In a world increasingly mediated by digital systems, algorithms have become the unseen architects of our reality. From social media feeds to search engine results, these mechanisms operate quietly in the background; curating content, shaping narratives, and reinforcing personalised viewpoints. As machine learning systems evolve, their influence deepens, subtly guiding what we see, think, and believe. While this is happening all over the world, fragile countries, such as South Africa, are especially at risk.

This talk will explore the hidden power of algorithms and AI in shaping perception and "truth", by examining how recommendation engines amplify bias, how engagement-driven design warps public discourse, and how reality itself becomes subjective under the influence of machine-curated content. Who controls these systems? What values are encoded in their logic? And as artificial intelligence grows more sophisticated, are we seeing the world as it is or only as it is being rewritten for us? Are we seeing South Africa as it is, or as the "Ghost in the Machine" portrays it.

Android Java Native Interface (JNI) provides a means to bridge the Java and C/++ world. While the Java Bytecode is relatively straightforward to decompile and analyse, these compiled JNI libraries (.lib, .so files) have pretty much been left in the shadows, especially with regards to reverse engineering broader aspects of the JNI API. This lack of vision on JNI Binary-fu, is a significant hurdle for security researchers and reverse engineers. Binaries can house sensitive logic, custom encryption algorithms, or even malware, making their analysis crucial for a comprehensive security assessment.

The talk presented here aims to shed some light on practical methodologies to reverse engineer and even automate vulnerability assessment for Android's JNI Libraries. Security Researchers and anyone looking to expand their Android mobile security assessment skill set should give this talk a listen.

Alternate longer title : Geo-locating WiFi data as a Proxy for Human Population Distribution (or Vibe coding with Google, Apple WLS and Wigle)

This talk explores the geo-location of WiFi access point data - as a novel proxy for estimating human population distribution. I examine how open-source data—previously leveraged in research such as Erik Rye's work with Apple's WiFi location API—can be harnessed for localised analysis. Rye’s approach, which utilizes Apple’s API to return locations of BSSIDs and their neighboring networks, inspired a deeper question: Could one "crawl" outward from a single point to systematically map all BSSIDs in a region?

AWS presigned URLs have become a popular way to provide secure and sane access to S3 buckets and other resources. But the security of presigned URLs greatly relies on the implementation and integrations made with individual systems, and simple mistakes can result in unwittingly signing sensitive data away to an attacker. As S3 buckets continue to be an abundant source of low hanging fruit for threat actors, we discover that presigned URLs might not be the silver bullet that S3 security needs.

In this talk, I will cover the cardinal sins that can be committed when implementing presigned access to S3 buckets, the resulting attacks that can arise from these mistakes, and how developers can best avoid them.

Despite robust capabilities, many organizations still struggle with misconfigurations and overlooked vulnerabilities in their identity infrastructure. This session examines the most prevalent security issues in Microsoft Entra ID (formerly Azure AD) and Active Directory, including over-permissioned accounts, weak access policies, and gaps in monitoring. Through real attack scenarios and lessons learned, attendees will discover best practices for hardening identity systems, leveraging Entra ID Governance, and automating access lifecycle management to prevent compromise and maintain compliance

This talk distills frontline lessons from real-world cyber incidents into a practical, fast-paced session. We’ll unpack each phase of the incident response lifecycle, examine actual attack patterns using open-source tools, and explore how to triage threats under pressure.

From phishing to ransomware, we’ll share what works, what fails, and how to avoid common traps. Whether you're part of a small IT team or a growing SOC, this talk offers actionable insights to help you detect, contain, and recover from cyber incidents with greater confidence and efficiency.

HSMs (hardware security modules) and their legacy processes are the silent backbone of our core payments infrastructure. Quantum computing poses a significant threat to our cryptographic landscape, and evolving our payments infrastructure to meet new threats requires planning and orchestration between many organisations. This talk is primarily aimed at security professionals in the financial sector who work with HSMs or write policy on managing them. In addition, those preparing for quantum computing or who would like some insight into core payments infrastructure and HSMs will benefit from this talk. Technical topics will be explained sufficiently so that those with no HSM experience can learn how they work and what the ecosystem looks like. Key takeaways are how quantum computing changes the HSM threat model, and the steps that can be taken to prepare for quantum computing. A change in key exchange process is suggested which will assist in preparation for quantum computing and improve operational efficiency.

