CI/CD pipelines significantly increase development efficiency but also introduce complex security risks. Vulnerabilities in these systems expose sensitive credentials, enable attackers to manipulate build processes, compromise cloud environments, and escalate privileges. This immersive, hands-on workshop will guide participants through real-world scenarios and hacking challenges to exploit and secure CI/CD pipelines, Kubernetes clusters, and AWS infrastructure.

In this workshop, participants engage in a high-stakes cyber battle within a factory's OT systems. Divided into Red and Blue Teams, they alternate between offensive and defensive strategies in an interactive game. The workshop emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.

Join us for an interactive half-day workshop where you'll learn the essential techniques of physical security testing. This session covers key skills such as lock picking, door bypass methods, and cloning insecure access cards.

This full-day workshop provides an overview of the low-level Linux features–capabilities, namespaces, and control groups (cgroups)–that are used to build containers and sandboxes. Beginning with classical privileged programs (set-UID-root programs), we look at how capabilities and namespaces can be used to place processes in “a world of their own” in which they have private instances of various “global” resources. Those features–user namespaces in particular–can also be used to implement the notion of a process that is superuser inside a container while being unprivileged outside the container. Finally, we’ll see how cgroups can be used to limit resource consumption, so that the processes in a container can’t negatively impact other users on the system. You can find some further detail on the workshop content at https://man7.org/training/sisess/sisess_course_outline.html and https://man7.org/training/sisess/.

In recent years, SBOM became an emerging topic to address the need to understand and track the software supply chain and gather a better understanding of the software composition that is used in our modern infrastructure.
Often heard promises are to be able to much faster identify and address vulnerabilities in upstream dependencies like Log4j or to mitigate supply-chain attacks like the XZ Utils attack. But what can it look like to work with SBOMs?
This workshop introduces an orientation on the tools and standards at hand and provides practical examples of how and when to generate SBOMs, how to assess their quality, and how to merge and consume them.

Large Language Models (LLMs) are reshaping modern software and system architectures - but with their increasing adoption come new and amplified security concerns. This workshop explores the technical and strategic dimensions of securing LLM-based applications and services.
Participants will learn how components such as RAG pipelines, prompt engineering, and fine-tuning introduce specific risks that go beyond traditional machine learning. Using the OWASP LLM Top 10 (2025) as a framework, we examine how known security principles reappear in new forms - and why many current threats are just the tip of the iceberg.

In addition to architectural deep dives, we introduce foundational approaches like Security by Design, guardrail strategies, and the integration of risk awareness into the LLM development process. We also provide a compact overview of relevant regulatory developments, including the Cyber Resilience Act and EU AI Act - and how they intersect with the practical realities of LLM deployment.
Whether you're building, integrating, or securing LLMs, this session offers a comprehensive view of today's threat landscape and tomorrow’s assurance requirements.

This workshop aims to equip stakeholders with the knowledge and practical approaches needed to implement the security by design principle in line with existing regulations, while addressing the challenges of security–legal interaction that arise in the process.

Learn how to build a universal, AI-assisted security agent using MCP to integrate multiple static analysis tools, generate vulnerability reports, suggest fixes, and produce ready-to-use secure code.

This 4-hour interactive workshop teaches the fundamentals of threat modeling using the 4-question framework. Participants will gain hands-on experience through practical scenarios, learn key terminology and best practices, and discover how to integrate threat modeling into their development processes. Designed for both technical and non-technical roles involved in software development decision-making, attendees will leave with immediately applicable skills and tools to support threat modeling in their organizations.

Don't miss the glitch!

In the past few years, many new open source tools have arisen that enable reliable fault injection attacks at a reasonable budget. In addition to this, many great performing budget tools are now available that are perfectly suitable for a broad range of fault injection targets. This brings a great opportunity to get started with hardware security and learn about hardware fault injection attacks while experimenting. The part that is a bit more challenging is that most of these tools assume that you are an expert in the field and therefore they are limited to providing an interface with many options and features, some heavily tested examples and target boards that work with these examples and that are specifically designed to give the feeling of success, while not truly diving into the process and decision-making that led to them.

This workshop is intended to fill in that gap and introduce you to the basic steps that need to be taken in order to prepare and profile a generic target and be able to start a Voltage Fault Injection (VFI) or Electromagnetic Fault Injection (EMFI) campaign, all while using budget-friendly equipment and inexpensive open source hardware tools.

In this worksop we will do 4 labs where you will learn deception techniques you can use in your organization as soon as you get back to work.

They are awesome. They are free. And they will frustrate your next attacker and/or pen tester.

Building valuable solutions is a complex endeavor that requires a breadth of knowledge. That not being enough, we’re also getting asked to build secure solutions in a secure way - yet what does that even mean? How do we incorporate such a vast area of expertise into our everyday workflows?

