{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://pretalx.com/bsides-exeter-2026/schedule/", "version": "1.0", "base_url": "https://pretalx.com", "conference": {"acronym": "bsides-exeter-2026", "title": "Bsides Exeter 2026", "start": "2026-04-25", "end": "2026-04-25", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "Europe/London", "colors": {"primary": "#171717"}, "rooms": [{"name": "Auditorium", "slug": "5191-auditorium", "guid": "639e47f0-7158-599a-8931-98e60072093f", "description": null, "capacity": null}, {"name": "Seminar Room 1", "slug": "5192-seminar-room-1", "guid": "bb8752f6-6023-52e1-9d1d-951197ae12a8", "description": null, "capacity": null}, {"name": "Seminar Room 7", "slug": "5193-seminar-room-7", "guid": "e02b20c0-816e-5fb4-baf2-996a8c9eaa9d", "description": null, "capacity": null}], "tracks": [{"name": "Purple", "slug": "6711-purple", "color": "#9340ff"}, {"name": "Red", "slug": "6712-red", "color": "#ff0022"}, {"name": "Blue", "slug": "6713-blue", "color": "#0000ff"}], "days": [{"index": 1, "date": "2026-04-25", "day_start": "2026-04-25T04:00:00+01:00", "day_end": "2026-04-26T03:59:00+01:00", "rooms": {"Auditorium": [{"guid": "f30dcce8-c6b3-58b6-8d49-d9f7a54690c8", "code": "VQAP9B", "id": 94852, "logo": null, "date": "2026-04-25T09:00:00+01:00", "start": "09:00", "duration": "00:45", "room": "Auditorium", "slug": "bsides-exeter-2026-94852-from-incident-to-influence-leading-through-the-unexpected", "url": "https://pretalx.com/bsides-exeter-2026/talk/VQAP9B/", "title": "From Incident to Influence - Leading through the Unexpected", "subtitle": "", "track": "Purple", "type": "Keynote", "language": "en", "abstract": "Security leadership isn\u2019t a destination you reach; it\u2019s a structure you build, one crisis at a time. Drawing on a twenty-year journey from the high-stakes environments of central government to the sharp end of security leadership, Harriet deconstructs the building blocks of a modern security leader.", "description": "Beyond the technical playbooks, what are the component parts that actually hold a team together when the unexpected happens? This talk moves past the CV to explore the learned experiences, the essential soft skills, and the quiet influence required to lead when the playbooks end. \r\n\r\nWhether you are an aspiring leader or a seasoned security professional, you\u2019ll leave with a clearer map of the component parts that turn a technical expert into a resilient leader.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SGE7QY", "name": "Harriet Sharma", "avatar": "https://pretalx.com/media/avatars/HZPMYV_Mcf47xE.webp", "biography": "TBD", "public_name": "Harriet Sharma", "guid": "622557f8-4421-5147-860f-76901eeb700c", "url": "https://pretalx.com/bsides-exeter-2026/speaker/SGE7QY/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/VQAP9B/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/VQAP9B/", "attachments": []}, {"guid": "d82dec04-11ad-5b36-b17c-9cca599a7610", "code": "QLU9FP", "id": 88200, "logo": null, "date": "2026-04-25T09:45:00+01:00", "start": "09:45", "duration": "00:40", "room": "Auditorium", "slug": "bsides-exeter-2026-88200-quantify-to-defend-quantifying-risk-to-drive-proactive-security-decisions", "url": "https://pretalx.com/bsides-exeter-2026/talk/QLU9FP/", "title": "Quantify to Defend: Quantifying Risk to Drive Proactive Security Decisions", "subtitle": "", "track": "Purple", "type": "Talk", "language": "en", "abstract": "Proactive cyber defence relies on knowing where to act first - yet many security teams still depend on qualitative risk ratings that offer limited insight into likely loss, control effectiveness, or defensive impact.\r\n\r\nThe session explores how cyber risk quantification enables a more proactive, intelligent-led approach to defence. By expressing cyber risk in measuravble terms, practitioners can anticipate where attacks are most likely to cause harm, focus defensive effort where it matters most, and justify security improvements before incidents occur. The talk positions cyber risk quantification as a practical decision-support capability that strengthens prevention, resilience, and preparedness.", "description": "By the end of this session, attendees will be able to:\r\n\r\n1. Explain how cyber risk quantification supports proactive cyber defence\r\n\r\n2. Identify high-impact threat scenarios relevant to your business\r\n\r\n3. Prioritise defensive controls based on measurable risk reduction", "recording_license": "", "do_not_record": false, "persons": [{"code": "NWGSTY", "name": "Laurie Gibbett", "avatar": "https://pretalx.com/media/avatars/NWGSTY_9PEuB1I.webp", "biography": "Laurie is a security strategy and risk practitioner who's work centres on ensuring cyber risk is relevant, proportionate, and clearly linked to organisational objectives, decision-making and value protection.\r\n\r\nCreative by nature, Laurie brings visual thinking and clarity to complex security problems. She has a strong eye for detail but consistently focuses on the bigger picture, distilling key messages that resonate with both technical and non-technical stakeholders. She specialises in assessing cyber risk exposure in financial and operating terms, helping organisation prioritise defensive investments that genuinely reduce risk to the business. \r\n\r\nOutside of work, Laurie lives on the North Devon coast and is a keen rower, so enjoys the balance that coastal life has to bring alongside working in the fast-paced industry of cyber. \r\nAs a UK STEM Ambassador. she dedicates time to support outreach activities and mentoring students who are considering careers in cyber security, helping to build the next generation of cyber professionals.", "public_name": "Laurie Gibbett", "guid": "3b20a93a-e566-5dfc-8329-073d8fa8fa05", "url": "https://pretalx.com/bsides-exeter-2026/speaker/NWGSTY/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/QLU9FP/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/QLU9FP/", "attachments": []}, {"guid": "c1e769cb-141f-5005-ab22-035f93058851", "code": "DYTZCY", "id": 93011, "logo": null, "date": "2026-04-25T10:30:00+01:00", "start": "10:30", "duration": "00:20", "room": "Auditorium", "slug": "bsides-exeter-2026-93011-how-to-land-your-first-cyber-role-a-diy-approach", "url": "https://pretalx.com/bsides-exeter-2026/talk/DYTZCY/", "title": "How to Land Your First Cyber Role: A DIY Approach", "subtitle": "", "track": "Purple", "type": "Rookie Talk", "language": "en", "abstract": "We all know the entry-level cybersecurity job market is a mess. What often gets less attention is that the recruitment pipeline itself has become a threat surface, with job seekers routinely targeted by phishing, credential harvesting, and outright fraud.\r\n\r\nThis talk presents an intelligence-led approach to the job search, treating the hiring landscape as a target to be mapped, researched, and engaged with on your own terms. The approach was developed and tested during a journey that began in January 2025 as a foreign national in the UK with no IT background, no network, and no industry connections, and ended with a SOC Analyst role within a year.\r\n\r\nWe will explore how to uncover opportunities that never appear on job boards and how to build a targeted pipeline of employers using publicly available data. This involves understanding how to prepare for the actual, day-to-day demands of the role to ensure you do not enter the market underprepared or fall into the trap of becoming a perpetual student who never starts applying. We will discuss how active community participation supports your career path and why understanding what companies actually need matters far more than simply collecting fancy achievements.\r\n\r\nNo vendor pitches. No magic certifications. Just curiosity, methodology, and persistence.", "description": "Curiosity is more than just a trait for a security professional \u2014 it is a vital tool for navigating the job market. In this session, Gleb Tumanov from PureCyber Limited shares the battle-tested DIY blueprint he used to go from no industry background and no professional network in January 2025 to securing a SOC Analyst role within a year. This talk moves beyond vendor hype to address the reality of a hostile recruitment landscape where the hiring process itself is a threat surface. Whether you are an aspiring analyst, pentester, or GRC specialist, you will walk away with a pragmatic, research-driven strategy for breaking into the industry without becoming a perpetual student or falling for silver bullet solutions.