2.0 -//Pentabarf//Schedule//EN PUBLISH 7QKCSC@@pretalx.com -7QKCSC Accelerating Progress: Shifting from a Reactive to Proactive Approach in Cybersecurity en en 20250426T090000 20250426T094000 0.04000 Accelerating Progress: Shifting from a Reactive to Proactive Approach in Cybersecurity PUBLIC CONFIRMED Keynote https://pretalx.com/bsides-exeter-2025/talk/7QKCSC/ Auditorium Heather Lowrie PUBLISH UAWWPS@@pretalx.com -UAWWPS Aftermath: The human cost of ransomware en en 20250426T094500 20250426T102500 0.04000 Aftermath: The human cost of ransomware PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/UAWWPS/ Auditorium Adrian Taylor PUBLISH 8Y8MPQ@@pretalx.com -8Y8MPQ Prompt-ing the Injection - LLMs Under Attack! en en 20250426T103000 20250426T105000 0.02000 Prompt-ing the Injection - LLMs Under Attack! This talk begins by explaining the fundamental workings of LLMs, detailing how these models generate responses based upon the prompts they recieve. With this understanding, the session shifts focus towards specific vulns that arise when threat actors manipulate inputs to influence the models outputs. Through live demonstrations, attendees will seek how attackers can exploit these vulnerabilities, simulating real world scenarios where prompt injection is used to cause unintended behaviour or access confidential data. The talk will emphasise the importance of recognising these threats as LLMs become more integrated into applications across industries. This talk will finish with a summary of the elements, and how organisations could defend against these. PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/8Y8MPQ/ Auditorium Smitha Bhabal PUBLISH AHBT98@@pretalx.com -AHBT98 Security mismatch. Organisational users have different IT expectations from system administrators. Using organisational culture to close the gap en en 20250426T105000 20250426T111000 0.02000 Security mismatch. Organisational users have different IT expectations from system administrators. Using organisational culture to close the gap Computer users get more sophisticated in their use of applications every day. Organisations typically have one application type for each job function, and double-down on security for those applications and the platforms that support them. Users see their application use as quicker and more efficient than the official way, and take short-cuts, often breaking policy to do so. This has been happening for many years, and as apps get more sophisticated, the gulf between end-users and system administrators gets wider. What can be done to close the gap? The role of organisational culture is examined, and conclusions tentatively drawn. Academic research that followed based on types of organisational culture and extent of mismatch. All organisations would participate anonymously. PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/AHBT98/ Auditorium Richard Henson PUBLISH D7MRHZ@@pretalx.com -D7MRHZ The Art of Threat Modelling en en 20250426T111000 20250426T113000 0.02000 The Art of Threat Modelling Threat Modelling isn't boring! This talk is aims to show you this in a fun, fast paced and engaging way looking at: * The fundamentals of threat modelling * How you can Threat Model anything * The use of your operational data, such as threat intel or post incident reviews, to help better shape your outputs Enjoy PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/D7MRHZ/ Auditorium Deleted User PUBLISH LAXSZ9@@pretalx.com -LAXSZ9 How to Hack Yourself en en 20250426T114000 20250426T122000 0.04000 How to Hack Yourself PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/LAXSZ9/ Auditorium Stuart Baker PUBLISH SRMVWC@@pretalx.com -SRMVWC Battle-Tested Incident Recovery: Lessons from the Front Lines en en 20250426T122000 20250426T130000 0.04000 Battle-Tested Incident Recovery: Lessons from the Front Lines PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/SRMVWC/ Auditorium Jack Hughes PUBLISH 33CQKT@@pretalx.com -33CQKT Hacktivists V2.0 en en 20250426T140000 20250426T144000 0.04000 Hacktivists V2.0 PUBLIC CONFIRMED Keynote https://pretalx.com/bsides-exeter-2025/talk/33CQKT/ Auditorium lisa forte PUBLISH FRL7UC@@pretalx.com -FRL7UC Grand Social Engineering - DevSecOps and Influence en en 20250426T144500 20250426T152500 0.04000 Grand Social Engineering - DevSecOps and Influence DevSecOps is more than just technology—it’s a fundamental shift in mindset, culture, and collaboration. While many organizations focus on tools and automation, the real challenge lies in leading people through this transformation. This talk will explore the psychological and organizational change management techniques essential for driving a successful DevSecOps journey. We’ll begin by examining a change model like Kotter’s 8-Step Change Model, a structured approach to transformation that helps organizations create urgency, build coalitions, and embed lasting change. Understanding these steps enables leaders to navigate resistance and foster buy-in at all levels. We will also look psychological safety, a critical factor in high-performing teams. Using