ContinuumCon @_ContinuumCon_

🚨 Workshop Spotlight # 15 👉 "Hunting Prompt Injection: Breaking AI Applications and CI/CD Pipelines" by Mackenzie Jackson (@advocatemack), Field CTO at @AikidoSecurity 📝 Description Prompt injection started off as a bit of a gimmick. A way to make bots on Twitter say funny things or bypass a model's safeguards. But as we integrate AI into the fundamental workflows of our applications and build processes, it transforms into a critical threat, and one that is technically unsolvable. This workshop focuses on how to find, validate, and exploit prompt injection in the wild. You'll break down why it's unsolvable from a technological standpoint: LLMs process everything as unstructured tokens, so there's zero architectural boundary separating instructions from data. From there, it's hands-on. You'll start with basic chatbot injections, then build up to tricking AI-powered applications into leaking sensitive files and repository secrets. The finale recreates a critical pipeline vulnerability the team discovered inside Google's own Gemini CI/CD infrastructure. You'll see exactly how a sneaky instruction hidden inside a normal GitHub issue forced an AI agent to run shell tools and leak privileged GITHUB_TOKEN and GEMINI_API_KEY credentials into public view. Then you'll learn how to defend against it: restricting agent toolsets, isolating blast radius, and treating all AI output as untrusted. If you want to understand how to hunt prompt injection inside real applications, this workshop is for you. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 14 👉 "Offensive Threat Intel: Tracking & Disrupting Adversaries for Fun" by Josh Allman (@xorJosh) & Ben Folland (@polygonben), of CtrlAltIntel 📝 Description You don't need access to private telemetry or a job at a major security firm to hunt down threat actors in the wild and impose costs. Josh and Ben are proof. A couple of friends having fun built CtrlAltIntel and ended up making an impact on a global scale, supporting governments, military organizations, law enforcement, and more, all from analyzing public data. This workshop walks through how they did it, and how you can too. You'll learn their methodology for tracking adversaries using platforms like Hunt.io, Censys, and Shodan, complete with specific queries and real-world examples. Then, get in the driver's seat: - In The Hunt, you'll practice querying and pivoting from a single data point to identify and report active threat actor infrastructure. - In Mining Gold from Open Directories, you'll work with safe data from their previous hunts and run your own analysis. Their goal is simple: inspire you to give this a go and start taking down cybercriminals yourself. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 13 👉 "Hacking Over & Under The Wire" by Andy Piazza (@klrgrz), Senior Director of Threat Intelligence at Palo Alto Networks Unit 42 📝 Description Andy built this workshop for the version of himself 15 years ago, when everyone made getting started look easy and nobody bothered to show step one: setting up the environment. This one's for the n00bs who don't even know where to start. The ones overwhelmed by the idea of doing a CTF or setting up their own lab. The ones who tried to follow a tutorial and got lost on step one. He walks you through installing and configuring PuTTY, then jumps into Bandit on Overthewire.org for a live walkthrough of the first few SSH-based levels. From there, he moves to Century on Underthewire.tech and does the same with PowerShell, comparing each command to its Linux equivalent so you actually see the bridge between the two worlds. By the end, you've got a foundation in SSH and PowerShell, two CTF platforms you can keep practicing on for free, and an understanding of how the commands you're learning map to real-world work in Red Teaming, DFIR, and threat hunting. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 12 👉 "StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction" by Christopher Dio C., Chief Cyber Security Researcher at Radar IT Systems Inc. 📝 Description Cybercriminals have become digital artists of deception, practicing a technique called steganography: the ancient art of hiding secrets in plain sight. Traditional signature-based antivirus and static analysis tools are largely blind to these threats, leaving a critical gap in defense. In this workshop, we'll look at combining deep structural analysis of over a dozen file formats (JPEG, PNG, PDF, ZIP, WAV, and more) with adaptive heuristics, baseline profiling, and active probing to detect even the most sophisticated steganographic embeddings. We'll use StegoDefender to extract and decode hidden payloads, harvest network indicators (URLs, IPs, domains, crypto addresses), and integrate YARA rules for signature-based threat identification. If you're a threat hunter, DFIR analyst, or malware researcher, this is the workshop that helps with a blind spot in your stack. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight # 11 👉 "What the Current and Future of Iranian & Other Nation-State APT Cyber Attacks Look Like" by Douglas Kaluhiokalani, Founder of Cyber Kata, LLC 📝 Description Nation-state cyber operations don't slow down. They evolve. This session looks at where Iranian and other nation-state APT activity is right now, and where it's heading next. We'll walk through TTPs of threat groups making active news, including Handala (responsible for the Stryker attack) and the resurgence of MuddyWaters with their GhostBackdoor implant. We'll also dig into how the war with Iran has changed the threat landscape and exposed Blue Teams to new categories of attack. You'll get a look at runbooks built for MS Sentinel, designed to be adapted to whatever security tooling your team already uses. The focus throughout is on what Blue Teams should actually be doing to defend. If you work in threat hunting, threat intelligence, or detection engineering, this one's for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 10 👉 "Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software" by Smit Nayak, Cyber Security Analyst at Sypram 📝 Description WannaCry crippled thousands of systems in 150+ countries in 2017, signaling a new era in cyber threats worldwide. So why look at it now? Behind all the hype is a goldmine of information for forensic science and real-world recovery tactics. This session takes a forensic investigator's view of WannaCry, covering the malware in detail and walking through methods for recovering, analyzing, and interpreting the artifacts it leaves behind, even after encryption and system compromise. You'll be guided through a realistic forensic reconstruction of a WannaCry-infected system using open-source tools like Autopsy and Volatility. The session covers finding ransom notes and IOCs, extracting memory data, locating encrypted file remnants, and recovering partial data through shadow copy remnants and file carving. If you work in digital forensics, hunt threats, or are trying to sharpen your ransomware incident response process, this one's for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight #9 👉 "Killing Active Directory Attack Paths Once and For All" by Spencer Alessi (@techspence), Sr. Penetration Tester at @SecurIT360 📝 Description Active Directory attack paths are what turn small weaknesses into full domain compromise. After pentesting 150+ organizations in the last 5 years and performing over 1,000 hours of internal pentesting in 2025 alone, one of the biggest security mistakes I see IT Admins make is logging into untrusted workstations with their Domain Admin account. In this workshop, we’re going to learn how easy it is for an attacker to compromise a domain from an untrusted workstation and how to prevent it, even if the attacker has Domain Admin (DA) credentials. We’ll cover: - Why Active Directory (AD) still matters - AD attack path pre-requisites - Two common lateral movement attacks - Hardening controls to block these two attack paths Not only will you be able to play the role of the attacker and carry out the attacks yourself, but you’ll also be put in the defender seat and guided through setup and configuration of security controls in Active Directory to block the attacks. If you’re responsible for managing and/or securing Active Directory, this workshop is for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight #8 👉 "How to Analyze Malware" by Matthew Nguyen 📝 Description A practical introduction to malware analysis for beginners, focused on building a foundational workflow rather than diving straight into reverse engineering. You'll cover the key principles of a safe lab setup, basic static analysis, and dynamic analysis using sandbox environments and tools you can run in your own lab (like FlareVM). The session includes a guided walkthrough of a real malware sample pulled from a malware database, with attention to the techniques you'll encounter most often: persistence mechanisms and command-and-control communication. By the end, you'll have a clear framework for analyzing malware, an understanding of the common techniques malicious software uses, and the confidence to begin your own analysis safely. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