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TW7LWY", "name": "Gleb Tumanov", "avatar": "https://pretalx.com/media/avatars/F3MRBJ_57mh6nu.webp", "biography": "SOC Analyst at PureCyber Ltd. Before this, spent more than 10 years leading teams in business and NGOs, alongside work in digital marketing.", "public_name": "Gleb Tumanov", "guid": "12a54611-8698-5f59-a455-d48975b79e1c", "url": "https://pretalx.com/bsides-exeter-2026/speaker/TW7LWY/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/DYTZCY/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/DYTZCY/", "attachments": []}, {"guid": "952d8f8e-a6af-5d31-940e-6c001db3cfb2", "code": "3BVKMH", "id": 93090, "logo": null, "date": "2026-04-25T11:00:00+01:00", "start": "11:00", "duration": "00:20", "room": "Auditorium", "slug": "bsides-exeter-2026-93090-i-simulated-hacking-a-car-then-i-tried-to-defend-it-here-s-what-broke", "url": "https://pretalx.com/bsides-exeter-2026/talk/3BVKMH/", "title": "I Simulated Hacking a Car. Then I tried to defend It. Here's What Broke!", "subtitle": "", "track": "Purple", "type": "Rookie Talk", "language": "en", "abstract": "Imagine your car's brakes **stop responding**. Not because of a mechanical fault, but because a **security system** is drowning out the signal. That is not science fiction. It is what can happen when intrusion detection goes wrong inside a **real-time vehicle network** built for speed, not security.\r\n\r\nWhile researching for my MSc dissertation, I simulated **five attacks** against a virtual CAN bus. Some were loud and obvious. Others slipped through silently, exactly as a real attacker would intend.\r\n\r\nBut detecting the attacks was not the hardest part. **Doing it without destabilising the same safety-critical systems I was protecting** turned out to be. Rule-based detection missed the quiet ones. Machine learning flagged too much. **A hybrid approach combining both** was the only method that handled the full range reliably.\r\n\r\nThis talk explores what actually happens when **security meets a moving car**, and why detecting attacks is meaningless if the **defence itself becomes the risk**. Attendees will leave with a clearer picture of what it actually takes to **defend a vehicle network** responsibly.", "description": "Most automotive security talks focus on the attack. Very few ask what happens when the defence itself causes harm. That is the question this talk explores.\r\n\r\nAttendees will leave understanding why detection accuracy is the wrong metric for safety critical systems and what a practical layered defence actually looks like. No prior automotive knowledge required, just curiosity about securing systems.", "recording_license": "", "do_not_record": false, "persons": [{"code": "PWLLB3", "name": "Rakesh Elamaran", "avatar": "https://pretalx.com/media/avatars/DY3DZF_kKfeffZ.webp", "biography": "Rakesh Elamaran is a passionate Security Engineer with a love for breaking things responsibly and apparently his dissertation doing the same to virtual cars. He holds an MSc in Cyber Security Engineering from the University of Warwick, is a Licensed Penetration Tester, and founder of Rootecstak, a cybersecurity community for the next generation of security professionals.\r\n\r\nHis current obsession is offensive security and red teaming, which probably explains why he enjoyed the attack simulation part of his dissertation a little too much.\r\n\r\nBSides Exeter 2026 marks his first international conference talk and he is here to find out if anyone else wants to know what happens when you try to hack a car's brain.", "public_name": "Rakesh Elamaran", "guid": "d9b7fab8-4aa4-5223-b7b1-8fa031a5b770", "url": "https://pretalx.com/bsides-exeter-2026/speaker/PWLLB3/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/3BVKMH/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/3BVKMH/", "attachments": []}, {"guid": "f835023e-6eb0-5d08-bff9-e5b33f253159", "code": "U7BUHA", "id": 90299, "logo": "https://pretalx.com/media/bsides-exeter-2026/submissions/U7BUHA/WebOfDeception_1_q9PBoeh.webp", "date": "2026-04-25T11:40:00+01:00", "start": "11:40", "duration": "00:40", "room": "Auditorium", "slug": "bsides-exeter-2026-90299-web-of-deception", "url": "https://pretalx.com/bsides-exeter-2026/talk/U7BUHA/", "title": "Web Of Deception", "subtitle": "", "track": "Purple", "type": "Talk", "language": "en", "abstract": "Attackers hack people, not just systems.\r\n\r\nPhishing, vishing, deepfake, social engineering, and influence operations now bypass technical controls by exploiting psychology, trust, and cognitive bias. \r\n\r\nThe human mind has become the primary attack surface, yet most awareness training still focuses on passive compliance.\r\n\r\nWeb of Deception is an interactive workshop that builds practical, human-centred defences. \r\nThrough realistic scenarios, adversarial role-play, and collaborative challenges, participants learn how modern manipulation works, how deepfake and social engineering attacks succeed, and how to recognise deception under pressure.\r\n\r\nBlending behavioural science, threat modelling, and creative problem-solving, the session develops adversarial thinking, emotional intelligence, and actionable techniques that can immediately strengthen teams and security culture.\r\n\r\nA cryptic analytical challenge reinforces observation and lateral thinking throughout.\r\n\r\nBecause modern defence isn\u2019t just technical, it\u2019s cognitive.", "description": "Attackers don\u2019t just hack systems,  they hack people.\r\n\r\nPhishing, vishing, deepfake impersonation, and influence operations exploit language, emotion, and trust to bypass even mature technical controls. Modern social engineering targets cognition and behaviour, turning the human layer into the easiest path inside.\r\n\r\nWeb of Deception is a hands-on workshop built for Red, Blue, and Purple teams who want to understand  and counter  this tradecraft.\r\n\r\nThrough realistic scenarios, adversarial role-play, and team challenges, participants deconstruct how attackers craft persuasive narratives, manipulate sentiment, and exploit cognitive bias. \r\n\r\nTeams practise analysing intent, spotting linguistic and behavioural indicators, and making decisions under pressure, applying the same analytical mindset used in detection and threat hunting.\r\n\r\nBlending behavioural science with threat modelling and creative problem-solving, the session strengthens adversarial thinking and cross-team collaboration.\r\n\r\nA cryptic challenge woven throughout reinforces observation, semantic reasoning, and lateral thinking.\r\n\r\nAttendees leave with practical techniques to test, harden, and defend the human attack surface.", "recording_license": "", "do_not_record": true, "persons": [{"code": "PMSF77", "name": "Anton Angione", "avatar": "https://pretalx.com/media/avatars/PMSF77_OsxUPdy.webp", "biography": "Anton is a Fellow of the Chartered Institute of Information Security (CIISec) and a cybersecurity practitioner with 27+ years in threat intelligence, OSINT, and adversary profiling. \r\n\r\nHis approach is simple: Educate. Prepare. Test. Adapt. Repeat.\r\n\r\nHe believes strong security comes from creativity, critical thinking, and perseverance, not just tools. \r\n\r\nA lifelong technologist, he focuses on practical, human-centred defence and community knowledge sharing.", "public_name": "Anton Angione", "guid": "814d4b49-0516-59f3-98c0-e09cff4f4211", "url": "https://pretalx.com/bsides-exeter-2026/speaker/PMSF77/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/U7BUHA/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/U7BUHA/", "attachments": []}, {"guid": "e0440ebb-bdb8-5b8b-8e94-6407fc05ddf6", "code": "YNPP3Z", "id": 93661, "logo": null, "date": "2026-04-25T12:20:00+01:00", "start": "12:20", "duration": "00:40", "room": "Auditorium", "slug": "bsides-exeter-2026-93661-stopping-account-takeover-at-the-recovery-layer", "url": "https://pretalx.com/bsides-exeter-2026/talk/YNPP3Z/", "title": "Stopping account takeover at the recovery layer", "subtitle": "", "track": "Purple", "type": "Talk", "language": "en", "abstract": "Teams keep hardening login. MFA is standard, SSO is common, and passkeys are rising. Yet account takeover still happens, because attackers rarely attack the strongest part of the system. They go around it.\r\n\r\nAccount recovery is now one of the easiest paths to takeover. It is often weaker than login, treated as a one-off feature, and rarely threat-modeled after the first release. Password reset is only the visible surface. The real risk is the recovery chain including reset links, email changes, MFA reset paths, session invalidation, and subtle UX signals that reveal too much.\r\n\r\nThis talk breaks down the production failure modes that turn recovery into a bypass. User enumeration through content and timing differences. Reset tokens that can be replayed or are scoped too broadly. Tokens leaking through link previews, logs, and instrumentation. Weak throttling that either does nothing or punishes real users. Missing post-reset cleanup that leaves attacker sessions alive even after the victim changes their password.\r\n\r\nYou will leave with a practical hardening checklist you can take back to your product. Patterns for safe messaging, token lifecycle, rate limiting, monitoring signals, and a post-reset shutdown sequence that closes the gap without breaking UX.", "description": "This session treats account recovery as privileged access, not a simple form. It breaks down the most common real-world failure modes that turn password reset into an account takeover path, then replaces them with concrete patterns that teams can implement and test. The focus is defensive engineering with enough threat awareness to make the mitigations stick. No tool worship, no theory-only talk, and no step-by-step exploitation. It is a builder-friendly map of where recovery breaks and what good looks like.