In this hands-on workshop, I will introduce you to core security concepts, like the CIA triad or defense in depth - and how we can apply them in everyday work. Based on a practical example, we will go through the development lifecycle with security in mind. You will learn about threat modeling to uncover risks early on, secure coding principles to bake security in, security testing approaches to make informed decisions depending on your risk appetite, and ways of detecting potentially malicious activity to protect against. Interactive exercises at each step will let you experience how security can neatly fit with what you’re already doing without adding artificial gates.

Whether you want to keep your system secure or get a neglected one back in shape, this session is for you. Join us to gain fundamental security knowledge, hone your security skills, and get tactical advice to secure your development lifecycle. Let’s make things a bit more secure than yesterday every day!

Have you ever advocated for better security measures, requested more budget for security, asked a security-team to takeover additional responsibilities, ... and received a "NEIN"?
Or even had to say "NEIN" yourself?
In this NEINth edition of BSIDES Munich Martin will shed some light on the many facets of saying "no" in security and how it has affected him. More importantly, he will share personal findings from his past 20 years in security on how to eventually turn "no" into "yes".

Dumping LSASS to get passwords, which in the worst case are only hashed… doesn't have to be!

We demonstrate more sophisticated methods for attackers to obtain cleartext passwords. In the Windows world, we examine Netfilter, Password Filter, and Security Support Providers, which enable custom DLLs to be loaded to capture passwords in cleartext.

Enabling WDigest or searching for passwords in GPO policies are other successful tactics.

Clear-text passwords can also be hidden within command lines or in password properties.

In the Linux world, we have additional techniques to read cleartext passwords. We provide examples such as backdooring PAM, SSH, or hooking PHP functions.

After taking over VPN appliances, attackers also like to backdoor the login page to send passwords during login to a domain controlled by the attacker.

In our talk, we present not only individual techniques but also real-world examples from various incident response cases, illustrating how these techniques can be detected in logs and through forensic artifacts.

On one hand, experienced red teamers will learn new techniques; on the other hand, blue teamers can benefit from the detection strategies.

Learn how to automate incident response triage using open-source tools. This talk shows how to go from forensic collection to collaborative analysis in minutes, with real-world workflows and cloud-based automation.

Product Security teams (aka PSIRTs) face a common challenge: how to structure an incident root-cause investigation that ensures alignment with stakeholders' or regulatory requirements?

This 25‑minute session (plus 5 min Q&A) provides a practical example on how to structure a product incident response process, scope outputs, choose tools based on forensic and threat‑driven requirements, and encode repeatable investigation workflows using the opensource framework DFIQ.

Real examples show how high‑level investigative questions map to forensic artifacts and techniques. Based on the recent work of a team redesigning their investigation process and toolset, this talk delivers practical value to anyone building or refining incident-response and digital-forensics workflows.

With the growing adoption of TPMs (Trusted Platform Modules) in the Linux ecosystem, thanks to features like TPM-backed disk encryption in systemd and the longstanding use in Windows BitLocker, TPM chips are seeing a resurgence as a go-to for secure secret storage. This trend is increasingly making its way into embedded devices. Often as a measure to fulfill NIS2, EU Cyber Resilience Act or similar requirements.

However, embedded systems present a vastly different threat model compared to desktops or servers, and TPMs often don’t deliver the level of security many developers assume. In this talk, David will demystify TPM functionality in embedded Linux environments. He will give a concise overview of security threats for embedded devices and where a TPM can and or where it cannot help. Special focus will be put on using TPMs for disk encryption and integrity.

The session will wrap up with a discussion of alternative approaches, other usage scenarios for TPMs, and how to make informed decisions when designing secure embedded systems.

Forget zero-days - today’s attackers are skipping the code and going straight for your trust. In this talk, we’ll explore how a new wave of cybercriminals, many young, non-technical, and highly creative, are bypassing traditional defenses using native tools, built-in features, and social engineering. From abusing RMM software and Microsoft Teams messages to weaponizing OneNote, these attackers don’t need exploits; they need credibility. We’ll break down real-world tactics, show how these attacks unfold, and discuss why defenders must shift their mindset from patching vulnerabilities to patching human trust.

While the threat of Linux malware grows, its complexity is often overestimated. Many samples lack sophisticated obfuscation, making them prime targets for modern analysis. This talk introduces a cutting-edge methodology that integrates Large Language Models (LLMs) directly into the reverse engineering workflow. We will demonstrate how to leverage LLMs with a disassembler to automate the analysis of Linux binaries, generating detailed functional reports in minutes. Attendees will gain practical techniques to harness AI for faster, more efficient threat hunting, empowering them to unmask the inner workings of Linux malware with unprecedented speed.

