Note: This is a workshop session, be sure to register your interest

This talk will give an individual with an IT background an introduction to the common approaches threat actors take to compromise a business and their systems. This includes sharing some of my experiences and stories giving examples of how the attack vectors were realised.

A threat actor – compared to a hacker or attacker – does not necessarily have any technical skill sets. They are a person or organization with malicious intent and a mission to compromise an organization’s security or data. This could be anything from physical destruction to simply copying sensitive information. It is a broad term and is intentionally used because it can apply to external and insider threats, including missions like hacktivism.

The talk will then be followed by an optional workshop allowing you to understand (and try out for real) the attack vectors in greater depth on our test network.

Session takeaways

Workshop notes

You should have a laptop that has a Kali live environment (you could also run it in a VM), and if you want to try some wireless network cracking, a wireless card that supports packet injection (such as this one).


Experienced sysadmin now working in cyber security.

Liam also runs the Exeter Defcon chapter 441392 at, promoting ethical hacking, responsible disclosure and network defence in depth.