| Effort is All You Need: Bypassing LLM Guardrails with spikee | Donato Capitella | SecureAI 2025 | Watch | Download |
| Another Prompt Bites the Dust: Practical Prompt Injection Testing and Guardrail Bypass with spikee | Donato Capitella | 44CON 2025 | Watch | Download |
| STRIFEBOT: Attacking and Defending Snowflake Data-lakes | James Henderson | fwdcloudsec Europe 2025 | Watch | Download |
| Cognito, Ergo, Some Extra Permissions | Leonidas Tsaousis | DEFCON Cloud Village 2025 | Watch | Download |
| This Wasn't in the Job Description: Building a production-ready AWS environment from scratch | Mohit Gupta Nick Jones | fwd:cloudsec 2025 | Watch | Download |
| There and Back Again: An Attacker's Tale of DCs in AWS | James Henderson Leonidas Tsaousis | OffensiveX 2025 | Watch | Download |
| Open, Sesame! - Unlocking Bluetooth Padlocks With Polite Requests | Alex Pettifer Miłosz Gaczkowski | misc0nfig 2025 | Watch | Download |
| There and Back Again: An Attacker's Tale of DCs in AWS | James Henderson Leonidas Tsaousis | SO-CON 2025 | Watch | Download |
| Finding your attack path into the security industry | Miłosz Gaczkowski Mohit Gupta | Securi-Tay 2025 | Watch | Download |
| To B or Not 2B: Breaking the IBM B2B Integrator with, and without authentication | Leonidas Tsaousis | DistrictCon 2025 | Watch | Download |
| Out of Order: protocol confusion attacks in the real world | James Henderson | Disobey 2025 | Watch | Download |
| Hacking and Securing LLM Applications | Donato Capitella | DeepSec 2024 | Watch | Download |
| Building and Validating Kubernetes Attack Detection with Leonidas | Leonidas Tsaousis | DEATHCon 2024 | Watch | Download |
| Armored Witness | Andrea Barisani | Transparency.dev Summit | Watch | Download |
| Mobile Security Theater – or why YOU should pay $1,000,000 for two regex queries | Miłosz Gaczkowski | BSidesLjubljana 0x7E8 | Watch | Download |
| TamaGo - bare metal Go | Andrea Barisani | Open Source Firmware Conference | Watch | Download |
| Let's hack a not-so-smart padlock | Alex Pettifer Miłosz Gaczkowski | SteelCon 2024 | Watch | Download |
| Should You Let ChatGPT Control Your Browser? | Donato Capitella | CRESTCon 2024 | Watch | Download |
| One extra large cloud assessment please? - Why testing at scale needs a different approach | Christian Philipov Mohit Gupta | fwd:cloudsec 2024 | Watch | Download |
| TamaGo - bare metal Go | Andrea Barisani | Asilomar Microcomputer Workshop | Watch | Download |
| Armored Witness | Andrea Barisani | CanSecWest | Watch | Download |
| Taking the B Out of DBA: An Unconventional Attack Path Against AD FS Through Database Administration | Max Keasley | BalCCon 2024 | Watch | Download |
| Hunting for macOS Application Logic Bugs, Logic Not Included! | Max Keasley | Beacon 2024 | Watch | Download |
| Taking the B Out of DBA: An Unconventional Attack Path Against AD FS Through Database Administration | Max Keasley | Beacon 2024 | Watch | Download |
| You Sh[e|a]ll Not Pass! Gentle Introduction To EDR Bypasses | Devid Lana Riccardo Ancarani | BSides Dublin 2024 | Watch | Download |
| Kubernetes Attack Simulation: The Definitive Guide | Leonidas Tsaousis | DEFCON Adversary Village 2024 | Watch | Download |
| Hunting for macOS Application Logic Bugs, Logic Not Included! | Max Keasley | x33fcon 2024 | Watch | Download |
| Open, Sesame! - Unlocking Bluetooth Padlocks With Polite Requests | Alex Pettifer Miłosz Gaczkowski | BSides London 2023 | Watch | Download |
