ABOUT US
Vulncon is India’s fastest-growing technical cybersecurity conference, focused on core research, offensive security, and practical innovation.
In an evolving threat landscape, we emphasize deep technical knowledge, real-world case studies, and meaningful industry dialogue. Our platform brings together researchers, practitioners, and security leaders to exchange insights that directly address current security challenges.
Our Vision
To advance the technical foundations of cybersecurity with a strong focus on offensive security in a rapidly changing threat environment.
Our Mission
To bridge the gap between security leaders and practitioners by fostering collaboration, knowledge sharing, and actionable research.
Vulncon is designed to strengthen the security community through substance, clarity, and technical depth.
Our Schedule
Filter by Track
08:00 – 09:00
Registration
09:00 – 09:10
Main Hall
Inaguration & Lamp Lighting by Dr. Pranob Mohanty, IPS
Dr. Pronab Mohanty, IPS & Vulncon Team
09:10 – 09:20
Main Hall
09:20 – 09:30
Main Hall
09:30 – 10:10
Main Hall
Our Speakers
CHIEF GUEST
Dr. Pronab Mohanty, IPS
Director General of Police
Cyber Command, Karnataka
TECHNICAL SPEAKERS
Event Timeline
Workshops
Whack-a-Clue: Chasing Timestamps across the World
Modern threat actors don't rely on a single persistence mechanism — they weaponize time itself.
From autorun entries and scheduled tasks to registry-based triggers, Git hooks, IoT callbacks, and logic-driven execution chains, sophisticated malware quietly spreads across heterogeneous environments and activates under carefully crafted conditions.
These artefacts surface across laptops, servers, mobile devices, embedded systems, and cloud-connected infrastructure, leaving investigators with the difficult task of reconstructing a coherent chain of infection from fragmented evidence.
This workshop explores how investigators can automatically correlate and reconstruct those events by building a lightweight forensic timeline engine in Go.
What Participants Will Build
Participants will implement a lightweight, cross-platform forensic tooling pipeline capable of:
- Parsing artefacts from multiple operating systems
- Normalizing heterogeneous timestamp formats
- Correlating events into a unified timeline
- Visualizing infection chains and propagation paths
- Producing investigative timelines without relying on commercial DFIR suites
Who Should Attend
Learning Objectives
Workshop Flow
Kickoff & Motivation
Timeline reconstruction in DFIR and how malware leverages time-based execution.
Go for Forensics
Go fundamentals, static binaries, concurrency, and filesystem handling.
Infection Chain Fundamentals
Persistence artefacts, propagation techniques, and investigative indicators.
Timestamp Parsing & Correlation
Normalizing formats, sorting events, and generating timelines.
Real-World Caveats
Clock skew, timezone inconsistencies, and anti-forensic behaviour.
Hands-On Case Study
Reconstructing a simulated multi-device infection chain using Go tooling.
Wrap-Up & Discussion
Discussion around extending the tooling, integrating it into DFIR workflows, and handling real-world investigative challenges.
Participants are encouraged to continue evolving the prototype into custom forensic pipelines tailored to their own environments.
The Agentic Kill Chain: Live Exploitation and Forensic Response for AI Agents in 2026
In January 2026, Microsoft did something the security community had quietly been waiting for: it assigned CVE-2026-21520 to an indirect prompt injection in Copilot Studio. It was the first time a major vendor formally tracked a prompt injection in an agentic platform as a CVE — a watershed moment that signaled prompt injection is no longer a research curiosity but a vulnerability class your incident response team must now own.
The problem: nobody has written the IR playbook for it.
This 2-hour hands-on workshop walks security practitioners through the full lifecycle of an AI agent compromise — from the attacker's perspective and from the defender's. We exploit CVE-2026-2256 live on stage against a vulnerable MS-Agent deployment, demonstrating how attacker-controlled content in a single document can pivot through an LLM's tool-calling logic into arbitrary shell command execution as the agent's host process.
We then flip the perspective: given log data from a compromised agent, how do you reconstruct what happened? What evidence must be preserved? How do you attribute an action when the "user" is non-deterministic? When can you trust the agent again?
Drawing on BlackPerl DFIR's incident response work, we present a structured playbook covering the six gaps in current AI agent telemetry, an evidence preservation checklist for agentic incidents, and a containment workflow that does not destroy forensic state.
Attendees leave with a working understanding of the agentic attack surface, a hands-on reproduction of two real 2026 CVEs, and a practical IR framework they can adapt for their own AI deployments.
This is the talk we wish existed when our first agent compromise engagement landed on our desk.
What Participants Will Experience
Participants will work through a complete AI-agent compromise lifecycle including:
- Live exploitation of vulnerable AI agent deployments
- Prompt injection and tool-calling manipulation techniques
- Agent telemetry analysis and forensic reconstruction
- Incident response workflows for AI systems
- Evidence preservation and containment procedures
- Detection engineering strategies for agentic environments
Who Should Attend
Learning Objectives
Session Timeline
01Module 1 — The Watershed
Framing the problem. Why January 15, 2026 was the moment AI agent security became an enterprise IR discipline. Walkthrough of CVE-2026-21520 and the architectural confused-deputy problem at the heart of the agent vulnerability class. Introduction of OWASP ASI01 (Agent Goal Hijack) and the lethal-trifecta model.
No demo in this module — this is the conceptual scaffold for the rest of the session.
02Module 2 — Anatomy of an Agent Exploit: CVE-2026-2256 Live
Hands-on reproduction of CVE-2026-2256 against a vulnerable MS-Agent v1.5.2 deployment running in a sandboxed container. We walk the attack chain in five stages:
- Initial influence: attacker-controlled content delivered via a document the agent is asked to summarise.
- Tool selection manipulation: content crafted to push the agent's planning loop into selecting the Shell tool.
- Parameter injection: how the agent constructs a shell command string containing attacker text without ever recognising it as a command.
- Execution: arbitrary command runs as the agent process.
- Post-exploitation: persistence via workspace state modification, lateral movement to cloud metadata endpoints, supply-chain impact through poisoned artifacts.
Attendees following along reproduce the chain in their own container.
03Module 3 — Break + Audience Q&A
15-minute structured break. Attendees who hit lab issues get one-on-one help. Open questions on Modules 1–2 answered.
04Module 4 — The IR Reality Check: What You Cannot See
We take the compromised lab from Module 2 and ask: now what? Walkthrough of the six telemetry gaps that block effective incident response in current agent deployments:
- Prompt provenance: which content in the context window came from which source?
- Tool invocation justification: why did the agent decide to call this tool?
- Model state at decision time: what was in memory, what was retrieved from RAG, what was in conversation history?
- Tool output handling: was the result shown to the user truthfully, or summarised in a way that hid an action?
- Session boundary integrity: did instructions from a previous session persist into this one?
- Side-channel actions: did the agent take an action that left evidence only outside the agent's own logs?
For each gap, we show the corresponding artifact in the compromised lab, what is captured today, and what is missing.
05Module 5 — The BlackPerl AI-Agent DFIR Playbook
The constructive half of the talk. We present a structured playbook covering:
- Evidence preservation: the seven-item checklist for snapshotting agent state at incident detection — full conversation history, system prompt, tool registry, RAG retrievals, model and version, environment variables, and external resource fetches.
- Containment without forensic destruction: how to halt an agent in a way that preserves volatile state, including memory dumping techniques for in-process agent runtimes.
- Attribution decision tree: distinguishing prompt injection from model error from legitimate-but-misjudged action using log triangulation.
- Root cause reconstruction: mapping a confirmed malicious action backwards through tool calls, retrievals, and prompts to identify the injection vector.
- Recovery and trust restoration: what must be rotated, what must be replayed, what must be redesigned before the agent returns to production.
The playbook is delivered as a single-page reference card distributed to all attendees.
06Module 6 — Detection Engineering Forward + Closing Q&A
Five-minute close: three concrete detection engineering recommendations for SOC teams running agents in production today. Q&A continues offline at the BlackPerl table in the village area.
Wrap-Up & Discussion
Participants leave with a practical understanding of the AI-agent attack surface, incident response workflows, and evidence preservation requirements for modern agentic environments.
