BSides Munich 2025

Version rearranged time 9-19 Nov. 17, 2025

Update due to canceled talk replaced with a backup speaker: Younes.

We have a new session: “In Scope, Out of Sight Why NIS-2 Isn’t Landing in German SMEs” by Younes Ahmadzei.

We sadly had to cancel a session: “(Rookie) The Psychology of the Phish: Inside the Mind of the Manipulated and How to Turn It Into a Strength” by Julia Bezdziel

Version rearranged time 9-18 Nov. 7, 2025

We released a new schedule version!

Version Changing 2h workshops to the afternoon Sept. 29, 2025

We released a new schedule version!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

• “Developing Universal AI Agents for Static Code Analysis via MCP” by Vlad Dyachenko, Sunil Kumar (Nov. 15, 2025, 9 a.m. → Nov. 15, 2025, 2 p.m.)
• “Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day” by Lisi Hocke (Nov. 15, 2025, 11 a.m. → Nov. 15, 2025, 4 p.m.)
• “Introduction to Physical Security Testing” by Georg Jobst (Nov. 15, 2025, 2 p.m. → Nov. 15, 2025, 9 a.m.)

Version 0.31 - New workshop rooms Sept. 29, 2025

We released a new schedule version!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

• “Developing Universal AI Agents for Static Code Analysis via MCP” by Vlad Dyachenko, Sunil Kumar (Hochschule München - R0.Foyer → Hochschule München - R1.005)
• “Let's make hackers cry.... With Deception!” by John Strand (Hochschule München - R1.Galerie → Hochschule München - R0.004)
• “Secure Development Lifecycle Applied - How to Make Things a Bit More Secure than Yesterday Every Day” by Lisi Hocke (Nov. 15, 2025, 2 p.m., Hochschule München - R0.Foyer → Nov. 15, 2025, 11 a.m., Hochschule München - R1.005)
• “Introduction to Physical Security Testing” by Georg Jobst (Nov. 15, 2025, 9 a.m., Hochschule München - R1.Galerie → Nov. 15, 2025, 2 p.m., Hochschule München - R1.005)

Version 0.30 Sept. 22, 2025

First version of the conference agenda.

We have new sessions!

• “Structuring (cyber) incident root-cause investigations: a practical walk-through” by Joao Collier de Mendonca
• “Unmasking the Unseen: Effortless Linux Malware Reversing with LLMs” by Remco Sprooten
• “From Hours to Minutes: Automating Incident Response Triage with Open-Source Tools” by Markus Einarsson
• “Translating mobile app security lessons to the Flutter stack” by Samuel Hopstock
• “Cloud IR: A Rapid Guide for AWS, Azure & GCP” by Erblind Morina
• “Human Buffer Overflow: How to Deal with Cognitive Load in High-Performing Teams” by Juliane Reimann
• “The art of saying NEIN (in security)” by Martin Brunner
• “The Perks and Perils of Persistence: AWS Attacker Techniques” by Oisin B
• “Trust Issues: How Gen Z Attackers Hack Without Exploits” by Tom Barnea
• “NTLM reflection is dead, long live NTLM reflection: Story of an accidental Windows RCE” by Guillaume André, Wil
• “Turning Off the Internet: Technical Tactics of State-Scale Censorship and Shutdowns” by Reza Sharifi
• “The Tip of the Iceberg: Protecting AI Systems Against Old and New Threats” by Michael Helwig, Benjamin Altmiks
• “Oops, I pwned it again!” by David Elze
• “DPAPI Demystified: Abusing the Windows Data Protection API one secret at a time” by Daniel Küppers
• “TPM Is No Silver Bullet: Pitfalls in Embedded Device Security” by David Gstir
• “Déjà Vu with Scattered Spider: Are Your SaaS Doors Still Unlocked?” by Andi Ahmeti, Abian Morina
• “Fantastic clear-text passwords and where to collect them” by Stephan Berger
• “Navigating the Volatile Vulnerability Landscape: Strategies for Resilience” by Jerry Gamblin
• “(Rookie) The Psychology of the Phish: Inside the Mind of the Manipulated and How to Turn It Into a Strength” by Julia Bezdziel
• “Why I Go to the Dark Web Every Day” by Alex Holden
• “Forensic investigations of rare operating systems” by Herbert Bärschneider

Version 0.24 Sept. 6, 2025

One new workshop added.

We have a new session: “Let's make hackers cry.... With Deception!” by John Strand.

Version 0.23 Aug. 22, 2025

Added Introduction to Physical Security Testing workshop by Georg Jobst.

We have a new session: “Introduction to Physical Security Testing” by Georg Jobst.

Version 0.22 Aug. 21, 2025

We released a new schedule version!

Version 0.21 Aug. 21, 2025

We released a new schedule version!

We have a new session: “Factory Under Siege: Red and Blue Team Tactics in Operational Technology” by Sarah Mader, Nick Foulon.

Version 0.2 Aug. 20, 2025

We have new sessions!

• “Security Engineering for Large Language Models: Architecture, Risks, and Regulatory Readiness” by Benjamin Altmiks, Michael Helwig
• “Introduction to Hardware Fault Injection” by Javier Vazquez Vidal
• “Hands-on Threat Modeling Workshop” by Juliane Reimann, Moritz Krause
• “Cloud-Native Chaos: Hacking CI/CD and Cloud Environments” by Daniel Schwendner, Samuel Hopstock

Version 0.1 Aug. 18, 2025

Pre-draft.