David Rock’s SCARF Model we’ll explore how to create environments where developers, security, and operations teams can collaborate without fear. Psychological safety is the foundation for open discussions, continuous learning, and innovation in security practices. Finally, Influence and communication play a crucial role in transformation. We’ll discuss key techniques such as mirroring and active listening, which enhance trust and alignment. Understanding the principles of negotiation and persuasion allows leaders and change agents to align stakeholders, overcome objections, and drive meaningful action. I will talk through my own experiences applying these models in the context of DevSecOps. Whether you are a leader, engineer, or security professional, this talk will equip you with the tools to influence change, foster collaboration, and make an impact. PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/FRL7UC/ Auditorium Seb Coles PUBLISH YVFNNG@@pretalx.com -YVFNNG Hacking the Job Market: Double Your Chances of Landing an Ethical Hacker Role en en 20250426T153000 20250426T161000 0.04000 Hacking the Job Market: Double Your Chances of Landing an Ethical Hacker Role PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/YVFNNG/ Auditorium Mikael Svall PUBLISH 7BBYE8@@pretalx.com -7BBYE8 The (Un)Natural History of Malware en en 20250426T163000 20250426T171000 0.04000 The (Un)Natural History of Malware PUBLIC CONFIRMED Keynote https://pretalx.com/bsides-exeter-2025/talk/7BBYE8/ Auditorium Lena Yu PUBLISH SD3YF8@@pretalx.com -SD3YF8 Why should professionalism matter to you? en en 20250426T094500 20250426T102500 0.04000 Why should professionalism matter to you? I will provide a detailed synopsis of the move to professional registration that has been instigated by the UK Cyber Security Council, backed by central Government and funded by DSIT. There is still confusion in the technical security community about why a Professional Title matters, so I will explain the direction and the effect this is going to have on job searches in the near future. I will also talk about CPD, ethics and standards, and giving back to the industry, and how this should be recorded if you are an offensive consultant - what counts, what doesn't, and what YOU think should count. I'll ask attendees to give me their opinions about this and the move towards professionalisation as a whole. I'll open the floor to questions so we can discuss whether you think this is a good idea, how much you're willing to invest on your individual career path, and how to progress from Associate to Chartered status as your career progresses. PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/SD3YF8/ Seminar Room 1 Debi McCormack PUBLISH NRP3EG@@pretalx.com -NRP3EG HODL Your Keys: How Seed Phrases Get Stolen en en 20250426T103000 20250426T105000 0.02000 HODL Your Keys: How Seed Phrases Get Stolen In this talk, we will break down how crypto wallets work, how seed phrases are generated, and the most common ways they get compromised. More importantly, we'll arm you with best practices to keep your crypto safe. Whether you're a seasoned trader or just starting out, this session will help you fortify your defenses in the ever-evolving landscape of digital finance. PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/NRP3EG/ Seminar Room 1 Mykhailo Shtepa PUBLISH VJACQJ@@pretalx.com -VJACQJ One Flew Over the Auditors Nest (Dodging the Pitfalls of Compliance) en en 20250426T105000 20250426T111000 0.02000 One Flew Over the Auditors Nest (Dodging the Pitfalls of Compliance) An Information Security Management System (ISMS) is the backbone of an organisation's approach to tackling information security. The most widely known ISMS framework, lauded through the Halls of Compliance, is ISO27001. You've probably heard of it! The ISMS is there to provide a structured approach in protecting organisational and client data in a way that is best suited to the business needs. Some businesses may have an ISMS to generally improve their information security, others may try to implement one for tendering purposes. Though many understand generally what is required, many misinterpret, overlook or outright miss areas that could result in the very foundations of the ISMS crumbling and cracking. "But what are these areas that are so often missed?" I hear you cry. An excellent question! In this talk, I will uncover the five most common nonconformities and how to effectively remediate them that I've encountered during my 4 year tenure as an ISO27001 Lead Auditor. Though the talk will primarily be focused on ISO27001, the knowledge gained can still be applied to any ISMS, regardless of the framework. So come along so you can learn from these experiences and help improve your own ISMS or - if you're an auditor or implementer - further improve your knowledge! PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/VJACQJ/ Seminar Room 1 Chris PUBLISH W9CQR7@@pretalx.com -W9CQR7 Black Belt Security - Lessons From Karate en en 20250426T111000 20250426T113000 0.02000 Black Belt Security - Lessons