DEF CON 33: NetSPI’s “Access Everywhere” Experience

DEF CON 33 brought together thousands of hackers and security enthusiasts from all over the globe for another unforgettable year. Embracing this year’s “Access Everywhere” theme, we sent some of our NetSPI security experts to engage with the hacker community by reconnecting with friends in the industry and building new relationships. This provided an invaluable opportunity for professional development, not only to deepen our expertise in their specific fields, but to broaden security horizons by exposing everyone to new learning opportunities through sessions, workshops, and trainings that embodied the spirit of accessible knowledge sharing. 

Dive into the experiences our team had, including what we learned, fresh perspectives  gained, and how the principles of “Access Everywhere” reinforced that proactive security knowledge should be accessible to all, even at DEF CON 33.

Andy Portillo, Senior Security Consultant

Advanced Active Directory to Entra ID Lateral Movement Techniques by Dirk-jan Mollema

This session explored advanced attack paths and lateral movement techniques in hybrid environments where traditional on-premises Active Directory integrates with Microsoft Entra ID. Dirk-jan detailed how attackers can leverage hybrid authentication mechanisms, such as AD FS, Seamless SSO, and Entra ID Connect, to escalate privileges in the cloud, bypass MFA, and gain broad access to services like Exchange Online and SharePoint through poorly monitored Service-to-Service (S2S) tokens. 

I attended because many organizations transition from traditional on-premises AD to cloud-based identity solutions like Entra ID. Understanding these attack vectors is critical for assessing cloud security posture and proactively identifying hybrid identity risks in penetration testing engagements.

Key Takeaways

• Hybrid identity configurations can allow compromise of on-prem authentication material to directly impersonate cloud accounts, bypassing MFA and Conditional Access.
• Entra ID Connect accounts historically had excessive permissions, enabling attackers to modify Conditional Access policies, inject backdoor keys, or convert cloud-only accounts to hybrid.
• Exchange Online’s S2S tokens provide “god-mode” access with no logging or Conditional Access enforcement, representing a major blind spot.

This talk reinforces the importance of hardening hybrid identity configurations, monitoring authentication flows, and applying least-privilege principles to sync accounts. By understanding these techniques, defenders can proactively detect misconfigurations, implement mitigations like service principal separation, and prevent high-impact lateral movement in hybrid cloud environments. 

Ben Verbridge, Security Consultant II

So Long, and Thanks for All the Phish presented by Harrison Sand and Erlend Leiknes

These two individuals were part of an effort to uncover the inner workings of a very common attack method that I’m sure nearly everyone has experienced at this point – phishing.  

Typically, we are told to not click any malicious link from an untrusted source, instead ignore it or report it to our IT department. This group decided to take the opposite route, clicking the link to see exactly what these attackers pick up from their victims. It turns out that this was actually a prevalent phishing software, called MagicCat, that was also being distributed to others in an exclusive Telegram chat. This software ultimately led to the theft of over 800,000 credit card numbers and other sensitive personal information. The speakers and their team were able to track down the creator of this software, contact their local authorities, and get MagicCat shut down. They are now investigating a very similar software, MagicMouse, which they are still gathering evidence against.  

The obvious takeaway from this story would be to not click any suspicious links (duh!). With that said, seeing this software through the lens of an attacker made me realize something – while an attacker is able to breach your security, don’t assume that their software is secure! The speakers were able to bypass various authorization controls in the phishing software, leading to the attacker’s demise. Another surprising aspect of this presentation was seeing how the attackers within a Telegram channel would actively gloat about their malicious “achievements,” changing my perspective that all attackers have a penchant for covering their tracks – in this case, they didn’t!  

It should go without saying that we should be reporting any suspicious links in order to maintain our personal security. It was very refreshing to see that there are many individuals on our side to aid in reducing the spread of this attack method!

Corey Blank, Senior Security Consultant

We Know What You Did (in Azure) Last Summer by Karl Fosaaen and Thomas Elling

One of the standout sessions I attended at DEF CON this year focused on unintended data leakage of Microsoft Azure entities. Karl Fosaaen and Thomas Elling delivered a deep dive into overlooked attack surfaces, and the subtle ways that an actor could utilize these data leaks to provide strong attribution in their environments. 

For anyone working with Azure, whether red team or blue, this talk served as a strong reminder: cloud complexity and legacy APIs often hide privacy issues. It’s not just about knowing the services – it’s about understanding how they can be abused.

