Getting In: Initial Access in 2023
02-11, 15:10–15:40 (UTC), Track 2 - Foxhunter

The pathway to initial access in 2023 is far from an easy one. This talk will lift the lid on all the recent TTPs we have been using to gain access, giving you techniques you can implement in your own assessment. But what about defence? For all you blue teamers out there, we will show you how to prevent all the attacks we discuss! Sit back and enjoy all the fun!


The days of initial access being a case of sending a basic phishing email and get creds are long gone. With email filters so much more effective, end user training more frequent, corporate procedures enhanced, phishing is no longer trivial. We need to think differently, we need to be creative. That is what this talk is all about. Showing you the TTPs we ave developed over the years to evade or even bypass corporate controls and trick staff into giving us access. We will reveal less used TTPs that we have developed over time, showing how they can be leveraged. This is much more than phishing, this is full spectrum initial access, from OSINT led exploits, to in person SE, to creative remote social engineering, providing the many ways of getting in and gaining initial access in 2023.
Are you a blue teamer? Don't worry we will show you all the ways you can stop our attacks, using your defensive onion to make the bad guys cry!

For 15 years, Tony's job has been either trying to break technology or defend it from attack. This he has done everywhere from banks to mass transport systems. He specialises in open source intelligence and recon, providing intelligence and understanding, helping clients understand their exposure and providing insight and recon for red and purple teams. He also speaks the world over at technology and cybersecurity events about how anything from children's toys to cars, planes and ships can be hacked. He has spoken at PCI events in Europe and Asia, at the ISC2 Congress, ISACA CSX Europe, SANS Awareness Conference, WIRED Smarter, technical conferences such as 44Con and BSides. Most notably, he has spoken to US Congress and the European Central Bank about how the underlying digital theories and systems which modern life relies on, are vulnerable to attack.

This speaker also appears in: