SteelCon

The 2026 dates will likely be July 17-19 but nothing has been signed with the university yet so please do not make any bookings that cannot be changed based on these.

I try and balance each of these to maintain my wellbeing. If anyone wants a copy of my slides ping me a DM and I'll share them. When the recording is available, I'll share it. Thanks to everyone who came along to the talk and for all the conversations around it.

If you leave a hotel TV logged into YouTube, you deserve @CarlGottlieb

OSINT challenge, where are we?

Our spare party bags have been donated to Sheffield Children's Hospital @SheffChildrens . They said they would put them to good use.

Also, it was cool to catch up (too many to mention, you know who you are) with folks and make some new friends. Massive shout out to all the SteelCon crew for another great event!

I appreciate not only the feedback but how it landed and connected, I specifically wanted to share my lessons learned with folks who are new to cyber security or early on in their careers. I think I achieved that.

The talk went down very well and turned into a little interactive session, with a bunch of folks approaching me afterwards and saying how it resonated with them, this is always humbling.

By this time last week at @Steel_Con I was like "ah it's done, no one threw things or walked out, yay!" My talk was about how I saw the signs of burnout approaching and managed to swerve it based on my personal (Good Resilience In Testing Times) operating system.

.@Steel_Con celebrates 10 years of cybersecurity learning, collaboration, and community in Sheffield. Read Dan Raywood’s reflections and key takeaways from the talks he attended ⤵️ 🔗:informationsecuritybuzz.com/lessons-learne… #CyberSecurity #ThreatModelling #InformationSecurityBuzz

@Steel_Con seize the means of production!

Thanks to the guy at @Steel_Con who put me on to RDAP for the domain query (he was wearing camo trousers & had a large laptop running Ubuntu which had serial ports!) as reverse engineered some javascript & can now get domain info by finding the url for the registrar for the tld…

Great workshop about .NET RE by @SinSinology at @Steel_Con! The skills, passion and talent made the workshop amazing and easy to follow! I wish we had way more than 4 hours!

For anyone who went to @guyrleech workshop on Using Powershell to Explore Windows, or if you are just curious what you missed, you can download the slides here: files.speakerdeck.com/presentations/…

Slides from my "Using PowerShell to Explore Windows" workshop at @Steel_Con 2025 files.speakerdeck.com/presentations/…

@Steel_Con happy birthday to our favourite digital ninja @digininja and chief creative, who without we not only would SteelCon not exist but would be a lot less fun and exciting.

From a PowerShell perspective, note use of -pipelinevariable which allows us to reference earlier pipeline components later when $_ is not what it was back then

ps -PipelineVariable process| select -expand Modules | where filename -NotMatch '^c:\\windows\\assembly\\NativeImages' -PipelineVariable file -ErrorAction SilentlyContinue | ForEach-Object { Get-AuthenticodeSignature -FilePath $file.Filename }|where status -ne 'valid'|select @{…

Came up with this 1 liner in my PowerShell workshop at @Steel_Con last week which finds any not validly signed modules (dlls) in running processes. (excluding JIT'd ones). There are some 3rd parties (& @LinkedIn app) but some @microsoft components too ☹️