ContinuumCon Teaser: solst/ice, Zack Korman, & Spencer Alessi!! x.com/i/broadcasts/1…

🚨 Workshop Spotlight # 7 👉 "Smarter AWS WAF: Reduce Noise, Detect Threats & Automate Response" by Ihor Sasovets, Security Engineer at TechMagic 📝 Description As cloud-native applications scale, so do the threats targeting them. AWS WAF is often one of the first lines of defense at the edge, yet many teams struggle to move beyond basic configurations and truly operationalize it. WAF gets deployed, but rarely fully leveraged as an intelligent security control. This workshop walks through a practical, end-to-end approach to building a production-ready AWS WAF setup. Starting from scratch, you'll deploy protections with the Security Automations for AWS WAF solution while breaking down how WAF actually works under the hood: core features, rule management strategies, and common pitfalls. You'll tune rules, reduce false positives, and design a setup that scales without becoming operationally expensive. Part two extends AWS WAF with a custom solution, the "AWS WAF Monitoring Lambda," that turns raw WAF logs into actionable security intelligence. Think automated log analysis, near real-time attack visibility, Slack-based alerting, and intelligent IP blacklisting, all fast enough to detect and respond to threats even without a dedicated SOC. The goal is simple: turn AWS WAF from a checkbox into a smart, scalable, and proactive security layer. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight # 6 👉 "Roll Your Own Analyst" by Tallis Jordan, Co-Founder of HardCounter 📝 Description The amount of threat intelligence produced through blogs, vendor feeds, malware reports, and research writeups can feel overwhelming. Between rehashing, regurgitation, and IOC dumps, most detection engineers simply do not have time to review everything manually. This workshop covers building a lightweight, local threat intelligence pipeline designed specifically for detection engineering workflows. Using Python, Ollama, and a small local model, you will ingest intelligence feeds, analyze that intelligence with local models to extract actionable insights, and present the output through a web interface that can be placed into your daily workflows. No expensive hardware. No overengineered or complex "AI agent" platforms. Just practical, privacy-friendly automation that you can build and operate yourself. You'll leave with a working pipeline you can expand on with more enrichments, detection engineering workflows, and integrations. 🎟️ Only at ContinuumCon 2026, June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight # 5👉 "Instant API Hacker" by Corey J. Ball (@hAPI_hacker), author of "Hacking APIs" and founder of APIsec University (@apisecu) & hAPI Labs 📝 Description "Instant API Hacker" demonstrates how quickly someone can learn to identify and exploit API vulnerabilities. You'll witness the exploitation of critical vulnerabilities from the OWASP API Security Top 10, including broken authentication, authorization flaws (BOLA), and excessive data exposure. Through live demos using the "One Request to Rule Them All," you'll see firsthand how APIs can be compromised, and gain actionable insights you can apply immediately. The session walks through finding APIs, analyzing endpoints in Postman, going deep with Burp Suite, and exploiting the most common vulnerabilities. You leave with free resources for continued learning, including vulnerable labs and APIsec University courses. Beginner-friendly. By the end, you're an API hacker. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect!

🚨 PHANTOM kicks off at 1PM EST, live streamed. Case File CTF #1 on all facets of CTI: - Pull 10 IOCs out of a real artifacts - Write up attribution and impact, conclusions backed by evidence - Build 3 detection rules, and test them: YARA, Snort, Sigma - Prepare a threat hunt with your own KQL or PowerShell query - Deliver a complete incident report that is manually reviewed "Goodcorp SOC paged at 02:14 UTC. Suspect outbound traffic from a build runner. The nightly npm install ran ten minutes earlier." Same artifacts an IR team would actually see. Same deliverables they'd write. This is a modern supply chain compromise, like all the npm and dependency issues we're seeing. Leaderboard, points, first blood, hints... and prizes! - CDETH voucher - DE&TH Challenge pack - 1 Month free Adventurer - 1 Month free Guardian Walk away with the PHANTOM badge and your rank! 🔥 FREE and open to all. Runs until Sunday May 24 at 10AM EST. Links in the first comment. See you at 1PM!

🚨 Workshop Spotlight # 4 👉 "Tactical GRC - Turning Governance Into a Force Multiplier for Security Teams" by Fletus Poston III (@fletusposton) 📝 Description GRC doesn't have to be slow, bureaucratic, or disconnected from real security work. You'll learn how to build a lightweight, engineering-aligned risk and governance model that supports detection engineering, threat hunting, IR, and SecOps. You'll create a threat-informed risk model (mapping ATT&CK techniques to business risks), design a minimal control set that translates into real engineering tasks, and build a rapid risk-acceptance workflow you can take back to your team on Monday. You'll also walk away with a 90-second framework for communicating risk to anyone who'll listen. 🎟️ Only at ContinuumCon 2026 - June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect

Gave a version of this workshop at HOPE, NorthSec, HackSpaceCon, and improve it each time. So you’ll get to see the best version of it yet!