Cory Cline, Senior Security Consultant 

No Radios No Problem: Hacking WiFi in a Virtual World by Nishant Sharma 

The presentation provided an excellent look at how WiFi penetration testing training can be significantly enhanced through virtualization. Nishant demonstrated how security teams can build and operate fully functional WiFi environments using the mac80211_hwsim kernel module and some supporting networking packages that are typically provided with Linux distributions, which can completely eliminate the need for physical wireless cards or access points. Attendees were guided through the deployment of an isolated lab environment that replicates real-world conditions without the risks tied to unintended RF emissions or legal exposure. Everybody can have a bad day if an inexperienced consultant accidentally targets an out-of-scope network while training in a lab. 

I attended this session to evaluate more scalable and cost-effective approaches to training new consultants for the wireless penetration testing service line. Equipping new consultants with hardware has historically been a logistical and financial burden. This virtualized model not only removes that barrier but also reduces legal risk by keeping all testing signals contained within a virtual interface. Eliminating the chance of unintentional interference with production networks or nearby third-party infrastructure is a massive benefit. Virtualization is also a force multiplier. We can now design and deploy large-scale, highly complex lab environments that mirror enterprise wireless ecosystems, which is virtually impossible with limited physical radios. 

Cory Solovewicz, Managing Consultant 

Unmasking the Snitch Puck: the creepy IoT surveillance tech in the school bathroom by Reynaldo Vasquez-Garcia and Nyx 

This talk explored the security flaws in the Halo 3C, a “smart” vape detector marketed to schools that also contains hidden microphones. The speakers walked us through their journey of acquiring the device on eBay, performing a hardware teardown, dumping its firmware, and discovering vulnerabilities that could allow attackers to turn it into a remote eavesdropping tool, trigger fake alerts, or disable detection entirely. 

 I’ve followed this project from its early days in the Portland hacker community, where I first met Nyx and Reynaldo at PDX Hackerspace. I even remember when Reynaldo brought the “snitch puck” into the space to work on it. Seeing their work on the DEF CON stage was a proud and inspiring moment. 

Here are a few takeaways: 

• IoT “safety” devices can hide significant privacy risks, especially when deployed in sensitive areas like bathrooms or homes. 
• Simple flaws, such as weak password protections and exposed cryptographic keys, can undermine an entire security model. 
• Firmware updates can patch vulnerabilities but can’t remove the inherent risks of embedding microphones and network connectivity in everyday spaces. 

David Serate, Security Consultant 

Adversaries at War: Tactics, technologies, and lessons from modern battlefields with Gregory Carpenter, DrPH, Barb Hirz, Bret Fowler, John Johnson, Dr, and Michael Tassey 

I attended a panel about understanding cybersecurity’s role in national security and the modern military. I have a passing interest in national security topics and listen to a few national security-related creators in the background as I work. 

Here are 3 takeaways from the panel discussion: 

• Cyber is an enabling factor, not the end effector. Effective cyber offense and defense often are used to protect or attack factors that allow militaries to conduct their operations. For example, AI’s biggest contribution is that it can be used to speed up reacting to changing scenarios. 
• Contractors and civilian orgs have one major leg up over the government and military. The military has a lot of force and resources, but the civilian orgs have much more agility. The speakers detailed the DoD acquisitions process, which had multiple complex steps, and is further hamstrung by pre-existing contractors blocking progress so they can continue to contract with the government. Compared to this, civilian orgs can pivot on a dime. 

Seeing this talk really drove home the importance of the work we do at NetSPI. We secure the most trusted brands on Earth, which eventually cascades up to the larger national security picture. We have to find and close the vulnerabilities in vital infrastructure in the US before nation-state adversaries locate it. This is enabled by the speed of innovation and technology that NetSPI leverages, so that we continue to deliver quality testing to clients. 

Hunter Purviance, Senior Security Consultant

Browser Extension Clickjacking: One Click and Your Credit Card is Stolen by Marek Toth

Marek Toth expanded on an existing form of browser extension-based clickjacking. Marek’s research demonstrates a new form of clickjacking attack that relies on Document Object Model (DOM) manipulation to steal credentials from password manager extensions. 