From Karate The presentation will start with an introduction and explanation of why I'm talking on this topic. I will explain that as a Nidan (second dan) black belt in karate working in cybersecurity, I'm in a position to draw lessons between the two. It will then say what it will not be: a karate class, Cobra Kai, or a history lesson. The main part of the presentation will consider the three main aspects of karate, kihon (basics), kata (set patterns of moves), and kumite (sparring). It will explain what each of these areas are, what they require from the practitioner, and how they apply to cybersecurity. This will be backed up with anecdotes and examples that I've gathered during my time learning karate. After the three main areas, the presentation will cover the "black belt level" of tips, the lessons that might not be obvious to a beginner but become clearer as they progress through the grades. The presentation will take a light-hearted approach, avoiding technical descriptions or confusing jargon. No previous experience or knowledge of karate will be required. PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/W9CQR7/ Seminar Room 1 Rudi van der Heide PUBLISH ZJ8PKK@@pretalx.com -ZJ8PKK Ctrl panic + Alt response plans + Del the drama: Best practices for incident response en en 20250426T114000 20250426T122000 0.04000 Ctrl panic + Alt response plans + Del the drama: Best practices for incident response Over 50% of organisations in the UK experienced a cyber breach or attack in the last 12 months, yet only 22% have a formalised incident response plan (DSIT Cyber Breaches survey). With organisations now relying on digital systems to operate, it’s important to consider what you do when things go wrong. Who do you contact? Who is responsible for what? Should technical teams just switch everything off? Do we send all our staff to the pub whilst we figure this out? These are just some of the questions that businesses should consider when building their incident response plans and the technical response to an incident. The session will signpost attendees to a number of free incident response resources, and we will cover what you can expect from a law enforcement response to cyber attacks. PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/ZJ8PKK/ Seminar Room 1 South West Regional Economic and Cyber Crime Unit (SWRECCU) PUBLISH KVVXM3@@pretalx.com -KVVXM3 The Uncomfortable War: Keeping Kids Safe. en en 20250426T122000 20250426T130000 0.04000 The Uncomfortable War: Keeping Kids Safe. As children become more immersed in the online world, they face unprecedented risks that many parents, educators, and even security professionals struggle to keep up with. From cyberbullying and online predators to exposure to inappropriate content and data privacy concerns, protecting kids online is becoming increasingly challenging. In this discussion, we will explore the most pressing dangers children face today, and provide practical, actionable steps that adults can take to safeguard young users. We'll cover tools, techniques, and strategies (and maybe even make a few of our own!) to help create a safer online experience for the next generation of potential security leaders...maybe. PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/KVVXM3/ Seminar Room 1 Joe wells PUBLISH CDBWSY@@pretalx.com -CDBWSY Super Pets - The Hero you didn't know you had in your house! en en 20250426T144500 20250426T152500 0.04000 Super Pets - The Hero you didn't know you had in your house! This session will dive into traffic distribution systems, how they work and how they are leveraged by criminal groups. Most importantly we'll discuss how we can look to defend ourselves. PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/CDBWSY/ Seminar Room 1 Gary Cox PUBLISH UHAECY@@pretalx.com -UHAECY Buffy vs. Phishing: Slaying Cyber Threats Sunnydale Style en en 20250426T153000 20250426T161000 0.04000 Buffy vs. Phishing: Slaying Cyber Threats Sunnydale Style PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/UHAECY/ Seminar Room 1 Andreea Mihai PUBLISH HDPXVF@@pretalx.com -HDPXVF Is Your Phone Spying on You? An In-Depth Analysis of Vulnerabilities in Cisco VoIP Phones en en 20250426T094500 20250426T102500 0.04000 Is Your Phone Spying on You? An In-Depth Analysis of Vulnerabilities in Cisco VoIP Phones PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/HDPXVF/ Seminar Room 7 Balazs Bucsay PUBLISH LQTB8N@@pretalx.com -LQTB8N Zero to Pentester: My ‘root’ into Cyber en en 20250426T103000 20250426T105000 0.02000 Zero to Pentester: My ‘root’ into Cyber This presentation focuses on my transition into cyber security from oil & gas, and how I transferred skills from a completely different role and industry to succeed in my current day-to-day role. There seems to be a misconception in the security space which leans on the idea that success in this industry only comes from graduating from university with a degree in cyber security. Penetration testing is a consultancy-focused role (or should be), therefore client communication is a key skill. Having the ability