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MAJTKZ", "name": "Viola Lykova", "avatar": "https://pretalx.com/media/avatars/WQZ7AY_msrIc6Z.webp", "biography": "Viola Lykova is a senior software engineer and SRE focused on authentication reliability and security in production systems. She has delivered over 5 community talks across webinars and in-person events including Cypress, Community Stack AWS user group, Ministry of Testing London, and London DevSecOps, and she is scheduled to speak at IOActive Hack Soho in March 2026. She is an AWS Community Builder in the Security category and a Cypress Ambassador. Viola runs weekly hands-on open-source workshops building Snappycart with contributors and publishes educational software engineering and security content on YouTube.", "public_name": "Viola Lykova", "guid": "063e1cc1-6619-5eb7-aefa-0441b556ae69", "url": "https://pretalx.com/bsides-exeter-2026/speaker/MAJTKZ/"}], "links": [{"title": "LinkedIn", "url": "https://www.linkedin.com/in/violaly/", "type": "related"}, {"title": "Community Stack talk on Dec 11 2025", "url": "https://youtu.be/0eePOFF-1OY?si=gd3hwR5ida56-GDD", "type": "related"}, {"title": "Cypress webinar on Nov 17 2025", "url": "https://youtu.be/Xw7u7kYQcq4?si=4ba-zxDmJdjSAVXC", "type": "related"}, {"title": "London DevSecOps talk on Feb 26 2026", "url": "https://youtu.be/Ym_Vj1eMhdg?si=uVAM4oQYNseABEhz&t=3352", "type": "related"}], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/YNPP3Z/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/YNPP3Z/", "attachments": []}, {"guid": "3a00d464-3fe4-50bc-a531-d762484aefa9", "code": "QK3D9Q", "id": 93703, "logo": null, "date": "2026-04-25T14:00:00+01:00", "start": "14:00", "duration": "00:45", "room": "Auditorium", "slug": "bsides-exeter-2026-93703-keynote-life-as-a-cyber-security-leader-advice-to-my-former-self", "url": "https://pretalx.com/bsides-exeter-2026/talk/QK3D9Q/", "title": "Keynote: Life as a cyber security leader: advice to my former self", "subtitle": "", "track": "Purple", "type": "Keynote", "language": "en", "abstract": "In this presentation, Paul will reflect on his two decades in cyber security leadership (three in Information Technology), and offer his former self some advice: if I had my time again, what **would** I do differently - and what does the future hold for our amazing, but challenging, industry? I might even chuck in a couple of career anecdotes for good measure!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "SZSJZY", "name": "Paul Watts", "avatar": "https://pretalx.com/media/avatars/DRDSXE_wXnmHa2.webp", "biography": "Paul Watts FCIIS CITP MBCS CISSP CISM has been in Information Security leadership for over twenty years of a thirty-plus years career in information technology. He has led and advised security teams across several industry sectors including financial services, retail, critical national infrastructure, food and beverage, data analytics and market research both in the UK and on the global stage. He speaks at national and international conferences and events, and has published numerous blogs, articles and papers on a range of cyber security topics. Outside of security, Paul is a non-executive director in the UK\u2019s education sector.", "public_name": "Paul Watts", "guid": "0231ab48-f082-5076-9991-14a144f4265e", "url": "https://pretalx.com/bsides-exeter-2026/speaker/SZSJZY/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/QK3D9Q/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/QK3D9Q/", "attachments": []}, {"guid": "804c44b6-e5cd-51ce-8a43-8576fd5f7c0f", "code": "YZZFKU", "id": 88081, "logo": null, "date": "2026-04-25T14:45:00+01:00", "start": "14:45", "duration": "00:40", "room": "Auditorium", "slug": "bsides-exeter-2026-88081-the-imposter-syndrome-security-gap", "url": "https://pretalx.com/bsides-exeter-2026/talk/YZZFKU/", "title": "The Imposter Syndrome Security Gap", "subtitle": "", "track": "Purple", "type": "Talk", "language": "en", "abstract": "Silence kills security. This session explores how confidence gaps, gatekeeping, and \u201cexpert culture\u201d stops practitioners and wider teams from asking questions, challenging assumptions, or escalating concerns early.", "description": "This session explores how imposter syndrome and hierarchy shape behaviour in security teams and wider organisations, especially during moments where early escalation matters most. From incident response calls to design reviews and risk sign-off meetings, we\u2019ll look at how silence becomes normalised, how authority distorts decision-making, and why the industry\u2019s obsession with expertise can actively undermine security outcomes.\r\n\r\nRather than framing this as a confidence or well-being issue, this talk treats silence as what it really is: an operational vulnerability.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MDDWG7", "name": "Illyana Mullins", "avatar": "https://pretalx.com/media/avatars/MDDWG7_7WTVICc.webp", "biography": "Illyana Mullins is a neurodiverse leader, community builder, and the founder of the Women in Tech and Cyber Hub (WiTCH), a not-for-profit supporting women to enter, stay, and progress in cybersecurity and technology. She works on the human side of cyber from events and community to working closely with practitioners, leaders, and organisations to address the cultural and behavioural risks that tools alone cannot fix.", "public_name": "Illyana Mullins", "guid": "0186f0b6-2c41-5044-a12a-b23e55cef38c", "url": "https://pretalx.com/bsides-exeter-2026/speaker/MDDWG7/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/YZZFKU/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/YZZFKU/", "attachments": []}, {"guid": "e9d3338f-e0f3-57ac-85a4-8f76a228584c", "code": "CXDETW", "id": 89323, "logo": null, "date": "2026-04-25T15:30:00+01:00", "start": "15:30", "duration": "00:40", "room": "Auditorium", "slug": "bsides-exeter-2026-89323-vesta-admin-takeover-exploiting-reduced-seed-entropy-in-bash-random", "url": "https://pretalx.com/bsides-exeter-2026/talk/CXDETW/", "title": "Vesta Admin Takeover - Exploiting reduced seed entropy in bash $RANDOM", "subtitle": "", "track": "Purple", "type": "Talk", "language": "en", "abstract": "Vesta is a lightweight, web-based control panel that simplifies Linux server management, appealing to users seeking an intuitive alternative to traditional platforms like cPanel and Plesk. This presentation will examine a critical flaw in Vesta: an admin takeover exploit resulting from reduced seed entropy in the Bash $RANDOM variable. By transforming what was once a theoretical attack into a practical one, we successfully reduced the brute force domain of the seed by over 98%. This allows attackers to generate predictable random values, compromising the security of passwords and tokens. We will discuss the implications of this vulnerability and highlight best practices for enhancing server security in real-world applications.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "KWNXQN", "name": "Adrian Tiron", "avatar": "https://pretalx.com/media/avatars/KWNXQN_2LQLbGM.webp", "biography": "Adrian Tiron is the Co-Founder and Principal Pentester/Red Teamer at FORTBRIDGE, bringing over 20 years of hands-on experience in cybersecurity. Throughout his career, Adrian has worked with top-tier companies across the UK, US, and Europe, helping them identify and remediate complex security issues across web applications, APIs, cloud environments, and internal networks. His expertise spans offensive security, red teaming, and adversary emulation. As an active security researcher and blog author, Adrian has discovered and responsibly disclosed multiple critical vulnerabilities in both open-source projects and commercial platforms. His research has been featured at multiple BSides conferences, and most recently at BlueHat IL, organized by Microsoft in Israel. Adrian is known for delivering highly technical, practical content drawn from real-world assessments, and is passionate about pushing the boundaries of modern application security.", "public_name": "Adrian Tiron", "guid": "3dfbcd29-400e-5ef0-8c7a-f4d69afddd1f", "url": "https://pretalx.com/bsides-exeter-2026/speaker/KWNXQN/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/CXDETW/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/CXDETW/", "attachments": []}, {"guid": "10879a31-ccbd-5797-932b-ec022db8a325", "code": "W9ZHHG", "id": 95110, "logo": null, "date": "2026-04-25T16:30:00+01:00", "start": "16:30", "duration": "00:45", "room": "Auditorium", "slug": "bsides-exeter-2026-95110-curiosity-made-a-ciso", "url": "https://pretalx.com/bsides-exeter-2026/talk/W9ZHHG/", "title": "Curiosity made a CISO", "subtitle": "", "track": "Purple", "type": "Keynote", "language": "en", "abstract": "A Keynote presentation - How self-driven learning builds careers \r\n\r\nThe presenter will expose a series of vignettes from a 30+ year career in the security industry, with the theme of taking a self-learning odyssey.