This talk was about a unique web application exploit, which is directly related to my service line (web application pentesting) and area of expertise. Clickjacking is a pretty underwhelming vulnerability on the modern web, so I wanted to see if there was a more impactful exploit path. 

3 Key Takeaways: 

• Clickjacking via browser extensions completely circumvents traditional protections, such as the “XFO” header, samesite cookies, CSP, and frame-busting. 
• DOM-based Extension Clickjacking (new technique) can be used to trivially steal credit card details and PII, this technique can be used from any attacker-hosted website. 
• The fix is not simple and requires adding detections within the browser extension’s DOM to prevent manipulation. 

Organizations should discourage the use of password manager extensions, at least until these issues are addressed by the vendors (so far this has not happened). Exploitation of this vulnerability is not (necessarily) specific to any web applications hosted by a company, so the proactive measure on their part would be to discourage/prohibit the use of these password managers until the password manager vendors have addressed these security concerns. 

Jake Bigelow, Security Consultant II

Battle of the Bots

As a social engineer, I spent most of my time at DEF CON in the Social Engineering Village, where I got to observe how others in the industry handle vishing phone calls. One of the contests was Battle of the Bots, in which contestants built AI-powered vishing bots and had them make phone calls to their assigned targets. Overall, it was an interesting contest to watch because it really showcased the current state of these tools. 

The results were mixed, some teams managed to successfully capture informational flags from their targets, while others struggled just to get their calls to properly connect through their platforms. I found it to be a fascinating experiment, as it showed me that some of the tools I’ve been researching are in line with what other security researchers are using, and that it’s possible to have success with them even in their current, still rudimentary, state. 

John Mills, Senior Security Consultant

Behind the Dashboard – (Lack Of) Automotive Privacy by Lior ZL

A huge thank you to NetSPI for sending me to DEF CON 33 this year – it was an incredible experience! One presentation I attended dove into how a connected vehicle’s Electronic Control Unit (ECU) can store sensitive location data in its log files. While these logs were password-protected, the password itself was surprisingly easy to uncover.

It was both fascinating and eye-opening, underscoring just how critical privacy considerations are in modern automotive technology.

Joshua Wilkes, Security Consultant II

Metal-as-a-Disservice: Exploiting Legacy Flaws in Cutting-Edge  
Clouds by Bill Demirkapi

Bare-metal cloud providers are supposed to be providing the best of both worlds – dedicated hardware with enhanced security at a fraction of the cost of what the major cloud players are asking. Inevitably, you get what you pay for. Demirkapi evaluated a range of providers and observed a consistent theme: multi-tenant bare-metal environments with vulnerabilities that were in vogue when Bill Clinton was president.

I attended this talk because “Bare-Metal Cloud” sounded like an oxymoron, but it turns out it means exactly what you think: renting a non-virtualized, physical server. You’re probably thinking “How do I know I’m not running my HR software on a gas pump in rural Uzbekistan?” But it’s somehow even worse.  
Many of these providers are leasing hardware in the data centers of other, more nefarious entities, which means clients taking on technical debt that is impossible to evaluate.

Finally, many of these vendors appear to perceive segmentation of tenants as a luxury, permitting network enumeration and compromise that does not even require “advanced” techniques like Address Resolution Protocol (ARP) poisoning.  

The best anecdote of the talk? On one occasion, Demirkapi clicked the wireless icon on his rented bare-metal desktop, which logged him into the wireless network for the building in which the physical hardware was housed. 

Kimberly Wiles, Director AI/ML Penetration Testing 

The Nexus of Security for Quantum Systems: Spy Qubits and beyond by Muhammad Usman

This talk was about the difference in testing the security of classic versus quantum machine learning systems. I attended this talk out of curiosity, but also because while NetSPI is focusing on digging into assessing standard artificial intelligence and machine learning systems, the market will eventually turn towards assessing quantum systems as well.  

It was a technical talk that dug deep into the workings of vectors and relational data points, specifically with regards to image digestion and review. Where a standard machine learning system processes images in relational pixels, quantum machine learning breaks images into several layers/mappings.  

Due to this layering, quantum processing is more robust in that there are more layers that would need to be affected by data poisoning in order to be affected. For proactive security, implementing quantum machine learning systems may eventually become a more secure remediation implementation. At present, the market is not prepared to yet entertain the experimental field (since we are still not yet there with standard implementations). 