LUCR-3 better known as Scattered Spider has surged back in 2025, pivoting its social-engineering playbook from last year’s casino breaches to fresh waves against the insurance, retail and aviation sectors. Within a single June week, LUCR-3 struck several insurers, disrupting airline back-office systems, and a spring ransomware campaign devastated big-box retailers.

Still leveraging push-fatigue MFA bombing, SIM-swapping and help-desk impersonation, LUCR-3 now systematically abuses third-party IT providers to fan out across IaaS, SaaS and PaaS estates living off the land in cloud logs to stay invisible until ransom day. Permiso's P0 Labs has been monitoring LUCR-3's activities for over two years, documenting their evolving tactics, techniques, and procedures (TTPs). This session will delve into LUCR-3's latest strategies and provide actionable insights for cloud defenders to detect and mitigate such threats effectively.

Attendees will gain an understanding of many of Scattered Spider’s notable TTPs, with a specific technical focus on those targeting the SaaS and IaaS layers. While Scattered Spiders’ TTPs range widely, their persistence and focus is anything but scattered.

Nowadays there’s broad consensus that security is an important topic for app developers. Unfortunately however, there are still many blog posts, forum discussions, and tutorials out there that propagate some common misconceptions. Especially apps developed using Flutter, Google's popular cross-platform framework for building native apps from a single Dart codebase:

• “Compiling to native machine code can successfully hide sensitive strings like API keys”
• “There’s a built-in obfuscation mode, so that will protect my sensitive algorithms”
• “There are no reverse engineering tools specifically for Dart yet, so attackers can’t decompile my app”
• “App security scanning tools don’t show findings for my Flutter app, so it must be secure”
• ...

In this talk we put these statements to the test and ask ourselves: “How would an attacker actually approach a Flutter app?”
We start with low-effort wins like finding hardcoded secrets and verbose logging, move to insecure coding practices like weak crypto and broken TLS validation, and finally explore advanced issues like injection attacks and insecure IPC mechanisms.

For each step you’ll see how these issues can be spotted, exploited, and ultimately mitigated - plus practical tips for securing your Flutter apps in development and production.

Social engineering attacks aren’t about breaking technology—they’re about breaking people. This talk dives into the powerful intersection of cybersecurity and psychology, revealing how attackers exploit instinctive human behaviors to deceive, persuade, and manipulate. Drawing from real-world examples and backed by scientific research, we’ll explore the psychological mechanisms behind successful social engineering attacks. We’ll examine how these same psychological principles can be repurposed to build resilience, not just awareness. You’ll learn why traditional security training often fails to change behavior and how to replace it with effective, science-backed techniques: psychological inoculation, decision friction, cultural reinforcement, and behaviorally designed systems.

The global vulnerability disclosure ecosystem is in a state of flux. With the US-centric CVE program facing funding challenges and the NVD grappling with persistent backlogs, traditional intelligence sources are under immense strain. This talk will dissect these critical issues and their direct impact on AppSec professionals, who are increasingly challenged by the need for accurate prioritization and timely responses. We will then pivot to explore the rising influence of global players, such as ENISA, and other alternative vulnerability databases, analyzing their strengths, weaknesses, and the implications of this fragmented landscape. Attendees will leave with actionable strategies to diversify their intelligence sources, prioritize effectively beyond raw scores, and leverage new tools to build more resilient AppSec programs in this evolving environment.

High-performing teams thrive when focus, flow, and collaboration are supported – not interrupted. But what happens when security requirements unintentionally overload a team’s cognitive capacity? In this talk, we’ll explore how excessive cognitive load – what I call a Human Buffer Overflow – can reduce a team’s ability to deliver high-quality, creative solutions. Drawing from real-life examples, I’ll share practical strategies to reduce friction: from automating security tasks, to integrating security into agile workflows, to launching inclusive Security Champions programs that empower teams rather than burden them. Let’s shift security left – without burning teams out.

The Dark Web is a scary place. In order to deter the cybercrime, I feel confident exploring its dangerous grounds and know well how to use the Dark Web to defend the victims. I want to invite you on this journey of venturing far beyond your defense perimeter, where cyber criminals are just planning their attacks, and teach you how you can use this knowledge as defensive skills to prevent attacks from happening in the first place.

The Data Protection API (DPAPI) is a critical yet often overlooked component of Windows security. It provides transparent data encryption services to both users and applications, enabling the secure storage of sensitive information such as credentials, encryption keys, and browser data. This talk demystifies how DPAPI works and should give an idea about the basics as well as the gotchas.

Once an attacker has gained initial access to an AWS account, one of their first steps is to build persistence. Their retained access can last even after defenders have already begun to isolate and contain an attack. This talk will evaluate the advantages and drawbacks of attacker persistence techniques in AWS, comparing their complexity, potential for compromise, and how easy they are to detect.

