conference Tracks

• Platform 1
• Platform 2

• Platform 1
  09:00 - 09:45 Doors Open & Registration
  09:45 - 10:00 Opening remarks Hack Glasgow organisers
  10:00 - 11:00 Hacking things with AI stuff Cary Hendricks

  Threat or treat? Can the boom in AI make security easier or much harder? Exploring how you can start in your decisions and see the wonderful world of hacking with AI.

  11:30 - 12:00 Securing Values: The Ethics of Cyber Security Michael Whitehead

  Security isn't a game and it's not about playing God - every action we take can have a human cost. This talk walks the ethical tightrope of cyber security: the dangers of bias, the lure of control, and the responsibility to act with integrity; let's talk about where to tread, and how to avoid the missteps that could tip us off-balance.

  12:00 - 13:00 Lunch
  13:00 - 14:00 How to get away with hacking Liam Follin

  You see it on LinkedIn all the time. "Here's how you break into cyber..." followed by a list of resources longer than the average Christmas shopping receipt. Half the resources on the list are questionable at best, and there is no structure whatsoever. Then, the few poor souls who do actually grind their way through this arduous mountain of content, end up in an interview and realise that they're missing large portions of key knowledge.

  This talk follows the paths of multiple people into the pentesting industry, from traditional degrees, to marine biology, to apprenticeships, and everything in between. There's more than one way to skin a cat, and contrived one-size-fits-all approaches are out of date - over the course of 50 minutes we will follow 4 from zero to hero.

  Attendees can expect an honest summary of the pentesting industry - and it's not all sunshine and rainbows. We'll go through an average day in the life, a summary of the professional qualifications you'll need (and the ones you won't), alongside the mentality you need to survive as a hacker for hire.

  14:00 - 14:30 Getting started in bug bounty, from picking a program to getting your first report triaged Lennaert Oudshoorn

  In this talk we will dive head first in to the first few steps as an aspiring bug bounty hunter, practical tips around selecting which programs to hack on, which approach to take to finding bugs, and how to write a clear report that sails through triage. The session contains many practical tips around the non-technical aspects of this but will also try to give some technical insights the listeners can directly apply to their bug hunting.

  14:30 - 15:00 Yelling at the people and/or the thinking sand isn't helping maya boeckh

  The story so far: In the 60's we taught sand how to think. This has made a lot of (very specific) people very angry and been widely (by very specific people) regarded as a bad move.

  So humanity taught sand how to think, and now we're stuck fulfilling JIRA tickets. Not exactly what we expected, as we thought the computer would solve all our problems, not make more of them. Such is the irony of the torment nexus.

  Memes aside, I wish to talk about the shift in technical literacy, the availability of "too many solutions", the erosion of knowledge, and how it affects the daily lives of people trying to solve the improbable and spectacular problems spawning at the magical intersection of computers and people.

  15:00 - 15:30 Break
  15:30 - 16:00 Blame the Parents James Bore

  Why does our whole industry even exist when we've known for decades how to build secure systems?

  Why is there so much investment into the industry, and could this possibly be the cause?

  Why is there so much marketing based on fear, uncertainty, and doubt?

  Why do so many old timers in the industry seem so, so angry, bitter, or cynical all the time?

  Find out all the answers in this talk. What's been going wrong for the last eighty years. Why there's no incentive to improve things. Why the Luddites had a really good point (and, of course, what happened to them and is likely to happen to anyone who challenges the way things are too loudly).

  16:00 - 16:30 Phishing Kits vs Financial Institutions - History, OSINT and Automation Tom Blue & Alana Witten

  Financial institutions are prime targets for cybercriminals, and phishing kits have become one of the most effective tools in their arsenal. These pre-packaged, ready-to-deploy kits enable even low-skilled attackers to launch convincing campaigns that steal banking credentials, drain accounts, and fuel the underground fraud economy.

  In this talk, we’ll explore the evolution of phishing kits, from early crude scripts to today’s sophisticated, modular, and service-based models. We’ll discuss how these kits are discovered, dissected, and analysed, sharing key trends, unusual findings, and real-world anecdotes from recent investigations. Additionally, we’ll take a closer look at the business side of phishing kit distribution—examining how cybercriminals sell, trade, and refine these tools in underground forums.

