Panagiotis Fiskilis
Senior Penetration Tester at NVISO
Athens, Greece
Actions
Panagiotis is a Senior penetration tester @ NVISO, with multiple years of experience in ethical hacking and Red Teaming, interested in API hacking, Active Directory hacking and malware development.
Panagiotis is CRTO, OSCP, OSWA and eWPT certified
Panagiotis is also an active student at the University of West Attica
Links
Area of Expertise
Open Sesame: The API Defenders - A Superhero’s Quest for Digital Justice
This talk is a war story from the frontlines of API security. It recounts an in-depth assessment that began with minimal privileges and escalated into a full administrative account takeover. Starting from a grey-box testing scenario with a simple user account, the narrative unfolds the discovery and chaining of critical vulnerabilities—broken authentication, broken authorization, and insecure password reset mechanisms—into a comprehensive killchain.
Rather than delving into technical explanations of these vulnerabilities, the session emphasizes the critical lesson learned: the necessity of integrating robust security practices into every phase of the Software Development Life Cycle (SDLC) for internet-facing APIs. Attendees will gain insights into how attackers can chain seemingly minor oversights into a devastating breach, underscoring the high stakes of API security and the imperative for proactive, secure development practices.
Join me for an engaging exploration of this real-world example, and learn actionable strategies to safeguard your digital infrastructure against sophisticated, multi-stage attacks.
Evading EDRs for fun and profit (mostly profit): A quick and dirty overview
In this talk we will learn about EDR evasion, in this quick and dirty workshop/overview from day2day Red Team exercises. We will unleash the power of C/C++ and the power of syscalls to evade commercial EDRs. Furthermore, we will learn all about how an EDR works.
EDR Evasion Basics
In this talk we will learn about the basics techniques of EDR evasion and how we (as Red Teamers) can create implants that are either undetected or create some Low alerts, using the power of low level C/C++ programming with systemcalls
BSides Kraków 2025 Sessionize Event
Security BSides Athens 2025 Sessionize Event
Security BSides Sofia 2025 Sessionize Event
Security BSides Athens 2024 Sessionize Event
Panagiotis Fiskilis
Senior Penetration Tester at NVISO
Athens, Greece
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top