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "AKN3NY", "name": "Keri Lewis", "avatar": null, "biography": "Keri is a working CISO in a professional services firm. He has had senior management roles in tech companies, implementers and managed service companies as well as having run his own business.\r\nHis security journey started in UK defence manufacturing in the late 1980s.. but has been a calling since the mid-1990s.\r\nKeri spends a lot of his out of office time mentoring people through career transitions.", "public_name": "Keri Lewis", "guid": "22b7f20d-bcf5-5408-ab76-b336131b1287", "url": "https://pretalx.com/bsides-exeter-2026/speaker/AKN3NY/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/W9ZHHG/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/W9ZHHG/", "attachments": []}], "Seminar Room 1": [{"guid": "165469c9-f0be-5539-8a44-480fe22676a8", "code": "8ASG98", "id": 88097, "logo": "https://pretalx.com/media/bsides-exeter-2026/submissions/8ASG98/First_Hour_Of_Ir_jimDHDy.webp", "date": "2026-04-25T09:45:00+01:00", "start": "09:45", "duration": "00:40", "room": "Seminar Room 1", "slug": "bsides-exeter-2026-88097-the-first-hour-of-incident-response-every-second-logs", "url": "https://pretalx.com/bsides-exeter-2026/talk/8ASG98/", "title": "The First Hour of Incident Response - Every Second Logs!", "subtitle": "", "track": "Blue", "type": "Talk", "language": "en", "abstract": "The first hour of incident response is often the most important. It\u2019s the point where initial contact is made and an effort to make sense of events begins. But it's also where early mistakes can turn a contained issue into a full-blown crisis. \r\n\r\nThis talk focuses on how to manage that critical window and avoid common pitfalls. Especially where multiple systems, stakeholders, and streams of information all demand attention at once. \r\n\r\nWe\u2019ll explore the pitfalls that slow teams down and show how a simple framework can help keep order. \r\n\r\nUsing case studies and lessons learned from the field, this session highlights how the first 60 minutes set the tone for the entire response, and how to ensure that tone is calm, structured, and effective.", "description": "The first hour of incident response can set the course for everything that follows. This talk explores how to bring structure to that hour. Drawing on real-world incidents, it considers both the human and technical challenges, whilst also considering the complexity of working across a range of platforms. Against that, a practical framework is proposed to keep teams aligned when it matters most.\r\n\r\nAttendees will leave with concrete lessons and a first-hour playbook they can adapt to their own environment, giving them confidence that their response will be sharper, calmer, and more effective when every second counts.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QPRGXN", "name": "George Chapman", "avatar": "https://pretalx.com/media/avatars/QPRGXN_BpfzPZ3.webp", "biography": "George Chapman is a senior security consultant with a background spanning red teaming, incident response, penetration testing, and vulnerability research. A CVE-credited researcher (CVSS 9.8 Critical and 7.8 High), George's work bridges offensive and defensive disciplines, enabling him to deliver robust security evaluations and strategic guidance that help organisations identify weaknesses and improve their overall cyber resilience.", "public_name": "George Chapman", "guid": "1898ef19-08c1-556e-9bc8-ee02828fae29", "url": "https://pretalx.com/bsides-exeter-2026/speaker/QPRGXN/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/8ASG98/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/8ASG98/", "attachments": []}, {"guid": "4123c19a-aa6c-5a94-b544-e68cdd76b36b", "code": "7RKGYN", "id": 92190, "logo": "https://pretalx.com/media/bsides-exeter-2026/submissions/7RKGYN/image_eQCTSaR.webp", "date": "2026-04-25T10:30:00+01:00", "start": "10:30", "duration": "00:20", "room": "Seminar Room 1", "slug": "bsides-exeter-2026-92190-embedded-chromium-everywhere-a-security-look-at-msedgewebview2-cdp", "url": "https://pretalx.com/bsides-exeter-2026/talk/7RKGYN/", "title": "embedded Chromium everywhere! A security look at msedgewebview2 + CDP", "subtitle": "", "track": "Blue", "type": "Rookie Talk", "language": "en", "abstract": "hello! Millions of desktop applications (eg: zoom, steam, & vscode) ship a full Chromium browser with a debug-socket backdoor baked in. I examine how CDP -- the protocol that powers devtools -- creates some err\u2026 _minor_ weaknesses in Electron- and MsEdgeWebView2-based software. **Live demo included!**", "description": "<see cref=\"Abstract\" />", "recording_license": "", "do_not_record": false, "persons": [{"code": "JEUFAM", "name": "Ben Mullan", "avatar": "https://pretalx.com/media/avatars/HTZRKR_2qznLfd.webp", "biography": "hello! **I'm a cyber-security apprentice**, & keen breaker of things that _probably_ shouldn't be broken. This is my first conference talk, born out of some obsessive Electron-app experimentation, and wondering \"hold on, _should_ that be open?\"", "public_name": "Ben Mullan", "guid": "892a5854-c3af-5342-9316-49c6a017d98a", "url": "https://pretalx.com/bsides-exeter-2026/speaker/JEUFAM/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/7RKGYN/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/7RKGYN/", "attachments": []}, {"guid": "5b9c0373-7237-52be-9606-baec395c414f", "code": "FZSEVN", "id": 92037, "logo": "https://pretalx.com/media/bsides-exeter-2026/submissions/FZSEVN/image_IAisEDr.webp", "date": "2026-04-25T11:00:00+01:00", "start": "11:00", "duration": "00:20", "room": "Seminar Room 1", "slug": "bsides-exeter-2026-92037-from-kerry-katona-to-pen-testing", "url": "https://pretalx.com/bsides-exeter-2026/talk/FZSEVN/", "title": "From Kerry Katona to Pen Testing.", "subtitle": "", "track": "Blue", "type": "Rookie Talk", "language": "en", "abstract": "Cyber is an industry an everyone. Diversity of backgrounds and experience can only strengthen our course and enhance our industry.", "description": "I want to tell my story of how I got into cyber. Not to say ooo look at me aren\u2019t I wonderful. But to inspire other women, career changes and anyone else interested that if I can do it - so can they!", "recording_license": "", "do_not_record": true, "persons": [{"code": "XZDMKR", "name": "Lisa Diaz", "avatar": null, "biography": "Former teacher, civil servant, actress, model, trying my hand at cyber :) (will think of something better later)", "public_name": "Lisa Diaz", "guid": "4d43b187-d67f-562c-a934-dabb362aed35", "url": "https://pretalx.com/bsides-exeter-2026/speaker/XZDMKR/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/FZSEVN/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/FZSEVN/", "attachments": []}, {"guid": "ca6d189d-a5b2-5494-9e4c-3fc2691aedac", "code": "WUWP3W", "id": 93653, "logo": null, "date": "2026-04-25T11:40:00+01:00", "start": "11:40", "duration": "00:40", "room": "Seminar Room 1", "slug": "bsides-exeter-2026-93653-when-pen-testing-is-not-enough", "url": "https://pretalx.com/bsides-exeter-2026/talk/WUWP3W/", "title": "When Pen Testing is Not Enough", "subtitle": "", "track": "Blue", "type": "Talk", "language": "en", "abstract": "We\u2019re often told \"don't roll your own crypto\" or \"don't build your own auth.\" It\u2019s great advice for most, but it begs the question: What about the people who have to build the stuff everyone else relies on? When you\u2019re developing the core libraries, kernels, or protocols that the rest of the world trusts, \"best effort\" security testing is simply not enough.\r\n\r\nStandard tools like fuzzing and static analysis (SAST) are world-class at finding bugs, but they are inherently reactive. They can tell you that you have a vulnerability, but they can never prove that you don't. This raises the question of what we can, and should, do when we need to go beyond the \"find-and-patch\" cycle.\r\n\r\nIn this talk, I will explain the ideas underlying widely used security testing techniques such as fuzzing and static analysis, examining their strengths and weaknesses. This will be contrasted with a plain-English look at how formal verification, which offers the promise of being \"mathematically proven\", allows us to show the absence of entire vulnerability classes. I will also discuss why \"mathematically proven\" isn't a silver bullet and address the practical limitations of verifying complex systems.\r\n\r\nIf you\u2019ve ever wondered how the foundations of the internet are secured, or if you are building a component where a single bug constitutes a catastrophic failure, this session will show you how to move beyond the \"Whac-A-Mole\" of bug hunting.", "description": "The audience should have beginner-to-intermediate software development experience, i.e., being able to understand small program snippets containing typical software vulnerabilities. No deep knowledge of security testing (or formal verification) is required.