BSidesCharm2025

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
No sessions on Friday, April 11, 2025.
08:30
08:30
90min
Registration Opens for the Day
Track 1
08:30
90min
Registration Opens for the Day
Track 2
08:30
90min
Registration Opens for the Day
Training
10:00
10:00
480min
Active Directory Security 101
Jim Sykora, Darryl G. Baker

Active Directory (AD) is OLD in tech years, but this 25-yr-old identity platform is still deployed all over. This course focuses on understanding AD to build foundational defenses against common attacks and misconfigurations. Through guided lectures, instructor demonstrations, and hands-on labs participants will explore key AD security components and best practices for hardening AD environments.

Training
10:00
50min
Keynote
Brian Baskin

ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ

Track 1
11:00
11:00
30min
Visit our Sponsor and Villages
Track 1
11:00
30min
Visit our Sponsors and Villages
Track 2
11:30
11:30
20min
Beyond Tor and VPN: Protect Your Privacy With Decentralized Mixnet
Alexis Cao

The internet is filled with prying eyes. While several well-established tools including TOR and VPNs offer certain degrees of privacy, they all have limitations that could leave users vulnerable to advanced attacks. In this talk, I’ll discuss the foundations of a decentralized mixnet, how it performs against Tor and VPN, and how you can use it to protect your privacy.

Track 1
11:30
20min
Cyber Deception in GCP with Generative Traps
Matt Maisel

Cyber deception is a ruse to mislead or disrupt adversaries by exploiting their cognitive biases. Traps— lures that detect adversary interaction— reinforce the seams in detection surfaces monitored by security operations teams. But deception management and orchestration is painful in practice. Cloud environments provide an opportunity to overcome some of these pitfalls.

Track 2
12:00
12:00
50min
Closing the Visibility Gap: Threat Hunting with Hawk in the Microsoft Cloud
Jonathan Butler, Paul Navarro, Lorenzo Ireland

Security teams often face the challenge of navigating complex cloud environments with limited visibility into potential threats. Hawk bridges this gap by automating the collection of essential logs from Microsoft 365. This talk will demonstrate how Hawk, reduces investigation time, flags high-risk behaviors, and enables defenders to hunt for threats across the Microsoft cloud ecosystem.

Track 2
12:00
50min
Fight Stealth with Stealth: Detecting post-breach activity in the Cloud
Jenko Hwong

Advanced and evolving cloud attacks (Blizzard) make breach seem inevitable. We describe a deception detection approach using canaries, with a bit of honey and razors, to implement stealthy tripwires to provide low-FP detections for post-breach lateral movement and privilege escalation.

Track 1
13:00
13:00
60min
Lunch on your own
Track 1
13:00
60min
Lunch on your own
Track 2
13:00
240min
Hiring Village - Plus Talks and Resume Reviews
John Stoner and Jen Haverman

Resume Reviews - 1:00 - 2:15pm

Breakout Tabletop Discussions - 2:15-3pm
Room 1 - Interview Strategy Presented by John Stoner
Accomplished CISSP, PMP certified cybersecurity US Army veteran with an 25-year track record in USIC, public sector, and national security industry. Has 15* years of experience focused in cybersecurity with experience in CTI, CI, cyber maturity assessments, APT analysis, course development, and instruction. Passionate about helping others in INFOSEC and volunteers in the community and with several non-profits.

Room 2 - Reputational Impact on Career Hunt Presented by Jen Haverman
30+ years of collected experiences including cyber roles like sysadmin, ISSONSSM, pentester, red/white/blue/purple teamer, operations/incident response leader, adjunct faculty, and more. While she started in tech/cyber without degrees and certs, she is currently pursuing a cyber doctorate.

Resume Reviews - 3:00 - 5:00pm

Hiring Village
14:00
14:00
50min
Building Against a Breach…. Out of a disclosure?
Liz Wharton

Metadata from incident response and business communications can leak sensitive information, aiding threat actors. External legal and crisis management teams may unintentionally expose data. Explore how to leverage AI/ML analysis of regulatory disclosures such as SEC 8-K filings and past incidents to build pre-incident cross-team partnerships and mitigate future leaks.

Track 2
14:00
50min
Career Campaigns: Changing Your Professional 'Class' for an InfoSec Role
Stryker

Hack your way into a new cybersecurity career during this gaming-inspired interactive session, during which we'll transform your current resume's "character sheet" into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next – or first! – infosec campaign.

Track 1
15:00
15:00
50min
Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots
Allyn Stott

It’s coming, and you aren’t ready. Your company’s virtual agent is sending inappropriate messages and handing out customer PII to anyone that asks nicely. And who are they going to call? You. This talk explores the investigation and response process for handling the unique threats to GenAI chatbots.