| TamaGo - bare metal Go | Andrea Barisani | Airbus CYCON | Watch | Download |
| Clear Skies: Avoiding Security Breaches in AWS | Nick Jones | AWS Community Day DACH 2023 | Watch | Download |
| Per-mission Impossible: Exploring the Android Permission Model and Intents | Miłosz Gaczkowski William Taylor | DEF CON AppSec Village 2023 | Watch | Download |
| 1001 segfaults: tales of stealthy Linux in-memory execution | James Henderson | SnoopCon 2023 | Watch | Download |
| Say cheese! Capturing your life through exported activities | Miłosz Gaczkowski | BSidesLjubljana 0x7E7 | Watch | Download |
| Sniffing keyboards (Turns out some of them stink) | Miłosz Gaczkowski | BSides Dublin 2023 | Watch | Download |
| Securing AWS Estates at Scale | Nick Jones | AWS Community Day Nordics 2023 | Watch | Download |
| Securing AWS Estates at Scale | Nick Jones | AWS Cloud Security Community Day 2023 | Watch | Download |
| Stormy Skies: Modern Cloud Attacks And Their Countermeasures | Nick Jones | Disobey 2023 | Watch | Download |
| Dangers of Service as a Principal - AWS | Matthew Keogh Tom Taylor-MacLean | Disobey 2023 | Watch | Download |
| Passing The Security Burden - How To See The Unforeseen | Matthew Keogh | fwd:cloudsec North America 2023 | Watch | Download |
| Methods of Lateral Movement using Windows OpenSSH | Matthew Lucas | SEC-T 2023 | Watch | Download |
| Breaking Boundaries, Securing Perimeters: A pragmatic approach to Attack Surface Management | Katie Inns | Blue Team Con 2022 | Watch | Download |
| SaaSy detection: purple teaming Software-as-a-Service platforms | Christian Philipov Nick Jones | Blue Team Con 2022 | Watch | Download |
| Alsanna | Jason Johnson | DEF CON Demo Labs 2022 | Watch | Download |
| Dismantling the Beast: Formally Proving Access at Scale in AWS | Mohit Gupta Nick Jones | fwd:cloudsec North America 2022 | Watch | Download |
| Unorthodox Lateral Movement: Stepping Away from the Standard Tradecraft | Riccardo Ancarani | TROOPERS 2022 | Watch | Download |
| Click Here For Free TV! - Chaining Bugs to Takeover Wind Vision Accounts | Leonidas Tsaousis | ROOTCON 2021 | Watch | Download |
| Come to the Dark Side, We Have Apples: Turning macOS Management Evil | Calum Hall Luke Roberts | Black Hat USA 2021 | Watch | Download |
| I'm a Hacker Get Me Out Of Here! Breaking Network Segregation Using Esoteric Command & Control Channels | Alfie Champion James Coote | Black Hat USA 2021 | Watch | Download |
| Click Here For Free TV! - Chaining Bugs to Takeover Wind Vision Accounts | Leonidas Tsaousis | BSides Athens 2021 | Watch | Download |
| Has Anyone Seen the Principal | Christian Philipov Emilian Cebuc | fwd:cloudsec North America 2021 | Watch | Download |
| Beyond Public Buckets: Lessons Learned on Attack Detection in the Cloud | Alfie Champion Nick Jones | RSA Conference 2021 | Watch | Download |
| TamaGo - bare metal Go | Andrea Barisani | GoLab | Watch | Download |
| Building Effective Attack Detection in the Cloud | Alfie Champion Nick Jones | Cloud Native Security Day 2020 | Watch | Download |
| Getting Shells on z/OS with Surrogat Chains | Jake LaBelle | DEF CON 2020 | Watch | Download |
| Attacking the Helmsman | Mohit Gupta | DEF CON Cloud Village 2020 | Watch | Download |
| Identifying attack paths with BloodHound | Henri Nurmi Niklas Sarokaari | Disobey 2020 | Watch | Download |
