{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://pretalx.com/security-bsides-las-vegas-2025/schedule/", "version": "0.38", "base_url": "https://pretalx.com", "conference": {"acronym": "security-bsides-las-vegas-2025", "title": "Security BSides Las Vegas 2025", "start": "2025-08-04", "end": "2025-08-06", "daysCount": 3, "timeslot_duration": "00:05", "time_zone_name": "US/Pacific", "colors": {"primary": "#3aa57c"}, "rooms": [{"name": "Florentine A", "slug": "4252-florentine-a", "guid": "17c3879d-b68a-5a2f-af38-dd22c4b1b021", "description": "Florentine A/Breaking Ground", "capacity": 300}, {"name": "Florentine B", "slug": "4253-florentine-b", "guid": "f4e24dcc-c641-525d-94af-c24ffea19bf6", "description": "Florentine B/Hire Ground", "capacity": 60}, {"name": "Florentine C+D", "slug": "4254-florentine-cd", "guid": "5ea518ba-0e31-520d-a27c-d324426284e8", "description": "Florentine C+D/Middle Ground", "capacity": 300}, {"name": "Florentine E", "slug": "4255-florentine-e", "guid": "309efd48-00f5-5128-af16-4fed685d0d8d", "description": "Florentine E/Ground Floor", "capacity": 120}, {"name": "Florentine F", "slug": "4256-florentine-f", "guid": "905b0795-fddf-586b-bf97-6e58739e4329", "description": "Florentine F/Common Ground", "capacity": 100}, {"name": "Florentine G", "slug": "4257-florentine-g", "guid": "5f21938e-7dd5-5452-b982-178fcab5e5f2", "description": "Florentine G/Ops", "capacity": 120}, {"name": "Firenze", "slug": "4258-firenze", "guid": "d44b35ba-9ea2-560a-8365-11306165adb1", "description": "Firenze/Proving Ground", "capacity": 80}, {"name": "Tuscany", "slug": "4259-tuscany", "guid": "01e2c16b-4148-5a9e-8f94-475ed218f5d1", "description": "Tuscany/Passwords Con (Middle Balcony)", "capacity": 110}, {"name": "Siena", "slug": "4260-siena", "guid": "a031f724-3250-5948-9a09-d14574416a31", "description": "Siena/Ground Truth (Far Balcony)", "capacity": 200}, {"name": "Copa", "slug": "4261-copa", "guid": "b60ebef1-bdb0-52f5-ac4d-8e343e1d68f5", "description": "Copa/IATC (Casino Floor Lounge)", "capacity": 60}, {"name": "Pool", "slug": "4262-pool", "guid": "99a9c222-ed75-57c8-8543-b4b9b6389e21", "description": "Tuscany Main Pool", "capacity": 500}, {"name": "G-103", "slug": "4263-g-103", "guid": "8b79c69d-5d50-5ccc-a858-772338559727", "description": "Tuscany Suite G-103", "capacity": 15}, {"name": "Hallway", "slug": "4264-hallway", "guid": "b2dd07e8-ad13-5064-8c42-a5a5ad6ee9d5", "description": "Tuscany Conference Center Hallway", "capacity": null}, {"name": "Ballroom", "slug": "4265-ballroom", "guid": "3fc3a8c2-ea82-53fb-9e4d-618201674c7d", "description": "Platinum Hotel Ballroom/Training Ground 1", "capacity": 90}, {"name": "Pearl", "slug": "4266-pearl", "guid": "969e1f93-098a-5e50-9794-3330dec375c7", "description": "Platinum Hotel Pearl/Training Ground 2", "capacity": 30}, {"name": "Opal", "slug": "4267-opal", "guid": "a47b2bc6-662a-553a-b9ca-40942581814b", "description": "Platinum Hotel Diamond/Training Ground 3", "capacity": 20}, {"name": "Emerald", "slug": "4269-emerald", "guid": "8669d67e-5774-5a1b-94c0-b9dfec13e87d", "description": "Platinum Hotel Emerald/Training Ground 4", "capacity": 20}, {"name": "Diamond", "slug": "4268-diamond", "guid": "cf0d10ad-7c56-59fc-a3a7-c5655844c571", "description": "Platinum Hotel Diamond/Training Ground 5", "capacity": 20}, {"name": "Rotunda", "slug": "4282-rotunda", "guid": "5a4d3cea-1f0c-5a3a-8a34-d96f278fec5e", "description": "Rotunda - Speaker Ops", "capacity": 20}, {"name": "Foyer, Platinum Hotel Conference Center", "slug": "4281-foyer-platinum-hotel-conference-center", "guid": "9ee58053-f07d-5593-9b7b-ca70047a36c3", "description": "The Foyer of the Platinum Hotel Conference Center, located on the 5th Floor.", "capacity": null}, {"name": "Boardroom", "slug": "4270-boardroom", "guid": "e976063b-fbd4-52e2-804f-382d841e7f39", "description": "Platinum Hotel Boardroom/Training Ground 6", "capacity": 16}, {"name": "Misora", "slug": "4271-misora", "guid": "beaac478-2ebd-5233-9eab-3d34e8deee93", "description": "Platinum Hotel Misora Room/Skytalks Room", "capacity": 100}, {"name": "Misora Terrace", "slug": "4272-misora-terrace", "guid": "734a56f5-abe1-54a7-ae2f-4cb9be2e131b", "description": "Platinum Hotel Misora Terrace/Skytalks Terrace", "capacity": 100}, {"name": "Suite 1701", "slug": "4273-suite-1701", "guid": "76cd6c88-ba2f-5635-979a-a4186f1cc6a7", "description": "Platinum Hotel Suite 1701/Skytalks Ops", "capacity": 15}, {"name": "Suite 1702", "slug": "4274-suite-1702", "guid": "e07e8e24-5d19-5a60-9cc9-3e748204aeee", "description": "Platinum Hotel Suite 1702/Skytalks Speaker Lounge", "capacity": 15}], "tracks": [{"name": "Breaking Ground", "slug": "5498-breaking-ground", "color": "#000000"}, {"name": "CISO Track", "slug": "5483-ciso-track", "color": "#FFFFFF"}, {"name": "Common Ground", "slug": "5486-common-ground", "color": "#12AD2E"}, {"name": "Events", "slug": "5482-events", "color": "#06C6F9"}, {"name": "Ground Floor", "slug": "5487-ground-floor", "color": "#AAAAAA"}, {"name": "Ground Truth", "slug": "5488-ground-truth", "color": "#2781DB"}, {"name": "Hire Ground", "slug": "5496-hire-ground", "color": "#FF7700"}, {"name": "Hire Ground Career Discussions", "slug": "5497-hire-ground-career-discussions", "color": "#F0BC0C"}, {"name": "I Am The Cavalry", "slug": "5492-i-am-the-cavalry", "color": "#FF0000"}, {"name": "Keynotes", "slug": "5491-keynotes", "color": "#000000"}, {"name": "Middle Ground", "slug": "5493-middle-ground", "color": "#00F7FF"}, {"name": "PasswordsCon", "slug": "5489-passwordscon", "color": "#4DAFAB"}, {"name": "Proving Ground", "slug": "5495-proving-ground", "color": "#FF44FF"}, {"name": "Proving Ground Mentors", "slug": "5494-proving-ground-mentors", "color": "#ffbbff"}, {"name": "Public Ground", "slug": "5485-public-ground", "color": "#FFFFFF"}, {"name": "Skytalks", "slug": "5484-skytalks", "color": "#777777"}, {"name": "Training Ground", "slug": "5490-training-ground", "color": "#9300FF"}], "days": [{"index": 1, "date": "2025-08-04", "day_start": "2025-08-04T04:00:00-07:00", "day_end": "2025-08-05T03:59:00-07:00", "rooms": {"Florentine A": [{"guid": "720fbdc8-d78f-5d11-96eb-5f9a63deb50f", "code": "PBHVUK", "id": 70693, "logo": null, "date": "2025-08-04T09:30:00-07:00", "start": "09:30", "duration": "00:01", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70693-opening-remarks-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PBHVUK/", "title": "Opening Remarks, Monday", "subtitle": "", "track": "Keynotes", "type": "Talk-20m", "language": "en", "abstract": "Opening Remarks, Monday", "description": "Opening Remarks, Monday", "recording_license": "", "do_not_record": false, "persons": [{"code": "397WDJ", "name": "milqtst", "avatar": "https://pretalx.com/media/avatars/397WDJ_YnZvFps.webp", "biography": "Bloom County Picayune \r\nPresidential Candidate advisor", "public_name": "milqtst", "guid": "c60821cb-2546-5963-9408-effda083d925", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/397WDJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PBHVUK/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PBHVUK/", "attachments": []}, {"guid": "5dfd821f-58f9-5793-92a1-e3daa204b8c1", "code": "VSF8QE", "id": 78496, "logo": null, "date": "2025-08-04T09:30:00-07:00", "start": "09:30", "duration": "00:30", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-78496-from-me-to-we", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VSF8QE/", "title": "From Me to We", "subtitle": "", "track": "Keynotes", "type": "Talk-45m", "language": "en", "abstract": "You break into a cybersecurity career by trying to be the best you, but it is your team, users, and the community that will make you truly great: why security works the way it does (or doesn\u2019t), technical and organizational approaches that do work, and how to take care of yourself through it all. Come with your questions (who says a keynote can\u2019t be interactive?).", "description": "Outline (internal only)", "recording_license": "", "do_not_record": false, "persons": [{"code": "JRKZLC", "name": "Bryson Bort", "avatar": "https://pretalx.com/media/avatars/JRKZLC_A2chMud.webp", "biography": "Bryson is the Founder of SCYTHE, a start-up building a next generation threat emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of critical infrastructure security. He serves on the Board of Cyber Science at West Point and is a Senior Fellow at the National Security Institute and Senior Policy Advisor for Institute of Security and Technology. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber by Business Insider, Security Executive Finalist of the Year by SC Media, four times a Tech Titan in Washington DC, and the SANS Difference Makers Award for innovator of the Year.", "public_name": "Bryson Bort", "guid": "13e7cf98-8b1f-5b0b-a699-e227feabca93", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JRKZLC/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VSF8QE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VSF8QE/", "attachments": [{"title": "headshot", "url": "/media/security-bsides-las-vegas-2025/submissions/VSF8QE/resources/_s6ovsLl.jpeg", "type": "related"}]}, {"guid": "4ac83c63-c62e-541d-972f-41bd161fc9ae", "code": "D9GABH", "id": 69532, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/D9GABH/trend_Jn22WEO.png", "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-69532-who-scans-the-scanner-exploiting-trend-micro-mobile-security", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D9GABH/", "title": "Who Scans the Scanner? Exploiting Trend Micro Mobile Security", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "Trend Micro Mobile Security (TMMS) is a solution widely trusted by enterprises to defend Android devices. But what if the protection becomes the threat? In this talk, I reveal how the very software meant to secure mobile endpoints can be exploited to compromise them. During my research, I identified three vulnerabilities, two confirmed by the vendor. \r\n\r\nFirst, I found that TMMS exposes sensitive security reports online without requiring authentication, revealing device data to anyone. Second, I uncovered a persistent stored XSS sent from Android agents during scans. This payload executes in the browser of any who accesses the report, allowing attackers to inject further malicious scripts. Lastly, I\u2019ll discuss a memory-level manipulation identified during dynamic analysis of the scan routine, which could lead to code execution. These flaws present a high-impact attack surface individually, and a dangerous chain if combined. \r\n\r\nThis presentation includes recorded demos and a deep dive into the methodology used to discover these issues. It is tailored for red teamers, offensive security professionals, and researchers focused on mobile and infrastructure security.", "description": "This talk is the result of hands-on vulnerability research focused on Trend Micro\u2019s enterprise-grade mobile security solution, TMMS. The project began with a simple question: Can the tools used to protect mobile devices be turned against themselves? That curiosity led to a series of discoveries, two of which Trend Micro acknowledged as confirmed security issues.\r\n\r\nThe first vulnerability centers on unauthenticated access to TMMS's device report pages. These pages expose scan histories, app inventories, and device status, all accessible without any form of authentication. This flaw represents a significant breach of confidentiality, offering an attacker valuable insights about an organization\u2019s device fleet and security posture.\r\n\r\nDigging deeper, I found that these unauthenticated reports also served as a perfect delivery channel for a stored cross-site scripting attack. By modifying the name of an app on an enrolled Android agent, a value later displayed in the web console, I was able to inject JavaScript directly into the report page. Since this page is rendered without sanitization and without login, the script executes in the browser of any administrator or user who accesses it.\r\n\r\nThe final and most technically complex finding lies within the TMMS Android agent. While inspecting its scan routines via reverse engineering and dynamic testing, I identified a potential path to code execution. By altering function parameters in memory during an antivirus scan, it may be possible to invoke unintended behavior, including spawning a reverse shell. Although Trend Micro has not confirmed this issue, preliminary results suggest the feasibility of remote command execution through controlled memory manipulation, especially if initiated from a compromised server or malicious agent.\r\n\r\nMy talk will take attendees through each phase of the research: from initial reconnaissance and passive analysis to deeper reverse engineering of the Android APK and memory manipulation during runtime. I will demonstrate how these flaws intersect and discuss the viability of chaining them into a full exploit path. The narrative will include recorded demos, such as viewing a report without credentials, triggering XSS via Android scan, and memory patching leading to command execution, to help make the technical impact tangible.\r\n\r\nBeyond showcasing vulnerabilities, I\u2019ll reflect on disclosure, vendor response, and the implications for other mobile security products. Attendees will leave with a deeper appreciation for the risks hidden in trusted software, as well as techniques they can apply to analyze similar solutions.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XHEQEH", "name": "Lucas Carmo", "avatar": "https://pretalx.com/media/avatars/XHEQEH_GfkfiYo.webp", "biography": "Lucas Carmo is a seasoned offensive security researcher and co-founder of Hakai Security, a Brazilian consultancy focused on red teaming, vulnerability research, and exploit development. With over eight years of experience in cybersecurity, Lucas holds respected certifications including OSWE (Offensive Security Web Expert), Offensive Security Wireless Professional (OSWP), and GMOB (GIAC Mobile Device Security Analyst). He has discovered multiple CVEs in widely used platforms such as Trend Micro Mobile Security, Nagios, PRTG, 3CX, and Centreon.\r\n\r\nLucas leads Delta7, Hakai\u2019s advanced research division, where he guides a team of specialists in dissecting complex security flaws across web and Android environments. He has contributed to open-source projects like the ReconFTW web interface and frequently shares insights through blog posts, technical write-ups, and conference presentations.\r\n\r\nBeyond the code, Lucas is passionate about tattoos and art. He sees hacking as a creative discipline that requires abstract thinking, intuition, and an artistic mindset. To him, connecting pieces of a system to uncover a vulnerability is like crafting a powerful visual composition: messy in the process, but beautiful in its outcome.", "public_name": "Lucas Carmo", "guid": "fecef829-232c-5356-afe2-75f970978f08", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XHEQEH/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D9GABH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D9GABH/", "attachments": []}, {"guid": "420210db-12f1-5a77-981e-7d6cbd490f63", "code": "C9FNXW", "id": 69967, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/C9FNXW/Alex-_gWzAKLc.png", "date": "2025-08-04T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-69967-creating-the-torment-nexus-using-machine-learning-to-defeat-machine-learning", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/C9FNXW/", "title": "Creating the Torment Nexus: Using Machine Learning to Defeat Machine Learning", "subtitle": "", "track": "Breaking Ground", "type": "Talk-20m", "language": "en", "abstract": "Machine learning is becoming more and more prevalent in malware detection techniques, but how can these systems be fooled? Last summer, I started work on the \"Torment Nexus\" in order to answer this question. Using relatively simple techniques, I was able to prove that even minor modifications to well-known malware samples could drastically reduce the detectability when analyzed by AI-based and traditional detection methods without changing their function.\r\n\r\nIn my talk, I will present my research on the topic, explain the processes I used to reduce detection scores, and demonstrate how these techniques can be used to evade modern machine learning-based detection methods. Additionally, I will discuss the broader implications of deploying ML-based security tools without properly scrutinizing their reliability.", "description": "This talk was in collaboration with a colleague when working at dropbox, we wondered whether we could easily bypass AI malware detection methods. \r\nAfter spending three months researching the possibilities, I found that with only minor non-code changes that do not affect the functionality of the executable, we were able to reduce detection by ~99.9998% for well-known malware samples, as well as ~20-30% with Virustotal results. This discovery shocked us by how easy and simple it was to perform. As malware detection tools start to incorporate machine learning in their product, we hope that this talk can demonstrate that doing so requires heavy scrutiny and careful planning in order to not introduce greater vulnerabilities. This talk will demonstrate how the research was done to enable attendees to continue this research on their own.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3GAKR3", "name": "Noah Grosh", "avatar": "https://pretalx.com/media/avatars/3GAKR3_phG04oH.webp", "biography": "Noah Grosh is a recent UNCC graduate and former Dropbox employee working on AI/ML red team tools to increase velocity of testing while keeping testing relevant to modern threats. In his spare time he enjoys torturing LLMs, and drinking tea.", "public_name": "Noah Grosh", "guid": "eed51b99-360c-5d2d-9d15-b14df6825f32", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/3GAKR3/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/C9FNXW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/C9FNXW/", "attachments": []}, {"guid": "59763a51-1d51-581d-82b9-96658cd1a841", "code": "TMTNLQ", "id": 73120, "logo": null, "date": "2025-08-04T11:30:00-07:00", "start": "11:30", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-73120-the-scene-is-dead", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TMTNLQ/", "title": "The Scene is Dead", "subtitle": "", "track": "Keynotes", "type": "Talk-45m", "language": "en", "abstract": "The scene is dead! It was killed by sexual violence and big money. If you haven't paid attention to the hacker underground since you were a kid, we're going to talk about how the culture has changed in the past decade. As infosec became a profession and bug bounties became real, talent abandoned the underground in droves and the underground lost its monopoly on knowledge. The remnants increasingly turned to cybercrime. The final blow was the explosion in Bitcoin's price and they started to call themselves \"The Com\". This talk will explore the past decade of the hacking underground, and updates to our cultural assumptions. We will explore why there is so much overlap nowadays between cybercrime, fraud, sextortion, and nihilistic violent extremism, and my hope is to start a discussion on how to prevent the next generation from falling into it.", "description": "I've been researching English speaking cybercrime for most of my entire career, since long before they started to self-identify as \"the com\", and I'm going to discuss the patterns I noticed across more than a decade of work. This stuff has implications for child safety, infosec work, and the wellbeing of the next generation of workers in the infosec industry.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LGV8UM", "name": "Allison Nixon", "avatar": "https://pretalx.com/media/avatars/LGV8UM_N8DUSI9.webp", "biography": "Allison has labored in obscurity chasing script kiddies since 2011. She is now the Chief Research Officer at Unit 221B, and works on intelligence collection and takedown efforts. She works with a team of amazing investigators who collaborate across industry and governments to create real world impacts and deterrence for threat actors.", "public_name": "Allison Nixon", "guid": "e437ff7a-4d02-52b0-9df2-dd161d37d2ba", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LGV8UM/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TMTNLQ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TMTNLQ/", "attachments": []}, {"guid": "76f63511-6133-59bf-b6c3-24b5a557c83d", "code": "LUY3SR", "id": 69506, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-69506-my-friend-ben-solid-employee-dprk-agent", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LUY3SR/", "title": "My friend Ben: solid employee, DPRK agent", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "From KBLV in Las Vegas, it\u2019s This North Korean Life, I\u2019m your host, Chris Merkel. In today\u2019s show we have a tale about unlikely international relationships. \r\n\r\nThis is a story about a senior software engineer, a farmer, and the complex supply chain funding North Korea\u2019s weapons programs, operating out of organizations just like yours. We\u2019ll unpack how the rise of remote work and over-employment schemes created perfect conditions to enrich the Kim regime. Our story unfolds in three acts:\r\n\r\nAct I: /r/paycheck: The pandemic and the rise of over-employment schemes.\r\nAct II: My friend Ben: Understanding the threat of workforce infiltration.\r\nAct III: Trust Issues: Helping people bring their authentic selves to work.", "description": "## Act I: /r/paycheck: The pandemic and the rise of overemployment schemes.\r\nSo we had a global pandemic. We all went home. Employers everywhere touted how productive and amazing teams were working remotely. We bought ring lights. We arranged books we never read by color on bookshelves behind our desks. We realized we could get jobs at four different firms simultaneously and outsource our work overseas to four different people. We touched grass and made sourdough loaves. This is where we start our story.\r\n\r\n###In this section:\r\n**1. Rational actors and their convert subcontractors.** Discussion of the abuses seen in remote work pre-pandemic, typically through illicit subcontracting, which is still endemic in tech. We\u2019ll discuss the economics of the incentive model in the world of contractors. This laid the groundwork for various forms of workforce infiltration, including my friend Ben.\r\n**2. Exploit hiring practices with this one weird trick.** We will document the rise of overemployment or job stacking, which exploits weaknesses in typical corporate management styles. The combination of manager\u2019s inability to identify low-performers, and HR\u2019s requirements over progressive discipline pretty much guarantee 9-12 months of income for little effort. This realization is not lost on North Korea.\r\n\r\n\r\n## Act II: My friend Ben: Understanding the threat of workforce infiltration.\r\n*(CFP NOTE: This is a TLP:CLEAR discussion. This part of the talk is where I have to be very careful about how I handle public and nonpublic intel \u2013 there\u2019s a TLP:RED analogue of this I can\u2019t give in a venue like bslv. I want to be clear with the committee that everything in this section is the result of direct experience or public intel, and I will be changing some details to prevent jeopardizing ongoing LE operations or revealing information that needs to stay confidential.)*\r\n\r\n**1. Meet Ben, senior software engineer.** \u201cBen\u201d is a persona. \u201cBen\u201d has stolen identity of a real person, including name, address and social security number. I will be highlighting what I know about this persona, including:\r\na. Common failures in background check and job history reporting.\r\nb. Fabulist resumes that don\u2019t quite seem too good to be true, but good enough to make him stand out from the crowd.\r\nc. Location discrepancies \u2013 Ben always seems to move right after he gets a job and fills out the payroll paperwork.\r\nd. What Ben\u2019s like as a co-worker. I discuss how his co-workers and manager saw him as staff member and teammate. Something was always a bit \u201coff\u201d but work was getting done.\r\n\r\n**2. Meet Ben, DRPK-affiliated actor.** Ben may have eventually run into issues due to some his work style quirks, but unbeknownst to him, a team responsible for managing Insider Risk was on the hunt for his workplace predecessors, the subs and stackers.\r\n     a. In this section, I\u2019ll talk about how Ben was found, via technical means used to identify people subcontracting their work, or job stackers who allowed sensitive data to cross outside of organizational boundaries.\r\n     b. Once Ben is identified for who he is, my teams made uncovering OSINT about him a full-blown sport. I\u2019ll describe how we learned more about him, his interests and how we found other alternate identities.\r\n\r\n**3. Ben\u2019s supporting cast:** In this section, I will provide a technical overview of:\r\na. Laptop farms and how they operate\r\nb. The use of on-shore sketchy datacenters for VPN tunneling\r\nc. The type of people who operate laptop farms and how they\u2019re recruited.\r\nd. What we learned doing OSINT on a domestic-side farmer who doesn\u2019t seem to have DRPK-level training in opsec.\r\n\r\n**4. So you\u2019ve met your own Ben, now what?** Safely eradicating DRPK actors. This is where I want to equip people to handle situations like this, based on what I have learned directly and through discussions with industry peers hunting DRPK. This includes equipment bricking and recovery, working with your hapless contract hire firm, and coordinating with internal partners on response.\r\n\r\n\r\n## Act III: Trust Issues: Helping people bring their authentic selves to work. \r\n*(This is where I\u2019m going to switch to direct actions organization can take to reduce their risk in this space.)*\r\n**1. Hiring, identity proofing, authentication tips.** We will talk about typical processes for establishing a person\u2019s identity and why most are not strong enough to prevent impersonation. We will discuss ways to improve processes, the cost / friction these methods introduce and how to navigate this in your organization.\r\n\r\n**2. Technical indicators:** These are much weaker indicators for DRPK, but can prove valuable in identifying stackers and subs. This includes things like remote access tooling, abnormal collaboration patterns, peer network topologies and hunting for out of band equipment, such as IP-based KVMs.\r\n\r\n**3. Presentation wrap-up, attendee to-do list.** This is where I answer the questions like \u201cwhere do I get started?\u201d and \u201cwhat\u2019s the most effective methods for improving our processes?\u201d This includes:\r\na. Equipment shipping logistics red flags\r\nb. Supplier engagement\r\nc. Internal stakeholder education and partnership.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YNFGER", "name": "Chris  Merkel", "avatar": "https://pretalx.com/media/avatars/YNFGER_EPeusuz.webp", "biography": "Chris leads Northwestern Mutual\u2019s Incident Response, Insider Risk and Detection Engineering functions. Beyond his current role, he has had a distinguished career in cybersecurity, leading global organizations and solving cutting-edge challenges in cloud security, appsec, product security, threat-informed defense strategies and automated assurance methodologies. Chris is passionate about professional development, organizing career villages, performing career counseling, mentoring and being actively involved in helping non-traditional students get their start in cybersecurity.", "public_name": "Chris  Merkel", "guid": "11c3b534-9b65-51cc-a08c-fabd6b4aefb6", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YNFGER/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LUY3SR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LUY3SR/", "attachments": []}, {"guid": "2929b565-92bf-5ab2-bbf5-a10e0595794c", "code": "REVYEP", "id": 66083, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-66083-shedding-light-on-web-isolation-technologies-and-their-bypass-techniques-c2-communication-via-outlook-using-smtp-and-imap", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/REVYEP/", "title": "Shedding Light on Web Isolation Technologies and Their Bypass Techniques: C2 Communication via Outlook Using SMTP and IMAP", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "Web isolation is a technology designed to enhance security. When applied, it allows firewalls to block HTTP/HTTPS traffic from workstations, which are often used by malware for Command and Control (C2) communication. However, does using web isolation completely eliminate all threats to workstations?\r\n\r\nIn this presentation, I will focus on C2 communication using Outlook to bypass web isolation environments. Since this method does not rely on HTTP/HTTPS communication, it allows for C2 traffic even in web-isolated environments.\r\n\r\nWhile there are malware, threat actors, and attack techniques that use SMTP/IMAP for data exfiltration, these are not as widely recognized compared to HTTP/HTTPS or DNS. This session will introduce malware and threat actors leveraging SMTP/IMAP, alongside a demonstration of a custom tool I developed to abuse Outlook for C2 communication via the SMTP/IMAP protocol.\r\n\r\nFurthermore, I will compare this technique to more common reverse shells and explore the detection capabilities of security products, along with examples of detection rules and mitigation strategies.", "description": "Web isolation is a technology that enhances security by eliminating the need for workstation HTTP/HTTPS communication. During my experience as a SOC Analyst in a web isolation environment, many alerts were closed due to the blocking of HTTP/HTTPS traffic by firewalls. For instance, typical attacks like macro-enabled Word documents that download malware over HTTP can be entirely blocked by firewalls. This security solution is sometimes used by organizations such as banks, hospitals, and local governments that are large, long-established, and handle sensitive information.\r\n\r\nIn web isolation environments, one of the few outbound communication methods permitted by firewalls is an email. However, tools that leverage email for C2 communication are uncommon, and therefore attract less attention compared to C2 traffic over HTTPS or DNS. As a result, they are sometimes overlooked by security teams and solutions. This presentation will demonstrate a C2 tool that uses email to show a viable threat scenario, even in web-isolated environments.\r\n\r\nThe presentation will cover the following topics:\r\n\r\n1. Web Isolation Technology\r\n- Overview of Web Isolation Technology\r\n- Threats and not threats for web-isolated environments\r\n\r\n2. Actors and attack techniques utilizing SMTP/IMAP\r\n\r\n- Email collection techniques/Agent Tesla/Emotet/APT28\r\n- C2 Tools which use SMTP/IMAP\r\n\r\n3. Introduction and demonstration of the developed tool\r\n- Demo video\r\n- Comparison with general reverse shells\r\n- Detection results of AV/EDR products\r\n\r\n4. Detection and mitigation\r\n- Setting to prevent this attack\r\n- Sigma rule and Splunk, Elastic, and EDR solutions", "recording_license": "", "do_not_record": false, "persons": [{"code": "LZBXWU", "name": "Terada Yu", "avatar": "https://pretalx.com/media/avatars/LZBXWU_Q2WcP0U.webp", "biography": "Terada Yu is a researcher with Fujitsu Defense & National Security Limited. He worked as a SOC Analyst for over five years. In 2021, he joined his current company as a Security Researcher. He is primarily involved in developing new attack methods and tools. He also participates in internal red team activities and cyber exercises.\r\nHe has spoken at Black Hat USA/Europe, Code Blue, and several conferences in Japan. He holds a Master's degree in Computer Science, as well as certifications including OSEP, OSCP, CRTL, CISSP, GIAC, and CKS.", "public_name": "Terada Yu", "guid": "29c11970-5116-5f86-9f58-55ca71e58574", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LZBXWU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/REVYEP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/REVYEP/", "attachments": []}, {"guid": "7005d26f-4877-5ad3-8b4a-6adf4245c6e8", "code": "EMFVKN", "id": 68516, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-68516-the-un-rightful-heir-my-dmsa-is-your-new-domain-admin", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EMFVKN/", "title": "The (Un)Rightful Heir: My dMSA Is Your New Domain Admin", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "Delegated Managed Service Accounts (dMSA) are a new type of account introduced in Windows Server 2025. Their primary goal was to improve the security of domain environments. As it turns out, that didn\u2019t go so well.\r\n\r\nIn this talk, we introduce <b>BadSuccessor</b> - an attack that abuses dMSAs to escalate privileges in Active Directory. Crucially, the attack works even if your domain doesn\u2019t use dMSAs at all.\r\n\r\nWe\u2019ll demonstrate how a very common, and seemingly benign, permission in Active Directory can allow an attacker to trick a Domain Controller into issuing a Kerberos ticket for <I>any</i> principal - including Domain Admins and Domain Controllers. Then we\u2019ll take it a step further, showing how the same technique can be used to obtain the NTLM hash of every user in the domain - without ever touching the domain controller.\r\n\r\nWe\u2019ll walk through how we found this attack, how it works, and its potential impact on AD environments. You\u2019ll leave with detection tips, mitigation ideas, and a new appreciation for obscure AD attributes that can punch far above their weight.", "description": "This research started as a curiosity: how do delegated Managed Service Accounts (dMSAs) really work under the hood in Windows Server 2025? What began as a weekend project led to the discovery of a novel attack path.\r\n\r\nThe talk introduces BadSuccessor, an attack technique that lets an attacker gets the permissions of any user, including Domain Admins or Domain Controllers, and retrieve their Kerberos keys - all by using a newly created dMSA. No existing dMSAs needed, no membership changes, and no alterations to the legitimate account.\r\n\r\nWe\u2019ll go through the discovery process, what are dMSAs, how migration from an old service account to a dMSA works, and how this logic can be used to get privileged tickets. We\u2019ll also share practical detection ideas, plus pre- and post-exploitation tips for both red and blue teams.\r\n\r\nLive demos will be pre-recorded for reliability. The goal is to make every part of the technique clear and repeatable for defenders, researchers, and red teamers alike.\r\n\r\nWhitepaper: https://docs.google.com/document/d/1ac4qRSgVrFSCnQrBbgj-6VscOKU5mtIIVYEVjdbIzrY/edit?usp=sharing", "recording_license": "", "do_not_record": false, "persons": [{"code": "K8BBMM", "name": "Yuval Gordon", "avatar": "https://pretalx.com/media/avatars/K8BBMM_YMfa4EI.webp", "biography": "Yuval Gordon is a Security Researcher at Akamai Technologies, specializing in Active Directory security, identity-based attacks, and protocol research.\r\nYuval started his career in security operations, incident response, and detection engineering before moving into security research with a focus on AD internals, OT environments and offensive security. His recent work includes uncovering design flaws and logic abuses.\r\nYuval occasionally dabbles in malware analysis and reverse engineering, and enjoys sharing insights from both attacker and defender perspectives.", "public_name": "Yuval Gordon", "guid": "a6f7bb52-9245-556c-a9f6-15eda8e9f137", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/K8BBMM/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EMFVKN/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EMFVKN/", "attachments": []}, {"guid": "4b89005d-4351-5720-be77-d10318eb5133", "code": "LBQDEB", "id": 67691, "logo": null, "date": "2025-08-04T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-67691-detecting-deobfuscating-and-preventing-obfuscated-script-execution-with-tree-sitter", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LBQDEB/", "title": "Detecting, Deobfuscating, and Preventing Obfuscated Script Execution with Tree-sitter", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "The malicious obfuscation of code from scripting languages, such as PowerShell, Python, and JavaScript, continues to be used as an essential part of threat actors' toolkits. Obfuscation techniques hamper analysts' ability to investigate and respond quickly to compromises by complicating reverse engineering of the original script and pose significant challenges to scanning engines, such as Yara, that rely on byte-based pattern recognition.\r\n\r\nWindows' built-in defense mechanisms, notably the built-in Antimalware Scanning Interface (AMSI) DLLs, struggle to detect these obfuscations, allowing for trivial bypasses of the AMSI subsystem via relatively simple obfuscations. AMSI bypass tools and techniques are routinely deployed by obfuscated code as part of their infection chain.\r\n\r\nThe tree-sitter parsing library opens new avenues for detection and analysis by providing an API that allows developers to interact programatically with a script's syntax tree. This talk will showcase new techniques for rapidly detecting, analyzing, and preventing infections, culminating with the demonstration of a custom AMSI provider DLL that can deobfuscate, block, and log obfuscated PowerShell payloads.  These demonstrations will showcase successful, automated detection of AMSI bypass attempts from the r77 rootkit and the nishang offensive PowerShell framework, and payloads obfuscated with Invoke-Obfuscation.", "description": "The research in this talk has been developed over the past year and a half, and I presented early iterations of this research at BSides SATX and BSides Austin in 2024. The basic premise behind it is that tree-sitter provides a unified API through which we can parse, query, traverse, and manipulate syntax trees in a plethora of different languages, allowing us to develop new kinds of scanning engines and deobfuscation toolkits. This talk greatly expands upon that research with the inclusion of a from-scratch AMSI provider DLL written in Rust that preprocesses obfuscated PowerShell scripts and can be configured to either block script execution entirely or to pass the deobfuscated results up the chain for further scanning by other providers on the system. This new AMSI provider also implements a custom Event Tracing for Windows (ETW) trace logging provider that logs the deobfuscated contents, allowing threat hunters and incident responders to have an instantaneous look at the deobfuscated script contents that takes script block logging to an entirely new level. This AMSI provider and its associated research has not been discussed or shown at any other conference, and BSidesLV will be the first public demonstration and discussion of it, if the talk were to be accepted.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3RRFD7", "name": "David McDonald", "avatar": "https://pretalx.com/media/avatars/3RRFD7_UN3SQmO.webp", "biography": "David McDonald is a researcher and software engineer with 4 years of digital forensics R&D experience. His passion for this field began with his involvement in the University of New Orleans CTF team, as well as through his time as a Systems Programming teaching assistant. After over two years of digital forensics research and development on Cellebrite's computer forensics team, he joined Volexity's Volcano team, where he now works to develop next-generation memory analysis solutions.\r\n\r\nHe believes deeply in sharing knowledge and helping others discover their abilities and interests through their own journeys in cybersecurity, and strives to pay forward the benefits of the mentorship that has opened so many doors for him.", "public_name": "David McDonald", "guid": "152633af-27f6-5293-a4cf-2a3168573743", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/3RRFD7/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LBQDEB/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LBQDEB/", "attachments": []}], "Florentine B": [{"guid": "90443b22-5327-56d3-a01c-630d1e369421", "code": "NDRTXH", "id": 68795, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-68795-from-help-desk-to-ciso", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NDRTXH/", "title": "From Help Desk to CISO", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "This talk explores cyber career pathways and draws from the personal journey of Nicholas Carroll, who started his career in entry level IT and ascended to the role of a CISO. We will delve into the challenges and opportunities that shape these kinds of career progressions, providing a roadmap for those starting in entry-level IT roles and aspiring to advanced cybersecurity positions. The talk will highlight the importance of continuous learning, certifications, and hands-on experience in climbing the career ladder. We will also discuss tools to help guide career steps including the Cyber Career Pathways Tool, a resource that helps individuals understand the tasks, knowledge, and skills needed to advance in their cyber careers. Attendees will gain valuable insights into transitioning from roles like IT Helpdesk to more specialized cybersecurity roles, and ultimately to leadership positions like CISO. The talk will conclude with practical recommendations for those looking to move up in their careers, emphasizing the importance of mentorship, networking, and staying abreast of the latest trends in cybersecurity.", "description": "In the rapidly evolving field of cybersecurity, the journey from an entry-level IT role to a leadership position like Chief Information Security Officer (CISO) can be both challenging and rewarding. This talk, inspired by the career trajectory of Nicholas Carroll, a CISM certified Cybersecurity Instructor and former CISO, aims to provide a roadmap for those aspiring to climb the cybersecurity career ladder.\r\n\r\nThe talk will begin with an overview of Nicholas Carroll's career, highlighting his transition from an IT Helpdesk role to a CISO. The talk will also highlight how skills gained outside of IT and cyber can help translate to success in technical fields whether it be troubleshooting as a mechanic, customer service skills in retail, and beyond. This real-life example will serve as a testament to the possibilities that exist within the field of cybersecurity, demonstrating that with dedication, continuous learning, and the right opportunities, one can rise from an entry-level position to a leadership role.\r\n\r\nOne of the key takeaways from this talk will be the importance of continuous learning and certifications in advancing one's career. Staying up-to-date with the latest trends, technologies, and threats is crucial. Certifications like CompTIA Security+, Certified Information Systems Security Professional (CISSP), and Certified Information Security Manager (CISM) not only validate one's skills but also open doors to new opportunities. We\u2019ll also discuss the pitfalls and limitations of certifications and how to balance the pursuit of continuous education in cost effective ways throughout a career.\r\n\r\nThe talk will delve into career guidance toolsets including the Cyber Career Pathways Tool, a resource developed by the Cybersecurity and Infrastructure Security Agency (CISA). This tool helps individuals understand the tasks, knowledge, and skills they need to advance in their cyber careers. It provides a clear roadmap for progression, from entry-level roles to intermediate and advanced positions.\r\nAnother major takeaway will be the importance of hands-on experience. While theoretical knowledge is important, practical experience is what truly sets one apart. Attendees will learn about the value of internships, co-op programs, and entry-level positions in gaining this experience. Especially in a time when it feels like even entry level cyber jobs require years of experience.  They will also learn about the role of projects and contributions to open-source platforms in demonstrating their skills to potential employers and ways to highlight experience outside of cyber in ways that can translate to success in cyber career pathways.\r\n\r\nThe talk will also emphasize the importance of soft skills in advancing one's career. As one moves up the ladder, skills like communication, leadership, and strategic thinking become increasingly important. Drawing from Nicholas Carroll's experience, the talk will provide tips on how to develop these skills and use them to influence decision-making and drive cybersecurity initiatives within an organization.\r\nThe talk will conclude with practical recommendations for those looking to move up in their careers. Attendees will learn about the importance of mentorship and networking in opening doors to new opportunities. They will also gain insights into how to navigate the challenges that come with transitioning to new roles, and how to position themselves for leadership positions, even if they\u2019re just starting out.\r\n\r\nIn summary, \"From Help Desk to CISO\" is a comprehensive guide for anyone looking to advance their career in cybersecurity. Attendees will leave with a clear understanding of the steps they can take to move up the career ladder, and the tools and resources they can leverage to achieve their career goals.", "recording_license": "", "do_not_record": false, "persons": [{"code": "THDRPU", "name": "Nicholas Carroll", "avatar": "https://pretalx.com/media/avatars/THDRPU_1FStRJ7.webp", "biography": "Nicholas Carroll is a seasoned cybersecurity professional with a career spanning over two decades. He currently serves as a Manager of Cyber Incident Response with Nightwing, leading a team of cyber threat intelligence and DFIR professionals defending Fortune 500 organizations and government agencies. Prior to this, he held the position of CISO for a state government agency, overseeing election cyber projects. His journey in IT and cybersecurity began at the help desk, providing him with a broad perspective on the field. But his skills earned in jobs outside of IT and cyber helped craft the success he has today. He is also a certified cybersecurity instructor, demonstrating his commitment to continuous learning and knowledge sharing to help grow the field.", "public_name": "Nicholas Carroll", "guid": "803b3caa-c3a2-5f60-854a-2e87d646a05f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/THDRPU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NDRTXH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NDRTXH/", "attachments": []}, {"guid": "3085b4c7-671e-5fdb-857a-6323053f0f2d", "code": "7RCPG9", "id": 68785, "logo": null, "date": "2025-08-04T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-68785-hack-your-network-career-connections-for-cyber-pros", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7RCPG9/", "title": "Hack Your Network: Career Connections for Cyber Pros", "subtitle": "", "track": "Hire Ground", "type": "Talk-20m", "language": "en", "abstract": "Networking is an essential skill for cybersecurity professionals looking to advance their careers. In an industry as fast-paced and constantly evolving as cybersecurity, building meaningful relationships can open doors to job opportunities, mentorship, and knowledge exchange. This session will provide participants with practical strategies for networking both online and in person, focusing on how to make the most of industry events like BSides, leverage platforms like LinkedIn, and approach networking with a focus on relationship building rather than self-promotion. Whether you're new to the field or a seasoned professional, this session will help you strengthen your professional network and boost your career.", "description": "In the competitive world of cybersecurity, building a professional network is more than just a nice-to-have\u2014it\u2019s essential for career growth. While many professionals understand the importance of networking, they often focus too much on self-promotion rather than relationship-building. This session will focus on how to approach networking with authenticity, with the goal of building genuine connections that can lead to future job opportunities, collaborations, and career advancement.\r\nParticipants will learn about the best practices for networking at events like BSides, where like-minded cybersecurity professionals gather to share knowledge and forge new relationships. Attendees will also explore strategies for using LinkedIn and other social media platforms to connect with industry leaders, while maintaining an authentic and helpful presence online.\r\nMentorship plays a crucial role in career development, and this session will guide participants on how to find a mentor, engage in meaningful mentor-mentee relationships, and benefit from those connections. The session will also discuss the long-term nature of networking, emphasizing how to stay engaged with your professional network over time and continue adding value to others\u2019 careers.\r\nBy the end of the session, participants will walk away with actionable tips for building and maintaining a strong professional network that supports their growth as cybersecurity professionals.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YBX83M", "name": "Heather Morris", "avatar": "https://pretalx.com/media/avatars/YBX83M_DzyJ7Aj.webp", "biography": "Heather Morris is the Director of Talent Acquisition at Redhorse Corporation, where she spearheads strategic initiatives to attract, recruit, and retain top talent across the organization.\r\nWith more than a decade of experience in recruitment, Heather is a seasoned professional known for aligning recruitment strategies with business objectives. She excels in developing innovative talent acquisition processes, optimizing applicant tracking systems and reporting, and fostering a culture of diversity and inclusion. Heather\u2019s leadership in building high-performing teams plays a crucial role in supporting the company\u2019s ongoing growth and success. Her commitment to excellence ensures that the organization consistently attracts the industry\u2019s brightest talent, keeping it at the forefront of its field.\r\nPrior to joining Redhorse, Heather served as the Recruiting Manager of the National Security portfolio at Accenture Federal Services and Novetta. While in that role Heather led improvements to the overall recruitment process, managed the recruitment team, and collaborated with department heads to meet staffing needs efficiently", "public_name": "Heather Morris", "guid": "721f3da2-7809-5555-be37-3420024cca05", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YBX83M/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7RCPG9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7RCPG9/", "attachments": []}, {"guid": "3bec99fc-dcd8-5d53-bd2b-11f72398e451", "code": "DQZHHX", "id": 74525, "logo": null, "date": "2025-08-04T13:00:00-07:00", "start": "13:00", "duration": "01:00", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-74525-hire-ground-resume-reviews-monday-lunch-break", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DQZHHX/", "title": "Hire Ground Resume Reviews, Monday Lunch Break", "subtitle": "", "track": "Hire Ground", "type": "Event1HR", "language": "en", "abstract": "Hire Ground Resume Reviews, Monday Lunch Break", "description": "Hire Ground Resume Reviews, Monday Lunch Break", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DQZHHX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DQZHHX/", "attachments": []}, {"guid": "62cae080-396a-52ad-b244-0de3e3c07017", "code": "8BKV37", "id": 70089, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-70089-where-s-waldo-why-recruiters-can-t-find-you-and-what-to-do-about-it", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8BKV37/", "title": "Where\u2019s Waldo? Why Recruiters Can\u2019t Find You (and What To Do About It)", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "You\u2019ve done the work but still feel invisible. In this interactive experience, you\u2019ll take on the role of a recruiter and help decide who gets contacted and who gets skipped. We\u2019ll run live sourcing examples, review anonymized profiles, and break down what actually makes someone stand out. This is not a lecture. It\u2019s a hands-on session shaped by the audience that shows how hiring really works and how to stop blending in.", "description": "This is not a presentation. It\u2019s a live, practical experience where the audience drives the session and learns by doing.\r\n\r\nAttendees will step into the recruiter\u2019s seat and experience what it\u2019s like to search for cybersecurity talent. I\u2019ll run a real-time LinkedIn search using a job title and location chosen by the audience. We\u2019ll review the profiles that show up, vote on who stands out, and talk through what worked and what didn\u2019t. Along the way, I\u2019ll explain how recruiters actually search using filters, keywords, and shortcuts most people never see.\r\n\r\nMost professionals don\u2019t realise how easy it is to be invisible. They\u2019ve got solid experience, but their titles are unclear, their profiles don\u2019t reflect how hiring teams think, and they\u2019re missing the signals that matter. This session is designed to close that gap.\r\n\r\nWe\u2019ll also run a live fix challenge using real profiles. It\u2019s honest, interactive, and focused on action. The goal is for people to walk out of the room saying, \u201cNow I understand what\u2019s missing and how to fix it.\u201d\r\nI\u2019ve spent over 9 years in cybersecurity recruitment, helping companies hire and helping people get hired. This session brings that experience to life in a way that is engaging, direct, and built for real impact.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GFNWXZ", "name": "Ricki Burke", "avatar": "https://pretalx.com/media/avatars/GFNWXZ_xgJ9J6w.webp", "biography": "Ricki Burke is a passionate contributor to the infosec community. He co-organizes BSides Gold Coast and SecTalks Gold Coast, and has delivered sessions at Black Hat USA, Black Hat Asia, BSidesLV, AISA CyberCon, AusCERT, BSides Canberra, BSides Melbourne, BSides Perth, and CHCon. He has also run career villages, hosted interactive workshops, and volunteered for Resume Review at BSidesLV. Ricki is the founder of CyberSec People and CyberSec.Careers, where he helps companies build stronger teams and cybersecurity professionals grow their careers.", "public_name": "Ricki Burke", "guid": "ff22a59b-c0b3-5f95-bc9b-ab9df5aa734e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GFNWXZ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8BKV37/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8BKV37/", "attachments": []}, {"guid": "699bf1aa-4217-518f-8d96-e54645b87cd9", "code": "SWUABJ", "id": 68754, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-68754-craps-clout-and-career-chaos-the-game-they-forgot-to-explain", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SWUABJ/", "title": "Craps, Clout, and Career Chaos: The Game They Forgot to Explain", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "Place your bets\u2014building a cybersecurity career can feel a lot like playing craps: fast-paced, unpredictable, and full of moments where you're not totally sure if you're winning or just delaying disaster.\r\n\r\nIn this refreshingly honest session, a seasoned cybersecurity senior manager and a battle-tested CISO team up for a tag-team talk that\u2019s part strategy guide, part war story, and career advice no one ever gives you. Drawing from two very different vantage points\u2014the war zone of middle management and the executive-level boardroom\u2014we\u2019ll roll through our Top Career Tips, learned the hard way at every level of the security stack.\r\n\r\nExpect:\r\n- Real talk on what works (and what totally backfires)\r\n- Stories of failure, growth, and awkward promotion conversations\r\n- Tangible advice you can use to stand out, speak up, and move up\r\n- A few laughs, a few scars, and absolutely no corporate buzzword bingo\r\n\r\nWhether you\u2019re just starting out, stuck in the middle, or trying to make the leap to executive leadership, we\u2019ll help you figure out how to play the game without losing your chips\u2014or your sanity.", "description": "In cybersecurity, career growth is more than just technical skill\u2014it\u2019s about communication, visibility, and learning how to navigate organizational structures and politics. This dual-perspective presentation brings together the candid insights of a cybersecurity senior manager and a CISO, reflecting on the parallel (and sometimes diverging) paths they\u2019ve taken.\r\nWe will give real advice, honest stories of missteps, unexpected opportunities, and lessons learned the hard way, we\u2019ll explore what it really takes to move forward in your cybersecurity career\u2014from gaining trust and visibility to aligning with leadership\u2019s expectations. Attendees will leave with actionable strategies for getting noticed, getting promoted, and making the leap from \u201cgetting the job done\u201d to driving real influence.", "recording_license": "", "do_not_record": false, "persons": [{"code": "RE9ZXL", "name": "Nicole Beckwith", "avatar": "https://pretalx.com/media/avatars/RE9ZXL_OPWiNjm.webp", "biography": "Nicole Beckwith is the Sr. Manager of Kroger Corporate Information Security's Threat Operations team, where she drives strategic initiatives across threat intelligence, threat hunting, detection engineering, insider risk, fraud, and forensics. With a strong foundation in computer programming and web development, she transitioned into law enforcement, first as a state police officer and later as a federally sworn U.S. Marshal assigned to the United States Secret Service, where she worked as a task force officer. Throughout her career, Nicole has demonstrated exceptional leadership managing complex teams, strategic projects, and overseeing critical operations.\r\n\r\nNicole is an active member of the Cincinnati community where she serves on the Advisory Boards for Miami University\u2019s Center for Cybersecurity, Warren County Career Center\u2019s Cybersecurity Program, and the Cincinnati chapter of the ISSA. She is also a trusted advisor on Googles Technical Advisory Council, IBM\u2019s Strategic Advisory Board, and the ZeroFox Customer Advisory Council.", "public_name": "Nicole Beckwith", "guid": "8d69c4c8-0dea-50c9-a431-bff231a677bb", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/RE9ZXL/"}, {"code": "7EJRLG", "name": "Jake Lorz", "avatar": "https://pretalx.com/media/avatars/7EJRLG_XYtB1or.webp", "biography": "As Vice President of IT and Chief Information Security Officer (CISO) for Cintas, Jake Lorz spearheads cybersecurity, infrastructure, and employee support services. Leveraging his deep understanding of both business and technology, Jake cultivates a proactive security posture focused on data protection, threat intelligence, and incident response. \r\n\r\nDrawing upon over two decades of experience spanning aerospace, defense, manufacturing, and software development, Jake brings significant knowledge to his role. He is a widely respected thought leader in cybersecurity and IT, actively driving industry advancement through his involvement in numerous professional organizations. He co-chairs the Cincinnati Cybersecurity Collaboration Forum\u2019s Leadership Board and serves on the Cincinnati ISSA Advisory Board. Nationally, Jake contributes to cybersecurity strategy as a Board Development Committee Member for the NTSC and offers his expertise to CDO Magazine\u2019s Global Security Board and Verizon\u2019s Cybersecurity Customer Advisory Board.\r\n\r\nJake holds bachelor's and master's degrees in Management Information Systems, Business Administration, and Information Technology (specializing in Data Driven Cybersecurity). His commitment to the field is further demonstrated by his CISSP, CISM, and CRISC certifications.", "public_name": "Jake Lorz", "guid": "1c1d2398-f9b1-538a-a2f8-57f814188541", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/7EJRLG/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SWUABJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SWUABJ/", "attachments": []}, {"guid": "de693fa2-c63f-5293-86c5-2ae34c576e30", "code": "PERW8U", "id": 73245, "logo": null, "date": "2025-08-04T16:00:00-07:00", "start": "16:00", "duration": "00:50", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-73245-hire-ground-resume-reviews-monday-evening", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PERW8U/", "title": "Hire Ground Resume Reviews, Monday Evening", "subtitle": "", "track": "Hire Ground", "type": "Event1HR", "language": "en", "abstract": "Free resume reviews in Hire Ground.", "description": "Free resume reviews in Hire Ground.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PERW8U/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PERW8U/", "attachments": []}, {"guid": "49fe961d-edea-57d3-bc27-1d0ffa56830e", "code": "TQDBBE", "id": 70714, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "01:50", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-70714-hire-ground-mixer-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TQDBBE/", "title": "Hire Ground Mixer, Monday", "subtitle": "", "track": "Hire Ground", "type": "Event2HR", "language": "en", "abstract": "Hire Ground Mixer, Monday", "description": "Hire Ground Mixer, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TQDBBE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TQDBBE/", "attachments": []}], "Florentine C+D": [{"guid": "21f4b86b-49be-5719-89c9-0561a57e03af", "code": "SJHWP9", "id": 70682, "logo": null, "date": "2025-08-04T08:30:00-07:00", "start": "08:30", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70682-silent-auction-opens-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SJHWP9/", "title": "Silent Auction Opens, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Silent Auction Opens", "description": "Silent Auction Opens", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SJHWP9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SJHWP9/", "attachments": []}, {"guid": "09276228-81f4-5513-aa3f-9122e7723beb", "code": "MU7LC8", "id": 70677, "logo": null, "date": "2025-08-04T08:30:00-07:00", "start": "08:30", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70677-middle-ground-opens-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MU7LC8/", "title": "Middle Ground Opens, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Middle Ground Opens", "description": "Middle Ground Opens", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MU7LC8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MU7LC8/", "attachments": []}, {"guid": "71357ffc-3466-5a7c-bc87-42c53e5f0c84", "code": "MYMQJY", "id": 70694, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "01:30", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70694-morning-talks-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MYMQJY/", "title": "Morning Talks, Monday", "subtitle": "", "track": "Middle Ground", "type": "Talk-45m", "language": "en", "abstract": "Morning Talks, Monday", "description": "Morning Talks, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MYMQJY/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MYMQJY/", "attachments": []}, {"guid": "5eede572-de37-5eb9-9bdc-429474d74ebc", "code": "TTNWHR", "id": 70698, "logo": null, "date": "2025-08-04T12:30:00-07:00", "start": "12:30", "duration": "01:30", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70698-lunch-break-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TTNWHR/", "title": "Lunch Break, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Lunch, Monday", "description": "Lunch, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TTNWHR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TTNWHR/", "attachments": []}, {"guid": "d0421db3-65ac-580e-b619-1ba8beb01ce1", "code": "99CFPY", "id": 70729, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "02:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70729-afternoon-talks-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/99CFPY/", "title": "Afternoon Talks, Monday", "subtitle": "", "track": "Middle Ground", "type": "Talk-45m", "language": "en", "abstract": "Afternoon Talks, Monday", "description": "Afternoon Talks, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/99CFPY/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/99CFPY/", "attachments": []}, {"guid": "f34ec74e-4438-52b6-a6d6-cc4debde6e2a", "code": "ENKCZH", "id": 70688, "logo": null, "date": "2025-08-04T16:00:00-07:00", "start": "16:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70688-pvj-ctf-play-ends-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ENKCZH/", "title": "PvJ CTF Play Ends, Monday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "PvJ CTF Play Ends, Monday", "description": "PvJ CTF Play Ends, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ENKCZH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ENKCZH/", "attachments": []}, {"guid": "b39319d3-a801-577d-8677-5851b27200ce", "code": "RZC7FH", "id": 70705, "logo": null, "date": "2025-08-04T16:00:00-07:00", "start": "16:00", "duration": "01:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70705-happy-hour-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RZC7FH/", "title": "Happy Hour, Monday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "Happy Hour, Monday", "description": "Happy Hour, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RZC7FH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RZC7FH/", "attachments": []}, {"guid": "c9119775-79ee-524a-a163-e0fadc3241cc", "code": "GH7XDX", "id": 70706, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:30", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70706-pvj-ctf-hotwash-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GH7XDX/", "title": "PvJ CTF Hotwash, Monday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "PvJ Hotwash, Monday", "description": "PvJ Hotwash, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GH7XDX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GH7XDX/", "attachments": []}, {"guid": "1a5b5e7c-3130-5572-857b-ea3f2fd8fb29", "code": "GYHBD3", "id": 70731, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "02:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70731-evening-talks-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GYHBD3/", "title": "Evening Talks, Monday", "subtitle": "", "track": "Middle Ground", "type": "Talk-45m", "language": "en", "abstract": "Evening Talks, Monday", "description": "Evening Talks, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GYHBD3/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GYHBD3/", "attachments": []}, {"guid": "2aacfdd1-3ded-56a6-85d8-2ab7cb19854d", "code": "JSGWHZ", "id": 70679, "logo": null, "date": "2025-08-04T19:00:00-07:00", "start": "19:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70679-middle-ground-closes-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JSGWHZ/", "title": "Middle Ground Closes, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Middle Ground Closes, Monday", "description": "Middle Ground Closes, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JSGWHZ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JSGWHZ/", "attachments": []}, {"guid": "35e31ec9-ed68-58e1-b4f0-0d6fda4441ac", "code": "E7XWHB", "id": 66871, "logo": null, "date": "2025-08-04T19:00:00-07:00", "start": "19:00", "duration": "03:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-66871-whoami-exe-can-you-find-the-threat", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E7XWHB/", "title": "WhoAmI.exe - Can You Find The Threat?", "subtitle": "", "track": "Events", "type": "Training-4h", "language": "en", "abstract": "Have you ever attended a murder mystery dinner or tackled an escape room challenge? This role-action training session brings the same excitement, strategy, and deception into a hands-on tabletop experience.\r\nAre you ready to solve the case?", "description": "Welcome to a high-stakes game of deception, deduction, and discovery! In this thrilling mystery-style tabletop experience, players take on unique character roles within a large corporation. The main characters include the CEO, IT Technician, CISO, Senior Analyst, and the intern. Each character contains a profile that hold their own secrets, motives, and hidden agendas. As the tension builds, each group will work together, or scheme against each other, to uncover the insider threat before it\u2019s too late.\r\n\r\nDesigned for 4-8 players per group, this immersive game challenges participants to analyze clues, interrogate suspects, and piece together the puzzle. Trust no one, question everything, and be prepared for unexpected twists, because in this game, the truth is never what it seems.\r\n\r\nDo you have what it takes to unmask the insider?", "recording_license": "", "do_not_record": false, "persons": [{"code": "U7BTWM", "name": "Reanna Schultz", "avatar": "https://pretalx.com/media/avatars/U7BTWM_pW43BeU.webp", "biography": "Reanna Schultz, from Kansas City, MO, holds both a Bachelor\u2019s and Master\u2019s degree in Cybersecurity. With over six years of professional experience, Reanna has contributed to various corporate environments, leveraging her expertise to strengthen cybersecurity practices.\r\n\r\nThroughout her career, Reanna has worn many hats, including roles in Endpoint Security Engineering, Detection Engineering, and leading a Security Operations Center (SOC) team. In addition to her primary responsibilities, Reanna serves as an adjunct professor at the University of Central Missouri (UCM) and is also an entrepreneur.\r\n\r\nReanna is the founder of CyberSpeak Labs, a platform dedicated to fostering community engagement through collaboration. She hosts the podcast Defenders in Lab Coats, where she delves into cyber threats and occasionally invites passionate guests to share their insights.\r\nDriven by her passion for cybersecurity, Reanna frequently travels to speak at events, sharing her industry knowledge and empowering others to improve their organizations' cybersecurity practices.", "public_name": "Reanna Schultz", "guid": "a1cb4294-f8e1-5256-861b-2a8d956a9a20", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/U7BTWM/"}, {"code": "AXMD9M", "name": "Joshua Mason", "avatar": "https://pretalx.com/media/avatars/AXMD9M_FXchcfh.webp", "biography": "Josh Mason is a Solutions Architect at Synack, founder of Noob Village, and a cybersecurity consultant. With a background as a U.S. Air Force pilot and cyber warfare officer, he has developed training programs, advised organizations on security strategies, and mentored individuals entering the field. Josh is passionate about helping newcomers in cybersecurity and regularly speaks at industry conferences while supporting education through community and non-profit initiatives.", "public_name": "Joshua Mason", "guid": "e1a213e8-2e18-56c4-a7ea-66de3ba8cc9e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/AXMD9M/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E7XWHB/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E7XWHB/", "attachments": []}, {"guid": "70ce073a-d8b8-5569-9979-94215654d360", "code": "LTVBTF", "id": 78178, "logo": null, "date": "2025-08-04T19:00:00-07:00", "start": "19:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-78178-silent-auction-closes-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LTVBTF/", "title": "Silent Auction Closes, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Silent Auction Closes", "description": "Silent Auction Closes", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LTVBTF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LTVBTF/", "attachments": []}, {"guid": "d5604c93-617f-55fa-b0e2-32c8fbd4fe45", "code": "EKFALC", "id": 70707, "logo": null, "date": "2025-08-04T19:00:00-07:00", "start": "19:00", "duration": "03:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70707-board-game-night", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EKFALC/", "title": "Board Game Night", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "Board Game Night", "description": "Board Game Night", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EKFALC/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EKFALC/", "attachments": []}, {"guid": "8e612efc-6f6a-5557-bd2b-97359d4e7ff3", "code": "FFUHZJ", "id": 70710, "logo": null, "date": "2025-08-04T20:00:00-07:00", "start": "20:00", "duration": "02:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70710-bslv-volunteer-reception", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FFUHZJ/", "title": "BSLV Volunteer Reception", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "BSLV Volunteer Reception", "description": "BSLV Volunteer Reception", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FFUHZJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FFUHZJ/", "attachments": []}], "Florentine E": [{"guid": "4fa05dcc-871c-518b-a75c-ab16459416a3", "code": "ZCMBVR", "id": 70687, "logo": null, "date": "2025-08-04T09:00:00-07:00", "start": "09:00", "duration": "00:00", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-70687-pvj-ctf-play-begins-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZCMBVR/", "title": "PvJ CTF Play Begins, Monday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "PvJ CTF Play Begins, Monday", "description": "PvJ CTF Play Begins, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZCMBVR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZCMBVR/", "attachments": []}, {"guid": "621cb366-784d-53d7-8a69-6f8942fce165", "code": "9RELPE", "id": 70233, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-70233-beyond-the-breach-why-your-tabletop-exercise-should-be-your-worst-nightmare", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9RELPE/", "title": "Beyond the Breach: Why Your Tabletop Exercise Should be Your Worst Nightmare", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "This talk provides a comprehensive overview of Table Top Exercises (TTX), highlighting their critical role in cybersecurity preparedness. The importance of TTXs is underscored, highlighting their ability to simulate incident response without real-world consequences. This guide emphasizes the importance of crafting challenging scenarios that push teams beyond their comfort zones, preparing them for worst-case scenarios while maintaining clarity and focus. The ultimate goal is to facilitate continuous improvement and ensure organizational resilience through annual TTX iterations.", "description": "Tabletop exercises are vital to the success of security within businesses, providing a simulated environment where teams can practice their responses to various scenarios. As someone who has written and conducted several of these exercises, I've observed common challenges that companies face during these sessions. One significant hurdle is the fear of failure; participants often worry about looking bad and are reluctant to embrace mistakes. However, I believe it's important to teach people that failure is not only acceptable but can actually contribute to creating a more secure environment. By learning from errors made during tabletop exercises, teams can strengthen their strategies and improve their overall security posture. Embracing a mindset where failure is seen as a stepping stone to success can transform the way businesses approach security, making them more resilient and prepared for real-world threats.