BSides SATX 2026 · Speaker

LLM-Assisted Phishing in Practice.

Talk resources, defensive training offerings, and a BSides SATX–only engagement offer for the first five inquiries. If you saw the talk, this is where to start.

The Talk

What was covered.

A real adversary simulation engagement against a national enterprise. Cloned an executive's voice from a single podcast appearance, ran a phishing call against the organization's help desk, walked away with high-privilege network admin credentials about five minutes in. The talk walks the full setup — what worked, what didn't, what I'd do differently.

First public presentation of the original work. Built the methodology at TrustedSec where it grew from an internal experiment into a billable service. A colleague later included aspects of this engagement in a talk at Wild West Hackin' Fest. This talk covers engagement detail not in the prior presentation.

Practitioner-focused. No vendor pitch. Reproducible with any frontier LLM and a commercial voice-cloning service.

Defensive Training

Train against this attack class.

DT-1
Help Desk Verification Hardening
1 week · fixed-fee
Audit of current help desk verification procedures and a redesigned flow with mandated out-of-band steps for credential resets, MFA resets, and high-privilege account changes. Deliverables: written SOP for agents, escalation matrix, callback script template, and a one-page authority-limit card for the agent floor. Optional add-on: phishing simulation against the new procedure to validate it under pressure.
Contact for scope →
DT-2
AI Social Engineering Defense Workshop
Half-day or full-day · remote or on-site
Live workshop for help desk, IT support, and security operations. Purpose-built demonstration kit: voice clones produced from controlled source audio, LLM-written pretexts targeting fabricated org personas, all side-by-side with operator-written equivalents. No client recordings; no NDA exposure for participants. Deliverables: workshop delivery, take-home reference cards for agent workstations, and a session recording you own and can re-deliver internally for new-hire onboarding.
Contact for scope →
DT-3
Detection-to-Response Tabletop
1 week · prep + delivery + report
Walk your IR runbooks against a realistic five-minute AI-social-engineering escalation timeline. Where can a credential be used between issuance and revocation? Which controls block lateral movement during alert triage? Deliverables: written gap analysis with prioritized remediation, runbook annotations showing where the response time goes, and a tabletop scenario pack your team can re-run quarterly.
Contact for scope →
Slides

The deck.

Available after the live talk. Email me and I'll send it directly, or check back once it's posted here.

Request the deck →
Services

The methodology is a service.

AI-T1
LLM Red-Team Assessment
2 weeks · fixed-fee
Adversarial testing against a target LLM application or AI-assisted social engineering scenario. Prompt injection, jailbreak resistance, system prompt extraction, RAG poisoning where applicable, voice and pretext work where in scope. Full report with reproduction steps and severity ranking.
All tiers →
BSides SATX Only

Free AI Exposure Recon — first five.

First five inquiries through this page get a free AI-T0 Exposure Recon engagement. No catch, no contract bait. If the report comes back clean, it says so.

Scope of the recon: Public-facing AI surface check — exposed model endpoints (Ollama, vLLM, LangServe), unprotected vector databases, leaked LLM provider keys, Gradio and Streamlit deployments without auth. Snapshot report with each finding mapped to remediation. 2–3 business days delivery once scoped.
How to claim: Email shane@ohmsecurityadvisory.com with the subject BSIDES-SATX — Free AI-T0 Recon. Include your domain. First five emails win. Scoping call must hit the calendar within 90 days of the talk; report delivery on standard AI-T0 turnaround once kicked off.
Doesn't quite fit? Some environments don't have a meaningful public-facing AI surface yet. If yours doesn't, but you want a look at help-desk verification, agent platform security, or internal LLM applications, reach out anyway. The offer flexes for clear in-kind work at the AI-T0 level of effort.
Contact

Talk through your environment.

Help desk, AI product, or cloud posture. 15 minutes is enough to figure out whether there's an engagement worth scoping.

Get in touch