| Let's get physical | Robert Bearsby Timo Hirvonen | Disobey 2020 | Watch | Download |
| Automating Attack Simulation in the Cloud | Nick Jones | fwd:cloudsec North America 2020 | Watch | Download |
| An Attacker's Perspective on Jamf Configurations | Calum Hall Luke Roberts | Objective by the Sea 2020 | Watch | Download |
| TamaGo - bare metal Go | Andrea Barisani | Chaos Communication Congress | Watch | Download |
| Insecure Boot | Andrea Barisani | escar europe | Watch | Download |
| Insecure Boot | Andrea Barisani | PacSec | Watch | Download |
| Insecure Boot | Andrea Barisani | escar asia | Watch | Download |
| USB armory reloaded | Andrea Barisani | BSidesVarazdin | Watch | Download |
| USB armory reloaded | Andrea Barisani | No Hat | Watch | Download |
| DOMXSS is not Dead | Olle Segerdahl | Security Fest 2019 | Watch | Download |
| Command Injection in F5 iRules | Christoffer Jerkeby | Black Hat USA 2019 | Watch | Download |
| Voodoo People | Dave Hartley | BSides Bristol 2019 | Watch | Download |
| Ghost in the Locks - Owning electronic locks without leaving a trace | Timo Hirvonen Tomi Tuominen | Disobey 2019 | Watch | Download |
| 3D Accelerated Exploitation | | OffensiveCon 2019 | Watch | Download |
| Future Forests: Realistic Strategies for AD Security & Red Forest Architecture | Katie Knowles | RSA Conference 2019 | Watch | Download |
| Detecting Sophisticated Threat Actors in AWS | Alfie Champion Nick Jones | T2 2019 | Watch | Download |
| USB armory reloaded | Andrea Barisani | T2 2019 | Watch | Download |
| DK-1016 Docker Security Workshop | Mohit Gupta | Texas Cyber Summit 2019 | Watch | Download |
| USB armory reloaded | Andrea Barisani | Hack In The Box | Watch | Download |
| Cyber warfare and air operations | Andrea Barisani | Air Power Conference | Watch | Download |
| The Mate Escape: Android Pwn2Owning | Alex Plaskett James Loureiro | Hacktivity 2018 | Watch | Download |
| Intro to Binary Analysis with Z3 and angr | | hack.lu 2018 | Watch | Download |
| Real-life experiences in avionics security assessment | Andrea Barisani | FSec IoT Hacking Summer School | Watch | Download |
| Mastering ARM TrustZone | Andrea Barisani | FSec IoT Hacking Summer School | Watch | Download |
| Real-life experiences in avionics security assessment | Andrea Barisani | Aero'Nov Connection | Watch | Download |
| Ghost in the Locks - Owning Electronic Locks without Leaving a Trace | Timo Hirvonen Tomi Tuominen | 44CON 2018 | Watch | Download |
| Overt Command & Control: The Art of Blending In | Dave Hartley William Knowles | Blue Hat v18 2018 | Watch | Download |
| Signal Safari: Investigating RF Controls with RTL-SDR | Katie Knowles | BSides NYC 2018 | Watch | Download |
| Chainspotting: Building Exploit Chains with Logic Bugs | Georgi Geshev | CanSecWest 2018 | Watch | Download |
| Hacking BLE Bicycle Locks for Fun and a Small Profit | Vincent Tan | DEF CON 2018 | Watch | Download |
| Whatever happened to attack aware applications? | Matthew Pendlebury | DevSecCon London 2018 | Watch | Download |
| All your encrypted computers are belongs to us | Timo Hirvonen Tomi Tuominen | Disobey 2018 | Watch | Download |
| Chainspotting: Building Exploit Chains with Logic Bugs | Georgi Geshev Robert Miller | Infiltrate 2018 | Watch | Download |
| Signal Safari: Investigating RF Controls with RTL-SDR | Katie Knowles | LayerOne 2018 | Watch | Download |
| Re-using your targets code against them | Olle Segerdahl | Security Fest 2018 | Watch | Download |
