Red-Team Track Agenda
BSidesHBG is thrilled to host a Red-Team exclusive track this
year!
May 29, 2026
10:00AM - 4:00PM
Mohammad Eshan
From Pokemon Cards to Red Teams: An Accidental Career in Offensive Security
This talk is about how a Pokemon card hobby turned into an accidental career in offensive security. From writing bots and reverse engineering anti-bot platforms as a teenager, to building BlackRock's red team program, to conducting offensive operations at MITRE, to co-founding a Y Combinator backed startup, this is the full story of every weird, nonlinear step along the way and what each one taught that no certification or textbook ever could.
James Lloyd
Sword & Shield: Building AI Agents for Cyber Offense and Defense
n8n's AI agent framework lets you chain LLMs, tools,
and decision logic into autonomous workflows that can
reason, act, and adapt — and security practitioners on
both sides of the wire are starting to take notice. This
talk breaks down how these agents work and what that means
in practice for offensive and defensive operations.
We'll
dig into real workflows covering recon pipelines, phishing
automation, threat intel aggregation, and alert triage —
including how n8n can interface with Kali Linux tools via
API to automate penetration testing workflows, turning
manual multi-step engagements into repeatable,
agent-driven operations. We'll show how attackers are
already leveraging these techniques and how defenders can
use the same tooling to hit back. Attendees will leave
with a practical understanding of how to build and deploy
AI agents for security, and what to watch out for when
they're used against you.
TJ Null
Uncovering the Internet by hosting your own Shodan
Modern penetration testing demands the coordination of
numerous scanning, parsing, and enumeration tools, often
resulting in fragmented workflows and significant manual
overhead. Cygor is a modular asset discovery framework
that unifies these stages into a single, automated
pipeline. By integrating industry standard tools such as
Nmap, Masscan, Naabu, and Playwright, Cygor orchestrates
discovery, enrichment, and targeted service enumeration
through extensible modules. Scan results are automatically
parsed, normalized, and stored in a structured database,
eliminating the need to reconcile disparate output
formats.
Peter Cipolone
Through the Eyes of a Phisherman: A Pentester’s Methodology to Social Engineering
Despite email security products, user awareness training,
domain reputation, and MFA, phishing remains one of the
most effective cyber threats for getting inside a network.
Attackers are continually evolving their tactics and
leveraging AI in the high-stakes cat and mouse game of
social engineering. This talk will break down the
fundamentals of email security and show how attackers
can
1. Discovering and Leveraging Email/Domain
misconfigurations to bypass protections
2.
Utilize reverse proxying to steal session cookies and
bypass MFA
3. Implement bot detection to
sidestep link inspection and domain reputation checks
4.
Develop highly specialized emails that can avoid content
filtering and warning banners
Together
these techniques increase the odds of a successful
phishing campaign and show the full impact of a user
clicking a link. This talk is for all ages and skill
levels. Technical experience is helpful, but not required.
Michael Cyr
Joel Garcia
New Windows Persistence Techniques in Metasploit
Metasploit has had persistence for a long time, however it's always been lackluster. In July 2025 a complete overhaul of the persistence system began, introducing standardization across all platforms. Since then many new additional techniques have been created, especially on Windows platforms. This talk will discuss the new standardizations and how they effect users, look at the new techniques which have been added, and show how they can be utilized with live demonstrations.