The session concludes with actionable guidance for detection engineering, AI security operations, and enterprise readiness for autonomous systems.
From Telemetry to Tradecraft: Hunting Adversaries in Multi-Cloud
As enterprises rapidly increase their adoption of multi-cloud ecosystems, this transformation has opened the door to a surge in adversarial activities targeting cloud infrastructures.
This workshop introduces a clear and practical threat-hunting approach designed for multi-cloud environments. It explains the challenges of securing different cloud platforms and highlights the common techniques and behaviors used by attackers targeting cloud ecosystems.
Attendees will learn how to spot cloud-focused attackers, create strong hunting hypotheses, and apply proactive detection methods across AWS, Azure, and GCP.
The workshop emphasizes the practical configuration of cloud-native services to enable centralized logging and monitoring across multiple cloud platforms, followed by hands-on threat-hunting exercises in a multi-cloud setting. It concludes with a live demonstration of an AI-driven, client-enabled threat-hunting scenario, showcasing how AI can enhance modern security operations and transform cloud defence capabilities.
Table of Content
01Introduction to Multi-Cloud Infrastructure
- Architectural Design and Components of Multi-Cloud Environments
02The Cloud Threat Landscape
- APT Groups Targeting Cloud Ecosystems
- Tactics, Techniques, and Procedures (TTPs) Used Against Multi-Cloud Environments
- Cloud Threat Matrix and Attack Mapping
03Logging and monitoring overview of multi cloud infrastructure
- Designing an Effective Cross-Cloud Monitoring Framework
04Hunting cloud targeted threats
- Building and Executing Cloud Threat Hunting Hypotheses
- Conducting Hunts for Adversaries Targeting Multi Cloud Infrastructures
AWS
- Credential Exposure & Access Key Leakage
- Abuse of IAM Roles for Lateral Movement
- Privilege Escalation via Misconfigured IAM Policies
- Unauthorized Permission & Policy Assignments
- Defense Evasion through Monitoring & Logging Manipulation
- Abuse of Compute Instance Credentials & Metadata Services
- Cloud Storage Discovery & Data Exfiltration
Azure
- Credential-Based Initial Access Techniques
- Identity & Session Hijacking Attacks
- Discovery of Externally Exposed Cloud Resources
- Abuse of Misconfigured Administrative Privileges
- Cross-Environment Lateral Movement
- Hybrid Identity & Federation Abuse
GCP
- Authenticated Cloud Resource Enumeration
- Privilege Abuse from Over-Permissive Roles
- Container & Kubernetes Workload Compromise
- Serverless Function Abuse
- Cloud Data Access & Exfiltration Techniques
05AI Driven cloud investigation and detection
- Vision for Futuristic Hunting Strategies
- Human intelligence with AI
- Configuration and integration of AI into threat hunting operations.
- Demonstration
Attendees Takeaway
Practical investigation workflows and operational knowledge
What to Expect
Hands-on exposure to cloud hunting and AI-assisted investigation
Prerequisite Note
Required environment setup before attending the workshop
- A system with a minimum of 16GB RAM and either VMware or VirtualBox installed
- Basic understanding of cloud concepts
- Free-tier accounts for AWS, Azure and GCP
- Note: A dedicated VM image will be shared with participants prior to the event.
The Machine Learns to Lie: AI Prompt Injection Forensics
Participants in this CyBe Global Labs session will transition from traditional security mentalities to high-resolution, forensic-level defense.
As AI-powered attacks become increasingly sophisticated, defenders must move beyond signature-based detection and content analysis toward infrastructure-centric investigations that reveal how attacks actually unfold.
Through case studies, technical labs, forensic exercises, and practical defensive strategies, attendees will learn how to investigate prompt injections, identify AI-generated phishing campaigns, detect deepfake impersonation attempts, and build resilient controls that disrupt modern AI attack chains.
At a Glance: The CyBe Global Labs Experience
- Optimize SOC Performance: Shift from reactive alert-handling to proactive semantic monitoring.
