2026-05-07 –, Main Stage
The as-a-service model has become ubiquitous across the cybercrime ecosystem. Previously dominated by tight-knit, exclusive groups, cybercrime is now a distributed international marketplace of service providers and consumers. As a result, it is more resilient than ever, with the gaps left by law enforcement takedowns quickly filled by the next opportunistic teenager. However, to operate effectively in this anonymous distributed economy threat actors need to build a reputation to gain trust. Does this give us an opportunity?
In this presentation I will discuss the importance of trust in the cybercrime ecosystem and walk through a real-world investigation involving a prominent phishing-as-a-service (PhaaS) provider. The case study illustrates that trust and OpSec do not mix, exposing threat actors to identification. Attendees will leave with additional insight into the cybercrime ecosystem, hacker culture, and some nifty OSINT tricks.
Elliot is a cyber threat intelligence consultant at AmeXio. He is from New Zealand with a background in Financial Services, Technology Services and Government organisations. His expertise is in threat intelligence, threat hunting, reverse engineering, malware analysis, and incident response.