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8TLJXP", "name": "Achim D. Brucker", "avatar": null, "biography": "Achim is a Professor in Computer Science (Chair in Cybersecurity) and   Head of the Cybersecurity Group at the University of Exeter, UK.\r\n\r\n  He has over 20 years of professional experience in cyber security in\r\n  general, and, in particular, in research and development of safety\r\n  and security critical systems. In his work, he particularly focuses\r\n  on techniques, methods, and tools for ensuring the safety, security,\r\n  correctness, and trustworthiness of advanced systems.\r\n\r\n  His industry experience includes being a Security Architect and\r\n  Security Testing Strategist for SAP SE. In this role, he defined the\r\n  risk-based security testing strategy of SAP that combines static,\r\n  dynamic, and interactive security testing methods and integrates\r\n  them deeply into SAP's Secure Software Development Life Cycle.\r\n\r\n  He is supporting security initiatives and events in the South West,\r\n  building bridges between industry, academia, and the local\r\n  community. Amongst others, he is a member of the SWCSC Steering\r\n  Committee and the BSides Exeter Steering Committee.", "public_name": "Achim D. Brucker", "guid": "0a3a539a-4c35-556c-b042-ef6e91171e4d", "url": "https://pretalx.com/bsides-exeter-2026/speaker/8TLJXP/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/WUWP3W/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/WUWP3W/", "attachments": []}, {"guid": "bdd70966-0319-52ba-92e8-3fa5b053fcc1", "code": "EKSVGQ", "id": 93347, "logo": "https://pretalx.com/media/bsides-exeter-2026/submissions/EKSVGQ/image_qVxfsiO.webp", "date": "2026-04-25T12:20:00+01:00", "start": "12:20", "duration": "00:40", "room": "Seminar Room 1", "slug": "bsides-exeter-2026-93347-share-to-detect-breaking-the-privacy-deadlock-in-ot-threat-intelligence", "url": "https://pretalx.com/bsides-exeter-2026/talk/EKSVGQ/", "title": "Share to Detect: Breaking the Privacy Deadlock in OT Threat Intelligence", "subtitle": "", "track": "Blue", "type": "Talk", "language": "en", "abstract": "Operational Technology (OT) environments face a critical paradox: sophisticated attacks like TRITON, CRASHOVERRIDE, and INCONTROLLER routinely target multiple facilities, yet operators remain blind to cross-site attack patterns due to privacy regulations, competitive secrecy, and lack of trust. The current \"share after detection\" model\u2014where threat intelligence is exchanged only after a breach is confirmed\u2014creates a deadly information asymmetry: attackers see the entire battlefield while defenders fight isolated skirmishes.\r\nThis talk introduces a framework that flips the paradigm to \"share to detect\": enabling multiple OT sites (refineries, power plants, water utilities) to collaboratively identify globally significant threats before individual sites recognize them as attacks, all without exposing sensitive operational data, process telemetry, or even revealing which facility discovered which threat.\r\nUsing software \"hunter agents\" deployed at historian databases and SCADA systems, the system leverages commutative encryption and secure multi-party computation to answer the question: \"Is this weird PLC behavior I'm seeing actually a coordinated attack happening across our industry?\"\u2014without any site learning what \"weird\" looks like at competitor facilities.\r\nWe'll demonstrate how an alliance of sites can collectively validate that a suspicious Modbus command sequence appearing at 15% local prevalence at your site is actually a global IoC appearing at 87% of participating refineries\u2014triggering immediate coordinated defense\u2014while mathematically guaranteeing that Site A never learns Site B's process parameters, alarm rates, or asset inventory.\r\n\r\nAttendees will learn:\r\n- Why traditional threat intel sharing fails in OT environments\r\n- The cryptographic primitives enabling secure threat artifact exchange\r\n- How to deploy autonomous threat hunting agents in ICS historian infrastructure\r\n- Real-world attack scenarios where collaborative detection provides 10-100x faster response", "description": "", "recording_license": "", "do_not_record": true, "persons": [{"code": "QNQXZR", "name": "Ahmed Elmesiry", "avatar": "https://pretalx.com/media/avatars/KPUWWK_sAJPAUt.webp", "biography": "Dr. Elmesiry is a principal security researcher with a Ph.D. in information security and assurance. He has extensive experience in R&D, having held academic and industrial positions in various countries on six continents. He has worked on projects related to cybersecurity, IoT, and machine learning, and has received several awards for his work, including six best paper awards at international conferences. Dr. Elmesiry holds industrial certifications in the fields of managing networked systems and offensive cybersecurity from top tech companies. Dr. Elmesiry has also contributed to the field through patents, books, book chapters, and research papers.", "public_name": "Ahmed Elmesiry", "guid": "5e97a3ba-41ad-5f38-8ecd-37ab68151e7d", "url": "https://pretalx.com/bsides-exeter-2026/speaker/QNQXZR/"}, {"code": "WHLL9U", "name": "Ofir Manor", "avatar": "https://pretalx.com/media/avatars/GEF7D7_5JxXWK1.webp", "biography": "Cyber security researcher working in the crossroads of traditional cyber security and novel LLM developments for Fujitsu Research of Europe. I am here to present the work done by Ahmed M. Elmesiry, my colleague.", "public_name": "Ofir Manor", "guid": "544fb746-2eee-58ef-80e1-0ee1e56b71a5", "url": "https://pretalx.com/bsides-exeter-2026/speaker/WHLL9U/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/EKSVGQ/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/EKSVGQ/", "attachments": []}, {"guid": "7331d4a1-ba34-5388-a0f1-93005b7e6900", "code": "WVQLAW", "id": 88385, "logo": null, "date": "2026-04-25T14:45:00+01:00", "start": "14:45", "duration": "00:40", "room": "Seminar Room 1", "slug": "bsides-exeter-2026-88385-soc-the-good-the-bad-the-ugly", "url": "https://pretalx.com/bsides-exeter-2026/talk/WVQLAW/", "title": "SOC: THE GOOD, THE BAD & THE UGLY", "subtitle": "", "track": "Blue", "type": "Talk", "language": "en", "abstract": "This presentation is a realistic look at what it is like to work in a Security Operations Center, also known as a SOC. It breaks down the experience into four parts: The Reality, The Good, The Bad, and The Ugly. All of the points will be linked with real-life events. This talk is directed to people stepping into soc analyst field, entry level analysts and soc managers as some slides speak to people with certain levels of experience in the field.\r\n\r\nBeginning the talk by setting the stage with \"The Reality\" of a SOC environment. Next, the presentation covers \"The Good\" parts of the job. A simple view of known information, touched superficially. \"The Bad\" section discusses the downsides. \r\n\r\nThen, \"The Ugly\" reveals five harsh truths about SOCs.  Going deep into what I learned about SOC environment and the mistakes the team does still after years with real life examples.\r\n\r\nFinishing off with a touch of AI and if integrating that makes it better? I explain it is not.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZRZZNA", "name": "Harish Kumar Gopalakrishnan", "avatar": "https://pretalx.com/media/avatars/ZRZZNA_VtQ7YFl.webp", "biography": "Harish Kumar currently a postgraduate student of Masters in Cyber security Management. After spending years in Helpdesk and IT Support, self studied his way into entering cybersecurity field. Spent two years as SOC analyst L1 and L2 roles. He mentors on the side and loves attending conferences.", "public_name": "Harish Kumar Gopalakrishnan", "guid": "7afc1996-04ec-566c-9123-a0329670ccec", "url": "https://pretalx.com/bsides-exeter-2026/speaker/ZRZZNA/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/WVQLAW/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/WVQLAW/", "attachments": []}, {"guid": "97d9a864-1d89-5c54-b490-835ffe852964", "code": "VUZCNS", "id": 93501, "logo": null, "date": "2026-04-25T15:30:00+01:00", "start": "15:30", "duration": "00:40", "room": "Seminar Room 1", "slug": "bsides-exeter-2026-93501-cloud-containers-the-security-puzzle-that-locks-tight-from-pipeline-and-package-to-soc-operations", "url": "https://pretalx.com/bsides-exeter-2026/talk/VUZCNS/", "title": "Cloud & Containers: The Security Puzzle That Locks Tight, From Pipeline and Package to SOC Operations", "subtitle": "", "track": "Blue", "type": "Talk", "language": "en", "abstract": "Cloud and container security feels like a scattered puzzle: development standards, CI/CD pipelines, guardrails, runtime security, logging, monitoring, and assurance. Together they form a resilient system, but most teams run them as independent silos, and that gap is exactly where attackers operate. This talk assembles those pieces by showing their critical connections, the misconceptions that leave them exposed, and the pitfalls that trip teams up at each stage.