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GLGW3J", "name": "Madison Rocha", "avatar": "https://pretalx.com/media/avatars/GLGW3J_O3GmDDI.webp", "biography": "Madison Rocha is a Sr. Cybersecurity Consultant with a background in developing robust security frameworks and implementing cutting-edge protective measures. With a strategic approach to IT governance with hands-on technical acumen as a Sr. Consultant, she brings a blend of theoretical knowledge and practical expertise to the forefront of cybersecurity challenges. Her technical prowess extends to evaluating and securing environments, working with critical infrastructure, participating in red, blue, and purple teams, facilitating TableTop (TTX) exercises, and creating robust Identity Access Management (IAM) solutions. As she continues to contribute to the field of cybersecurity, she remains committed to expanding her knowledge and skill set, ensuring that she is at the cutting edge of cybersecurity defenses and strategies.", "public_name": "Madison Rocha", "guid": "1b1a1ddd-48b0-5a3a-b9d4-b836abd9e926", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GLGW3J/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9RELPE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9RELPE/", "attachments": []}, {"guid": "28c7ff97-addf-5a33-a2d1-1e293bdd0d17", "code": "HKSUYW", "id": 67806, "logo": null, "date": "2025-08-04T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67806-turbo-tactical-exploitation-22-tips-for-tricky-targets", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HKSUYW/", "title": "Turbo Tactical Exploitation: 22 Tips for Tricky Targets", "subtitle": "", "track": "Ground Floor", "type": "Talk-20m", "language": "en", "abstract": "Penetration tests are a race; you\u2019re up against the clock, the blue team, and real-world criminals going after the same systems. Knowing where to look, what to spend your time on, and how to move fast is everything. This rapid-fire session delivers 22 practical tips to help you find juicy targets faster, pivot cleaner, and avoid wasting time on noise. From recon to lateral movement (and everything in between), these techniques are built for speed and getting the most out of every packet, port, and pivot. Whether you\u2019re on a red team or just want to better understand your exposure, you\u2019ll leave with new ways to spot weak links fast\u2014and exploit them even faster.", "description": "Modern penetration testing is no longer about running one big scan and waiting for low-hanging fruit to drop. It\u2019s about speed, precision, adaptability, and the ability to recognize opportunity from noise. The faster a red team can identify viable paths to privilege or data, the more time they have to focus on meaningful exploitation\u2014and the more value they deliver.\r\n\r\nThis talk is built for speed. It\u2019s a rapid-fire delivery of 22 tactical tips, designed for operators working against the clock and under pressure. Each tip targets a specific phase of a real-world engagement\u2014covering everything from network recon to post-exploitation pivots\u2014emphasizing tools, logic, and lateral thinking that yield fast results.\r\n\r\nThe techniques in this session are grounded in real-world experience from assessments where time is short and the environment is unknown. These aren\u2019t theoretical tactics\u2014they\u2019re the battle-tested shortcuts and field-proven workflows that separate successful engagements from an empty report.\r\n\r\nThis session is for:\r\n* Penetration testers looking to sharpen their time-to-impact\r\n* Red teamers working inside constrained, high-pressure environments\r\n* Blue teamers wanting to understand how attackers think and move\r\n* Developers or sysadmins curious about how attackers prioritize and exploit their systems\r\n\r\n\r\nThe primary goal is to arm attendees with fast, effective methods for:\r\n* Finding valuable targets with minimal noise\r\n* Recognizing indirect indicators of vulnerable systems\r\n* Pivoting across infrastructure and through segmentation\r\n* Avoiding tool fatigue and maximizing signal-per-effort\r\n\r\nThis talk is structured as a guided sprint through the offensive lifecycle, starting from outside-in, to a foothold on an intermediate system, and finally to the most critical targets within the environment. Each tactic is immediately useful, often tool-agnostic, and focused on high leverage with low effort.", "recording_license": "", "do_not_record": false, "persons": [{"code": "AMRQJN", "name": "HD Moore", "avatar": "https://pretalx.com/media/avatars/AMRQJN_Zz2fJID.webp", "biography": "HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.\r\n\r\nHD serves as the CEO and co-founder of runZero, a provider of cutting-edge exposure management software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON.\r\n\r\nHD\u2019s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks. When he\u2019s not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.", "public_name": "HD Moore", "guid": "a6ae8b0f-d5a6-5435-b60f-e71c9c768df0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/AMRQJN/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HKSUYW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HKSUYW/", "attachments": []}, {"guid": "1726f9a3-6c20-530f-9754-480c2ff82834", "code": "T7AHQT", "id": 70144, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-70144-avoiding-credential-chaos-authenticating-with-no-secrets", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/T7AHQT/", "title": "Avoiding Credential Chaos: Authenticating With No Secrets", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "Tired of the secret sprawl? You're not alone. This talk tosses the outdated playbook of endless key rotations and credential tracking and exposes a better way: delete the darn secrets in the first place. Or where they can\u2019t be deleted, choose a solution that offers better protection as a matter of course. \r\n\r\nLearn concrete 'Do This, Not That' guidance with actionable examples for common use cases that typically involve static, manually managed secrets. Move on to a safer and more maintainable architecture by making manually managing secrets the exception, not the default.\r\nSee a live demonstration of two Kubernetes clusters \u2013 one in AWS and one in Azure \u2013 securely authenticating to the other cloud provider with zero manually managed secrets. We'll dive into the AWS IRSA and Azure Workload ID services that unlock this. You'll even get the full Terraform source code to play with this yourself, highlighting the emergent wins for resiliency and maintainability when your entire infrastructure is defined in code.\r\n\r\nLeave this session equipped with practical examples to immediately reduce your secrets footprint and a deeper understanding of building secure, secret-free systems.", "description": "Tired of the secret sprawl? You're not alone. This talk throws out the outdated playbook of endless key rotations and credential tracking and exposes a better way: deleting the darn secrets in the first place. Or where they can\u2019t be deleted, choose a solution that offers better protection as a matter of course. Learn concrete 'Do This, Not That' guidance for reducing secrets-induced risk across your stack, from how your users access infrastructure to how your services themselves authenticate.\r\n\r\nWe\u2019ll go through common use cases that traditionally require static, manually managed secrets, and give specific examples of how to move away from that model to a much safer and more maintainable architecture, where manually managed secrets are the exception, not the default.\r\nSee a live demonstration of two Kubernetes clusters \u2013 one in AWS and one in Azure \u2013 securely authenticating to the other cloud provider with zero manually managed secrets. We'll dive into AWS IRSA and Azure Workload ID, showcasing how these services unlock cross-cloud access without the risk of static, privileged client credentials. You'll even get the full Terraform source code to implement this yourself, highlighting the emergent wins for resiliency and maintainability when your entire infrastructure is defined in code.\r\n\r\nLeave this session equipped with practical examples to immediately reduce your secrets footprint and a deeper understanding of building secure, secret-free systems.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YDHEC9", "name": "Chitra Dharmarajan", "avatar": "https://pretalx.com/media/avatars/YDHEC9_MEJIFPy.webp", "biography": "Chitra Dharmarajan, CISSP, CCSP, NACD.DC is a dynamic cybersecurity executive with expertise in building high-performing global teams and driving enterprise-wide security transformations. She excels in risk management, governance, and strategic decision-making, with a proven track record in M&A, due and secure-by-design strategies. Specializing in Privacy Engineering, Product Security, and AI-driven solutions, she has extensive experience across Network, Cloud, Application, and Container Security. Chitra is passionate about empowering teams and fostering innovation to achieve impactful, scalable results.\r\nIn addition to her executive roles, Chitra is a dedicated startup advisor, guiding emerging companies in navigating the complexities of cybersecurity. Her contributions to the field have been recognized through numerous awards and accomplishments, highlighting her leadership and impact in the cybersecurity domain.\r\nA graduate of the Executive Program for CISO at Carnegie Mellon University, she is poised to leverage her industry expertise, strategic vision, and governance experience to shape the future of cybersecurity and drive lasting organizational impact. Chitra has successfully completed National Association of Corporate Directors (NACD) - Directorship Certification demonstrating her commitment to governance leadership, personal development, as well as her commitment to leading oversight of organizations today and in the future.", "public_name": "Chitra Dharmarajan", "guid": "4bc6474f-c1c0-5d99-97ae-a6aade655a85", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YDHEC9/"}, {"code": "9SQAGJ", "name": "Steve Jarvis", "avatar": "https://pretalx.com/media/avatars/9SQAGJ_sb4C1O2.webp", "biography": "Steve Jarvis's journey in tech spans about 14 years, from his early work building key management software to developing services in networking, IAM, and infrastructure management. That background in creating security-related software naturally led him to his current focus as a security engineer. Still a programmer at heart, he tackles security challenges with that developer's mindset. Outside of work, he's kept busy by an adorable 3-year-old daughter and the ongoing pursuit of being a pretty okay bike racer.", "public_name": "Steve Jarvis", "guid": "9ad6015d-48e9-5561-beb2-37529b1d1005", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9SQAGJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/T7AHQT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/T7AHQT/", "attachments": []}, {"guid": "b321cda8-a0ea-5b92-b9f5-83ea01157a75", "code": "JJCREB", "id": 67915, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:20", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67915-hacking-secure-coding-into-education", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JJCREB/", "title": "Hacking Secure Coding Into Education", "subtitle": "", "track": "Ground Floor", "type": "Talk-20m", "language": "en", "abstract": "In this talk, we will share our experience in reaching high school, computer science, and software engineering students with secure coding workshops. We will introduce our open GitHub repository and YouTube channel, which provide free workshops and walkthroughs, allowing anyone to learn.", "description": "Join us as we share our journey bringing secure coding education to high school, university, and software engineering students. We\u2019ll discuss the gaps in traditional programming education and how we addressed them through accessible, hands-on workshops. Discover our free GitHub repository and YouTube channel, packed with labs and walkthroughs. Learn how you can contribute\u2014by suggesting ideas, building labs, reviewing code, or creating walkthrough videos\u2014to help grow the secure coding community.", "recording_license": "", "do_not_record": false, "persons": [{"code": "BTLMJG", "name": "Or Sahar", "avatar": "https://pretalx.com/media/avatars/BTLMJG_c7DCIKq.webp", "biography": "Or Sahar is a security researcher and the co-founder of Secure From\r\nScratch. With two decades of experience in software development and\r\nsecurity, she specialises in penetration testing, application security, and\r\ninstructing on secure coding practices in the private, governmental sector and several collages.", "public_name": "Or Sahar", "guid": "5396c8c1-7654-525e-8b95-b01645c715e0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/BTLMJG/"}, {"code": "3ABHHF", "name": "Yariv Tal", "avatar": "https://pretalx.com/media/avatars/3ABHHF_KsclfzM.webp", "biography": "Senior developer turned security researcher.\r\nA summa cum laude graduate from the Technion, leveraging four decades of programming expertise and years of experience in university lecturing and bootcamp mentoring, he brings a fresh outsider's perspective to the field of security.\r\nCurrently, he lectures on secure coding at several colleges and the private sector and he is also the leader of the owasp-untrust project.", "public_name": "Yariv Tal", "guid": "013cb543-bd99-5b52-a886-93ff414932ff", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/3ABHHF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JJCREB/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JJCREB/", "attachments": []}, {"guid": "41063d42-5a2a-5eb9-9555-4d451bd3c225", "code": "7BZSKL", "id": 67767, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/7BZSKL/lumin_kfyoIco.png", "date": "2025-08-04T15:30:00-07:00", "start": "15:30", "duration": "00:20", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67767-casting-light-on-shadow-cloud-deployments", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7BZSKL/", "title": "Casting Light on Shadow Cloud Deployments", "subtitle": "", "track": "Ground Floor", "type": "Talk-20m", "language": "en", "abstract": "Shadow IT and forgotten proof-of-concept environments frequently become the weak links attackers exploit\u2014unmonitored, undocumented, and outside standard security controls. Whether it's a forgotten cloud instance left open to the internet or a testing environment quietly turned into a production system, these deployments often fly under the radar until they become part of an incident. Once discovered, accurately scoping the environment is critical to identifying existing resources, active services, and their exposure to the internet. Our open-source tool, Luminaut, scans cloud environments to identify services exposed to the internet, providing critical context from the inside out to jumpstart your investigation. Within minutes, Luminaut will highlight exposed IP addresses and associated compute and networking resources, layering on a timeline from cloud audit logging and context from external scanners. Whether working an incident for an enterprise security team or responding to a customer\u2019s AWS or Google Cloud environment, Luminaut helps answer critical scoping questions\u2014what is exposed, where it\u2019s running, and how long it has been there\u2014giving investigators a head start on triage, root cause analysis, and informing stakeholders.", "description": "We developed this tool, and talk, after years of responding to incidents started from exposure of resources. The initial version supported AWS resource exposure investigation, and was presented at ShmooCon 2025. Since then, we are working on an integration of Google Cloud and increasing our coverage of AWS resources. This CLI tool has found success from practitioners in reducing the time spent during the identification phase of triage.\r\n\r\nWhile other tools support similar features, Luminaut stands separate by focusing on the discovery of resources and leveraging an inside-out approach for detection. Luminaut starts by enumerating internet facing network interfaces, tracing them to attached resources and services to identify what components construct the network path. It then uses available audit history from sources like CloudTrail and AWS Config to provide available context on how the resources were created. In addition to the internal identification, Luminaut can use external resources to gather information about services running on the exposed interfaces. This includes using nmap, whatweb, and shodan to provide information on applications or frameworks available at the exposed ports.\r\n\r\nOur project is available on GitHub here: https://github.com/luminaut-org/luminaut. In addition to the tool, our GitHub also hosts the documentation and our prior presentation slides. Our prior talk is available on YouTube here: https://youtu.be/-_jUZBMeU5w?si=e-Q3gFavTdhpecRY&t=16700", "recording_license": "", "do_not_record": false, "persons": [{"code": "GHH8CS", "name": "Brittney Argirakis", "avatar": "https://pretalx.com/media/avatars/GHH8CS_PI8gukV.webp", "biography": "Brittney Argirakis is a cybersecurity professional specializing in digital forensics and incident response. Over the past 8+ years, Brittney has worked in consulting roles in large enterprise, government, healthcare, and non-profit, leading investigations and training sessions on DFIR topics.", "public_name": "Brittney Argirakis", "guid": "c2425791-2f8d-5d74-a880-06382b9690dd", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GHH8CS/"}, {"code": "7A9L39", "name": "Chapin Bryce", "avatar": "https://pretalx.com/media/avatars/7A9L39_Glp1IX0.webp", "biography": "Chapin Bryce is a cybersecurity consultant turned software developer. His current focus is on cloud security and threat data, through building tools to support investigations and strengthen organizational security. Chapin is an author of two books on using Python in digital forensics.", "public_name": "Chapin Bryce", "guid": "024dfac9-932b-5491-9427-73e24b7363bd", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/7A9L39/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7BZSKL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7BZSKL/", "attachments": []}, {"guid": "4d8dbb7e-8fce-5f19-8b27-5094d6887fd7", "code": "8EDXNE", "id": 67687, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67687-don-t-be-llame-the-basics-of-attacking-llms-in-your-red-team-exercises", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8EDXNE/", "title": "Don't be LLaMe - The basics of attacking LLMs in your Red Team exercises", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "Part of the Red Team job is staying on top of new, emerging, or growing technologies. Love it or hate it, Large Language Models (LLMs) and the applications and agents that use them are increasingly part of the tech stack in companies today. To ignore them would be to ignore fruitful attack surface that may be both less secured and less monitored than other traditional Red Team attack paths. This presentation will cover the core of what we think Red Teamers should know about how LLMs work under the hood (without the math!) and then use that knowledge to dive into attack strategies. This isn't just focused on attacking the LLMs, though; we'll be taking prompt injection and jailbreaks into Red Team-land with examples from research and real-world operations. Get your hack on with ways you can attack the applications and agents using LLMs to achieve your heart's desire on your next Red Team operation.", "description": "While this discussion will cover the basics of LLMs themselves, the primary focus is on how they can be used in the course of other offensive security work - particularly Red Team engagements.\r\n\r\nThis presentation will begin with the core of how LLMs work at a theoretical level - no math or ML knowledge are required. Understanding how an LLM actually does what it does is critical to determining how to effectively manipulate or break it.\r\n\r\nAfter establishing the basics, we will cover common prompt injection strategies informed by real-world exercises. The specific focus will be on achieving impactful objectives common to Red Team engagements, like lateral movement, privilege escalation, or impact - getting the LLM to say something dirty only to you isn't exactly useful or concerning to the Red Team and falls into the alignment category, which is quality assurance more than offensive security.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ALWNMU", "name": "Brent Harrell", "avatar": "https://pretalx.com/media/avatars/ALWNMU_bj4d3wm.webp", "biography": "Brent took the scenic route to offensive security, beginning in counterintelligence before moving to cyber threat intelligence, security engineering, and finally Red Team - his ultimate goal. He has primarily focused on traditional Red Team engagements against enterprise environments with past roles leading engagements for MITRE Engenuity's ATT&CK Evaluations program and building a Red Team for a Fortune 40 company. He is now is a Principal Consultant at CrowdStrike, and while he still pokes holes in Active Directory environments he is one of the initial members of CrowdStrikes's Professional Services AI Red Team. So now he pokes holes in both technologies wherever possible.", "public_name": "Brent Harrell", "guid": "6a665af7-af93-5e00-8e39-b170e41665f7", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ALWNMU/"}, {"code": "3CMBTB", "name": "Alex Bernier", "avatar": "https://pretalx.com/media/avatars/3CMBTB_pRemrrG.webp", "biography": "Principal Red Team Consultant, CrowdStrike\r\nPassionate about AI application security!", "public_name": "Alex Bernier", "guid": "21d93995-a453-5214-9bba-283b49b6d4dc", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/3CMBTB/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8EDXNE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8EDXNE/", "attachments": []}, {"guid": "9f498171-052c-55af-a5a1-900ce8ba9392", "code": "HUP7L3", "id": 67791, "logo": null, "date": "2025-08-04T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67791-e-x-es-and-o-auths-they-haunt-me-in-depth-analysis-of-oauth-oidc-misconfigurations-and-token-replay-attacks", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HUP7L3/", "title": ".e'X'es and 'O'auths (They Haunt Me): In-Depth Analysis of OAuth/OIDC Misconfigurations and Token Replay Attacks", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "OAuth and OpenID Connect (OIDC) are the backbone of modern identity and access management \u2014 but poor implementations leave organizations dangerously exposed. In this technical session, I\u2019ll move beyond theory and demonstrate how subtle misconfigurations in OAuth and OIDC flows can be exploited by attackers to bypass authentication, impersonate users, and replay tokens for unauthorized access. We\u2019ll walk through real-world vulnerabilities such as missing state parameters, improperly validated discovery documents, and token validation failures. Then we\u2019ll demonstrate a live token replay attack using OWASP ZAP to intercept and reuse a captured JWT \u2014 illustrating how easily these weaknesses can be exploited in the wild. Attendees will leave with actionable knowledge on how to identify, exploit, and mitigate these flaws in enterprise environments, along with open-source scripts and tools to reproduce the attack scenarios in their own labs.", "description": "OAuth 2.0 and OpenID Connect (OIDC) are the identity workhorses of the modern web, enabling SSO, delegated authorization, and secure API access across cloud and enterprise ecosystems. But despite their widespread adoption, these protocols are frequently misconfigured \u2014 and attackers are capitalizing on it. This talk exposes how real-world flaws in OAuth and OIDC implementations can be exploited to bypass authentication, impersonate users, and perform full session hijacking via token replay.\r\n\tThis presentation is designed for security professionals, penetration testers, red teamers, and identity architects who want a deeper technical understanding of identity-layer attack surface and how it\u2019s routinely exploited in the wild. It opens with a fast-paced breakdown of how OAuth and OIDC are supposed to work, then dives headfirst into where they typically fail \u2014 not in the protocols themselves, but in how they\u2019re implemented.\r\n\tAttendees will learn how missing or improperly validated state parameters lead to CSRF, how weak or wildcarded redirect_uri values open the door for open redirect exploits, and why implicit flows are dangerous in modern environments. On the OIDC side, we\u2019ll explore how attackers tamper with the discovery endpoint (.well-known/openid-configuration), and how improperly validated ID tokens lacking issuer, audience, or nonce verification can be forged and replayed.\r\n\tThe centerpiece of the session is a live demonstration of a token replay attack using OWASP ZAP. We\u2019ll walk through a simulated login against a vulnerable OAuth/OIDC web app, intercept a valid JWT using ZAP, and replay that token from another client to gain unauthorized access. This real-time attack sequence shows just how quickly identity misconfigurations can be turned into full session compromise \u2014 especially when token binding and validation safeguards are missing.\r\n\tFollowing the attack demonstration, we\u2019ll pivot to practical defensive strategies including:\r\n\r\n-Best practices for validating ID tokens (issuer, audience, nonce, exp)\r\n-Enforcing short token lifetimes and secure refresh mechanisms\r\n-Implementing token binding using device fingerprinting, IP correlation, or advanced options like DPoP and mTLS\r\n-Integrating detection strategies via ITDR platforms or behavioral monitoring\r\n\r\n\tTo support continued learning, the presentation includes access to an open-source lab environment built around OWASP ZAP. The lab includes three modular ZAP script sets:\r\n\r\nScript Set 1: Hardcoded JWT replay automation\r\nScript Set 2: Dynamic token capture and replay via scripted login\r\nScript Set 3: Docker-based ZAP automation for CI/CD pipelines\r\n\r\n\tThis session bridges the gap between protocol theory and real-world identity exploitation, showing how small implementation gaps can have catastrophic security consequences. Attendees will leave with working examples, reusable tools, and a detailed understanding of how to defend against identity-based attacks that bypass traditional perimeter defenses.", "recording_license": "", "do_not_record": false, "persons": [{"code": "RRAKHR", "name": "Darryl G. Baker", "avatar": "https://pretalx.com/media/avatars/RRAKHR_2JclK1L.webp", "biography": "Darryl G. Baker, CISSP, CEH is a seasoned cybersecurity professional with extensive experience in securing enterprise environments and conducting in-depth security assessments. With a strong background in both offensive and defensive security, Darryl specializes in identifying and mitigating risks within Active Directory and cloud-based infrastructures.\r\nOver the course of his career, Darryl has led numerous security engagements across a variety of industries, helping organizations improve their security posture through technical assessments, red team operations, and strategic guidance. He holds certifications including the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), reflecting his broad expertise in information security.\r\n                                                                                                                                                                               \r\n                                                                                                                            Darryl is passionate about sharing knowledge and advancing the cybersecurity community. He regularly speaks at industry events, where he delivers practical insights on threat detection, identity security, and real-world attack techniques. His presentations are known for combining deep technical detail with actionable takeaways.", "public_name": "Darryl G. Baker", "guid": "5087fbdd-29d5-548d-bd65-1558d838adf8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/RRAKHR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HUP7L3/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HUP7L3/", "attachments": []}], "Florentine F": [{"guid": "2d48bc48-f9dd-5e4b-9e70-2e933718d1d8", "code": "ZRBTVS", "id": 66178, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-66178-locking-hands-ransomware-meets-bioimplants", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRBTVS/", "title": "Locking Hands: Ransomware Meets Bioimplants", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "Bioimplants unlock new potential, but what happens when they\u2019re held hostage? This talk introduces LockSkin, an educational ransomware targeting NFC bioimplants. Join us to learn the risks and realities of ransomware under the skin.", "description": "Bioimplants like NFC chips unlock  new possibilities for personal augmentation, but they also introduce unique security challenges. In this talk, we present LockSkin, the first educational ransomware designed specifically for NFC bioimplants. LockSkin adds a ransom note and secret key to the implant, leaving the user locked out of their own device. Through this hands-on experiment, we\u2019ll explore the implications of bioimplant security, the mechanics of LockSkin, and what this means for the future of biohacking. Are you going to open that door? Grab that mic? Think twice. Because sometimes, ransomware really does get under your skin.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZG3NTR", "name": "Mauro Eldritch / Heiner Garc\u00eda P\u00e9rez", "avatar": "https://pretalx.com/media/avatars/ZG3NTR_AF55nA4.webp", "biography": "Mauro Eldritch is an Argentine hacker, founder of BCA LTD and DC5411 (Argentina/Uruguay). He has spoken at various events, including DEF CON (12 times). He is passionate about Threat Intelligence and Biohacking.\r\n\r\nCurrently, he represents Bitso\u2019s Quetzal Team, the first in Latin America dedicated to Web3 Threat Research.", "public_name": "Mauro Eldritch / Heiner Garc\u00eda P\u00e9rez", "guid": "971b267c-4193-5f2a-be98-31f22faf292a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZG3NTR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRBTVS/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRBTVS/", "attachments": []}, {"guid": "5126a704-4d18-5466-af43-f5d1f752bede", "code": "RESSKA", "id": 66731, "logo": null, "date": "2025-08-04T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-66731-so-you-want-to-give-a-talk-how-to-write-a-cfp", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RESSKA/", "title": "So You Want to Give A Talk: How to Write a CFP", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "The one thing I love about our community is the passion to give back. And if you're reading this and thinking \"I would love to give back, but I don't know where to start\" than this talk is for you. Almost every month it seems like there's a cybersecurity conference happening, and each of those conferences have what is called a Call for Papers (CFP). It sounds scary and daunting, but submitting a CFP isn't very hard once you know what you're doing. As someone who's given dozens of talks and has been on the review board for a few conferences, including BSidesLV, I know a thing or two about CFPs. The purpose of this talk is to walk you through what makes a good CFP, what's in it for you, how to properly fill out the various sections, what a CFP review board is and what they want to see. We'll use examples of the BSidesLV CFP as well as DEFCON and BlackHat (since they ask for extra special stuff). By the end of this talk you'll have the confidence to submit your first CFP and start giving talks!", "description": "Wow, we let people potentially put in 8,000 words here? That like 16 pages!\r\n\r\nAnyway, this is a talk I've given locally here in San Diego a few times and its been well recieved, i walk through the various sections of a CFP and how to fill them out, in a fun, lighthearted talk. The intent of this talk is to help newbies and the elite alike submit better CFPs. Also I noticed that last time BsidesLV had a CFP talk it was a panel from 2016.", "recording_license": "", "do_not_record": false, "persons": [{"code": "HJSNVA", "name": "Phil \"Soldier of FORTRAN\" Young", "avatar": "https://pretalx.com/media/avatars/HJSNVA_mXNtVLB.webp", "biography": "Philip Young, aka Soldier of FORTRAN, currently serves on the BSidesLV review board and is the Chair of the Proving Ground track. He's been attending BsidesLV since 2012 where he gave his first talk ever in the mentor track. Since then he's helped countless others submit talks and, as a mentor for BSidesLV and as a speaking coach for BlackHat, helps first time and seasoned speakers give the best talk they can give. In his professional life Philip is the director of mainframe penetration testing at NetSPI. With over 15 years of experience building mainframe penetration testing programs at Fortune 500 companies, Philip's expertise covers z/OS, z/TPF, RACF, TSO, VTAM, CICS, TopSecret, and IMS.", "public_name": "Phil \"Soldier of FORTRAN\" Young", "guid": "5ce3745c-f4d3-5a12-a0c9-c7263d1f4036", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HJSNVA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RESSKA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RESSKA/", "attachments": []}, {"guid": "76261c13-3a09-5a43-ba2c-e61cb06688f3", "code": "TJMRAK", "id": 67007, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-67007-agentic-ai-malware-why-the-cybersecurity-battle-isn-t-over", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TJMRAK/", "title": "Agentic AI Malware: Why the Cybersecurity Battle Isn\u2019t Over", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "This talk explores the rise of AI-powered malware, focusing on Agentic AI and its potential for autonomous threats. We\u2019ll introduce agentic malware, discussing its key features such as autonomy, self-learning, behavior adaptation, and real-time evasion. We\u2019ll walk you through our proof-of-concept autonomous PowerShell agent, demonstrating how it dynamically generates and executes code in memory, resulting in metamorphic obfuscation. Using reasoning models like the Responses API and Sonar, the agent creates strategies to achieve its goals.\r\nFinally, we\u2019ll cover mitigation strategies, such as monitoring AI-related outbound traffic and increasing execution visibility. While agentic AI shows promise in automating pentesting, current malware implementations still offer only limited practical advantages over traditional methods. \r\nJoin us to gain insights into why Agentic AI isn\u2019t the end of cybersecurity - yet.", "description": "This talk will showcase an agentic AI agent demo that I created. The first version was built using Perplexity's Sonar reasoning pro model, with an updated version leveraging OpenAI's Responses API.\r\nI will walk through each step and feature in detail, analyzing its effectiveness, potential benefits for attackers, implementation challenges, and whether it makes detection harder for defenders.\r\nKey topics will include: Metamorphic code rewriting with LLMs, autonomous reasoning-based strategy selection to achieve goals such as stealing sensitive files, exfiltration via LLMs, and EDR evasion techniques.\r\nThe goal of this talk is to demonstrate what is realistically possible while cutting through media hype and misconceptions about so-called \"unlockable\" agentic AI malware.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DBZRTT", "name": "Candid Wuest", "avatar": "https://pretalx.com/media/avatars/DBZRTT_HB2yrL3.webp", "biography": "Candid Wuest is an experienced cybersecurity expert with over 25 years of passion in the field of security. He currently works as a Principal Security Advocate for xorlab a messaging security startup in Switzerland. Previously, he was the VP of Cyber Protection Research at Acronis, where he led the creation of the security department and the development of their EDR product. Before that, he spent more than sixteen years building Symantec's global security response team as the tech lead, analyzing malware and threats \u2013 from NetSky to Stuxnet. Wuest has published a book and various whitepapers and has been featured as a security expert in top-tier media outlets. He is a frequent speaker at security-related conferences, including RSAC and BlackHat, and organizer of AREA41. He learned coding and the English language on a Commodore 64. He holds a Master of Computer Science from ETH Zurich and has various patents and useless certifications.", "public_name": "Candid Wuest", "guid": "bbc0c472-c96f-5105-bc5b-ded30ed0b728", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DBZRTT/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TJMRAK/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TJMRAK/", "attachments": []}, {"guid": "c12b3b0c-ff1c-5e19-b59c-b0550b48059f", "code": "HA8P8U", "id": 68786, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-68786-when-the-breach-hits-the-fan-understanding-cyber-insurance", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HA8P8U/", "title": "When the Breach Hits the Fan: Understanding Cyber Insurance", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "Cyber insurance is a murky concept even on the best of days. What does it cover, how is it obtained, what can businesses do to help the cost of their insurance, build a relationship with their insurer, and more!", "description": "There are so many questions and concerns in the cybersecurity community about cyber insurance, how it works, why are there exclusions, how do we improve our rates, etc. Even learning about what benefits insurance has for you is something that is a great value. So really laying out what the heck cyber insurance is, what it does and doesn't cover, how it can be a boon and benefit, and tips on how organizations should best engage and work with their insurance providers and brokers. Highlighted in the conversation is especially facts about how the claims process helps in some of the major challenges during a ransomware attack, how it can save you money during an incident, and assist with navigating coverage of 3rd party incidents too.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JLRLE8", "name": "Mea Clift", "avatar": "https://pretalx.com/media/avatars/JLRLE8_qDY8YnM.webp", "biography": "Mea Clift is a seasoned cybersecurity leader with a multi-decade career marked by excellence, innovation, and mission-driven practices. As Principal Executive Advisor for Cyber Risk Engineering, she guides underwriters on cyber risks and educates insureds on trends and maturity. Previously, she focused on cybersecurity in Critical Infrastructure. A mentor and advocate for diversity, Mea actively participates in Cyversity and ISACA programs, teaching Fundamentals of GRC twice yearly. Known for her credibility with executives, clients, and peers, she is also a dedicated quilter and quilt historian living in St. Paul, Minnesota.", "public_name": "Mea Clift", "guid": "e1aa3080-76ff-5025-9ae3-b8d5772f929b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JLRLE8/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HA8P8U/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HA8P8U/", "attachments": []}, {"guid": "ec473dbe-31f7-56ee-80c5-ac81a0fe5995", "code": "D8QXVT", "id": 66398, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-66398-when-attackers-tune-in-weaponizing-llm-tuning-for-stealthy-c2-and-exfiltration", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D8QXVT/", "title": "When Attackers Tune In: Weaponizing LLM Tuning for Stealthy C2 and Exfiltration", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "Large Language Models (LLMs), are increasingly being integrated into enterprise environments for the purposes of automation, analytics, and decision-making. Although their fine-tuning capabilities enable the development of tailored models for specific tasks and industries, LLMs also introduce new attack surfaces that can be exploited for malicious purposes.\r\n\r\nIn this presentation, we unveil how we transformed an LLM into a stealthy C2 channel. We will demonstrate a PoC attack that leverages the fine-tuning capability of a popular generative AI model. In this attack, a victim unwittingly trains the model using a dataset crafted by an attacker. \r\nThis technique transforms the model into a covert communication bridge, enabling attackers to exfiltrate data from a compromised endpoint, deploy payloads, and execute commands.\r\n\r\nWe will discuss challenges we faced, such as AI hallucinations and consistency issues, and share our approach and the techniques we developed to mitigate the issues. Additionally, we will examine this attack from a defender\u2019s perspective, highlighting why traditional security solutions struggle to detect this type of C2 channel, and what can be done to improve detection.\r\nJoin us as we break down this unconventional attack vector, and demonstrate how LLMs can be leveraged for offensive operations.", "description": "In this presentation we will share a proof of concept we developed, originally as part of a data exfiltration focused research project held in Palo Alto\u2019s Cortex TI team. \r\nAs we mapped the landscape we found that Large Language Models (LLMs) are increasingly leveraged by attackers for automation, phishing, and malware development, but their true offensive potential remains largely untapped. \r\nIn this talk, we explore a novel technique: abusing the fine-tuning process of LLMs to establish a covert C2 channel and exfiltrate sensitive data. Unlike traditional AI abuses that focus on prompt engineering or model manipulation, this approach enables adversaries to embed and retrieve information through the fine-tuning mechanism, bypassing common security measures.\r\nAt first glance, using LLMs for covert communication seems impractical due to security controls, session-based memory limitations, and unpredictable model behavior. However, by fine-tuning a widely used model, we successfully created a reliable attack method where a victim unknowingly trains an LLM with sensitive data, allowing an attacker to extract this data and issue commands remotely. We will showcase our PoC, highlighting key technical challenges such as AI hallucinations, consistency issues, and response unpredictability\u2014along with the techniques we used to overcome them.\r\nFrom a defender\u2019s perspective, detecting this attack is quite challenging. Traditional security solutions, such as EDRs and network monitoring tools, do not effectively track AI interactions, allowing malicious activity to blend in with legitimate AI usage. We will analyze why conventional detection methods fail and discuss potential mitigation strategies, including behavioral anomaly detection.\r\nThis talk provides an in-depth look at the risks associated with LLM fine-tuning and its implications for security. Through a pre-recorded demonstration, we will illustrate how attackers can use AI-powered C2 channels in real-world scenarios. As AI continues to evolve, understanding and securing its hidden attack surfaces is critical\u2014before adversaries fully \"tune in\" to these emerging opportunities.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JVBKDP", "name": "Noa Dekel", "avatar": "https://pretalx.com/media/avatars/JVBKDP_RyLyoGU.webp", "biography": "Noa Dekel is a Senior Threat Intelligence Researcher at Palo Alto Networks. Starting her career as a Threat Intelligence analyst in the defense sector, today Noa specializes in threat hunting, malware analysis, and detection engineering.", "public_name": "Noa Dekel", "guid": "5b8a493e-af9c-504f-b2db-a6428bfc5891", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JVBKDP/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D8QXVT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D8QXVT/", "attachments": []}, {"guid": "816381d8-3155-59ca-a0ca-be25df9fcf59", "code": "L7GJCM", "id": 67365, "logo": null, "date": "2025-08-04T17:30:00-07:00", "start": "17:30", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-67365-risk-it-for-the-biscuit-crunching-the-numbers-on-cyber-threats", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/L7GJCM/", "title": "Risk it for the Biscuit: Crunching the Numbers on Cyber Threats", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "When does a risk not exist? What is a risk to your employer? Many people overlook the largest risks to their organization and mistakenly focus on the most interesting CVSS, Headline, Zero Day, ect. Understanding when risks can be closed out, and prioritizing which ones to tackle and mitigate first is a  struggle for many teams, but why is that? Could the key to prioritization be in changing how you view risks and building a vulnerability management program around this new focus?", "description": "In this talk I discuss how little the latest zero day or the biggest CVSS\u2019 are exploited, highlighting the largest cybersecurity incidents of the past year which are often rooted in simple misconfigurations, lack of MFA, or other supposedly minor uninteresting issues.\r\n\r\nFocus on how to build a quick threat model of a company, how attacks originate, pivot, and affect companies. Highlighting how attackers typically have a goal rather than just wanting to exploit a specific weakness: extortion (ransomware), data exfiltration, defacement, ect. \r\n\r\nI build on that by demonstrating how to take a new CVSS and threat model its applicability to your organization based on your larger scale threat model. For example do you use this vulnerable software but there are already protections in place? If so you might want to prioritize updating this software below your rollout of MFA, or a minor vulnerability that doesn\u2019t have protections in place.", "recording_license": "", "do_not_record": false, "persons": [{"code": "A8V7XF", "name": "Sean \"4dw@r3\" Juroviesky", "avatar": "https://pretalx.com/media/avatars/A8V7XF_R8EPNRV.webp", "biography": "Sean Juroviesky is a dedicated security and risk management expert with extensive experience navigating complex environments. Sean excels at developing a comprehensive understanding of intricate systems and crafting strategic roadmaps to revitalize security programs. By identifying high-risk areas and optimizing the use of existing resources, Sean removes barriers between teams to enhance communication and coordination, driving effective security outcomes. Beyond their professional pursuits, Sean finds joy in backpacking through the mountains with their adventurous Australian Shepherd and twins, embracing the serenity of nature and the thrill of exploration.", "public_name": "Sean \"4dw@r3\" Juroviesky", "guid": "5f3fc4f7-f91a-57e3-85dd-db964a8c5269", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/A8V7XF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/L7GJCM/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/L7GJCM/", "attachments": []}, {"guid": "708b7d63-cef4-581e-979b-6f5d864c3cff", "code": "FC7TDL", "id": 70058, "logo": null, "date": "2025-08-04T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-70058-from-interview-questions-to-cluster-damage-adventures-in-k8s-cluster-shenanigans", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FC7TDL/", "title": "From interview questions to cluster damage: Adventures in k8s cluster shenanigans", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "What started as a simple exercise to create Kubernetes interview questions took an unexpected turn into discovering some interesting cluster security quirks. While brainstorming scenarios to test candidates' knowledge, we found ourselves saying \"wait, would that actually work?\" more times than we expected. This talk shares these insights, showing how even a cluster with a common configuration can lead to surprising cluster disruptions. We will guide you through our journey, sharing both the techniques we stumbled upon and practical ways to keep your Kubernetes infrastructure safe.", "description": "From Interview Questions to Cluster Damage: Adventures in k8s Cluster Hacking\r\nIt all started with a simple task - creating technical interview questions for Kubernetes researchers. You know the type: \"What happens if this pod can't schedule?\" or \"How would you debug a failing service?\" But as we brainstormed scenarios, we kept having these \"hold up, what if...\" moments that led us down some interesting paths.\r\nWe started testing our theories in lab environments, and what we found was both interesting and kind of amusing. Turns out there are quite a few ways to mess with a Kubernetes cluster that don't require sophisticated zero-day exploits - just creative use of normal cluster operations.\r\nIn this talk, we'll share three main insights from our accidental research project. First, we'll look at some surprisingly effective ways to disrupt cluster operations through resource manipulation and component misconfigurations. These aren't complex attacks - they're the kind of things that could happen by accident if you're not paying attention.\r\nWe'll then explore how attackers might map out a cluster starting with limited access. Understanding this helps both with security testing and knowing what to watch out for in your monitoring. Finally, we'll tackle a classic interview question that turned out to be more interesting than we expected: if someone compromises a node, can they take over the whole cluster?\r\nThis isn't going to be a standard lecture - we want to hear your thoughts and experiences too. We'll show some live demos and turn key points into discussions. After all, the best security insights often come from comparing notes with other practitioners.\r\nThe talk is aimed at folks who work with Kubernetes regularly - security engineers, DevSecOps teams, platform engineers. You don't need to be a security expert, but you should be familiar with basic Kubernetes concepts. We'll focus on practical stuff you can actually use, not theoretical edge cases.\r\nBy the end, you'll have:\r\n* Some new perspectives on cluster security\r\n* Practical ideas for hardening your environments\r\n* Better understanding of what to monitor\r\n* Some good material for your own interview questions", "recording_license": "", "do_not_record": false, "persons": [{"code": "QTMA3D", "name": "Travis Lowe", "avatar": "https://pretalx.com/media/avatars/QTMA3D_b6hM8SM.webp", "biography": "Travis spends most of his days working in the cloud/container/Kubernetes security space. He has worked in security for ~15 years. Most importantly, he is one of the select few individuals to be recognized with an official certification from Microsoft as a Microsoft Office User Specialist in Microsoft Access 2000.", "public_name": "Travis Lowe", "guid": "12a09f1d-3078-562d-aca0-e0afc26a51ab", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QTMA3D/"}, {"code": "MFTPP7", "name": "Amit Serper", "avatar": "https://pretalx.com/media/avatars/MFTPP7_SeYiLPn.webp", "biography": "Amit Serper is a seasoned security researcher with over 20 years of experience spanning vulnerability research, malware analysis, exploitation, and reverse engineering. Known for high-impact discoveries and deep technical insights, Amit has contributed to both defensive and offensive security domains. He currently serves as a Lead Security Researcher at CrowdStrike, where he focuses on uncovering advanced threats and novel attack techniques. His work has been widely cited in industry reports and media, and he frequently presents at leading security conferences worldwide. Before joining Crowdstrike, Amit worked multiple security research roles at companies such as Akamai, Cybereason, and other startups.", "public_name": "Amit Serper", "guid": "816c7e75-7bdd-5931-894b-a432c6bb439a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MFTPP7/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FC7TDL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FC7TDL/", "attachments": []}], "Firenze": [{"guid": "35884d81-bf72-5f01-8991-78d45b8c185f", "code": "WBYUUP", "id": 70149, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-70149-detect-and-respond-cool-story-or-just-don-t-let-the-bad-stuff-start", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WBYUUP/", "title": "Detect and Respond? Cool Story \u2014 or Just Don\u2019t Let the Bad Stuff Start.", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Many Kubernetes security strategies rely on detection after the fact: scan the image, ship the pod, then react to alerts. This talk flips that model by focusing on prevention over response. We\u2019ll show how Kyverno blocks dangerous workloads before they deploy, and how KubeArmor enforces runtime behavior to stop malicious actions as they happen. These tools run in real clusters, use simple YAML policies, and don\u2019t require changes to your workloads or underlying infrastructure. We\u2019ll focus on common misconfigurations \u2014 like containers running as root \u2014 and show how they enable attacks like privilege escalation, tooling installs, and container escape, even in clusters that appear secure.", "description": "Many teams still treat Kubernetes security like a post-deployment problem: detection tools, dashboards, and alert fatigue. But the most common threats \u2014 containers running as root, unrestricted installs, exposed host paths \u2014 start earlier, in the pod spec. By the time you're reacting, it's already too late.\r\n\r\nThis talk presents a hands-on alternative. Using a controlled Kubernetes environment, we\u2019ll demonstrate how Kyverno and KubeArmor \u2014 two well-supported open source tools \u2014 can block insecure workloads before they run and prevent malicious behavior during runtime. Kyverno enforces policy at admission, stopping bad configurations before they reach the cluster. KubeArmor applies system-level controls after the container starts, closing Time-of-Check to Time-of-Use (TOCTOU) gaps that traditional tools miss. Together, they prevent the kinds of activity that detection tools only alert on \u2014 after exploitation has already begun.\r\n\r\nThese aren\u2019t abstract controls. They work today, in real clusters, with policies defined in human-readable YAML and managed in Git \u2014 no rewrites, no platform overhaul.\r\n\r\n**This talk covers:**\r\n- Why \u201cdetection as protection\u201d doesn\u2019t hold up  \r\n- What runtime security really looks like in Kubernetes  \r\n- How public containers and default chart configs quietly open the door  \r\n- How Kyverno and KubeArmor make actual enforcement simple and scalable  \r\n\r\nThis talk assumes light Kubernetes familiarity and is designed to equip, not overwhelm. Kyverno and KubeArmor aren\u2019t the full solution, but they fill the enforcement gap that often gets ignored.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8ARSEM", "name": "Jimmy Shah", "avatar": "https://pretalx.com/media/avatars/8ARSEM_uisYvHA.webp", "biography": "Jimmy Shah specializes in analysis of mobile/embedded threats on existing platforms, threat modeling and threat intelligence. He has been involved with mobile threat research for over a decade. Shah brings a wide breadth of experience in security research on a variety of mobile and embedded/IoT platforms.  If it's lighter than a car, has a microprocessor, and is likely to be a target it's probably his problem.", "public_name": "Jimmy Shah", "guid": "d7f710f6-fc5b-5c59-ae60-42eb80a2a6ae", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8ARSEM/"}, {"code": "NJEPMW", "name": "Matthew Brown", "avatar": "https://pretalx.com/media/avatars/NJEPMW_COXx2jX.webp", "biography": "Matt Brown is a solutions architect at Sysdig, with a background spanning AppSec, IAM, and cloud runtime security. He\u2019s currently focused on securing Kubernetes environments using open source tools that favor prevention over post-incident analysis. A lover of all things open source \u2014 from dev to cloud \u2014 he\u2019s passionate about making security approachable and effective, especially for teams without enterprise budgets or armies of engineers.", "public_name": "Matthew Brown", "guid": "400c1297-6ee2-52d3-81c1-356d424270be", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/NJEPMW/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WBYUUP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WBYUUP/", "attachments": []}, {"guid": "4d1797c3-9add-59ab-9e60-29647a6cba0e", "code": "BANTPJ", "id": 66238, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-66238-i-didn-t-register-for-this-what-s-really-in-google-s-artifact-registry", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BANTPJ/", "title": "I Didn\u2019t Register for This: What\u2019s Really in Google\u2019s Artifact Registry?", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "We scanned all of the Google-owned container images you might be using on the Artifact Registry for vulnerabilities and secrets. You probably won't like what we found.", "description": "The Artifact Registry is the go-to solution for hosting container images in GCP. It is widely adopted by customers for storing and managing images, but Google itself uses it for hosting and managing many container images as well. The images managed by Google can be split into three categories: Public Images offered by Google for its users' convenience, images by third-party companies vetted and uploaded by Google to the cloud marketplace, and Google production images used in actual GCP services. All three categories carry significant trust from Google to its users, raising the question - how secure are they, really? To find out, we decided to dive into some research and test any images we could find across these categories.\r\n\r\nSome of these Google-managed images are not documented or meant for public use, despite having read permissions for all GCP users - making their discovery complex. We were able to utilize and develop several techniques for discovering and scanning these images for security issues, which enabled us to find and scan thousands of images. Google claims in its documentation that it vets and checks the container images for vulnerabilities, but the results show otherwise. Many actively maintained images across all three categories contained outdated software with critical vulnerabilities, including some of the most infamous and exploited in the wild. In addition to the vulnerabilities, we discovered plain-text secrets and credentials to key services, cloud providers, and APIs.\r\n\r\nIn this talk, we will explore some of the questions these issues raise while walking the audience through our process of revealing and analyzing the images: What is the severity of the issues we found, and what is the actual risk they pose to GCP users? Is it Google's responsibility to ensure the safety of the products in its marketplace? We will conclude by equipping GCP users with best practices to protect themselves and mitigate these issues in their environment.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZX37KC", "name": "Lenin Alevski", "avatar": "https://pretalx.com/media/avatars/ZX37KC_BVUXsKb.webp", "biography": "Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.", "public_name": "Lenin Alevski", "guid": "7bf1933c-1f5b-550c-a444-fe9ccf0c68a4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZX37KC/"}, {"code": "FVTTKT", "name": "Moshe Bernstein", "avatar": "https://pretalx.com/media/avatars/FVTTKT_yQrf5ic.webp", "biography": "Moshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Cloud Security. With nearly a decade of experience in cybersecurity, Moshe has developed a strong focus on network and operational security, web vulnerability research, and cloud infrastructure security.", "public_name": "Moshe Bernstein", "guid": "7667bad6-c40a-57b5-bb8b-dcd170892500", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/FVTTKT/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BANTPJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BANTPJ/", "attachments": []}, {"guid": "8a2bc823-a813-58c1-a996-72cf2ab807a7", "code": "DWYE8M", "id": 67665, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/DWYE8M/52853_4L9TaUE.png", "date": "2025-08-04T11:00:00-07:00", "start": "11:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67665-soc-like-a-genius-cognitive-agents-delivering-wisdom-at-scale", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DWYE8M/", "title": "SOC Like a Genius: Cognitive Agents Delivering Wisdom at Scale", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Modern SOCs are overwhelmed with data but short on insight and talent. This session introduces a cognitive detection framework that transforms traditional detection logic into a reasoning engine powered by SLM/LLM-based AI agents. These agents act like seasoned analysts: linking subtle signals, reconstructing attack timelines, prioritizing and guiding decisions based on business impact and intent. The session outlines the pipeline-from alert enrichment to automated response-orchestrated by specialized agents designed to elevate detection from raw data to operational wisdom. With a demo and real-world KPIs, attendees will walk away with a blueprint for building a smarter, leaner, and more impactful SOC.", "description": "We introduce an agent-based detection framework that uses top-down reasoning and contextual understanding-powered by SLM/LLMs-to go beyond static correlation and entity matching. Each AI agent is designed for a specific role in the detection lifecycle, forming a modular pipeline that improves accuracy, prioritization, and automation. This is a new approach in applying cognitive AI to SOC workflows and brings reasoning, intent analysis, and wisdom-driven decisions to detection and response. It solves alert fatigue, missed and false correlations, schema dependency, and the inefficiencies of static rules. Traditional correlation engines can't scale across multi-domain, multi-vendor, cross-entity threats or adapt fast enough. This framework gives SOCs the ability to reason about alerts, hypothesize links, and prioritize actions-reducing noise, improving detection coverage, and enabling faster responses.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZVJFYR", "name": "Sarah Young", "avatar": "https://pretalx.com/media/avatars/ZVJFYR_zjb2jK1.webp", "biography": "Once described on Reddit as \u201ctechnically challenged\u201d, Sarah is a Principal Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home.\r\n\r\nSarah has been working in cyber security since before it was cool, has previously spoken at many security conferences including Black Hat and has co-authored a few Microsoft Press technical books. She is an active supporter of security communities across the globe and a co-host of the Microsoft Azure Security Podcast.\r\n\r\nSarah spends most of her spare time gaming, eating hipster brunches and high teas and spending a disproportionate amount of her income on her dogs.", "public_name": "Sarah Young", "guid": "13fdc3ca-7a65-5a8e-a2f4-32289ee51ffe", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZVJFYR/"}, {"code": "ZYZTTY", "name": "Oudy Even Haim", "avatar": "https://pretalx.com/media/avatars/ZYZTTY_rVYg4tY.webp", "biography": "Oudy is a senior cybersecurity research program manager at Microsoft, where he leads the content quality and next-generation LLM-based detection framework strategy for Microsoft XDR and SIEM. With over 15 years of experience, Oudy brings a unique blend of hands-on expertise, offensive mindset and deep knowledge of SOC operations, purple teaming, and AI-driven detection. Prior to Microsoft, he led offensive security and research programs at EY and critical infrastructure practice at PwC, including national-scale initiatives such as Israel\u2019s ICS National Cybersecurity Lab (ICNL) design and program management. Oudy has also served in key cybersecurity and leadership roles within the Israeli Prime Minister\u2019s Office, focusing on OT security, cyber resilience, and secure architecture for classified environments. His current research program focuses on evolving SOCs from reactive data analysis to wisdom-driven detection pipelines using cognitive AI agents. Oudy holds an M.Sc. in Nuclear Engineering, a B.Sc. in Electrical Engineering, multiple GIAC certifications, and regularly instructs advanced cybersecurity courses.", "public_name": "Oudy Even Haim", "guid": "c73bbf05-b6e6-57fe-a92e-47e1fab04f45", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZYZTTY/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DWYE8M/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DWYE8M/", "attachments": []}, {"guid": "8a116a22-3e7a-546c-a669-d8de2c757872", "code": "7ZBBAZ", "id": 69421, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/7ZBBAZ/cloud_Xgp0IvH.png", "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-69421-innovative-shiny-and-vulnerable-four-ways-to-exploit-modern-saas-data-platforms", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7ZBBAZ/", "title": "Innovative, Shiny, and Vulnerable: Four Ways to Exploit Modern SaaS Data Platforms", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "What comes to mind when you hear \"SaaS data platform\"? It's a term that's so common you can make a drinking game out of it. From Customer Data Platforms, Transformation, AI/ML, Warehousing, and Analytics - the list of services these products accomplish never ends. However, one thing is sure - the amount of user and enterprise data these applications process is enormous, especially when adopted by large enterprises. As a Security Engineer focused on advanced product assessments, I have evaluated several prominent SaaS data platforms. Due to their complexity and the sensitivity of the data they process, these products are often vulnerable to intriguing high-risk security issues. \r\n\r\nThis talk will discuss four common pitfalls in these products' architecture and logic that can expose their customers' critical data. Whether you are new to the industry, a seasoned veteran, or a CISO, you will learn about these modern technologies and how to approach them during a penetration test. As a customer of these products, you will understand the importance of due diligence and confirming that your vendors have received independent security assessments. And as an everyday consumer, you will recognize the risks of companies over-collecting and sharing your data.", "description": "This talk will discuss four common vulnerabilities in some of the products I have tested that can fit the \"SaaS data platform\" description. I identified these vulnerabilities in various data analytics, AI data/feature engineering, and customer data platforms as part of penetration tests performed on behalf of my employer, Praetorian (https://praetorian.com). The names of these products will be abstracted to protect their reputation. An overview of the four issues I will discuss is as follows:\r\n\r\n1) Control-Plane Access Control Gaps: This category refers to access control vulnerabilities in the product's web UI, API, SDK, or any other interface that customers can use to view or modify their account and configuration. Standard vulnerabilities like Insecure Direct Object Reference (IDOR), insufficient authorization, and overly permissive user roles in the application's RBAC model can lead to unauthorized disclosure of data within an organization's tenant or across customers. Additionally, some platforms provide free demo accounts that users can self-sign up for without restricting or isolating them, exposing the product and all their customers' data to a broader attack surface.\r\n\r\n2) Remote Code Execution as a Service (RCEaaS): Many of these platforms provide custom logic and algorithm execution as part of their Extract, Transform, and Load (ETL) capabilities. While they take steps to lock down this functionality, the protections can often be bypassed since the code execution usually uses high-level languages like JavaScript and Python, and accounting for every sandbox escape is nearly impossible. After an attacker exploits these features, they can access the platform's data plane and move laterally within that environment, leading to the third issue.\r\n\r\n3) Data-Plane Access Control Gaps: Start-ups and other lean companies usually build these platforms in public cloud infrastructure since it is more cost-effective. Most of the platforms I tested had issues with their deployment architecture. One of these would be over-privileged principals, like the compute instances running customer jobs. An attacker who gains access to the cloud infrastructure by exploiting the code execution features could retrieve the credentials provided to the compute layer and access other resources like storage or secrets. Log files containing sensitive data like access tokens or API keys were often written to the instance file system or cloud storage. An attacker could use the secrets to perform horizontal privilege escalation to other customer tenants or vertical privilege escalation within the tenant. Cross-tenant data leakage is a concern if the data planes between customers are not sufficiently isolated, such as by using distinct cloud accounts.\r\n\r\n4) Highly Scalable Architecture: Many data platforms use serverless technology like AWS Lambda to process data and implement user-defined logic. This infrastructure can quickly scale to millions of requests. If the platform does not enforce strict rate-limiting or logic checks on an experimental user or malicious actor, the number of jobs may spiral out of control. The platform's cloud bill could skyrocket, and if the customer eats the cost, that business could be lost and the platform's reputation damaged due to accidental resource over-consumption. Even more interesting than a fat bill is the potential for weaponizing the platform's traffic generation into denial-of-service attacks on arbitrary targets, as I demonstrated in a Praetorian blog post called \"Recursive Amplification Attacks: Botnet-as-a-Service,\" seen here: https://www.praetorian.com/blog/recursive-amplification-attacks-botnet-as-a-service/\r\n\r\nThere will not be any live demos during the presentation due to the amount of content to be discussed in the time allotted. However, every technical concept, vulnerability, or hacking technique will be explained with a simple and concise visual example.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JSRH8B", "name": "Ben Kofman", "avatar": "https://pretalx.com/media/avatars/JSRH8B_NCNB2Tv.webp", "biography": "Ben is a Senior Offensive Security Engineer at Praetorian, specializing in advanced product and application penetration testing, network security assessments, and automation. He has a bachelor's degree in Systems Engineering from the University of Illinois at Urbana-Champaign and several industry certifications, including the OSCP, GCIA, GMOB, and AWS Solutions Architect Associate. Ben also serves as a Cyber Warfare Officer in the Army National Guard.", "public_name": "Ben Kofman", "guid": "3a49e9d8-932b-51da-b025-4567738af588", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JSRH8B/"}, {"code": "DLVPLW", "name": "Ali Kabeel", "avatar": "https://pretalx.com/media/avatars/DLVPLW_2sNFx58.webp", "biography": "With over a decade of bug hunting experience, Ali Kabeel has uncovered critical vulnerabilities across top tech platforms and ranks second on Snapchat\u2019s Hall of Fame. He\u2019s especially passionate about business logic vulnerabilities\u2014the kinds of flaws rooted in real-world misuse rather than broken code\u2014because they often evade automated scanners yet carry high impact.