to effectively communicate technical information to a non-technical audience is a prime example of a skill that makes a great consultant. For example, there's a critical difference between being able to execute a complex DOM-based Cross-Site Scripting attack and the ability to explain the risk of the attack, and how it could be leveraged to contextually affect a specific system. Although certain technical aspects will be noted in this talk, it is more weighted towards having the correct mindset and objectives. Moving from a completely different industry into one as technical as ethical hacking can be daunting, and navigating the plethora of information available can be a task in itself. However, it’s important to maintain a positive outlook and set reasonable goals, as mindset is far more powerful than prior knowledge. The old saying goes: "Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime." The same applies to learning in cyber security. You can either gain knowledge to overcome a single task or adopt a mindset and work ethic that allow you to tackle a hundred tasks. This goes both ways—employers should recognise talented candidates based on proven work ethic and drive, demonstrated through achievements on platforms like Hack The Box, TryHackMe, TCM Security, A Cloud Guru, and YouTube, rather than overlooking them simply for not holding a cyber security degree. In this talk, I delve into how I progressed to the level of a Senior CTL APP Pentester, providing actionable tips for industry newcomers and those looking to transition into cyber security. PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/LQTB8N/ Seminar Room 7 Ross Mitchell PUBLISH FBYR9G@@pretalx.com -FBYR9G Analyzing the Impact of Spectre and Meltdown Vulnerabilities on Modern Computing Systems: A Case Study en en 20250426T105000 20250426T111000 0.02000 Analyzing the Impact of Spectre and Meltdown Vulnerabilities on Modern Computing Systems: A Case Study The Illusion of Safety Superimposed on a System Prioritizing Performance Over the years, in their pursuit of fine-tuning hardware architecture to meet our aspirations of performance and safety, designers faced a fundamental question: which one can we deliver to the public while maintaining their trust that this is a secure system? However, this delicate balance was shattered when a fatal flaw was discovered, affecting modern architectures in a way that wasn't fully preventable by software patches alone. PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/FBYR9G/ Seminar Room 7 Mohammed Mohtesham Ali Abhishek Aggarwal PUBLISH JTGJXG@@pretalx.com -JTGJXG Custom Scripts and tools for pen testing: a beginner's guide en en 20250426T111000 20250426T113000 0.02000 Custom Scripts and tools for pen testing: a beginner's guide PUBLIC CONFIRMED Rookie Talk https://pretalx.com/bsides-exeter-2025/talk/JTGJXG/ Seminar Room 7 Adam Crease PUBLISH KYLMU8@@pretalx.com -KYLMU8 Cybersecurity Threats and Attacks in Modern Manufacturing en en 20250426T114000 20250426T122000 0.04000 Cybersecurity Threats and Attacks in Modern Manufacturing PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/KYLMU8/ Seminar Room 7 Achim D. Brucker PUBLISH CNHPUV@@pretalx.com -CNHPUV The Single-Packet Shovel: Digging For Desync-Powered Request Tunnelling en en 20250426T122000 20250426T130000 0.04000 The Single-Packet Shovel: Digging For Desync-Powered Request Tunnelling PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/CNHPUV/ Seminar Room 7 Thomas Stacey PUBLISH D3TBA7@@pretalx.com -D3TBA7 Beacon Harvest: Conquering Cobalt Strike at Scale en en 20250426T144500 20250426T152500 0.04000 Beacon Harvest: Conquering Cobalt Strike at Scale Although Cobalt Strike was originally developed for ethical hacking and red teaming, the platform’s robust features have increasingly drawn the attention of malicious actors. From state-sponsored APTs to hacktivists and cybercriminals, adversaries leverage Cobalt Strike for sophisticated and stealthy attacks. In this session, we will demonstrate our end-to-end process for: - Continuously harvesting Cobalt Strike payloads from VirusTotal - Automating the de-obfuscation of extracted samples - Identifying and extracting key IOCs, such as C2 infrastructure and configuration details We will walk through the custom scripts and tooling that power this pipeline, sharing the challenges and lessons learned in scaling up analysis. Attendees will see how to convert vast quantities of malware data into timely, actionable intelligence to enhance detection, incident response, and overall security posture. By studying these real-world payloads, defenders can better understand how threat actors abuse Cobalt Strike and apply those insights to fortify their defences. PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/D3TBA7/ Seminar Room 7 Ben (@polygonben) PUBLISH 33YKMS@@pretalx.com -33YKMS Paint Me Like One of Your Firmwares en en 20250426T153000 20250426T161000 0.04000 Paint Me Like One of Your Firmwares PUBLIC CONFIRMED Talk https://pretalx.com/bsides-exeter-2025/talk/33YKMS/ Seminar Room 7 Callum T