\r\nStart with a question most developers get wrong: are containers isolated? They are not. Every container shares the same kernel, and that single misconception underpins a whole class of attacks that application-layer tooling cannot see. From there, the puzzle builds outward. CI/CD pipelines enforce automated checks, but signing does not mean secure. The 3CX attack produced validly signed malware that passed every test, and 83% of organisations still do not verify signatures. Guardrails maintain compliance, but 65% of clusters run flat networks, making lateral movement trivial once anything is compromised. Runtime security addresses the threats that static analysis is blind to entirely. Assurance binds it together, not as a GRC exercise, but as a cryptographic chain from commit to runtime that gives defenders something they can actually prove.\r\nWith 82% of cloud breaches stemming from misconfiguration across a surface of 15.6 million cloud-native developers, the problem is not a shortage of tools. It is fragmented defences that do not reinforce each other. The talk closes by connecting the framework to blue team operations: mapping each control layer to realistic SIEM ingestion, showing how those signals connect to threat intelligence, and working through the operational questions around log preservation, forensic readiness, and account access that defenders need answered before an incident rather than during one. A cheat sheet maps every component to detection opportunities and three actions attendees can take the following morning.\r\nIf you work in detection, response, or securing cloud infrastructure, this talk gives you the framework, the attack chains, and the operational questions to take back to your team.", "description": "The starting point is a misconception most teams carry: that containers are isolated. They are not. Every container shares the same kernel, and CVE-2025-31133 demonstrated exactly what that means in practice, with a race condition on bind-mount operations in runc enabling read-write access to host kernel parameters and lateral movement across containers. That shared kernel is the foundation the talk builds from, working up through each layer and the controls that belong at each one. 82% of cloud breaches stem from misconfiguration and human error across a surface of 15.6 million cloud-native developers, most of whom run containers in production. The problem is not a lack of tools. It is fragmented point solutions where each piece operates without the others.\r\nFoundations: The Shared Kernel Illusion\r\nNamespaces are sleight of hand. They trick processes into thinking they are isolated, but syscalls still reach the kernel directly. This section covers what that means practically: why root inside a container represents roughly 40 granular Linux privileges that need stripping, why CAP_SYS_ADMIN is near-root by another name, how Seccomp filters dangerous syscalls like setns, ptrace, and mount before they execute, and why user namespace remapping is the control that makes container-root map to an unprivileged host user.\r\nCI/CD: The Signed Malware Trap\r\nThe 3CX attack is the central case study: a supply chain compromise that targeted the build environment directly, producing malware signed with a valid certificate that passed SAST, SBOMs, and standard scanning. Supply chain compromise now accounts for 15% of all breaches, and 83% of organisations still do not verify signatures. SLSA Level 3 is the provenance and attestation framework that addresses this, ephemeral hermetic build runners are the mechanism that prevents environment compromise, and Verification Summary Attestations are the missing piece that checks whether policy outcomes were correct rather than just whether tests ran. No VSA, no deployment.\r\nGuardrails: The Compliance Barrier\r\n65% of clusters run flat networks, violating NIST 800-53 SC-7 boundary protection and enabling lateral movement when anything is compromised. Default-deny NetworkPolicies, service mesh with mTLS and SPIFFE workload identity for Layer 7 enforcement, and admission controllers via Kyverno or OPA Gatekeeper for policy-as-code that validates before anything reaches the cluster are the three layers that address this. Secrets management sits alongside them: 88% of breaches involve credential theft, and secrets in environment variables are visible in API server audit logs, process listings, and ServiceAccount token enumeration. External Secrets Operator injecting into tmpfs at runtime is the control.\r\nRuntime: The Build-Only Fallacy\r\nStatic analysis is blind to zero-days, living-off-the-land attacks, and behavioural anomalies that only manifest at execution. CloudSiphon infected 150 organisations via a trojaned NGINX that ran malicious code purely at runtime, bypassing all static analysis entirely. Cluster-wide eBPF deployment gives real-time syscall, file access, and network monitoring at the kernel level. Behavioural baselining per workload type produces high-fidelity alerts with full process lineage, and drift detection runs continuously against the image manifest. The specific syscalls indicating container breakout attempts are covered in detail: setns, unshare, writes to /proc/sysrq-trigger, and writes to /proc/sys/kernel/core_pattern. Advanced evasion techniques including reflective code loading, eBPF rootkits using bpf_probe_write_user, and delayed execution via cron are each covered alongside their counters.\r\nVisibility, Assurance and Blue Team Operationalisation\r\neBPF telemetry feeds OpenTelemetry, Falco picks up Kubernetes API audit events, and application traces and service mesh telemetry correlate across the stack to link user identity through pod creation to kernel execution. DORA, NIS2, and SEC requirements are mapped into policy-as-code rather than treated as point-in-time GRC snapshots. The closing section works through how a SOC operationalises the full framework: chaos engineering against security controls to validate detection, containment, and recovery; automated certificate rotation and revocation with MTTR targets measured in minutes; and VSA-driven cryptographic audit trails from commit to runtime stored in an immutable transparency log. It closes on the operational readiness questions defenders need answered before things go wrong: log preservation, forensic access to running infrastructure without destroying evidence, account auditability, and whether containment actions have been rehearsed. Three actions for Monday morning follow: mandate trust via VSAs and attestation controllers, enforce containment via policy-as-code and CAP_DROP, and deploy kernel-level visibility with behavioural baselines and automated drift response.", "recording_license": "", "do_not_record": false, "persons": [{"code": "M7VGZL", "name": "Ashley Barker", "avatar": null, "biography": "Ashley Barker is a security and digital leader who bridges the worlds of security and technology, with over 10 years in cybersecurity and deep experience in digital delivery, products, and user-focused solutions. A passionate advocate for NIST CSF, OWASP, and SANS, he simplifies complex security challenges, building robust cloud and DevSecOps systems for global organisations. Staying hands-on, Ashley crafts practical solutions that secure critical systems while driving innovation, making him a go-to for turning chaotic projects into clear, effective outcomes.", "public_name": "Ashley Barker", "guid": "eddb6e0f-055e-52f4-a5b0-bf56262286e5", "url": "https://pretalx.com/bsides-exeter-2026/speaker/M7VGZL/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/VUZCNS/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/VUZCNS/", "attachments": []}], "Seminar Room 7": [{"guid": "421b2838-32e0-545e-8b0d-07bbf4c9e7bb", "code": "3H7ZAT", "id": 93788, "logo": null, "date": "2026-04-25T09:45:00+01:00", "start": "09:45", "duration": "00:40", "room": "Seminar Room 7", "slug": "bsides-exeter-2026-93788-unlocking-the-secrets-of-stripped-go-binaries-at-runtime", "url": "https://pretalx.com/bsides-exeter-2026/talk/3H7ZAT/", "title": "Unlocking the secrets of stripped Go binaries at runtime", "subtitle": "", "track": "Red", "type": "Talk", "language": "en", "abstract": "Reverse engineering Go binaries can be difficult, especially using  existing dynamic tools to interrogate program state at runtime. This talk explains how metadata in Go binaries can be used to recover data type definitions, then combined with a debugger at runtime to display the contents of complex data structures such as arrays and custom structs, even on stripped binaries.\r\n\r\nThese techniques are demonstrated in a recent release of LLEF, which is a free and open reverse engineering toolkit for LLDB developed by Foundry Zero.