Day 1 now includes @vxunderground, we are honored to have you join 🙏 x.com/vxunderground/status/2… Con's gonna kick off with a banger panel !

Back from break and now @IceSolst carrying us through Practical Security Engineering! And a sweet "How do we secure our product?" brainstorming session with the live chat for @_ContinuumCon_ 😎 continuumcon.com/

Super awesome presentation on AI agent security and sandboxes by @ZackKorman. Like seriously if you are trying to navigate this crazy AI stuff, Zack’s a great guy to follow. Best part is Zack literally is incapable of sugar coating things. Super pragmatic/no bs kinda approach Cc @_ContinuumCon_

There was so much from @brysonbort and @strandjs in today's @_ContinuumCon_ My favorite take was from Bryson around building relationships. One of things that makes a big difference in IR is having good relationships with different areas of the business. During an incident I know exactly who to contact. I am able to understand their work style, what they like/don't like. Who the backups are! This is huge when you can't get ahold of your main POC. IR can be more of a social exercise than anything else 😉 You also end up making long lasting friendships!

ContinuumCon 2026 - Day 2 x.com/i/broadcasts/1pJkOOAVl…

ContinuumCon 2026 - Day 2 x.com/i/broadcasts/1NxarrAOg…

hi @vxunderground

happy @_ContinuumCon_ day to all who celebrate youtube.com/watch?v=uQ4An3ih…

Through a series of shenanigan events, I will be participating in the @_ContinuumCon_ keynote I saw people discussing it. I joked if I could join. I was suddenly invited. I have no idea what I'm doing. tl;dr shitposted my way into giving a keynote, scared and confused

Doing an AMA style panel for our @_ContinuumCon_ opening keynote tomorrow! Since it’s an AMA, we need your questions to answer, drop them below! What do you want us to talk about? List anything you want to know more about below! Cc: @_JohnHammond @rekdt continuumcon.com/schedule/

🎤 ContinuumCon 2026 Spotlight - Keynote AMAs! Two live AMAs and both completely unscripted. These are your sessions. Bring the questions! 📅 Day 1 Keynote: "Panel AMA" with @rekdt Jamie Williams @Jun34u_sec @RachelTobac A four-person panel spanning social engineering, adversary emulation, and decades of hacker history. Bring your questions on any of it. Ask them anything you'd like. 📅 Day 2 Keynote: AMA "Spicy Rant" with @brysonbort @strandjs Two industry veterans, zero script, going off on whatever's broken, overhyped, or worth fighting about in security right now. Bring your hottest takes and your hardest questions! 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the labs on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 15 👉 "Hunting Prompt Injection: Breaking AI Applications and CI/CD Pipelines" by Mackenzie Jackson (@advocatemack), Field CTO at @AikidoSecurity 📝 Description Prompt injection started off as a bit of a gimmick. A way to make bots on Twitter say funny things or bypass a model's safeguards. But as we integrate AI into the fundamental workflows of our applications and build processes, it transforms into a critical threat, and one that is technically unsolvable. This workshop focuses on how to find, validate, and exploit prompt injection in the wild. You'll break down why it's unsolvable from a technological standpoint: LLMs process everything as unstructured tokens, so there's zero architectural boundary separating instructions from data. From there, it's hands-on. You'll start with basic chatbot injections, then build up to tricking AI-powered applications into leaking sensitive files and repository secrets. The finale recreates a critical pipeline vulnerability the team discovered inside Google's own Gemini CI/CD infrastructure. You'll see exactly how a sneaky instruction hidden inside a normal GitHub issue forced an AI agent to run shell tools and leak privileged GITHUB_TOKEN and GEMINI_API_KEY credentials into public view. Then you'll learn how to defend against it: restricting agent toolsets, isolating blast radius, and treating all AI output as untrusted. If you want to understand how to hunt prompt injection inside real applications, this workshop is for you. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 14 👉 "Offensive Threat Intel: Tracking & Disrupting Adversaries for Fun" by Josh Allman (@xorJosh) & Ben Folland (@polygonben), of CtrlAltIntel 📝 Description You don't need access to private telemetry or a job at a major security firm to hunt down threat actors in the wild and impose costs. Josh and Ben are proof. A couple of friends having fun built CtrlAltIntel and ended up making an impact on a global scale, supporting governments, military organizations, law enforcement, and more, all from analyzing public data. This workshop walks through how they did it, and how you can too. You'll learn their methodology for tracking adversaries using platforms like Hunt.io, Censys, and Shodan, complete with specific queries and real-world examples. Then, get in the driver's seat: - In The Hunt, you'll practice querying and pivoting from a single data point to identify and report active threat actor infrastructure. - In Mining Gold from Open Directories, you'll work with safe data from their previous hunts and run your own analysis. Their goal is simple: inspire you to give this a go and start taking down cybercriminals yourself. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 13 👉 "Hacking Over & Under The Wire" by Andy Piazza (@klrgrz), Senior Director of Threat Intelligence at Palo Alto Networks Unit 42 📝 Description Andy built this workshop for the version of himself 15 years ago, when everyone made getting started look easy and nobody bothered to show step one: setting up the environment. This one's for the n00bs who don't even know where to start. The ones overwhelmed by the idea of doing a CTF or setting up their own lab. The ones who tried to follow a tutorial and got lost on step one. He walks you through installing and configuring PuTTY, then jumps into Bandit on Overthewire.org for a live walkthrough of the first few SSH-based levels. From there, he moves to Century on Underthewire.tech and does the same with PowerShell, comparing each command to its Linux equivalent so you actually see the bridge between the two worlds. By the end, you've got a foundation in SSH and PowerShell, two CTF platforms you can keep practicing on for free, and an understanding of how the commands you're learning map to real-world work in Red Teaming, DFIR, and threat hunting. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 12 👉 "StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction" by Christopher Dio C., Chief Cyber Security Researcher at Radar IT Systems Inc. 📝 Description Cybercriminals have become digital artists of deception, practicing a technique called steganography: the ancient art of hiding secrets in plain sight. Traditional signature-based antivirus and static analysis tools are largely blind to these threats, leaving a critical gap in defense. In this workshop, we'll look at combining deep structural analysis of over a dozen file formats (JPEG, PNG, PDF, ZIP, WAV, and more) with adaptive heuristics, baseline profiling, and active probing to detect even the most sophisticated steganographic embeddings. We'll use StegoDefender to extract and decode hidden payloads, harvest network indicators (URLs, IPs, domains, crypto addresses), and integrate YARA rules for signature-based threat identification. If you're a threat hunter, DFIR analyst, or malware researcher, this is the workshop that helps with a blind spot in your stack. 🎟️ Only at ContinuumCon 2026: June 12 - 14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight # 11 👉 "What the Current and Future of Iranian & Other Nation-State APT Cyber Attacks Look Like" by Douglas Kaluhiokalani, Founder of Cyber Kata, LLC 📝 Description Nation-state cyber operations don't slow down. They evolve. This session looks at where Iranian and other nation-state APT activity is right now, and where it's heading next. We'll walk through TTPs of threat groups making active news, including Handala (responsible for the Stryker attack) and the resurgence of MuddyWaters with their GhostBackdoor implant. We'll also dig into how the war with Iran has changed the threat landscape and exposed Blue Teams to new categories of attack. You'll get a look at runbooks built for MS Sentinel, designed to be adapted to whatever security tooling your team already uses. The focus throughout is on what Blue Teams should actually be doing to defend. If you work in threat hunting, threat intelligence, or detection engineering, this one's for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