Track 2
15:00
50min
When The Fall Is All There Is – How to Lose a Gig Without Losing Your Mind
Danny Akacki and Jeff Man

Jeff Man and Danny Akacki bring decades of experience—and their own battle scars—to explore not just the why behind job loss, but how to navigate its emotional and practical fallout. From the shock of that final paycheck to the long weeks and months that follow, this session will offer real talk, resilience strategies, and a much-needed reminder: when the fall is all there is, how you land matters

Track 1
16:00
16:00
50min
A Theme of Fear: Hacking the Paradigm
Catherine Ullman

The InfoSec industry was born out of fear. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. We will explore this history, consider how it shaped the industry, and how it’s now in the way. Finally, we’ll consider what the new paradigm could be, and most importantly - how to enable a security-minded culture without using fear.

Track 2
16:00
50min
Beyond the Breach: Securing Political Parties in the 2024 U.S. Election
Andrew Schoka, Mary Lee Carter, Veronica Merril

In 2021, we presented at BSides Charm on the vulnerabilities plaguing state-level political party domains across the country. This year, we're back to share the evolution of that work into a non-partisan nationwide election cybersecurity initiative that discovered and shared thousands of vulnerabilities in political campaigns and party offices before the 2024 Election.

Track 1
16:50
16:50
10min
Registration Closed for the Day
Track 1
16:50
10min
Registration Closed for the Day
Track 2
17:00
17:00
20min
AI Agents Could Be Running Your SOC To Prevent Cyber Attacks
Keyur Rajyaguru

It is becoming increasingly complex to defend against zero- to low-cost attacks generated by Threat Actors (TA) as they leverage sophisticated Generative AI (Gen AI)-enabled infrastructure. An orchestrated Workflow with a team of AI Agents presents an opportunity to respond better. To avoid burnout and alert fatigue of SOC analysts, a shift in strategy is required by automating routine tasks.

Track 1
17:00
20min
Bridging Disciplines: The Role of Coalition Building in Cybersecurity
Tina Getachew

Pivoting careers involves changes, but interacting with people always remains.

Track 2
17:30
17:30
20min
How to Build Authentic Sock Puppets with Your Neighbors’ Yard Sale Junk
Tim Pappa

This industry cyber deception practitioner’s short talk demonstrates how to build authentic online sock puppets using the cheap nostalgic junk we buy at yard sales to project the storyline and cultural depth of your sock puppet for defensive cyber deception.

Track 1
17:30
20min
Map You Hero’s Journey: How to plan for security career advancement
Wil Klusovsky

No matter what stage you are in your career, you can’t leave your next move to chance. Advancing in the industry requires planning, dedication, and some adventure. In this session we’ll walk though that journey together and help you understand what is next on your path and how to prepare for the challenges ahead. Knowing your own “end game” and the many challenges you’ll face to get there.

Track 2
18:00
18:00
120min
Happy Hour at Rain Restaurant
Track 1
18:00
120min
Happy Hour in Rain Restaurant
Track 2
19:00
19:00
120min
PianoCon with Gary Rimar - Lobby
Training
20:00
20:00
180min
BSidesCharm Party Featuring Arcade and Board Games with performance by DJ Syntax
Track 1
09:00
09:00
60min
Registration Opens for the Day
Track 1
09:00
60min
Registration Opens for the Day
Track 2
09:00
60min
Registration Opens for the Day
Training
10:00
10:00
180min
Career Campaigns: A Tabletop RPG Workshop for Your Next Infosec Role
Stryker, Wes Sheppard

Join us for a tabletop roleplaying game (RPG) with real-world wins! Participant-players seeking their first role in cyber – or simply transitioning to a new specialization – will transform their current resume's "character sheet" into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next infosec campaign.

Training
10:00
50min
JMP Into Malware Analysis
Katelin Grogan

We all know that the daily life of a cybersecurity analyst often requires you to branch out into left field and learn a completely new skill on the fly. Join me as I introduce you to some of today's go-to tradecraft for static, dynamic, and code-level analysis so that you can begin analyzing artifacts of interest with ease.

Track 1
10:00
50min
What's in the Cloud?
Kai Iyer

The talk will outline detection and threat hunting strategies that could be easily adopted by a mature SOC to look for threats in their Cloud (O365 and AWS) environment. Session will use Jupyter notebook containing detections mapped to the MITRE ATT&CK framework and threat hunting methodologies backed by unsupervised machine learning to hunt for anomalies and visualize them.

Track 2
11:00
11:00
50min
Red Teaming: A New Perspective for Intern Projects
Mia Hagood, Kenyan Chambers

Red teaming is an important consideration when training new software professionals, ultimately creating a generation of adversarial-minded engineers. We will present how this perspective was integrated in the Praxis internship project, enabling us to unveil vulnerabilities, research mitigations, and strengthen the resiliency of AI solutions.