Of course, an attacker's choice of persistence methods can depend heavily on the permissions available to them and the target they’re after, and there are a myriad of different ways to build persistence. Therefore, the aim here isn’t to cover every possible persistence method in AWS. Instead, this talk will cover some of the more common methods that have been seen in the wild, and draw your attention to some of the more niche techniques that are still worth looking out for and locking down.

Finally, for each technique, this talk will review practical detection and prevention methods and the considerations of these.

Sometimes the analysis part of incident response will give you challenges of a special kind: investigate this system which runs an operating system you possibly never heard of.
In this talk, I want to give you a method that allows you to take on such challenges with a joyfull "YES". I will also highlight supporting tools.

Authoritarian regimes are increasingly leveraging the internet’s architecture to exert real-time control over communication and information. This talk dissects the technical mechanisms used to surveil, filter, and shut down internet access at scale. From deep packet inspection and TLS fingerprinting to BGP hijacking and protocol suppression, we examine how entire populations are digitally silenced. Real-world measurements from global observatories such as OONI, IODA, and RIPE Atlas illustrate the anatomy of large-scale blackouts. Attendees will gain a deep technical understanding of how modern censorship is implemented—and how it continues to evolve.

For nearly two decades, Windows has been plagued with NTLM reflection vulnerabilities. This special case of NTLM authentication relay has historically led to local privilege escalation or even remote command execution, although with some limitations. Over time, mitigations against this class of vulnerability were implemented, leading to a false assumption that NTLM reflection attacks were relics of the past. This presentation will shatter that assumption by covering the research that led to the discovery of CVE-2025-33073, a logical vulnerability leading to authenticated RCE as SYSTEM on almost any Windows machine and without any user interaction.

In this talk, fundamental concepts about authentication relay attacks will be explained, as well as the context surrounding the research and the accidental discovery of the vulnerability. Afterwards, a methodical investigation of the root cause of the vulnerability will be presented, first by analysing network captures and then by performing a thorough reverse-engineering of LSASS internals and its NTLM authentication provider.

Subsequently, we will shift our attention to Kerberos, where we will demonstrate that CVE-2025-33073 is not restricted to NTLM and that it also affects Kerberos. After a brief reminder of the protocol, in-depth insights in its integration within LSASS will be discussed as well as an undocumented behavior, to understand why this vulnerability also applies to Kerberos.

Finally, the patch analysis will be presented. We will detail how it fixes the specific attack vector described in this presentation and how it may not be enough to completely eradicate this class of vulnerability. We will conclude by explaining how the exploitation of this vulnerability could have been prevented even before it was found and the current state Windows machine hardening.

AI applications surface new, visible risks—but underneath lie amplified traditional ones. The massive data aggregation, probabilistic outputs, and decision‑making power of AI systems make them inherently more critical. To defend these systems, we must extend our security programs and rediscover the strength of foundational security principles. In this talk, we will examine new threats to AI applications, distinguish them from familiar "old" threats, and explore both through a practical threat model of a real‑world AI deployment.

We are using the iceberg metaphor to visualize the relationship between old and new risks. This image operates on multiple levels. Above the surface you see prompt injection, hallucinations… but beneath the waves lie familiar threats and traditional risks—amplified data exposure, access control failures, insecure components. The thesis is simple: new AI risks are real—but don’t throw out your classic AppSec toolkit.

In another interpretation, the image also illustrates how AI applications often function: only a thin layer—usually the API interface—is exposed. Beneath the surface, however, lies a vast repository of data and capabilities (agents) that pose the real danger if compromised. It’s also crucial to consider how AI is integrated into the business case, as that integration directly influences the system’s criticality.

In the example of a real‑world AI application—a RAG‑based scenario—we’ll explore how to conduct risk assessment and threat modeling for AI systems, and examine the role of traditional security measures. We show how classic defenses remain vital for protecting AI applications as we walk through a hands‑on threat‑modeling case. We cover the threat‑modeling process, highlight the new dimensions introduced by AI (including how to seamlessly incorporate EU AI Act requirements), and demonstrate how to include AI‑specific risks into your existing threat‑modeling workflows.

Cloud breaches are fast, noisy, and complex. This talk delivers a practitioner-focused cheatsheet for incident response and forensics in AWS, Azure, and GCP—highlighting where to look, what to collect, and how to act quickly. Whether you're chasing logs in CloudTrail, unpacking GCP service accounts, or containing incidents in Azure, this session gives responders the critical triage knowledge needed to stay ahead of adversaries.

Join me on a journey through tales & fails from real-world
offensive security projects where things didn’t always go as planned.
From hilarious technical mishaps to unexpected human errors, these
"facepalm moments" turned out to be some of the best learning
opportunities. This talk shares funny yet insightful stories that
highlight a simple truth: without taking risks, there is no real
progress.