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "D3ALRU", "name": "Alex M", "avatar": "https://pretalx.com/media/avatars/8GRDWN_g7ohRg2.webp", "biography": "Alex is a security researcher at Foundry Zero.", "public_name": "Alex M", "guid": "dd43abe2-4e16-52ae-b666-24cda542baa5", "url": "https://pretalx.com/bsides-exeter-2026/speaker/D3ALRU/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/3H7ZAT/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/3H7ZAT/", "attachments": []}, {"guid": "873ae87d-7384-5c62-8b3b-b754ee559d3e", "code": "G3FQ8F", "id": 89479, "logo": "https://pretalx.com/media/bsides-exeter-2026/submissions/G3FQ8F/Buffer_Overflow__R5Fujlh.webp", "date": "2026-04-25T10:30:00+01:00", "start": "10:30", "duration": "00:20", "room": "Seminar Room 7", "slug": "bsides-exeter-2026-89479-buffer-overflows-in-the-era-of-gen-ai", "url": "https://pretalx.com/bsides-exeter-2026/talk/G3FQ8F/", "title": "Buffer Overflows in the era of Gen-AI", "subtitle": "", "track": "Red", "type": "Rookie Talk", "language": "en", "abstract": "In today\u2019s interconnected world, achieving complete software security is extremely challenging, as vulnerabilities continue to provide opportunities for exploitation. Buffer overflow attacks remain among the most enduring and impactful forms of software exploitation, enabling adversaries to manipulate program execution and gain unauthorized access. Although significant countermeasures such as stack canaries, Address Space Layout Randomisation (ASLR), and non-executable memory protections have been developed, buffer overflows persist due to legacy codebases, low-level programming practices, and the constant evolution of attack strategies. Recent advances in Generative Artificial Intelligence (Gen-AI) introduce a new dimension to defensive cybersecurity research and offers potential as a countermeasure through enhanced vulnerability detection, automated secure code generation, and the ability to adapt defensively to dynamic attack patterns. This project specifically evaluate the dangers of buffer overflows attacks and effectiveness of Gen-AI models in guarding against them, with a focus on recent vulnerabilities such as CVE-2025-6660 and CVE-2025-6191.", "description": "Buffer overflows are still considered a persistent threat five decades after their initial documentation,\r\nmaintained by bad programming habits, legacy codebases, unsafe programming languages and the\r\ngrowing existence of IoT and embedded systems, which are often more inclined to be vulnerable due\r\nto their nature. Although defence mechanisms have been put in place and generally adopted, ASLR,\r\nDEP and SSP are not the perfect protection mechanisms, and always-evolving exploitation techniques\r\nare able to bypass them. Likewise, detection and mitigation using static and dynamic analysis tools\r\nare a good base to try to improve and find vulnerable code, but being generalised tools for all vulner-\r\nabilities, they still incur a lot of false positives, major overhead requirements and partial coverage for\r\nbuffer overflows.\r\nRecent advances in artificial intelligence have facilitated innovation and demonstrated promising im-\r\nprovements regarding this matter. Even if they seem to perform better than traditional techniques, the\r\nfield is still immature, and there are still a lot of improvements to achieve to have a viable long-term\r\nsolution. Their scope is often very narrow, and there is yet to be a way to adapt to new exploitation\r\ntechniques in real time without redesigning the whole model from scratch. Gen-AI potential remains\r\ncrucially unexplored in regard to buffer overflow mitigation and detection in real-world scenarios,\r\nconstituting an opportunity for future work.", "recording_license": "", "do_not_record": false, "persons": [{"code": "WRDZFJ", "name": "Maxime Reynaud", "avatar": "https://pretalx.com/media/avatars/WRDZFJ_lUzxBnX.webp", "biography": "OWASP Exeter Student Chapter Leader, \r\nPresident of University of Exeter Cyber Security Society\r\nCertified Junior Pentration Tester (eJPT) by INE\r\nCertified in Cyber Secuirty (CC) ISC2", "public_name": "Maxime Reynaud", "guid": "56a14135-7131-50b7-b59a-7c2c5a0e244a", "url": "https://pretalx.com/bsides-exeter-2026/speaker/WRDZFJ/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/G3FQ8F/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/G3FQ8F/", "attachments": []}, {"guid": "019a2296-58f2-5cfe-a1a8-d05672cdfec1", "code": "T3H3JV", "id": 92175, "logo": "https://pretalx.com/media/bsides-exeter-2026/submissions/T3H3JV/image_miSqgE5.webp", "date": "2026-04-25T11:00:00+01:00", "start": "11:00", "duration": "00:20", "room": "Seminar Room 7", "slug": "bsides-exeter-2026-92175-autopwn-or-auto-fail-the-truth-about-ai-in-offensive-security", "url": "https://pretalx.com/bsides-exeter-2026/talk/T3H3JV/", "title": "Autopwn or Auto-Fail? The Truth About AI in Offensive Security", "subtitle": "", "track": "Red", "type": "Rookie Talk", "language": "en", "abstract": "AI is rapidly becoming part of the penetration tester\u2019s workflow, generating payloads, summarising scan results, and accelerating technical discovery. But while these tools increase speed, they also introduce a critical risk: confidence without validation.\r\n\r\nAI can suggest vulnerabilities that don\u2019t exist, misinterpret context, and produce output that appears convincing but lacks accuracy. In the hands of an inexperienced tester \u2014 or under time pressure \u2014 this can lead to false positives, weak findings, and ultimately poor reporting.\r\n\r\nThis talk explores how AI is actually being used in real-world pentesting, where it provides genuine value, and where it can go wrong. Through practical examples, it highlights common pitfalls and demonstrates how easily unverified AI output can make its way into reports.\r\n\r\nMore importantly, it introduces a structured approach to using AI responsibly, combining speed with validation, and technical output with real-world context. Attendees will leave with a clear framework for integrating AI into their workflow without compromising credibility or impact.", "description": "AI can generate payloads, summarise scans, and even suggest vulnerabilities, but it doesn\u2019t understand risk.\r\n\r\nIn the rush to adopt AI in penetration testing, many are producing faster results, but weaker outcomes. Findings are less validated, reports are less meaningful, and the gap between technical output and business impact is growing.\r\n\r\nThis talk challenges the hype and focuses on what actually matters: using AI as a tool, not a crutch.\r\n\r\nBy walking through real examples, we\u2019ll explore how to turn raw AI-assisted output into clear, credible, and actionable security insights. Because in the end, the value of a pentest isn\u2019t in the payload , it\u2019s in the decision it drives.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ABDZFW", "name": "Dumisani Masimini", "avatar": "https://pretalx.com/media/avatars/WJTEYT_s7l8WfN.webp", "biography": "Dumisani Masimini is a penetration tester and security consultant at Pentest People.\r\n\r\nHe is particularly interested in the human side of security, how technical findings are communicated, understood, and acted upon within organisations. His work explores the gap between exploitation and impact, helping translate complex vulnerabilities into clear, actionable risk.\r\n\r\nDumisani has contributed to community discussions through webinars and is building a body of work focused on improving how penetration testers communicate security risk.", "public_name": "Dumisani Masimini", "guid": "c87924f0-7029-5313-b21c-61a3a0a2766b", "url": "https://pretalx.com/bsides-exeter-2026/speaker/ABDZFW/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/T3H3JV/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/T3H3JV/", "attachments": []}, {"guid": "463b054b-720d-5d92-8eec-b3b3c2b545ea", "code": "MDYRPK", "id": 93002, "logo": null, "date": "2026-04-25T11:40:00+01:00", "start": "11:40", "duration": "00:40", "room": "Seminar Room 7", "slug": "bsides-exeter-2026-93002-shadow-ai-is-your-new-data-exfiltration-channel", "url": "https://pretalx.com/bsides-exeter-2026/talk/MDYRPK/", "title": "Shadow AI Is Your New Data Exfiltration Channel", "subtitle": "", "track": "Red", "type": "Talk", "language": "en", "abstract": "Being responsible for designing and implementing DLP policies in my organisation, I have seen first hand how companies suffer data loss without even realising it. The individuals exfiltrating the data are unaware what they are doing is even exfiltration of data through legitimate workflows.\r\n\r\nTraditional Data Loss Prevention programs were built to monitor email gateways, USB devices, and cloud storage. But generative AI has introduced a new and largely unmonitored exfiltration channel.\r\n\r\nIn many organisations, AI adoption is outpacing governance. Employees restricted from using approved AI tools often turn to personal accounts or unsanctioned platforms pasting sensitive board packs, proprietary source code, and client data into public models in order to work more efficiently.\r\n\r\nExisting DLP controls frequently fail to detect this behaviour because the activity appears legitimate and encrypted within normal web traffic.