  Join us as we peel back the layers of the phishing kit industry and reveal the mechanics behind one of the most persistent threats to the financial sector.

  16:30 - 17:00 Femtech and Data Privacy: What’s at Stake? Arohi Naik

  The rise of femtech—technologies designed to support women’s health—is transforming the way we manage personal health data. From period trackers to fertility apps, these tools offer unprecedented convenience and insights. However, with the immense potential for positive impact comes a serious risk: the privacy and security of our most sensitive data.

  This presentation examines the growing concerns surrounding data collection and usage in femtech apps. While these applications help us understand our bodies better, they also gather highly personal information that, if mishandled, can expose users to security breaches, surveillance, and exploitation. Why is this an urgent issue? Because unlike fitness trackers or social media platforms, femtech apps deal with some of the most intimate and vulnerable aspects of our lives—our health, emotions, and behaviours.

  The discussion will explore the ethical implications of data practices in femtech, questioning whether the data collected is truly necessary or if it’s being over-mined for profit. Can we trust that our data is being protected, or is it being sold to third-party advertisers?

  Additionally, the presentation will discuss solutions for building a privacy-first future in femtech, focusing on decentralised development. Imagine a world where your health data stays where it belongs—with you. This talk will challenge developers, regulators, and users to rethink how we approach digital privacy in femtech.

  Ultimately, the discussion will address truly at stake: our health, autonomy, and trust. It's time to demand more from the apps we use—and ensure that privacy is not sacrificed in the name of convenience.

  17:00 - 18:00 Geopolitics, Climate Change & Cyber: Why Nation States Will Super Charge Espionage and Cyber Attacks Ian Thornton-Trump

  We all know the "What to Do" about Cyber. But have we thought about the why? Did we create our own nightmare? Are we economically dependent on cyber criminals to actually reject or even consider reducing cyber crime? Despite all the efforts the danger dials are all pinned into red zone. Ian Thornton-Trump CD explores - with humour and jaded cynicism - why countries are doing what they are doing and why cyber criminals and nation state actors are creating "unholy alliances". The data and trends can give us a glimpse at what the future holds for the country, the cyber security industry and "the baddies".

  18:00 - 18:15 Closing remarks Hack Glasgow Organisers
• Platform 2
  09:00 - 09:45 Doors Open & Registration
  09:45 - 10:00 Opening remarks Hack Glasgow organisers
  10:00 - 11:00 Why Did the Company Get Defrauded? BECause... Mark Saunders

  An introduction to Business Email Compromises and the lucrative frauds they can lead to. Stories from Incident Response and some strategies to mitigate the impacts.

  11:00 - 11:30 A Dual Perspective on Cybercrime Calum Baird & James McGoldrick

  Cybercrime is complex, impacting all sectors, countries, organisations and individuals. Both law enforcement and private sector companies have a role in Investigating cybercrime, working together to ensure that threats are mitigated and (where possible) cybercriminals are brought to justice.

  Calum and James worked as Detectives in various technical roles at Police Scotland, including the Digital Forensics Unit, Operation NOCAP/Parror (tackling child sexual exploitation and abuse), and Cybercrime Investigations. Now both work in the private sector for a Glasgow based international Managed Security Service Provider (MSSP), with Calum working as a Digital Forensics and Incident Response Consultant and James working as the Head of Security Services.

  In this talk they will provide their insights into investigating cybercrime, from both a public sector and private sector perspective, before opening the floor to questions. The talk aims to cover:

  Description of cyber enabled and cyber dependent crime

  Current United Kingdom legislation for hacking

  Investigative capabilities and limitations in the public sector

  Investigative capabilities and limitations in the private sector

  The benefits and concerns of law enforcement involvement in private sector investigations

  The importance of intelligence in investigations

  The importance of provenance in investigations and litigation

  The importance of record keeping in investigations and litigation

  11:30 - 12:00 Enshittification of the Industry Rosie Anderson

  In 2023 Cory Doctorows talked about the enshittification of the Internet, but in the humdrum world of everyday Infosec, we are battling that same enshittification.

  The enshittification of our industry is a problem that too few are aware of, let alone fight against.

  This talk will discuss where enshittification is happening, from Vendors, Engaging and Hiring New Talent, Silos, Saboteurs, Bullies & Blag Artists, the Race to CISO plus wherever the audience wants to discuss enshittification.

