Bsides Cymru 2025

Technical tool knowledge isn't enough in incident response. This talk reveals what separates exceptional responders from the rest: understanding the 'why' behind forensic evidence and mastering the soft skills that matter when executives are panicking. Discover the skills that truly count when organisations face their worst moments.

Join as we discuss how to hijack trusted .NET binaries and find the perfect binary for your Red Team engagement.

Specifically, this talk will cover the background on:
- How to build your own .NET hijacking tool to launch malicious DLLs on Windows systems.
- Leveraging VirusTotal to identify the perfect trusted .NET binary for your target environment.

We don't all think the same. Perhaps as many as one in three entrepreneurs
self-identify as neurodivergent. As engineers, managers, consultants, and
business leader our point of
reference is ourselves. By default, we will engineer a product or a
process to make sense to the way we experience the world. Two individuals
may process the events in very different ways
and both perspectives are equally valid. The nature of each
response may literally be part of their DNA and/or environmental
conditioning. This aspect of designing product and process is often overlook,
but becomes business critical when a
behavioural response, such as choosing not to click a phishing link, is
a organisations last and critical line of defence against cyber-attack.

We explore how expecting individuals to simulate an others
perceived preferences and responses, is tiring and error prone.
Expecting conformity fails to deliver a robust security response when
product and process are exposed to real world conditions.

A.I. (Large Language Models) are trained on a data set which is
produced in large part by neurotypical authors or writing in a
neurotypical style. We conclude by identifying where AI can skew the
real world security effectiveness of product and process when biased
with neurotypical assumptions in training.

As a London-based security researcher specialising in open-source intelligence (OSINT) and attack surface discovery, I am excited to attend BSides Cymru and share my work with the wider security community. This talk introduces a DNS-based OSINT methodology for uncovering products, services, and supply chain dependencies through large-scale DNS TXT record scanning. By integrating this technique into widely used tools like Nuclei and Amass, the talk provides actionable tactics for both red teamers and defenders to identify inadvertent information leakage, enhance reconnaissance workflows, and gain a deeper understanding of an organisation’s digital footprint.

Explore how aviation’s crisis management strategies can inform cybersecurity practices. This session addresses the psychological impact of crises, the importance of open communication, and practical approaches to managing unpredictable situations with confidence and composure.

Modification of most of the elements of AI models can be trivial and completely undetectable, however very little is being done to address these core, fundamental concerns. In addition, Large Language Models (LLMs) are now harvesting AI-generated content which is inaccurate, potentially leading major LLMs into a death spiral of false information.

This talk gives examples of real-life attacks against AI models and explains how we address these issues and build better, robust AIs to avoid future human catastrophe.

Madelaine Thomas is the founder of Image Angel, a company dedicated to combating non-consensual intimate image (NCII) abuse online using forensic watermarking. Their survivor-led work has been recommended as best practice by the UK Department for Science, Innovation and Technology. Madelaine will open up about her journey from Dominatrix to tech founder, giving a peek into how her experience as a survivor informs the company's movements and the challenges that come with entering the world of entrepreneurship without the corporate foot in the door.

Android is the most popular operating system in the world. Our phones, smartwatches, televisions, set-top boxes and autoplay systems run it. As we rely on these devices, we come to trust them with our most sensitive information. Therefore, it’s only natural that malware developers want their pick at such a lucrative target.

There have been many reported cases of android malware, but how does it hold up under analysis? This talk will serve as a practical starting point for you to find that out, covering the fundamentals of malware analysis for android. We will explore a sample of android malware, the process of analysing it, and analysis techniques both static and dynamic.

By the end of this talk, you will be able to take what you have learned and apply it to conduct research of your own. Taking a step into what is an interesting and rewarding area of infosec demanding a unique skillset.

APT, Skids and cyber criminals, all make mistakes. Join us as we demystify "sophisticated" cyber attacks and what they really look like behind the scenes and who's operating them and how much they fucking suck.