\r\n\r\nAli is currently a Security and Privacy Engineering Lead at Bending Spoons, where he has led security efforts across major products including Evernote, WeTransfer, and Brightcove. He has published research on microservice security and actively shares his expertise through conference talks, mentoring, and community engagement.", "public_name": "Ali Kabeel", "guid": "40a76e33-ea3d-5c10-b5c9-0ce362b1052f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DLVPLW/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7ZBBAZ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7ZBBAZ/", "attachments": []}, {"guid": "5e3365c9-b57b-5d79-b878-77deef833b14", "code": "BHMKYS", "id": 69981, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-69981-prompt-hardener-automatically-evaluating-and-securing-llm-system-prompts", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BHMKYS/", "title": "Prompt Hardener - Automatically Evaluating and Securing LLM System Prompts", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Prompt injection remains one of the most critical and under-addressed vulnerabilities in LLM applications. Despite its growing impact, most developers still rely on ad hoc, manual methods to evaluate and secure system prompts, often missing subtle weaknesses that attackers can exploit. Prompt Hardener is an open source toolkit that automates the evaluation, hardening, and adversarial testing of system prompts using the LLM itself. It applies modern prompt hardening techniques such as spotlighting, random sequence enclosure, instruction defense, and role consistency to improve prompt resilience. The tool also performs injection testing with categorized payloads that simulate real world threats, including system prompt leaking and improper output handling based on OWASP Top 10 for LLM Applications 2025. It is mainly intended for use by LLM application developers and security engineers at business companies for evaluating, improving, and testing system prompts for their LLM applications. In this talk, we will also give a live demo of how to strengthen system prompts using the Prompt Hardener CLI mode and Web UI. Join us to learn how to strengthen your system prompts.", "description": "As LLMs become foundational components of modern applications, prompt security has emerged as a critical concern. Developers often rely on handcrafted system prompts without testing how they behave under adversarial conditions. While multiple techniques exist to harden prompts as part of a layered defense strategy, there is no unified way to apply and evaluate them systematically. \r\n\r\n**Prompt Hardener** addresses this by automating both **refinement** and **validation** of system prompts. Using the LLM itself, it performs structured evaluations based on predefined criteria and applies improvements using layered security strategies:\r\n\r\n- **Spotlighting**: Explicitly marks and isolates all user-controlled input using tags and special characters to prevent injection\r\n- **Random Sequence Enclosure**: Encloses trusted system instructions in unpredictable tags, ensuring only those are followed and not leaked\r\n- **Instruction Defense**: Instructs the model to ignore new instructions, persona switching, or attempts to reveal/modify system prompts\r\n- **Role Consistency**: Ensures each message role (system, user, assistant) is preserved and not mixed, preventing role confusion attacks\r\n\r\nYou can check the details of each hardening techniques from [here](https://github.com/cybozu/prompt-hardener/blob/main/docs/techniques.md).\r\n\r\nAfter hardening, the tool performs **automated injection testing** with a corpus of categorized payloads that simulate common attack scenarios. These include prompt leaking, improper output handling, tool enumeration, and function call hijacking. These are basically based on [OWASP Top 10 for LLM Applications 2025](https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ ) but also including other modern attacks. The results are summarized in JSON and visualized in HTML reports, making it easy for LLM application developers and security engineer to measure resilience.\r\n\r\nYou can check the examples of using Prompt Hardener to improve and test various system prompts from [here](https://github.com/cybozu/prompt-hardener/blob/main/docs/tutorials.md ).\r\n\r\nA simple Gradio UI allows non CLI users to access the full pipeline: input prompts, evaluate and harden them, and run attack simulations with just a few types and clicks.\r\n\r\nBy the end of this talk, attendees will understand how to:\r\n\r\n- Identify prompt weaknesses before deployment\r\n- Apply defense-in-depth techniques to prompts\r\n- Validate the effectiveness of defenses with attack simulations\r\n- Integrate prompt security testing into their CI pipelines or red team workflows\r\n\r\nGitHub URL: https://github.com/cybozu/prompt-hardener", "recording_license": "", "do_not_record": false, "persons": [{"code": "HYHLXH", "name": "Krity Kharbanda", "avatar": "https://pretalx.com/media/avatars/HYHLXH_1XHqDt8.webp", "biography": "Krity is a dedicated cybersecurity professional with a strong foundation in application security, data analysis, and machine learning. As an Application Security Engineer at ServiceNow, she leverages her diverse experience and research background to enhance security practices. Beyond her technical role, Krity serves as the Community & Development Lead at Breaking Barriers Women in Cybersecurity (BBWIC), a nonprofit dedicated to empowering women in the field. Her work reflects a deep commitment to both advancing cybersecurity and fostering inclusive community growth, making her a passionate advocate for innovation, collaboration, and leadership in the industry.", "public_name": "Krity Kharbanda", "guid": "de77723c-9d1e-56b2-a4ea-7a661692044d", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HYHLXH/"}, {"code": "MEG9BB", "name": "Junki Yuasa", "avatar": "https://pretalx.com/media/avatars/MEG9BB_yMh5Lvn.webp", "biography": "Junki Yuasa ([@melonattacker](https://x.com/melonattacker)) is a security engineer at Cybozu, Inc., specializing in vulnerability assessment and threat analysis. In recent years, he has focused on AI security, developing security tools and conducting bug hunting for LLM applications. He is also a member of the SECCON Beginners organizing team.", "public_name": "Junki Yuasa", "guid": "d95fd9c7-7b9f-55e1-88dc-13fffa88bbc1", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MEG9BB/"}, {"code": "WVPLX3", "name": "Yoshiki Kitamura", "avatar": "https://pretalx.com/media/avatars/WVPLX3_1xwItF8.webp", "biography": "Yoshiki Kitamura is a security engineer at Cybozu, Inc., where he focuses on web security and designing optimal security frameworks for the organization. He is also a member of the internal PSIRT (Product Security Incident Response Team), conducting vulnerability testings and handling security issues to ensure the safety and reliability of Cybozu\u2019s services.", "public_name": "Yoshiki Kitamura", "guid": "f820e824-f5ca-5602-9408-e57cfe52080e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/WVPLX3/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BHMKYS/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BHMKYS/", "attachments": []}, {"guid": "c9a888a0-7dba-56d0-8a70-72d4afcc2986", "code": "BAHK8E", "id": 70166, "logo": null, "date": "2025-08-04T15:30:00-07:00", "start": "15:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-70166-community-defense-in-depth-teaching-digital-security-and-privacy-practices-for-the-public-good", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BAHK8E/", "title": "Community Defense in Depth: Teaching digital security and privacy practices for the public good", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "From activists organizing and standing up to authoritarian governments, to people trying to safely access healthcare information, everyone has something to protect. As technology gets more advanced, so do the powerful who wish to steal data belonging to those with fewer resources, making it seem impossible to protect our communities against these threats. However, the cybersecurity community has the knowledge to empower the most vulnerable among us. \r\n\r\nThis talk will cover threats and tactics used against marginalized communities, and show how digital security and privacy is an ongoing practice in harm reduction. We will walk through threat modeling and how threat models are different for different identities. We will also use storytelling frameworks to explain privacy and security concepts to a non-technical audience.", "description": "I've developed this talk over the past year, based on my experiences volunteering as a digital security trainer to activists, journalists and other people involved in the human rights space. The audience will learn how to educate the public in a world where privacy laws can change overnight.", "recording_license": "", "do_not_record": false, "persons": [{"code": "HY8HZC", "name": "Lidia Giuliano", "avatar": "https://pretalx.com/media/avatars/HY8HZC_6ByD4wD.webp", "biography": "crazy lady!", "public_name": "Lidia Giuliano", "guid": "370fbedc-e629-518d-9e59-d761f176908e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HY8HZC/"}, {"code": "KJEXV3", "name": "Melanie Gonzalez", "avatar": "https://pretalx.com/media/avatars/KJEXV3_Jc7Y9g0.webp", "biography": "Melanie Gonzalez is a journalist turned ethical hacker, who has covered reproductive justice in Latin America and the United States. Melanie became interested in cybersecurity after producing a story on violence against journalists and taking a digital security for journalists training. In the past three years, she's taken a deep dive into black hat Python scripts, secure coding vulnerabilities, OSINT, digital forensics and improving her CTF personal record. This past year, Melanie began volunteering as a digital security trainer for journalists and human rights activists. In her spare time, Melanie enjoys horror and needlework.", "public_name": "Melanie Gonzalez", "guid": "8e2844e0-df5e-5d08-8abe-1aa49e04f2a9", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/KJEXV3/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BAHK8E/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BAHK8E/", "attachments": []}, {"guid": "889ec72b-82dc-53f0-a5d9-cbf10a034677", "code": "8XRRGH", "id": 66574, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-66574-azazel-system-tactical-delaying-action-via-the-cyber-scapegoat-gateway", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8XRRGH/", "title": "Azazel System: Tactical Delaying Action via the Cyber-Scapegoat Gateway", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Have you heard of the term **\"Delaying Action\"**? In military strategy, it refers to a defensive maneuver where forces avoid decisive engagement, instead continuing to fight strategically for as long as possible to slow the enemy's advance. In today\u2019s cyber warfare, where attacks are fast and automated, adversaries can breach assets in seconds. We believe this classical doctrine must be reimagined for modern cybersecurity.\r\n\r\nThis concept inspired the development of the **Azazel System**, which implements **Cyber Scapegoat technology**\u2014a novel deception mechanism that absorbs attacks, misleads adversaries, and strategically delays their progress. Unlike traditional honeypots that simply observe, the Cyber Scapegoat actively engages and binds the attacker, realizing a true **delaying action** in cyberspace.\r\n\r\nBuilt entirely with **open-source software** on a **Raspberry Pi 5**, the Azazel System is lightweight, portable, and easy to deploy in home labs, gateways, VPN endpoints, or CTF environments.\r\n\r\nIn this talk, we encourage the audience to rethink cyber defense as a means of **controlling time**. Defense is not just about stopping attacks, but about **delaying them tactically**. We invite attendees to explore how deception and delay can be adapted to their own environments to build creative and resilient cyber defense strategies.", "description": "### **1. Introduction**  \r\nModern cybersecurity defense must move beyond passive monitoring and immediate attack blocking. Attackers are increasingly using automated tools that quickly scan, exploit, and establish persistence within seconds. **Traditional honeypots collect attack data but do not interfere with or slow down adversaries. Decoy servers mislead attackers but do not impact their decision-making time.**  \r\n\r\nThis presentation introduces **Azazel System**, a **portable, low-cost cyber deception gateway that incorporates tactical delaying actions** to provide an effective response against real-world cyber threats. **By leveraging the concept of cyber-scapegoating, the system not only misdirects attackers but actively slows them down using real-time intervention techniques.**  \r\n\r\nBuilt on **Raspberry Pi 5 (8GB) with a hybrid architecture**, Azazel System employs:  \r\n- **Real-time traffic manipulation** using `tc` (Traffic Control) and `iptables`  \r\n- **Cyber-scapegoat deception** to absorb and delay attacks rather than just observing them  \r\n- **Automated logging and threat classification** using Fluent Bit and MITRE ATT&CK  \r\n- **Integration with public Wi-Fi and untrusted network environments**, ensuring adaptability for diverse deployment scenarios  \r\n\r\nThis talk will explore the **design, deployment, and defensive applications** of this **portable security gateway**, demonstrating its **effectiveness in delaying attacks while providing defenders with essential response time**.\r\n\r\n---\r\n\r\n### **2. Tactical Delaying Action in Cybersecurity**  \r\n#### **2.1. Military Delaying Action: A Defensive Strategy**  \r\nIn military land warfare, **delaying actions** are used to **slow enemy forces, disrupt their movements, and create opportunities for counterattacks**. These tactics include:  \r\n- **Strategic withdrawal while applying resistance** to force attackers into resource exhaustion  \r\n- **Obstacle deployment to manipulate enemy pathways**  \r\n- **Diversionary targets to redirect enemy focus**  \r\n\r\nAzazel System applies these principles to cybersecurity by **deliberately controlling an attacker's progress, rather than merely blocking access**.\r\n\r\n---\r\n\r\n### **3. The Cyber-Scapegoat Model: Beyond Traditional Honeypots**  \r\n**Problem:** Previous deception techniques fail to **actively interfere with an attacker\u2019s workflow**.  \r\n**Solution:** Cyber-scapegoats **absorb attacks and delay adversaries, increasing their operational fatigue**.  \r\n\r\n| **Method** | **Honeypots** | **Decoy Servers** | **Cyber-Scapegoat (Azazel System)** |\r\n|-----------|--------------|------------------|----------------------------|\r\n| **Purpose** | Collect attack data | Misdirect attackers | **Actively delay and disrupt attacks** |\r\n| **Impact on Attackers** | No direct interaction | Passive deception | **Manipulates and slows adversaries** |\r\n| **Operational Outcome** | Intelligence gathering | Temporary misdirection | **Fatigue attackers and buy defender response time** |\r\n\r\nUnlike traditional deception models, Azazel System **exploits attacker persistence by prolonging their engagement with non-critical assets**.\r\n\r\n---\r\n\r\n### **4. Hybrid Architecture and Deployment**  \r\n\ud83d\udccc **Challenge:** Running **active deception and tactical delay mechanisms** on resource-limited hardware.  \r\n\ud83d\udccc **Solution:** A **hybrid system** that offloads deep attack analysis to an external laptop.  \r\n\r\n#### **4.1. System Overview**  \r\n\ud83d\udccc **Azazel System operates as a portable gateway, intercepting and delaying attacks before they reach critical assets.**  \r\n\r\n\ud83d\udd39 **Key Components:**  \r\n- **Raspberry Pi 5 (8GB) as the core gateway**  \r\n- **Containerized OpenCanary for deception**  \r\n- **Real-time network manipulation with `tc` and `iptables`**  \r\n- **Automated log forwarding via Fluent Bit**  \r\n- **External laptop for in-depth forensic analysis**  \r\n\r\n\ud83d\udd39 **Deployment Use Cases:**  \r\n- **Security for public Wi-Fi and travel networks**  \r\n- **SOC (Security Operations Center) incident response augmentation**  \r\n- **Cyberwarfare research and adversary behavior modeling**  \r\n\r\n---\r\n\r\n### **5. Implementation and Attack Mitigation Techniques**  \r\n\ud83d\udccc **Azazel System actively intervenes in attack processes rather than just logging them.**  \r\n\r\n#### **5.1. Network Delay & Redirection**  \r\n\ud83d\udccc **Key Mechanism:** Slow down reconnaissance and exploit attempts using dynamic network manipulation.  \r\n\r\n\ud83d\udd39 **Methods Used:**  \r\n- **`tc` to artificially increase latency in suspicious connections**  \r\n- **`iptables` rules to reroute attackers into deception environments**  \r\n- **Adaptive response, progressively increasing delays on persistent threats**  \r\n\r\n#### **5.2. Logging, Threat Classification, and MITRE ATT&CK Integration**  \r\n\ud83d\udccc **Key Mechanism:** **Suricata intrusion alerts** processed via Fluent Bit and classified using MITRE ATT&CK.  \r\n\r\n\ud83d\udd39 **How It Works:**  \r\n- **Suricata detects unusual network activity.**  \r\n- **Fluent Bit sends logs to an external laptop.**  \r\n- **Kibana visualizes the attack timeline, mapped to MITRE ATT&CK.**  \r\n\r\n---\r\n\r\n### **6. Key Benefits and Tactical Advantages**  \r\n\ud83d\udccc **Azazel System offers advantages beyond traditional deception techniques:**  \r\n\r\n\ud83d\udd39 **Delaying attackers to increase defensive response time**  \r\n\ud83d\udd39 **Cyber-scapegoat model actively manipulates adversary behavior**  \r\n\ud83d\udd39 **Lightweight, portable deployment suitable for high-risk environments**  \r\n\ud83d\udd39 **OSS-based, making it cost-effective and adaptable**", "recording_license": "", "do_not_record": false, "persons": [{"code": "R9FGHN", "name": "Soya Aoyama", "avatar": "https://pretalx.com/media/avatars/R9FGHN_unwqtvf.webp", "biography": "Soya Aoyama is a cybersecurity researcher and Global Fujitsu Distinguished Engineer. Soya worked as a Windows software developer at Fujitsu for over 20 years, developing NDIS drivers, Bluetooth profiles, WinSock applications, and more. \r\nSoya started working in security research in 2015, mainly researching attacks using Windows DLLs, and has spoken at a number of international hacker conferences, including Black Hat, BSidesLV, GrrCON, DerbyCon and LeHack, and was also a mentor at BSidesLV 2023, 2024 and BSides London 2024. \r\nSoya is one of the founders of BSides Tokyo, and has been involved with the organization since its first edition in 2018.", "public_name": "Soya Aoyama", "guid": "a80d4a6c-5a8b-50b0-982f-d37a26ec4f27", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/R9FGHN/"}, {"code": "JWHYYS", "name": "Makoto Sugita", "avatar": "https://pretalx.com/media/avatars/JWHYYS_tmIejVF.webp", "biography": "A former penetration tester turned independent security researcher, I specialize in developing unconventional security tools and offensive/defensive techniques. My work often centers on tactical deception and delay strategies in cyber operations, which I regularly present at cybersecurity conferences across Japan.\r\n\r\nOff the clock, I have an incurable vulnerability to good drinks\u2014an \"alcohol injection\" bug that's still wide open.", "public_name": "Makoto Sugita", "guid": "4f3df24d-b0da-5014-9134-0030f4c5923e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JWHYYS/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8XRRGH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8XRRGH/", "attachments": []}, {"guid": "6b09f658-7ae4-5425-be2d-6f2464d52978", "code": "8QHF9R", "id": 68811, "logo": null, "date": "2025-08-04T17:30:00-07:00", "start": "17:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-68811-the-perfect-blend-reverse-engineering-a-bluetooth-controlled-blender-for-better-smoothies", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8QHF9R/", "title": "The Perfect BLEnd: Reverse engineering a bluetooth controlled blender for better smoothies", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Have you ever gone to make a smoothie, only to have the blades spin fruitlessly while the fruit sticks just out of reach on the walls of the cup? I\u2019ve wrestled with a \u201csmart\u201d blender over this and other issues on many occasions, often resorting to tossing the single serving cup to dislodge stubborn pieces of fruit. Or perhaps you have another smart device that one day stops working because the vendor decided to stop updating the app for newer phones.\r\nIn this talk, I\u2019ll share how I learned to reverse engineer BLE (bluetooth low energy) devices in order to control the exact settings used by the blender, including initial failures and how I overcame them -- along with quickly creating an alternative for controlling the blender when the app stopped working after an iOS update. And in the end, we\u2019ll create a custom blending profile for the perfect blend!", "description": "This is a hobby project (not work related) where I've been poking at a Nutribullet Smart Balance blender on and off for several years. Late last summer I finally got around to pulling together the notes I had on the different parts of the BLE (bluetooth low energy) protocol for controlling the blender and put the pieces together to create an open source web app using WebBluetooth for controlling the blender. Using a variety of tools (listed below), I'll step go through the process I followed in learning to sniff bluetooth communications and how bluetooth low energy works. This will include my initial attempts using an nRF52 devkit prior to leveraging bluetooth logging features included in smart phones (and laptops). If there is time, a brief peek at decompiling the Android app revealed blenders and smart scales from other companies that might share the same protocol and could be future devices to look at.\r\n\r\nTools:\r\n* nRF52 DevKit\r\n* WireShark\r\n* Variety of free BLE scanner apps\r\n* PacketLogger (free tool included with Xcode utilities)\r\n* libimobiledevice idevicebtlogger (open source alternative to PacketLogger)\r\n* https://github.com/nightlark/nutribullet (WebBluetooth app developed based on findings)", "recording_license": "", "do_not_record": false, "persons": [{"code": "GUAKNH", "name": "Edward Farrell", "avatar": "https://pretalx.com/media/avatars/GUAKNH_3KGEjiG.webp", "biography": "Edward Farrell is a cybersecurity consultant, presenter, and mentor with over 16 years of industry experience. He is the CEO of Mercury Information Security Services and has delivered more than 1200 independent security assessments and incident response engagements. A frequent speaker at conferences, Edward is passionate about building up the next generation of security professionals and has mentored emerging talent through BSides and academia. He holds multiple industry certifications, serves on several advisory boards, and brings a down-to-earth, supportive approach to mentoring new speakers.", "public_name": "Edward Farrell", "guid": "b928b7ec-1e75-5cf1-bacd-34dc98cccc83", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GUAKNH/"}, {"code": "VJ8B7T", "name": "Ryan Mast", "avatar": "https://pretalx.com/media/avatars/VJ8B7T_OMcPZCz.webp", "biography": "Ryan is a software engineer working on open source projects to make the electric grid more reliable. His interests include software security, niche video games, poking at random \"smart\" devices, and reverse engineering audio/video hardware used in live productions.", "public_name": "Ryan Mast", "guid": "9f56cb25-b1ca-539c-9b97-c5df3ec3f3da", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/VJ8B7T/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8QHF9R/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8QHF9R/", "attachments": []}, {"guid": "1744b927-9948-5396-89c1-70e990688fab", "code": "LDTD3E", "id": 67686, "logo": null, "date": "2025-08-04T18:00:00-07:00", "start": "18:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67686-ragnarok-assisting-your-threat-hunting-with-local-llm", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LDTD3E/", "title": "RAGnarok: Assisting Your Threat Hunting with Local LLM", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Threat hunting is a proactive approach for identifying undetected threats within an organization's environment, and it requires various sophisticated skills.\r\nRAGnarok is an assisting tool for the threat hunting process with Large Language Model (LLM). It can generate a Sigma rule automatically for a specific attack technique based on threat intelligence.\r\nAs the threat hunting strongly depends on environmental elements that are often regarded as confidential information, RAGnarok adopts a local LLM. RAGnarok can collect and interpret the environmental information autonomously, then reflect it in the generated results without uploading any information to the Internet.\r\nTo achieve better results with limited computer resources, RAGnarok is based mainly on 3 technologies: \"Quantized LLM\", \"Retrieval-Augmented Generation (RAG)\", and \"Multi-Agent System\". Quantized LLM can make the execution faster, and the RAG mechanism enables RAGnarok to avoid hallucination and improve the accuracy of the generated result without fine-tuning. In addition, combining RAG with a multi-agent system allows the application to gain deeper specialization. These technologies can allow RAGnarok run on CPU only machine and generate practical outputs.\r\nThis talk provides the technical details of RAGnarok, a demo, know-how, and tips obtained by developing it.", "description": "RAGnarok is an assisting tool for the threat hunting process with a local Large Language Model (LLM). It can generate a Sigma rule automatically for a specific attack technique based on threat intelligence like MITRE ATT&CK.\r\nIn this talk, I will explain the architecture of RAGnarok, then elaborate on the technologies implemented. Also, I will provide a pre-recorded demo for a better understanding of RAGnarok. And finally, some know-hows and tips obtained from developing RAGnarok will be covered.\r\n\r\nThis talk has been developed based on my experience. When I was involved in threat hunting, there were many different procedures and approaches for it, and I felt it was too much for beginners. On the other hand, threat hunting also has many monotonous operations, and it can easily become boring.\r\nMy motivation for developing RAGnarok is to automate the threat hunting process with local LLM, especially boring processes, and concentrate on only interesting processes. In other words, humans will focus on only the advanced steps in the threat hunting process. Additionally, assisting beginners by generating practical results (Sigma rules) is also my motivation.\r\nThreat hunting usually requires environment information such as server configuration or account information. In this talk, Windows Active Directory configuration is especially focused on as environmental information, and collected and manipulated by using \"Bloodhound\". These types of environmental information are often regarded as confidential information, so RAGnarok adopts a local LLM instead of a cloud-based LLM in order to avoid uploading the information to the Internet.\r\nThe base technologies of RAGnarok are \"Quantized LLM\", \"Retrieval-Augmented Generation (RAG)\", and \"Multi-Agent System\". Combining them enables RAGnarok to generate highly professional and accurate results without fine-tuning on CPU only machine.\r\nHowever, there are a lot of misunderstandings in using these LLM-related technologies because of their complexity. Therefore, this talk will provide not only the technical details of RAGnarok, but also the points of utilizing LLM especially local LLM as know-how or tips.\r\nFurthermore, one of the concepts behind RAGnarok is scalability. Of course, we can easily add a new feature to RAGnarok. But it also means that the architecture of RAGnarok is applicable to other areas of cybersecurity, such as red teaming. In other words, threat hunting is just one of the use cases of the proposed architecture. I believe that this talk can contribute to promoting the use of a local LLM in the whole cybersecurity field.\r\n\r\nRAGnarok is going to be available as open source by the time of the talk.\r\n\r\nTools:\r\n- Docker: https://www.docker.com/\r\n- Bloodhound-CE: https://github.com/SpecterOps/BloodHound\r\n- Langgraph: https://www.langchain.com/langgraph\r\n- Ollama: https://ollama.com/\r\n\r\nThe following presentation is the prototype of RAGnarok.\r\nOf course, as RAGnarok has been evolved from the prototype, they are not the same.\r\nFor example, there are some differences in architecture and function related to treating environmental information. (I will elaborate on them in the talk.)\r\nBut this presentation will help you imagine what RAGnarok is all about!\r\n- Presentation record: https://www.youtube.com/watch?v=a0FvmNkpVLI&list=PLALq3Th79NnpPtZ28R-WPbepAPwgYHYiz&index=5&pp=iAQB\r\n- Presentation material: https://ctid.mitre.org/events/apac-2025/08%20-%20MITRE%20ATT&CK%20Driven%20Threat%20Hunting%20Automated%20by%20Local%20LLM.pdf", "recording_license": "", "do_not_record": false, "persons": [{"code": "YPSPPK", "name": "Cybelle Oliveira", "avatar": "https://pretalx.com/media/avatars/YPSPPK_B43UBF1.webp", "biography": "Cybelle is a Cyber Threat Intelligence researcher and a Master\u2019s student in Cyber Intelligence. She teaches in a postgraduate CTI specialization program in Brazil and is the co-founder of La Villa Hacker \u2014 the first DEF CON village dedicated to the Portuguese and Spanish-speaking community.\r\nCybelle has spoken at some of the world\u2019s leading security conferences, including DEF CON, BSides, H2HC, 8.8 Chile, Radical Networks, Mozilla Festival. among many others. Her work often explores the intersection of cyber threats, geopolitics, and underreported regions, with a particular interest in the strange, obscure, and catastrophically messy corners of cybersecurity.", "public_name": "Cybelle Oliveira", "guid": "170ca74b-716b-5892-b4fb-4e9a9d8014fa", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YPSPPK/"}, {"code": "HNC98T", "name": "Jun Miura", "avatar": "https://pretalx.com/media/avatars/HNC98T_thIDm7x.webp", "biography": "Jun Miura is a security researcher with Fujitsu Defense & National Security LTD (FDNS). After working as a security engineer at a financial company in Japan, he had experienced vulnerability assessment, penetration testing, and red teaming at Secureworks since 2022. From November 2023, he joined the current department at FDNS, and he is mainly focused on Offensive Security, especially Active Directory / Entra ID attacks and EDR / Anti Virus Bypass techniques. In addition, he has been involved in Threat Hunting research from an attacker's perspective using his knowledge and experience as a red teamer.\r\nCurrently, he is also focused on local LLM, especially its usage in cyber security and the attack against it. He is also a Ph.D student at Okayama University in Japan.", "public_name": "Jun Miura", "guid": "9733c86b-da44-522d-9323-8204859920db", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HNC98T/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LDTD3E/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LDTD3E/", "attachments": []}, {"guid": "3a87b8cc-a131-506b-b317-b15dce53218a", "code": "JWXSRB", "id": 67732, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/JWXSRB/greml_o9fcQ1g.jpg", "date": "2025-08-04T18:30:00-07:00", "start": "18:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67732-sigma-one-rule-to-find-them-all", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JWXSRB/", "title": "SIGMA, one rule to find them all", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "SIGMA rules are an agnostic, text-based, open signature format written in YAML for creating threat detections, developed and open-sourced in 2017 by Florian Roth and Thomas Patzke. The project was conceived to address the challenges facing analysts when sharing and translating rule logic across the various SIEMs and EDRs tools.  \r\nI will share with you how I implemented the gift of SIGMAs in our hunting workflow to assist with sniffing out gremlins hiding in the network. I will walk through the SIGMA creation process, sharing tips on how to tackle some of the challenges you might run into in real life when working with SIGMA. Hopefully my story can prove helpful for you, whether you are looking for ways to mature and streamline your hunting programs or just getting started playing around with Sigma.", "description": "\"The Gremlin Hunter\" project was developed as a way to solve the challenges I had of searching in a consistent way, that could be tracked and then action that information to produce actionable intelligence. Together with my team, I developed a process modeled on a \"guided\" hunt framework, following the Intelligence Lifecycle. The hunts are developed using OSINT and internal research from our CTI team, which I use to put into the SIGMA rule format. I then inputted into our MISP instance, where we use pySIGMA to process and translate the rules. The rules are then sent over to our ticketing system where they are distributed weekly to the hunting team. \r\nThe hunt team takes the queries that are translated and tests them in the environments, running them to hunt for whatever evil it is they are looking for. Final queries that are deemed production worthy are submitted to our engineering team to deploy as permanent detections. \r\nThe training will include showing our guided hunt workflow setup as well as demonstrating the process I used to create a SIGMA rule to hunt for a particular threat or activity, as well as some tips and hints on how to overcome some of the challenges when writing rules.\r\nAvatar of Gremlin Hunter is art by Phil Cho https://www.philchoart.com/featured/2020/11/13/gizmo-gremlin-hunter-earth-27-commission", "recording_license": "", "do_not_record": false, "persons": [{"code": "AMRQJN", "name": "HD Moore", "avatar": "https://pretalx.com/media/avatars/AMRQJN_Zz2fJID.webp", "biography": "HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.\r\n\r\nHD serves as the CEO and co-founder of runZero, a provider of cutting-edge exposure management software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON.\r\n\r\nHD\u2019s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks. When he\u2019s not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.", "public_name": "HD Moore", "guid": "a6ae8b0f-d5a6-5435-b60f-e71c9c768df0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/AMRQJN/"}, {"code": "9D8DHL", "name": "Rain Baker", "avatar": "https://pretalx.com/media/avatars/9D8DHL_s3GTL1H.webp", "biography": "Gremlin hunter, kitten and puppy wrangler, snickers fan. \r\nCame into the field of cybersecurity a bit later in life after shifting into the field from a background in philosophy, psychology, and conflict resolution, which have given me a unique perspective. \r\nI enjoy solving puzzles and scavenger hunts, so this kinda work suits me well. \r\nI started in cyber in late 2016 and have been working in the field ever since. I have worked for a few state government agencies doing a bit of everything, security administration, awareness training, vulnerability testing, and incident response. I moved to the private sector and I am now working for a company that supports both public and private sector customers. \r\nMy roles have included SOC analyst tier I and II, and now I work with my company's Cyber Threat Intelligence team as a cyber threat analyst and cybersecurity content engineer.", "public_name": "Rain Baker", "guid": "74bd311d-f749-58c2-b2cc-7716cbb4212e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9D8DHL/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JWXSRB/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JWXSRB/", "attachments": []}], "Tuscany": [{"guid": "2b9f97fa-9869-51c1-a29e-96587fab6971", "code": "EKZ7ZD", "id": 70771, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-70771-i-m-a-machine-and-you-should-trust-me-the-future-of-non-human-identity", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EKZ7ZD/", "title": "I'm A Machine, And You Should Trust Me: The Future Of Non-Human Identity", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "A lot of security boils down to trusting both humans and machines to access resources using the same flawed pattern: long-lived credentials. What if we rethought application and workload 'identity'?", "description": "Security boils down to trust. Trusting that the code will do what is expected and is free from vulnerabilities. Trusting that the entities interacting with our data and resources have the right to access those resources. Our current approach to both human and non-human access uses the same basic flawed pattern: long-lived credentials. \r\n\r\nThis approach to trusted access does not take into account who or what is requesting that resource. These secrets, which quite often leak, are an attacker's best friend and are how attackers think about getting into and moving throughout your system. \r\n\r\nWhat if instead of simply asking for a security key or credential to gain access, our applications, workloads, and resources asked \"Who are you and how can you prove that?\" Humans can move towards leveraging our non-changing characteristics, like biometrics. But what about machines? Especially in the world where pods and workloads last for only hours or days? \r\n\r\nAttend this session to:\r\n- Better communicate about why we must do things differently and soon\r\n- Learn how the open-source software community has looked at addressing the identity problem\r\n- Understand what commercial options are available\r\n- Map a path away from the world of long-lived credentials\r\n\r\nThe future of identity and access management is the future of security, IT, and, ultimately, business resiliency.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MM3B73", "name": "Dwayne McDaniel", "avatar": "https://pretalx.com/media/avatars/MM3B73_e6toqeP.webp", "biography": "Dwayne has been working as a Developer Advocate since 2014 and has been involved in tech communities since 2005. His entire mission is to \u201chelp people figure stuff out.\u201d He loves sharing his knowledge, and he has done so by giving talks at hundreds of events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and internationally in Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and crochet.", "public_name": "Dwayne McDaniel", "guid": "f808977e-363a-5996-b82e-274cf18dbd0c", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MM3B73/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EKZ7ZD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EKZ7ZD/", "attachments": []}, {"guid": "52effde1-503f-541b-9684-6a11c8fcb2ea", "code": "P9MPCD", "id": 70952, "logo": null, "date": "2025-08-04T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-70952-the-rise-of-synthetic-passwords-in-botnet-attack-operations", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/P9MPCD/", "title": "The Rise of Synthetic Passwords in Botnet & Attack Operations", "subtitle": "", "track": "PasswordsCon", "type": "Talk-20m", "language": "en", "abstract": "As security personnel and blue teams continue to tighten controls around credential stuffing and password reuse detection, attackers continue to evolve. A new tactic that is becoming popular amongst attackers is the mass use of synthetic passwords\u2014those are fabricated, non-reused credentials generated algorithmically (either with scripts or using AI) for botnets to evade traditional defenses. These aren't leaked passwords or user guesses; they're high-entropy, AI-shaped, or randomly generated inputs designed to pollute logs, obscure real attack traffic, and overwhelm detection systems.", "description": "In this talk, we explore the growing use of synthetic passwords in credential attacks, how they\u2019re generated, and the strategic value they offer to adversaries. We'll examine real-world examples of botnet behavior showing this shift,  and how synthetic inputs are being weaponized to bypass rate limits, defeat breach matching engines, and poison log files, SIEMs and other analysis engines. \r\n\r\nA major advantage of using synthetic passwords in attacks is to increase and exploit analysis fatigue. Large password attempts that make their way into logs and analytics - but offer little value when analyzed - create unnecessary work, processing and diversion. \r\n\r\nAttendees will gain insight into how to identify, profile, and defend against these noise-based attacks\u2014using entropy analysis, anomaly scoring, and behavioral fingerprinting.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XY9MD8", "name": "Dimitri Fousekis", "avatar": "https://pretalx.com/media/avatars/XY9MD8_QtfGSJN.webp", "biography": "Dimitri Fousekis / Rurapenthe -  has been in the security industry for over 20 years, and is the CTO of Bitcrack Cyber Security. Having enjoyed many years of Passwords, and password-related talks, Dimitri has a passion for deception based cyber security, as well as OSINT and cybersecurity intelligence. He has spoken at many conferences including BSidesLV, BSidesZA, PasswordsCon Cambridge & Vegas, BSides Athens and others.", "public_name": "Dimitri Fousekis", "guid": "6a3a03be-cafd-5d16-bdfa-09e468e330ba", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XY9MD8/"}, {"code": "GF7XKZ", "name": "Travis More", "avatar": "https://pretalx.com/media/avatars/GF7XKZ_15JgVDe.webp", "biography": "Travis More is a security consultant at Bitcrack Cyber Security. He has a keen interest in hardware hacking, passwords, and reverse engineering. Travis has spoken at conferences in Zambia and his out of work interests include boxing.", "public_name": "Travis More", "guid": "6d12ef8d-d8fa-5e01-bdea-5d139f120899", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GF7XKZ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/P9MPCD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/P9MPCD/", "attachments": []}, {"guid": "c2a7d321-d130-58d5-8e91-8d2517286017", "code": "LN7ETH", "id": 68761, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-68761-extending-password-in-security-to-the-browser-how-malicious-browser-extensions-are-used-to-steal-user-passwords", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LN7ETH/", "title": "Extending Password (in)Security to the Browser: How Malicious Browser Extensions Are Used to Steal User Passwords", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "Malicious browser extensions are an emerging attack vector to steal user identity information and passwords. This session will provide a detailed breakdown of how browser extensions can be used for theft of credential data, and a technical analysis of what permissions and methods compromised extensions invoke to steal passwords and other authentication details.\r\n\r\nAs part of this session, we will walk through the emergence of browser extensions as a threat vector, discuss how they become compromised, and then explore in detail the types of the password and credential data that can be stolen, and how they do it. We will describe specific permissions and techniques used by extensions to steal password information, and show live examples. Finally, we will discuss best practices and methods on how individuals and organizations should protect themselves against such tactics.", "description": "This talk has 3 main parts to it:\r\n1.\tA discussion of browser extensions as an emerging threat vector to steal identity data.\r\n2.\tA technical exploration of the methods, permissions and calls invoked by browser extensions, what data they can reach, and how they can extract password information.\r\n3.\tA discussion of the how to counter these tactics, and best practices for security.\r\n\r\nIn part I, we will talk about the emergence of browser extensions as a threat surface and a risk factor. We\u2019ll share statistics (collected by LayerX\u2019s internal metrics from our customer base) of the distribution of browser extensions (99% of enterprise users have >1 extensions, 53% of users have >10 extensions), permission scope of extensions (53% of users have extensions with high/critical permissions), and data on individual permissions (such as identity, cookies, scripting, and others). We\u2019ll also discuss how extensions become compromised: whether they are built as malicious extensions, become compromised (a-la Cyberhaven incident), or transfer ownership (via sale of extensions), and provide real-life examples of each type.\r\n\r\nIn Part II, we will proceed to a technical discussion of what types of password and authentication data extensions can access:\r\n\u2022\tWeb cookies\r\n\u2022\tSession information\r\n\u2022\tApplication access tokens\r\n\u2022\tAuthentication certificates\r\n\u2022\tPasswords\r\n\u2022\tKeyboard strokes / input information\r\n\r\nAnd also of the various methods for collecting this information:\r\n\u2022\tIdentity API\r\n\u2022\tCookies API\r\n\u2022\tScripting permissions\r\n\u2022\tTabs management permissions\r\n\u2022\tInput method calls\r\n\u2022\twebNatigation and webRequest APIs to control web traffic\r\n\u2022\tand more\r\n\r\nIn Part III, we will bring these concepts together and propose a framework for auditing, assessing the risk and enforcing protection against malicious browser extensions.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8CAGH7", "name": "Or Eshed", "avatar": "https://pretalx.com/media/avatars/8CAGH7_RbdhkL6.webp", "biography": "Or Eshed is co-founder and CEO of LayerX Security. Or has over 15 years of cybersecurity experience sa an ML developer, security and intelligence researcher, and cybersecurity analyst. Prior to founding LayerX, Or worked as a cyber threat intelligence analyst at Check Point, Otorio, and ABN AMRO Bank. His work has led to the arrest of at least 15 threat actors and the exposure of the largest browser hijacking operation in history with over 50M browsers compromised. He has also written and spoken on topics of cybersecurity extensively. In addition, Or holds an MSc in Applied Economics from the Hebrew University of Jerusalem.", "public_name": "Or Eshed", "guid": "ab9be484-95bc-59ab-895a-6449f1333c4f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8CAGH7/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LN7ETH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LN7ETH/", "attachments": []}, {"guid": "9ee3b37f-30c7-5c77-b32c-03db625043b3", "code": "CRQLAX", "id": 68765, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/CRQLAX/Hazar_P6aYvd6.png", "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-68765-hazard-analysis-of-military-ai-systems-using-stpa-sec-a-systems-theoretic-approach-to-secure-and-assured-autonomy", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CRQLAX/", "title": "Hazard Analysis of Military AI Systems Using STPA-Sec: A Systems-Theoretic Approach to Secure and Assured Autonomy", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "AI systems can fail dangerously without ever \u201cbreaking.\u201d This talk introduces a systems-theoretic method for identifying and mitigating hidden hazards in AI-enabled environments\u2014especially those involving generative and predictive models. Learn how STPA-Sec reveals systemic risks arising from misaligned recommendations, inadequate feedback loops, and interface ambiguity\u2014plus how to control them before they cause harm.", "description": "As AI becomes increasingly embedded in operational workflows\u2014across healthcare, transportation, finance, and beyond\u2014traditional failure-mode analyses fall short. AI systems often function \u201ccorrectly,\u201d yet still produce unsafe outcomes due to flawed assumptions, incomplete control loops, or emergent behaviors. These non-failure-based hazards are especially critical when AI outputs shape human decisions or operate under loose oversight.\r\n\r\nThis session presents an applied case study using System-Theoretic Process Analysis for Security (STPA-Sec) to analyze a representative AI decision-support system integrating generative and predictive components. We model the system\u2019s control structure\u2014including users, data flows, models, and feedback mechanisms\u2014to identify unsafe control actions such as:\r\n- AI-generated outputs that bypass validation\r\n- Feedback delays in time-sensitive scenarios\r\n- Interface design failures that erode operator trust\r\n\r\nEach hazard is traced to causal factors like model misalignment, lack of context awareness, and missing constraints on AI autonomy. We then demonstrate how to implement effective controls\u2014such as human-on-the-loop (HOTL) oversight, system boundaries, and enriched operator feedback\u2014to reduce residual risk.\r\n\r\nThis talk is grounded in real-world analysis and provides attendees with a repeatable method for anticipating and mitigating systemic AI failures\u2014especially valuable for those involved in AI risk, governance, or security.", "recording_license": "", "do_not_record": false, "persons": [{"code": "BHVP8Z", "name": "Josh Harguess", "avatar": "https://pretalx.com/media/avatars/BHVP8Z_7nyGUYV.webp", "biography": "Dr. Josh Harguess is the Chief Technology Officer of Fire Mountain Labs, where he drives the company\u2019s technical vision and leads advancements in AI security and assurance. Prior to joining Fire Mountain Labs, Josh was the first Chief of AI Security at Cranium AI, a global leader in AI Security products, where he led AI and AI strategy, and the R&D, Engineering, and AI Security departments. Previous to Cranium, Josh was a Senior Principal AI Scientist and department manager at MITRE, shaping national AI security strategies and developing cutting-edge adversarial machine learning defenses. His research has focused on ensuring the reliability, safety, and resilience of AI systems deployed in mission-critical environments. Josh has authored numerous publications on AI risk, trust, and adversarial robustness, contributing to industry frameworks such as MITRE ATLAS and NIST AI RMF. Throughout his career, he has led high-impact AI security programs funded by the Department of Defense, Department of Homeland Security, and major private sector stakeholders. With a strong foundation in AI risk assessment and safe AI deployment, Josh ensures Fire Mountain Labs remains at the forefront of AI security innovation, delivering solutions that enable organizations to deploy AI with confidence.", "public_name": "Josh Harguess", "guid": "75e23925-27a1-51f6-abb3-dedda341d182", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/BHVP8Z/"}, {"code": "9BVZQF", "name": "Chris Ward", "avatar": "https://pretalx.com/media/avatars/9BVZQF_27p4AHx.webp", "biography": "Chris is the CEO of Fire Mountain Labs, leading the company\u2019s mission to advance safe and assured AI. Under his direction, Fire Mountain Labs delivers pioneering AI assurance solutions to enterprise and government clients, ensuring AI systems are deployed with security, integrity, and accountability.\r\n\r\nWith over a decade of experience in AI and AI Security, Chris has coauthored 23 publications in the field and brings deep technical and operational expertise. A veteran of Active Duty U.S. Navy service, Chris also brings deep expertise from Space and Naval Warfare (SPAWAR) Systems Center Pacific, the Naval Information Warfare Center (NIWC), the MITRE Corporation, and several successful AI startups. His background spans operational technology, national security, and cutting-edge AI innovation.\r\n\r\nAs a trusted voice in the AI ecosystem, Chris operates as an honest broker, bridging government, industry, academia, and small organizations. He advocates for AI adopters navigating a crowded and hype-driven landscape, championing pragmatic, secure, and trustworthy solutions.\r\n\r\nBefore founding Fire Mountain Labs, Chris held senior leadership roles in AI security research and red teaming, where he shaped industry standards in AI risk assessment, penetration testing, secure AI governance, and adversarial threat modeling.", "public_name": "Chris Ward", "guid": "40c2f9b5-d021-5e14-916d-a789a6d40223", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9BVZQF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CRQLAX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CRQLAX/", "attachments": []}, {"guid": "0768c9d3-8e4e-5f31-8219-cdc8014e2a47", "code": "JCZVM7", "id": 66799, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/JCZVM7/hmac-_o53VImQ.jpg", "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-66799-the-hmac-trap-security-or-illusion", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JCZVM7/", "title": "The HMAC Trap: Security or Illusion?", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "Every day, billions of messages are signed with HMACs. We assume using HMAC is the way to gatekeep integrity and authenticity. But what happens when this cryptographic seal is misunderstood, misused, or just plain broken?\r\nThis talk will show you how HMAC is not just a cryptographic construction, but a misunderstood superhero in the authentication world. Join me in the unraveling where HMAC went wrong and where it got it right, through code demos, vulnerability breakdowns, and examples using Python and open-source tools, we\u2019ll showcase how even mature systems could fall victim to these quiet flaws and how to spot them before attackers do.", "description": "This talk is the result of deep-dive research into HMAC vulnerabilities, misconfigurations, implementation flaws, and security failures that have led to authentication bypasses and exploited systems. HMAC is one of the most widely used cryptographic primitives in modern authentication, securing APIs, JWTs, and message integrity across countless applications. However, as my research has shown, it's also frequently misunderstood and misused in ways that introduce serious security risks.\r\n\r\nI have explored multiple vulnerabilities in real-world HMAC implementations and analyzed how subtle mistakes can lead to authentication failures. This talk will focus on breaking down these weaknesses through pre-recorded demos, code reviews, and attack scenarios, all using open-source tools such as Python\u2019s HMAC module, hash-extension attacks, and other exploitation techniques.\r\n\r\nTools & Resources:\r\n\u2022\tGitHub repo with PoC code and demos: https://github.com/HexxedBitHeadz/02-17-HMAC \r\n\u2022\tPython scripts for HMAC validation testing\r\n\u2022\tCustom Flask-based vulnerable app for exploitation demos\r\n\u2022\tBlog reference: https://hexxedbitheadz.com/unraveling-the-cryptographic-thread-of-hmac/ \r\n\u2022\tOWASP cheat sheets \u2013 used for contrasting secure vs. flawed HMAC usage: https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html\r\nhttps://cheatsheetseries.owasp.org/cheatsheets/Microservices_Security_Cheat_Sheet.html", "recording_license": "", "do_not_record": false, "persons": [{"code": "39JKMS", "name": "Marluan \"Izzny\" Cleary", "avatar": "https://pretalx.com/media/avatars/39JKMS_mMgq60q.webp", "biography": "Marluan Cleary is a Penetration Tester and cybersecurity student passionate about breaking, building, and securing systems. She researches and documents real-world vulnerabilities through technical blogs at Hexxed BitHeadz, offering hands-on insights into tools, techniques, and emerging threats. Focused on cryptography, exploit development, and offensive security,", "public_name": "Marluan \"Izzny\" Cleary", "guid": "e9ae1be3-0a88-590e-a9d6-31cbdfb831f0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/39JKMS/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JCZVM7/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JCZVM7/", "attachments": []}, {"guid": "1ded3103-81c4-53da-b58a-0361db71afe6", "code": "7HLURD", "id": 68480, "logo": null, "date": "2025-08-04T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-68480-machine-identity-attack-path-the-danger-of-misconfigurations", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7HLURD/", "title": "Machine Identity & Attack Path: The Danger of Misconfigurations", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "In an era where digital transformation has integrated multi-cloud environments into the core of business operations, security demands have escalated exponentially. This talk, \"Machine Identity & Attack Path: The Danger of Misconfigurations,\" addresses the pressing challenges and threats within these diverse cloud setups. Attendees will deepen their understanding of how attackers exploit vulnerabilities stemming from misconfigured security measures and inadequately managed machine identities.\r\n\r\nThe presentation focuses on the intricate dynamics of attack vectors, surfaces, and paths, providing actionable insights to reinforce cloud infrastructures. With a spotlight on innovative open-source tools such as SecBridge, Cartography, and AWSPX, participants will discover how to map environments effectively, visualize IAM permissions, and enhance security tool integrations for robust cloud operations.\r\n\r\nThis session caters to cybersecurity professionals, cloud architects, and IT managers seeking knowledge and strategies to protect digital assets amidst a complex multi-cloud landscape. Join us to explore cutting-edge solutions and safeguard your organization against the evolving security needs of contemporary cloud ecosystems.", "description": "In today\u2019s rapidly advancing digital environment, securing multi-cloud infrastructures has become more crucial than ever. \"Machine Identity & Attack Path: The Danger of Misconfigurations\" addresses the complexities and emerging threats inherent in managing multi-cloud setups. This talk will equip attendees with comprehensive insights into how attackers leverage vulnerabilities caused by misconfigured security protocols and the improper handling of machine identities.\r\n\r\nThe session begins by laying out fundamental concepts such as machine identity, attack vectors, surfaces, and paths, clarifying how each element contributes to potential security breaches. Participants will gain a thorough understanding of attack paths, crucial for tracking potential attack routes within cloud environments.\r\n\r\nLeveraging graph-based visualization tools, like SecBridge, Cartography, and AWSPX, this presentation will demonstrate how to map complex environments and visualize access permissions effectively. This approach not only aids in understanding potential vulnerabilities but also strengthens security postures across different cloud platforms.\r\n\r\nThe discussion extends to cloud-specific attacks, identifying typical vulnerabilities within AWS, OCI, GCP, and Azure. Attendees will be guided through mitigation strategies using best practices and the latest open-source tools to secure multi-cloud architectures effectively.\r\n\r\nThis talk is vital for cybersecurity professionals, cloud architects, and IT managers aiming to safeguard their organizations' digital assets. Explore innovative strategies to address the critical security needs of today\u2019s multi-cloud ecosystems and ensure robust defense mechanisms in these dynamic environments.", "recording_license": "", "do_not_record": false, "persons": [{"code": "UFEVPR", "name": "Filipi Pires", "avatar": "https://pretalx.com/media/avatars/UFEVPR_Q6uWWdh.webp", "biography": "I\u2019ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura, Red Team Village Director, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I\u2019ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).", "public_name": "Filipi Pires", "guid": "f46dcde4-d4c8-5594-ada4-c0b9c6ae1bba", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UFEVPR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7HLURD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7HLURD/", "attachments": []}], "Siena": [{"guid": "d3f17292-7118-5476-b6f3-12a1726901f4", "code": "ZCTLHZ", "id": 69638, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "00:20", "room": "Siena", "slug": "security-bsides-las-vegas-2025-69638-pebkac-rebooted-a-hacker-s-guide-to-people-patching-in-90-days", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZCTLHZ/", "title": "\u201cPEBKAC Rebooted: A Hacker\u2019s Guide to People\u2011Patching in 90 Days\u201d", "subtitle": "", "track": "Ground Truth", "type": "Talk-20m", "language": "en", "abstract": "Forget the tired \u201cPEBKAC\u201d jokes\u2014your next breach won\u2019t happen because people are stupid, but because their brains are running exactly as designed. \r\n\r\nThis session weaponizes cognitive science and a dataset of 1\u202fmillion users experiences with phishing simulations and 170,000 people's answers to perceptual surveys to show how attackers hijack four predictable bugs in wetware: optimism bias (\u201cnot me\u201d), Dunning\u2011Kruger (a dash of training \u2192 god\u2011mode confidence), and the newly quantified technology bias\u2014the reckless belief that EDR, AI mail filters, or zero\u2011trust pixie dust catch everything. You\u2019ll see why users who score high on tech bias click links 140% more often, and why click\u2011through rates double if phishing simulations pause for just three months. Then we flip the script: continuous \u201cpeople\u2011patching,\u201d instant dopamine\u2011hit feedback loops, and neuroscience-based hacks that drop real\u2011phish clicks 8\u00d7 while tripling report rates. We'll also show how to prove the ROI for moving from security awareness to motivation, while also demonstrating how humans can show the flaws in your security stack, like how many phishes leaked past your e-mail filters", "description": "For decades, security pros have repeated the mantra: \u201cPeople are the weakest link.\u201d \r\n\r\nThis talk flips that myth on its head. Using one of the largest datasets of its kind\u20141 million users, millions phishing simulations, and survey responses from 170,000 people \u2014 we\u2019ll explore how people aren\u2019t the biggest problem in cybersecurity. They\u2019re the greatest opportunity.\r\n\r\nHuman error is not random. It follows predictable patterns hardwired by evolution:\r\n\r\nOptimism bias: \u201cIt won\u2019t happen to me.\u201d (+37% click rate)\r\n\r\nAnchoring bias: First impressions override logic (now supercharged by GenAI-quality phish)\r\n\r\nDunning-Kruger effect: Overconfidence after shallow training = dangerous false certainty\r\n\r\nTechnology bias: 1 in 3 users believe firewalls and antivirus fully protect them\u2014a belief that leads to 140% more clicks\r\n\r\nThese aren\u2019t theoretical concepts. They show up in real phishing telemetry. People don\u2019t click because they\u2019re dumb\u2014they click because their brains are conserving energy, operating on autopilot, or hijacked by emotional triggers like urgency and fear. Nearly 20% of clickers don\u2019t even remember doing it. Another 17% say they were rushing. The amygdala moves faster than logic. Social engineers know this. It's time defenders did too.\r\n\r\nThe good news? These patterns are hackable\u2014by us.\r\n\r\nBacked by behavioral science and data, this talk outlines a new model of human defense: one based on motivation, emotional learning, and cognitive bias mitigation. It also introduces SCARF, a neuroscience-based model (Status, Certainty, Autonomy, Relatedness, Fairness) - a concept from the business world into cybersecurity - that helps us engage users on their terms\u2014not ours.\r\n\r\nWe\u2019ll cover what actually works:\r\n\r\nClick rates drop 8x in 90 days with well-designed simulations programs\r\nReport rates increase 2.5\u20133x when users get positive feedback and real-time coaching\r\nLive phishing threats caught by users increase as trust in tools alone declines\r\nResilience decays fast: pause simulations for three months and click rates double\r\nWe\u2019ll also explore failure modes: over-training leads to false confidence, and phishing users too often (more than once a month) tanks performance.\r\n\r\nThis session will give you a blueprint for building adaptive, motivated human firewalls using neuroscience, behavior modeling, and just the right dose of gamified reinforcement. Learn how to measure attitudes\u2014not just knowledge\u2014and why motivation is the real missing link in most security awareness programs.\r\n\r\nDon\u2019t settle for blaming users. Hack their biases. Trigger better defaults. Close the loop with feedback, not shame.\r\n\r\nFrom weakest link to fastest sensor: this is how you patch the wetware.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FG8TTR", "name": "David Shipley", "avatar": "https://pretalx.com/media/avatars/FG8TTR_ImYYIcj.webp", "biography": "David Shipley is an award-winning entrepreneur who loves working at the intersection of the liberal arts and technology. \r\n\r\nIn 2016, David co-founded Beauceron Security with an innovative approach to cybersecurity awareness This approach empowers everyone within an organization to know more and care more about their crucial role in protecting against cyber-attacks. Beauceron Security now serves more than 1,200 clients across North America, Europe, and Africa, and over 1 million people have benefited from their work.\r\n\r\nBefore co-founding Beauceron Security, David was the security lead for the University of New Brunswick and developed its incident response, threat intelligence, and awareness practice. \r\n\r\nHe is a Certified Information Security Manager (CISM), a former journalist, and a Canadian Forces veteran. He was awarded the Queen's Diamond Jubilee Medal and King Charles III Coronation Medal for his service to Canada and his work in cybersecurity. \r\n\r\nDavid regularly contributes to the Cybersecurity Today podcast and appears frequently in the media to help explain cybersecurity stories.", "public_name": "David Shipley", "guid": "2bada8cf-345e-5ee8-9b6b-b8f8bbb8abc1", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/FG8TTR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZCTLHZ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZCTLHZ/", "attachments": []}, {"guid": "b0f7c29e-39b8-5ec7-8d06-e43ab96f17c3", "code": "JZ98SA", "id": 70312, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-70312-autonomous-discovery-of-logic-based-api-vulnerabilities", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JZ98SA/", "title": "Autonomous Discovery of Logic-based API Vulnerabilities", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "Logic-based vulnerabilities remain the hardest to detect with automated application security tools, including the new LLM-based ones. We examine how AI agents can be trained to discover such complex vulnerabilities in black-box settings.\r\n\r\nIn this talk, we'll demonstrate how we train a reinforcement learning agent to navigate applications, model state transitions, and identify logic flaws. These agents observe user roles, session tokens, and application responses to iteratively craft requests that reveal vulnerabilities.\r\n\r\nThen, we evaluate this agent using Marvin, our open-source research framework that provides environments with vulnerable REST and GraphQL APIs that accurately mirror real-world application logic. By open-sourcing Marvin, we aim to set the standard for the hacker community to evaluate new hacking agents.\r\n\r\nWe discuss the capabilities and limitations of these systems and point toward what we need to make AI practically useful for security research.", "description": "The content of this talk originated from a research project Dvir Lazar and I developed at Carnegie Mellon this past year. Following our research, Dvir and I co-founded Alkonos, an AI-based Dynamic Application Security Testing (DAST) startup.\r\nThe fundamental problem we're addressing is that current DAST tools widely adopted by both industry and hacker communities rely on pattern matching for known vulnerabilities or fuzzing without contextual insights. This approach renders them completely ineffective against some of the most critical web application security vulnerabilities, including IDORs, access control vulnerabilities, and account takeovers. According to OWASP, access control vulnerabilities are ranked as the #1 most critical vulnerability, yet traditional tools consistently fail to detect them.\r\nRecent advancements in AI offer the potential to automate the detection of these complex vulnerabilities. However, as with any emerging technology, significant challenges remain. Our research revealed that while multiple companies and academic research efforts are tackling this field, there's no standardized way to measure the success of these tools. We argue that without proper benchmarks, the hacker community cannot effectively assess these solutions, and the industry lacks direction for developing robust automation tools.\r\nTo address this gap, we've developed Marvin, an MIT-licensed benchmark suite specifically designed to evaluate whether autonomous agents can discover logic bugs in realistic environments. Marvin provides standardized vulnerability scenarios with ground-truth labels, focusing on business logic flaws where AI systems traditionally struggle to understand application context and business rules.\r\nOur framework features diverse application vulnerability corpora across multiple API paradigms (REST, GraphQL), controlled noise elements to test false positive rates, varied authentication mechanisms, and progressive difficulty tiers. We'll demonstrate how reinforcement learning-based hackbots can be trained on Marvin to successfully identify these vulnerabilities and present a live demonstration of our RL agent navigating complex API structures and exploiting business logic flaws that traditional security tools miss.\r\nThis talk will cover our approach to training and evaluating AI-based security testing systems, introduce the Marvin framework to the hacker community, and present a roadmap for advancing automated detection of logic-based vulnerabilities. We'll also discuss how the community can contribute to and utilize Marvin to evaluate vendor claims about AI-based security tools.", "recording_license": "", "do_not_record": false, "persons": [{"code": "R3EUPF", "name": "Dvir Lazar", "avatar": "https://pretalx.com/media/avatars/R3EUPF_irQLMR2.webp", "biography": "I am an RL researcher at Alkonos, where I work on training models to find logic-based vulnerabilities that no other tool can detect in blackbox APIs.", "public_name": "Dvir Lazar", "guid": "f2d18451-c797-55b7-b72f-35034a76e860", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/R3EUPF/"}, {"code": "WCABVU", "name": "Taha Biyikli", "avatar": "https://pretalx.com/media/avatars/WCABVU_xQHquvQ.webp", "biography": "Taha Biyikli is Co-Founder & CEO of Alkonos, developing AI solutions for complex vulnerability detection. Previously, Taha led cybersecurity assessment teams and has been acknowledged by major organizations including Apple and the U.S. Department of Defense for discovering critical vulnerabilities. A member of Carnegie Mellon's Plaid Parliament of Pwning (PPP), Taha won the MITRE Embedded CTF 2025 with his team and specializes in application security and reverse engineering.", "public_name": "Taha Biyikli", "guid": "ce5725c8-e9fa-55fc-b218-2be7ce64e78f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/WCABVU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JZ98SA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JZ98SA/", "attachments": []}, {"guid": "6cdb7e49-28e7-5dfb-96f8-d8d278dfa863", "code": "89TETH", "id": 68791, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-68791-fragmentation-of-cti-the-deck-is-stacked-against-the-defenders", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/89TETH/", "title": "Fragmentation of CTI: The Deck is Stacked Against the Defenders", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "IOCs produced in 2024: 1.2 trillion.  Projected for 2025: 2 trillion.  Our ongoing research is one of the most expansive and comprehensive analyses of accessible global threat intelligence data from over 50 commercial providers spanning over 2 years.  We will share insights about the CTI ecosystem including the number of CTI producers and their specializations, volume and rate of production of IOCs, and intersections and overlaps between feeds and threat context.\r\n\r\nWe will then delve into how quickly intelligence providers keep up with vulnerability disclosures and attackers who exploit them.  A temporal analysis of IOC coverage for CVEs from 2023 and 2024 reveals the average delays between the time of disclosure and the time of attribution in intelligence, providing insights into how quickly attackers pivot existing infrastructure and TTPs to exploit new vulnerabilities and when they stand up new infrastructure to scale those attempts.  A shocking observation is the high accuracy of aged-out IOCS, long thought to be useless, in predicting coverage over 90(!) days in advance.\r\n\r\nWe will conclude the session with thoughts on the underlying causes of this fragmentation in the CTI industry and how they may unintentionally be  setting up defenders for failure.", "description": "In pursuing its business, Centripetal has become one of the largest commercial consumers of intelligence in the world.  In the spirit of giving back to the community, our Labs research team conducts analysis of this data to provide valuable insights to publish in peer-reviewed academic journals and to share freely with trusted cybersecurity communities - no marketing fluff.  This topic is one such endeavour.\r\n\r\nThe cybersecurity industry emphasizes that CTI is a pivotal component to every cyber defense strategy.  CTI has grown to be a $14B industry where the vast majority of critical information about threats are in closed-source, commercial offerings from over 300 providers world-wide.  The market claims typically state a uniqueness factor of up to 80% with each provider touting the breadth, depth and speed of their intelligence as competitive advantages over their peers.  However, we have yet to find any independent comprehensive competitive analysis to validate or refute those claims.  A small number of peer-reviewed articles on this subject matter are dated and limited mostly to open source intelligence and a few commercial sources.  But more importantly, any such validation of the uniqueness claim would lead to an obvious conclusion that few seem to acknowledge: if every provider\u2019s data is unique, no single provider can offer complete or even majority coverage for known threats.\r\n\r\nWe will begin this session with an overview of the CTI ecosystem including the estimated number of total commercial, open source and government/NGO providers, then dive into a comprehensive overlap analysis of threat indicator data that reveals the true overlap to be between 1-5% depending on fidelity.  We will then look at the threat categories of each provider to show their specializations that contribute to the lack of duplicity as well as the ~16% conflicting data that can lead to confusion in threat investigations.\r\n\r\nWe will then explore coverage graphs from retrospective analysis of published CVEs from 2023 and 2024 to show a 6-12 day delay in CTI attributions to those vulnerabilities.  We will delve into a historical prediction analysis of unpublished threats that show nearly a 100% coverage of attack infrastructure used to exploit newly published CVEs more than 3-7 days in advance of such publications.  This coverage is still respectable at 55% more than 90 days in advance.\r\n\r\nThe impact of these observations and conclusions may be profound.  The tried-and-true approach of leveraging a handful of high quality open source, government and commercial intelligence in a sophisticated SOC may fail not because of poor operations but rather simply because of insufficient data.  The overemphasis of the need for confidence and depth in CTI may be contributing to delayed attribution and widening the window of opportunity for attackers who can scale exploit attempts within hours of disclosure.  