Track 2
11:00
50min
Starting a SBOM Programme - The Pain Is Probably Temporary
Grey Fox

In my 3rd week working for a Fortune 500 company, I was tasked with designing and rolling out a programme to churn out software bills of material for our high inherent risk products. 5 months later, we're on the right side of the forthcoming supply chain security regulatory and compliance world. It wasn't easy, but it was sure worth the effort. I even made some friends along the way.

Track 1
12:00
12:00
20min
Think You’re Stealthy? How to Detect Attacks in AD
Rachit Arora , Sai Sathvik Ruppa, Aakash Raman, Aakash Raman

As Active Directory attacks rise, red teamers often focus on "pwning" systems, but real-world engagements require understanding the artifacts these tools leave. In “ Think You’re Stealthy? How to Detect Attacks in AD“, we’ll explore the workings of commonly used AD pentest tools and the artifacts they leave behind. Ideal for anyone looking to deepen their knowledge of defense in AD environments.

Track 2
12:00
20min
Threat Modeling Meets Model Training: Web App Security Skills for AI
Breanne Boland

New specializations have emerged in this AI-adoring age, but where does that leave security practitioners? Good news: if you know web application security, you can secure AI applications too! This talk explores common web app security concerns that are relevant to any LLM-based app—and the handful of issues unique to AI—guiding the audience through ways to detect and mitigate them.

Track 1
12:30
12:30
20min
A Grounded Approach to AI and LLM Security
Lucas Tamagna-Darr

With the emergence of Large Language Models, there has been a rapid acceleration in the development of AI capabilities. This brings with it many questions for security teams on how they should be thinking about AI security. While care should be taken on the development of LLM prompts, it is critical to not lose sight of the fundamentals to establish secure best practices.

Track 1
12:30
20min
Supercharge Your Workflow: Using WhiteRabbitNeo for AI-Powered Analysis
Bailey Williams

Pair hacking with tools like WhiteRabbitNeo speeds up your process and reduces the tedium inherent in most security roles. WhiteRabbitNeo is an uncensored, open-source LLM trained on red team data. Learn how WhiteRabbitNeo can help you harden your source code and improve configuration security while reducing hours of DevSecOps tedium to minutes.

Track 2
13:00
13:00
60min
Lunch on your own
Track 1
13:00
60min
Lunch on your own
Track 2
13:30
13:30
210min
Web Application Penetration Testing
Sheshananda Reddy Kandula

This 3-hour Web Application Penetration Testing training covers key security concepts, tools, and techniques. Participants will learn to identify and exploit vulnerabilities like SQL Injection, XSS, and CSRF through hands-on exercises. The session also includes reporting and mitigations offering essential skills for security professionals, developers, and IT admins.

Training
14:00
14:00
50min
A Tale of Two Incidents: Responding to Akira Ransomware
Dylan Watson, Eno Dynowski

Akira, one of the most prolific RaaS groups today, is responsible for millions in ransom payments, and has proven themselves as a formidable opponent. Also tracked as PUNK SPIDER, they specialize in compromising edge devices, encrypting hypervisors, and extorting victims. Join us for an investigation of two PUNK SPIDER intrusions and gain insight into the life of an incident response consultant.

Track 2
14:00
50min
SQL injection is a thing of the past… and other lies we tell ourselves
Mackenzie Jackson

Despite being older than internet explorer injection attacks like SQLi, Command Injection, and XSS remain prominent. Our research found SQLi alone accounts for 6.7% of open-source vulnerabilities and 10% in closed-sourceprojects. This session reveals why these attacks persist and how modern solutions can help.

Track 1
14:50
14:50
10min
Registration Closed for the Day
Track 1
14:50
10min
Registration Closed for the Day
Track 2
15:00
15:00
50min
Inch By Inch: a Case Study in Maintaining & Scaling a Modern XDR Product
Jessica David

Delivering security products to millions of users is a monumental task. From building & deploying to mitigating performance issues & false positives, securing systems requires constant coordination between multiple teams of researchers, engineers, and other stakeholders. This session will highlight lessons learned from our experience as an effective cross-functional team building an XDR product.

Track 1
15:00
50min
Past, Present and Future of Automatic Code Remediation
Dan D'Avella

Recently, the landscape of tools used to change code saw explosive growth. Several open source code mutation frameworks have emerged, allowing expressive code transformations. LLMs have also jumped into the picture, promising power and delivering “cool” – but also towing chaos. We’ll explore the capabilities of these tools all towards answering “are we ready to automatically fix code issues?

Track 2
16:00
16:00
60min
Closing Ceremony
Track 1
16:00
60min
Closing Ceremony
Track 2