\r\n\r\nIn this talk, I explore:\r\n\r\nHow generative AI creates blind spots in traditional DLP architectures\r\nReal-world scenarios where sensitive data leaves the organisation without triggering alerts\r\nHow red teams and malicious insiders can weaponize legitimate AI usage\r\nWhy most DLP programs measure activity instead of risk\r\nPractical approaches to regaining visibility without shutting down innovation\r\n\r\nThis session bridges red, blue, and governance perspectives to challenge what data loss prevention really means.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "JTJHMU", "name": "Chijioke Okoye", "avatar": null, "biography": "Chijioke Okoye is a Security Analyst with hands-on experience supporting organisations to manage risk, protect data, and build trust into technology from the ground up. With a background spanning information security, governance, and AI-enabled systems, their work focuses on translating complex security concepts into practical, real-world solutions that developers and businesses can actually apply.\r\n\r\nChijioke has worked across compliance-driven and fast-moving environments, helping teams embed security, risk awareness, and responsible AI practices into everyday workflows. As a speaker, Chijioke brings a grounded, accessible approach to security, combining technical insight with real examples from building and securing modern digital systems.", "public_name": "Chijioke Okoye", "guid": "a770bdf8-4f2b-5db5-8fb5-b3d694e47bf4", "url": "https://pretalx.com/bsides-exeter-2026/speaker/JTJHMU/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/MDYRPK/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/MDYRPK/", "attachments": []}, {"guid": "323097d5-47b8-560c-986a-deefdfe9a273", "code": "8E8ZK7", "id": 92022, "logo": null, "date": "2026-04-25T12:20:00+01:00", "start": "12:20", "duration": "00:40", "room": "Seminar Room 7", "slug": "bsides-exeter-2026-92022-open-ish-source-adventures-in-edge-device-memory-forensics", "url": "https://pretalx.com/bsides-exeter-2026/talk/8E8ZK7/", "title": "Open(ish) source: Adventures in edge device memory forensics", "subtitle": "", "track": "Red", "type": "Talk", "language": "en", "abstract": "As defenders, over the last few years we\u2019ve seen a seemingly relentless stream of incidents, vulnerabilities and attack campaigns targeting network edge devices and appliances. Exposed at the edge of our networks defending these devices is critical, but their proprietary and locked down operating systems mean we often lack the detection and response tools we use every day to quickly triage, investigate and remediate commodity server and client operating systems.\r\n\r\nBut under the hood, almost all modern network edge devices run some flavour of Linux. Memory collection and analysis on Linux is well supported by both commercial and open source tools such as Volatility 3. In this talk I\u2019ll discuss some of the challenges of collecting and analysing memory on Linux-based appliances, and show how with some creativity (and a little reverse-engineering) you can often get the same level of visibility and analysis we get on more standard Linux operating systems.\r\n\r\nWhether you\u2019re an incident responder, part of a security team responsible for these devices or a device vendor I\u2019ll discuss how you can be better prepared for incidents involving these types of systems and use memory analysis as a part of your investigation.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "QMYFNW", "name": "Richard Tuffin", "avatar": null, "biography": "Richard is an experienced cyber security engineer and researcher. Over a 20 year career he\u2019s worked in both the public and private sector on vulnerability research, exploit development and security engineering across a wide range of platforms. Specialising in Linux and embedded device reverse engineering and analysis he is currently a Principal Software Engineer at Volexity Inc.", "public_name": "Richard Tuffin", "guid": "158173b6-970d-522e-91e7-69d987ff8839", "url": "https://pretalx.com/bsides-exeter-2026/speaker/QMYFNW/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/8E8ZK7/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/8E8ZK7/", "attachments": []}, {"guid": "a30be3f5-03d7-544d-8a9a-7b8a46e84d9f", "code": "FQDTGJ", "id": 92555, "logo": null, "date": "2026-04-25T14:45:00+01:00", "start": "14:45", "duration": "00:40", "room": "Seminar Room 7", "slug": "bsides-exeter-2026-92555-your-browser-is-snitching-tracking-without-cookies", "url": "https://pretalx.com/bsides-exeter-2026/talk/FQDTGJ/", "title": "Your Browser is Snitching: Tracking Without Cookies", "subtitle": "", "track": "Red", "type": "Talk", "language": "en", "abstract": "This talk explores the world of browser fingerprinting, how seemingly identical devices can be uniquely identified using subtle characteristics exposed by modern browsers. We will examine the specific attributes that contribute to fingerprint uniqueness, how tracking systems leverage them at scale, and the effectiveness of current evasion and anti-fingerprinting techniques.", "description": "This talk explores the world of browser fingerprinting, how seemingly identical devices can be uniquely identified using subtle characteristics exposed by modern browsers. We will examine the specific attributes that contribute to fingerprint uniqueness, how these can be leveraged by tracking systems and demonstrating these signals inside a browser.\r\n\r\nFurthermore, the talk will dive into current evasion and anti-fingerprinting techniques, demonstrating what steps should be taken to reduce and avoid fingerprinting. Including ways to obfuscate or standardise signals.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZCNSXR", "name": "Adam Crease", "avatar": "https://pretalx.com/media/avatars/NDTVSD_x84L3ja.webp", "biography": "Adam is a penetration tester with a background in software development. His work focuses on  web application and infrastructure testing, amongst other testing. He is also a professionally registered cyber security practitioner.", "public_name": "Adam Crease", "guid": "0d865a10-a0c8-5809-8d84-e78f774e7d45", "url": "https://pretalx.com/bsides-exeter-2026/speaker/ZCNSXR/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/FQDTGJ/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/FQDTGJ/", "attachments": []}, {"guid": "7f25d25d-c940-5794-b0bf-9c56075a6078", "code": "YW3GZV", "id": 88150, "logo": null, "date": "2026-04-25T15:30:00+01:00", "start": "15:30", "duration": "00:40", "room": "Seminar Room 7", "slug": "bsides-exeter-2026-88150-ctrl-introduction-to-macos-red-teaming-in-2026", "url": "https://pretalx.com/bsides-exeter-2026/talk/YW3GZV/", "title": "\u2318+ Ctrl: Introduction to macOS Red Teaming in 2026", "subtitle": "", "track": "Red", "type": "Talk", "language": "en", "abstract": "Your target runs macOS, but you don\u2019t know your SIPs from your ESFs? And there\u2019s no friendly Active Directory to fall back on? Where do you even begin?\r\n\r\nThis talk will give you the fundamentals you need to adapt your red team methodology to macOS with confidence. You don\u2019t need to be Patrick Wardle to get results, but by the end of this talk you will at least know who that is. We will cover:\r\n\r\n* Core macOS security concepts and how they will affect your operation\r\n* Offensive and defensive security tooling\r\n* The mindset shifts to pivot your Windows & Linux skills into operating in macOS environments", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "SY7BXD", "name": "Matthew Lucas-Clarke", "avatar": "https://pretalx.com/media/avatars/SY7BXD_UAMYhTh.webp", "biography": "Matthew Lucas-Clarke has worked in an internal red team since 2024, previously honing his skills in pentesting and consulting. From then, he has delivered red teams, purple teams, and cyber-resilience exercises in a MacOS-heavy Zero Trust environment.\r\n\r\nMatthew has previously presented as Matthew Lucas at SEC-T in Stockholm and BSides Cambridge (UK), talking about misconfigurations in Windows OpenSSH and has written blog posts about hacking Azure DevOps Pipelines.", "public_name": "Matthew Lucas-Clarke", "guid": "cb20e12e-9131-581d-9479-9a28888b2571", "url": "https://pretalx.com/bsides-exeter-2026/speaker/SY7BXD/"}, {"code": "GB3QPW", "name": "Victor van der Helm", "avatar": null, "biography": "Victor van der Helm is an experienced offensive security professional. Since 2021, he has focused on Red Teaming with a specialisation in AiTM phishing, malware development, CI/CD pipelines and cloud infrastructure. \r\n\r\nHas previously spoken at SteelCon in Sheffield about his research in automating malware development, with the goal of creating re-usable malware by protecting underlying techniques.", "public_name": "Victor van der Helm", "guid": "701a4bf7-eb81-51ca-ba39-d8d3ffb14d26", "url": "https://pretalx.com/bsides-exeter-2026/speaker/GB3QPW/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-exeter-2026/talk/YW3GZV/feedback/", "origin_url": "https://pretalx.com/bsides-exeter-2026/talk/YW3GZV/", "attachments": []}]}}]}}}