| An ice-cold Boot to break BitLocker | Olle Segerdahl | T2 2018 | Watch | Download |
| Assessing digital physical access control systems | Knud Hojgaard | T2 2018 | Watch | Download |
| Big Game Fuzzing: Going on a Pwn2Own Safari | Alex Plaskett Fabian Beterke | T2 2018 | Watch | Download |
| Chainspotting: Building Exploit Chains with Logic Bugs | Georgi Geshev | TenSec 2018 | Watch | Download |
| Red Teaming in the EDR age | William Burgess | Wild West Hackin' Fest 2018 | Watch | Download |
| Biting the Apple that feeds you - macOS Kernel Fuzzing | Alex Plaskett James Loureiro | 44CON 2017 | Watch | Download |
| IoT Security | Andrea Barisani | SPIME2017 | Watch | Download |
| Persisting with Microsoft Office: Abusing Extensibility Options | William Knowles | 44CON 2017 | Watch | Download |
| Corrupting Memory In Microsoft Office Protected-View Sandbox | Yong Chuan Koh | Blue Hat v17 2017 | Watch | Download |
| Logic Bug Hunting in Chrome on Android | Georgi Geshev Robert Miller | CanSecWest 2017 | Watch | Download |
| Lock, Stock And Two Smoking Apples - XNU Kernel Security | Alex Plaskett James Loureiro | DeepSec 2017 | Watch | Download |
| Persisting with Microsoft Office: Abusing Extensibility Options | William Knowles | DEF CON 2017 | Watch | Download |
| Logic Bug Hunting in Chrome on Android | Georgi Geshev Robert Miller | Infiltrate 2017 | Watch | Download |
| A Chain is only as Strong as its Weakest Win32k | | SteelCon 2017 | Watch | Download |
| Exploring enterprise Wi-Fi security with Aruba | Christoffer Jerkeby | T2 2017 | Watch | Download |
| Fuzzing the Windows Kernel | Yong Chuan Koh | Hack in the Box SG 2016 | Watch | Download |
| Needle: Finding Issues within iOS Applications | Marco Lancini | AppSec USA 2016 | Watch | Download |
| Bug Hunting with Static Code Analysis | Nick Jones | BSides London 2016 | Watch | Download |
| LoRa the Explorer - Attacking and Defending LoRa Systems | Robert Miller | BSides London 2016 | Watch | Download |
| 99 Problems but a Microkernel ain't one! | Alex Plaskett | BSides NYC 2016 | Watch | Download |
| The Pageantry of Lateral Movement | Stuart Morgan | BSides NYC 2016 | Watch | Download |
| QNX: 99 Problems but a Microkernel ain't one! | Alex Plaskett Georgi Geshev | Confidence 2016 | Watch | Download |
| Warranty Void if Label Removed: Attacking MPLS Networks | Georgi Geshev | DC4420 2016 | Watch | Download |
| Platform Agnostic Kernel Fuzzing | Alex Plaskett James Loureiro | DEF CON 2016 | Watch | Download |
| Static analysis for code and infrastructure? | Nick Jones | DevSecCon London 2016 | Watch | Download |
| A Penetration Tester's Guide to the Azure Cloud | Apostolos Mastoris | HOPE 2016 | Watch | Download |
| LoRa the Explorer - Attacking and Defending LoRa systems | Robert Miller | SyScan 360 2016 | Watch | Download |
| One Template to Rule 'Em All | Kostas Lintovois | T2 2016 | Watch | Download |
| QNX: 99 Problems but a Microkernel ain't one! | Alex Plaskett Georgi Geshev | TROOPERS 2016 | Watch | Download |
| Why bother assessing popular software? | David Middlehurst James Loureiro | BSides London 2015 | Watch | Download |
| Detect & Protect Securing financial applications in hostile environments | Luke Drakeford | BSides Manchester 2015 | Watch | Download |
| Fracking With Hybrid Mobile Applications | Dave Hartley | CRESTCon 2015 | Watch | Download |