ContinuumCon @_ContinuumCon_

3 weeks ago

🚨 Workshop Spotlight #3 👉 "Practical Security Engineering" by @IceSolst 📝 Description You're the first security hire at a company (they have nothing in place), and you are tasked with: "Make our product more secure." Where do you start? We'll cover setting up SAST, DAST,

0 7 27 14K 25

🚨 Workshop Spotlight #3 👉 "Practical Security Engineering" by @IceSolst 📝 Description You're the first security hire at a company (they have nothing in place), and you are tasked with: "Make our product more secure." Where do you start? We'll cover setting up SAST, DAST, SCA, secrets scanning, and enrichment with LLMs. All via GitHub Actions. Hands-on labs include SAST with Semgrep (plus wiring it into PR comments), DAST with Nuclei/ZAP, and Claude via GitHub Actions for enrichment. Beginner-friendly. If you've ever inherited a "you're security now, good luck" mandate, or you're about to... then this is the on-ramp. 🎟️ Only at ContinuumCon 2026 on June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight 👉 "Prompt Injection Fundamentals & Hack-Along" by Eva Benn & Andrew Bellini (@d1gitalandrew) 📝 Description Prompt injection continues to be # 1 on the OWASP Top 10 for LLM Applications for the second edition running, and there's a reason it isn't moving. LLMs read instructions, data, and policy through the same channel. The attack surface is the entire space of human language, with infinite ways to phrase an input and infinite ways the model can respond. A single successful prompt injection can bypass every other security control you put in place, even if you've done everything else right. Model makers like OpenAI, Anthropic, and Google continue to invest in instruction hierarchy training and built-in safety controls, but models still can't reliably tell the difference between what the app builder told it to do and what an attacker hid inside a document, an email, a webpage, or a tool response. And the people building AI apps aren't just engineers anymore... This session is a practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting, or if you're building with AI and want to know what you're actually up against. 🎟️ Only at ContinuumCon 2026 - June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas , and @Level_Effect !

@ZackKorman if it couldn't break it wouldn't be fun, can't wait !

🚨 Workshop Spotlight 👉 "Escaping Sandboxes with AI" by @ZackKorman, CEO of Embroidery 📝 Description Giving your AI agent full access to your machine is risky, so people are increasingly turning to sandboxing as a solution. While sandboxing certainly has its benefits, it also has some important weaknesses. The most notable weakness is that people are bad at making sandboxes, so all too often it is possible for the AI to escape. This workshop teaches people how I approach finding ways to escape, with real examples people can try themselves. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @anthonybendas, and @Level_Effect

@0bin_Cyber @brysonbort @strandjs Different days for different topics! schedule coming out soon Typically 5-6 workshops for Day 1 and 2, then a shorter Day 3 with a wrap up and review of the CTF !

🔥 ContinuumCon 2026 June 12-14 Workshops Announced! Stacked with content, plus a special event: This year we'll have a Live AMA with @brysonbort and @strandjs - Q&A, commentary, and the top-tier banter. Workshops 👇 # Roll Your Own Analyst by Rain Jordan Build your own local AI threat intel pipeline with Python & Ollama # Killing Active Directory Attack Paths Once and For All by @techspence Hands-on destruction of major AD attack paths with hardening to mitigate # Hacking Over & Under The Wire by @klrgrz Beginner-friendly SSH & PowerShell using OverTheWire wargames and trying back to tradecraft # Practical Security Engineering by @IceSolst Stand up SAST, DAST, SCA, and secrets scanning for free using GitHub Actions # Prompt Injection Fundamentals & Hack-Along by Eva Benn and @Andrew Bellini Practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting! # Escaping Sandboxes with AI by @ZackKorman Hands-on techniques for finding and executing AI sandbox escapes # Instant API Hacker by @hAPI_hacker Fast-paced exploitation of the OWASP API Top 10 with the author of Hacking APIs # Smarter AWS WAF: Reduce Noise, Detect Threats & Automate Response by Ihor S. Production-ready AWS WAF with custom monitoring, Slack alerts & automated threat response! # Tactical GRC - Turning Governance Into a Force Multiplier for Security Teams by @fletusposton Build lightweight, engineering-aligned GRC that actually accelerates security work! # How to Analyze Malware by Matthew N. Safe, practical malware analysis workflow for beginners – static, dynamic & real sample walkthrough! # Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software by Smit Nayak Deep forensic recovery of WannaCry artifacts using open-source tools – DFIR gold! # StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction by Christopher Dio C. Detect & extract hidden malware from images & files with next-level steganography tools! And we'll be hosting content again this year through the great @getCourseStack platform! Big thank you to all putting the work and time in in to bring this con to everyone! 🙏 @_JohnHammond @JustHackingHQ @AnthonyBendas @Level_Effect Got your ticket yet? 🎟️ Head over to: continuumcon.com