Bsides Cymru 2025

Analyst @HuntressLabs! Threat research in my spare time :)

Paul Spicer and Dave Sully are both Senior Red Team Consultants for Google Mandiant. As part of Mandiant’s APT66, they primarily work on red and purple team assessments and adversary simulations. Dave has over 25 years of experience in the IT sector with an extensive background in information technology across a wide range of roles prior to specialising in Cyber Security in 2016.

David is a mobile telecoms and security specialist who runs Copper Horse Ltd, a software and security company based in Windsor, UK. His company is currently focusing on research for AI model security, product security for the Internet of Things as well as future automotive cyber security.

David chaired the Fraud and Security Group at the GSMA until March 2025. He authored the UK’s ‘Code of Practice for Consumer IoT Security’, in collaboration with UK government and industry colleagues and served on the UK’s Telecoms Supply Chain Diversification Advisory Council.

From 2015-2022 he sat on the Executive Board of the Internet of Things Security Foundation. He has worked in the mobile industry for over twenty-five years in security and engineering roles. Prior to this he worked in the semiconductor industry.

David holds an MSc in Software Engineering from the University of Oxford and a HND in Mechatronics from the University of Teesside. He lectured in Mobile Systems Security at the University of Oxford from 2012-2019 and served as a Visiting Professor in Cyber Security and Digital Forensics at York St John University.

He was awarded an MBE for services to Cyber Security in the Queen’s Birthday Honours 2019.

Clive retired from 26 years as a UNIX kernel hacker, performance subject matter expert and fly and fix engineer for Oracle where he worked with the worlds largest and most demanding customers. working hard to be semi retired, splitting his time between Rock Climbing, being a kernel hacker for a Dutch Company, a management consultant as their AI, Cybersecurity and IT subject matter expert and a honorary lecturer at Aberystwyth University Computer Science department with a focus on helping student gets jobs in industry and teaching/coaching study/life skills.

He is the organiser of the fledgling BSidesAberystwyth and curated TEDxAberystwyth for 9 years before retiring.

George Chapman is a senior cyber security consultant who delivers penetration testing engagements, Red Team operations and Incident Response support. A CVE-credited researcher, George converts technical insight into tangible business value and stronger organisational resilience.

James is a Chartered Incident Response Professional with extensive expertise in Digital Forensics and Incident Response (DFIR). Certified by SANS, he brings over nine years of specialised experience to the field, having conducted both criminal and civil forensic investigations across public and private sectors.
In his current role, James leads security operations and incident response investigations for Bridewell's diverse client portfolio. His expertise spans critical national infrastructure, finance and hospitality industries, serving clients throughout the UK and US.

Max Toper is a computer security student and security researcher with a keen interest in malware analysis and threat intelligence.

Paul Spicer is a Senior Red Team Consultant based in Mandiant’s UK office. As part of Mandiants APT66, Paul primarily works on red and purple team assessments and adversary simulations. Paul has experience delivering a variety of red team scenarios including external attack, assumed compromise and phishing.

Paul has led and participated on multiple red and purple team style engagements with a variety of high-profile clients based in the public sector, private sector and financial services, including multiple threat intelligence lead CBESTs. Paul's red team experience has covered various different attack services from traditional Active Directory environments, to clients with a cloud-first approach.

Outside of red teams Paul spent time working in a security hardware testing and research laboratory. During this time Paul conducted physical attacks on electronic devices by identifying initial access points via hidden debug interfaces, hardware teardowns and performing signal and RF analysis.

As a London-based security researcher specialising in open-source intelligence (OSINT) and attack surface discovery, I am excited to attend BSides Cymru and share my work with the wider security community. This talk introduces a DNS-based OSINT methodology for uncovering products, services, and supply chain dependencies through large-scale DNS TXT record scanning. By integrating this technique into widely used tools like Nuclei and Amass, the talk provides actionable tactics for both red teamers and defenders to identify inadvertent information leakage, enhance reconnaissance workflows, and gain a deeper understanding of an organisation’s digital footprint.