🚨 Workshop Spotlight # 10 👉 "Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software" by Smit Nayak, Cyber Security Analyst at Sypram 📝 Description WannaCry crippled thousands of systems in 150 countries in 2017, signaling a new era in cyber threats worldwide. So why look at it now? Behind all the hype is a goldmine of information for forensic science and real-world recovery tactics. This session takes a forensic investigator's view of WannaCry, covering the malware in detail and walking through methods for recovering, analyzing, and interpreting the artifacts it leaves behind, even after encryption and system compromise. You'll be guided through a realistic forensic reconstruction of a WannaCry-infected system using open-source tools like Autopsy and Volatility. The session covers finding ransom notes and IOCs, extracting memory data, locating encrypted file remnants, and recovering partial data through shadow copy remnants and file carving. If you work in digital forensics, hunt threats, or are trying to sharpen your ransomware incident response process, this one's for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight #9 👉 "Killing Active Directory Attack Paths Once and For All" by Spencer Alessi (@techspence), Sr. Penetration Tester at @SecurIT360 📝 Description Active Directory attack paths are what turn small weaknesses into full domain compromise. After pentesting 150 organizations in the last 5 years and performing over 1,000 hours of internal pentesting in 2025 alone, one of the biggest security mistakes I see IT Admins make is logging into untrusted workstations with their Domain Admin account. In this workshop, we’re going to learn how easy it is for an attacker to compromise a domain from an untrusted workstation and how to prevent it, even if the attacker has Domain Admin (DA) credentials. We’ll cover: - Why Active Directory (AD) still matters - AD attack path pre-requisites - Two common lateral movement attacks - Hardening controls to block these two attack paths Not only will you be able to play the role of the attacker and carry out the attacks yourself, but you’ll also be put in the defender seat and guided through setup and configuration of security controls in Active Directory to block the attacks. If you’re responsible for managing and/or securing Active Directory, this workshop is for you. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

🚨 Workshop Spotlight #8 👉 "How to Analyze Malware" by Matthew Nguyen 📝 Description A practical introduction to malware analysis for beginners, focused on building a foundational workflow rather than diving straight into reverse engineering. You'll cover the key principles of a safe lab setup, basic static analysis, and dynamic analysis using sandbox environments and tools you can run in your own lab (like FlareVM). The session includes a guided walkthrough of a real malware sample pulled from a malware database, with attention to the techniques you'll encounter most often: persistence mechanisms and command-and-control communication. By the end, you'll have a clear framework for analyzing malware, an understanding of the common techniques malicious software uses, and the confidence to begin your own analysis safely. 🎟️ Only at ContinuumCon 2026: June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect !

ContinuumCon Teaser: solst/ice, Zack Korman, & Spencer Alessi!! x.com/i/broadcasts/1jxXggjva…