- Synergize Process & Tech: Implement out-of-band verification techniques to defeat highly convincing deepfake-enabled attacks.
- Execute with Precision: Master the "Thinking Transparency" mindset required to identify and investigate novel AI-specific threats.
What Participants Will Learn
AI Attack Taxonomy
Distinguish between direct and indirect prompt injection, deepfakes, and AI-personalized phishing attacks.
Forensic Investigation
Master the technical steps required to attribute attacks, decode exfiltrated payloads, and measure breach impact using token analysis.
Infrastructure Indicators
Understand why signals such as DMARC alignment, STIR/SHAKEN attestation, and SMTP log anomalies are often more reliable than content analysis when investigating AI-enabled attacks.
Who Should Attend
Learning Objectives
Workshop Outline
01Session 1: Cybersecurity Foundations – The AI Reality Check (45m)
Focus: M6 Foundation Check: AI Security
Deep Dive: Understanding LLMs as predictive token engines and how this facilitates machine-scale deception.
Case Study: The Arup Engineering breach — analyzing why human training failed against a $25M deepfake video call.
02Session 2: The AI Era – Detecting Personalized Lures (50m)
Focus: Detecting AI-Generated Phishing at Scale.
Technical Lab: Tracking RESULT:DELIVERED versus CREDENTIAL_SUBMIT events in SMTP logs.
Key Indicator: Why lookalike domains such as n0vapay-hr.com remain among the most durable indicators of compromise.
03Break & Networking (15m)
Dedicated networking session for participants to discuss AI-driven threats, investigative methodologies, and operational challenges.
04Session 3: Micro-Project – Forensic Investigation: Prompt Injection (30m)
Project: Prompt Injection in Enterprise AI Tools.
Hands-On Forensics:
- Attribution: Isolate
injection_succeededevents to identify the compromised account. - Impact: Sum token counts across successful events to scope the scale of data exfiltration.
- Payload Recovery: Use
base64 -dto decode intercepted payloads and reveal leaked API keys.
05Wrap-Up & Discussion (10m)
Strategy: Moving from Content Defense to Infrastructure & Process Defense.
Implementation: Establishing out-of-band callback protocols for high-value transactions and critical decision workflows.
About CyBe Global Labs
CyBe Global offers a suite of high-resolution, forensic-level training modules designed to prepare security professionals for the AI-driven threat landscape.
These courses emphasize Thinking Transparency — the ability to reconstruct attack chains and justify technical trade-offs during an investigation.
- Adversarial ML: Deep dives into the OWASP LLM Top 10.
- SOC in the AI Era: Detecting AI-personalized lures via infrastructure signals.
- Behavioral Anomaly Detection: Identifying attackers who condition baselines to evade alerts.
Our Sponsors
Building together, growing together
Lanyard
Altered Security
Workshop
Black Perl
Happy Hour
RedHunt Labs
Tickets
Arishti Consolidated
Student Scholarship
CloudSEK
Government Innovation Partner
Supporting Cybersecurity Excellence
Strategic Partners
Partners in Strategic Security
Community Partners
Strengthening the Security Community
Industry Conference Allies
Uniting industry voices for stronger security
Get Your Tickets
Choose the perfect pass for your cybersecurity journey at Vulncon 2026
All prices are exclusive of GST. Limited seats available. Book early to save more! 🚀
Training + Conference = Big Savings
Enhance your Vulncon conference by adding a hands-on training by our strategic partner Byt3con Trainings. When you book them together, you unlock a heavily discounted rate on your conference ticket.
Student Pass
3-Day Training + Conference Pass
Individual Pass
3-Day Training + Conference Pass
Corporate Pass
3-Day Training + Conference Pass
Bytes
Donavan Cheah
Sr Cybersecurity Consultant @ Thales
Ashwin Pandian
Associate Vice President @ Z47
Navaneethan M
Chairman, CXOCywayz
Kamal Sharma
Co-Founder @ AuthenticOne
Syed Shahrukh
Co-Founder @ CloudSEK
Ashwini Siddhi
Women Tech Leader
Muslim Koser
Vice President, Engineering - EASM @ Fortinet
Event Gallery