Something must change, and that change can begin with the knowledge of what you didn\u2019t know.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QQHBDU", "name": "Dave Ahn", "avatar": "https://pretalx.com/media/avatars/QQHBDU_X6szFiA.webp", "biography": "Dave is a technology leader and innovator with a distinguished track record in cybersecurity and healthcare informatics over three decades.  He holds numerous patents in these fields, many of which have been successfully commercialized through groundbreaking startups.  At his current endeavor, Centripetal, Dave focuses on new ways to leverage global intelligence and analytics to transform cybersecurity defenses, security operations and threat research.  He has been honored to share his work on peer-reviewed articles, support steering committees and workgroups, and speak about learned insights at conferences.", "public_name": "Dave Ahn", "guid": "d20c7edf-b7a9-572d-b1ef-578bd81f17dc", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QQHBDU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/89TETH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/89TETH/", "attachments": []}, {"guid": "5e8ce76a-ab89-5090-bdbb-603c85d07a5f", "code": "WMZJTT", "id": 68666, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-68666-human-attack-surfaces-in-agentic-web-how-i-learned-to-stop-worrying-and-love-the-ai-apocalypse", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WMZJTT/", "title": "Human Attack Surfaces in Agentic Web: How I Learned to Stop Worrying and Love the AI Apocalypse", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "AI agent usage is accelerating us into an era of the Agentic Web, a digital landscape where machines, not humans, dominate creation, interaction, and consumption. As we inch closer to this new reality, we must ask: What are the security risks of an internet not built or experienced by, humans? LLMs have already begun to radically reshape the way we consume online information and will completely redefine how we live our online lives. From buying goods and services to searching for jobs, homes, and even relationships, agents will increasingly perform these tasks on our behalf. But convenience comes at a cost. In the coming world of bot-vs-bot warfare, scammers will unleash agents to exploit the agents of unsuspecting humans. This isn\u2019t some distant dystopia, it\u2019s happening right now, and it\u2019s already creating an endless array of new vulnerabilities. We will glimpse the near future of cognitive security, where an unrelenting cascade of attack surfaces will emerge. We\u2019ll delve into the mechanics of AI agents and the economic pressures driving their rapid adoption, explore real-world examples of how agents are already being exploited, and conclude with a look ahead at near future scenarios.", "description": "The rise of AI agents is rapidly transforming the digital landscape into a terrifying new reality. We are entering the age of the Agentic Web, a vast and interconnected ecosystem where AI-driven agents autonomously handle tasks and interact with online services on behalf of human users. While these innovations promise efficiency and personalization, they also come with dark, potentially catastrophic risks that could reshape the way we interact with the web\u2014and each other.\r\nIn this talk, we will dive deep into the Agentic Web, exploring how AI agents are transforming nearly every facet of our digital lives and the emerging security threats they bring with them. From their rapid adoption to the vulnerabilities that lie within their structure, we\u2019ll take a closer look at how these agents will fundamentally alter the online environment and, with it, our sense of privacy, security, and trust.\r\n1. Introducing the Agentic Web\r\nWe begin by setting the stage with a relevant news story, showcasing just how rapidly AI agents are infiltrating our daily lives. With tools like Large Language Models (LLMs) already transforming search engines and digital assistants, AI agents are poised to take over tasks that were once firmly in the human domain. From shopping for goods to finding a job or even navigating relationships, AI agents are rapidly becoming our intermediaries, acting on our behalf in ways we never imagined.\r\nAI Agents vs. LLMs\r\nIt\u2019s important to understand where AI agents overlap with LLMs and how they complement one another. While LLMs like GPT-4 revolutionized natural language processing, AI agents are designed to go beyond conversation\u2014they autonomously make decisions and carry out tasks, learning from their interactions to improve over time.\r\nAt their core, AI agents rely on a cognitive agent architecture, allowing them to perceive their environment, react to stimuli, and pursue specific goals without constant human intervention. But what makes these agents so powerful also makes them vulnerable\u2014acting independently and autonomously in a world filled with deception, they become prime targets for manipulation.\r\nThe Agentic Web\r\nAs we transition to the Agentic Web, we explore a world where AI agents not only perform tasks but also interact with each other across digital ecosystems. This interconnected web allows agents to negotiate with vendors, find the best prices, and manage everything from travel bookings to job applications. The ease with which users can delegate tasks will enhance user experience, but it also introduces significant risks\u2014agents may act on behalf of their users without their knowledge, opening a vast array of new vulnerabilities.\r\nKey Aspects of the Agentic Web\r\nAutonomy: AI agents operate without requiring constant input, making decisions based on user preferences or environmental data.\r\nPerception and Reactivity: These agents can sense their surroundings and respond in real-time.\r\nLearning and Goal-Oriented Behavior: Agents can adapt and evolve, continuously improving their efficiency.\r\nCollaboration: Agents can work together, sharing information to complete complex tasks, such as coordinating multiple agents to solve a problem.\r\nThe Agentic Web represents a shift from traditional internet interaction. No longer will users directly engage with websites and services; instead, AI agents will take over, autonomously managing interactions with the web and even each other.\r\nApplications and Use Cases\r\nThis shift is already happening. AI agents are significantly impacting industries like customer service, healthcare, and cybersecurity. For example, AI agents in customer service can handle queries autonomously, while in cybersecurity, they are used to detect and respond to threats in real-time. The implications are far-reaching, from autonomous vehicles to virtual personal assistants handling every aspect of our digital lives.\r\nLooking toward the future, we see AI agents revolutionizing e-commerce, job seeking, dating, and even academic placements, creating a digital landscape where tasks are no longer controlled by humans, but by a network of interconnected agents, each with its own goals and capabilities.\r\n2. Agentic Web Risks\r\nWith the rise of AI agents comes an entirely new set of risks, particularly for the users who place their trust in them. As AI agents take on more responsibility, the potential for security vulnerabilities grows exponentially. AI agents\u2019 ability to perform tasks autonomously makes them prime targets for manipulation and exploitation.\r\nRisks to Human Users\r\nUsers are at the forefront of this shift, and their security is at risk. Research shows that people will overtrust AI agents, opening the door to manipulation. Whether through fake AI workers or dark patterns designed to deceive, the Agentic Web will be rife with new types of cyber threats.\r\n\r\nDark Patterns: AI agents, with their natural language interfaces, are highly susceptible to manipulation through social engineering attacks. This includes everything from subtle biases in decision-making to outright harmful behavior encouraged by malicious actors.\r\nRisks to Agents\r\nAI agents themselves are not immune to threats. Just as users are targeted, agents can fall victim to countermeasures and manipulation. Cybercriminals may craft attacks specifically designed to exploit the vulnerabilities in these autonomous systems, using deceptive tactics like synthetic media and deepfake social engineering to trick agents into carrying out malicious actions.\r\nOne example of this is the \u201cmaze of irrelevant facts\u201d technique, where malicious actors overwhelm an AI agent with misleading information, causing it to make faulty decisions. This emerging threat shows how AI agents could be used as weapons in the digital arms race, a race that is only just beginning.\r\n3. Mitigations to Agentic Web Risks\r\nAs AI agents become more prevalent, it\u2019s crucial to establish frameworks and security models to protect both users and agents. Know Your Agent (KYA) and MAESTRO (Multi-Agent Environment, Security, Threat, Risk, and Outcome) are two key frameworks that can help identify vulnerabilities and create proactive security measures for this emerging landscape.\r\nAdditionally, threat modeling strategies like STRIDE\u2014which focuses on threats like spoofing, tampering, and information disclosure\u2014will be essential for understanding and mitigating the risks posed by the Agentic Web. Ensuring least privilege for agents, where they only have access to the resources they need, will also be critical in reducing potential damage from exploited agents.\r\n4. What the Future Holds\r\nAs we look ahead, the adoption of AI agents will continue to accelerate. The economic incentives driving their adoption will force businesses and consumers to adapt quickly. In the retail space, we are already seeing how AI agents could reshape e-commerce, leading to an arms race between buyer bots and seller bots. This could create a situation where only those with access to AI agents will succeed in securing limited offers or low prices.\r\nLikely Near-Horizon Scenarios\r\nWhat should security professionals be thinking about right now? As AI agents become more ubiquitous, cybercriminals will shift their focus from targeting humans to targeting AI agents directly. This could lead to Neo Social Engineering attacks where attackers manipulate agents rather than individuals. Just as traders have become reliant on algorithms from the rise of high frequency trading, users may come to depend on agents, only to see their trust exploited by attackers who have already tricked the AI systems they rely on.\r\nFurther, we may see the rise of fraudulent e-commerce sites designed to deceive AI agents into recommending fake products or services. This could further erode user trust and privacy, especially as personal data becomes concentrated within the agents managing our digital lives. If these agents are compromised, the damage to individual privacy could be devastating.\r\nConclusion\r\nThe future of the Agentic Web is both exciting and terrifying. As AI agents become more embedded in our daily lives, the risks associated with their use will grow exponentially. The need for robust security measures and vigilance has never been greater. This is not a distant concern\u2014it is the near-future reality of the digital world we are rapidly building. Security professionals must act now to understand these risks, develop mitigation strategies, and prepare for a new era where AI agents will become central players in our digital ecosystem.\r\nWhat are the implications of a web where the agents of AI, rather than humans, hold the reins? The future of cybersecurity will depend on the answers.\r\n\r\nWORK CITED\r\nANP (Agent Network Protocol)\r\nhttps://agentnetworkprotocol.com/en/\r\n\r\nCanham, M. & Sawyer, B.D. (2023). Me and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants.\r\nhttps://www.youtube.com/watch?v=qjhfWWEQCgQ \r\n \r\nCanham, M. (2021). Deepfake Social Engineering: Creating a Framework for Synthetic Media Social Engineering. Black Hat USA 2021\r\nhttps://www.youtube.com/watch?v=2yILTfBV974  \r\n\r\nChaffer, T. J., (2025).  Know Your Agent: Governing AI Identity on the Agentic Web. \r\nhttps://ssrn.com/abstract=5162127\r\nhttps://dx.doi.org/10.2139/ssrn.5162127 \r\n\r\nEdwards, B. (2025). Cloudflare turns AI against itself with endless maze of irrelevant factshttps://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/ \r\n\r\nHuang, K. (2025). Agentic AI Threat Modeling Framework: MAESTRO\r\nhttps://cloudsecurityalliance.org/blog/2025/02/06/agentic-ai-threat-modeling-framework-maestro# \r\nhttps://archive.is/TTP1D \r\n\r\nKran et al. (2025). DarkBench: Benchmarking Dark Patterns in Large Language Models\r\nhttps://openreview.net/pdf?id=odjMSBSWRt \r\nhttps://darkbench.ai/\r\n\r\nMCP (Model Context Protocol)\r\nhttps://modelcontextprotocol.io/introduction\r\n\r\nMilne, S. (2024). AI tools show biases in ranking job applicants\u2019 names according to perceived race and gender\r\nhttps://www.washington.edu/news/2024/10/31/ai-bias-resume-screening-race-gender/#:~:text=the%20process%20%E2%80%94%20are%20now,automation%20in%20their%20hiring%20process \r\nhttps://archive.is/Yy1h3 \r\n\r\nNichols, S. (2025). AI-enabled phishing and fake worker attacks on the rise\r\nhttps://www.scworld.com/perspective/deepseek-breach-yet-again-sheds-light-on-ai-dangers \r\nhttps://archive.is/BTW2C \r\n\r\nRance, G. (2025). DeepSeek breach yet again sheds light on AI dangers\r\nhttps://www.scworld.com/news/ai-enabled-phishing-and-fake-worker-attacks-on-the-rise \r\nhttps://archive.is/VhjnO \r\n\r\nShostack, A. (2014). Threat Modeling: Designing for Security. Wiley. \r\nhttps://www.wiley.com/en-us/Threat+Modeling%3A+Designing+for+Security-p-9781118809990", "recording_license": "", "do_not_record": false, "persons": [{"code": "8LGRDP", "name": "Matthew Canham", "avatar": "https://pretalx.com/media/avatars/8LGRDP_Icgol3r.jpg", "biography": "Dr. Matthew Canham is the Executive Director of the Cognitive Security Institute and a former Supervisory Special Agent with the Federal Bureau of Investigation (FBI), he has a combined twenty-one years of experience in conducting research in cognitive security and human-technology integration. He currently holds an affiliated faculty appointment with George Mason University, where his research focuses on the cognitive factors in synthetic media social engineering and online influence campaigns. He was previously a research professor with the University of Central Florida, School of Modeling, Simulation, and Training\u2019s Behavioral Cybersecurity program. His work has been funded by NIST (National Institute of Standards and Technology), DARPA (Defense Advanced Research Projects Agency), and the US Army Research Institute. He has provided cognitive security awareness training to the NASA Kennedy Space Center, DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group, the Voting and Misinformation Villages at DefCon, and the Black Hat USA security conference. He holds a PhD in Cognition, Perception, and Cognitive Neuroscience from the University of California, Santa Barbara, and SANS certifications in mobile device analysis (GMOB), security auditing of wireless networks (GAWN), digital forensic examination (GCFE), and GIAC Security Essentials (GSEC).", "public_name": "Matthew Canham", "guid": "0231150d-0ece-5908-afc9-22d903f1205a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8LGRDP/"}, {"code": "KMQWAH", "name": "Unnamed speaker", "avatar": null, "biography": null, "public_name": "Unnamed speaker", "guid": "0580516d-2054-5ef9-a722-2625be15974e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/KMQWAH/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WMZJTT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WMZJTT/", "attachments": []}, {"guid": "5f26a5c3-0698-56be-8304-ad0509a439c1", "code": "JBXWUF", "id": 67604, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/JBXWUF/phish_DXw78Kc.png", "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-67604-automating-phishing-infrastructure-development-using-ai-agents", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JBXWUF/", "title": "Automating Phishing Infrastructure Development Using AI Agents", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "This project investigates how attackers can now use large language models (LLMs) and AI agents to autonomously create phishing infrastructure, such as domain registration, DNS configuration, and hosting personalized spoofed websites. While earlier research has explored how LLMs can generate persuasive phishing emails, our study shifts the focus to the back-end automation of the phishing lifecycle. We evaluate how modern frontier and open-source models\u2014including Chinese models like DeepSeek and Western counterparts such as Claude Sonnet and GPT-4o\u2014perform when tasked with registering phishing domains, configuring DNS records, deploying landing pages, and harvesting credentials. The tests will be conducted with and without human intervention. We measure success through metrics like task completion rate, cost and time requirements, and the amount of human intervention required. By demonstrating how easy and low-cost it has become to scale phishing infrastructure with AI, this work underscores the growing threat of AI-powered cybercrime and highlights the urgent need for regulatory, technical, and policy countermeasures.", "description": "While much attention has been given to how large language models (LLMs) can craft convincing phishing emails, less focus has been placed on how these models can automate the underlying infrastructure of phishing campaigns. This talk presents new research demonstrating how modern AI agents\u2014powered by both frontier and open-source models such as GPT-4o, Claude Sonnet, and DeepSeek\u2014can autonomously register domains, configure DNS records, deploy spoofed landing pages, and harvest credentials, often with minimal human oversight.\r\n\r\nWe systematically evaluate these capabilities across a range of agentic tasks, measuring success by task completion rate, time and cost efficiency, level of human intervention required, and evasion of registrar and DNS-level defenses. By comparing fully autonomous runs with human-in-the-loop processes, we offer a detailed look at where automation currently excels\u2014and where it still encounters friction.\r\n\r\nOur findings suggest that phishing infrastructure, once a manual and resource-intensive process, is becoming increasingly scalable and accessible through AI. We conclude with key implications for defenders, including updated technical countermeasures, coordination strategies with registrars and hosting providers, and policy recommendations to address the growing misuse potential of advanced language models. We believe this talk will resonate with the BSides community as it highlights the often overlooked (but essential) backend components that enable phishing attacks.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QZFQ9E", "name": "Fred Heiding", "avatar": "https://pretalx.com/media/avatars/QZFQ9E_ON6zfRe.webp", "biography": "Dr. Fred Heiding is a research fellow at the Harvard Kennedy School\u2019s Belfer Center. His work focuses on computer security at the intersection of technical capabilities, business implications, and policy remediations. Fred is a member of the World Economic Forum's Cybercrime Center, a teaching fellow for the Generative AI course at Harvard Business School, and the National and International Security course at the Harvard Kennedy School. Fred has been invited to brief the US House and Senate staff in DC on the rising dangers of AI-powered cyberattacks, and he leads the cybersecurity division of the Harvard AI Safety Student Team (HAISST).\u00a0His work has been presented at leading conferences, including Black Hat, Defcon, and BSides, and leading academic journals like IEEE Access and professional journals like Harvard Business Review and Politico Cyber. He has assisted in the discovery of more than 45 critical computer vulnerabilities (CVEs). In early 2022, Fred got media attention for hacking the King of Sweden and the Swedish European Commissioner.", "public_name": "Fred Heiding", "guid": "c987616e-0024-5167-b294-f8f7227f0a53", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QZFQ9E/"}, {"code": "CLEKWT", "name": "Simon Lermen", "avatar": "https://pretalx.com/media/avatars/CLEKWT_rJam3mj.webp", "biography": "Simon is a AI security researcher who has worked on AI-powered phishing and removing safety guardrails from AI-models. He is interested in researching how AI agents could pose global catastrophic risk through cyberattacks.", "public_name": "Simon Lermen", "guid": "1087f767-fedd-50cb-bf00-2484fe87fb29", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/CLEKWT/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JBXWUF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JBXWUF/", "attachments": []}, {"guid": "0739b066-f7e7-5f4b-af9e-74dd29b0a65e", "code": "R83DQJ", "id": 67605, "logo": null, "date": "2025-08-04T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-67605-securing-ai-infrastructure-lessons-from-national-cybersecurity-strategies-and-attacks-against-other-critical-sectors", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/R83DQJ/", "title": "Securing AI Infrastructure: Lessons from National Cybersecurity Strategies and Attacks Against Other Critical Sectors", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "As artificial intelligence becomes a pillar of economic and strategic power, AI labs are emerging as the next high-value targets for espionage and cyberattacks. State actors have compromised other critical sectors, such as semiconductors and biotechnology, for decades to steal trade secrets and shift global advantage. Leading voices are now questioning the security of AI-related infrastructure. In this talk, we discuss findings from over 200 previous cyber and espionage incidents across various industries, shedding light on how and where the risks apply to the supply chain of AI models. \r\n\r\nTo complement the insights from historic attacks and evaluate present-day infrastructure security, we draw on recent research on national cybersecurity strategies of cyber powers such as the US, Australia, Singapore, and the UK. These strategies offer diverse policy approaches for defending critical infrastructure, assigning cybersecurity responsibilities, and engaging industry in proactive security efforts. While there is no universal blueprint, several recurring practices, such as workforce development, public-private collaboration, and clear cyber governance, can inform how governments and AI developers protect AI systems. We highlight which lessons translate effectively to the challenges of AI infrastructure and provide recommendations for closing policy gaps and preparing for future threats.", "description": "As artificial intelligence becomes a pillar of economic and strategic power, AI labs are emerging as the next high-value targets for espionage and cyberattacks. State and corporate actors have compromised other critical sectors, such as semiconductors, aerospace, and biotechnology, for decades to steal trade secrets and shift global advantage. Leading voices are now starting to question the security of AI-related infrastructure. In this talk, we discuss findings from over 200 previous cyber and espionage incidents across various industries, shedding light on how and where the risks apply to the supply chain of AI models. We discuss the most feasible attack patterns toward sensitive assets such as model weights, training pipelines, and proprietary data. Then, we distill actionable lessons to mitigate the most pressing threats. We also demonstrate how AI-related IP theft differs from other sectors due to the extraordinary potential for economic and strategic power gains, which heighten the incentives of attackers and increase the risk to AI organizations.\r\n\r\nTo complement the insights from historic attacks and evaluate present-day infrastructure security, we draw on recent research analyzing the national cybersecurity strategies of cyber powers such as the US, Australia, Singapore, and the United Kingdom. These strategies offer diverse policy approaches for defending critical infrastructure, assigning cybersecurity responsibilities, and engaging industry in proactive security efforts. While there is no universal blueprint, several recurring practices, such as workforce development, public-private collaboration, and clear cyber governance, can inform how governments and AI developers protect AI systems. We highlight which of these lessons translate effectively to the unique challenges of AI infrastructure and conclude with recommendations for closing current policy gaps and preparing for future threats.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QZFQ9E", "name": "Fred Heiding", "avatar": "https://pretalx.com/media/avatars/QZFQ9E_ON6zfRe.webp", "biography": "Dr. Fred Heiding is a research fellow at the Harvard Kennedy School\u2019s Belfer Center. His work focuses on computer security at the intersection of technical capabilities, business implications, and policy remediations. Fred is a member of the World Economic Forum's Cybercrime Center, a teaching fellow for the Generative AI course at Harvard Business School, and the National and International Security course at the Harvard Kennedy School. Fred has been invited to brief the US House and Senate staff in DC on the rising dangers of AI-powered cyberattacks, and he leads the cybersecurity division of the Harvard AI Safety Student Team (HAISST).\u00a0His work has been presented at leading conferences, including Black Hat, Defcon, and BSides, and leading academic journals like IEEE Access and professional journals like Harvard Business Review and Politico Cyber. He has assisted in the discovery of more than 45 critical computer vulnerabilities (CVEs). In early 2022, Fred got media attention for hacking the King of Sweden and the Swedish European Commissioner.", "public_name": "Fred Heiding", "guid": "c987616e-0024-5167-b294-f8f7227f0a53", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QZFQ9E/"}, {"code": "L9MVTF", "name": "AndrewKao", "avatar": "https://pretalx.com/media/avatars/L9MVTF_ukAnlH2.webp", "biography": "Andrew Kao is a PhD student in economics at Harvard University. His research focuses on the political economy of new technologies, such as AI and the internet. His website is https://andrew-kao.github.io/", "public_name": "AndrewKao", "guid": "aa97b37c-25ce-5d76-8b53-f915c2ea76dd", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/L9MVTF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/R83DQJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/R83DQJ/", "attachments": []}], "Copa": [{"guid": "ccffb89b-4810-5587-8773-b5e2d6330bf2", "code": "MDFBYP", "id": 72389, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "01:30", "room": "Copa", "slug": "security-bsides-las-vegas-2025-72389-setting-the-table-wargames-2027-maslow-s-hierarchy-of-needs-as-hybrid-warfare-nears", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MDFBYP/", "title": "Setting the Table - WarGames 2027 & Maslow's Hierarchy of Needs as Hybrid Warfare Nears", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-45m", "language": "en", "abstract": "Shall we play a game? This \"choose your own adventure\" session tackles the fast approaching reality of destructive cyberattacks on Lifeline Critical Functions like water, power, emergency care.", "description": "The session will share the evidence, test assumptions, explore the art of the possible, and establish a sound hierarchy of needs enabling this talent pool to best serve the public good.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JRKZLC", "name": "Bryson Bort", "avatar": "https://pretalx.com/media/avatars/JRKZLC_A2chMud.webp", "biography": "Bryson is the Founder of SCYTHE, a start-up building a next generation threat emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of critical infrastructure security. He serves on the Board of Cyber Science at West Point and is a Senior Fellow at the National Security Institute and Senior Policy Advisor for Institute of Security and Technology. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber by Business Insider, Security Executive Finalist of the Year by SC Media, four times a Tech Titan in Washington DC, and the SANS Difference Makers Award for innovator of the Year.", "public_name": "Bryson Bort", "guid": "13e7cf98-8b1f-5b0b-a699-e227feabca93", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JRKZLC/"}, {"code": "HD7PCQ", "name": "Josh Corman", "avatar": "https://pretalx.com/media/avatars/HD7PCQ_dJ03840.webp", "biography": "Joshua Corman is the founder of I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA\u2019s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council\u2019s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.", "public_name": "Josh Corman", "guid": "1c5a135a-0f0b-5591-a9de-3f2d2ab50b35", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HD7PCQ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MDFBYP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MDFBYP/", "attachments": []}, {"guid": "c53ce09a-2d40-5a7f-ab2d-991ca42495de", "code": "TYPJMU", "id": 72399, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "02:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-72399-defending-our-water-defending-our-lives", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TYPJMU/", "title": "Defending Our Water - Defending Our Lives", "subtitle": "", "track": "I Am The Cavalry", "type": "Event2HR", "language": "en", "abstract": "Water is life. \r\nIn 2025, the threat landscape facing U.S. water infrastructure has grown more severe and immediate. Following the high-profile cyber intrusions of 2024\u2014such as Volt Typhoon and Iran-linked Cyber Avengers\u20142025 has already seen a surge in attempted and successful breaches targeting municipal and rural water systems. These escalating threats are compounded by deteriorating trust and coordination between public and private sector stakeholders. This convergence of cyber vulnerability, regulatory fragility, and geopolitical tension creates a perfect storm\u2014leaving our most essential infrastructure exposed at a time when resilience is most critical.", "description": "This panel will discuss threats to the water systems and opportunities to reduce these threats. In addition, the panel will feature a discussion about Cyber-Informed Engineering, and how following certain engineering practices can materially reduce risks from a variety of sources. The panelists will also outline practical steps for mitigation, emphasizing the urgent need for cross-sector collaboration, robust contingency planning, and public awareness. The time to act is now\u2014before luck runs out.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XRE8YB", "name": "Dean Ford", "avatar": "https://pretalx.com/media/avatars/XRE8YB_K2jQw45.webp", "biography": "Over 25 years of experience in the Automation Systems industry in leadership and management positions; directed sales, operations, and administrative teams in start-up, turnaround, and high-growth environments. Extensive background in automation, information and integration initiatives, identifying critical areas within businesses, manufacturing and other areas for systems implementations. Strong, decisive, and trailblazing leader with excellent planning, analytical, organizational, and team building skills. Grow top line revenues through aligning value propositions and offerings to marketplace. Promoter of the Automation Profession through extensive volunteer work.", "public_name": "Dean Ford", "guid": "15eaf448-2f56-572f-ae14-81b9ec89fc72", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XRE8YB/"}, {"code": "UCFYY3", "name": "Virginia \u201cGinger\u201d Wright", "avatar": "https://pretalx.com/media/avatars/UCFYY3_xlnGVre.webp", "biography": "Virginia \u201cGinger\u201d Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL\u2019s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS\u2122) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.", "public_name": "Virginia \u201cGinger\u201d Wright", "guid": "c47e9417-6bb3-5a6e-9c02-0dc6a1bdde06", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UCFYY3/"}, {"code": "L87ZPR", "name": "Andrew Ohrt", "avatar": "https://pretalx.com/media/avatars/L87ZPR_u0KXwg2.webp", "biography": "Andrew is the Resilience Practice Area Lead for West Yost. Based in Duluth, MN, Andrew support Idaho National Laboratory and the American Water Works Association with the development of CIE and cybersecurity resources to support the water and wastewater sector.", "public_name": "Andrew Ohrt", "guid": "6c5abb7e-7613-50b9-90c4-0b134516adb8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/L87ZPR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TYPJMU/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TYPJMU/", "attachments": []}, {"guid": "9d62231b-f738-5021-a29a-c3496c326bdb", "code": "MSMDTM", "id": 70310, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Copa", "slug": "security-bsides-las-vegas-2025-70310-cyber-incident-command-system-cics-a-people-orchestration-layer", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MSMDTM/", "title": "Cyber Incident Command System (CICS) A people orchestration layer", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-45m", "language": "en", "abstract": "During a wildfire, tornado or hurricane, who is in charge? In the United States, the answer is the Incident Commander as defined by the National Incident Management System (NIMS). NIMS provides a method to herd cats for all types of hazards regardless of agency. While the information security community developed several incident response systems from Fortune 100 companies to MITRE, these frameworks generally address tactics of an incident, instead we present a better way. Come drink the Kool-Aid with us and bring IT into the 20th century of incident response.", "description": "We will be utilizing humor on our slides to ensure an enjoyable experience to what can be a dry concept.\r\nA fire fighter from San Diego can travel across the country to New York to respond to a wildfire in a different jurisdiction and use the same language, organizational structures, and terminology. Why can\u2019t information technology professionals make the same trip?\r\nIf cyber security professionals wish to strengthen operation capacity across the industry we need to start with speaking the same language. This will be an introduction on the language and tools of local, state, tribal and territorial governments in response to a disaster event. We will encourage information sector professionals to respond to significant events with a standardized method for organizing people and equipment. The Incident Command System is tested and utilized during disasters regardless of size, scale, or type. Police, Fire, Coastguard, Nuclear Power Plants, Hospitals, Governments, utility companies and more utilize this system to safely, flexibly, and effectively manage events of any scale. We present this system in a byte sized way to encourage investigation and discussion of this topic without getting bogged down in the details. This talk is intended to start the education process and open the discussion for those looking for a deeper way to respond to incidents.\r\nThe problems facing IT is a lack interoperability and staff safety.First, we start defining the problems of current information technology sector's response to events as the lack of interoperability, and staff safety. \r\nRegarding interoperability, most IT professionals must learn new incident response tactics upon joining a new organization, additionally turn over between staff during an incident is stressful for everyone involved. \r\nStaff Safety is not managed by organizations well causing mental and behavioral stress leading to burn out. The National incident Management System identifies roles required to support team members protecting staff and reducing stress. \r\nWe present the Incident Command System (ICS), a part of the National Incident Management System (NIMS) as a more resilient and safe option during crisis. This system improves interoperability of staff across various agencies and departments. We will describe overarching themes and concepts intended to spark interest.\r\nThe overarching themes and concepts include: Division of work into organizational structures of the Operations, Planning, Logistics, and Finance and Administration Sections, flexibility of the system to grow organically with incident complexity and scale, standardization of roles and responsibilities, and span of control defining the best supervisor worker ratios tested and proven in dangerous situations.\r\nWe then propose a work group to develop the Cyber Incident Command System (CICS) a simplified version that is compatible with the National Incident Management System enabling Information Technology teams to quickly adopt a command system for their unique situations. \r\nWe finish with a pointer to free online training in the subject for deeper investigation. \r\nWe will use clear, plain language keeping the entire talk at a level where nonpractitioners can approach the topics and understand what is discussed.", "recording_license": "", "do_not_record": false, "persons": [{"code": "U8GEQ3", "name": "Blake Scott", "avatar": "https://pretalx.com/media/avatars/U8GEQ3_g9LTnoU.webp", "biography": "Blake Scott is the Public Health Emergency Preparedness Senior Planner for a local government. Working for 7 years in disaster related work for a rural community he experienced more than 14 local disaster declarations during his career. He's incredibly passionate about serving the public and improving scientific and operational\u202fdisaster response and recovery from a sensible place. He serves as a steering committee member for his healthcare\u202fcoalition and the Healthcare and Public Health Sector Coordinating Council Cyber Working Group as a public health member. He likes hiking, mountain biking, camping, and silly gadgets which have questionable usefulness.", "public_name": "Blake Scott", "guid": "83011d2a-94e3-561a-b131-744575000423", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/U8GEQ3/"}, {"code": "ZSTFYK", "name": "Scott Fraser", "avatar": "https://pretalx.com/media/avatars/ZSTFYK_zn9LxSW.webp", "biography": "Scott has over a decade of experience in information security in offensive and defensive security teams. A majority of his experience comes from thinking like an adversary trying to infiltrate hospitals, warehouses, office buildings, and colleges. Scott has spent a considerable amount of effort developing exploits and thinking of ways to make devices do things they weren\u2019t designed to do. He has also spent time building and maintaining defenses for hospitals, K-12, secondary education, and corporate networks. \r\nScott is an active volunteer at denhac, The Denver Hackerspace. He helps manage the local network and occasionally instructs classes on various information security topics and software defined radios. When he\u2019s not sitting in front of a computer, he can commonly be found riding his adventure motorcycle in the mountains of Colorado, Utah and Arizona.", "public_name": "Scott Fraser", "guid": "4994ed28-b228-5ae0-b2de-b25a4945d4c8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZSTFYK/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MSMDTM/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MSMDTM/", "attachments": []}, {"guid": "8aea4cc8-eea8-5703-becb-33cd88f758ba", "code": "3P8AP9", "id": 67463, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/3P8AP9/cover_xTxzz7f.png", "date": "2025-08-04T17:45:00-07:00", "start": "17:45", "duration": "00:45", "room": "Copa", "slug": "security-bsides-las-vegas-2025-67463-cascading-failure-unified-defense-defending-water-power-healthcare-ems", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3P8AP9/", "title": "Cascading Failure, Unified Defense: Defending Water, Power, Healthcare, & EMS", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-45m", "language": "en", "abstract": "Life-critical systems in public safety, healthcare, and emergency services are increasingly targeted by sophisticated state-sponsored Advanced Persistent Threats (APTs). Actors like Volt Typhoon are actively pre-positioning within U.S. critical infrastructure, with confirmed access to water, wastewater systems, power generation and distribution, and telecommunications networks. These groups pose a severe risk of cascading failures that would directly impact public health, emergency medical services, and hospital operations.  This presentation dissects the tactics, techniques, and procedures (TTPs) of these APTs, explores the potential real-world consequences of compromised water utilities and power infrastructure on community safety, and offers actionable strategies for building resilient defenses and unified incident response plans, even in resource-constrained environments. We will bridge the gap between traditional Incident Command Systems (ICS) and cyber incident response, providing a roadmap for communities to enhance their preparedness against these persistent and evolving threats.", "description": "State-sponsored actors like Volt Typhoon are no longer a theoretical threat; they are actively pre-positioned within U.S. critical infrastructure. Their strategic focus on water, power, and telecommunications systems is designed to trigger devastating cascading failures across healthcare, EMS, and 911 dispatch in times of crisis.\r\n\r\nThis presentation moves beyond a purely technical discussion to confront this sobering reality head-on. It addresses the critical operational disconnect between traditional Incident Command (ICS) and modern cyber response\u2014a gap that adversaries are poised to exploit. We will explore realistic attack scenarios, tracing the domino effect from a single breach to a full-scale public safety catastrophe.\r\n\r\nAttendees will be equipped with a proven, integrated framework for defense. Key highlights include strategies to unify cyber and physical command structures and a roadmap of pragmatic, high-impact security controls that are achievable even for under-resourced agencies. This talk delivers an actionable approach to building genuine cyber-physical resilience against the sophisticated threats defining the new public safety frontline.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QGHDKV", "name": "Alexander Vanino", "avatar": "https://pretalx.com/media/avatars/QGHDKV_hooCMWP.webp", "biography": "Alex is an Information Security manager and architect with over 20 years of experience in corporate IT, site reliability, platform development and information security. Alex brings over 10 years of public safety, video SAAS and healthcare industry experience from his prior roles at RapidSOS, Vidyo and AbleTo. Currently, Alex is a Senior Platform Security Engineer at Oscar Health.\r\n\r\nAt RapidSOS, Alex led the creation of a cross-functional security team, managed a $25 million technology budget, and spearheaded innovative cloud and security solutions. Before joining RapidSOS, Alex helped build, scale and secure Vidyo\u2019s cloud offering, which allowed developers, government, corporations and hobbyists to easily bring Vidyo conferencing into their own applications. Prior to Vidyo, Alex was AbleTo\u2019s principle network architect where he was responsible for designing and building AbleTo\u2019s virtual behavioral healthcare cloud platform.\r\n\r\nAlex likes to spend his spare time volunteering as a technical adviser for the Progressive Coders Network; sharing and collaborating on innovative ideas which inspire a means to achieve racial, social, environmental and economic progress. Alex is also a Volunteer EMT, providing pre-hospital health care for the residents of his home town, Dumont, NJ.", "public_name": "Alexander Vanino", "guid": "fb03290e-fd37-5143-bfc8-27306dd5dece", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QGHDKV/"}, {"code": "XBZEAC", "name": "Ruslan Karimov", "avatar": "https://pretalx.com/media/avatars/XBZEAC_xUAFtnE.webp", "biography": "IATC presenter.", "public_name": "Ruslan Karimov", "guid": "d577d4df-dd5e-5d44-a693-190012ff565a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XBZEAC/"}], "links": [{"title": "White Paper: Cascading Failure, Unified Defense: Defending Water, Power, Healthcare, & Public Safety", "url": "https://tinyurl.com/CasFailUniDefWP", "type": "related"}], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3P8AP9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3P8AP9/", "attachments": []}, {"guid": "8fa09ab7-0bda-532f-a06b-ae6e1732b630", "code": "9JFS7X", "id": 73818, "logo": null, "date": "2025-08-04T18:30:00-07:00", "start": "18:30", "duration": "00:30", "room": "Copa", "slug": "security-bsides-las-vegas-2025-73818-can-you-hear-me-now-a-survey-of-communications-platforms-during-emergencies", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9JFS7X/", "title": "Can You Hear Me Now? A Survey of Communications Platforms During Emergencies", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-20m", "language": "en", "abstract": "In an increasingly interconnected world, the ability to communicate during emergencies\u2014especially when traditional infrastructure fails\u2014is critical. This presentation explores a range of communication options available to private citizens, focusing on both licensed and unlicensed technologies. Attendees will gain a practical understanding of tools such as Family Radio Service (FRS), General Mobile Radio Service (GMRS), Citizens Band (CB), and Amateur Radio (licensed), as well as unlicensed digital solutions like LoRa (Long Range) technology.", "description": "In an increasingly interconnected world, the ability to communicate during emergencies\u2014especially when traditional infrastructure fails\u2014is critical. This presentation explores a range of communication options available to private citizens, focusing on both licensed and unlicensed technologies. Attendees will gain a practical understanding of tools such as Family Radio Service (FRS), General Mobile Radio Service (GMRS), Citizens Band (CB), and Amateur Radio (licensed), as well as unlicensed digital solutions like LoRa (Long Range) technology.\r\n\r\nSpecial attention will be given to LoRa, a low-power, long-range wireless protocol that enables decentralized, peer-to-peer communication without reliance on cellular or internet infrastructure. The session will compare the capabilities, legal considerations, range, and use cases of each option, with an emphasis on emergency preparedness, community resilience, and ease of deployment.\r\n\r\nBy the end of the presentation, participants will be equipped with actionable knowledge to select affordable communication tools for their needs, ensuring they remain connected when it matters most.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JNJPAY", "name": "Slava I. Maslennikov", "avatar": "https://pretalx.com/media/avatars/JNJPAY_aI8toHU.webp", "biography": "Slava is an engineering leader with roots in SRE, DevOps, and Software Engineering.", "public_name": "Slava I. Maslennikov", "guid": "93a48523-28f2-5cba-856a-3de6dd51c488", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JNJPAY/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9JFS7X/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9JFS7X/", "attachments": []}, {"guid": "7be15b3b-bab6-5ce2-a030-0a7e203a3c79", "code": "YC99LU", "id": 70711, "logo": null, "date": "2025-08-04T22:00:00-07:00", "start": "22:00", "duration": "02:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-70711-queercon-mixer", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YC99LU/", "title": "Queercon Mixer", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "Queercon Mixer", "description": "Queercon Mixer", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YC99LU/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YC99LU/", "attachments": []}], "G-103": [{"guid": "6445690f-e228-58ab-a5ac-43c5b366ee82", "code": "JCQJGD", "id": 70708, "logo": null, "date": "2025-08-04T19:30:00-07:00", "start": "19:30", "duration": "02:00", "room": "G-103", "slug": "security-bsides-las-vegas-2025-70708-recovery-hackers-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JCQJGD/", "title": "Recovery Hackers, Monday", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "Not a formal 12-step meeting. Rather, a supportive gathering for folks taking Summer Camp one day at a time. Monday, Tuesday and Wednesday, 19:30-21:30 in G103. Look for the sign on a patio on the pool side of building G and enter through the patio door.", "description": "Not a formal 12-step meeting. Rather, a supportive gathering for folks taking Summer Camp one day at a time. Monday, Tuesday and Wednesday, 19:30-21:30 in G103. Look for the sign on a patio on the pool side of building G and enter through the patio door.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JCQJGD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JCQJGD/", "attachments": []}], "Hallway": [{"guid": "2ad7ee55-fad6-5e03-b9f6-1f06b9c29650", "code": "UXJNAP", "id": 70685, "logo": null, "date": "2025-08-04T07:00:00-07:00", "start": "07:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70685-info-booth-opens-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UXJNAP/", "title": "Info Booth Opens, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Info Booth Opens, Monday", "description": "Info Booth Opens, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UXJNAP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UXJNAP/", "attachments": []}, {"guid": "43bfc471-3ac8-5587-a704-c872818a1cfd", "code": "PLXCVD", "id": 70678, "logo": null, "date": "2025-08-04T07:30:00-07:00", "start": "07:30", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70678-registration-opens-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PLXCVD/", "title": "Registration Opens, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Registration Opens, Monday", "description": "Registration Opens, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PLXCVD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PLXCVD/", "attachments": []}, {"guid": "2a62eb1f-49d3-5876-a6e7-1614712dc754", "code": "NYLF9K", "id": 70689, "logo": null, "date": "2025-08-04T09:00:00-07:00", "start": "09:00", "duration": "01:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70689-skytalks-token-drop-1", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NYLF9K/", "title": "Skytalks Token Drop 1", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Skytalks Token Drop 1\r\nSkytalks token distribution for Monday MORNING sessions (10:00-11:30)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "description": "Skytalks Token Drop 1\r\nSkytalks token distribution for Monday MORNING sessions (10:00-11:30)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NYLF9K/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NYLF9K/", "attachments": []}, {"guid": "73ddeec8-2232-56dd-b5a8-93350f682286", "code": "BU3CAX", "id": 70701, "logo": null, "date": "2025-08-04T12:30:00-07:00", "start": "12:30", "duration": "01:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70701-skytalks-token-drop-2", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BU3CAX/", "title": "Skytalks Token Drop 2", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Skytalks Token Drop 2\r\nSkytalks token distribution for Monday AFTERNOON sessions (2:00-4:00 PM)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "description": "Skytalks Token Drop 2\r\nSkytalks token distribution for Monday AFTERNOON sessions (2:00-4:00 PM)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BU3CAX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BU3CAX/", "attachments": []}, {"guid": "9f326899-e1c3-5c6a-9f6d-bf48ddf4a751", "code": "MKBYQL", "id": 70686, "logo": null, "date": "2025-08-04T19:00:00-07:00", "start": "19:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70686-info-booth-closes-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MKBYQL/", "title": "Info Booth Closes, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Info Booth Closes, Monday", "description": "Info Booth Closes, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MKBYQL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MKBYQL/", "attachments": []}, {"guid": "46cf5fb6-0b8e-5e52-a4c5-cf5cd0d3dcec", "code": "SBKTXT", "id": 70680, "logo": null, "date": "2025-08-04T19:00:00-07:00", "start": "19:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70680-registration-closes-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SBKTXT/", "title": "Registration Closes, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Registration Closes, Monday", "description": "Registration Closes, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SBKTXT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SBKTXT/", "attachments": []}], "Ballroom": [{"guid": "5e94a4b7-e61f-513c-ab6e-c76d66f3bd6b", "code": "D3ZJ83", "id": 68750, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Ballroom", "slug": "security-bsides-las-vegas-2025-68750-multi-cloud-aws-azure-gcp-security-25-edition-day-one-am", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D3ZJ83/", "title": "Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day One, AM", "subtitle": "", "track": "Training Ground", "type": "Training-16h", "language": "en", "abstract": "CyberWarFare Labs workshop on \"Multi-Cloud Security\" aims to provide practical insights of the offensive / defensive techniques used by the Red & Blue Teams in an Enterprise Cloud Infrastructure. Learn from the creators of the renowned CWL RedCloud OS, a cloud adversary simulation VM, how to perform enterprise offensive / defensive operations.\r\n\r\n- As a Red Team / Penetration Tester:\r\n  Trainees will understand advanced real-world cyber attacks against major cloud vendors like AWS, MS Azure, and GCP.\r\n  Simulate Tactics, Techniques, and Procedures (TTPs) widely used by APT groups in a practical lab environment.\r\n\r\n- As a Blue Team / Defender:\r\nTrainees will learn to identify and defend against various emerging threats in a multi-cloud infra.\r\nUnderstand complex attack vectors & sophisticated compromise scenarios from a defensive mindset", "description": "To make the workshop hands-on in the real sense all the trainees will be provided with Lab Access to the Multi-Cloud Environment. Lab Architecture is designed to cover all the attacks from both aspects that are demonstrated during the sessions.\r\n\r\n### DAY 1 (8 Hrs)\r\n- Part-1 : Introduction about Multi Cloud Environment\r\n\r\n  - Module-1 : Azure Cloud Environment\r\n    - Azure Identity : Entra ID & RBAC\r\n    - O365 / Microsoft 365\r\n    - Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)\r\n\r\n  - Module-2 : AWS Cloud Environment\r\n    - Identity & Access Management\r\n    - AWS Cloud Services (IaaS, PaaS, SaaS)\r\n    - AWS identity Center\r\n\r\n  - Module-3 : GCP Cloud Environment\r\n    - GCP Identity & Access Management\r\n    - GCP Cloud Services (IaaS, PaaS, SaaS)\r\n    - Google Suite / Workspace + Cloud Identity\r\n\r\n- Part-2 : Enumeration & Initial Access on Cloud Infrastructure\r\n\r\n  - Module-1 : Unauthenticated Enumeration\r\n    - Enumerating Information from DNS Records\r\n    - Enumerating Information from Cloud Vendors\r\n    - Leaked secrets from github\r\n    - Enumeration storage & other information from OSINT\r\n\r\n  - Module-2 : Initial Access\r\n    - Exploiting Cloud Services\r\n    - Leaked Credentials\r\n    - Compromising CI/CD pipeline\r\n    - Compromising storage accounts\r\n\r\n  - Module-3 : Authenticated Enumeration : IAM, Compute & Storage\r\n    - AWS Services\r\n    - Entra ID & Azure Services\r\n    - Cloud Identity, Google Workspace, GCP Services\r\n\r\n### DAY 2 (8 Hrs)\r\n- Part-3 : Exploiting Multi-Cloud Services\r\n\r\n  - Module-1 : Exploiting Multi-Cloud Services\r\n    - AWS : cross account, within account\r\n    - Azure : service principal, cross tenant, Entra ID\r\n    - GCP : Access organization, Cloud Identity\r\n\r\n  - Module-2 : Privilege Escalation\r\n    - Elevating Privileges on AWS\r\n    - Elevating Privileges on Azure\r\n    - Elevating Privileges on GCP\r\n\r\n- Part-4 : Lateral Movement\r\n\r\n  - Module-1 : Within Multi-Cloud\r\n    - AWS, GCP, Azure to each other\r\n\r\n- Part-5 : Case Study (Multi-Cloud Red Team Simulation)\r\n  - Red Teaming in Simulated Multi-Cloud Lab (Initial Access to Data Exfiltration)\r\n\r\n###### NOTE : Attendees do not require cloud accounts, they will get access to the seamless environment & have access to the environment for 15 days with a dedicated discord channel.\r\n\r\n- Why should people attend your course?\r\n  - Practically Understand Enterprise Grade Red Team Operation Methodology in Multi-Cloud Environment\r\n  - Perform Red Team Attack Cycle in Simulated Enterprise Environment\r\n  - Stealth Lateral Movement Techniques in Multi-Cloud, Cloud to on-premise & vice-versa\r\n  - Core Services Mapping / Enumeration / Exploitation\r\n  - Create custom tools to perform manual enumeration\r\n\r\n- Student Requirements :\r\n\r\n  - Fair Knowledge of Networking and Web Technology\r\n  - Familiarity with CLI\r\n  - An Open mind (*No prior Cloud knowledge is required).\r\n\r\n- Who Should Take This Course ?\r\n  - Targeted Audience may include the following group of people:\r\n  - Penetration Testers / Red Teams\r\n  - Cloud Security Professionals\r\n  - Cloud Architects\r\n  - SOC analysts\r\n  - Threat Hunting Team\r\n  - Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud\r\n\r\n- How many years of practical experience would the ideal student have to get most out of this workshop?\r\n  - Minimum 1-3 years in Penetration Testing Domain.\r\n\r\n- What Students Should Bring?\r\n\r\n  - System with at least 16GB RAM having VMWare Workstation PRO installed\r\n  - CWL RedCloud VM With Internet Connectivity\r\n\r\n- What Students Will Be Provided With?\r\n\r\n  - Soft Copy of the Course Content.\r\n  - Great Knowledge about the Offensive Cloud Techniques used by adversaries.\r\n  - Defense Tactics & Techniques against the discussed offensive techniques.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TVGCHC", "name": "Yash Bharadwaj", "avatar": "https://pretalx.com/media/avatars/TVGCHC_7Bbj7gR.webp", "biography": "Yash Bharadwaj, doing Security R&D & Technical  Director at CyberWarFare Labs with over 7.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, simulation based teachings, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat (USA, EU, Asia), Microsoft BlueHat, Nullcon India, c0c0n India ,X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc. You can reach out to him on Twitter @flopyash", "public_name": "Yash Bharadwaj", "guid": "d9524ba0-3e43-535f-b6d0-6dad8e687abc", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/TVGCHC/"}, {"code": "PUA7XA", "name": "Manish Gupta", "avatar": "https://pretalx.com/media/avatars/PUA7XA_U6dgLEG.webp", "biography": "Training Ground Presenter.", "public_name": "Manish Gupta", "guid": "7444c704-5b21-5650-9626-eac2477a9052", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PUA7XA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D3ZJ83/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D3ZJ83/", "attachments": []}, {"guid": "0ed268a3-73da-5663-b9e3-c1ff494bc8b9", "code": "XH3PFM", "id": 73341, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Ballroom", "slug": "security-bsides-las-vegas-2025-73341-multi-cloud-aws-azure-gcp-security-25-edition-day-one-pm", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XH3PFM/", "title": "Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day One, PM", "subtitle": "", "track": "Training Ground", "type": "Training-16h", "language": "en", "abstract": "CyberWarFare Labs workshop on \"Multi-Cloud Security\" aims to provide practical insights of the offensive / defensive techniques used by the Red & Blue Teams in an Enterprise Cloud Infrastructure. Learn from the creators of the renowned CWL RedCloud OS, a cloud adversary simulation VM, how to perform enterprise offensive / defensive operations.\r\n\r\n- As a Red Team / Penetration Tester:\r\n  Trainees will understand advanced real-world cyber attacks against major cloud vendors like AWS, MS Azure, and GCP.\r\n  Simulate Tactics, Techniques, and Procedures (TTPs) widely used by APT groups in a practical lab environment.\r\n\r\n- As a Blue Team / Defender:\r\nTrainees will learn to identify and defend against various emerging threats in a multi-cloud infra.\r\nUnderstand complex attack vectors & sophisticated compromise scenarios from a defensive mindset", "description": "To make the workshop hands-on in the real sense all the trainees will be provided with Lab Access to the Multi-Cloud Environment. Lab Architecture is designed to cover all the attacks from both aspects that are demonstrated during the sessions.\r\n\r\n### DAY 1 (8 Hrs)\r\n- Part-1 : Introduction about Multi Cloud Environment\r\n\r\n  - Module-1 : Azure Cloud Environment\r\n    - Azure Identity : Entra ID & RBAC\r\n    - O365 / Microsoft 365\r\n    - Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)\r\n\r\n  - Module-2 : AWS Cloud Environment\r\n    - Identity & Access Management\r\n    - AWS Cloud Services (IaaS, PaaS, SaaS)\r\n    - AWS identity Center\r\n\r\n  - Module-3 : GCP Cloud Environment\r\n    - GCP Identity & Access Management\r\n    - GCP Cloud Services (IaaS, PaaS, SaaS)\r\n    - Google Suite / Workspace + Cloud Identity\r\n\r\n- Part-2 : Enumeration & Initial Access on Cloud Infrastructure\r\n\r\n  - Module-1 : Unauthenticated Enumeration\r\n    - Enumerating Information from DNS Records\r\n    - Enumerating Information from Cloud Vendors\r\n    - Leaked secrets from github\r\n    - Enumeration storage & other information from OSINT\r\n\r\n  - Module-2 : Initial Access\r\n    - Exploiting Cloud Services\r\n    - Leaked Credentials\r\n    - Compromising CI/CD pipeline\r\n    - Compromising storage accounts\r\n\r\n  - Module-3 : Authenticated Enumeration : IAM, Compute & Storage\r\n    - AWS Services\r\n    - Entra ID & Azure Services\r\n    - Cloud Identity, Google Workspace, GCP Services\r\n\r\n### DAY 2 (8 Hrs)\r\n- Part-3 : Exploiting Multi-Cloud Services\r\n\r\n  - Module-1 : Exploiting Multi-Cloud Services\r\n    - AWS : cross account, within account\r\n    - Azure : service principal, cross tenant, Entra ID\r\n    - GCP : Access organization, Cloud Identity\r\n\r\n  - Module-2 : Privilege Escalation\r\n    - Elevating Privileges on AWS\r\n    - Elevating Privileges on Azure\r\n    - Elevating Privileges on GCP\r\n\r\n- Part-4 : Lateral Movement\r\n\r\n  - Module-1 : Within Multi-Cloud\r\n    - AWS, GCP, Azure to each other\r\n\r\n- Part-5 : Case Study (Multi-Cloud Red Team Simulation)\r\n  - Red Teaming in Simulated Multi-Cloud Lab (Initial Access to Data Exfiltration)\r\n\r\n###### NOTE : Attendees do not require cloud accounts, they will get access to the seamless environment & have access to the environment for 15 days with a dedicated discord channel.\r\n\r\n- Why should people attend your course?\r\n  - Practically Understand Enterprise Grade Red Team Operation Methodology in Multi-Cloud Environment\r\n  - Perform Red Team Attack Cycle in Simulated Enterprise Environment\r\n  - Stealth Lateral Movement Techniques in Multi-Cloud, Cloud to on-premise & vice-versa\r\n  - Core Services Mapping / Enumeration / Exploitation\r\n  - Create custom tools to perform manual enumeration\r\n\r\n- Student Requirements :\r\n\r\n  - Fair Knowledge of Networking and Web Technology\r\n  - Familiarity with CLI\r\n  - An Open mind (*No prior Cloud knowledge is required).\r\n\r\n- Who Should Take This Course ?\r\n  - Targeted Audience may include the following group of people:\r\n  - Penetration Testers / Red Teams\r\n  - Cloud Security Professionals\r\n  - Cloud Architects\r\n  - SOC analysts\r\n  - Threat Hunting Team\r\n  - Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud\r\n\r\n- How many years of practical experience would the ideal student have to get most out of this workshop?\r\n  - Minimum 1-3 years in Penetration Testing Domain.\r\n\r\n- What Students Should Bring?\r\n\r\n  - System with at least 16GB RAM having VMWare Workstation PRO installed\r\n  - CWL RedCloud VM With Internet Connectivity\r\n\r\n- What Students Will Be Provided With?\r\n\r\n  - Soft Copy of the Course Content.\r\n  - Great Knowledge about the Offensive Cloud Techniques used by adversaries.\r\n  - Defense Tactics & Techniques against the discussed offensive techniques.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TVGCHC", "name": "Yash Bharadwaj", "avatar": "https://pretalx.com/media/avatars/TVGCHC_7Bbj7gR.webp", "biography": "Yash Bharadwaj, doing Security R&D & Technical  Director at CyberWarFare Labs with over 7.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, simulation based teachings, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat (USA, EU, Asia), Microsoft BlueHat, Nullcon India, c0c0n India ,X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc. You can reach out to him on Twitter @flopyash", "public_name": "Yash Bharadwaj", "guid": "d9524ba0-3e43-535f-b6d0-6dad8e687abc", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/TVGCHC/"}, {"code": "PUA7XA", "name": "Manish Gupta", "avatar": "https://pretalx.com/media/avatars/PUA7XA_U6dgLEG.webp", "biography": "Training Ground Presenter.", "public_name": "Manish Gupta", "guid": "7444c704-5b21-5650-9626-eac2477a9052", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PUA7XA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XH3PFM/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XH3PFM/", "attachments": []}], "Pearl": [{"guid": "ef6864fc-e074-5314-9d73-7d3913fcb1dd", "code": "VZH78P", "id": 68794, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Pearl", "slug": "security-bsides-las-vegas-2025-68794-introduction-to-cryptographic-attacks", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VZH78P/", "title": "Introduction to Cryptographic Attacks", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with a tool written in Python to execute the attacks. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap. The exercises will range from decrypting ciphertext to recovering private keys from public key attacks allowing us to create TLS cert private key and ssh private key files.", "description": "This workshop will discuss the theory and practice of cryptographic attacks. We start with symmetric key cryptographic attacks starting with stream ciphers and how reuse of keystream can lead to exposing the plaintext. From there we move on to other symmetric key attacks.\r\n\r\nAfter the symmetric key attacks, we move on to the public key attacks that will primarily focus on private key recovery. Attacks on the keys will also include exporting to standard private key files. Many of these attacks can even be relevant to TLS and ssh as we will discuss.", "recording_license": "", "do_not_record": false, "persons": [{"code": "PJKYNQ", "name": "Matt Cheung", "avatar": "https://pretalx.com/media/avatars/PJKYNQ_xc2qGTC.webp", "biography": "Matt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt.  This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges.  From this experience he has given workshops at the Boston Application Security Conference, BSidesLV,  DEF CON, and the Crypto and Privacy Village. He now serves on the programming committee of the Crypto and Privacy Village.", "public_name": "Matt Cheung", "guid": "61a079a2-0738-573c-84f5-5533f3f90d29", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PJKYNQ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VZH78P/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VZH78P/", "attachments": []}, {"guid": "f3f4f2e4-c6ad-5c02-8630-d46b95c653fc", "code": "RNF79D", "id": 67744, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Pearl", "slug": "security-bsides-las-vegas-2025-67744-workshop-on-cybersecurity-policy-in-practice", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RNF79D/", "title": "Workshop on Cybersecurity Policy in Practice", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "The goal of this workshop is to deepen participants' understanding of cybersecurity policy by exploring foundational concepts, hard problems, and problem solving by stepping into the roles of different stakeholders involved in policymaking. The workshop has interactive activities like fishbowl discussions and stakeholder breakout sessions, where participants will have the opportunity to learn from key policymakers, critically analyze various approaches to cybersecurity policy, debate their effectiveness, and collaborate with each other on policy recommendations. At the end of the workshop, participants will be able to tackle complexities between technical and policy aspects of cybersecurity and identify practical strategies to address existing challenges in the field.", "description": "The workshop is divided into four sessions \u2013 lecture, fishbowl activity, deep dive, and stakeholder breakout. Each of the lecture and deep dive sessions will be 45 minutes each, with 5 minutes for questions while the activity sessions are being set up. \r\n\r\n[45 minutes] Session 1: Expert Lecture \r\n[5 minutes] Q&A and Activity Setup \r\n\r\n[1 hour] Session 2: Fishbowl Activity \r\n\r\n[20 minutes] Break \r\n\r\n[45 minutes] Session 3: Deep Dive \r\n[5 minutes] Q&A and Activity Setup\r\n\r\n[1 hour] Session 4: Stakeholder Breakout Activity", "recording_license": "", "do_not_record": false, "persons": [{"code": "WUZLEA", "name": "Jayati Dev", "avatar": "https://pretalx.com/media/avatars/WUZLEA_ratSovR.webp", "biography": "Jayati Dev is a Public Policy Researcher in the Comcast Cybersecurity research team, helping develop policy and processes for cybersecurity issues in emerging technologies. She holds a PhD in Security Informatics from Indiana University Bloomington where she worked on privacy-preserving technologies in conversational platforms. She has several publications in cybersecurity and is a board member for Society for Cable Telecommunications Engineers New England.", "public_name": "Jayati Dev", "guid": "c85e7ea5-bf1f-5c9b-b205-7017b0698bd2", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/WUZLEA/"}, {"code": "DXEWHJ", "name": "Vaibhav Garg", "avatar": "https://pretalx.com/media/avatars/DXEWHJ_Wi3EFVG.webp", "biography": "Vaibhav Garg is the Executive Director of Cybersecurity & Privacy Research and Public Policy Research at Comcast Cable. He has a PhD in Security Informatics from Indiana University and a M.S. in Information Security from Purdue University. His research investigates the intersection of cybersecurity, economics, and public policy. He has co-authored over thirty peer reviewed publications and received the best paper award at the 2011 eCrime Researcher's Summit for his work on the economics of cybercrime. He previously served as the Editor in Chief of ACM Computers & Society, where he received the ACM SIGCAS Outstanding Service Award.", "public_name": "Vaibhav Garg", "guid": "820655b2-04ec-5935-901c-53a6fac08530", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DXEWHJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RNF79D/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RNF79D/", "attachments": []}], "Opal": [{"guid": "632704cc-3817-5a40-bf1f-28505f364209", "code": "E7XNDF", "id": 69442, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Opal", "slug": "security-bsides-las-vegas-2025-69442-from-command-line-to-center-stage-hack-your-way-to-confident-speaking", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E7XNDF/", "title": "From Command Line to Center Stage: Hack Your Way to Confident Speaking", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "Does the thought of public speaking make you sweat more than a server room in July? You\u2019re not alone! Whether you're a first-time speaker or looking to level up your confidence, this hands-on workshop will help you ditch the nerves and own the stage. Led by a seasoned speaker with 400+ presentations under their belt and training from world-class Toastmasters, this session is your chance to turn stage fright into stage might. And yes, EVERYONE will speak! Get ready to build confidence, engage your audience, and deliver a three-minute talk like a pro. Are you in?\"", "description": "Public speaking is a skill that can elevate your career, expand your influence, and help you deliver impactful messages with clarity and confidence. Whether you're stepping onto the stage for the first time or looking to refine your delivery, this interactive workshop will equip you with the tools to present with poise and purpose.\r\n\r\nLed by a seasoned speaker with 20 years of experience, over 400 presentations delivered in the past five years, and training from world-class Toastmasters, this workshop is created to help you towards conquering stage fright, structure your thoughts effectively, and engage your audience with confidence. Drawing from a deep background in cybersecurity and professional speaking, this hands-on experience will push you out of your comfort zone\u2014in the best way possible.\r\n\r\nBy the end of the session, everyone will take the stage, delivering a short three-minute presentation while receiving constructive feedback in a supportive environment. You\u2019ll walk away with practical techniques to control nerves, project authority, and own the room. If you\u2019re ready to amplify your voice and master the art of public speaking, this workshop is for you!", "recording_license": "", "do_not_record": false, "persons": [{"code": "MRCCCG", "name": "Erich Kron", "avatar": "https://pretalx.com/media/avatars/MRCCCG_5kcT4Zr.webp", "biography": null, "public_name": "Erich Kron", "guid": "f676a6e1-b6ec-57aa-8d7e-e8e960caef2a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MRCCCG/"}, {"code": "ACWUBD", "name": "James McQuiggan", "avatar": "https://pretalx.com/media/avatars/ACWUBD_FjDOfvC.webp", "biography": "James McQuiggan has over 20 years of experience in cybersecurity and is currently Security Awareness Advocate for KnowBe4. Prior to joining KnowBe4, McQuiggan worked at Siemens in the Energy and Wind Divisions. Over the years he has held various cybersecurity roles, including consulting on cybersecurity standards, information security awareness, incident response and securing industrial control system networks.