Archaic Creativity: Pulling At Infinite Threads
Track 1 – 11:40am
Andy Gill
Bio
Andy (also known as zephrfish on the internets) works in offensive security, focusing on adversary simulation, varying flavours of red teaming, and helping organisations better understand how real attackers operate. His work centres on practical, intelligence-led tradecraft, with an emphasis on operating without heavy reliance on traditional tooling and instead adapting to environments as they are.
Alongside his day-to-day role, Andy spends a significant amount of time contributing back to the community through writing, research, and training. He is the author of two practitioner-focused books(LTR101 and LTR102) on red team tradecraft and runs the Malwareless Adversarial Emulation (MAE) course, which aims to help operators and defenders better understand realistic attacker behaviour without relying on noisy or artificial techniques.
He regularly shares research, tools, and lessons learned from both successes and failures, with the goal of making offensive security more accessible, grounded, and useful to the wider community.
Pronouns
He/Him
Talk Abstract
Modern red teaming often leans on familiar tools and repeatable playbooks, but real environments are rarely that clean. They are built over time, shaped by operational needs, shortcuts, and layered decisions. To break them effectively, you first need to understand how they were built.
This talk explores a “build before break” approach to adversary simulation. By analysing how systems, identities, and workflows are designed and connected, operators can uncover the subtle dependencies and trust relationships that are often overlooked. Small inconsistencies such as legacy access, misconfigured services, or forgotten integrations can provide far more reliable paths to compromise than obvious vulnerabilities and misconfigurations.
Rather than chasing noise or novelty, the focus is on patient observation and architectural awareness. By thinking in systems instead of steps, red teamers can identify and follow the threads that exist within every environment and use them to achieve realistic, repeatable outcomes.
Intended Audience
Anyone with an interest in red and blue teaming and wanting to better understand adversarial behaviour looks like when it’s not obviously loud
How NSFW is this talk?
(How spicy is your talk in chilli's?)
NSFW – Glaswegian