BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsides-canberra-2025//speaker//WRJZM7
BEGIN:VTIMEZONE
TZID:AEST
BEGIN:STANDARD
DTSTART:20000326T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3;UNTIL=20050326T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20060402T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060401T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20070325T040000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=3;UNTIL=20070324T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20080406T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000827T030000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=8;UNTIL=20000826T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20011028T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20071027T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20081005T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2025-XLN9H3@pretalx.com
DTSTART;TZID=AEST:20250926T155000
DTEND;TZID=AEST:20250926T162000
DESCRIPTION:WordPress powers over 40% of the web\, making its plugin ecosys
 tem a prime target for attackers. While security researchers manually audi
 t plugins for vulnerabilities\, the ever-growing number of third-party ext
 ensions makes this approach inefficient. What if we could find all the vul
 nerabilities right after developers publish them?\n\nIn this talk\, we int
 roduce a research-driven methodology for identifying 0-day vulnerabilities
  in WordPress plugins using static code analysis. We will showcase how we 
 built a tool that continuously monitors the WordPress Plugin Repository vi
 a its SVN system\, detects newly pushed code or changesets in real-time us
 ing multi-threading\, and flags potentially dangerous patterns. By leverag
 ing static analysis\, the tool identifies sensitive functions and automati
 cally alerts researchers when risky code is introduced.\n\nWe will dive in
 to the inner workings of this automation\, discuss the challenges of scali
 ng static analysis for thousands of plugins\, and present real-world case 
 studies of zero-days uncovered using this technique.\n\nBy the end of this
  session\, attendees will walk away with a deeper understanding of how to 
 leverage real-time monitoring of the repository and static code analysis o
 n a mass scale for vulnerability research.
DTSTAMP:20260603T235724Z
LOCATION:Off-Main Track
SUMMARY:Catching WordPress 0-Days on the Fly - Ananda Dhakal\, Rafie Muhamm
 ad
URL:https://pretalx.com/bsides-canberra-2025/talk/XLN9H3/
END:VEVENT
END:VCALENDAR