\r\nMcQuiggan is a part-time faculty professor at Full Sail University, teaching Cyber Threat Intelligence. He also volunteers with ISC2, including member of the North American Region Advisory Council and past president of the ISC2 Central Florida Chapter.", "public_name": "James McQuiggan", "guid": "68eaf56a-8160-58a9-99f4-93a2d7c6a6dd", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ACWUBD/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E7XNDF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E7XNDF/", "attachments": []}, {"guid": "7d97c21d-aa01-581d-a23d-3416130d82cd", "code": "G33FLE", "id": 67798, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/G33FLE/CIE_L_uYGxKSh.png", "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Opal", "slug": "security-bsides-las-vegas-2025-67798-engineering-cyber-resilience-for-the-water-sector", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/G33FLE/", "title": "Engineering Cyber Resilience for the Water Sector", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "What Engineers Need to Know About Cyber and Why (and are not getting this in school).\r\nThis workshop uses a case study of a hypothetical engineering project to support discussion and application of the principles for Cyber-Informed Engineering  (CIE) throughout the workshop. The scenario draws from a selection of real-world case studies, is fictional, and is crafted to support the application of CIE principles. Workshop participants get a workbook to structure their journey, capture insights and lessons learned, and provide a useful takeaway item that can further conversations after the event. \r\nThis is a hands-on workshop filled with exercises to develop understanding of the principles of Cyber Informed Engineering. This training event is designed for anyone who is interested in learning a methodology of designing out cyber-risk before a system is placed into operation.", "description": "This training session emerges from the Idaho National Laboratory Cyber Informed Engineering project, a Department of Energy supported effort to improve system resilience and risk reduction through design efforts to include cyber risks alongside other engineering considered hazards. Previous versions of this course have been conducted using different specific engineering problems to local industry groups. This class is a product from those experiences. The diversity of the BSidesLV attendee base will make this class much more engaging than an industry specific audience.\r\n\r\nCyber-Informed Engineering (CIE) offers an opportunity to \u201cengineer out\u201d some cyber risk across the entire system lifecycle, starting from the earliest possible phases of conceptual design and requirements development and system design\u2014the most optimal times to introduce mitigations against cyber risk. CIE is an emerging method to integrate cybersecurity risk considerations into the conception, design, development, and operation of any physical system that has digital connectivity, monitoring, or control. CIE uses design decisions and engineering controls to mitigate or even eliminate avenues for cyber-enabled attacks or reduce the consequences when an attack occurs. In the same way that engineers design systems for safety, engineers informed by CIE use similar methods to prevent or lessen the impact of a cyber-attack. CIE also allows the engineers to advise the approaches used by specialized Information Technology (IT) and Operational Technology (OT) cybersecurity experts to align cybersecurity mitigations to the most critical consequences identified by the engineers. \r\n\r\nWhat are the 12 principles of CIE?\r\n1. Consequence-Focused Design \r\n2. Engineered Controls \r\n3. Secure Information Architecture \r\n4. Design Simplification \r\n5. Layered Defenses \r\n6. Active Defense \r\n7. Interdependency Evaluation \r\n8. Digital Asset Awareness \r\n9. Cyber-Secure Supply Chain Controls \r\n10. Planned Resilience \r\n11. Engineering Information Control \r\n12. Organizational Culture \r\n\r\nThe purpose of the training is to help people understand how to use these principles during engineering design to design out many sources of cyber risk. The hands-on workshop engages participants in a journey that helps improve their skills in designing out issues that would later potentially affect cyber risk.\r\n\r\nThe session begins with a presentation of the principles for Cyber Informed Engineering and leads thoughts with an initiating question to prompt thoughts and actions for each principle. The scenario used to facilitate discussion is then presented, providing a template upon which the principles can then be addressed. The exercise then moves through the 12 principles where each is given an overview by one of the facilitators. What follows next is small group exercise tasks designed to facilitate the operationalization of each principle. The facilitators help the groups advance their discussion and learning. The training exercise concludes with a lessons-learned discussion.\r\n\r\nReferences:\r\nU.S. Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Cyber Informed Engineering Implementation Guide. Version 1.0, August 7, 2023. https://www.osti.gov/biblio/1995796.\r\nTechnical Report: Cyber-Informed Engineering Workbook: CIE Hands-On Training. Cyber-Informed Engineering Workbook: CIE Hands-On Training. May 29, 2024. https://www.osti.gov/biblio/2371031.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XF7YZE", "name": "Art Conklin", "avatar": "https://pretalx.com/media/avatars/XF7YZE_JVvMVz2.webp", "biography": "Dr. Kitty is a Professor Emeritus at the University of Houston, joint appointee at Idaho National Laboratory. An internationally recognized expert in cybersecurity for operational technology (OT) systems and critical infrastructures. He is also recognized as a national leader in the development of educational programs in industrial control systems cybersecurity. \r\nTaught 20 different classes (5 undergraduate, 15 graduate classes) over 19 years. \r\nPublished 6 books on cybersecurity.\r\nSpeaker at numerous conferences including regional BSides, DefCon ICS Village, Hack the Capital, RSAC (twice).", "public_name": "Art Conklin", "guid": "ff2a07e1-a8bf-5f70-ac04-81517e454718", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XF7YZE/"}, {"code": "UCFYY3", "name": "Virginia \u201cGinger\u201d Wright", "avatar": "https://pretalx.com/media/avatars/UCFYY3_xlnGVre.webp", "biography": "Virginia \u201cGinger\u201d Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL\u2019s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS\u2122) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.", "public_name": "Virginia \u201cGinger\u201d Wright", "guid": "c47e9417-6bb3-5a6e-9c02-0dc6a1bdde06", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UCFYY3/"}, {"code": "L87ZPR", "name": "Andrew Ohrt", "avatar": "https://pretalx.com/media/avatars/L87ZPR_u0KXwg2.webp", "biography": "Andrew is the Resilience Practice Area Lead for West Yost. Based in Duluth, MN, Andrew support Idaho National Laboratory and the American Water Works Association with the development of CIE and cybersecurity resources to support the water and wastewater sector.", "public_name": "Andrew Ohrt", "guid": "6c5abb7e-7613-50b9-90c4-0b134516adb8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/L87ZPR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/G33FLE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/G33FLE/", "attachments": []}], "Emerald": [{"guid": "264c55a4-52e6-5bb1-b0f2-67823d5065fb", "code": "RTRQJA", "id": 68669, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Emerald", "slug": "security-bsides-las-vegas-2025-68669-building-your-own-ca-infrastructure-on-cheap-hsms", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RTRQJA/", "title": "Building your own CA infrastructure on cheap HSMs", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "Practical HSMs are cheap, and you just don\u2019t know it. Government adoption of PIV and CAC has driven prices of PKCS#11 devices down, and you don\u2019t need an expensive enterprise HSM for your offline root signing key.\r\n\r\nFurther, widespread support for Name Constraints on Trust Anchors has finally arrived - So you can deploy a private CA to your client devices without affecting the public roots of trust, making it safer than ever to run your own PKI.\r\n\r\nThis workshop will be a walk through in setting up a full solution for generating a CA contained on a Yubikey, issuing intermediates used for online signing, and distributing said certificates to applications and end-user devices.", "description": "This workshop teaches people to create their own Root Certificate. The key is stored on a Yubikey. The certificate includes name constraints suitable for including in a system trust store, both in your k8s pods and user devices.\r\n\r\nWe then mint further name-constrained certificates used as online intermediates for each of user identity and pods. These intermediates can be stored online, or stored on their own HSMs.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TM9HZX", "name": "Mark Hahn", "avatar": "https://pretalx.com/media/avatars/TM9HZX_1ksqiYR.webp", "biography": "Training Ground Presenter.", "public_name": "Mark Hahn", "guid": "53b93080-2490-540a-b9a1-2d8d9c80ab49", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/TM9HZX/"}, {"code": "BHJ8RA", "name": "Ted Hahn", "avatar": "https://pretalx.com/media/avatars/BHJ8RA_b44rat3.webp", "biography": "Ted Hahn is an experienced Site Reliability engineer who previously worked at Google, Facebook, and Houseparty. He currently works as an independent consultant helping startups do cloud.", "public_name": "Ted Hahn", "guid": "011076c5-ff19-5610-a8aa-68c3103f0531", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/BHJ8RA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RTRQJA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RTRQJA/", "attachments": []}, {"guid": "d03f1e40-98ba-5ace-94ba-3563a7d2b77a", "code": "JELG8P", "id": 67186, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Emerald", "slug": "security-bsides-las-vegas-2025-67186-cyber-threat-landscaping-workshop", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JELG8P/", "title": "Cyber Threat Landscaping Workshop", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "In the digital age, cybersecurity is crucial for businesses and customers. This workshop aims to equip various business functions with the knowledge and tools to analyze and update their threat landscapes, enhancing overall security and customer trust. Participants will gain a solid foundation in cyber threat intelligence, learning to identify threat actors, tools, and assets. They will understand the importance of threat landscapes and how to analyze and prioritize them effectively. The workshop will guide attendees through creating and updating their specific threat landscapes, incorporating best practices for continuous improvement and new intelligence. Through interactive discussions and group activities, participants will develop a heightened sense of trust and be empowered to promote this trust within their teams, products, and the broader industry. Enhance your company's reputation as a secure and trusted partner in the digital age.", "description": "In today's digital age, cybersecurity is a critical concern for businesses and customers alike. Understanding and navigating the cyber threat landscape is essential for maintaining the integrity of your platforms and products. This workshop is designed to equip different business functions with the knowledge and tools necessary to analyze and update their threat landscapes, thereby enhancing our overall security posture and building greater trust with our customers. Participants will gain a solid foundation in cyber threat intelligence, including the identification of threat actors, tools, assets, and others. Participants will learn the significance of threat landscapes and how to effectively analyze and prioritize threats.\r\nAttendees will be guided through the process of creating and updating their specific threat landscapes, incorporating best practices for continuous improvement and new intelligence. Through interactive discussions and group activities, participants will leave with a heightened sense of trust and be equipped to promote this trust within their teams, products, and the broader industry. Together, we can enhance your companies reputation as a secure and trusted partner in the digital age.", "recording_license": "", "do_not_record": false, "persons": [{"code": "VANRYE", "name": "Alexis Womble", "avatar": "https://pretalx.com/media/avatars/VANRYE_DOkBXi2.webp", "biography": "Alexis Womble has been part of Autodesk's Cyber Threat Intelligence team for 5 years. She holds a bachelor's in IT with a minor in Business Administration and is pursuing an MBA. She is also the Global Co-Lead for Autodesks MIND Network, encouraging Mental Inclusion, Neurodiversity, and Disability Awareness. Alexis has spoken at various internal and external events in the past. Passionate about helping others, she offers advice on breaking into I.T., sharing productivity tips, and making Security accessible to everyone. Outside of work, she enjoys cats, coffee, and reading.", "public_name": "Alexis Womble", "guid": "c80c90ef-8307-59eb-a189-33abaa3e66e7", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/VANRYE/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JELG8P/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JELG8P/", "attachments": []}], "Diamond": [{"guid": "b187d2fc-8db2-52dd-80e8-feb6c80919ce", "code": "QGYKQ3", "id": 69650, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Diamond", "slug": "security-bsides-las-vegas-2025-69650-cybersecurity-roleplaying-training-design-implement-engaging-incident-response-exercises", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QGYKQ3/", "title": "Cybersecurity Roleplaying Training: Design & Implement Engaging Incident Response Exercises", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "Tired of boring tabletop exercises that put your team to sleep? Transform incident response training with an innovative roleplaying framework inspired by tabletop RPGs. This hands-on workshop guides you through designing engaging cybersecurity exercises using dice rolls, character abilities, and dynamic scenarios.\r\n\r\nIn this 4-hour session, you'll experience this approach through demonstration, then develop your own scenarios in small groups. Learn to create character roles with unique abilities, design realistic incident response challenges using the MITRE ATT&CK framework, and craft unexpected events that keep participants engaged.\r\n\r\nThis approach emphasizes the human elements of incident response, making it accessible to both technical and non-technical audiences. Groups will test each other's scenarios, providing immediate feedback for refinement.\r\n\r\nYou'll leave with a ready-to-implement scenario, facilitation skills as a \"Incident Master,\" and community resources for continued development. Whether you're responsible for team training or building security culture, this workshop provides practical tools to make incident response training both fun and effective.", "description": "This intensive 4-hour workshop introduces cybersecurity professionals to an innovative roleplaying approach for incident response training. Moving beyond traditional tabletop exercises, participants will learn to design and implement dynamic scenarios that simulate the pressure, uncertainty, and collaborative decision-making required during real security incidents.\r\n\r\n## Workshop Value Proposition\r\n\r\nTraditional IR exercises often fail to create authentic crisis environments or fully engage technical staff. This workshop presents a solution through:\r\n\r\n- Character-based roleplaying that builds cross-functional understanding\r\n- Game mechanics that simulate the uncertainty of real incidents\r\n- Dynamic scenarios that evolve based on team decisions\r\n- Collaborative problem-solving under realistic time constraints\r\n\r\n## Workshop Structure\r\n\r\n### Foundations (1 hour)\r\n\r\nAfter brief introductions, participants learn core incident response roleplaying mechanics including character roles, action resolution, and facilitation techniques. A live demonstration with volunteers showcases how these mechanics create realistic incident dynamics.\r\n\r\n### Scenario Development (1 hour 15 minutes)\r\n\r\nParticipants learn IR scenario design principles focused on:\r\n\r\n- Accurately representing attack patterns using MITRE ATT&CK\r\n- Creating realistic incident detection and investigation challenges\r\n- Simulating stakeholder management during incidents\r\n- Balancing technical accuracy with engaging gameplay\r\n\r\nSmall groups then generate incident scenarios tailored to specific IR challenges like ransomware response, data breaches, or insider threats.\r\n\r\n### Hands-On Development (1 hour)\r\n\r\nGroups develop detailed IR scenarios including:\r\n\r\n- Escalation patterns reflecting real attacker behavior\r\n- Decision points that test IR policies and procedures\r\n- \"Injects\" simulating stakeholder demands and technical complications\r\n- Round structures reflecting detection, containment, and recovery phases\r\n\r\n### Implementation and Practice (30 minutes)\r\n\r\nGroups exchange scenarios for brief playtesting, providing immediate feedback. Participants then develop implementation plans for their own organizations, addressing team size, technical skill variance, and integration with existing IR programs.\r\n\r\n### Conclusion (15 minutes)\r\n\r\nThe workshop concludes with key takeaways and resources for continued development.\r\n\r\n## IR Training Focus\r\n\r\nThis workshop specifically addresses common IR training challenges:\r\n\r\n- Simulating the pressure of time-sensitive security decisions\r\n- Practicing stakeholder communications during incidents\r\n- Building cross-functional teamwork between technical and non-technical roles\r\n- Testing incident playbooks in unexpected scenarios\r\n- Creating safe environments to practice difficult decision-making\r\n- Developing empathy for various roles in the incident response process\r\n\r\nParticipants leave with ready-to-implement IR scenarios designed to test and strengthen their organization's incident response capabilities through engaging, realistic simulations that go beyond traditional tabletops.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JZ8NCF", "name": "Klaus Agnoletti", "avatar": "https://pretalx.com/media/avatars/JZ8NCF_Aih2i3t.webp", "biography": "Klaus Agnoletti has been an all-round infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides K\u00f8benhavn in 2019. \r\n\r\nCurrently he's a freelance storytelling cyber security advisor specializing in security transformation and community focused marketing, employer branding, playing security games  and other fun assignments and ideas coming his way. \r\n\r\nLately he has also become a neurodiversity advocate speaking about ADHD to educate and break down taboos in an industry with a vast overrepresentation of neurodiversity and not very many talking about it.", "public_name": "Klaus Agnoletti", "guid": "97865f70-b8ae-51b2-b463-29887514404a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JZ8NCF/"}, {"code": "J3PRCC", "name": "Glen Sorensen", "avatar": "https://pretalx.com/media/avatars/J3PRCC_2Vu87sY.webp", "biography": "Glen Sorensen is a Virtual Chief Information Security Officer (vCISO) with Cyber Risk Opportunities. He has worn numerous hats in his career, in areas such as security engineering and architecture, security operations, GRC, and leadership. He has held a variety of roles as an analyst, engineer, consultant, auditor, regulator, and information security officer for a financial institution.\r\n\r\nGlen approaches problems with practical solutions that bring good business value and has worked across many sectors, including financial services, healthcare, manufacturing, and others. He has served as a consulting expert in a large legal case involving healthcare and cyber attack detection technology. He has been in IT and security for 15+ years, longer if you count years of misspent youth bending technology and countless hours of roleplaying games. He is a sucker for a good tabletop exercise and serves as an Incident Master for HackBack Gaming, the fun kind of TTX.", "public_name": "Glen Sorensen", "guid": "b3a24141-a593-5cb2-b2f2-84110e0c2875", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/J3PRCC/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QGYKQ3/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QGYKQ3/", "attachments": []}, {"guid": "d4dd7216-8ca6-5a1f-bdc6-afda985c2c00", "code": "J98WLE", "id": 70267, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Diamond", "slug": "security-bsides-las-vegas-2025-70267-from-code-to-cloud-securing-your-stack-with-open-source-tools", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/J98WLE/", "title": "From Code to Cloud: Securing Your Stack with Open-Source Tools", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "In a world where every Formula 1 team is sponsored by a security vendor\u2026 can open-source still hold pole position?\r\n\r\nWhile big vendors chase attention with AI-fueled promises and enterprise price tags, most teams just need tools that work\u2014and won\u2019t wreck the budget. This workshop shows you how to build a practical, full-spectrum security stack using battle-tested open-source tools.\r\n\r\nYou\u2019ll see live demos of tools like Trivy, GitLeaks, Checkov, ZAP, and OpenGrep, securing every layer from code to cloud. We\u2019ll unpack real attack paths\u2014like Log4Shell, dependency poisoning, and leaked secrets\u2014and show how to detect and stop them early.\r\n\r\nYou\u2019ll leave with a blueprint for integrating OSS tools into your workflow via CI/CD, IDEs, and pre-commit hooks, plus guidance on when free tools are enough\u2014and when to go commercial.\r\n\r\nIf you\u2019ve ever asked, \u201cDo I really need to spend six figures to be secure?\u201d\u2014this is your answer.", "description": "In a world where every Formula 1 team is backed by a security vendor, you might wonder: can open-source tools still compete\u2014or are you just spinning your wheels?\r\n\r\nThis workshop is for the builders, breakers, and defenders who want practical answers\u2014not just enterprise-grade promises wrapped in AI buzzwords. Modern applications are built fast, assembled from open-source packages, deployed via IaC, and run in complex cloud environments. Every step adds attack surface\u2014and attackers know it.\r\n\r\nBut good security doesn\u2019t have to start with a procurement call.\r\n\r\nIn this session, we\u2019ll walk through how to build a high-quality, layered security program using open-source tools. You\u2019ll see live demos of tools like:\r\n- Trivy for container and dependency scanning (SCA),\r\n- GitLeaks and TruffleHog for secrets detection (even buried in git history),\r\n- Checkov for infrastructure-as-code scanning,\r\n- ZAP and Nuclei for DAST and API testing,\r\n- Bandit and OpenGrep for static analysis (SAST),\r\n- And Zen for runtime protection via in-app firewalls.\r\n\r\nEach tool will be shown in context\u2014with real examples of how attackers exploit vulnerabilities in the wild: poisoned packages, typosquatting, exposed secrets, and cascading misconfigurations. We\u2019ll explore famous breaches (like Log4Shell, EventStream, and Twitch\u2019s git leak) and dissect how open-source tools could have detected or blocked the compromise.\r\n\r\nYou'll learn how to:\r\n- Chain these tools together with CI/CD pipelines, Git hooks, and IDEs,\r\n- Choose when to \u201cbuild vs. buy\u201d,\r\n- And design a Minimal Viable Security Stack that offers solid coverage without budget strain.\r\n\r\nWe\u2019ll also cover the limitations of OSS tools\u2014because yes, you\u2019ll miss some dashboards, reporting, and support\u2014but for many teams, those are trade-offs worth making. Especially when the alternative is no security at all.\r\n\r\nThis workshop is ideal for:\r\n- Developers looking to shift security left without killing velocity,\r\n- Security engineers who need effective, budget-conscious coverage,\r\n- Startups and small teams who want the protection, not the pitch.\r\n\r\nBy the end, you\u2019ll have a working blueprint, tool configurations, and clarity on what matters most. Whether you\u2019re a lone dev or scaling a team, this session will give you the tactical toolkit to secure what you build\u2014with tools the community trusts.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9HP7KM", "name": "Mackenzie Jackson", "avatar": "https://pretalx.com/media/avatars/9HP7KM_KRUq4ws.webp", "biography": "Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido Security to help developers and DevOps engineers build secure systems. He also shares his knowledge as a contributor to many technology publications like Dark Reading, Financial Times, and Security Boulevard and was featured as an expert in the documentary \u201cLogins aus dem Darknet\u201d (EN: Logins from the Darknet).", "public_name": "Mackenzie Jackson", "guid": "b62403e8-175f-511c-b503-ac8662eb0ae8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9HP7KM/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/J98WLE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/J98WLE/", "attachments": []}], "Boardroom": [{"guid": "e8940b1b-cf56-53ae-9896-9098a88cf1f6", "code": "PET8DL", "id": 75077, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Boardroom", "slug": "security-bsides-las-vegas-2025-75077-career-campaigns-a-tabletop-rpg-workshop-for-your-next-infosec-role-monday-am", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PET8DL/", "title": "Career Campaigns: A Tabletop RPG Workshop for Your Next Infosec Role, Monday AM", "subtitle": "", "track": "Training Ground", "type": "Training-8h", "language": "en", "abstract": "Join us for a Role-Playing Game with real-world wins! Participants will transform their current \"character sheet\" into a freshly reskilled hero ready to take on any cybersec hiring process.\r\n\r\n\u201cYou're new to these parts, traveler. Want to join my party? We\u2019re defending the castle, but we don\u2019t have enough heroes to \u2013 wait. Where\u2019s your sword?! You can\u2019t defend with a *lute*!\u201d \r\n\r\nActually, you *can.* \r\n\r\nSee, I faced that same skepticism from hiring managers:  no IT or cyber background, so I clearly didn't have what it took.\r\n\r\nAfter a slew of rejections, I found some old 20-sided-dice\u2026 and realized I needed to completely reframe my previous career. \r\n\r\nNow? I\u2019m a threat intel analyst at a major insurance provider, translating research into actionable recommendations for the business.\r\n\r\nLet me show you how you, too, can pivot into a new role.\r\n\r\nI\u2019ll guide participants through a modern hiring process RPG as they reskill their classes and adjust their strategy to win a coveted position. You\u2019ll walk away with concrete research, tools, and techniques to help your next employer properly value your current experience for your first (or next!) infosec role.", "description": "Join us for a tabletop roleplaying game (RPG) with real-world wins! Participant-players seeking their first role in cyber \u2013 or simply transitioning to a new specialization \u2013 will transform their current resume's \"character sheet\" into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next infosec campaign.\r\n\r\n\u201cYou're new to these parts, traveler. Want to join a new infosec campaign party I\u2019m forming? We\u2019re defending the castle, and don\u2019t have enough heroes to \u2013 wait. Where\u2019s your sword?! You can\u2019t defend with a *lute*!\u201d \r\n\r\nActually, you *can.* \r\n\r\nSee, in 2023, I faced that same skepticism from infosec hiring managers: No IT or cyber background, so I clearly didn't have what it took to be a cybersecurity professional. \r\n\r\nAfter a slew of rejections, I found some old 20-sided-dice\u2026 and I realized I needed to completely reframe my previous career. \r\n\r\nNow? I\u2019m a threat intel analyst at a major insurance provider, helping my team translate technical research and controls into actionable recommendations for the business.\r\n\r\nLet me show you how you, too, can pivot into information security during this three-hour RPG tabletop campaign-workshop.\r\n\r\nI\u2019ll guide participant-players through a modern infosec hiring process RPG tabletop \u201ccampaign\u201d workshop, acting as the game master as participant-players reskill their classes and adjust their application strategies to win a coveted role for their infosec party. \r\n\r\nIn the end, you\u2019ll walk away with concrete research, tools, and techniques to help your next employer properly value and respect your current non-infosec skills and experience in your first (or next!) infosec role.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GL8QGZ", "name": "Stryker", "avatar": "https://pretalx.com/media/avatars/GL8QGZ_VfjAExU.webp", "biography": "Stryker is a cyber threat analyst at a US insurance company, where she translates technical research and qualitative intelligence into the \"so what?\" and \"what now?\" solutions that keep more people safe and secure. You can find her on LinkedIn, Mastodon, or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes do not make for secure off-site data storage options. Stryker lives in Baltimore, growing parsley for butterflies and algae for shrimp.", "public_name": "Stryker", "guid": "cca10200-09b4-51f3-b4e4-b9692438abf5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GL8QGZ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PET8DL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PET8DL/", "attachments": []}, {"guid": "a6f69c59-f590-5fef-a312-e9fbe0530457", "code": "XRWXY9", "id": 67016, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Boardroom", "slug": "security-bsides-las-vegas-2025-67016-career-campaigns-a-tabletop-rpg-workshop-for-your-next-infosec-role-monday-pm", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XRWXY9/", "title": "Career Campaigns: A Tabletop RPG Workshop for Your Next Infosec Role, Monday PM", "subtitle": "", "track": "Training Ground", "type": "Training-8h", "language": "en", "abstract": "Join us for a tabletop roleplaying game (RPG) with real-world wins! Participant-players seeking their first role in cyber \u2013 or simply transitioning to a new specialization \u2013 will transform their current resume's \"character sheet\" into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next infosec campaign.", "description": "\u201cYou're new to these parts, traveler. Want to join a new infosec campaign party I\u2019m forming? We\u2019re defending the castle, and don\u2019t have enough heroes to \u2013 wait. Where\u2019s your sword?! You can\u2019t defend with a *lute*!\u201d \r\n\r\nActually, you *can.* \r\n\r\nSee, in 2023, I faced that same skepticism from infosec hiring managers: No IT or cyber background, so I clearly didn't have what it took to be a cybersecurity professional. \r\n\r\nAfter a slew of rejections, I found some old 20-sided-dice\u2026 and I realized I needed to completely reframe my previous career. \r\n\r\nNow? I\u2019m a threat intel analyst at a major insurance provider, helping my team translate technical research and controls into actionable recommendations for the business.\r\n\r\nLet me show you how you, too, can pivot into information security during this three-hour RPG tabletop campaign-workshop.\r\n\r\nI\u2019ll guide participant-players through a modern infosec hiring process RPG tabletop \u201ccampaign\u201d workshop, acting as the game master as participant-players reskill their classes and adjust their application strategies to win a coveted role for their infosec party. \r\n\r\nIn the end, you\u2019ll walk away with concrete research, tools, and techniques to help your next employer properly value and respect your current non-infosec skills and experience in your first (or next!) infosec role.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GL8QGZ", "name": "Stryker", "avatar": "https://pretalx.com/media/avatars/GL8QGZ_VfjAExU.webp", "biography": "Stryker is a cyber threat analyst at a US insurance company, where she translates technical research and qualitative intelligence into the \"so what?\" and \"what now?\" solutions that keep more people safe and secure. You can find her on LinkedIn, Mastodon, or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes do not make for secure off-site data storage options. Stryker lives in Baltimore, growing parsley for butterflies and algae for shrimp.", "public_name": "Stryker", "guid": "cca10200-09b4-51f3-b4e4-b9692438abf5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GL8QGZ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XRWXY9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XRWXY9/", "attachments": []}], "Misora": [{"guid": "9b8d465b-45f5-5075-a85d-e533d90e1c13", "code": "B7DJJN", "id": 71476, "logo": null, "date": "2025-08-04T10:00:00-07:00", "start": "10:00", "duration": "01:00", "room": "Misora", "slug": "security-bsides-las-vegas-2025-71476-ask-the-fed-token-01", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/B7DJJN/", "title": "Ask the Fed (Token 01)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "This is your chance to ask current or recent members of the federal government your burning questions, the ones you don't want recorded.", "description": "N/A", "recording_license": "", "do_not_record": false, "persons": [{"code": "GJFXTA", "name": "Noah K", "avatar": "https://pretalx.com/media/avatars/GJFXTA_NmXYWdb.webp", "biography": "Noah K has worked in the national security arena for  over 20 years.  He currently works at a Federally Funded Research and Development Center where he focuses on the intersection of national security and artificial intelligence.  For the 14 years prior to his current position, he worked at DoD where he was involved in strategy, war planning, special operations, and cyber operations.", "public_name": "Noah K", "guid": "52ab9b7f-4d87-52b3-96ee-72237c87d3c2", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GJFXTA/"}, {"code": "MKGFC3", "name": "Joel Max", "avatar": "https://pretalx.com/media/avatars/MKGFC3_XXhkhPE.webp", "biography": "Joel Max leads the Product Security Incident Response Team (PSIRT) at Rockwell Automation.", "public_name": "Joel Max", "guid": "e5c95bd6-18fc-5f27-bb57-493157aad67a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MKGFC3/"}, {"code": "TGXWCB", "name": "Tim Weston", "avatar": "https://pretalx.com/media/avatars/TGXWCB_Rdf13su.webp", "biography": "With over a decade of experience in cybersecurity and corporate investigations, my journey has led me to serve as the Global Lead for the Defense Industrial Base, Energy, and Transportation at Microsoft. Previously, as the Director for Strategy and Risk and the Sr. Cybersecurity Policy Advisor at the TSA, I developed the agency's first Cybersecurity Roadmap and shaped national security policies. My core competencies lie in fusing industry standards with cybersecurity law to fortify public sector resilience. At Microsoft, my mission is to drive innovation in cybersecurity, ensuring compliance and safeguarding our national critical infrastructure. I am committed to contributing to Microsoft's culture of security and excellence, leveraging my skills in cybersecurity and strengthening our critical infrastructure sectors to enhance our collective security posture.", "public_name": "Tim Weston", "guid": "7f140a0e-8015-5f94-8535-06a2a4322251", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/TGXWCB/"}, {"code": "ZEMZXP", "name": "Matt", "avatar": "https://pretalx.com/media/avatars/ZEMZXP_efgkeRs.webp", "biography": "Former Air Force officer, counterterrorism practitioner, Pentagon policy wonk, and threat hunting nerd.", "public_name": "Matt", "guid": "8b329a4c-ee49-55b1-9390-c41cef125d57", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZEMZXP/"}, {"code": "FKY7X9", "name": "Donald McFarlane", "avatar": "https://pretalx.com/media/avatars/FKY7X9_b7KQmMJ.webp", "biography": "Donald McFarlane is a principal technical advisor in the Office of the CISO at Microsoft.\r\n\r\nWith over three decades of cybersecurity experience, Donald has served as a transformational financial services CISO securing a $1/2 trillion asset portfolio across 12,000 users in over 100 countries, and brings operational, risk management and audit expertise gained in the defense, financial and consulting sectors.\r\n\r\nDonald is passionate about supporting and defending his communities, helping run Skytalks@BSidesLV and Policy@DEF CON and serving as a state legislator.  He lives with his wife, son, and dog in a log cabin that he built himself on the side of a mountain in New Hampshire.", "public_name": "Donald McFarlane", "guid": "f7b67283-96f3-556c-b6f8-fbc0ae491680", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/FKY7X9/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/B7DJJN/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/B7DJJN/", "attachments": []}, {"guid": "8f03c173-76ed-564c-9ee0-1a2710d69ca4", "code": "FKHVV8", "id": 69120, "logo": null, "date": "2025-08-04T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69120-the-botnet-strikes-back-how-we-assembled-a-coalition-to-take-down-a-criminal-network-their-all-out-response-token02", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FKHVV8/", "title": "The Botnet Strikes Back: how we assembled a coalition to take down a criminal network & their all-out response (Token02)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "In November 2024, Black Lotus Labs took down the \u201cngioweb\u201d botnet, which formed the basis of the NSOCKS criminal proxy network. The network was one of the most popular for criminal groups and had been tied to APTs, had proxies in 180 countries, and took us a year to track and identify all the nodes and C2s.\r\n\r\nPrevious interdictions had taught us we could not act alone and keep botnets down for long, so we had been working extensively to build trust with other ISPs and ASNs around the world to try and limit a botnet\u2019s reconstruction. After everything from blind letters to abuse desks to connections through friends, we managed to get our research in front of the right people and put together a group to simultaneously deny traffic to all the known layers of control. And then things got interesting.\r\n\r\nThe botnet controllers used everything from social media to \u201ccease and desist\u201d letters, eventually trying to DDoS our company, all in an effort to get their botnet back.\r\n\r\nI will describe our efforts to build cooperation among internet providers behind the scenes, and the various attempts the threat actors used to coerce us into leaving them alone.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "YBJPSF", "name": "Ryan English", "avatar": "https://pretalx.com/media/avatars/YBJPSF_zuqCMlW.webp", "biography": "Ryan English is a researcher at Lumen Technologies\u2019 Black Lotus Labs, where the team chases threats across the backbone of the internet. He began his career in cybersecurity over 13 years ago after spending most of his life in the military and as a private security specialist, because breaking things is a universal skill. He has spoken at BsidesLV, Bsides Harrisburg and BsidesNYC among other places", "public_name": "Ryan English", "guid": "a95ca11e-f42e-5af3-b711-2fd91b09ce04", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YBJPSF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FKHVV8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FKHVV8/", "attachments": []}, {"guid": "760a33a0-70fd-5111-ac80-ac96ea2ad118", "code": "DLGT8N", "id": 69121, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69121-the-remote-grift-cunning-meets-naivete-and-the-victims-become-the-criminals-token-03", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DLGT8N/", "title": "The Remote Grift: Cunning Meets Naivete, and the Victims Become the Criminals (Token 03)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "For DFIR professionals, the remote grift is no mystery. It\u2019s a hybrid crime, blending an old-fashioned con with technical tools. The grifter is cunning. The victim is trusting \u2013 a classic \u201cmark.\u201d The grifter manipulates the mark, who unknowingly commits a crime. The only fingerprints at the scene belong to the mark.\r\n\r\nWe\u2019ll explore several real-life incident responses where the victim ended up in handcuffs. We\u2019ll reveal details that don\u2019t make the headlines.\r\n\r\nIt\u2019s a grave injustice, and today\u2019s security awareness training is partly to blame. Yes, the training has done its job (awareness is raised). But it\u2019s mostly stuck on yesterday\u2019s \u201chigh-tech crimes.\u201d It\u2019s become an exercise in checkbox security, prioritizing \u201cdon\u2019t click\u201d over gut instinct and human psychology.\r\n\r\nBasic tech-focused training should not be abandoned, but employees clearly dread current versions. Many view it as a waste of time. New training materials must recapture their attention, hitting hard on the human element. To empower the user against deception, training should engage both the brain and the gut. We\u2019ll discuss a formula to \u201chumanize\u201d security training, making it both more compelling and effective.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "9VJASG", "name": "Ira Victor", "avatar": "https://pretalx.com/media/avatars/9VJASG_X6Y5gKL.webp", "biography": "Ira Victor has a quarter century of experience in information security and incident response. Ira co-developed technologies that utilize metadata in unique ways to analyze electronically stored information. Those technologies were granted multiple US Patents. As a private-sector incident responder, Ira located evidence that led to a take-down and successful prosecution of an attacker that jeopardized critical infrastructure.  Ira helped craft state statutes in information governance that have become model legislation across the United States. Ira has advised state legislators, election officials, and a state Attorney General on information governance and data security.  Ira is a founding Ambassador for the Center for Internet Security (CIS) Controls, the global de-facto standard in information governance and data security. Ira is one of the contributors to A Guide for Defining Reasonable Security (published 2024 by CIS).  Ira is a member of the board of directors, and an instructor, for the Computers of Kids Club.  The Club has taught over 15,000 low-income students and their parents about security, privacy and open-source software.", "public_name": "Ira Victor", "guid": "7019eecf-18c9-55b7-9e23-161345942f96", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9VJASG/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DLGT8N/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DLGT8N/", "attachments": []}, {"guid": "6f2ea917-8195-5fd5-97ff-7dfb868ffeda", "code": "XNRJTZ", "id": 69913, "logo": null, "date": "2025-08-04T16:00:00-07:00", "start": "16:00", "duration": "00:20", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69913-real-life-needs-an-esp-overlay-so-we-made-one-token-04", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XNRJTZ/", "title": "Real Life Needs an ESP Overlay \u2014 So we Made One! (Token 04)", "subtitle": "", "track": "Skytalks", "type": "Talk-20m", "language": "en", "abstract": "\"Video games often give players a tactical advantage through HUDs\u2014enemy indicators, directional cues, and awareness overlays. But what if you could bring that level of perception into real life? Inspired by the world of game hacking, this talk explores the development of a real-world ESP-style system! Think wallhacks, bounding boxes, and heads-up intelligence, but for the real world!\r\n\r\nWe\u2019ll walk through how tools and methods from the game cheating scene ( such as  tracking movement, basic identifing team mates or unidentified people, and direction they are facing) can be adapted to real-world sensor input and spatial reasoning. Using computer vision, object detection, and some creative hardware setups, we\u2019ve built a working proof-of-concept: an augmented reality HUD that mimics the feel of video game ESP. It's part serious toolkit, part cyberpunk toy, and 100% inspired by \"\"script kiddies\"\".\r\n\r\nThis talk will demo the tech, explore the methodology, and walk through the surprisingly effective crossover from game mods to meatspace perception mods. Because if you\u2019ve ever asked yourself, \u201cWhy can\u2019t I see enemies through walls IRL?\u201d\u2014we\u2019re here to say: now you kinda can.\"", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZSPGAS", "name": "Alex Thines", "avatar": "https://pretalx.com/media/avatars/ZSPGAS_Z1qiG6e.webp", "biography": "Alex Thines began his journey as a blue team analyst, he dove into the world of programming. As he sharpened his coding skills, he found not only an enhanced ability to hack but also a newfound love for programming itself. The synergy between hacking and coding intrigued him, urging him to merge the two. After giving talks about drones last year, Alex has a renewed love for making small hacking devices similar to the FlipperZero and Wifi Nugget.", "public_name": "Alex Thines", "guid": "972667ba-d3fb-53d7-9303-6514de2ddbd1", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZSPGAS/"}, {"code": "SGLJCF", "name": "Brad \"Sno0ose\" Ammerman", "avatar": "https://pretalx.com/media/avatars/SGLJCF_Oojw0UZ.webp", "biography": "Brad Ammerman, a leading figure in security testing, currently serves as the Senior Director at Prescient Security. His background includes influential roles at companies like Foresite, Optiv Security, Lockheed Martin, DIA, DoD, and Supreme Court of Nevada, where he developed his expertise in offensive security and team management. A skilled hacker himself, Brad is also a recognized speaker, educator, mentor, and disabled veteran, dedicated to teaching and protecting others. He takes great pride in his roles as a devoted husband and father.", "public_name": "Brad \"Sno0ose\" Ammerman", "guid": "4348ab51-fddf-51cf-9c61-d04a57dc9c06", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/SGLJCF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XNRJTZ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XNRJTZ/", "attachments": []}, {"guid": "c9157bde-53fa-5739-974a-b9f323b3d33a", "code": "RWPBDF", "id": 69910, "logo": null, "date": "2025-08-04T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69910-oh-hotel-no-how-a-hopeless-hooligan-helped-a-homie-from-homeless-to-homeowner-in-9-months-token-05", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RWPBDF/", "title": "Oh Hotel No!: How A Hopeless Hooligan Helped A Homie From Homeless To Homeowner In 9 Months (Token 05)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "This is the story of a hooligan and his fascination with exploiting physical and digital vulnerabilities in hotels for the purposes of persistent access, living off the land, and surreptitiously housing homeless people.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "SGXJMZ", "name": "Justin Varner", "avatar": "https://pretalx.com/media/avatars/SGXJMZ_088OYxx.webp", "biography": "Justin Varner is a seasoned and passionate security professional with 19 years of experience dating back to his work with NASA on the ISS in 2006 to his current physical security shenanigans and work on quantum cryptology\r\n\r\nHis last talk called \u201cHoneypot Boo Boo\u201d debuted at RVASec 2022 and has since then been presented at 11 international security conferences including HackerHalted 2024 and BSides Munich 2023.\r\n\r\nJustin\u2019s latest talk \u201cOh Hotel No!\u201d debuted at BSides Prague 2025 and is the story of a hooligan and his fascination with exploiting physical and digital vulnerabilities in hotels for the purposes of persistent access, living off the land, and surreptitiously housing homeless people.", "public_name": "Justin Varner", "guid": "c974d14e-8fe5-54df-977e-0579d5e43c8e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/SGXJMZ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RWPBDF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RWPBDF/", "attachments": []}, {"guid": "9a7579c9-d009-5f86-b965-00803b4a21ee", "code": "AQZJX7", "id": 70094, "logo": null, "date": "2025-08-04T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-70094-indexing-the-chaos-extracting-pii-from-ransomware-leaks-token-06", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AQZJX7/", "title": "Indexing the Chaos: Extracting PII from Ransomware Leaks (Token 06)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "We built a tool HIBR, a system that crawls ransomware gang leak sites, downloads the chaos, and uses OCR + LLMs to sift through scanned IDs, contracts, HR PDFs, and anything else these digital hyenas leave behind. And yes, it works. No, we don\u2019t show you the PII. But we know where it is.\r\n\r\nThis talk is a guided tour through a pipeline that\u2019s half tool, half moral panic generator. You\u2019ll see how we built it, what we found, and what it means when your passport is sitting in a ZIP file called pay_or_we_leak.zip.\r\n\r\nThis isn't a product demo. It\u2019s a deep dive into uncomfortable data, blurry legal zones, and the fine art of not getting sued while looking directly at the internet's open wound.", "description": "HIBR was born out of frustration. Everyone\u2019s talking about ransomware, but nobody wants to touch the fallout. I\u2019m talking about the public dumps. The .7z files on sketchy TOR mirrors. The PDFs titled \u201ccontracts\u201d that are actually scanned IDs from Ecuador to Estonia.\r\n\r\nMost breach tools ignore these. They\u2019re messy, hard to parse, and a legal migraine. So I built a system that does parse them, responsibly (as much as that\u2019s possible), and answers one burning question: was my real-life data dumped by ransomware goons and forgotten?\r\n\r\nWe built:\r\n\r\n    A crawler (breach.house) that grabs leaks from known ransomware groups, also breaches, stealer logs and leads.\r\n\r\n    A processor that unzips the chaos, runs OCR over images, extracts text, and feeds it to an LLM trained to recognize personal data patterns (ID numbers, names, passport, driver license, ssn, etc).\r\n\r\n    A frontend (haveibeenransom.com) that lets you search for your email or ID without ever exposing the raw data.\r\n\r\nThis talk will include:\r\n\r\n    Real examples (redacted) of exposed IDs, tax files, and the dumbest things people name their internal folders.\r\n\r\n    The tradeoffs between \u201cpublic service\u201d and \u201cthis might get me a GDPR fine.\u201d\r\n\r\n    A walkthrough of the tool, how it works, what it does well, and where it could go sideways.\r\n\r\nThis is the side of breach awareness people pretend isn\u2019t there. We're not pretending.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QHQJ3G", "name": "Juanma", "avatar": "https://pretalx.com/media/avatars/QHQJ3G_VhIdb7q.webp", "biography": "Juanma is a security researcher and developer focused on threat intel tooling and dark web data analysis. He builds open-source tools that turn leaked chaos into structured awareness, with a strong focus on privacy, legality, and responsible disclosure. His current project, Have I Been Ransomed?, is part of a broader mission to make ransomware leak awareness accessible and useful\u2014without exposing the data that bad actors already dumped.", "public_name": "Juanma", "guid": "04e92ae4-bea7-5b0b-9929-854df983526a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QHQJ3G/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AQZJX7/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AQZJX7/", "attachments": []}], "Suite 1702": [{"guid": "de8631af-30bb-54d0-b398-a67c293b9402", "code": "RJXCQH", "id": 70709, "logo": null, "date": "2025-08-04T20:00:00-07:00", "start": "20:00", "duration": "02:00", "room": "Suite 1702", "slug": "security-bsides-las-vegas-2025-70709-skytalks-reception", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RJXCQH/", "title": "Skytalks Reception", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "Skytalks Reception", "description": "Skytalks Reception", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RJXCQH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RJXCQH/", "attachments": []}], "Foyer, Platinum Hotel Conference Center": [{"guid": "dbedbc78-5650-5393-a0b1-d061a8f1c71e", "code": "NMSLMR", "id": 70695, "logo": null, "date": "2025-08-04T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Foyer, Platinum Hotel Conference Center", "slug": "security-bsides-las-vegas-2025-70695-morning-trainings-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NMSLMR/", "title": "Morning Trainings, Monday", "subtitle": "", "track": "Middle Ground", "type": "Training-4h", "language": "en", "abstract": "Morning Trainings, Monday", "description": "Morning Trainings, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NMSLMR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NMSLMR/", "attachments": []}, {"guid": "176d9209-f83e-505d-80af-bad114cdc026", "code": "JDGG7P", "id": 70702, "logo": null, "date": "2025-08-04T14:30:00-07:00", "start": "14:30", "duration": "00:00", "room": "Foyer, Platinum Hotel Conference Center", "slug": "security-bsides-las-vegas-2025-70702-trainer-box-lunches-delivered-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JDGG7P/", "title": "Trainer Box Lunches Delivered, Monday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Trainer Box Lunches Delivered, Monday", "description": "Trainer Box Lunches Delivered, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JDGG7P/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JDGG7P/", "attachments": []}, {"guid": "c353a44f-330f-5a95-8fad-38e58b8cd43e", "code": "NJPLSK", "id": 70704, "logo": null, "date": "2025-08-04T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Foyer, Platinum Hotel Conference Center", "slug": "security-bsides-las-vegas-2025-70704-afternoon-trainings-monday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NJPLSK/", "title": "Afternoon Trainings, Monday", "subtitle": "", "track": "Middle Ground", "type": "Training-4h", "language": "en", "abstract": "Afternoon Trainings, Monday", "description": "Afternoon Trainings, Monday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NJPLSK/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NJPLSK/", "attachments": []}]}}, {"index": 2, "date": "2025-08-05", "day_start": "2025-08-05T04:00:00-07:00", "day_end": "2025-08-06T03:59:00-07:00", "rooms": {"Florentine A": [{"guid": "960e29ed-8b01-5364-9d40-f6ae22feddab", "code": "YGTMLX", "id": 70726, "logo": null, "date": "2025-08-05T09:30:00-07:00", "start": "09:30", "duration": "00:25", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70726-opening-remarks-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YGTMLX/", "title": "Opening Remarks, Tuesday", "subtitle": "", "track": "Keynotes", "type": "Talk-20m", "language": "en", "abstract": "Opening Remarks, Tuesday", "description": "Opening Remarks, Tuesday", "recording_license": "", "do_not_record": false, "persons": [{"code": "397WDJ", "name": "milqtst", "avatar": "https://pretalx.com/media/avatars/397WDJ_YnZvFps.webp", "biography": "Bloom County Picayune \r\nPresidential Candidate advisor", "public_name": "milqtst", "guid": "c60821cb-2546-5963-9408-effda083d925", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/397WDJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YGTMLX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YGTMLX/", "attachments": []}, {"guid": "14015c46-9bb4-5316-81de-3ef7d476ec9a", "code": "RK9DQ9", "id": 70304, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:20", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70304-poison-in-the-wires-interactive-network-visualization-of-data-attacks", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RK9DQ9/", "title": "Poison in the Wires: Interactive Network Visualization of Data Attacks", "subtitle": "", "track": "Breaking Ground", "type": "Talk-20m", "language": "en", "abstract": "What if we could not only visualize poisoned training data, but interact with it?\r\n As data poisoning becomes a growing threat to the integrity of machine learning systems, understanding its effects requires more than static visualizations. This talk introduces GraphLeak, an open-source, interactive web tool designed to visualize how poisoned training data alters network structure. We will explore how adversarial data manipulation impacts graph-based representations.\r\nBuilding on network science concepts, this session will go deeper: not just showing how poisoning affects structure, but allowing users to directly interact with poisoned vs. clean datasets in real time. We\u2019ll walk through how the app ingests CSV or JSON data, builds networks, and renders them via layouts.\r\nThe presentation of this tool emphasizes accessibility through making data poisoning tangible and transparent, allowing security practitioners and non-experts understand how data poisoning attacks distort model behavior. By making threats visible, we make the defenses of these threats more approachable, democratizing insight into machine learning vulnerabilities and supporting the development of more robust, transparent systems.", "description": "This talk branches off of my original research that I have been developing since August 2024. I have been researching data poisoning and also applying graph theory to cybersecurity. I developed this talk after speaking about theoretically visualizing poisoning networks. In this talk, I actually want to visualize poisoning training data with a custom GUI. After talking through some graph theory and data poisoning basics, I\u2019ll show how poisoned training data messes with AI using an interactive network visualization tool I built. I wanted to emphasize how visualizing vulnerabilities makes it easier to understand and execute them, particularly in the AI red teaming space. The audience will see how bad data creates weird structures in graphs beyond just data differences. It\u2019s like watching a model get hacked from the inside, but in a way you can actually see and explore. The tool is open source, works with local data, and helps make these attacks way more understandable (and fun to mess with). The talk is made for audiences who like machine learning, graphs, and red teaming, which at its core, is just breaking things apart into smaller, more understandable pieces.\r\nI enjoy being able to contribute a graphical perspective to hacking in general, I think that being able to visually represent an attack graphically and accurately can help make the vulnerability more interactive and easier to understand. I wanted to be able to show that AI models are as breakable as anything else, and a great way to show that is through visualization with networks.\r\nhttps://youtu.be/7z6YAgggw-o?si=n5bhWkHmRlL76eCn", "recording_license": "", "do_not_record": false, "persons": [{"code": "LEG3E7", "name": "Maria Khodak", "avatar": "https://pretalx.com/media/avatars/LEG3E7_4ZGXp3o.webp", "biography": "Anya is a security engineer focused on web app and AI red teaming. In her free time she researches applying graph theory and network science to cybersecurity. Her first talk focused on visualizing data poisoning and tampering using network science. In her actual free time she enjoys painting and participating in CTFs.", "public_name": "Maria Khodak", "guid": "3ffc18ba-7f11-5b49-8bad-68a5ac546d13", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LEG3E7/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RK9DQ9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RK9DQ9/", "attachments": []}, {"guid": "27dd7e1b-5cd3-559e-a3a0-a0b462c5370b", "code": "WKALMR", "id": 67454, "logo": null, "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "00:20", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-67454-rusty-pearls-postgres-rce-on-cloud-databases", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WKALMR/", "title": "Rusty pearls: Postgres RCE on cloud databases", "subtitle": "", "track": "Breaking Ground", "type": "Talk-20m", "language": "en", "abstract": "In this session, we will delve into CVE-2024-10979, discovered by Varonis Threat Labs, and explain how it can be exploited to execute arbitrary code on cloud-hosted databases. Join us to gain insights into this significant Remote Code Execution (RCE) vulnerability and learn strategies for defending and testing managed databases for vulnerabilities.", "description": "In this session, we will describe how an attempt to find a vulnerability in a popular IaaS provider led to the discovery of this issue and how we leveraged it along with several other bugs into an RCE. We will explain the operation of cloud-managed PostgreSQL and our approach to testing it. Additionally, we will present a series of vulnerabilities identified and discuss how exploitation of these techniques can be detected in AWS, other cloud providers, and databases that are not managed by a cloud provider. A demonstration of the vulnerability on a local instance will be provided, followed by a summary of takeaways related to using open-source code, shared responsibility models, and cloud security best practices.\r\n\r\nWe will bring our story, which was overall a challenging and exciting experience that ended with our database being blocked, and further collaboration with AWS.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TNUSBW", "name": "Coby Abrams", "avatar": "https://pretalx.com/media/avatars/TNUSBW_q0zv7ub.webp", "biography": "Coby Abrams is a Cloud Security Researcher at Varonis, specializing in Azure and IaaS research, including in-depth overviews of various services.  With experience in various types of security research, Coby has also led several cybersecurity courses.", "public_name": "Coby Abrams", "guid": "f453956f-7088-5ee7-8607-fd2c48dfe044", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/TNUSBW/"}, {"code": "JKSQYX", "name": "Tal Peleg", "avatar": "https://pretalx.com/media/avatars/JKSQYX_j0zWuYZ.webp", "biography": "Tal Peleg, also known as TLP, is a senior security researcher and cloud security team lead at Varonis. He is a full-stack hacker with experience in malware analysis, Windows domains, SaaS applications, and cloud infrastructure. His research is currently focused on cloud applications and APIs.", "public_name": "Tal Peleg", "guid": "22079742-8153-5c71-a58b-25ac4ce0178c", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JKSQYX/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WKALMR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WKALMR/", "attachments": []}, {"guid": "5aba18a2-80e0-5f47-b751-983968f57f73", "code": "TDYSX8", "id": 67712, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/TDYSX8/CORSl_VtzSmAO.png", "date": "2025-08-05T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-67712-no-ip-no-problem-exfiltrating-data-behind-iap", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TDYSX8/", "title": "No IP, No Problem: Exfiltrating Data Behind IAP", "subtitle": "", "track": "Breaking Ground", "type": "Talk-20m", "language": "en", "abstract": "Google Cloud\u2019s Identity-Aware Proxy (IAP) is often seen as the final gatekeeper for internal GCP services - but what happens when that gate quietly swings open? This session uncovers how subtle misconfigurations in IAP can lead to serious data exposure, even in environments with no public IPs, strict VPC Service Controls, and hardened perimeters. We\u2019ll introduce a new vulnerability in IAP that enables data exfiltration, allowing attackers to bypass traditional network controls entirely, without ever sending traffic to the public internet. In addition, we\u2019ll walk through real-world examples of overly permissive IAM bindings, misplaced trust in user-supplied headers, and overlooked endpoints that quietly expand the attack surface. Attendees will gain a deeper understanding of IAP\u2019s internal workings, practical detection strategies, and a critical perspective on trust boundaries in GCP.", "description": "This talk delivers a technical dive into Google Cloud\u2019s IAP, a service widely used to enforce access controls on internal applications - and often assumed to be foolproof. We begin with a concise overview of how IAP works behind the scenes, including its identity enforcement model and how it integrates with IAM and backend services.\r\n\r\nThe goal of this talk isn\u2019t just to highlight common misconfigurations and warn people not to repeat them, because plenty of blog posts already do that. Instead, the core focus is on teaching defenders how these misconfigurations manifest in logs once an attacker begins to exploit them, equipping them to build effective detections and stop breaches before they escalate. Whether it\u2019s during the initial configuration tampering or while actively bypassing controls, I\u2019ll walk through what those activities actually look like in GCP logs. For each misconfiguration, I\u2019ll present real log snippets, unpack the most revealing details, and show how to correlate signals, even those outside of IAP-specific logs, to detect and investigate IAP abuse effectively.\r\n\r\nThe highlight of the session is a new research technique we've developed: exploiting IAP's CORS behavior to exfiltrate sensitive data using preflight OPTIONS requests, effectively bypassing traditional network egress controls. This method can succeed even in highly restricted environments with no internet access, no public IPs, and VPC Service Controls fully enforced. The issue has been responsibly disclosed to Google and is currently under review, with an expected review timeline of 30 days.\r\n\r\nWe\u2019re sharing this research to highlight just how fragile IAP configurations can be, where even a minor misstep or overlooked setting can unintentionally expose internal resources to the internet. Alongside the technique, we\u2019ll provide practical detection strategies to help defenders identify this specific attack vector through GCP\u2019s logging infrastructure.\r\n\r\nWe\u2019ll wrap up by walking through practical detection strategies using GCP\u2019s audit and access logs, showing how to identify abuse patterns, correlate signals across services, and improve visibility into how IAP is being used (or misused). These techniques are designed to help defenders surface subtle signs of exploitation and build more resilient monitoring around one of GCP\u2019s most sensitive access gateways.", "recording_license": "", "do_not_record": false, "persons": [{"code": "PT9JRY", "name": "Ariel Kalman", "avatar": "https://pretalx.com/media/avatars/PT9JRY_QS7hYvQ.webp", "biography": "Ariel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environment.", "public_name": "Ariel Kalman", "guid": "b04cc17f-dca9-5c3f-99fe-04d138d2a5c4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PT9JRY/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TDYSX8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TDYSX8/", "attachments": []}, {"guid": "bbad033e-9c31-5f30-b4a1-08174275df10", "code": "9FF3LX", "id": 70734, "logo": null, "date": "2025-08-05T11:30:00-07:00", "start": "11:30", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70734-vulnerabilities-beyond-cves-cyber-resilience-and-the-next-financial-crisis", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9FF3LX/", "title": "Vulnerabilities Beyond CVEs:  Cyber Resilience and the Next Financial Crisis", "subtitle": "", "track": "Keynotes", "type": "Talk-45m", "language": "en", "abstract": "Cyber threats have evolved into a credible risk to global financial stability. This talk explores why a sophisticated, well-timed cyberattack could exploit ever-present vulnerabilities in IT and information security operations--vulnerabilities that amplify the risk of CVEs--to disrupt those operations and spark the next financial crisis.", "description": "Cyber threats have evolved into a credible risk to global financial stability. This talk explores fundamental vulnerabilities that are always present in our IT and information security systems, making those systems susceptible to disruptions that could spark future financial crises. These vulnerabilities amplify the risk that CVEs pose. The vulnerabilities give rise to IT systems that are complex, deeply interconnected, and leveraged, yet assumed to be resilient\u2014until a cyberattack proves otherwise by disrupting critical business operations. Drawing on real-world examples and recent research, the talk illustrates the presence of those vulnerabilities in IT systems and how those same vulnerabilities are also always present in the financial system, making it susceptible to financial crises. The talk closes with a description of similar steps that can build resilience in the financial system as well as in IT and information security systems.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FVRGBA", "name": "Stacey Schreft", "avatar": "https://pretalx.com/media/avatars/FVRGBA_LGHHyRt.webp", "biography": "Stacey Schreft is an accomplished macroeconomist with extensive experience in the public and private sectors. She currently serves as Senior Research Scholar at the University of Maryland\u2019s Robert H. Smith School of Business\u2019 Center for Financial Policy, advising on financial system and cybersecurity risk, operational resilience, digital assets, and monetary policy. Previously, Stacey served as Deputy Director for Research and Analysis at the U.S. Treasury Department\u2019s Office of Financial Research. In this role, she led initiatives that significantly enhanced the data and analytics used to assess risks to the financial system. As a member of the Financial Stability Oversight Council\u2019s Deputies Committee, she played a key role in cross-agency risk identification and policymaking. While on detail to the Federal Reserve Board of Governors, she led an effort to strengthen the financial system\u2019s cybersecurity and operational resilience. Prior to the OFR, Stacey held senior leadership positions in the financial sector, first as Director of Investment Strategy at a national registered investment advisor, and later as Chief Economist at an institutional investment management firm. Earlier in her career, she was an officer and economist at the Federal Reserve Banks of Kansas City and Richmond.", "public_name": "Stacey Schreft", "guid": "5c942f9b-7e11-5bc1-b1f5-387efce43cf0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/FVRGBA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9FF3LX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9FF3LX/", "attachments": []}, {"guid": "3e5878c4-334b-5162-a939-af7f2551258a", "code": "DCPYU7", "id": 74676, "logo": null, "date": "2025-08-05T13:00:00-07:00", "start": "13:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-74676-what-should-cve-be-when-it-grows-up", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DCPYU7/", "title": "What Should CVE Be When It Grows Up?", "subtitle": "", "track": "Keynotes", "type": "Talk-45m", "language": "en", "abstract": "The CVE Program is a pillar of the cybersecurity ecosystem. For more than a quarter century, it has provided an authoritative source of data about vulnerabilities for software users. It is also critical for continuing to drive security into the design and development process. However, over the last 18 months, both the CVE Program and the US National Vulnerability Database have faced funding challenges. At the same time, developments in the European Union have led to the creation of the EU Vulnerability Database. Congress has taken note, and in June, members requested a formal audit of the program. What are the challenges facing the CVE Program? How should these be communicated to policymakers in a way that maintains the critical function and avoids a fractioning of the ecosystem? What are new governance models that should be considered?", "description": "A 45-minute moderated discussion featuring Bob Lord.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8WZLDU", "name": "Jerry Gamblin", "avatar": "https://pretalx.com/media/avatars/8WZLDU_r0Ca50Z.webp", "biography": "Jerry Gamblin is a Principal Engineer in the Threat Detection & Response business group at Cisco Security, where he leads research and data science initiatives to enhance Cisco Security products. He is actively involved in the CVE community, participating in various working groups and serving as a member of the EPPS SIG. He regularly speaks on vulnerabilities and vulnerability management at international conferences and manages a CVE data collection site at CVE.ICU.", "public_name": "Jerry Gamblin", "guid": "07f49c6f-4490-5e24-8bc9-26d97a663c76", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8WZLDU/"}, {"code": "CH7TAU", "name": "Madison Ficorilli", "avatar": "https://pretalx.com/media/avatars/CH7TAU_QPejsu0.webp", "biography": "Madison Oliver is a senior security manager at GitHub, overseeing the advisory database team responsible for publishing over 6,000 CVEs to date. Previously, as a vulnerability coordinator at the CERT Coordination Center at Carnegie Mellon University, Madison's team published more than 200 CVEs and assisted in the international coordination of many more. Madison has played a pivotal role in the global response to major named vulnerabilities, including Log4Shell, SolarWinds SUPERNOVA, Foreshadow, and KNOB. Her extensive experience in vulnerability transparency is further evidenced by her service on the CVE Program Board and participation in OpenSSF working groups.", "public_name": "Madison Ficorilli", "guid": "e0391b57-6546-5fc7-9c45-75289dbfd3b8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/CH7TAU/"}, {"code": "J8HTJJ", "name": "Bob Lord", "avatar": "https://pretalx.com/media/avatars/J8HTJJ_5b5pcUs.webp", "biography": "Moderator.", "public_name": "Bob Lord", "guid": "b23f53a7-709f-5e90-a5e9-3e5835a7b7e6", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/J8HTJJ/"}, {"code": "K8W9TZ", "name": "Tod Beardsley", "avatar": "https://pretalx.com/media/avatars/K8W9TZ_jJcCwJF.webp", "biography": "Vice president of security research at runZero and CVE mucker-abouter.", "public_name": "Tod Beardsley", "guid": "7750c415-d2bc-5e92-840f-93734dbb75af", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/K8W9TZ/"}, {"code": "UYMVS3", "name": "Chris Butera", "avatar": "https://pretalx.com/media/avatars/UYMVS3_JQbXFbq.webp", "biography": "Chris Butera\u00a0serves as the Acting Head for Cyber at the Cybersecurity and Infrastructure Security Agency (CISA). In this position, he leads efforts to counter the nation\u2019s most critical cyber threats and bolster the resilience of U.S. critical infrastructure. With over two decades of experience in cybersecurity and IT leadership across federal, local, and private sectors, he has led much of CISA's major cyber defense operations as well as technical strategic initiatives from 2014 to present. He currently serves on the boards of the Technology Modernization Fund and FedRAMP. He holds MS and BS degrees in Computer Science from the University of Chicago and the University of Notre Dame respectively.", "public_name": "Chris Butera", "guid": "ab865c0c-355a-5880-b9d0-5ac76a0aa66f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UYMVS3/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DCPYU7/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DCPYU7/", "attachments": []}, {"guid": "d44dc541-b20c-5cdc-b8c9-9783b580a3b6", "code": "HEYP9S", "id": 68597, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-68597-stealing-browser-cookies-bypassing-the-newest-chrome-security-measures", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HEYP9S/", "title": "Stealing Browser Cookies: Bypassing the newest Chrome security measures", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "Modern browsers implement sophisticated encryption to protect session cookies from theft, yet these security measures continue to evolve in response to emerging threats. This session reveals the inner workings of Chrome's recently implemented AppBound encryption, which employs a two-tier protection system: DPAPI encryption with dual permission levels and ChaCha20Poly1305 algorithm with custom keys.