Noah Woodman, Security Consultant

Breaking the Black Box: Why Testing Generative AI Is Full Spectrum by Jason Ross 

I attended a talk at DEF CON 33 and the session was about performing security assessments against AI, the general techniques used, and the challenges unique to the non-deterministic nature of LLMs.  

I have been working on the AI service line at NetSPI. I wanted to attend talks focused on AI security to learn, so I can bring this knowledge back to NetSPI. 

There’s still a lot of uncertainty with testing AI, both in effectively determining if a vulnerability is viable and in how to effectively secure AI/remediate vulnerabilities. Automated testing (with AI) alongside human testing is going to be necessary when assessing an LLM. This needs to go beyond just single step prompting and needs to be continually updated with new techniques discovered.  

I think this relates to proactive security in that LLM security needs to be done throughout the development process. With LLMs being used during the development process, LLMs used for dev work need to be continually tested and scrutinized as well. 

TJ Andrewson, Security Consultant II 

Hacker VPN Workshop with Eijah and Benjamin “Cave Twink” Woodill

I went to a workshop at DEF CON 33 called Hacker VPN and the main goal of the workshop was to build/implement a self-hostable and fast VPN that used the most secure cryptographic post-Quantum algorithms approved by NIST, something that no commercial VPN provider seems to be doing right now. We were able to prove, via a plethora of labs, that the cryptography was indeed working as expected. While it wasn’t necessarily the most applicable to my day-to-day job at the moment, one of the ideas of the instructor was to also make the VPN as difficult as possible to detect on the Blue Team’s side, which will be very helpful for future Red-Teaming.

Wally Lu

HTTP/1.1 Must Die! The Desync Endgame by James Kettle

One talk that I attended this year at DEF CON 33 was James Kettle’s HTTP/1.1 must die! The desync endgame. This talk was about HTTP request smuggling attacks and how upstream HTTP/1.1 makes these attacks even more exploitable. I attended this talk because James Kettle is one of the most prominent figures in the community, and the topic of this talk was relevant to my day-to-day work.  

Some key takeaways are that even if a web server is using HTTP/2 which should prevent this, servers and CDNs could still be downgrading incoming HTTP/2 requests to HTTP/1.1 which would allow for desync attacks. HTTP/1.1 can expose websites to some critical attacks in the form of request smuggling, and the long-term solution is for all websites to use upstream HTTP/2. Keeping your tech stack updated can put you in a proactive position to combat against vulnerabilities such as HTTP desync. 

Will Taylor, Security Consultant II 

Battle of the Bots: Vishing Edition with Rachel, Perry, Snow, and JC

This contest took place within the Social Engineering Community Village at DEF CON 33 by industry experts Rachel from SocialProof Security, Perry from KnowBe4, Snow (co-founder of the SE Community Village), and JC as the Master of Ceremonies, this contest explored what is possible with AI in the realm of social engineering.  

The contest consisted of teams competing against each other to capture flags by extracting specific information during vishing calls, but the catch was they had to utilize AI bots to perform the actual calls and capture the flags. This talk interested me because I work in the Social Engineering service line, enjoy making vishing calls, also have an interest in AI and how it will transform the landscape of performing penetration tests – especially its impact on a more person-focused service line such as Social Engineering.

One of the main takeaways from the contest was that the AI bots are not as capable of redirecting a pretext if it starts going wrong and can struggle with dynamic conversation. When a pretext began to go off-script, the bots often got stuck in loops, unable to pivot or adapt in real time. While the bots did have a bit of success, they still have a way to go before becoming as efficient as a human would be in this instance.  

In terms of proactive security, Social Engineering is typically the initial access point in a larger Red Team Operation and using AI to systematically make a large volume of calls dramatically increasing the ability to create initial access. A human is only able to perform a single call at a time, but AI can perform hundreds of calls in a shorter time span. Still, conversation bots have their limitations, and it will take time before being able to completely automate the process of vishing calls.

Conclusion

We understand the cybersecurity landscape is constantly evolving, and DEF CON 33’s theme “Access Everywhere” challenged our security experts to reimagine how we continue to help our customers and ensure that our proactive security solutions are usable and accessible.  

The conference provided Team NetSPI with more than just technical knowledge. It offered fresh perspectives on how to approach emerging threats with innovative solutions.  

Interested in joining a team that’s building a more secure future? Check out our current job openings.