This talk explores how skills from ethical hacking naturally translate into other domains; in this case, game hacking. What started as casual curiosity, sparked by a familiar security tool (dnSpy), evolved into dynamic game manipulation, memory patching, and architecture analysis - all in indie Unity games. The goal isn't to showcase elite-level techniques, but to highlight accessible, transferable skills and the mindset behind them. Attendees will see how everyday hacker tooling applies beyond its intended scope, and how game hacking can serve as a fun, beginner-friendly gateway into deeper technical exploration.

In today’s threat landscape, simply consuming threat intelligence feeds is not enough — defenders need practical methods for turning network data into actionable controls. This talk offers a real-world guide for security teams looking to move beyond dashboards and reports into proactive active network defense.

Phishing and its variants remain one of the most persistent threats in cybersecurity, yet the focus often stays on end-user awareness or reactive responses after people have already been scammed and had their money stolen. What if we could identify them before they reach our inbox or SMS. In this talk, I’ll share my hands-on journey of discovering and analyzing phishing links and websites in the wild — from following suspicious URLs to getting them taken down. I’ll also dive into how you can get ahead of phishing threats by using open-source tools, recognizing patterns, and applying investigative techniques. This isn’t just about the analysis — it’s about shifting the mindset from reactive defense to proactive discovery.

Firebase is a popular serverless application platform with a fundamental fail-open flaw. In 2021, I created a tool for exploiting that flaw, which I still use today. In this talk, I'll showcase the kinds of vulnerabilities I commonly find in Firebase applications, explain why these vulnerabilities persist, and discuss how developers should approach secure Firebase development.

In today’s fast-paced development cycles, integrating security early aka "shifting left" can feel like just another thing on a long to-do list. But what if you could embed security into your existing Software Development Lifecycle (SDLC) with minimal disruption?

This lightning talk is for busy developers, security champions, and DevOps teams looking for practical and lightweight ways to get started with DevSecOps. We’ll explore real-world tips and tools that don’t require a massive security overhaul, just a few smart changes that add big value.

In a mobile-first world, malware doesn’t just steal—it rewrites realities. This talk offers a developer-centric walkthrough of state-of-the-art mobile malware targeting Android and iOS mobile devices, with a spotlight on GoldDigger, a sophisticated mobile application malware that abuses Android’s Accessibility Services to silently hijack user interaction and cause harm.

Through a technical analysis of GoldDigger’s behaviour and infection chain, we’ll unpack the overlooked mechanisms it leverages and why security engineers need to take note. The general public will be shown GoldDigger’s effects. In addition, developers, security enthusiasts, and pen-testers will walk away with actionable insights on designing with defence in mind, hardening their applications, and detecting behavioural anomalies.

This isn’t just another malware overview. While public data on GoldDigger’s tactics remains scarce, this session distils findings from real-world research, offering protective coding strategies rarely discussed outside red team circles. Attendees will leave with:
• How GoldDigger operates and why it's a threat worth tracking
• Practical safeguards Android/iOS developers can implement today.
• Emerging trends in mobile malware — and what’s next on the horizon.

Forget the optimism of 2024—in 2025, the threat landscape has matured, and the attacks have become more subtle, contextual, and embedded in the platform itself. As builders of the mobile experience, developers are on the frontlines—whether knowingly or not, they’re shaping the future of security. Let’s start rewriting realities the right way—together

Java remains to be the bedrock of enterprise software. Its widespread use makes it a valuable target for attackers to pursue, and for pentesters to understand. Despite that, opportunities to test Java applications seem fewer than they should be, so we're excited to discuss the results of this research.

In this talk, we provide insights into the exploitation of arbitrary class loading on the JVM, focusing on an illustrative vulnerability we discovered in the Graylog server (CVE-2024-24824) to facilitate the discussion. We will provide an overview of the methodologies we used to find it, highlighting the tools and techniques that proved effective in our research.

We will explore the various exploitation opportunities this vulnerability allowed, including XXE and SSRF attacks, among others. Furthermore, we will also discuss the limitations we encountered that prevented us from exploiting it further.

By sharing our findings, we aim to enhance the understanding of arbitrary class loading vulnerabilities in Java applications and foster a dialogue on the importance of robust security practices in software development.

SocVel Live: Command the Breach is a 45-minute interactive tabletop meets "choose-your-own-adventure" experience. Inspired by recent North Korean threat campaigns, the audience will guide a live breach investigation - voting on decisions, uncovering consequences, and tracking the impact on time, resources, and business reputation. No boring slides. No fixed-path. Just instinct, pressure, and collective response.