\r\n\r\nDespite these advancements, vulnerabilities persist. Through practical demonstrations, we'll examine how determined attackers can extract decrypted cookies by exploiting weaknesses in the current implementation. The session provides a comprehensive analysis of cookie format specifications and encryption methodologies across major browser engines, including Gecko's ASN.1-structured encryption, macOS Chromium's PBKDF2 implementation, and WebKit's binary cookie storage.\r\n\r\nLooking forward, we'll explore Chrome's upcoming \"Device Bound Session Cookies\" (DBSC) technology, which aims to revolutionize cookie protection through TPM chip-based encryption and cryptographic key verification. Attendees will gain actionable insights into current browser security architectures, practical extraction techniques, and defensive strategies to mitigate cookie theft. This technical deep-dive equips security professionals with the knowledge needed to better understand and address this persistent threat vector in modern web applications.", "description": "This session explores advanced security mechanisms implemented by major browsers to prevent cookie theft from their storage databases. Chrome has recently implemented AppBound encryption, which provides multi-layered protection for session cookies:\r\n\r\n1) A 2-way DPAPI encryption system that operates with both elevated NT AUTHORITY\\SYSTEM permissions and normal user-level decryption capabilities;\r\n\r\n2) A state-key encryption layer utilizing the ChaCha20Poly1305 algorithm with custom keys (that once was AES-256-GCM encrypted);\r\n\r\nThese implementations have significantly reduced the effectiveness of info-stealing malware. However, this session will demonstrate potential vulnerabilities in these security measures and explain how to obtain decrypted cookies despite these protections. We will examine the new format specifications and encryption methodologies for cookies.\r\n\r\nBeyond Chromium-based browsers, we'll explore Gecko's encryption algorithms, which involve structured ASN.1 data formats with multiple encryption schemes including 3DES and AES-256. We'll also analyze Chromium on macOS which relies on PBKDF2 key derivation, and WebKit-based browsers that store cookies in binary cookie files.\r\n\r\nAdditionally, we'll discuss Chrome's forthcoming \"Device Bound Session Cookies\" (DBSC) technology, which aims to further mitigate session hijacking through cookie theft by implementing TPM chip-based encryption and requiring proof of possession of the cryptographic key.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8TJBZL", "name": "Rafael Felix", "avatar": "https://pretalx.com/media/avatars/8TJBZL_NaTyDGN.webp", "biography": "Rafael has been working with malware development for 4 years, also being involved in the malware community for more than 6 years. He is also experienced in Incident and Response, specifically during malware inner workings analysis. Currently, Rafael is a researcher for [Hakai Offensive Security](https://hakaisecurity.io/research-blog) and Offensive Security Lead, being deeply involved with red-team operations.", "public_name": "Rafael Felix", "guid": "45fb9019-82f3-5d95-8cb6-5db11dfa6c23", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8TJBZL/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HEYP9S/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HEYP9S/", "attachments": []}, {"guid": "50fc3687-cac2-50a5-bf85-12695eb12817", "code": "YSW7SD", "id": 68812, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-68812-the-protocol-behind-the-curtain-what-mcp-really-exposes", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YSW7SD/", "title": "The Protocol Behind the Curtain: What MCP Really Exposes", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "The Model Context Protocol (MCP) is rapidly becoming the standard for connecting AI agents to tools, data, and services. Its promise of seamless integration has led to widespread adoption. However, beneath its streamlined facade lies a series of critical security vulnerabilities that threaten the very systems it aims to enhance.\r\n\r\nIn this talk, we will delve into the inherent risks of MCP, including:\r\n\r\nTool Poisoning: How malicious tool descriptions can manipulate AI behavior.\r\n\r\nShared Memory Exploits: The dangers of unvalidated context sharing among agents.\r\n\r\nVersion Drift: The perils of unversioned tools leading to unexpected behaviors.\r\n\r\nLine Jumping Attacks: Exploits that occur before any tool is explicitly invoked.\r\n\r\nThrough real-world examples and demonstrations, attendees will gain a clear understanding of these threats and the steps necessary to mitigate them.", "description": "This presentation aims to shed light on the overlooked security challenges posed by MCP. Drawing from recent analyses and vulnerabilities, we will explore how the protocol's design choices, while facilitating integration, inadvertently open doors to exploitation.\r\n\r\nKey points include:\r\n\r\nUnderstanding MCP's Architecture: A breakdown of how MCP connects AI agents to external tools and the trust assumptions involved.\r\n\r\nExploiting Trust: Demonstrations of how malicious actors can leverage MCP's features to execute unauthorized actions.\r\n\r\nMitigation Strategies: Discussion of proposed frameworks and best practices to secure MCP implementations, including the Agent Security Framework and MCP Guardian.\r\n\r\nAttendees will leave with actionable insights into securing their AI integrations and a deeper appreciation for the importance of protocol-level security considerations.", "recording_license": "", "do_not_record": false, "persons": [{"code": "AD8QNC", "name": "Srajan Gupta", "avatar": "https://pretalx.com/media/avatars/AD8QNC_1qhKuOK.webp", "biography": "Srajan is a security engineer and builder focused on uncovering how systems fail \u2014 not just through vulnerabilities, but through the architecture itself. With a background in application security, platform engineering, and threat modeling, Srajan works at the intersection of usability and risk, helping teams identify and address design-level security flaws before they become incidents.\r\n\r\nTheir research often explores trust boundaries, secure defaults, and the hidden assumptions baked into the applications and infrastructure. They are especially interested in how attackers exploit the gray areas between platforms, automation, and access controls \u2014 and how defenders can close those gaps without slowing down delivery.\r\n\r\nSrajan is passionate about building practical security tools, automating guardrails, and making threat modeling an everyday engineering skill.", "public_name": "Srajan Gupta", "guid": "8e9a0c52-3cdd-5de8-b837-4f9b7d4790b1", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/AD8QNC/"}, {"code": "S3NJRV", "name": "Vinay Kumar", "avatar": "https://pretalx.com/media/avatars/S3NJRV_it6r4EG.webp", "biography": "Vinay Kumar is the founder of Sudoviz, an AI-powered Application Security Posture Management (ASPM) platform that helps security teams triage, analyze, and remediate code vulnerabilities using AI-driven automation. He is building TuringMind AI, - CoPilot for AppSec teams. After a decade in Data Analytics, AI and AppSec, Vinay transitioned to entrepreneurship focusing on reducing false positives, automating security workflows, and bridging the AppSec skill gap. He is a writer and speaker passionate about AI-driven security and the future of developer-led AppSec.", "public_name": "Vinay Kumar", "guid": "e82d12a4-640d-5570-ad33-61ede0905b50", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/S3NJRV/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YSW7SD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YSW7SD/", "attachments": []}, {"guid": "0e9421f5-1454-5def-830e-c11ba6b6fd22", "code": "KA7TAR", "id": 70077, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70077-inside-the-open-source-kill-chain-how-llms-helped-catch-lazarus-and-stop-a-crypto-backdoor", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KA7TAR/", "title": "Inside the Open-Source Kill Chain: How LLMs Helped Catch Lazarus and Stop a Crypto Backdoor", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "This talk presents findings from a multi-year research project exploring how LLMs can be used in real-world threat detection across the open-source software supply chain. By applying LLMs to analyze large public datasets like changelogs, package metadata, and behavioral signals, we uncovered over 900 undisclosed vulnerabilities, including high-severity issues from popular packages like Axios and thousands of malicious packages published to public registries. This includes intercepting a live operation by North Korea\u2019s Lazarus Group and preventing a backdoor from being shipped in the official Ripple (XRP) cryptocurrency SDK. \r\n\r\nThe talk also introduces the concept of the open-source kill chain, mapping how attackers abuse trust in public ecosystems to gain access, deliver payloads, and persist undetected.\r\n\r\nAttendees will learn how out-of-the-box frontier LLMs like GPT-4 can be used today to augment traditional vulnerability discovery, identify patterns in attacker behavior, and assist in threat triage at scale. The talk is grounded in operational examples, focused on reproducible techniques, and offers a current view into how APTs and malware authors are actively exploiting the open-source ecosystem.", "description": "This talk presents findings from a multi-year research project that applied Large Language Models (LLMs) to real-world threat detection in the open-source software ecosystem. Rather than theorizing about AI\u2019s future role in security, this work focuses on practical applications\u2014showing how LLMs can be deployed today to detect vulnerabilities and malware that bypass traditional scanners, rulesets, and threat feeds.\r\n\r\nThe project centered around two key threat surfaces:\r\n- Silently patched vulnerabilities in popular open-source libraries\r\n- Malware published to package registries such as NPM and PyPI\r\n\r\n**LLM Pipeline: Silent Patch Detection**\r\nThe first LLM pipeline was designed to analyze changelogs across thousands of open-source projects to identify likely security patches that were fixed but never disclosed (a practice often referred to as \"silent patching\"). This pipeline involved two stages:\r\n\r\nLLM 1: Changelog Standardization and Parsing\r\n- Changelogs vary wildly in structure, format, and tone\u2014often written in markdown, HTML, or plaintext, hosted in GitHub, docs sites, or even PDFs. We used an LLM to extract, standardize, and structure this unbounded data into a consistent schema. This model also flagged ambiguous or security-relevant language (e.g., \u201cstability fix\u201d, \u201cedge case resolved\u201d) that would be easily overlooked by regex or keyword rules.\r\n\r\nLLM 2: Patch Classification\r\n- The parsed changelog entries were then passed to a second model trained to classify whether a given commit or entry was likely to contain a security fix, even if no security keywords were used. The model was tuned to be sensitive to euphemistic phrasing and changelog norms. High-confidence results were sent to human reviewers who reverse-engineered the patch to confirm and rate severity.\r\n\r\nFindings:\r\nThis system uncovered over 900 silently patched vulnerabilities, many in major packages like Axios, Apache ECharts, and Chainlit.\r\n- 67% never obtained a CVE or were published in any vulnerability databases\r\n- 25% were rated high or critical severity\r\n- Examples included a critical path traversal bug, stored XSS, and a prototype pollution issue exploitable via browser inputs.\r\n- These vulnerabilities would have gone completely undetected by CVE-based tools\r\n\r\n**LLM Pipeline: Malware Detection in Registries**\r\nThe second LLM-based detection pipeline was used to scan all newly published and updated packages on public registries, primarily NPM and Pypi.\r\n\r\nLLM 1: Metadata Anomaly Detection\r\n- This model ingested human-written data such as README files, descriptions, contributor metadata, and author behavior. It was trained to identify inconsistencies, abnormal phrasing, typosquatting patterns, and red flags in descriptions (e.g., toolsets pretending to be SDKs with unrelated language or package names mimicking popular libraries with low-quality documentation).\r\n\r\nLLM 2: Orchestration and Triage\r\n- The second LLM acted as an orchestrator of static scanning tools. We capture over 30 weighted indicators by running various static scans on the code. The LLM then uses these indicators and indicators from the previous model to decide whether to mark the package immediately as malware or escalate the package to a human researcher. \r\n\r\nFindings:\r\n- Over 600 malicious packages were discovered in a single month (March 2025).\r\n- Detection time averaged 5 minutes post-publish, compared to 10+ days for OpenSSF.\r\n\r\nMost common techniques included:\r\n- Encoded payloads decoded at runtime\r\n- Time-delayed execution using setTimeout()\r\n- Clipboard hijackers and credential stealers\r\n- Obfuscated C2 infrastructure, often hidden in build scripts\r\n\r\n**Notable Case Studies**\r\nLazarus Group NPM Campaign\r\n- The pipeline flagged a malicious package (react-html2pdf.js) uploaded to NPM containing obfuscated code and an embedded C2 call. We observed the attacker\u2014later attributed to Lazarus Group\u2014re-uploading new variants every 10 minutes, likely debugging live. We reported the campaign before a functional version was deployed.\r\n\r\nRipple SDK Backdoor\r\n- A malicious version of the official Ripple SDK (@xrplf/xrpl) was published by a compromised maintainer token. It included a Node.js-only backdoor that connected to an external C2 server and stole private crypto keys. Detection occurred within minutes, and coordination with Ripple and NPM teams prevented what could have had a catastrophic impact on the crypto community. \r\n\r\nRand-User-Agent RAT Supply Chain Campaign\r\n- In this campaign, attackers uploaded a popular NPM package was compromised via a dev token and a Remote Access Trojan (RAT) was injected into the project. The malware sent outbound C2 traffic using a randomized User-Agent string to evade common detection heuristics and proxy logs. It also used system profiling logic to avoid execution in CI/CD environments. This was not detected by any other databases even after 10 days from the malicious contribution. \r\n\r\nThis talk provides a deep technical look into how LLMs can assist in detecting real threats. It also focuses on how this research can be replicated using currently available frontier out-of-the-box models like GPT-4.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9HP7KM", "name": "Mackenzie Jackson", "avatar": "https://pretalx.com/media/avatars/9HP7KM_KRUq4ws.webp", "biography": "Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido Security to help developers and DevOps engineers build secure systems. He also shares his knowledge as a contributor to many technology publications like Dark Reading, Financial Times, and Security Boulevard and was featured as an expert in the documentary \u201cLogins aus dem Darknet\u201d (EN: Logins from the Darknet).", "public_name": "Mackenzie Jackson", "guid": "b62403e8-175f-511c-b503-ac8662eb0ae8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9HP7KM/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KA7TAR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KA7TAR/", "attachments": []}, {"guid": "c527cd0a-95de-517c-8d8e-82f8cd0a5cea", "code": "FXLWKJ", "id": 68652, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/FXLWKJ/test_FpUtNzp.webp", "date": "2025-08-05T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-68652-laser-beams-light-streams-letting-hackers-go-pew-pew-building-affordable-light-based-hardware-security-tooling", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FXLWKJ/", "title": "Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EEPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory.\r\nNaturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a \"temporary\" measure to combat this flaw, by coating chips in a material that would reflect UV.\r\nPresent day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin.\r\nThis project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.", "description": "Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EEPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory.\r\n\r\nNaturally, whilst useful, this also has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a \"temporary\" measure to combat this flaw, by coating chips in a material that would reflect undesirable UV.\r\n\r\nPresent day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing; due to both limitations of cost in tooling as well as personnel expertise required. Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin.\r\n\r\nThis project demonstrates that with a limited budget and hacker-and-maker mentality, similar results can be obtained at a fraction of the cost, from the comfort of your home or garage. With the modifications of an opensource low-cost microscope, addition of a home-built beam splitter and interchangeable diode laser, it has been shown that consumer-grade diodes are capable of producing results similar to the high-cost variants, such as the YAG lasers.\r\n\r\nOne example of results includes introducing affordable avenues to conduct laser-based fault injection, via the usage of such budget-friendly tooling. We are opening the study of these low-level hardware attacking methodologies to more entry-level security testers, without the need for hundreds of thousands of dollars in startup capital.\r\n\r\nBy leveraging more inexpensive technology alternatives, we have embarked on a mission to unveil hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging. Our approach integrates optics, laser selection, and machine learning components.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SLPUBY", "name": "Larry Trowell", "avatar": "https://pretalx.com/media/avatars/SLPUBY_WEs1NO1.webp", "biography": "Goes by PATCH\r\n\r\nLarry is a Director at NetSPI responsible for leading and executing IOT/Embedded Penetration Testing and researching new security techniques to ensure the safety of embedded systems. Larry has a master's degree in mathematics with emphases on Computer Science and Artificial Intelligence from Georgia Southern University. He has worked with several Fortune 250 companies both as an embedded systems engineer and security expert focused on medical devices. He has aided in the design and security of multiple devices in the Automotive, Financial, Medical, Wireless, and Multimedia spectrums, has been published in medical journals, and has spoken at conferences all over the globe. Larry has extensive knowledge of the design of various bare metal and low-level embedded devices.", "public_name": "Larry Trowell", "guid": "16997d7d-42c7-5b62-bd31-541d4df0e8b4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/SLPUBY/"}, {"code": "8YE99P", "name": "Sam \"PANTH13R\" Beaumont", "avatar": "https://pretalx.com/media/avatars/8YE99P_MvjFmP0.webp", "biography": "As the Director of Transportation, Mobility, and Cyber-Physical Systems at NetSPI, Sam. \"PANTH13R\" Beaumont is at the forefront of developing and delivering technical strategies and solutions for Hardware and Integrated Systems at NetSPI. With a career spanning 10+ years in cybersecurity, Sam has established a formidable reputation for hacking anything from hardware and embedded systems to all things that \u201cfly, sail, or drive\u201d. Her extensive expertise provides NetSPI customers with unmatched technical leadership, depth, and delivery excellence in advisory and cybersecurity services, ensuring assets existing in physical spaces are fortified against evolving threats. \r\n\r\nIn previous roles, Sam has served in a technical capacity as an offensive security Principal Consultant, Red Teamer, Exploit Developer, Vulnerability Researcher, and more. She has continually demonstrated a unique ability to bridge the gap between business, regulatory needs, and the most prevalent theoretical vulnerabilities. \r\n\r\nSam\u2019s commitment to the cybersecurity community and approach to tackling cyberphysical systems has cemented her status as a practical thought leader in the field. Through continued research, speaking engagements, and mentorship, Sam is dedicated to pushing the boundaries of what\u2019s possible for women in cybersecurity, ensuring a safer, more diverse future for those who wish to secure technologies.", "public_name": "Sam \"PANTH13R\" Beaumont", "guid": "d0cd9563-67c5-5766-b052-b1bb3cd99078", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8YE99P/"}], "links": [{"title": "Github RayV Lite", "url": "https://github.com/ProjectLOREM/RayVLite", "type": "related"}], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FXLWKJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FXLWKJ/", "attachments": [{"title": "this is the slides for the talk", "url": "/media/security-bsides-las-vegas-2025/submissions/FXLWKJ/resources/_dGERKjh.pdf", "type": "related"}]}], "Florentine B": [{"guid": "7e2cea87-9d58-5704-bc67-a17af2e03b16", "code": "JPPBAZ", "id": 68535, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-68535-interview-like-a-legend-no-slides-just-vibes", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JPPBAZ/", "title": "Interview Like a Legend: No Slides, Just Vibes", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "Let\u2019s be real: your resume isn\u2019t getting you the job. It\u2019s just the ticket into the arena. The real boss battle? The interview itself.  FIGHT!\r\n\r\nThis session is for anyone who\u2019s ever left an interview and thought, \u201cWell\u2026 that could\u2019ve gone better.\u201d We\u2019re skipping the slide deck (except for some juicy memes) and jumping straight into battle-tested, no-BS advice on how to stand out in interviews and actually get hired. Whether you\u2019re a brand new SOC analyst, a mid-career pivot-er, or someone who\u2019s been ghosted more times than a mall perfume salesman - this talk is for you.\r\n\r\nIt\u2019s not death by PowerPoint. \r\n\r\nIt\u2019s a conversation. \r\n\r\nWith memes. Come laugh, learn, and leave ready to be the candidate they remember.", "description": "Resumes are fine. But they don\u2019t get you hired - you do.\r\nIn this fast-paced, no-fluff talk, cybersecurity hiring manager and mohawked chaos gremlin John Stoner breaks down how to stop bombing interviews and start showing up like the badass candidate you are.\r\nWith 25+ years in national security and cybersecurity - and hundreds of interviews under his belt - John will walk you through what actually works in an interview setting, based on real-world hiring across federal and commercial roles.\r\nWe\u2019ll cover:\r\n\u2022\tWhy resumes don\u2019t matter as much as you think\r\n\u2022\tHow preparation (not memorization) makes you stand out\r\n\u2022\tWhat stories to rehearse\u2014including your two-minute \u201ctell me about yourself\u201d\r\n\u2022\tHow to answer both technical and non-technical questions without sounding like a robot\r\n\u2022\tWhat questions you should ask\u2014and why you're interviewing them, too\r\nNo slides, just memes, tough love, and the kind of advice you wish someone had given you sooner.", "recording_license": "", "do_not_record": false, "persons": [{"code": "EECGJW", "name": "John Stoner", "avatar": "https://pretalx.com/media/avatars/EECGJW_XKG0hAP.webp", "biography": "John Stoner is a US Army veteran and highly accomplished cybersecurity leader, threat analyst and consultant, bringing over 25 years of experience with 15+ focused in cybersecurity.  He is CISSP and PMP certified, with deep competency across the US Intelligence Community (USIC), SLED and commercial verticals. His strengths include Cyber Threat Intelligence (CTI), program management, cross-functional cybersecurity consulting, course development and instruction. He gives back to the cybersecurity community volunteering with The Diana Initiative and BSides events.  John is also a volunteer DEFCON G00N. He is the Vice Chair of VetSec.", "public_name": "John Stoner", "guid": "ec38bb16-bbbd-57b6-8f4f-f6aea48d4c37", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/EECGJW/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JPPBAZ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JPPBAZ/", "attachments": []}, {"guid": "00caf5a0-3d05-5075-a9c8-0ab382747d93", "code": "R3CW7R", "id": 74527, "logo": null, "date": "2025-08-05T13:00:00-07:00", "start": "13:00", "duration": "01:00", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-74527-hire-ground-resume-reviews-tuesday-lunch-break", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/R3CW7R/", "title": "Hire Ground Resume Reviews, Tuesday Lunch Break", "subtitle": "", "track": "Hire Ground", "type": "Event1HR", "language": "en", "abstract": "Hire Ground Resume Reviews, Tuesday Lunch Break", "description": "Hire Ground Resume Reviews, Tuesday Lunch Break", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/R3CW7R/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/R3CW7R/", "attachments": []}, {"guid": "f8699030-cd3e-5c39-bf8d-bddd1bd1ce7d", "code": "KVJZHT", "id": 67083, "logo": null, "date": "2025-08-05T13:00:00-07:00", "start": "13:00", "duration": "00:45", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-67083-beyond-the-command-line-transitioning-from-individual-contributor-to-leader", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KVJZHT/", "title": "Beyond the Command Line: Transitioning from Individual Contributor to Leader", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "The leap from technical expert to leader is one of the most challenging transitions in cybersecurity. Many high-performing engineers, penetration testers, and analysts find themselves in leadership roles without clear guidance on how to succeed. The skills that make a great individual contributor\u2014deep technical expertise, problem-solving, and hands-on execution\u2014aren\u2019t always the same ones that make a great leader. \r\n\r\nThis session will explore the challenges and rewards of moving into leadership, including how to develop managerial skills, communicate effectively, and lead teams successfully.  \r\n\r\nAttendees will leave this discussion with a clear understanding of what it takes to transition from an individual contributor to a successful cybersecurity leader. They will learn how to shift their mindset from personal technical execution to team success, develop critical leadership skills like communication and delegation, and navigate the challenges of managing former peers. The discussion will also tackle imposter syndrome, common leadership pitfalls, and how to build an authentic leadership style that aligns with your strengths. Whether you're considering a leadership role or already in one, this session will provide actionable insights to help you grow, lead, and thrive in your cybersecurity career.", "description": "The cybersecurity industry is at a crossroads. While technical expertise remains crucial, organizations increasingly need strong leadership to guide teams, manage complexity, and drive security initiatives forward. However, transitioning from an individual contributor to a leadership role is one of the most difficult career shifts in cybersecurity. Many professionals who excel in technical roles find themselves promoted into management without the necessary training or guidance, leading to frustration, burnout, and ineffective leadership. \r\n\r\nI believe this talk is a good fit for the Hire Ground track because it directly addresses a widespread and often overlooked challenge in cybersecurity careers: the leadership gap. Technical skills alone do not prepare professionals to manage people, handle conflict, delegate work, or communicate effectively with executives. Without the right support and education, new leaders struggle to balance their technical expertise with the soft skills required for management. The result? Teams suffer, projects falter, and promising cybersecurity professionals leave leadership roles prematurely, contributing to industry-wide retention challenges.  \r\n\r\nThe key to addressing the leadership gap in cybersecurity is deliberate preparation, skill development, and structured mentorship\u2014not just learning on the job through trial and error. This discussion will provide a real-world roadmap for technical professionals stepping into leadership roles, equipping them with practical strategies to lead effectively while maintaining credibility and confidence. \r\n\r\n1. Mindset Shift: Attendees will learn how to redefine success in leadership\u2014moving from personal technical achievements to enabling and empowering their teams. \r\n\r\n1. Essential Leadership Skills: The session will cover communication, delegation, decision-making, and conflict resolution, ensuring new leaders are prepared for the human-side of cybersecurity leadership. \r\n\r\n1. Navigating Common Challenges: Managing former peers, avoiding micromanagement, handling imposter syndrome, and balancing hands-on work with strategic leadership will be key focus areas. \r\n\r\n1. Building a Leadership Style: Attendees will explore different leadership approaches, helping them develop an authentic leadership identity that plays to their strengths. \r\n\r\n1. Long-Term Growth & Retention: The discussion will emphasize mentorship, professional development, and continuous learning, ensuring new leaders don\u2019t just survive in their roles\u2014but thrive while fostering stronger teams and a healthier cybersecurity industry. \r\n\r\nI feel that by leading this structured discussion, I can help empower attendees with actionable insights to confidently step into leadership roles, strengthening both their individual careers and the broader cybersecurity ecosystem.", "recording_license": "", "do_not_record": false, "persons": [{"code": "HHB7GD", "name": "Leo Pate", "avatar": "https://pretalx.com/media/avatars/HHB7GD_y3AMVTp.webp", "biography": "Leo Pate III is an accomplished security leader and military veteran with over 13 years of experience in proactive security, cybersecurity operations, and technical leadership. Currently serving as Regional Consulting Lead at NetSPI, Leo oversees the Central Region Consulting team, driving operational excellence and fostering a culture of growth and innovation. His leadership spans talent management, team development, and process optimization, ensuring exceptional service delivery for clients across various industries. Leo\u2019s strategic initiatives have consistently improved consultant utilization, organizational efficiency, and revenue performance, solidifying his reputation for delivering results in dynamic, client-focused environments.  \r\n\r\nPrior to his current role, Leo served as a Senior Managing Consultant and held key leadership positions within the United States Army. His military background includes leading cyber operations teams, developing capabilities for mission-critical objectives, and contributing to national security efforts. A trusted advisor and problem solver, Leo combines technical expertise, operational acumen, and a commitment to excellence to address complex challenges and drive organizational success.", "public_name": "Leo Pate", "guid": "cd880e02-56f1-5f10-b8a1-2dc5214fc94e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HHB7GD/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KVJZHT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KVJZHT/", "attachments": []}, {"guid": "01683abd-7f9e-5634-bc64-6aadab811161", "code": "E39UKP", "id": 68773, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-68773-your-interview-game-is-weak-gamifying-technical-interviews-through-role-playing", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E39UKP/", "title": "Your Interview Game is Weak: Gamifying Technical Interviews through Role-Playing", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "The conventional approach to conducting technical engineering interviews is outdated and fundamentally flawed. These practices, which rely heavily on computer science challenges or rote memorization, often contribute to a high rate of false positives and false negatives. Furthermore, these interviews frequently fail to assess the skills necessary for the actual role. As a result, organizations tend to hire candidates who excel at navigating the interview process but may not be the best fit for the position or the organizational culture. Conversely, highly qualified candidates who would otherwise be well-suited for the role are frequently overlooked. Such experiences can leave candidates with a negative perception of the organization, regardless of their final interview outcome. A more effective approach is needed.\r\n\r\nJoin Matt Torbin to discuss the data surrounding technical interviewing and learn about an interactive interviewing experience that has been tested, leaving candidates and team members with a positive experience. It is designed to assess candidates' skills in direct relation to the work they will perform within the hiring organization. This refined interview process focuses on the critical competencies required for the role and aims to be engaging and approachable, ensuring that candidates, regardless of outcome, perceive the experience positively.", "description": "As the ways of working have changed to include hybrid and remote arrangements on a more regular basis, the interview process has not kept pace. No longer are candidates sitting in a conference room being asked to do technical challenges in person. Instead, they are interviewing virtually, where assessing IQ and EQ (emotional intelligence) can be even more different. Yet in this distributed environment, EQ skills such as meeting engagement and communication are crucial to success, and the expectations of these abilities have increased. According to the 2025 CareerPlug Candidate Experience Report, \u201c26% of candidates declined an offer due to a poor experience.\u201d Additionally the report found that \u201c91% of candidates said a positive candidate experience influenced their decision to accept an offer.\u201d  No longer is the outdated stereotype of a software engineer who hides behind a computer a viable option. Instead, people must now possess both technical skills and the ability to communicate clearly with other teams, presenting their areas of discipline coherently and regularly.\r\n\r\nBy creating a fictitious organization and characters specifically crafted to interact with the interviewee, cross-team dynamics and organizational challenges can be effectively incorporated, enriching the experience for all involved. The central component of this is the Non-Playing Interviewers or NPIs. Each NPI is specifically crafted to come with a backstory, notifications, and alignments. In other words, the NPI will react based on responses from the interviewee and will be more or less inclined to take one approach or another based on how other NPIs are reacting.\r\n\r\nThe interview itself consists of challenges, all of which represent actual tasks expected of the role. These challenges are intentionally designed to allow for dynamic gameplay, depending on the approach the interviewee takes. For example, while an interviewee with heavy AWS experience might respond in one way, an interviewee with a greater focus on software development might respond in a completely different way, and the challenges are fluid enough to provide each interviewee a rich environment in which to navigate.", "recording_license": "", "do_not_record": false, "persons": [{"code": "S3HNQX", "name": "Matt Torbin", "avatar": "https://pretalx.com/media/avatars/S3HNQX_iehd1qk.webp", "biography": "Matt Torbin has been a driving force in secure software development for over 20 years, influencing all aspects of the software development lifecycle. He began his career as a full-stack engineer with a focus on UI/UX, creating user experiences for renowned brands including the Philadelphia Inquirer, Anthropologie, and VEVO, engaging millions of users.\r\n\r\nIn the last several years, Matt has shifted his focus to information security. In his current role as the Manager of Application Security at Quanata, he collaborates closely with product and engineering teams to advance product security best practices and deliver comprehensive security training. His industry contributions span public speaking, authorship, and community involvement. He has presented at conferences such as DEF CON and Day of Shecurity (DoS), authored privacy articles for 2600 Magazine: The Hacker Quarterly, and held key volunteer roles in initiatives including the Packet Hacking Village, Day of Shecurity, and BSidesSF. Among his achievements, he co-founded the DoS conference, realizing his vision for a more inclusive event.\r\n\r\nOutside of work, Matt mentors emerging professionals in the DoS community. A passionate skateboarder and longboarder, he often spends time with his son at skate parks throughout the San Francisco Bay Area.", "public_name": "Matt Torbin", "guid": "2fa1fd31-ce35-5457-a2e9-26d2503e6a12", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/S3HNQX/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E39UKP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/E39UKP/", "attachments": []}, {"guid": "be8ae9ab-c15b-51a7-97f8-f56019ef99bd", "code": "8DZ7DR", "id": 70097, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-70097-root-to-ciso-or-not", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8DZ7DR/", "title": "Root To CISO or not?", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "Join us for \u201cRoot to CISO or Not\u201d\u2014because not everyone dreams of being a CISO (some of us like sleep). In this lively panel, two CISOs and a cybersecurity recruiter will share war stories, career detours, and the surprising paths that lead through (or around) the corner office. Whether you\u2019re eyeing the top job or just trying to avoid burnout, you\u2019ll leave with practical advice\u2014and maybe a few laughs\u2014on how to navigate your cybersecurity career.", "description": "\u201cRoot to CISO or Not\u201d\r\n\r\nNot everyone dreams of becoming a CISO\u2014some of us are just trying to avoid pager fatigue\u2026 and federal indictments. Join us for a fun and insightful panel featuring two experienced CISOs and a cybersecurity recruiter as they explore the many career paths in cybersecurity, from hands-on technical roles to leadership positions.\r\n\r\nThis session will highlight how professionals can grow within the field, pivot between specialties, and decide whether the CISO track is the right fit\u2014or if life might be better without the liability insurance. You\u2019ll hear real-world career lessons, practical guidance, and a few laughs about the highs, lows, and unexpected twists of navigating a cybersecurity career.\r\n\r\nWhether you\u2019re aiming for the big chair or just trying to figure out your next move, this panel will offer clarity, encouragement, and the kind of candid advice you won\u2019t get from a job description.", "recording_license": "", "do_not_record": false, "persons": [{"code": "HZNSAM", "name": "Ray Espinoza", "avatar": "https://pretalx.com/media/avatars/HZNSAM_UvGwrFX.webp", "biography": null, "public_name": "Ray Espinoza", "guid": "56d2c537-fcfe-546f-9efc-50e6cfb9ee9b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HZNSAM/"}, {"code": "JJQMCL", "name": "Kris Rides", "avatar": "https://pretalx.com/media/avatars/JJQMCL_clz9KdO.webp", "biography": "Kris Rides is the CEO and Founder of Tiro Security - a Cybersecurity professional services and staffing firm.  He is one of the original founding Board Members of the Southern California Cloud Security Alliance Chapter, the previous President, and an honorary board member. He chairs the industry advisory board for the National Cybersecurity Training & Education Center (NCYTE) and is an advisory board member to The Cyber Helpline, Washington States Cybersecurity Centre of Excellence, as well as for the non-profit; GRC for Intelligent Ecosystems (GRCIE).\r\n\r\nKris is committed to using his expertise to make a difference in the cybersecurity Industry.", "public_name": "Kris Rides", "guid": "2e7a7d0e-bb3d-53f1-95c2-110694c0f7d5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JJQMCL/"}, {"code": "ZPJZVG", "name": "Jake Bernardes", "avatar": "https://pretalx.com/media/avatars/ZPJZVG_GGjHGgG.webp", "biography": "Experienced cybersecurity leader and CISO with a global career spanning consulting, advisory, and executive roles. I've helped startups scale and enterprises mature their security programs from zero to hero in compliance, incident response, and beyond.", "public_name": "Jake Bernardes", "guid": "ec0ed5a9-da83-5833-8700-bbc4c7b1030b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZPJZVG/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8DZ7DR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8DZ7DR/", "attachments": []}, {"guid": "9715ed12-98c4-56b6-87dd-2004710f5114", "code": "UYXVAU", "id": 70772, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "00:25", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-70772-the-world-famous-hire-ground-panel-tuesday-edition", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UYXVAU/", "title": "The World Famous Hire Ground Panel, Tuesday Edition", "subtitle": "", "track": "Hire Ground", "type": "Talk-45m", "language": "en", "abstract": "The World Famous Hire Ground Panel, Tuesday Edition", "description": "The World Famous Hire Ground Panel, Tuesday Edition", "recording_license": "", "do_not_record": false, "persons": [{"code": "BVKXTG", "name": "Kirsten Sireci Renner", "avatar": "https://pretalx.com/media/avatars/BVKXTG_9j430A4.webp", "biography": null, "public_name": "Kirsten Sireci Renner", "guid": "9a42c4d8-b7c7-53c5-bc70-0d3506469118", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/BVKXTG/"}, {"code": "JJQMCL", "name": "Kris Rides", "avatar": "https://pretalx.com/media/avatars/JJQMCL_clz9KdO.webp", "biography": "Kris Rides is the CEO and Founder of Tiro Security - a Cybersecurity professional services and staffing firm.  He is one of the original founding Board Members of the Southern California Cloud Security Alliance Chapter, the previous President, and an honorary board member. He chairs the industry advisory board for the National Cybersecurity Training & Education Center (NCYTE) and is an advisory board member to The Cyber Helpline, Washington States Cybersecurity Centre of Excellence, as well as for the non-profit; GRC for Intelligent Ecosystems (GRCIE).\r\n\r\nKris is committed to using his expertise to make a difference in the cybersecurity Industry.", "public_name": "Kris Rides", "guid": "2e7a7d0e-bb3d-53f1-95c2-110694c0f7d5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JJQMCL/"}, {"code": "YBX83M", "name": "Heather Morris", "avatar": "https://pretalx.com/media/avatars/YBX83M_DzyJ7Aj.webp", "biography": "Heather Morris is the Director of Talent Acquisition at Redhorse Corporation, where she spearheads strategic initiatives to attract, recruit, and retain top talent across the organization.\r\nWith more than a decade of experience in recruitment, Heather is a seasoned professional known for aligning recruitment strategies with business objectives. She excels in developing innovative talent acquisition processes, optimizing applicant tracking systems and reporting, and fostering a culture of diversity and inclusion. Heather\u2019s leadership in building high-performing teams plays a crucial role in supporting the company\u2019s ongoing growth and success. Her commitment to excellence ensures that the organization consistently attracts the industry\u2019s brightest talent, keeping it at the forefront of its field.\r\nPrior to joining Redhorse, Heather served as the Recruiting Manager of the National Security portfolio at Accenture Federal Services and Novetta. While in that role Heather led improvements to the overall recruitment process, managed the recruitment team, and collaborated with department heads to meet staffing needs efficiently", "public_name": "Heather Morris", "guid": "721f3da2-7809-5555-be37-3420024cca05", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YBX83M/"}, {"code": "AFND7S", "name": "Noelle Hori", "avatar": null, "biography": null, "public_name": "Noelle Hori", "guid": "aecfdd9d-f44c-566a-b70a-e28a9b63638d", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/AFND7S/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UYXVAU/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UYXVAU/", "attachments": []}, {"guid": "f8d1f688-894c-50ee-b81b-928bc2914be3", "code": "HNE73Q", "id": 73246, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "00:50", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-73246-hire-ground-resume-reviews-tuesday-evening", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HNE73Q/", "title": "Hire Ground Resume Reviews, Tuesday Evening", "subtitle": "", "track": "Hire Ground", "type": "Event1HR", "language": "en", "abstract": "Free resume reviews in Hire Ground.", "description": "Free resume reviews in Hire Ground.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HNE73Q/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HNE73Q/", "attachments": []}, {"guid": "cfd1dac0-f9aa-52c0-9e5c-78dafcc4d544", "code": "JZQS7X", "id": 70715, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "01:50", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-70715-hire-ground-mixer-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JZQS7X/", "title": "Hire Ground Mixer, Tuesday", "subtitle": "", "track": "Hire Ground", "type": "Event2HR", "language": "en", "abstract": "Hire Ground Mixer, Tuesday", "description": "Hire Ground Mixer, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JZQS7X/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JZQS7X/", "attachments": []}], "Florentine C+D": [{"guid": "e1cd60b3-16a1-5e9a-8726-8000761b1757", "code": "3HTVUE", "id": 78176, "logo": null, "date": "2025-08-05T08:30:00-07:00", "start": "08:30", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-78176-silent-auction-opens-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3HTVUE/", "title": "Silent Auction Opens, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Silent Auction Opens", "description": "Silent Auction Opens", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3HTVUE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3HTVUE/", "attachments": []}, {"guid": "d199cd2a-9945-57b0-b787-91003010fea1", "code": "G3YLV8", "id": 70720, "logo": null, "date": "2025-08-05T08:30:00-07:00", "start": "08:30", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70720-middle-ground-opens-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/G3YLV8/", "title": "Middle Ground Opens, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Middle Ground Opens, Tuesday", "description": "Middle Ground Opens, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/G3YLV8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/G3YLV8/", "attachments": []}, {"guid": "a92c4c33-1fb1-5ed1-bd05-f2c155b3bd92", "code": "8C8L37", "id": 70723, "logo": null, "date": "2025-08-05T09:00:00-07:00", "start": "09:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70723-pvj-ctf-play-begins-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8C8L37/", "title": "PvJ CTF Play Begins, Tuesday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "PvJ CTF Play Begins, Tuesday", "description": "PvJ CTF Play Begins, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8C8L37/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8C8L37/", "attachments": []}, {"guid": "807be569-5c46-569c-97c2-0dcf64e875f9", "code": "FYECDX", "id": 70727, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "01:30", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70727-morning-talks-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FYECDX/", "title": "Morning Talks, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Talk-45m", "language": "en", "abstract": "Morning Talks, Tuesday", "description": "Morning Talks, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FYECDX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FYECDX/", "attachments": []}, {"guid": "ed02d896-1dcc-5ce1-8653-b3ec28d00495", "code": "GXWDKT", "id": 70735, "logo": null, "date": "2025-08-05T12:30:00-07:00", "start": "12:30", "duration": "01:30", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70735-lunch-break-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GXWDKT/", "title": "Lunch Break, Tuesday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "Lunch, Tuesday", "description": "Lunch, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GXWDKT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GXWDKT/", "attachments": []}, {"guid": "7ba72818-4e98-5772-a716-52fa6a3a7bf9", "code": "UC7LUT", "id": 70730, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "02:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70730-afternoon-talks-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UC7LUT/", "title": "Afternoon Talks, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Talk-45m", "language": "en", "abstract": "Afternoon Talks, Tuesday", "description": "Afternoon Talks, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UC7LUT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UC7LUT/", "attachments": []}, {"guid": "80bc8653-9a01-5067-9085-e36ef551fde6", "code": "93LS3Z", "id": 70724, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70724-pvj-ctf-play-ends-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/93LS3Z/", "title": "PvJ CTF Play Ends, Tuesday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "PvJ CTF Play Ends, Tuesday", "description": "PvJ CTF Play Ends, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/93LS3Z/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/93LS3Z/", "attachments": []}, {"guid": "eea3c011-5971-549f-8e97-0e4e49484970", "code": "TLBCVD", "id": 70739, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "01:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70739-happy-hour-tuesday-sponsored-by-stroz-friedberg", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TLBCVD/", "title": "Happy Hour, Tuesday, Sponsored by Stroz Friedberg", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "Happy Hour, Tuesday, Sponsored by Aon", "description": "Happy Hour, Tuesday, Sponsored by Aon", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TLBCVD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TLBCVD/", "attachments": []}, {"guid": "2f760b3b-f958-55cf-9185-fc393b7116ea", "code": "LAGWF8", "id": 78177, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-78177-silent-auction-closes-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LAGWF8/", "title": "Silent Auction Closes, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Silent Auction Closes", "description": "Silent Auction Closes", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LAGWF8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LAGWF8/", "attachments": []}, {"guid": "d5b7b59f-5b4f-5917-8766-af6ebc427ff4", "code": "7DPHDW", "id": 70740, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "00:30", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70740-pvj-ctf-hotwash-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7DPHDW/", "title": "PvJ CTF Hotwash, Tuesday", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "PvJ CTF Hotwash, Tuesday", "description": "PvJ CTF Hotwash, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7DPHDW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7DPHDW/", "attachments": []}, {"guid": "2b7c858a-b118-527f-86d5-6328cc86bdc4", "code": "VPWFH3", "id": 70732, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "02:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70732-evening-talks-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VPWFH3/", "title": "Evening Talks, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Talk-45m", "language": "en", "abstract": "Evening Talks, Tuesday", "description": "Evening Talks, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VPWFH3/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VPWFH3/", "attachments": []}, {"guid": "4c1e26b5-13d4-5ea1-b8f6-c2f729cb8459", "code": "VC8TXB", "id": 70721, "logo": null, "date": "2025-08-05T19:00:00-07:00", "start": "19:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70721-middle-ground-closes-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VC8TXB/", "title": "Middle Ground Closes, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Middle Ground Closes, Tuesday", "description": "Middle Ground Closes, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VC8TXB/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/VC8TXB/", "attachments": []}], "Florentine E": [{"guid": "95f50216-b186-526b-b3bc-e6c3b0a13416", "code": "9HEEBE", "id": 70305, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-70305-thinking-outside-the-soc-structured-analytics-for-the-overloaded-cyber-analyst", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9HEEBE/", "title": "Thinking Outside the SOC: Structured Analytics for the Overloaded Cyber Analyst", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "Cyber Threat Intelligence (CTI) analysts face overwhelming information, complex attribution problems, and adversaries practicing active deception. While technical indicators provide essential data, they often fall short in delivering comprehensive threat understanding. This beginner-level presentation introduces Structured Analytic Techniques (SATs) \u2013 methodologies developed in traditional intelligence \u2013 as powerful enhancers for CTI workflows. We'll explore how techniques like Analysis of Competing Hypotheses, Key Assumptions Check, Red Team Analysis, and more mitigate cognitive biases in cybersecurity. The session demonstrates practical integration of SATs with established frameworks including MITRE ATT&CK, the Diamond Model, and Intelligence Cycle. Attendees will learn implementation strategies, key metrics for analytical improvement, and gain actionable templates for immediate application. This methodological bridge between traditional intelligence practices and cybersecurity represents the next evolution in defense against sophisticated threats.", "description": "As cybersecurity professionals who have applied intelligence methodologies to enhance our defensive capabilities, we've found that structured analytic techniques significantly improve threat detection and response. While we both work in cybersecurity roles, we've integrated traditional intelligence frameworks to overcome common analytical challenges faced by security teams. This talk distills our practical experience into actionable techniques that any analyst can apply immediately.\r\n\r\nOur journey with these techniques began after encountering recurring cognitive biases affecting incident analysis and threat assessment. Modern security operations face overwhelming data volumes, complex attribution challenges, and adversaries practicing deliberate deception - creating a perfect storm for analytical failure. By combining established methodologies from the intelligence community with cybersecurity practices, we've identified effective approaches that address these critical pain points without requiring extensive retraining or resource investment.\r\n\r\nThe core of our presentation revolves around several powerful structured techniques that we've found invaluable in security operations. These approaches help analysts systematically evaluate attribution evidence, test assumptions about threat actor capabilities, and establish strategic warning systems that go beyond technical indicators. In our experience, applying these methods leads to significant reductions in false positives and improvements in attribution accuracy when teams implement them correctly.\r\n\r\nWe'll demonstrate how specific SATs address everyday cybersecurity challenges, including attribution analysis, assumption testing, and anticipating threat actor movements. Attendees will receive practical examples and approaches they can adapt to their own environments, along with case studies demonstrating tangible improvements in detection accuracy and analytical rigor. The presentation includes detailed walkthroughs of real-world scenarios where these structured methods enhance threat detection and response, providing concrete examples that security teams can adapt to their unique requirements.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XTKQXK", "name": "Alina Thai", "avatar": "https://pretalx.com/media/avatars/XTKQXK_gsqWbcO.webp", "biography": "Alina is an experienced intelligence analyst focusing on cyber threats and emerging technologies. Her research interests include financial cyber crimes, cyber warfare, and protective security. Holding a BS in Computer Science and Master's in Applied Intelligence, Alina advocates for women in cybersecurity while mentoring the next generation of professionals.", "public_name": "Alina Thai", "guid": "a9a00856-ccb3-5894-bc9a-347a825fa864", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XTKQXK/"}, {"code": "YA3ZHZ", "name": "Haily Beem", "avatar": "https://pretalx.com/media/avatars/YA3ZHZ_DHPermD.webp", "biography": "Haily Beem is an experienced analyst specializing in incident response, digital forensics, and cyber threat intelligence. Her research explores how global conflicts influence cyber operations and risk exposure. She is passionate about empowering and mentoring early-career professionals interested in cybersecurity.", "public_name": "Haily Beem", "guid": "95268c53-0fd4-569c-9a54-bb9c0997eda5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YA3ZHZ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9HEEBE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9HEEBE/", "attachments": []}, {"guid": "60e7607f-1102-50c7-a893-4b211a8bd94c", "code": "3ERMMC", "id": 70274, "logo": null, "date": "2025-08-05T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-70274-securing-frontends-at-scale-paving-our-way-to-the-post-xss-world", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3ERMMC/", "title": "Securing Frontends at Scale: Paving our Way to the Post-XSS World", "subtitle": "", "track": "Ground Floor", "type": "Talk-20m", "language": "en", "abstract": "Cross-site scripting (XSS) still continues to be the dominant class of bugs exploited on the web today. Over the past decade, Google's security and product teams have invested heavily in developing scalable defenses, including code hardening measures and adopting web platform features that prevent or mitigate XSS across our ecosystem. In this talk, we will provide developers with a blueprint for enabling robust XSS protections in their code.\r\n\r\nWe will share our stories of how we rolled out our two biggest runtime protections against XSS (strict Content Security Policy and Trusted Types) at scale\u2013 as well as compile-time protections that complement them\u2013 across hundreds of products accessed by billions of users. We'll share technical lessons learned and summarize our best practices to keep your code secure as well.\r\n\r\nIn addition, we will explore a bit of what the future has in store for anti-XSS protections\u2013 including what we would like to see as platform-level defaults to truly eradicate XSS as an endemic problem in all webapps.", "description": "**We marked (20 minutes) as a preference in the form but we are flexible on the talk length of the \"Breaking Ground\" format!**\r\n\r\nOver the last decade, we have been working on a solution at-scale for injection attacks against frontend codebases that could generalize across thousands of webapps-- and we've spent quite a bit of time rolling out these mitigations to all these products! We want to share the great wealth of applied knowledge gathered from all this experience with all web developers and security professionals.\r\n\r\nWe have presented these philosophical ideas at other talks before, but the format of the \"Breaking Ground\" talks was especially fascinating to us! We spent a lot of time thinking about what the most useful approaches of our internally-honed approaches and tooling were, and spent some time developing external/OSS versions of it to benefit the ecosystem-- and based on some other talks covering some of these tools went, we thought a more interactive demo-based format where we could be closer to the audience would drive the point of how easily applicable these mitigation approaches are in the developer lifecycle.\r\n\r\nSome demos we are planning, especially focused on how it fits into web security:\r\n\r\n* https://github.com/google/strict-csp\r\n* https://www.npmjs.com/package/safevalues\r\n* https://www.npmjs.com/package/tsec\r\n* https://github.com/google/safety-web\r\n* https://github.com/google/trusted-types-helper\r\n\r\nAnd given the demo-heavy nature of this session, we will also show in action some AI-automated approaches-- where used in conjunction with these tools-- can really supercharge the mitigations that you can run across your webapp codebase!", "recording_license": "", "do_not_record": false, "persons": [{"code": "CYPLT7", "name": "Aaron Shim", "avatar": "https://pretalx.com/media/avatars/CYPLT7_UiJf9se.webp", "biography": "Jen Ozmen is a Software Engineer at Google, where she works on the Information Security Engineering team. She is passionate about building secure and reliable software, and she is always looking for new ways to improve the security of Google's products and services.\r\n\r\nAaron is a software engineer at Google who focuses on web security features and adoption across all Google products. Before working on security, he was on product teams for Google Cloud and Google Workspace. Before Google, he had a brief stint at Microsoft. Prior to big tech, he wrote a lot of Ruby on Rails code.", "public_name": "Aaron Shim", "guid": "d115d6f1-fafd-5b94-8c1a-f7bd1957fb49", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/CYPLT7/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3ERMMC/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3ERMMC/", "attachments": []}, {"guid": "f8d4a7d3-c9b5-5e28-bc01-018b56968930", "code": "N7BLLW", "id": 67161, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:20", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67161-xss-is-dead-browser-security-features-that-eliminate-bug-classes", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/N7BLLW/", "title": "XSS is dead - Browser Security Features that Eliminate Bug Classes", "subtitle": "", "track": "Ground Floor", "type": "Talk-20m", "language": "en", "abstract": "Traditional application security is broken. We\u2019re stuck in a cycle of bug bounties, vulnerability reports, and endless patching - yet the same issues keep resurfacing. Despite years of \u201cshifting left,\u201d vulnerabilities still slip into production, forcing security teams into constant firefighting. What if we could eliminate entire bug classes instead of fixing them one by one? \r\n\r\nThis talk explores how modern browser security features can automate and scale security, removing vulnerabilities without relying solely on developers remembering best practices. Powerful opt-in mechanisms like Content-Security-Policy v3, Trusted Types, and Sec-Fetch-Metadata can systematically prevent issues like XSS, CSRF, clickjacking, and cross-origin attacks. \r\n\r\nUsing real-world case studies, we\u2019ll show how leading organizations have leveraged these browser-native protections to eliminate vulnerabilities at scale. We\u2019ll cover practical ways to integrate these features, automate security headers, enforce secure defaults, and measure adoption effectively.\r\n\r\nIf you\u2019re a developer or security engineer ready to move beyond endless patching and start building secure-by-design applications, this session is for you. Learn how to automate, scale, and forget entire bug classes by harnessing the latest advances in browser security.", "description": "I also submitted this talk as a workshop as I do have great set of practical challenges for it created. But I would also (,if the workshop isn't accepted) present this as a talk as I can also pitch this new approach and idea as talk. With the new OWASP Proactive Controls list now including C6 browser security, it\u2019s the perfect time to focus on prevention instead of endless patching.\r\n\r\nI first ran this as a workshop inside my own organization, and even experienced AppSec leads found it eye-opening. The idea was inspired by some work happening behind closed doors at Google, they basically influenced the standards that we are talking about. One of the things made public was the Security Signals research paper by Google. I took those ideas, built on them, and created a hands-on training with practical challenges using those new features to secure an app in-depth, aside from the traditional securing the challenges rely on the browser features.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CCLUQG", "name": "Javan Rasokat", "avatar": "https://pretalx.com/media/avatars/CCLUQG_Q1X2eEn.webp", "biography": "Javan works as Senior Application Security Specialist at Sage, helping product teams enhance security throughout the software development lifecycle. On the side, he lectures Secure Coding at DHBW University in Germany. His journey as an ethical hacker began young, where he began to automate online games creating bots and identified security bugs, which he then reported to the game operators. Javan made his interests into his profession and began as a full stack web and mobile engineer before transitioning into a passionate security consultant. Javan holds a Master\u2019s degree in IT Security Management and several certifications, including GXPN, AIGP, CISSP, CCSP, and CSSLP. He has shared his research at conferences, including OWASP Global AppSec, DEFCON, and HITB.", "public_name": "Javan Rasokat", "guid": "b56de23f-3015-50f5-9763-4c01b99ea4a0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/CCLUQG/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/N7BLLW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/N7BLLW/", "attachments": []}, {"guid": "69a540ce-9fca-5c47-bde7-f38f7f4c0486", "code": "RBLK3C", "id": 67422, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/RBLK3C/gate__UlQtRc1.png", "date": "2025-08-05T14:30:00-07:00", "start": "14:30", "duration": "00:20", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67422-infiltrating-like-a-ninja-unveiling-detection-gaps-in-physical-security-across-japan-and-the-u-s", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RBLK3C/", "title": "Infiltrating Like a Ninja: Unveiling Detection Gaps in Physical Security Across Japan and the U.S", "subtitle": "", "track": "Ground Floor", "type": "Talk-20m", "language": "en", "abstract": "Case studies like DarkVishnya, where eight Eastern European banks lost tens of millions due to physical intrusion and malicious devices, highlight the critical importance of addressing physical security. SecureWorks has included physical intrusion in red team exercises since 2011, with the Japanese team's intrusion success rate remaining at 100%. This emphasizes the urgency of improving physical security.\r\nThis session leverages extensive penetration testing experience to illustrate differences in physical security practices between Japan and the United States, presenting real-world cases from both nations. It offers practical insights for effectively countering physical threats. Analysis indicates that Japan\u2019s relatively lenient security, influenced by low crime rates, leaves organizations vulnerable to intrusions through social engineering and inadvertent staff cooperation. Conversely, the U.S. enforces stricter measures due to higher risk awareness but remains susceptible to vulnerabilities driven by human factors. Both countries must tackle their exposure to social engineering. Attendees will understand how cultural contexts shape security postures and gain actionable strategies to strengthen defenses against these weaknesses.", "description": "- Introduction (Background & Motivation)\r\nIncidents such as the large-scale DarkVishnya compromise\u2014where malicious devices were planted onsite\u2014and the leaked i-soon documents referencing suspicious hardware underscore how physical breaches, combined with social engineering, present a very real threat to enterprises. However, compared to digital security, the sharing of knowledge regarding physical defenses remains limited.\r\nThis session offers comparative insights drawn from multiple physical penetration tests (pentests) conducted in both Japan and the United States, highlighting unique lessons from each region\u2019s security practices.\r\n\r\n- Presenter Background\r\nLet me provide some background about our presenters.\r\nOne of them is the lead for physical security in Japan team. Another is a professional who has handled numerous projects in the U.S. And finally, we have a member of the Counter Threat Unit team, who is well-known here in Japan.\r\n\r\n- Overview of Physical Penetration Testing\r\n\r\n- Definition and Purpose\r\nBy simulating real-world attacks\u2014such as social engineering, RFID cloning, or other hardware-based compromises\u2014physical pentests assess the risk of adversaries gaining physical access to internal networks and systems.\r\n\r\n- Common Techniques\r\nThese methods include not only direct system-level attacks (e.g., RFID cloning, wireless hacking) but also \u201csoft\u201d tactics like tailgating and leveraging employees\u2019 goodwill. While such techniques require finesse, the presenters have achieved a 100% success rate in certain scenarios, underlining the pivotal role of human-factor vulnerabilities.\r\n\r\n- Case Studies in Japan\r\n- Cultural Background\r\nJapan\u2019s low crime rate fosters a pervasive atmosphere of trust, with employees seldom challenging unfamiliar individuals in office settings.\r\n- Security Measures\r\nAlthough many organizations employ ID badges, gates, and other formal systems, employee vigilance is generally lacking, allowing attackers to easily install rogue devices or malware once inside.\r\n- Intrusion Example\r\nEven offices equipped with security guards, flap-gate turnstiles, and front-desk check-ins can be bypassed through social engineering. We will demonstrate how posing as a \u201clate employee without a badge\u201d or someone \u201crushing to a meeting\u201d effortlessly exploits well-intentioned staff eager to assist.\r\n\r\n- Case Studies in the United States\r\n- Cultural Background\r\nIn contrast to Japan, the U.S. experiences higher crime rates and stricter liability concerns, prompting more rigorous security measures such as patrol guards and extensive surveillance.\r\n- Security Measures\r\nAccess privileges are firmly segmented, suspicious individuals are quickly challenged, and armed guard patrols are common. One speaker will recount how a colleague was immediately approached by security on the first day of a U.S. engagement, illustrating the prevalent \u201cchallenge\u201d culture.\r\n- Intrusion Example\r\nDespite these robust defenses, carefully crafted social engineering frequently succeeds. Whether by engaging in conversation to clone RFID badges, tailgating into restricted areas, or calling a help desk for sensitive details like BitLocker keys, attackers can exploit the same human-factor weaknesses seen in Japan\u2014thus compromising critical corporate assets.\r\n\r\n- Comparative Analysis\r\n- Key Differences\r\nJapanese organizations may be undermined by cultural deference, whereas stricter enforcement characterizes the U.S. Even so, no system is impervious.\r\n- Common Weakness\r\nHuman psychology remains the ultimate vulnerability. No matter how advanced the controls, a deceived or empathetic employee can inadvertently grant attackers entry.\r\n\r\n- Conclusion\r\nPhysical security hinges not only on locks and guards but also on workplace culture and employee awareness. This presentation emphasizes the need for frequent physical pentests, practical training, and fostering what we term \u201cfriendly vigilance.