  It will end with a call for action from the community to take back and protect the image of our industry. Come and join the conversation!

  12:00 - 13:00 Lunch
  13:00 - 14:00 Attacking AWS - From initial access to hardcore persistence Santi Abastante

  Cloud platforms like Amazon Web Services (AWS) are foundational to many critical infrastructures and enterprise applications, making them prime targets for attackers. In this session, we will not only explore the most relevant attack vectors cybercriminals use to compromise AWS infrastructures but will also simulate these attacks using known threat actor techniques in an adversary emulation context. From initial access to hardcore persistence, this talk will provide a comprehensive look at how attackers operate in AWS environments.

  We will take a technical journey through the tactics, techniques, and procedures (TTPs) employed by attackers at every stage of the threat lifecycle, aligned with the MITRE ATT&CK framework. We’ll start by reviewing common methods of initial access, such as exploiting exposed credentials or vulnerabilities in services like IAM, Lambda, and EC2. From there, we’ll detail how attackers escalate privileges, move laterally, and evade detection from tools like CloudTrail.

  The session will conclude with an in-depth look at advanced persistence techniques in AWS, including the manipulation of IAM policies, backdooring Lambda functions or Docker containers, and tampering with logs. Along the way, we’ll demonstrate how security teams can implement defensive and detection strategies to mitigate these risks. By leveraging AWS-native services and third-party tools, attendees will learn how to enhance their incident response capabilities.

  This hands-on session will give attendees practical, technical insights into AWS security, adversary behavior, and how to better defend against sophisticated, persistent attacks. With only two slides and full hands-on experience, this talk ensures deep technical immersion.

  14:00 - 14:30 Forensic Acquisition of Soldered Storage Laptops (and others) Using Kali Linux Calum Baird

  Forensic acquisition is an essential skill for digital forensics and investigating cybercrime and security incidents. The ability to forensically capture data using a repeatable process is necessary for ensuring the integrity of evidence, allowing findings to be presented and accepted in litigation and at court.

  Whilst traditional deadbox forensic techniques are commonplace in forensic training courses there is one technique is rarely taught: extracting data from integrated storage laptops.

  Prior to M.2 solid state drives (SSDs) becoming more widespread, embedded MultiMediaCard (eMMC) storage was a popular storage option for laptops and notebooks offering a slimline, impact resistant, and fast storage option at a relatively low cost. Many laptops and notebooks still in circulation still use eMMC storage including (but not limited to):

  - ASUS E210/E410/E510 Laptops

  - Acer Aspire 3 A317-55P/A315-58/TravelMate B3/BR1100C Laptops

  - Lenovo Ideapad 1i/Slim 1i/3i Laptops

  - HP Stream 11-ak0027na/14s-dq0518sa/11-ak0515sa/11-ak0516sa Laptops

  Most digital forensics training courses focus on removing hard disk drives (HDDs) and SSDs to conduct forensic imaging and analysis however this is simply not feasible with eMMC storage given that they are embedded and often directly soldered onto motherboards.

  This talk aims to provide guidance on the forensic acquisition of data from eMMC laptops/notebooks using Kali Linux, an open-source Debian-based Linux distribution. In addition to allowing forensic acquisition of data on integrated (eMMC) storage laptops/notebooks this technique can also be useful in instances where you do not have the time and/or tools available to disassemble and reassemble a device with complex assembly, or instances where you need to travel light.

  Whilst this is a blue team focused talk, the ability to image a laptop/computer without disassembly, particularly given that it can be completed with pocket sized flash storage, does have red team applications.

  14:30 - 15:00 Terminal velocity: Common command-line controls and bypasses Andrew Finlayson

  Is there anything more frustrating than starting a test and the client laptop has locked down access to PowerShell? Yes. Is it more satisfying to bypass it? Also yes.

  This talk will look at:

  - Common PowerShell Restrictions: A look into why organisations limit access to Windows terminals (cmd/PowerShell) and the common methods used to enforce these restrictions.

  - Bypass Techniques: Simple and effective ways to gain access to a PowerShell shell, even when restrictions are in place.

  - Detection Strategies: How to identify when these bypass methods are being used and what steps can be taken to prevent them.

  15:00 - 15:30 Break