| Warranty Void If Label Removed: Attacking MPLS Networks | Georgi Geshev | ekoparty 2015 | Watch | Download |
| Warranty Void If Label Removed: Attacking MPLS Networks | Georgi Geshev | PacSec 2015 | Watch | Download |
| Forging the USB armory | Andrea Barisani | T2 2015 | Watch | Download |
| Washing away the snake oil of threat intelligence | David Chismon | T2 2015 | Watch | Download |
| Windows kernel fuzzing | Nils | T2 2015 | Watch | Download |
| Warranty Void If Label Removed: Attacking MPLS Networks | Georgi Geshev | ZeroNights 2015 | Watch | Download |
| Mission mPOSsible | Jon Butler Nils | Black Hat USA 2014 | Watch | Download |
| Fracking With Hybrid Mobile Applications | Dave Hartley | BSides Cape Town 2014 | Watch | Download |
| Poor Man's Static Analysis | Jon Butler | BSides London 2014 | Watch | Download |
| Navigating the Sea of Pwn: Windows Phone 8 | Alex Plaskett | SyScan 2014 | Watch | Download |
| Keyless entry exploration/exploitation | Knud Hojgaard | T2 2014 | Watch | Download |
| Style over Substance - how OEMs are breaking Android security | Robert Miller | T2 2014 | Watch | Download |
| Hack the Gibson - Exploiting Supercomputers | John Fitzpatrick Luke Jennings | 44CON 2013 | Watch | Download |
| Hack The Gibson: Exploiting Supercomputers | John Fitzpatrick Luke Jennings | DeepSec 2013 | Watch | Download |
| Polishing Chrome for Fun and Profit | Jon Butler Nils | Nordic Security Conference 2013 | Watch | Download |
| Hack the Gibson - Exploiting Supercomputers | John Fitzpatrick Luke Jennings | T2 2013 | Watch | Download |
| Security Testing 4G (LTE) Networks | Martyn Ruks Nils | 44CON 2012 | Watch | Download |
| PinPadPwn | Nils Rafael Dominguez Vega | Black Hat USA 2012 | Watch | Download |
| SAP Slapping - A pentesters guide | Dave Hartley | DeepSec 2012 | Watch | Download |
| PinPadPwn | Nils | T2 2012 | Watch | Download |
| SAP Slapping - A pentesters guide | Dave Hartley | T2 2012 | Watch | Download |
| Critical infrastructure insecurity - Why vendor obscurity will kick us in the teeth | Tom van de Wiele | T2 2011 | Watch | Download |
| Windows Pwn 7 OEM - Owned Every Mobile? | Alex Plaskett | T2 2011 | Watch | Download |
| How to be an RSoL: Effective Bug Hunting in Solaris | | ShmooCon 2010 | Watch | Download |
| Attacking ATMs: Putting the Art into Smart Cards | Rafael Dominguez Vega | T2 2010 | Watch | Download |
| The Threat in Your Pocket? | Nils | T2 2010 | Watch | Download |
| USB Attacks: Fun with Plug & 0wn | Rafael Dominguez Vega | DEF CON 2009 | Watch | Download |
| USB Attacks: Fun with Plug & 0wn | Rafael Dominguez Vega | T2 2009 | Watch | Download |
| Behind Enemy Lines - Administrative Web Application Attacks | Rafael Dominguez Vega | DeepSec 2008 | Watch | Download |
| Virtually Hacking | John Fitzpatrick | DEF CON 2008 | Watch | Download |
| SUN BURNS - Java Insecurities | Joakim Sandstrom | T2 2008 | Watch | Download |
| Inspect a Gadget | Rafael Dominguez Vega | FIST Conference 2007 | Watch | Download |
| MQ Jumping | Martyn Ruks | DEF CON 2007 | Watch | Download |
| One Token to Rule Them All: Post-Exploitation Fun in Windows Environments | Luke Jennings | DEF CON 2007 | Watch | Download |
| IBM Networking Attacks-Or The Easiest Way To Own A Mainframe Without Getting The Removals Men In | Martyn Ruks | DEF CON 2006 | Watch | Download |
| 200 MKAY - Web Application Exploitation | Joakim Sandstrom | T2 2006 | Watch | Download |