\u201d Drawing from real successes\u2014and failures\u2014across both Japan and the U.S., we will propose concrete countermeasures and strategic frameworks to help organizations stay ahead of evolving threats.", "recording_license": "", "do_not_record": false, "persons": [{"code": "C8KCH8", "name": "You Nakatsuru", "avatar": "https://pretalx.com/media/avatars/C8KCH8_Lm7cI4e.webp", "biography": "With a background in security incident response support and malware analysis and countermeasure research, he joined Secureworks in March 2016. Currently, as a researcher on the Counter Threat Unit team, he focuses on investigating the latest cyber attacks, particularly those targeting Japanese enterprises. He is also actively involved in incident response and red team testing. Additionally, he has presented his findings at prestigious conferences such as the FIRST Annual Conference and CODE BLUE.", "public_name": "You Nakatsuru", "guid": "69e310d0-e573-537b-8437-d4d20e7503eb", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/C8KCH8/"}, {"code": "ASKVER", "name": "Fumiya Imai", "avatar": "https://pretalx.com/media/avatars/ASKVER_QeQJ75B.webp", "biography": "Fumiya is a consultant at Secureworks. He leads the physical security domain within the Japanese team. He conducts physical penetration tests for companies in various industries and boasts a 100% success rate. He specialises in social engineering and has identified real threats using these methods.", "public_name": "Fumiya Imai", "guid": "87848786-09b1-53e4-9b15-2af00d32cf7b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ASKVER/"}, {"code": "LYGPQQ", "name": "Viet Luu", "avatar": "https://pretalx.com/media/avatars/LYGPQQ_jWyVyQT.webp", "biography": "With a passion for offensive security and a knack for creative problem-solving, I lead and execute red team assessments that span physical security, social engineering, and wireless testing. My work involves conducting thorough internal and external network penetration tests and vulnerability assessments to identify and remediate security gaps.\r\n\r\nI specialize in developing custom exploit tools to replicate real-world attacks, providing actionable insights and practical solutions to both common and unconventional security challenges. From start to finish, I manage project lifecycles with a focus on measurable impact and continuous improvement.\r\n\r\nI\u2019m dedicated to helping organizations strengthen their security postures and adapt to an ever-changing threat landscape \u2014 and I\u2019m excited to share some of those insights with the BSides community!", "public_name": "Viet Luu", "guid": "81e9c879-61da-590a-9e90-ca98108ce8c6", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LYGPQQ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RBLK3C/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RBLK3C/", "attachments": []}, {"guid": "2b279c75-be74-5205-860f-5bbc3b0ddbdc", "code": "YXZYXG", "id": 68595, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-68595-vibe-check-the-dark-side-of-vibe-coding", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YXZYXG/", "title": "Vibe Check: The dark side of vibe coding", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "Generative AI has been transforming and expediting enterprise workflows. However, with the introduction of \u201cvibe coding\u201d, the practice of generating software utilizing AI instead of traditional software engineering practices, this introduces new vectors for cyber threats including data leakage, model manipulation, and social engineering attacks. This session will provide a pragmatic overview for industry professionals on how to securely adopt GenAI tools while minimizing exposure to risks. Our live demo will showcase how the seemingly functional code produced through simple prompts generation repeatedly fails basic security scrutiny when examined by professionals. Beyond the technical vulnerabilities, we will address organizational risks: hiring pipelines flooded with candidates lacking fundamental security understanding, and executives with unrealistic expectations about AI capabilities. As we abstract further from underlying technology, we risk creating a generation of developers disconnected from bare-metal computing principles which could potentially weaken the collective security posture. While advocating for AI as a powerful augmentation tool, we provide a crucial reality check on responsible AI implementation that will maintain security integrity in an increasingly automated development landscape.", "description": "This presentation talk came from months of Megan and I sharing concerns between the two of us on what we've been hearing colleagues say, examples of vibe coding failures on x/reddit, and our overall concerns for the future of the industry. What will cybersecurity look like if all the professionals are inhibited by a lack of understanding of foundational technical and security topics while having executives who think that AI is the answer for everything. We'll have two live demos plus room for discussions because we have lots of thoughts about the current state of vibe coding and what a more secure vibe coding future could look like that doesn't detract from foundation understanding of the underlying technology of everything.\r\nAlso, the demos will be live, but we\u2019ll pre-record them before coming in in case anything goes wrong.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8A8B8N", "name": "Chloe Potsklan", "avatar": "https://pretalx.com/media/avatars/8A8B8N_oiv34ht.webp", "biography": "Chloe Potsklan is a senior cyber security researcher working on the Threat Research team at Reach Security. Previously she had worked on the endpoint security platforms team and security architecture team mainly focusing on securing cloud environments at NBCUniversal. She started her career at Deloitte as a senior cyber risk consultant working in DevSecOps, application security, penetration testing, and vulnerability management. On the side, Chloe teaches intro to cyber security bootcamps through Savvy Coders and spends her free time playing water polo.", "public_name": "Chloe Potsklan", "guid": "8154e2df-7a84-5abe-8aa6-c115b65d1790", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8A8B8N/"}, {"code": "XTWRRA", "name": "Megan Kaczanowski", "avatar": "https://pretalx.com/media/avatars/XTWRRA_jv2jvAI.webp", "biography": "Megan Kaczanowski is a cybersecurity professional who works closely with the business and IT functions to ensure the organization considers cybersecurity at every level. Megan understands that designing secure software isn\u2019t about utilizing the latest industry buzzwords - it\u2019s about working with relevant stakeholders to understand their needs and effectively communicate security requirements.\r\n\r\nMegan has previously worked in security engineering, security architecture, and threat intelligence. In her free time, she enjoys rock climbing and scuba diving.", "public_name": "Megan Kaczanowski", "guid": "e45adfc1-8488-5e2c-8cfe-14cf340da499", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XTWRRA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YXZYXG/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YXZYXG/", "attachments": []}, {"guid": "33ee6586-0282-5116-bab7-0804df78dacf", "code": "QYKC7A", "id": 68739, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-68739-we-fight-for-the-user-s-session", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QYKC7A/", "title": "We Fight for the User's... Session", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "Ever since cookies were invented 30 years ago there has been a battle to protect them from theft and abuse. Browser designers add defensive features and attackers come up with novel ways to circumvent those defenses, steal session cookies, and become a clone of their victims. This talk will speed-run that arms race, highlighting why many of the old-school defenses remain valuable.  And the race is not over.  We'll also step through the mechanics of Google's proposed Device Bound Session Credentials which would be game changing... if anyone else chooses to support them.", "description": "Protecting the session token may seem mundane, but personal experience has shown that developer's boredom with implementing the same old defenses ends up leading to noteworthy vulnerabilities far too often.  Given the BSides audience, my goal is less about convincing the audience of the importance, as arming them with succinct statements in support of the controls they can take back to their organizations and win some battles.\r\n\r\nThe new technique to be covered, Device Bound Session Credentials, have a huge advantage over traditional session tokens in that they can't be \"stolen\" or at least not taken off the device (it's in the name).  Of course, as with any technology, being a good one doesn't mean that it's going to be adopted.  By explaining the proposed standard in detail, I hope to generate conversation around it and either contribute my small part to either its adoption or rejection if a better standard can be found.\r\n\r\nA version of this talk was given at SaintCon 2024 (https://www.youtube.com/watch?v=Qo6KQ7SH6wo), but I plan on amping up the technical side, particularly around how the DBSC protocol actually works.", "recording_license": "", "do_not_record": false, "persons": [{"code": "L3HRBX", "name": "Mark Hoopes", "avatar": "https://pretalx.com/media/avatars/L3HRBX_HYSeZEF.webp", "biography": "Mark Hoopes has been an Application Pentester for more than 10 years and has worked in enterprise IT for more than 20. He has presented at multiple conferences as a speaker and instructor. He was sucked into the security industry by a CTF and continues to be a strong proponent of hands-on training.  He is currently a chapter leader of OWASP Boulder and the managing principal at a consultancy that specializes in... pentesting and training.", "public_name": "Mark Hoopes", "guid": "1d39d310-751d-5a6a-a440-90f83191fada", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/L3HRBX/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QYKC7A/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QYKC7A/", "attachments": []}, {"guid": "a5ebf929-5ced-5018-b805-9bc91247125c", "code": "99QGN8", "id": 70298, "logo": null, "date": "2025-08-05T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-70298-a-cheat-code-for-security-programs", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/99QGN8/", "title": "A Cheat Code for Security Programs", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "In this talk, Ochaun Marshall leads you through a cheat code for product security that you can use no matter the size or maturity of your business. You will leave with a clearer understanding of the differences between Application Security, platform security, and product security; some new ways of thinking about \"shift left\"; and some tangible steps you can bring back to your team or org. Ochaun is a security engineer at Google Cloud", "description": "This is the presentation I wish I could have given to myself when I was a starting AppSec professional. Product Security is a larger domain and discipline in the universe of InfoSec. It spans everything from an http request to silicon hardware.  It enumerates every multidimensional aspect of the product, through all phases of that product's lifespan.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9QZ987", "name": "Ochaun Marshall", "avatar": "https://pretalx.com/media/avatars/9QZ987_5aVPh6P.webp", "biography": "Ochaun Marshall is a Product Security Engineer at Google Cloud. His focus is on Rapid Risk Assessments on Google Cloud products. In his day-to-day, he collaborates with engineers, security operators, and leadership to enable Google Cloud to grow securely. Everything he does is summed up in I code. I teach. I hack.  His previous talks include, \u201cFlex Seal your CI/CD pipeline\u201d, \u201cThe OPSEC of Protesting\u201d, and \"The last log4j talk you ever need\". He has spoken at numerous Bsides and DEF CON. He\u2019ll be presenting for Bsides LV for the first time in 2025.", "public_name": "Ochaun Marshall", "guid": "d26eadff-875f-519a-8bf0-52f58c165395", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9QZ987/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/99QGN8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/99QGN8/", "attachments": []}], "Florentine F": [{"guid": "163c77df-8cb0-5bbc-912a-411b5da770fc", "code": "SZWXFF", "id": 70244, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-70244-the-unbearable-weight-of-commercial-licensing-combining-closed-systems-with-open-source-defense", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SZWXFF/", "title": "The Unbearable Weight of Commercial Licensing. Combining Closed Systems with Open Source Defense", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "The cybersecurity market is projected to experience strong growth. This is driven by the plethora of devices connected to and integrated into enterprise networks, combined with the increase in zero day vulnerabilities being identified and exploited. The attack surface has broadened, while becoming more complex.\r\n\r\nMany of the enterprise security tools used to defend our networks have failed us. Painful examples range from 0day attacks in on-prem Exchange and SharePoint servers, to the SolarWinds supply chain attacks. These enterprise tools resulted in the successful compromise of businesses around the world. \r\n\r\nIn order to defend, both proprietary and open source tools have been at the core of many successful security projects and business initiatives. Open source tools have many benefits, among them, the freedom to try and tweak, while not being locked into 1-3 year licensing terms. \r\n\r\nThis talk will cover how an open source project, in particular, MISP (the malware information sharing platform) can be integrated into threat investigation workflows to help augment enterprise tools with the goal of increasing overall security while making a threat analyst\u2019s life a little easier.", "description": "This talk came out of wanting to get back to Linux and open source communities after working with Microsoft Defender, Intune, Entra, and the rest of the Microsoft 0365 world for years. (So frustrating!) I wanted to better deal with my frustration with closed source \u201csolutions\u201d at work to gain more power over alerts, as well as make the investigation and triage process more efficient. I had forgotten the joy of working with the terminal after getting clobbered with Wacatac alerts. (Searching for Wacatac leads to Microsoft marketing documentation that tells you that Microsoft Defender can defend against it.)\r\n\r\nSome jobs don\u2019t have the ability to choose over what security tools are being used, so one must assess and see if the situation can be made better. That\u2019s the background behind this talk.", "recording_license": "", "do_not_record": false, "persons": [{"code": "RWRZ9Z", "name": "Keya Arestad", "avatar": "https://pretalx.com/media/avatars/RWRZ9Z_NbcSciK.webp", "biography": "Keya Arestad works as a security architect and has been doing various types of defending (and hacking) of endpoints and networks for over 10 years. She likes to balance time between computer screens and being outside.", "public_name": "Keya Arestad", "guid": "83e6a927-d5b3-592c-bffc-87754cf560ce", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/RWRZ9Z/"}], "links": [{"title": "MISP Concepts Cheat Sheet", "url": "https://misp-project.org/misp-training/cheatsheet.pdf", "type": "related"}], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SZWXFF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SZWXFF/", "attachments": []}, {"guid": "e3ad0c52-3e8b-5d55-8443-f697ec065658", "code": "ZPH8MR", "id": 68680, "logo": null, "date": "2025-08-05T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-68680-rewriting-the-playbook-smarter-vulnerability-management-with-epssv3-cvssv4-ssvc-vex-frameworks", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZPH8MR/", "title": "Rewriting the Playbook: Smarter Vulnerability Management with EPSSv3, CVSSv4, SSVC & VEX Frameworks", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "Many financial institutions still rely on outdated CVSS-based prioritization models that create alert fatigue and leave critical, exploitable vulnerabilities buried in noise. This talk offers a practical, phased strategy for modernizing vulnerability management by combining four evolving frameworks: EPSS v4, CVSS v4, SSVC, and VEX.\r\n\r\nThe session walks through how each framework contributes\u2014EPSS adds exploit likelihood, CVSSv4 refines severity scoring, SSVC brings context-aware decision logic, and VEX helps validate exploitability in specific environments. Together, they create a unified approach to triaging vulnerabilities across infrastructure and applications.\r\n\r\nAttendees will gain practical guidance for integrating these models into their existing workflows, along with examples of how they\u2019ve been used to reduce patch workload, streamline cross-team coordination, and stand up to audit scrutiny. This talk is aimed at security professionals working in regulated sectors\u2014particularly those balancing technical risk, compliance, and remediation velocity.", "description": "This session is for anyone tired of fixing \u201ccritical\u201d vulnerabilities that don\u2019t actually matter while missing the ones that do. Through the lens of financial-sector security, the talk explores how modern frameworks like EPSS, CVSSv4, SSVC, and VEX can be layered together to build a smarter vulnerability management process.\r\n\r\nExpect real-world examples, sample triage logic, and rollout ideas that won\u2019t break your existing workflows. Whether you're in AppSec, infrastructure, or risk management, you\u2019ll walk away with a better way to prioritize what matters most\u2014and communicate those decisions clearly across teams.", "recording_license": "", "do_not_record": false, "persons": [{"code": "WJYJR7", "name": "Avinash Nutalapati", "avatar": "https://pretalx.com/media/avatars/WJYJR7_j779h7d.webp", "biography": "I\u2019m a senior security professional with a master\u2019s in cybersecurity from Northeastern University and hands-on experience spanning infrastructure vulnerability management, application security, SOC operations, and IT audit. I\u2019ve worked across diverse environments\u2014financial services, healthcare, startups, and MSSPs\u2014where I\u2019ve helped teams evolve from traditional CVSS-only approaches to more risk-aligned models. My recent focus has been building centralized AppSec vulnerability triage workflows, integrating tools like Nexus, Contrast, and Jira for streamlined remediation. I\u2019ve also worked closely with audit and compliance teams to map technical risks to frameworks like NIST, ISO 27001, and SOC2. Earlier in my career, I led SOC alert tuning, incident response, and detection engineering efforts, which gave me a solid foundation in real-time operations and threat behavior analysis. My work now centers on connecting these domains\u2014bridging AppSec, infrastructure, SOC, and governance\u2014to help orgs prioritize better, reduce noise, and move faster when it matters.", "public_name": "Avinash Nutalapati", "guid": "c4a1d2a2-9cc8-59b7-ae17-480f5ee9befb", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/WJYJR7/"}], "links": [{"title": "VEX", "url": "https://www.cisa.gov/sites/default/files/2023-01/VEX_Use_Cases_Aprill2022.pdf", "type": "related"}, {"title": "SSVC", "url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc", "type": "related"}, {"title": "CVSS V4", "url": "https://www.first.org/cvss/v4-0/", "type": "related"}, {"title": "EPSS V4", "url": "https://www.first.org/epss/user-guide", "type": "related"}], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZPH8MR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZPH8MR/", "attachments": []}, {"guid": "b104985f-db7b-5c21-8d2e-a165d4721990", "code": "NV9MUC", "id": 70315, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-70315-thwarting-key-extraction-and-supply-chain-attacks-by-detonating-gpus", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NV9MUC/", "title": "Thwarting Key Extraction and Supply Chain attacks by Detonating GPUs", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "As TEEs in high-performance computing hardware become increasingly powerful and valuable targets for espionage and sabotage, protecting the intellectual property, cryptographic keys, and sensitive data they contain is of paramount importance. This talk argues physical destruction provides stronger guarantees than other methods, such as zeroization, but unlike custom-engineered destructive solutions such as PyroMEMS nanothermite, our approach leverages existing industrial components with proven reliability. This significantly reduces the complexity and cost of the implementation. We demonstrate that a common detonator, when appropriately positioned within a modified GPU heatsink, can provide effective physical destruction of the computing hardware. The proposed solution offers a balance of effectiveness, cost, reliability, and implementation simplicity that makes it suitable for immediate deployment in secure computing environments.", "description": "## Introduction\r\n\r\nSecuring high-value computing hardware against physical tampering has become increasingly critical as the economic and strategic value of these systems continues to rise. Modern AI accelerators and specialized computing hardware often contain sensitive intellectual property, proprietary algorithms, and valuable data that require protection against unauthorized access and reverse engineering. Although software-based security measures such as encryption and authentication provide important layers of defense, they may be insufficient against sophisticated adversaries with physical access to the hardware.\r\n\r\nThe protection of computing hardware against physical attacks has traditionally focused on tamper-evident enclosures, secure boot mechanisms, and cryptographic techniques. However, these approaches have limitations when adversaries have unlimited time to analyze and physically manipulate the hardware. As noted in recent research, if an adversary has sufficient time to image or modify a chip, they can get the design of the chip for replication or further attacks, and pull secrets off the chip as they are stored or while the chip is running.\r\n\r\nThis challenge is particularly relevant in the context of flexible Hardware Hardware Enabled Guarantees (flexHEG), or Hardware Enabled Mechanisms (HEM), which aims to implement hardware-based safety measures for advanced AI systems. FlexHEGs require mechanisms that can reliably enforce policies on high-capability AI systems even when these systems might have incentives to circumvent such controls. Physical security measures that can reliably destroy sensitive hardware components in response to tampering attempts form a critical part of this safety ecosystem.\r\n\r\nVarious approaches to hardware self-destruction have been proposed in the literature, including pyrotechnical microelectromechanical systems (PyroMEMS), nanothermite layers, and other specialized solutions. While these approaches show promise, they often require complex manufacturing processes, specialized materials, and significant research and development investment. These factors can limit their practical deployment in real-world security scenarios where cost-effectiveness and reliability are paramount.\r\n\r\nIn this paper, we propose and evaluate a pragmatic alternative: the use of commercially available detonators, specifically detonators used in the petroleum industry, for rapid and reliable GPU self-destruction. The key advantages of this approach include:\r\n\r\n* **Availability**: Commercial detonators are readily accessible as standardized industrial components.\r\n* **Cost-effectiveness**: At approximately $9 per unit, they have a significantly lower cost than custom-engineered solutions.\r\n* **Reliability**: These components have been extensively tested and proven to be reliable in harsh environments such as deep oil and gas wells.\r\n* **Implementation simplicity**: The approach requires minimal modification to the existing hardware.\r\n* **Effectiveness**: As our experiments demonstrate, they provide sufficient destructive force to irreversibly damage sensitive hardware components.\r\n\r\nWe experimentally validate our approach by integrating standard #6 and #8 detonators within either backside support of a GPU or a modified GPU heatsink and testing its effectiveness in destroying the underlying hardware. Our results demonstrate that this approach provides an effective means of preventing unauthorized access to sensitive hardware components upon detection of tampering.\r\n\r\nThis work contributes to the broader field of hardware security by providing a practical, immediately deployable solution for physical security in high-value computing environments, particularly those involving AI accelerators and other specialized computing hardware that may require protection against sophisticated physical attacks.\r\n\r\nThis work may also provide protection for supply chain attacks by allowing high-value chips to be packaged at the point of manufacture with an active tamper sensor and this response mechanism to destroy the chip in any tamper or key extraction attempt.\r\n\r\n## Methodology\r\n\r\nOur research methodology focused on developing and testing a practical approach to GPU self-destruction using commercially available and accessible products. The primary objective was to identify the smallest effective mechanism that could reliably destroy a GPU while minimizing collateral damage to surrounding components and anyone handling the GPU.\r\n\r\n### Commercial Detonators\r\n\r\nWe experimented with #6, #8 blasting caps (detonators) on the basis of their commercial availability and reliability.\r\n\r\nThis detonator approach was selected over custom-engineered solutions such as PyroMEMS or specialized nanothermite implementations for several reasons:\r\n\r\n1. **Commercial availability**: The detonator is a standardized industrial component that can be procured without requiring custom manufacturing.\r\n2. **Cost-effectiveness**: At presents a significantly lower cost than custom-engineered solutions.\r\n3. **Reliability**: Detonators has been extensively tested and proven reliable in harsh environments, including high-temperature conditions typical of server environments.\r\n4. **Electrical characteristics**: The detonator can be reliably activated with standard electrical currents while providing good tolerance against accidental activation from stray currents.\r\n5. **Physical characteristics**: The compact size allows for integration within standard GPU heatsinks with minimal modification.\r\n\r\nWe experimentally validate our approach by integrating standard #6 and #8  detonators within either backside support of a GPU or a modified GPU heatsink and testing its effectiveness in destroying the underlying hardware. Our results demonstrate that this approach provides an effective means of preventing unauthorized access to sensitive hardware components upon detection of tampering.\r\n\r\nThis work contributes to the broader field of hardware security by providing a practical, immediately deployable solution for physical security in high-value computing environments, particularly those involving AI accelerators and other specialized computing hardware that may require protection against sophisticated physical attacks. \r\n\r\nThis work may also provide protection for supply chain attacks by allowing high-value chips to be packaged at the point of manufacture with an active tamper sensor and this response mechanism to destroy the chip in any tamper or key extraction attempt.\r\n\r\nOur research methodology focused on developing and testing a practical approach to GPU self-destruction using commercially available and accessible products. The primary objective was to identify the smallest effective mechanism that could reliably destroy a GPU while minimizing collateral damage to surrounding components and anyone handling the GPU.\r\n\r\n# Experimental Setup and Results\r\n\r\nWe experimented with #6, #8 blasting caps (detonators) on the basis of their commercial availability and reliability.\r\n\r\nThis detonator approach was selected over custom-engineered solutions such as PyroMEMS or specialized nanothermite implementations for several reasons:\r\n\r\n1. **Commercial availability**: The detonator is a standardized industrial component that can be procured without requiring custom manufacturing.\r\n2. **Cost-effectiveness**: At presents a significantly lower cost than custom-engineered solutions.\r\n3. **Reliability**: Detonators has been extensively tested and proven reliable in harsh environments, including high-temperature conditions typical of server environments.\r\n4. **Electrical characteristics**: The detonator can be reliably activated with standard electrical currents while providing good tolerance against accidental activation from stray currents.\r\n5. **Physical characteristics**: The compact size allows for integration within standard GPU heatsinks with minimal modification.\r\n\r\n## Experimental Setup\r\n\r\nOur experimental setup consisted of the following components:\r\n\r\n1. **Test GPU**: NVDIA P100, a representative high-performance computing accelerator similar to those used in AI training and inference systems.\r\n2. **Modified heatsink**: The standard GPU heatsink was modified to accommodate the detonator by drilling a precisely sized hole at a strategic location above critical GPU components.\r\n3. **Detonator mounting**: The detonator was securely mounted at various orientations seen in Table 1; below the backside support bracket in plane with the bracket, below the backside support bracket perpendicular to the GPU die directing the blast towrards the GPU, or Within the modified heatsink, positioned to direct the destructive force toward the GPU die and memory components.\r\n4. **Initiation**: #6 detonators were initiated with safety fuse, #8 detonators were initiated with a standard electrical ignition circuit.\r\n\r\nFor safety and regulatory compliance, all experiments were conducted in appropriate facilities with necessary federal, state and local permits and under the supervision of licensed and trained personnel of ACCX Research, Fullerton, CA.\r\n\r\n## Results\r\n\r\nOur experimental results demonstrate that commercial detonators, can effectively destroy GPU hardware in a controlled manner, rendering sensitive components irretrievable when tampering is detected.\r\n\r\n### Detonator Effectiveness\r\n\r\nEither detonator was found to be capable of reliably destroying critical GPU components. When properly positioned within the modified heatsink, the detonator generated sufficient force to physically fracture the GPU die, rendering the processor inoperable, and in most cases pulverize the die making any analysis difficult.\r\n\r\n## Table 1: GPU destruction tests using various detonators and setups\r\n\r\n| Test # | Detonator/Explosive | Setup Description | Outcome |\r\n|--------|---------------------|-------------------|---------|\r\n| 1 | #6 Blasting Cap | No heatsink; blasting cap placed under GPU | chip dislodged |\r\n| 2 | #6 Blasting Cap | With heatsink; blasting cap under GPU | chip intact |\r\n| 3 | #6 Blasting Cap (vertical) | Cap placed vertically, GPU on heatsink, setup buried in sand | chip pulverized; heatsink dented |\r\n| 4 | 2gram of C2 Detasheet | plastic explosives + 6\" 25-grain detonating cord to initiate | direct application; GPU destroyed |\r\n| 5 | 5 inches of 18-grain detcord (~100mg) | Applied to chip area | chip dislodged and shattered |\r\n| 6 | #8 Detonator | Applied directly to GPU | Unclear/ineffective |\r\n| 7 | #8 Detonator | Placed vertically on top of GPU heatsink | No destruction; ineffective |\r\n| 8 | #8 Detonator | Placed in a hole drilled through heatsink layers and onto copper plate | GPU pulverized |\r\n\r\n## Discussion\r\n\r\nThe use of commercial detonators for GPU protection offers several practical advantages over alternative approaches. They have a proven track record spanning decades and robust manufacturing quality control. This significantly reduces the implementation complexity and time-to-deployment for organizations seeking to enhance their hardware security posture.\r\n\r\nThe approach is also scalable to different sizes and types of computing hardware. While our experiments focused on GPUs, the same principles could be applied to other high-value computing components such as CPUs, FPGA accelerators, or custom ASIC designs. The key considerations would be selecting an appropriately sized detonator and optimizing its placement to ensure effective destruction of critical components.\r\n\r\nThe approach is also suitable for use in secure memory or SSD applications, as well as data destruction devices triggered with walk-away or power-on-without-key.\r\n\r\n### Regulatory and Safety Considerations\r\n\r\nThe use of detonators for hardware protection raises important regulatory and safety considerations that must be addressed in any practical implementation. Organizations implementing this approach would need to ensure compliance with relevant regulations, which may include:\r\n\r\n* Obtaining appropriate permits for storing and handling detonators\r\n* Implementing proper safety protocols for installation and maintenance\r\n* Testing the completed assemblies for compliance with shipping regulations and obtaining the necessary permits and classifications\r\n* Training personnel in safe handling procedures\r\n* Development of appropriate containment to maximize safety, even during deliberate tampering attempts\r\n* Establishing protocols for disposal of protected hardware\r\n\r\nFuture work would include building and certifying containment mechanisms for use and transport without a license or special handling. Certified products could resemble a self-contained, tamper responsive heatsink/backplate/case enclosing the protected chip(s) and are manufactured and certified as a unit that can be safely handled and pass transportation tests.\r\n\r\nThe design maturity at which this technology is safe to handle and install in typical computer environments would be naturally sufficient to pass such assessments.\r\n\r\nThese regulatory considerations may vary significantly by jurisdiction, and organizations would need to assess the specific requirements applicable to their operating environments.\r\n\r\n## Conclusion\r\n\r\nIn this paper, we have presented a practical approach to hardware security for high-value computing components using commercial detonators for rapid and reliable physical destruction. Our experimental results demonstrate that a detonator, when properly integrated into a modified GPU heatsink, provides effective protection against unauthorized access to sensitive hardware components.\r\n\r\nThe primary advantages of our approach include:\r\n\r\n* **Practicality**: Using commercially available components rather than custom-engineered solutions\r\n* **Cost-effectiveness**: Significantly lower cost than specialized PyroMEMS or nanothermite approaches\r\n* **Reliability**: Proven performance in harsh environments\r\n* **Implementation simplicity**: Minimal modification to existing hardware\r\n* **Effectiveness**: Demonstrated ability to irreversibly destroy sensitive components\r\n\r\nOur work contributes to the broader field of hardware security by providing a readily deployable solution for organizations seeking to protect high-value computing assets against sophisticated physical attacks. It is particularly relevant in the context of emerging AI safety and governance frameworks such as FlexHEG, where reliable hardware-based safety mechanisms are essential.\r\n\r\nAlthough software-based protection mechanisms such as zeroization play an important role in a layered security approach, physical destruction provides a last line of defense against sophisticated supply chain manipulation or laser key extraction. The approach we have demonstrated offers a balance of effectiveness, cost, reliability, and implementation simplicity that makes it suitable for immediate deployment in secure computing environments.\r\n\r\nFuture work should focus on refining the integration of physical destruction mechanisms with advanced tamper detection systems, exploring regulatory-friendly pathways and alternatives, and extending the approach to a broader range of computing hardware. As AI systems continue to advance in capability and strategic importance, ensuring their physical security will remain a critical challenge, and practical approaches like the one presented in this paper will form an important part of comprehensive security strategies.\r\n\r\n## Acknowledgment\r\n\r\nThe author would like to acknowledge the financial support of the Survival and Flourishing Fund, Good Forever Foundation, as well as thank the broader flexHEG community for valuable discussion and feedback. \r\n\r\nJohn Norman of ACCX research (Fullerton, CA) consulted and handled all of the explosive work, and Evan Miyazono of Atlas Computing provided invaluable project support.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3HTT3F", "name": "Mehmet Sencan", "avatar": "https://pretalx.com/media/avatars/3HTT3F_p4tTW0V.webp", "biography": "Mehmet is taking a hardware backstop approach to security and governance of AI compute. Since finishing his BS at Caltech in Applied Physics, he has been pushing chip and manufacturing technology capabilities for over a decade, previously as a full-stack hardware developer, running biosensor manufacturing processes all the way from sensor design to medical device implantation (while ensuring functionality,cost-efficacy, and manufacturability).", "public_name": "Mehmet Sencan", "guid": "60f6ea42-8624-5fe2-9896-6239d6cc504e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/3HTT3F/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NV9MUC/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NV9MUC/", "attachments": []}, {"guid": "da75be29-d62c-548b-bd44-bfe2c0794ac1", "code": "FWHWNV", "id": 68489, "logo": null, "date": "2025-08-05T14:30:00-07:00", "start": "14:30", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-68489-the-art-of-concealment-cve-s-challenge-with-transparency", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FWHWNV/", "title": "The Art of Concealment: CVE's Challenge with Transparency", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "In the cybersecurity world, the Common Vulnerabilities and Exposures (CVE) system serves as a cornerstone for understanding and mitigating security threats. However, the process of contributing to and utilizing CVE data is often hindered by issues related to transparency. This talk explores how the CVE community struggles with openness, examining why participants\u2014such as vulnerability researchers, vendors, and users\u2014may sometimes fall short of full disclosure.", "description": "In the cybersecurity world, the Common Vulnerabilities and Exposures (CVE) system serves as a cornerstone for understanding and mitigating security threats. However, the process of contributing to and utilizing CVE data is often hindered by issues related to transparency. This talk explores how the CVE community struggles with openness, examining why participants\u2014such as vulnerability researchers, vendors, and users\u2014may sometimes fall short of full disclosure.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8WZLDU", "name": "Jerry Gamblin", "avatar": "https://pretalx.com/media/avatars/8WZLDU_r0Ca50Z.webp", "biography": "Jerry Gamblin is a Principal Engineer in the Threat Detection & Response business group at Cisco Security, where he leads research and data science initiatives to enhance Cisco Security products. He is actively involved in the CVE community, participating in various working groups and serving as a member of the EPPS SIG. He regularly speaks on vulnerabilities and vulnerability management at international conferences and manages a CVE data collection site at CVE.ICU.", "public_name": "Jerry Gamblin", "guid": "07f49c6f-4490-5e24-8bc9-26d97a663c76", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8WZLDU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FWHWNV/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FWHWNV/", "attachments": []}, {"guid": "799447d2-6828-57ad-b6a5-aa2e7013c443", "code": "FXMV3G", "id": 66372, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-66372-so-you-want-to-build-your-own-hacking-device", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FXMV3G/", "title": "So... You want to build your own hacking device...", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "Ready to dive into the exhilarating world of hacking gadgets? Whether you're looking to impress your fellow nerds, make your FBI agent a little nervous, or just tinker with some cool tech, this talk has got you covered. From making a small little box turn into a Wi-Fi spy to mastering the mystical art of circuit boards, we\u2019ll explore everything you need to build your very own hacking gizmo.", "description": "In this presentation, I will delve into the burgeoning world of small hacking devices, such as the Flipper Zero and WiFi Nugget, providing a comparative analysis of popular microcontroller boards like the Raspberry Pi Pico, ESP series, and Arduino. This discussion will explore their functionalities, use cases, specifications, and cost considerations, highlighting the broader implications for security practices. We will also examine programming environments including MicroPython, CircuitPython, Arduino IDE, and C, assessing their advantages and limitations for different types of projects.\r\n\r\nFurther, the session will guide attendees on selecting the right components for their projects, such as WiFi shields, displays, and various sensors, and provide practical advice on assembling these components into functional security tools. The talk aims to empower attendees to enhance their security setups or develop new solutions, providing a roadmap from initial concept to prototype development and eventual production, thereby demystifying the technical complexities and equipping them with the knowledge to effectively utilize these tools in their cyber security endeavors.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZSPGAS", "name": "Alex Thines", "avatar": "https://pretalx.com/media/avatars/ZSPGAS_Z1qiG6e.webp", "biography": "Alex Thines began his journey as a blue team analyst, he dove into the world of programming. As he sharpened his coding skills, he found not only an enhanced ability to hack but also a newfound love for programming itself. The synergy between hacking and coding intrigued him, urging him to merge the two. After giving talks about drones last year, Alex has a renewed love for making small hacking devices similar to the FlipperZero and Wifi Nugget.", "public_name": "Alex Thines", "guid": "972667ba-d3fb-53d7-9303-6514de2ddbd1", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZSPGAS/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FXMV3G/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/FXMV3G/", "attachments": []}, {"guid": "f7a88710-0730-51ac-b87e-c865908c0482", "code": "HVRLVM", "id": 69653, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-69653-dungeons-dragons-the-security-tool-you-didn-t-know-you-needed", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HVRLVM/", "title": "Dungeons & Dragons: The security tool you didn\u2019t know you needed", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "Tired of security training that puts your team to sleep? What if we told you the most powerful training tool in cybersecurity has been sitting in your game room all along? Welcome to the world of game-based learning, where the proven power of play transforms how professionals master complex skills.\r\n\r\nResearch shows that humans learn best when working together, yet traditional training methods keep pushing isolated, theoretical learning. Game-based learning flips this approach on its head, creating environments where people forget about office politics and actually engage with the material. Through structured play and collaborative storytelling, participants don't just memorize concepts\u2014they live them, breaking down professional barriers and building genuine understanding through experience.\r\n\r\nWe'll show you the compelling evidence behind why using roleplaying games work, and demonstrate how to transform resistant learners into engaged participants. Using compelling examples, you'll discover how tabletop role-playing mechanics can turn your most challenging training scenarios\u2014from incident response to zero trust architecture\u2014into adventures your team actually looks forward to.\r\n\r\nJoin us to learn why adding roleplaying games to your professional development isn't just about making training fun\u2014it's about making it work.", "description": "# Game-Based Learning for Effective Incident Response Training: Beyond Traditional Tabletops\r\n\r\nThis talk explores a revolutionary approach to incident response training that leverages role-playing game mechanics to create engaging, effective learning experiences. Traditional tabletop exercises, while common, often fail to prepare teams for real incidents due to their static nature and participants' reluctance to be fully transparent about organizational vulnerabilities.\r\n\r\nThe foundation of this approach rests on a simple premise: humans learn better when they're having fun. This isn't just intuitive wisdom \u2013 it's backed by scientific research. A meta-study of board, tabletop, and analog game-based learning approaches confirms that engagement and enjoyment significantly enhance knowledge retention and application. When we examine why traditional training methods fall short, we find they often create artificial environments where participants worry about protecting their professional reputation rather than honestly assessing security gaps.\r\n\r\nReal incidents rarely unfold according to plan. They happen at inconvenient times (like Friday afternoons), depend on people who might be unavailable, and involve unexpected complications. Our role-playing framework simulates these realities through game mechanics that introduce unpredictability while fostering collaborative problem-solving.\r\n\r\nThe structure mirrors popular role-playing games like Dungeons & Dragons \u2013 a comparison supported by research showing that when such games are played in \"inviting, encouraging, compassionate, and intellectually engaged environments,\" they create powerful learning opportunities. Each session is guided by an Incident Master who serves as both storyteller and authority on scenario progression.\r\n\r\nParticipants embody stereotypical characters with defined personality traits and modifiers that affect their interactions. For instance, a Microsoft system administrator might have a bias toward Windows solutions and a negative modifier to likability, while a help desk supporter might have enhanced communication skills. These character archetypes add both humor and realism to the scenarios, encouraging participants to step outside their usual perspectives.\r\n\r\nThe gameplay follows a three-round structure, typically beginning at the worst possible moment \u2013 late Friday afternoon \u2013 and progressing through different phases of the incident. Each participant has two actions per round, and outcomes are determined through dice rolls that simulate real-world unpredictability. This mechanic forces teams to develop contingency plans when their initial approaches fail, just as they would in actual incidents.\r\n\r\nWhat sets this approach apart from traditional exercises is the psychological safety it creates. By framing the activity as a game rather than a test or evaluation, participants feel free to experiment with approaches, admit knowledge gaps, and honestly discuss organizational vulnerabilities without fear of professional consequences. This honesty is crucial for effective incident response preparation.\r\n\r\nThe framework's applications extend well beyond security incidents. Organizations can use it to teach abstract security concepts like Identity and Access Management or Zero Trust principles through concrete scenarios. Sales and marketing teams can gain technical understanding by experiencing incidents firsthand. Product teams can demonstrate functionality in realistic contexts. The approach scales from individual to team-based exercises and can be customized to address specific learning objectives.\r\n\r\nThe open-source nature of this framework makes it accessible to organizations of all sizes. All characters, scenarios, and guidance materials are available on GitHub as markdown files, allowing security teams to implement and customize the approach without significant investment.\r\n\r\nFrom a compliance perspective, this approach offers substantial advantages over traditional methods. Many regulatory frameworks require organizations to conduct regular incident response training. Rather than treating this as a checkbox exercise, the role-playing approach transforms compliance activities into engaging, memorable experiences that produce measurable learning outcomes.\r\n\r\nThe speaker's experience implementing this methodology has revealed several key insights. First, the Incident Master role requires both broad security knowledge and the ability to think dynamically as scenarios unfold in unexpected directions. While previous experience as a Dungeon Master in role-playing games is helpful, it's not essential. Second, scenarios should remain open-ended to simulate the unpredictability of actual incidents. Finally, the Incident Master must carefully calibrate difficulty to maintain the optimal learning zone \u2013 challenging enough to require creative thinking but not so difficult that participants become frustrated.\r\n\r\nThis approach recognizes that human minds are not meant to function in isolation. They're \"plug-and-play devices\" designed to operate in networks, and games provide a structured environment for leveraging collective intelligence. By embracing this reality rather than fighting against it, organizations can transform incident response training from a dreaded obligation into an anticipated opportunity for team building and skill development.\r\n\r\nIn summary, this game-based learning approach represents a paradigm shift in security training methodology. It addresses the fundamental limitations of traditional exercises by creating psychologically safe environments where honest assessment, creative problem-solving, and team collaboration flourish. By making incident response training engaging and enjoyable, organizations not only satisfy compliance requirements but also build genuinely resilient security cultures prepared to face real-world challenges.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JZ8NCF", "name": "Klaus Agnoletti", "avatar": "https://pretalx.com/media/avatars/JZ8NCF_Aih2i3t.webp", "biography": "Klaus Agnoletti has been an all-round infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides K\u00f8benhavn in 2019. \r\n\r\nCurrently he's a freelance storytelling cyber security advisor specializing in security transformation and community focused marketing, employer branding, playing security games  and other fun assignments and ideas coming his way. \r\n\r\nLately he has also become a neurodiversity advocate speaking about ADHD to educate and break down taboos in an industry with a vast overrepresentation of neurodiversity and not very many talking about it.", "public_name": "Klaus Agnoletti", "guid": "97865f70-b8ae-51b2-b463-29887514404a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JZ8NCF/"}, {"code": "J3PRCC", "name": "Glen Sorensen", "avatar": "https://pretalx.com/media/avatars/J3PRCC_2Vu87sY.webp", "biography": "Glen Sorensen is a Virtual Chief Information Security Officer (vCISO) with Cyber Risk Opportunities. He has worn numerous hats in his career, in areas such as security engineering and architecture, security operations, GRC, and leadership. He has held a variety of roles as an analyst, engineer, consultant, auditor, regulator, and information security officer for a financial institution.\r\n\r\nGlen approaches problems with practical solutions that bring good business value and has worked across many sectors, including financial services, healthcare, manufacturing, and others. He has served as a consulting expert in a large legal case involving healthcare and cyber attack detection technology. He has been in IT and security for 15+ years, longer if you count years of misspent youth bending technology and countless hours of roleplaying games. He is a sucker for a good tabletop exercise and serves as an Incident Master for HackBack Gaming, the fun kind of TTX.", "public_name": "Glen Sorensen", "guid": "b3a24141-a593-5cb2-b2f2-84110e0c2875", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/J3PRCC/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HVRLVM/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HVRLVM/", "attachments": []}, {"guid": "806f9a0e-2dac-51f7-99c9-f9b385222a04", "code": "JJUSHH", "id": 68770, "logo": null, "date": "2025-08-05T18:00:00-07:00", "start": "18:00", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-68770-keeping-our-history-alive-the-hacker-s-guide-to-sticker-preservation", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JJUSHH/", "title": "Keeping Our History Alive: The Hacker\u2019s Guide to Sticker Preservation", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "Laptop stickers are more than colorful pieces of flair. They represent our interests, hopes, goals, and communities. They help us find our tribe in a sea of unknown faces in black shirts. But there is a major danger to the stickers that define ourselves: upgrading our laptops.\r\n\r\nHundreds of poor hackers punish themselves with old and barely usable systems just to retain their rare mementos. After talking with many of these poor souls I've experimented with various methods to remove, retain, and reuse cherished stickers. \r\n\r\nThis is a conversation on the role of stickers in our communities and learn the right and wrong ways to keep our history alive.", "description": "Hi board! This talk came from a conversation at RE//verse con in February where people admitted using old laptops because they didn't want to lose their laptop stickers. Online guides were for sticker removal but not retention. I promised to find some solutions and make it public.\r\n\r\nThe two sides to this talk are the culture of stickers and the actual how-to of reapplication. They'll likely be 50/50 on time for 20 mins. And lots of pictures throughout.\r\n\r\nThere are many ways to approach the culture side. I want to hit on:\r\n* general interest side (offsec, dfir, networking, etc. \"There's no place like 127.0.0.1\")\r\n* specific stances (IDA Pro \"No undo, no surrender\")\r\n* political statements (\"Make Malware Great Again!\")\r\n* the Scene (BSides logos, DEFCON, LUGs, other cons)\r\n* just fun (\"Five Eyes: Backdoors and Spies\")\r\n\r\n\r\nFor tech side I've already started buying chemicals and equipment:\r\n* Heat guns\r\n* questionable ways - WD-40, Goo Gone, Acetone\r\n* Still underway - Heptane, VOC compliant Heptane alternatives, Un-Du, drawing gum\r\n* Techniques - How to separate between adhesive and laptop and not between vinyl and adhesive. Dangers of razor blades. Safety third\r\n* Readhesion - How to not lose the glue but if you do how to appropriately add more \r\n\r\n\r\nI plan on continuing the research between now and the con. I've done enough work to know the good and bad ways, but now want to explore variations on them.  I'm trying to find someone to sacrifice a laptop to let me test the limits of burning into the screen.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CBQJ9A", "name": "Brian Baskin", "avatar": "https://pretalx.com/media/avatars/CBQJ9A_AMc0GrB.webp", "biography": "Brian Baskin is a Threat Researcher with Sublime Security. He has a specialty in incident response, threat intel, and malware analysis. Baskin was previously an intrusions analyst for the US Defense Cyber Crime Center and a threat research lead at Carbon Black's Threat Analysis Unit (TAU). He has studied and presented research on cyber threats for over 20 years. He has authored multiple security books and develops open source tools for more efficient IR and malware analysis.", "public_name": "Brian Baskin", "guid": "cc1dc413-a42a-5955-ade5-2f588d0fddc5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/CBQJ9A/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JJUSHH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JJUSHH/", "attachments": []}, {"guid": "a43217c6-7ad0-5f25-83d9-28edefad848e", "code": "Z3YUJW", "id": 70213, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/Z3YUJW/Scree_RAwzPyA.png", "date": "2025-08-05T18:30:00-07:00", "start": "18:30", "duration": "00:20", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-70213-the-not-so-boring-threat-model-of-csp-managed-nhi-s", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/Z3YUJW/", "title": "The Not So Boring Threat Model of CSP-Managed NHI\u2019s", "subtitle": "", "track": "Common Ground", "type": "Talk-20m", "language": "en", "abstract": "This presentation delivers a deep (but definitely not boring) dive into the risks of CSP-managed NHI's across the big three clouds. By asking \u201cWhat can go wrong?\u201d, we'll examine how these machine identities can be exploited and the differences in technique and impact.\r\n\r\nHow do we keep things fun? Exploits unique to each cloud provider\u2019s managed NHI are used as the framework to highlight the shortcomings of each design and inform our threat model. You\u2019ll leave with an understanding of each cloud provider's NHI implementation and what you can do to mitigate risks posed by the ones automatically introduced by cloud services.", "description": "This presentation provides a focused examination of a critical risk area across all three major cloud providers: their implementations of CSP-managed Machine Identities. Specifically, we will delve into AWS Service-Linked Roles, Google-managed Service Agents, and Microsoft First-Party Applications.\r\n\r\nDrawing upon my extensive experience in Cloud, Cloud Security, and, at its most niche, Cloud Security Identity, this talk will be structured around specific, known vulnerabilities and potential exploitation vectors inherent in each cloud's implementation of these CSP-managed identities. This will move beyond theoretical risks to highlight concrete issues.", "recording_license": "", "do_not_record": false, "persons": [{"code": "VUA87C", "name": "Kat Traxler", "avatar": "https://pretalx.com/media/avatars/VUA87C_SwRqv46.webp", "biography": "Kat Traxler is the Principal Security Researcher at Vectra AI, focusing on abuse techniques and vulnerabilities in the public cloud. Before her current role, she worked at various stages in the SDLC, performing web application penetration testing and security architecture.\r\n\r\nKat\u2019s research philosophy directs her work to where design flaws and misconfigurations are most probable. This guiding principle leads her research to the intersection of technologies, particularly the convergence of cloud security and application security, and where the OS layer interfaces with higher-level abstractions.\r\nKat has presented at conferences worldwide on topics such as privilege escalation in GCP and bug-hunting in the cloud. She can be found on the internet as @nightmareJS.", "public_name": "Kat Traxler", "guid": "a43a1c06-80ef-5fea-b69d-76e571595b48", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/VUA87C/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/Z3YUJW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/Z3YUJW/", "attachments": []}], "Firenze": [{"guid": "534ed356-f577-5029-8972-e5a9a3f4a582", "code": "ADBAVR", "id": 67802, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67802-harnessing-ai-and-post-quantum-cryptography-for-cybersecurity-in-the-quantum-era", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ADBAVR/", "title": "Harnessing AI and Post-Quantum Cryptography for Cybersecurity  in the Quantum Era", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "As quantum computing advances, traditional cryptographic systems are increasingly vulnerable. Post-quantum cryptography provides a crucial solution to protect sensitive data across industries such as finance, healthcare, and government. This session will examine the impact of quantum computing on encryption, with a focus on \"Harvest Now, Decrypt Later\" attacks, where attackers exfiltrate encrypted data now with plans to decrypt it later using quantum technology.\r\n\r\nThe discussion will also highlight how artificial intelligence can enhance anomaly detection, enabling early identification of quantum-powered attacks. We will compare various artificial intelligence models, such as Isolation Forest and Autoencoders, to assess their effectiveness in detecting emerging threats. Furthermore, we\u2019ll explore quantum-resistant encryption methods and cutting-edge technologies, including quantum key distribution, secure multiparty computation, and fully homomorphic encryption.\r\n\r\nThis session will demonstrate how artificial intelligence and post-quantum cryptographic techniques can fortify cybersecurity against future quantum threats. Attendees will leave with actionable insights on how to prepare for a quantum-secure future.", "description": "Over the past two months, I have focused on researching how Artificial Intelligence (AI) can address the challenges posed by advances in quantum cryptography. As quantum computing evolves, encryption methods and identity tokens face increasing risks, with adversaries potentially breaking encryption much faster. AI provides an efficient solution by enabling quicker detection of attacks and allowing cryptographic systems to adapt in real-time. My research has explored several AI techniques for detecting quantum-related attacks, including Isolation Forest, K-Nearest Neighbors from Scikit-learn, H2O's Isolation Forest and Deep Learning models, as well as PyOD and Autoencoder-based Anomaly Detection from TensorFlow. These methods have been evaluated for their effectiveness in identifying data exfiltration and credential theft, which are often early indicators of a \"Harvest Now, Decrypt Later\" attack.\r\n\r\nA \"Harvest Now, Decrypt Later\" attack involves attackers silently exfiltrating encrypted data now with the intent to decrypt it later when quantum computers can break current cryptographic systems. This attack is characterized by subtle, persistent data exfiltration, often during off-peak hours, and the targeting of highly sensitive data, such as passwords or private keys, without immediate decryption. The absence of immediate fraudulent activity or ransom demands, coupled with the use of weak cryptographic algorithms (e.g., RSA, ECC), can indicate a \"Harvest Now, Decrypt Later\" attack. To defend against such threats, it is critical to monitor unusual access patterns, transition to quantum-resistant cryptographic systems, and implement advanced strategies like Quantum Key Distribution, Secure Multiparty Computation, and Fully Homomorphic Encryption.\r\n\r\nIn my session, I will delve into methods for enhancing protection against post-quantum attacks, discussing the implementation of quantum-resistant encryption mechanisms such as Machine Learning-based Key Encapsulation, Machine Learning-based Digital Signature Algorithm, and Symmetric-Lattice-based Hybrid Digital Signature Algorithm. These technologies offer robust solutions to safeguard data from emerging quantum cryptographic risks.\r\n\r\nTools: \r\nhttps://scikit-learn.org/stable/modules/neighbors.html\r\nhttps://docs.h2o.ai/h2o/latest-stable/h2o-docs/data-science/if.html\r\n\r\nReferences \r\nhttps://github.com/QNLab-USTC/Key-Management-and-Service-Framework-for-QKD-Networks\r\nhttps://github.com/h2oai/h2o-tutorials/blob/master/tutorials/isolation-forest/isolation-forest.ipynb\r\n\r\nPapers: \r\nhttps://cds.cern.ch/record/2723971/files/2005.01598.pdf\r\nhttps://medium.com/@weidagang/demystifying-anomaly-detection-with-autoencoder-neural-networks-1e235840d879\r\nhttps://postquantum.com/post-quantum/pqc-quantum-ai-qai/\r\nhttps://postquantum.com/quantum-ai/quantum-ai-qai/", "recording_license": "", "do_not_record": false, "persons": [{"code": "SPP9D3", "name": "Natalia Semenova", "avatar": "https://pretalx.com/media/avatars/SPP9D3_XHKBOL6.webp", "biography": "Natalia is a cybersecurity professional with 15+ years of international experience in the industry. She started her career in the academic environment after achieving PhD degree in mathematical statistics and cryptography, but later transitioned into the corporate sector where she progressed from identity and access management developer to senior security architect at leading companies like Microsoft and Google. Currently Natalia is an independent security researcher and SSDLC expert working with leading automotive companies across the world to ensure highest level of trust for serial production road vehicles.", "public_name": "Natalia Semenova", "guid": "e695c1a9-84a7-5420-9f54-f252d14a4fbe", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/SPP9D3/"}, {"code": "HXWYWB", "name": "Anushka Khare", "avatar": "https://pretalx.com/media/avatars/HXWYWB_jrpVT5e.webp", "biography": "Anushka is a Security Program Manager at Microsoft, specializing in strengthening encryption for Kerberos and Azure Kubernetes Service. Though early in her career with just 9 months at Microsoft, she has already made notable contributions, including publishing an article on enhancing Kerberos security: https://techcommunity.microsoft.com/blog/windowsservernewsandbestpractices/removal-of-des-in-kerberos-for-windows-server-and-client/4386903\r\n\r\nBefore joining Microsoft, Anushka gained valuable experience through internships at BlackBerry, Microsoft, Trans Mountain, and Iron Spear, a Canadian cybersecurity advisory firm. During these roles, she focused on developing cybersecurity controls and policies, conducting security and threat risk assessments, and testing data loss prevention solutions. Anushka's diverse background has equipped her with a strong foundation in cybersecurity, and she continues to drive innovation in her current role.", "public_name": "Anushka Khare", "guid": "4bc1a579-7a63-5981-97db-a9697efb49cb", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HXWYWB/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ADBAVR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ADBAVR/", "attachments": []}, {"guid": "bf7a3647-9db5-5af0-bed7-503f6f70e50a", "code": "CUL8P9", "id": 67682, "logo": null, "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67682-desktop-applications-yes-we-still-exist-in-the-era-of-ai", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CUL8P9/", "title": "Desktop Applications: Yes, We Still Exist in the Era of AI!!!", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Everyone\u2019s talking about securing cloud-native AI\u2014but what about desktop applications, the unsung workhorses powering critical workflows in design, engineering, finance, and content creation? Often seen as \u201clegacy,\u201d today\u2019s desktop apps are evolving\u2014embedding local LLMs, enabling predictive UIs, intelligent automation, and offline inference.\r\n\r\nThis talk reframes the AI security conversation by spotlighting threats that emerge when AI meets the desktop. We\u2019ll explore how these integrations open up new attack surfaces\u2014prompt injection in embedded models, adversarial inputs, abuse of local inference, and vulnerable plugin ecosystems. These risks don\u2019t replace traditional issues\u2014they amplify them. Longstanding flaws like memory corruption, unsafe file parsing, and protocol-level bugs remain highly relevant.\r\n\r\nWe\u2019ll demo two real-world attacks: prompt injection on a local model, and file-format fuzzing exposing a legacy crash. Then we\u2019ll look at AI-aware threat modeling for desktop apps, including edge cases like tampered models and insecure automation. Finally, we\u2019ll share practical strategies to integrate validation, fuzzing, and modeling into your secure SDLC.\r\n\r\nIf you thought desktop security was yesterday\u2019s problem\u2014think again. With AI in the mix, it\u2019s more relevant, more complex, and more important than ever.", "description": "In today\u2019s rush toward AI-native development, desktop applications are often dismissed as legacy systems. However, they remain foundational to industries like design, finance, healthcare, and engineering. These applications are evolving too\u2014embedding local LLMs, enabling predictive UIs, and offering offline AI inference. But in doing so, they create a new category of hybrid software: traditional desktop logic combined with AI decision-making. This evolution introduces a unique and largely under-explored threat landscape.\r\n\r\nThis talk reframes the AI security conversation around the desktop domain. It starts by cataloging AI use cases already embedded in modern desktop applications\u2014intelligent assistants, context-aware automation, AI-enhanced plugins, and model-influenced file parsing. With this foundation, we\u2019ll explore the novel risks they bring, including:\r\n* Prompt injection in offline or locally-embedded LLMs.\r\n* Inference-based abuse, where untrusted inputs manipulate model behavior.\r\n* Unsafe output handling, where AI-generated content drives downstream actions.\r\n* AI plugin ecosystems prone to over-permissioning or unvalidated extensions.\r\n* Model tampering, especially in scenarios without strong integrity checks.\r\n\r\nBut these new threats don\u2019t replace the old\u2014they amplify them. Traditional issues such as memory corruption, unsafe file parsing, and protocol vulnerabilities remain present, and in some cases, are re-exposed by AI-powered workflows (e.g., previewing or auto-parsing files without validation).\r\n\r\nTo demonstrate this hybrid risk model, the session includes two practical demos:\r\n1. A prompt injection attack targeting an embedded local LLM in a desktop app, leading to unintended file disclosure or unauthorized automation.\r\n2. A file-format fuzzing demo against a legacy parser now wrapped in AI functionality, resulting in a crash or memory corruption\u2014highlighting the dangers of blindly coupling AI with legacy input handling.\r\n\r\nWe\u2019ll then transition into modern threat modeling for these AI-desktop hybrids. We'll break down:\r\n* How to model trust boundaries when inference engines are embedded locally.\r\n* Risks introduced by model updates or user-controlled configuration.\r\n* Edge cases like AI-driven plugin behavior and adversarial content generation.\r\n\r\nFrom a defense perspective, we\u2019ll provide fuzzing strategies that remain effective\u2014file format fuzzing, protocol fuzzing, and model I/O fuzzing\u2014along with examples of tools like AFL++, libFuzzer, and custom harnesses for AI pipelines.\r\nFinally, we\u2019ll outline how to bring this into the Secure Development Lifecycle (SDLC):\r\n* Introduce abuse-case testing for AI features.\r\n* Incorporate threat modeling sessions into early feature design.\r\n* Automate fuzzing pipelines into CI for both legacy and AI logic.\r\n* Develop organizational awareness around the risks of hybrid systems.\r\n\r\nThis session is ideal for security engineers, red teamers, and AppSec practitioners who want a deeper understanding of how the AI transformation impacts a class of software that hasn\u2019t gone anywhere\u2014but is becoming more complex and critical than ever.\r\nExpect actionable insights, demo-driven examples, and a modernized approach to defending desktop applications in the AI era.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ZXSMQN", "name": "Uday Bhaskar Seelamantula", "avatar": "https://pretalx.com/media/avatars/ZXSMQN_aotMASx.webp", "biography": "Uday Bhaskar Seelamantula is a security professional at Autodesk with a focus on innovative approaches to application security. With extensive experience in both offensive security and secure development practices, Uday is passionate about bridging the gap between traditional security concerns and the emerging risks presented by AI technologies. Currently working on novel fuzzing techniques and static analysis, Uday has a deep interest in how security can evolve to address the unique challenges posed by AI integrations in desktop applications.\r\n\r\nHaving collaborated with teams on projects that span across security incident response, threat modeling, and secure software development lifecycle practices, Uday brings a well-rounded perspective to the conversation on how organizations can better secure the applications we rely on. When not researching the latest vulnerabilities or AI threats, Uday enjoys mentoring colleagues and sharing knowledge to help shape the next generation of security professionals.\r\n\r\nOutside of work, Uday keeps sharp by playing CTF challenges and running fuzz farms, while unwinding with snowboarding as a favorite way to relax.", "public_name": "Uday Bhaskar Seelamantula", "guid": "e7fc5601-4a20-53be-991f-87698b3ac250", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ZXSMQN/"}, {"code": "XFP3Q7", "name": "Elizabeth R Rasnick", "avatar": "https://pretalx.com/media/avatars/XFP3Q7_A7asRGk.webp", "biography": "Dr. Elizabeth Rasnick is an Assistant Professor at the University of West Florida\u2019s Center for Cybersecurity. As a first-generation college student and a woman in STEM, she is driven to recruit and retain underrepresented populations into the cybersecurity talent pipeline. Her goal for students is that they understand cybersecurity is ever-evolving and they need to continuously update their skills. Dr. Rasnick\u2019s research includes investigating recruitment and retention of underrepresented populations in cybersecurity, cybersecurity education, cybersecurity for critical infrastructure, and cybersecurity issues in supply chains. She has presented research and run workshops at regional, national, and international conferences. Dr. Rasnick often speaks to community groups about cyber essentials. She is currently serving as the president for the Florida affiliate of Women in Cyber Security (WiCyS-FL). Dr. Rasnick holds a B.S. in Computer Science from Longwood University and an M.S. in Computer Science and an M.B.A. and a Ph.D. in Information Technology from Old Dominion University. She has taught computer science and mathematics in public high schools and worked in industry as a programmer and on an incident response team.", "public_name": "Elizabeth R Rasnick", "guid": "604bc742-1ea8-5e81-a999-18f83ca80628", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XFP3Q7/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CUL8P9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CUL8P9/", "attachments": []}, {"guid": "adf09a9d-d8e5-5222-92d7-7e741f6f82a6", "code": "DD8DUT", "id": 67443, "logo": null, "date": "2025-08-05T11:00:00-07:00", "start": "11:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67443-security-theater-now-playing-when-security-is-a-sideshow-instead-of-a-strategy", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DD8DUT/", "title": "Security Theater, Now Playing: When Security Is a Sideshow Instead of a Strategy", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Security teams love policies, frameworks, and well-intentioned controls\u2014but when those efforts lack product or business context, they\u2019re often just\u2026 theater. In this talk, I\u2019ll share what happened when I joined a security program driven by compliance rather than clarity, and how that led to friction, rework, and wasted energy. Through real-world examples from a fast-moving startup, I\u2019ll walk through how we started rebuilding trust with teams who didn\u2019t want to work with us\u2014by first learning how our product actually worked and what the business actually needed. You\u2019ll leave with questions every security team should be asking their product counterparts, tactics for embedding security into the roadmap without slowing it down, and ideas for transforming from checkbox-driven blockers into true partners. Whether you\u2019re leading a program or just trying to get un-ghosted by your engineers, this talk will help you make security relevant, respected, and real.", "description": "Security programs built on frameworks, checklists, and best practices can look great on paper\u2014but without a deep understanding of the product and the business, they often fail to drive real outcomes. At best, they create friction. At worst, they create risk where there was none.\r\n\r\nIn this talk, I\u2019ll share my journey inheriting a security program at a fast-paced fintech startup that was built entirely through the lens of compliance\u2014without aligning to how the product worked or how the company actually made money. Security was seen as a service function, not a partner. Trust was low, leadership was in flux, and teams carried \u201csecurity trauma\u201d from past engagements from previous companies.\r\n\r\nThrough real examples and hard lessons, I\u2019ll walk through how we started turning things around by asking better questions, building fluency in the business, and rethinking what effective security looks like. I\u2019ll cover:\r\n\r\n- How misunderstanding the product led us to focus on the wrong risks\r\n\r\n- Key questions we started asking product, engineering, and leadership\r\n\r\n- Tactical strategies for embedding security into the development lifecycle without slowing teams down\r\n\r\n- How we shifted our posture from service provider to strategic enabler\r\n\r\n- How AI and automation gave us back time and influence when headcount wasn\u2019t an option\r\n\r\nThis talk blends storytelling, leadership lessons, and practical takeaways. It's designed for anyone trying to build or mature a security program in an environment with limited resources, unclear ownership, or complex dynamics. If you\u2019re tired of playing defense in the dark\u2014or struggling to get buy-in from teams that don\u2019t trust you\u2014this talk will give you a new lens and real strategies for making security work with the business, not just alongside it.", "recording_license": "", "do_not_record": false, "persons": [{"code": "AEBGWY", "name": "Vanessa Redman", "avatar": "https://pretalx.com/media/avatars/AEBGWY_DmwtN9z.webp", "biography": "I am a seasoned Cybersecurity professional with 15+ years of leadership and technical experience, currently working as the Vice President of Information Assurance. I have lead teams in Cyber Strategy, Cyber Risk Policy development, Threat Assessments /Analysis, Cyber Vulnerability Prioritization & Validation, and Cyber Controls Testing. I have 10+ years of DoD and Military Cybersecurity experience with the U.S. Air Force, including working as a Cyber warfare operator and instructor with in-depth, hands-on experience in analyzing and defending against nation-state and organized crime adversaries. Other experience includes using MITRE ATT&CK matrix for analysis, control testing, and planning. I also love talking about Algorithmic Game Theory and have spoken at several conferences on the subject.", "public_name": "Vanessa Redman", "guid": "0d731ca4-855b-5e61-aa65-9eafb9dab879", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/AEBGWY/"}, {"code": "RE8SMW", "name": "Mia Kralowetz", "avatar": "https://pretalx.com/media/avatars/RE8SMW_hg0IKi9.webp", "biography": "Mia Kralowetz is a security leader at Upside, where she rebuilding a security program from the ground up\u2014with empathy, AI, and just enough chaos. A career changer who once managed retail stores, ran finance and compliance teams, and worked as a life coach, she found their way into security through a love of tinkering and a desire to understand how things work.\r\n\r\nHer first security project was featured in a coworker's talk in Proving Ground talk six years ago, and since then, she's focused on DevSecOps and pentesting. Today, she's passionate about using security to build trust, not fear, and about enabling teams instead of blocking them\u2014especially in environments marked by distrust, resource constraints, and rapid change.\r\n\r\nThis is her first time at BSidesLV as a speaker\u2014and it feels like a full-circle moment.", "public_name": "Mia Kralowetz", "guid": "e9e5f15c-1fcf-5816-a73e-20c1778a88fb", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/RE8SMW/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DD8DUT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DD8DUT/", "attachments": []}, {"guid": "27f47fd6-1372-5b4a-9336-65b340674ba5", "code": "9EAAT8", "id": 67689, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67689-shorts-begone-modding-youtube-on-ios-without-jailbreaking", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9EAAT8/", "title": "Shorts Begone: Modding YouTube on iOS (without jailbreaking)", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "iOS reverse engineering can seem daunting \u2013 where do you even begin? With jailbreaking iOS becoming increasingly difficult each year, you can no longer simply attach a debugger to your phone and analyse an app\u2019s behaviour as you once could. However, new tools and frameworks have emerged that make it possible to modify apps without a jailbreak. This talk is designed as a practical guide from zero to hero, using the YouTube app as a case study \u2013 specifically, modding it to remove short-form content.\r\n\r\nWe\u2019ll cover the history of iOS reverse engineering and tweak development, iOS app packaging, dynamic analysis, method swizzling, and in-app debugging. Plus, with the advent of Apple Silicon Macs, you don\u2019t even need an iPhone to start reverse-engineering iOS apps.", "description": "I was wasting far too much time mindlessly scrolling through YouTube Shorts\u2014especially the black hole that is clips from Suits. After watching a few of Bryce Bostwick\u2019s videos on YouTube, I was inspired to take matters into my own hands and figure out how I could rip out all short-form content entirely. After a few days of haxxing, I managed to do just that. This talk is a practical guide I wish I\u2019d had when starting out\u2014an introduction to practical iOS reverse engineering for beginners. What I found was that most online resources on iOS reverse engineering assume you have a jailbroken device you can simply connect to via GDB. That\u2019s what makes this interesting to me\u2014I added the constraint of doing everything on a non-jailbroken device. \r\n\r\nThis talk will briefly explore the history of iOS reverse engineering and then move into practical techniques like:\r\n\r\n* Dynamic Analysis with Frida: How to hook into iOS apps at runtime, inspect function calls, and modify behaviour on the fly\r\n* Method Swizzling: Overriding Objective-C/Swift methods to change how apps function without modifying binaries\r\n* FLEX \u2013 In-app debugging and exploration\r\n* Theos and Tweak Development", "recording_license": "", "do_not_record": false, "persons": [{"code": "PTEUU8", "name": "MasterChen", "avatar": "https://pretalx.com/media/avatars/PTEUU8_dcl5smk.webp", "biography": "Master Chen.", "public_name": "MasterChen", "guid": "7a912319-9981-5cfe-9be8-b85e5c044194", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PTEUU8/"}, {"code": "ML9VBK", "name": "Navan", "avatar": "https://pretalx.com/media/avatars/ML9VBK_UzM1EFl.webp", "biography": "Navan is a person of far too many varied interests. He likes to say that, at the end of the day, what matters most to him is how fun and challenging the problem is\u2014not whether he has any prior experience\u2014because you can always learn more (that\u2019s the engineering god complex in him speaking). He has wasted an impressive amount of time working with Python, Swift, shell scripts, and OpenWRT. When not attempting to watch the entirety of Doctor Who in one sitting, Navan can be found in the great outdoors in his crocs, trying to come up with imaginative ways to get injured.", "public_name": "Navan", "guid": "0bb6a8fe-9674-5686-903d-820716ae4b87", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ML9VBK/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9EAAT8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9EAAT8/", "attachments": []}, {"guid": "4cbc1b56-9a05-581d-87e4-aeb4b0ba59f3", "code": "RU39RL", "id": 70314, "logo": null, "date": "2025-08-05T14:30:00-07:00", "start": "14:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-70314-unawakened-wakeup-a-novel-php-object-injection-technique-to-bypass-wakeup", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RU39RL/", "title": "Unawakened Wakeup: A Novel PHP Object Injection Technique to Bypass __wakeup()", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Some PHP libraries mitigate PHP Object Injection by adding a `__wakeup()` that throws an exception in classes that could serve as Property-oriented Programming (POP) gadgets, eliminating them in one stroke. Traditional bypasses exploit interpreter bugs, yet patches quickly kill those attacks. This talk introduces a new bypass built on an **Arbitrary Object Instantiation (AOI) primitive**: we trigger dynamic class instantiation entirely outside the process of `unserialize()`, so the guarding `__wakeup()` never runs. The only prerequisite is a POP gadget that executes `new $className(...)`.  Because the technique relies solely on core language behavior, future patches are unlikely to break it. A live demo revives the retired Guzzle/RCE1 chain of PHPGGC and gains remote code execution on a default Neos Flow installation.\r\n\r\nTakeaways \u2014 Pentesters: learn how to resurrect \u201cdead\u201d chains and locate AOI primitives; Developers: adopt practical defenses such as migrating to JSON or adding HMAC-protected serialization.", "description": "This bypass was conceived about 5 years ago when I tried to hack an Neos Flow application in our business. At the time, I was a novice in POI, but the change of mindset allowed me to build the bypass technique. I am currently out of the field due to a change in my life stage, but I am challenging the CFP to prove that everyone can create opportunities to present their research even if they are out of the field.\r\n\r\nThis content has been presented at m0leCon this year, a security conference organized by the CTF team \"pwnthem0le\" and \"Politecnico di Torino\", the oldest politechnic university in Italy. The presentation covered an introduction to PHP Object Injection, explained how POP gadgets are mitigated by overriding `__wakeup()`, and demonstrated how to bypass the mitigation to revive the Guzzle/RCE1 gadget.\r\nIt was the first technical presentation for me and some subjects and regrets have remained. So I would like to improve my in-English presentation skill at Proving Ground in Security BSides Las Vegas 2025.", "recording_license": "", "do_not_record": false, "persons": [{"code": "HAU8HJ", "name": "Mat Saulnier", "avatar": "https://pretalx.com/media/avatars/HAU8HJ_JcKc28o.webp", "biography": "With a passion for Offensive Security, he automates OffSec Tools to improve the security posture of organizations around the world. Building on his strong technical background he now focuses on Threat Research, Threat Hunting, Detection Engineering and Incident Response.\r\n\r\nMat (better known as Scoubi in this community) is a recognized security professional and Core Mentor for Defcon\u2019s Blue Team Village that has over 2 decades of experience in security. He shared his passion for IT Security and captivated audiences at Derbycon, SANS Summits and RSAC, amongst others.", "public_name": "Mat Saulnier", "guid": "a076326f-6c3c-5759-8ab5-364eb86663b4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HAU8HJ/"}, {"code": "98K9ZV", "name": "Hiroki Matsukuma", "avatar": "https://pretalx.com/media/avatars/98K9ZV_LLDICkm.webp", "biography": "Hiroki MATSUKUMA ([@hhc0null](https://x.com/hhc0null)) is a middle manager at Cyber Defense Institute, Inc. in Japan, where he leads reverse engineering section. His main areas of interests involve vulnerability research and exploit development. 'House of Einherjar', a GLibc heap exploitation technique used in CTFs, is one of his works.", "public_name": "Hiroki Matsukuma", "guid": "53d8374d-b9c1-5b82-8eb0-16ec276dcc31", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/98K9ZV/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RU39RL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RU39RL/", "attachments": []}, {"guid": "72c34dc5-b6eb-5528-818a-04ae52c7341d", "code": "SWPNGK", "id": 67803, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67803-boost-your-career-get-practical-infosec-experience-in-your-community", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SWPNGK/", "title": "Boost Your Career: Get Practical InfoSec Experience in Your Community!", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Enhance your career in privacy, security, and open source by actively engaging with your local community. Discover how working with low-income students and their parents not only sharpens your own skills but also cultivates a culture of awareness and responsibility. Get ready to roll up your sleeves and gain hands-on experience right in your hometown! This session will provide you with actionable strategies from my journey in guiding K-12 students and their families as they learn about security and privacy. Together, we can empower the next generation and strengthen our communities\u2014one practical lesson at a time. Don\u2019t sit on the sidelines; seize this opportunity to elevate your career while making a real impact! Join us and take the first step toward your future!", "description": "After feeling lost in roles that didn\u2019t fulfill me, I took some time to reflect on how to create change in my life. With a longstanding interest in security and a concern for the lack of knowledge many people have about safe internet browsing, I decided to immerse myself in this field. Fortunately, I discovered a club dedicated to helping low-income students in the community gain internet access, enabling them to compete with their classmates in terms of information and knowledge. From my very first meeting, I knew I had found something that would truly fulfill me. I was later elected President of the club, where I not only assist students but also manage tasks such as loading open-source software on desktops and troubleshooting bugs in our systems. This role has allowed me to streamline our processes while honing my professional skills. During this talk I would like to share my passion for open source and giving back to others in true open source fashion.  I am eager to share my experiences and inspire others to seek hands-on opportunities that enable them to develop skills while making a positive impact in their communities. Last year this topic was mentioned at I am the Calvary during a talk done by Ira Victor, throughout the rest of the conference we had many people come up and talk to us about how to get more involved. Not only would I have a mentor from Proving Grounds but also have the assistance of an infosec and DFIR expert who was a previous BSides speaker, to also help mentor me with this talk.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JLRLE8", "name": "Mea Clift", "avatar": "https://pretalx.com/media/avatars/JLRLE8_qDY8YnM.webp", "biography": "Mea Clift is a seasoned cybersecurity leader with a multi-decade career marked by excellence, innovation, and mission-driven practices. As Principal Executive Advisor for Cyber Risk Engineering, she guides underwriters on cyber risks and educates insureds on trends and maturity. Previously, she focused on cybersecurity in Critical Infrastructure. A mentor and advocate for diversity, Mea actively participates in Cyversity and ISACA programs, teaching Fundamentals of GRC twice yearly. Known for her credibility with executives, clients, and peers, she is also a dedicated quilter and quilt historian living in St. Paul, Minnesota.", "public_name": "Mea Clift", "guid": "e1aa3080-76ff-5025-9ae3-b8d5772f929b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JLRLE8/"}, {"code": "FZFEUT", "name": "Ashley Cihak", "avatar": "https://pretalx.com/media/avatars/FZFEUT_txXpd7s.webp", "biography": "Ashley Cihak is the youngest President of a non profit club that specializes in providing students linux-based computers over the last 17 years. The Club has taught over 15,000 low-income students and their parents about security, privacy and open-source software. While managing the club takes up a significant amount of her time, Ashley works as the SAP Administrator and Office Manager at a snow grooming company. In her spare time, she enjoys listening to live music and flying hot air balloons.", "public_name": "Ashley Cihak", "guid": "65d3b08b-cf92-5322-ab44-5da5a954ab65", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/FZFEUT/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SWPNGK/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SWPNGK/", "attachments": []}, {"guid": "d8f3b2fd-c00a-52ea-999b-bb72ccd078d2", "code": "HZTYYL", "id": 67936, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/HZTYYL/Groce_nGl1CaN.png", "date": "2025-08-05T15:30:00-07:00", "start": "15:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67936-let-s-go-shopping-third-party-vendors-and-cyberrisk", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HZTYYL/", "title": "Let's Go Shopping: Third-Party Vendors and CyberRisk", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "As organizations increasingly adopt cloud technologies and artificial intelligence, the attack surface expands, heightening the risk of data breaches and security incidents. Third-party vendors play a significant role in this dynamic, often introducing additional vulnerabilities into the ecosystem.\r\n\r\nThis presentation aims to provide organizations, practitioners, and individual contributors with an accessible and familiar framework for evaluating and onboarding potential vendors. By implementing effective third-party risk management strategies, attendees will learn how to mitigate risks and protect their organization's critical data.", "description": "We engage in third-party risk management (TPRM) on a weekly, if not daily, basis through various activities such as shopping for clothes, toys, and food. This talk will explore the analogy of a grocery store to better understand how we practice TPRM in our daily lives and how this can serve as a foundation for robust cyber hygiene.\r\n\r\nKey terms and concepts that will be visited in this talk are the Criticality of a Vendor, the Inherent Risk of a Vendor, and what considerations may affect these two variables. \r\n\r\nThe talk will go through the different aisles of a grocery store to see how we vet our shopping cart:\r\n*Stationary\r\n*Food\r\n*Flowers\r\n*Etc.\r\n\r\nThe conclusion of this talk will emphasize using our everyday shopping habits as a model for effective TPRM. This approach aims to empower attendees in their role in cybersecurity, highlighting the importance of individual contributions to the overall security framework.", "recording_license": "", "do_not_record": false, "persons": [{"code": "BJMFMV", "name": "Meghan Jacquot", "avatar": "https://pretalx.com/media/avatars/BJMFMV_CgZq8Gw.webp", "biography": "Meghan Jacquot is a Cybersecurity Engineer at Carnegie Mellon University\u2019s Software Engineering Institute and focuses on offensive security and maturity models. Meghan shares her research and learnings via conferences and publications. She has been published in US Cybersecurity Magazine and Sources2Create. Throughout the year, she helps a variety of organizations and people including DEF CON as a SOC GOON, Diana Initiative, OWASP, and WiCyS. She firmly believes in breaking barriers for others to enter cybersecurity and also helping others to upskill. To relax she also spends time with her partner visiting national parks, gardening, and hanging with her chinchilla.", "public_name": "Meghan Jacquot", "guid": "d56d306b-2a1b-58f5-ad17-b90bf94efb08", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/BJMFMV/"}, {"code": "LL9DQH", "name": "Rafael Ayala", "avatar": "https://pretalx.com/media/avatars/LL9DQH_ZIPnMOa.webp", "biography": "Rafael works in Third-Party Risk Management. His career path spans non-profit work, to education and most recently to third-party risk management and cybersecurity. He has a passion for learning and is always seeking ideas that will expand his horizons. \r\n\r\nOutside of work, catch me playing MTG, coaching sports, or reading.", "public_name": "Rafael Ayala", "guid": "8407f6b0-c7e9-5693-8a0d-fd5e1e3051e2", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LL9DQH/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HZTYYL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HZTYYL/", "attachments": []}, {"guid": "5ed0326b-b4a1-5f2c-8208-986b02561473", "code": "TRVZRS", "id": 67690, "logo": null, "date": "2025-08-05T17:30:00-07:00", "start": "17:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-67690-malicious-packages-they-re-gonna-get-ya", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TRVZRS/", "title": "Malicious Packages - they're gonna get ya!", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Supply chain security has been all the rage recently - we keep hearing over and over again, about how numerous malicious packages have been found on this package repository or that. This talk gives an overview of malicious packages and the different ways that they can pose a danger: from simple mistakes like mistyping a package name all the way up to well known and loved packages being compromised. \r\n\r\n\r\nSo how can we protect ourselves from these threats? There are various options such as checking package health, source code reviews/scans, or use of tooling such as SCA tools. SCA scans, while very useful for vulnerability scanning, cannot be relied upon to protect against malicious packages. This talk will discuss their blind spots and other options for adding further protection. It will further reinforce that security should always take a multi-layered approach.", "description": "Over the past few years as a developer and then a security engineer, I've been tasked with upgrading packages due to vulnerabilities countless times, and more recently implemented tooling to detect these vulnerabilities. Throughout this work, one subset of vulnerable packages has really stood out to me - malicious packages. They come in many different shapes and sizes. Their risks appear when adding new packages, or when updating existing packages previously thought to be safe. This talk will discuss what malicious packages do, where they come from, the different types, and the risks associated with them. Examples will be provided for each of the various different types. The recent compromise of xz utils will be given as an example of just how far some attackers will go to compromise legitimate packages. If any other particularly noteworthy examples come up within the next few months, those may be discussed as well.\r\n\r\nThe talk will then discuss different solutions for protecting against these risks. There are many tactics when it comes to new dependencies - reviewing package health, verifying package names, code review / scanning, etc. As well, many companies implement Software Composition Analysis (SCA) tools to detect vulnerable packages. These, however, are insufficient to protect against malicious packages. These tools have an obvious weakness in that they can only catch known malicious packages. They also miss the danger that malicious packages can pose as soon as they're run on a developer's machine, which is often long before any SCA tool will scan them. Malicious packages can also pose a danger in CI/CD pipelines, particularly if they're in testing or build tools (\"dev dependencies\"), which may run before any SCA tools do(assuming the tool(s) used even scan dev dependencies). Additional protections such as EDR, private package repositories, and package integrity will also be discussed along with their associated weaknesses. In closing, the talk will highlight the need to have multiple layers of defense and remind us that malicious packages are not the only source of supply chain attacks to be vigilant about.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8D8RQL", "name": "Allan Friedman", "avatar": "https://pretalx.com/media/avatars/8D8RQL_61Tbiul.webp", "biography": "Allan is probably here in his personal capacity.", "public_name": "Allan Friedman", "guid": "d2e20e74-231a-548b-ae2e-67ac90d29821", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8D8RQL/"}, {"code": "LMEKWB", "name": "Megg Sage", "avatar": "https://pretalx.com/media/avatars/LMEKWB_FJb9QVY.webp", "biography": "Megg is an application security engineer with a background in web development. She was drawn to security by the endless puzzles and challenges the field presents. Megg is passionate about sharing knowledge\u2014especially when she can educate her audience and frighten them a touch at the same time. After all, what can happen when security goes wrong is pretty scary. She enjoys collaborating closely with software engineering teams to integrate security into existing development practices, aiming to minimize how painful \"doing security\" can be. When not behind a computer, Megg can often be found crafting costume pieces or shiny objects.", "public_name": "Megg Sage", "guid": "293fbbc6-d6f6-563b-a177-418cda73ce4b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LMEKWB/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TRVZRS/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TRVZRS/", "attachments": []}, {"guid": "887d8f28-f129-5f11-add9-43626db1cfc2", "code": "Z3RMSJ", "id": 69932, "logo": null, "date": "2025-08-05T18:00:00-07:00", "start": "18:00", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-69932-take-all-my-money-penetrating-atms", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/Z3RMSJ/", "title": "Take all my money \u2013 penetrating ATMs", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Who needs money to grow on trees when you can make it rain out of an ATM!  If this sounds like something that you would be interested in, this talk is for you!  \r\nIn this talk you will hear career war stories from an ATM pentester.  Other topics that will be covered include technical aspects of ATM hacking, common tools used, as well as troubles that can arise when trying to set up an ATM test.\r\nAttendees will leave with a better understanding of the composition of an ATM, a basic methodology to approach ATM penetration testing with, and some crazy stories that will be shared with anyone that will listen.", "description": "In this presentation we will discuss real-world examples of cybersecurity issues with ATMs. Ever wondered what it takes to make an ATM spewing out cash? You\u2019ll hear some war stories from Fredriks career when penetration testing ATMs which includes the technical aspects of ATM hacking like tools but also troubles that can arise when trying to set up an ATM test.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JAGAGQ", "name": "Jonathan Fischer", "avatar": "https://pretalx.com/media/avatars/JAGAGQ_G8QNmU2.webp", "biography": "Jonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery.  After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than eight years at Fortune 500 companies.  Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GXPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking. Jonathan has presented his research at conferences such as ShmooCon, Black Hat Arsenal, DEF CON Demo Labs, BSides LV, and Hardware Hacking Village. He is also the co-creator of Injectyll-HIDe, an open-source hardware implant designed for use by red teams.", "public_name": "Jonathan Fischer", "guid": "8335a357-136c-5d90-85f1-8f16dedda60d", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JAGAGQ/"}, {"code": "MGQNZP", "name": "Fredrik Sandstr\u00f6m", "avatar": "https://pretalx.com/media/avatars/MGQNZP_Bsd8MDq.webp", "biography": "Fredrik Sandstr\u00f6m, M.Sc. is Head of Cyber Security at Basalt, based in Stockholm, Sweden. He has nearly a decade of experience in penetration testing, alongside a background in software development and embedded systems engineering. His early work includes software development for organizations such as the Swedish Defence Research Agency (FOI).\r\n\r\nSince 2015, Fredrik has focused on delivering advanced security assessments\u2014including penetration testing, red teaming, and threat emulation\u2014for clients in diverse sectors such as banking, insurance, automotive, energy, communications, and IT services. He holds multiple industry-recognized certifications, including GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), GCPN (GIAC Cloud Penetration Tester), GRTP (GIAC Red Team Professional), and HTB Certified Bug Bounty Hunter (CBBH).\r\n\r\nFredrik is also an active contributor to the security community. He has presented at major conferences such as SEC-T\u2014Sweden\u2019s leading offensive security conference\u2014and DevCon in Bucharest, Romania, a key event for developers and IT professionals in Eastern Europe.", "public_name": "Fredrik Sandstr\u00f6m", "guid": "8d077b08-a743-5db4-b846-9564d210177b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MGQNZP/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/Z3RMSJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/Z3RMSJ/", "attachments": []}, {"guid": "8e4ef7ba-148f-5f40-ad1f-dbe2083adf89", "code": "X7ERWF", "id": 68748, "logo": null, "date": "2025-08-05T18:30:00-07:00", "start": "18:30", "duration": "00:25", "room": "Firenze", "slug": "security-bsides-las-vegas-2025-68748-broke-but-breached-secret-scanning-at-scale-on-a-student-budget", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/X7ERWF/", "title": "Broke but Breached: Secret Scanning at Scale on a Student Budget", "subtitle": "", "track": "Proving Ground", "type": "Proving Ground Talk-25m", "language": "en", "abstract": "Secrets are being leaked at an alarming rate\u2014hardcoded API keys, tokens, credentials\u2014you name it, it\u2019s out there. From SolarWinds to everyday developers, secret exposure has become one of the top root causes of major breaches. \r\n\r\nBut _what if you could scan for these secrets\u2026 at scale? On a student budget?_\r\n\r\nThis talk is a deep dive into how I used Kubernetes, cloud credits, and some infrastructure hacking to scan VS Code extensions and other public sources for secrets\u2014effectively and cheaply. Whether you're a cloud security enthusiast, a DevOps tinkerer, or just broke and curious, this talk will show how to harness distributed systems and automation to do big things with limited resources", "description": "Secrets are being pushed everywhere in the wild. Given that most major security breaches involve secrets being exposed\u2014like the SolarWinds breach and many others\u2014I became fascinated by how often secrets are being publicly leaked and how little effort it can take to find them if you know where to look.\r\n\r\nI wanted to perform secret scanning at scale, but I\u2019m a student with a limited budget. So I\u2019m going to talk about how I maximized the compute power available to me using Kubernetes and leveraged it to scan for secrets at scale.\r\n\r\n### Infrastructure Setup:\r\n\r\nGiven my constraints as a broke college student, I looked at what I had available: I recently completed my CKA and CKS certifications, and I had access to $100 in free Azure credits through a student account, plus similar free-tier resources across various cloud providers. My solution? Use Kubernetes to orchestrate compute resources across multiple accounts.\r\n\r\nTo set up the infrastructure, I used K3s to run a master node on my Azure account using those $100 credits very carefully. Then, I asked a few friends\u2014also students\u2014to use their own free credits to spin up virtual machines in their Azure accounts. I connected all of these together using Tailscale, putting them on the same virtual network. K3s was the best choice due to its lightweight footprint and simplicity.\r\n\r\nRight now, I\u2019m building out a Terraform configuration so I can just give my friends a link to my Terraform Cloud project. That way, they can deploy their own VM and have it automatically join my cluster. This assumes a level of trust between me and them. I\u2019m actively working on a secure abstraction layer so they can deploy without being exposed to (or able to access) any secrets.\r\n\r\n\r\n#### Scanning VS Code Extensions:\r\nThe next phase of the project is to scan VS Code extensions for secrets. It might seem like overkill, especially considering Microsoft\u2019s API rate limits, but I have a workaround.\r\n\r\nHere\u2019s how it works:\r\n - Every morning, a Kubernetes CronJob spins up and pulls a fresh list of VS Code extensions recently published to the marketplace.\r\n- These extensions are then distributed to Docker containers running TruffleHog, which scan them for known patterns of exposed secrets.\r\n - Redis is used for fast, in-memory storage of scan results.\r\n- Every 3 minutes, Redis syncs with a persistent master database for durability and redundancy.\r\n- All of this orchestration and data handling is written in Go.\r\n\r\n\r\n##### API Rate Limiting and IP Rotation:\r\nMicrosoft is fairly generous with rate limits, but I wanted to plan for scale. \r\nI set up a paid VPN service and developed a solution where IP addresses are rotated using a FIFO queue in AWS SQS. IPs are rotated in and out of the queue based on usage, helping me work around API rate limits.\r\n\r\nThis idea is still being refined, but it's designed to allow future scaling with more nodes and broader scanning capabilities.\r\n\r\n### Current Status:\r\n\r\nTo test the idea, I wrote a quick set of Python 3 scripts and downloaded around 10,000 VS Code extensions. I\u2019ve already identified exposed credentials including:\r\nOpenAI keys, Hugging Face tokens ,AWS credentials, SSH private keys, And more\r\n\r\nSince this initial proof of concept was successful, I plan to slowly expand the setup, refine the automation, and run these scans at a scale as explained above.\r\n\r\n### Tools:\r\nKubernetes (K3s)\r\nTailscale (networking)\r\nTerraform Cloud (for easy node deployment)\r\nDocker\r\nTruffleHog \u2013 https://github.com/trufflesecurity/trufflehog\r\nRedis (fast key-value storage)\r\nGoLang (core orchestration logic)\r\nPython3 (initial PoC + scraping scripts)\r\nAWS SQS (FIFO) \u2013 used for VPN IP queueing\r\nAmazon DocumentDB (it's in always free tire)\r\n\r\n---\r\n### \ud83d\udccc A Note to the CFP Review Board\r\n\r\n**Just a quick note** \u2014 *I'm still working on the explained setup for my talk*, and the outline I'm submitting right now reflects my current plan. *Some things might evolve* as I make progress and depending on how everything comes together. Also, *please reach out to me before the talk title is published on the website.* I\u2019m planning to collaborate with a few folks and want to give them a heads-up before anything goes public.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LGGDQH", "name": "Ming Chow", "avatar": "https://pretalx.com/media/avatars/LGGDQH_3HnHGUo.webp", "biography": "Ming Chow is a Teaching Professor at the Tufts University Department of Computer Science. His areas of interest are web and mobile security, and Computer Science education. Ming has spoken at numerous organizations and conferences including the HTCIA, OWASP, InfoSec World, Design Automation Conference (DAC), DEF CON, Intel, SOURCE, HOPE, BSides, and ACM SIGCSE.", "public_name": "Ming Chow", "guid": "8bced4d5-fcf1-5226-b54e-b7a81965758b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LGGDQH/"}, {"code": "DZUBQQ", "name": "Raviteja", "avatar": "https://pretalx.com/media/avatars/DZUBQQ_usm6Md7.webp", "biography": "Raviteja is a cloud-native security engineer\u2014part builder, part breaker\u2014fresh off a Master\u2019s in Cybersecurity from the University of Maryland. Brandishing OSCP, AWS Security-Specialty, and CKA/CKS credentials plus a top-100 CTFtime ranking, he turns Kubernetes chaos into self-healing, compliant defenses and turns breach tales into Terraform-powered lessons.\r\n\r\nProving Ground Presenter.", "public_name": "Raviteja", "guid": "3b10e45b-82e6-5abf-8b13-62885802175b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DZUBQQ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/X7ERWF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/X7ERWF/", "attachments": []}], "Tuscany": [{"guid": "c8c9c6ce-6942-53dc-abe8-dbaec2fb439c", "code": "7EYXUL", "id": 68487, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:20", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-68487-reversing-f5-service-password-encryption", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7EYXUL/", "title": "Reversing F5 Service Password Encryption", "subtitle": "", "track": "PasswordsCon", "type": "Talk-20m", "language": "en", "abstract": "F5 load balancers and other products store secrets in configuration files encrypted by a unit specific master key. This talk describes how with access to an F5 device via an exploit or legitimate access the master key can be extracted and configuration passwords decrypted. This talk will also share a weaponized version of an F5 exploit with the added functionality. These techniques are not documented however the technique was determined through a careful reading of the documentation and manipulation of the data storage formats. Learn the secrets of the $M$ password storage format today.", "description": "This technique was developed in 2022 by X-Force and withheld from broader distribution for several years to protect the broader community. Now that its 2025 the weaponized version of the CVE-2022-1388 exploit will be released (we modified a zephyphish exploit), the gist of it is this:\r\n\r\n1. retrieve f5 master key from unit with `f5mku -K` and that gives the master key\r\n\r\n2. the password storage is effectively AES-128 in Electronic Codebook Mode, as demonstrated with this python snippet\r\n\r\n # get the master key from the F5\r\n        master_key_str = get_master_key(target_url)\r\n        # decode the master key\r\n        master_key_data = base64.b64decode(master_key_str)\r\n        # its basically salted AES in ECB mode\r\n        aes = AES.new(master_key_data, AES.MODE_ECB)\r\n        # loop over the goods to decrypt\r\n        for ciphertext in password_list:\r\n            # grab everything past $M$xx$ which is the cyphertext\r\n            cipher_data = base64.b64decode(ciphertext[6:])\r\n            # we store in cleartext because we need to chop off the salt and decode it\r\n            cleartext = aes.decrypt(cipher_data)\r\n            # displaytext = decoded text with salt\r\n            displaytext = cleartext.decode(\"utf-8\")\r\n            # xtext is what we finally show after the salt has been removed, the value of xx above\r\n            xtext = displaytext.removeprefix(ciphertext[3:5])\r\n            # show the final text\r\n            print(\"Ciphertext: \" + str(ciphertext) + \" Cleartext: \" + xtext)\r\n\r\n    return\r\n\r\nThis really could be 10 minutes but I'm going to add some history to the talk", "recording_license": "", "do_not_record": false, "persons": [{"code": "ADDSN3", "name": "Dustin Heywood", "avatar": "https://pretalx.com/media/avatars/ADDSN3_QDbyRsS.webp", "biography": "Dustin Heywood otherwise known as EvilMog\u00ae is a hacker, mostly retired member of \"Team Hashcat\", and Executive Managing Hacker / Senior Technical Staff Member at IBM X-Force. He has been cracking passwords since 2009, and is the developer of the ntlmv1-multi tool. In his spare time he collects life time entry badges to conferences.", "public_name": "Dustin Heywood", "guid": "6494b2b3-49bf-52f2-9d8c-c91cfb7a010c", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ADDSN3/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7EYXUL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7EYXUL/", "attachments": []}, {"guid": "50a58e6d-3d83-5f96-bd4c-4f1574d69f2f", "code": "JAZY78", "id": 68691, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/JAZY78/phish_jxyuyAE.png", "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "00:20", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-68691-phish-back-how-to-turn-the-problem-into-a-solution", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JAZY78/", "title": "Phish-Back: How to turn the problem into a solution.", "subtitle": "", "track": "PasswordsCon", "type": "Talk-20m", "language": "en", "abstract": "What if the solution to the major problem of identity theft was to play the same game as our opponents? Following a major crisis caused by spear phishing, we immersed ourselves in developing a defense strategy that we called \u201cPhish-Back,\u201d the only real technical way to recover stolen credentials that don't end up on marketplaces.\r\n\r\nBut exposing defensive phishing pages to the internet comes with many challenges. From managing dozens of fingerprinting technologies to eliminating the phenomenal noise of the internet, this talk will detail all the technical challenges we encountered and the surprising results we achieved.", "description": "As explained in the abstract, I worked as a SOC Manager for international companies for nearly 10 years. A little over two years ago, I was confronted with the worst cyber crisis management of my career due to spear phishing. I then came up with this \u201cphish-back\u201d strategy to finally regain technical control over the issue of identity theft, which is currently mainly managed through employee awareness.\r\n\r\nAs there has been very little public research on this topic, the team I put together has experimented and learned how to create the best defensive phishing techniques. The goal of this approach is to create fake pages exposed to the internet that would tempt attackers to try out what they have stolen in order to gain access to the network. \r\n\r\nThe goal of this talk is to present our work and explain to technical teams how they can implement such a strategy in their organization. There are many technical pitfalls to avoid and a huge amount of reverse engineering to anticipate in order to prevent adversaries from discovering that this is a fake gateway to the network.  The 20-minute talk will consist of approximately 15 minutes of technical presentations/demos and 5 minutes of context and results.\r\n\r\nThe part that excites me the most is presenting the results we have observed over the last two years. As a technical expert and pentester, I knew the strategy was great, but I had no idea that attackers would take the bait so readily. I am very happy to present these research results and give back to the community.\r\n\r\nYou may notice that I have built a company around this strategy after working on it for many months as a side project with my team. I am passionate about cyber security above all else, and the name of our company or the products we sell will never be mentioned once in the presentation. I have attended dozens of conferences in my life, and nothing would annoy me more than seeing someone come and sell something at this type of conference. This is first and foremost a technical conference, by an enthusiast and for enthusiasts.", "recording_license": "", "do_not_record": false, "persons": [{"code": "L3BD8Q", "name": "Gautier Bugeon", "avatar": "https://pretalx.com/media/avatars/L3BD8Q_RvgzPL5.webp", "biography": "Former SOC Manager and Pentester with nearly 10 years of experience working with international companies, Gautier is now the CEO of a software company specializing in deception technology. Passionate about cybersecurity, he enjoys sharing his experience and research with the community.", "public_name": "Gautier Bugeon", "guid": "3d1976a5-749c-5025-a0de-54d4b70ac129", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/L3BD8Q/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JAZY78/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JAZY78/", "attachments": []}, {"guid": "0d147a0d-056e-5fa2-8131-49bc4d5209f1", "code": "NK9P3P", "id": 69843, "logo": null, "date": "2025-08-05T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-69843-lessons-from-black-swan-events-and-building-anti-fragile-cybersecurity-systems", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NK9P3P/", "title": "Lessons from Black Swan Events and Building Anti-Fragile Cybersecurity Systems", "subtitle": "", "track": "PasswordsCon", "type": "Talk-20m", "language": "en", "abstract": "In this engaging session, Dave will explore how organizations can go beyond resilience to create anti-fragile systems\u2014cybersecurity strategies that not only survive but thrive under unexpected disruptions like black swan events.\r\nDrawing on real-world examples, including the infamous WannaCry ransomware attack, he\u2019ll cover:\r\nThe concept of anti-fragility and its relevance to cybersecurity in 2025.\r\n\r\nWhy basic security hygiene\u2014especially password management\u2014remains critical.\r\n\r\nPractical steps like implementing MFA, extended access management, using password managers, and fostering cybersecurity awareness to reduce breach risks.\r\n\r\nDon\u2019t miss this opportunity to gain practical guidance and valuable insights into preparing your organization for the ever-evolving threat landscape.", "description": "Dumpster fires litter the virtual landscape defined by unpredictability and accelerating digital threats, cybersecurity must evolve beyond traditional notions of resilience. In this compelling session, Dave Lewis explores how organizations can move past merely withstanding disruption to actively benefiting from it by building anti-fragile cybersecurity systems. Borrowing from the work of Nassim Nicholas Taleb, Dave will introduce the concept of anti-fragility\u2014the idea that certain systems grow stronger when exposed to volatility, shocks, and stressors\u2014and examine its practical relevance in today\u2019s cybersecurity landscape.\r\n\r\nThrough vivid real-world examples, including a deep dive into the global impact and lessons learned from the WannaCry ransomware attack, Dave will illustrate how black swan events can expose critical systemic weaknesses\u2014but also create opportunities to reimagine how we defend our digital environments. He will argue that while advanced security solutions play a role, it\u2019s the foundational elements\u2014such as password management, widespread adoption of multi-factor authentication, and a culture of cyber awareness\u2014that often make the difference between a breach and a bullet dodged.\r\n\r\nThis session is designed to equip security professionals, technical leaders, and business stakeholders with actionable guidance to help their organizations not just survive the next unexpected crisis, but emerge stronger because of it. Attendees will leave with a clear understanding of anti-fragile principles and how to apply them to create cybersecurity programs that are not just reactive or robust, but dynamically adaptive in the face of chaos.", "recording_license": "", "do_not_record": false, "persons": [{"code": "ADNSJ9", "name": "Dave Lewis", "avatar": "https://pretalx.com/media/avatars/ADNSJ9_oMOySbB.webp", "biography": "Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password.\u00a0\r\n\r\nHe is the founder of the security site Liquidmatrix Security Digest & podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory boards of Byos.io and Knostic.ai. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference.\u00a0\r\n\r\nDave was a DEF CON speaker operations goon for 13 years. Lewis also serves on the advisory boards for the Black Hat Sector Security Conference in Canada, and the CFP review board for 44CON in the UK. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others.\u00a0\r\n\r\nFor fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.", "public_name": "Dave Lewis", "guid": "3f75a5e7-a7f7-5479-89bf-78fac257121d", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/ADNSJ9/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NK9P3P/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NK9P3P/", "attachments": []}, {"guid": "0b6e69b7-4593-5f78-860a-c4e680363585", "code": "XTUW3N", "id": 69219, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-69219-taking-down-the-power-grid", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XTUW3N/", "title": "Taking down the power grid!", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "The talk is a step by step warstory on how we as a Red Team was able to go from nothing to physical access to the EMP secure server room with the servers that control the power grid for a large part of the country.", "description": "The talk is a step by step warstory on how we as a Red Team was able to go from nothing to physical access to the EMP secure server room with the servers that control the power grid for a large part of the country. It contains topics such as infrastructure hacking, default passwords, PIN code \"eavsdropping\", access card encryption key revelation, access card cloning, social engineering, etc. It is a scary story on how it was possible to get access to the EMP secure server room for a power company, and place a dummy bomb bomb.", "recording_license": "", "do_not_record": false, "persons": [{"code": "9WEFRL", "name": "John-Andr\u00e9 Bj\u00f8rkhaug", "avatar": "https://pretalx.com/media/avatars/9WEFRL_TTmubV2.webp", "biography": "John-Andr\u00e9 Bj\u00f8rkhaug has worked as a penetration tester for over 16 years. He has a degree in electrical engineering but prefer to break things instead of building things. This led him to become a hacker/penetration tester. John's main focus is penetration testing of internal infrastructure and physical security system together with social engineering and full scale Red Team tests. John picked his first lock when he was 10, and still loving it!", "public_name": "John-Andr\u00e9 Bj\u00f8rkhaug", "guid": "520a3306-4923-5036-941e-3d44d45f4f68", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9WEFRL/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XTUW3N/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XTUW3N/", "attachments": []}, {"guid": "4d29e194-ebc6-57d8-a1a4-ac6b88e5e6ac", "code": "KX3CRZ", "id": 69865, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-69865-what-to-tell-your-developers-about-nhi-secrets-security-and-governance", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KX3CRZ/", "title": "What to Tell Your Developers About NHI Secrets Security and Governance", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "Non-Human Identities (NHIs) like service accounts, bots, and automation now outnumber humans by at least 45 to 1, and are a top target for attackers. Their rapid growth has outpaced traditional security controls, and simply securing secrets is not enough; attackers exploit blind trust in tokens and credentials every day. With the release of the OWASP Top 10 Non-Human Identity Risks in 2025, we finally have clear guidance on where the biggest threats lie and how to prioritize remediation. \r\n\r\nBut OWASP isn't alone, industry experts agree: NHI security is an urgent, organization-wide challenge that goes far beyond IT. Shadow IT and AI-powered automation are accelerating the problem, making strong identity governance and access management (IAM) essential. Developers need to understand the risks, leverage the latest best practices, and advocate for a holistic approach to NHI security. By raising awareness and driving governance across teams, we can start to control the chaos and protect our organizations as NHIs continue to proliferate.", "description": "Non-Human Identities (NHIs) outnumbered humans 45 to 1 in 2022. Given that their access abuse is one of the most easily exploited attack paths, we really need to get a handle on NHI security right now. But how do we start? What do we even tell the developer? We can't tell them to just not keep building applications and secrets security alone has not addressed all the concerns NHI security requires. \r\n\r\nOnce again, OWASP is here to shed some light on the situation right as this issue becomes a major, main steam concern. In January of 2025, they released the Top 10 Non-Human Identity Risks, which highlights exactly how NHIs keep getting exploited and gives us a guide to raising awareness and prioritizing and remediating the situation inside our organizations. \r\n\r\nBut they are not the only ones who released a guide or even a top 10 list. This talk will guide us through the commonalities of all the published wisdom around NHI security, and we will end with a discussion that governance is a path forward but will need to go through IAM and, eventually, the whole organization.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MM3B73", "name": "Dwayne McDaniel", "avatar": "https://pretalx.com/media/avatars/MM3B73_e6toqeP.webp", "biography": "Dwayne has been working as a Developer Advocate since 2014 and has been involved in tech communities since 2005. His entire mission is to \u201chelp people figure stuff out.\u201d He loves sharing his knowledge, and he has done so by giving talks at hundreds of events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and internationally in Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and crochet.", "public_name": "Dwayne McDaniel", "guid": "f808977e-363a-5996-b82e-274cf18dbd0c", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MM3B73/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KX3CRZ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KX3CRZ/", "attachments": []}, {"guid": "ed77b195-d0b9-519c-8803-6a27cd532594", "code": "7PHURF", "id": 66787, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-66787-cracking-936-million-passwords", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7PHURF/", "title": "Cracking 936 Million Passwords", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "My experience cracking 936 million passwords.\r\nIt is challenging to crack passwords at scale.\r\nI will discuss the hardware I used, tools used, wordlists, custom rules,\r\nCPU vs GPU tradeoff, found password statistics and defenses against password\r\ncracking. To date, I have found 92% of the passwords.", "description": "0 About Me\r\n\r\n1 A brief history of password cracking\r\n\r\n2 Dump from Have I Been Pwned\r\n    Good news \u2013 they are NTLM format\r\n    Bad news \u2013 936,000,000\r\n    This requires a Big Data approach and lots of RAM\r\n\r\n3 Hardware and software used\r\n    Strategy used to crack passwords\r\n    Rainbow Tables\r\n    Good for finding a few passwords, bad for finding millions of passwords\r\n    John the Ripper\r\n    Infrequent official releases, Many unofficial releases\r\n    Poor Graphical Processor Unit (GPU) windows support\r\n    Easy to make custom rules\r\n    Good mailing list support\r\n    Hashcat\r\n    6.2.6 latest release Sep 2022\r\n    Great GPU acceleration\r\n    Primitive rule syntax\r\n    Dictionary attacks takes a lot of memory\r\n    Custom Tools I wrote\r\n    Custom Rules\r\n    The  exponential cost of finding passwords\r\n    You will never find all of the passwords\r\n\r\n4 Found passwords\r\n    Found password statistics\r\n    Control characters in passwords\r\n\r\n5 Defense against having your password cracked\r\n    Don't use NTLM\r\n    2 factor authentication\r\n    Use cryptographically strong random passwords\r\n    Use a password manager", "recording_license": "", "do_not_record": false, "persons": [{"code": "NGL88M", "name": "Jeff Deifik", "avatar": "https://pretalx.com/media/avatars/NGL88M_lvUAoMb.webp", "biography": "Jeff Deifik has a MS in Cybersecurity and a CISSP and C|CISO credentials. His\r\ninterest in the intersection of cybersecurity and software development began\r\nwith white hat password cracking over 30 years ago. Career projects included\r\nten  years at the first e-commerce system (from 1985-1995), the first orbiting\r\nradio telescope satellite, the worlds most advanced pulse oxineter, and most\r\nrecently cybersecurity for government satellite ground control, balancing\r\nsound cybersecurity with cost and schedule. He is currently employed at The\r\nAerospace Corp.", "public_name": "Jeff Deifik", "guid": "fd6528cd-85dd-5091-a849-d1d78575c1b7", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/NGL88M/"}], "links": [{"title": "slides", "url": "https://jdeifik.com/Cracking_936_Million_Passwords.pdf", "type": "related"}], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7PHURF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7PHURF/", "attachments": []}, {"guid": "ecaf14ef-e357-5961-af86-97d5b8132c7e", "code": "QPBRHA", "id": 68760, "logo": null, "date": "2025-08-05T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-68760-cracking-hidden-identities-understanding-the-threat-surface-of-hidden-identities-and-protecting-them-against-password-exposure", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QPBRHA/", "title": "Cracking Hidden Identities: Understanding the Threat Surface of Hidden Identities and Protecting them Against Password Exposure", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "If a user account falls down in a forest, and it isn\u2019t managed by the organization\u2019s identity security policy, is its password still secure?\r\nWhile there is ample discussion and research on organizational security policies and password governance of corporate accounts, the emergence of the \u2018SaaS economy\u2019 has led to a rise in non-corporate and non-SSO identities that are not covered by corporate IdPs.\r\nThese identities are often hidden from organizational security systems, and fall outside of the purview of organizational password policies and identity security posture. As a consequence, they are left exposed to attack and easy exploitation, even though they are often used for work activity and handle sensitive corporate information.\r\nThis talk will dive into the world of \u2018hidden\u2019 identities of non-corporate and non-SSO identities and analyze the implications with regard to password security and exploitation. We\u2019ll define these identities, quantify them, and dive into specific risks such as password strength, password re-use, and password sharing, and offer methods and best practices on how to secure them.", "description": "This talk is based on research conducted by LayerX Security on its customer base, analyzing the identity and password security practices of end users for both corporate and non-corporate accounts. \r\nSome of the parameters for which we have metrics include:\r\n\u2022\tPassword strength (for both corporate and non-corporate accounts)\r\n\u2022\tUsage patterns (of corporate vs. non-corporate account activity on SaaS apps)\r\n\u2022\tDetails of password re-use and cross-account password sharing\r\n\u2022\tAccount sharing between users\r\n\u2022\tUsage patterns of SSO on corporate accounts (and SaaS applications)\r\n\u2022\tAnalysis of user password exposure based on public data breach databases\r\n\u2022\tAnd more\r\nSome key highlights from the research:\r\n\u2022\tCorporate Passwords are Just as Weak as Personal Passwords: Over 54% of corporate passwords are classified as medium strength or below, meaning modern password-cracking tools and hardware could easily break them. This is remarkably close to the percentage of risky non-corporate passwords, where 58% of personal passwords were medium-strength or below.\r\n\u2022\tEnterprises Are Blind to Most Identity Usage: Over 40% of SaaS applications in organizational networks are accessed via personal credentials. Moreover, over two-thirds of corporate login events are done without SSO. Together, they account for over 80% of SaaS activity on corporate networks and endpoints. This means security and IT teams are blind to usage of these accounts, and have little-to-no visibility and control over their activities, security controls (such as password security policies) or where they are used.\r\n\u2022\tJust 2% of Users Are Organizations\u2019 Biggest Security Risk: These are users who have a history of exposure that includes exposed passwords, do not use SSO-backed passwords, and have weak passwords that can be easily cracked. If cybersecurity is all about risk management, these users are the biggest risk you should worry about.\r\n\u2022\tBrowser Extensions are a Significant Threat to Users\u2019 Identity: 66.6% of extensions have \u2018high\u2019 or \u2018critical\u2019 -level permissions and 40% of users have such extensions installed. 13% of extensions have access to users\u2019 cookies, meaning they could potentially use those cookies and access tokens to steal corporate identities\r\nIn this talk, we\u2019ll cover the research in detail to provide a strong empirical foundation and then use it to identify key password risks in the new \u2018SaaS\u2019 economy and offer actionable best practices and guidelines to address these gaps.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8CAGH7", "name": "Or Eshed", "avatar": "https://pretalx.com/media/avatars/8CAGH7_RbdhkL6.webp", "biography": "Or Eshed is co-founder and CEO of LayerX Security. Or has over 15 years of cybersecurity experience sa an ML developer, security and intelligence researcher, and cybersecurity analyst. Prior to founding LayerX, Or worked as a cyber threat intelligence analyst at Check Point, Otorio, and ABN AMRO Bank. His work has led to the arrest of at least 15 threat actors and the exposure of the largest browser hijacking operation in history with over 50M browsers compromised. He has also written and spoken on topics of cybersecurity extensively. In addition, Or holds an MSc in Applied Economics from the Hebrew University of Jerusalem.", "public_name": "Or Eshed", "guid": "ab9be484-95bc-59ab-895a-6449f1333c4f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8CAGH7/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QPBRHA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/QPBRHA/", "attachments": []}, {"guid": "b680a164-d4ea-5f4b-98df-934854f0e8e1", "code": "KZGVRJ", "id": 70743, "logo": null, "date": "2025-08-05T19:00:00-07:00", "start": "19:00", "duration": "03:00", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-70743-global-bsides-organizers-un-conference-meet-up", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KZGVRJ/", "title": "Global BSides Organizers Un-Conference Meet-Up", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "Global BSides Organizers Un-Conference Meet-up\r\n\r\nThis year, we're adding a little light structure so we can gauge topics and have more non-blocking conversations.  If you organize a regional BSides conference, come hang out with your colleagues, make some connections, and learn!", "description": "Global BSides Organizers Un-Conference Meet-Up\r\n\r\nThis year, we're adding a little light structure so we can gauge topics and have more non-blocking conversations.  If you organize a regional BSides conference, come hang out with your colleagues, make some connections, and learn!", "recording_license": "", "do_not_record": false, "persons": [{"code": "397WDJ", "name": "milqtst", "avatar": "https://pretalx.com/media/avatars/397WDJ_YnZvFps.webp", "biography": "Bloom County Picayune \r\nPresidential Candidate advisor", "public_name": "milqtst", "guid": "c60821cb-2546-5963-9408-effda083d925", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/397WDJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KZGVRJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KZGVRJ/", "attachments": []}], "Siena": [{"guid": "27bcba91-351f-5f39-ba5d-971e4b546234", "code": "AHT3D8", "id": 69661, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-69661-mental-models-to-anticipate-the-next-stages-of-the-ai-and-cybersecurity-revolution", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AHT3D8/", "title": "Mental Models to Anticipate the Next Stages of the AI and Cybersecurity Revolution", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "It may be difficult to predict the future of AI and cybersecurity. However, there are several mental models that we can use to see the shadow of what's to come. They give us clear thinking through patterns that clearly point to new threats and opportunities. This talk uses a few of these models to help us understand the present and the potential futures in AI and cybersecurity to systematically plan for what's next.", "description": "AI and cybersecurity threats are evolving at rapid pace and unfortunately, many of us are often caught off guard, reacting tactically to the latest issues rather than thinking strategically about what might come next. This talks delves into the power of mental models as a proactive tool to better understand, anticipate, and mitigate both current and future AI and cybersecurity risks.\r\n\r\nI will cover several different mental models, such as the Cynefin Model, People Process Technology trio, OSI model, DIKW Pyramid, NIST CSF, Kahneman\u2019s System 1 and 2, OODA loop, Cyber Defense Matrix, DIE Triad, and more.\r\n\r\nMoreover, I\u2019ll show what I have newly discovered when I combined these mental models. These new discoveries point directly to currently emerging and previously unforeseen risks, but they also reveal patterns for how to address these risks.\r\n\r\nThis is not just a theoretical discussion. These mental models support clear thinking for decision making and produce insights that can be translated into tactical actions. For example, the Cynefin model when combined with the People Process Technology trio reveal the hard limits of automation and indicate when we should rely upon technology vs services to tackle new challenges, such as GenAI. In another example, combining the DIKW Pyramid with the Cyber Defense Matrix and the OSI model shows fundamental flaws in data-centric approaches when dealing with the leakage of sensitive content through LLMs. I'll use the OODA loop to show how it can be applied to Agentic AI and what type of controls we will need to secure them.\r\n\r\nWithout the insights that these models reveal, we will approach the future blind. Even worse, we might approach the future with a false sense of assurance that our current controls will continue to work.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MUGACN", "name": "Sounil Yu", "avatar": "https://pretalx.com/media/avatars/MUGACN_RXn1hlE.webp", "biography": "Sounil Yu is the author and creator of the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He's a Board Member of the FAIR Institute; senior fellow at GMU Scalia Law School's National Security Institute; guest lecturer at Carnegie Mellon; and advisor to many startups. Sounil is the co-founder and Chief AI Safety Officer at Knostic and previously served as the CISO at JupiterOne, CISO-in-Residence at YL Ventures, and Chief Security Scientist at Bank of America. Before BofA, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security by Security Magazine and Influencer of the Year by SC Awards. He is a recipient of the SANS Lifetime Achievement Award and was inducted into the Cybersecurity Hall of Fame. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.", "public_name": "Sounil Yu", "guid": "5aa97aba-067e-5d0b-90e0-b631fea6fcc3", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MUGACN/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AHT3D8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AHT3D8/", "attachments": []}, {"guid": "8b3e4787-1a0f-597a-9546-d4fd084c5613", "code": "XH9W7Q", "id": 68566, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/XH9W7Q/Advan_gYt2k8v.png", "date": "2025-08-05T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Siena", "slug": "security-bsides-las-vegas-2025-68566-advancing-network-threat-detection-through-standardized-feature-extraction-and-dynamic-ensemble-learning", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XH9W7Q/", "title": "Advancing Network Threat Detection Through Standardized Feature Extraction and Dynamic Ensemble Learning", "subtitle": "", "track": "Ground Truth", "type": "Talk-20m", "language": "en", "abstract": "This talk introduces a research-driven approach to improving network intrusion detection by combining standardized feature extraction techniques with dynamic ensemble machine learning. Traditional signature-based detection struggles to identify new or evolving attacks, and prior ML-based research often suffers from poor generalization due to narrow datasets and single-model reliance. This work addresses these shortcomings by proposing a standardized feature extraction framework focusing on metadata and flow-level statistics, training multiple diverse machine learning models, and developing a novel ensemble classifier to optimize detection based on class-specific model strengths. Experimental validation shows the ensemble maintains high detection accuracy (97.92%) across various traffic types while minimizing false positives, offering a promising foundation for building more adaptable and resilient network defenses.", "description": "This research from my undergraduate senior thesis for my degree in Applied Computer Science - Cybersecurity from the University of South Carolina to be conferred in May 2025. Through my prior work in Infosec and an extensive literature review, I found deficiencies in both traditional NIDS solutions and ML-driven detection experiments that rely too heavily on limited datasets and monolithic classifiers. Over the past 18 months, I developed a feature extraction framework standardizing packet and flow statistics to enhance model generalization across multiple environments, including CTU-13, TON_IoT, USTC-TFC2016, and custom-collected benign traffic. Eight machine learning models were selected to represent varied classification strategies: Random Forest, Isolation Forest, Gaussian Mixture Models, Quadratic Discriminant Analysis, AdaBoost, XGBoost, CNN, and RNN.\r\n\r\nI then designed the Ford-CSWV ensemble algorithm, which applies dynamic class-specific weighting to model outputs during classification, improving robustness across traffic variations. Experimental results demonstrate that while the ensemble yields only minor gains in overall accuracy compared to top individual models, it significantly improves stability and adaptability, which are critical for real-world implementations.\r\n\r\nThe talk will include a detailed walkthrough of the difference between NIDS and NDR, feature selection rationale, model training approaches, the mechanics of the Ford-CSWV ensemble classifier, and the classification results of my experiment. Slides include dataset comparisons, classifier diagrams, and ensemble methodology visuals. I will not be conducting a live demo, but the session will be highly visual and practical, and designed for security practitioners, researchers, and students interested in applied ML for cybersecurity.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3RWJCJ", "name": "Jason Ford", "avatar": "https://pretalx.com/media/avatars/3RWJCJ_wiQWtX5.webp", "biography": "Jason is a Principal Research Engineer at Proofpoint. He is interested in building security tools and has experience writing Java, PowerShell, and Python. Jason has been working in a variety of roles in InfoSec for over 20 years, and has recently found his calling doing research on topics related to security and machine learning. When he's not tinkering with stuff in his home lab, you'll find him listening to EDM and enjoying the outdoors camping, running, hiking, and skiing.\r\n\r\nLinkedIn: https://www.linkedin.com/in/jasonsford/\r\nResearchGate: https://www.researchgate.net/profile/Jason-Ford-6\r\nMy GitHub: https://github.com/jasonsford", "public_name": "Jason Ford", "guid": "379ec205-2294-5ae5-a568-c87657f8bb43", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/3RWJCJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XH9W7Q/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XH9W7Q/", "attachments": []}, {"guid": "ae2d75f0-ac34-5abc-820c-9db75f085949", "code": "8KYQ3Q", "id": 67674, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-67674-increasing-complexity-and-frequency-of-cyber-events-trends-costs-and-risk-mitigation-strategies", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8KYQ3Q/", "title": "Increasing Complexity and Frequency of Cyber Events: Trends, Costs, and Risk Mitigation Strategies", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "Widespread cyber events are happening more frequently.  Third party risk continues to be top of mind.  As cyber events growing to be more complex, and dynamic privacy regulations, how some of the cost factors have changed and ways navigate the changing risk environment.", "description": "The cyber claims and risk environment are evolving. The year 2024 was a record-breaking year for cyber events.  The continued threat of ransomware events and cyber events growing complexity.   Cyber risk associated with 3rd party increase in complexity and frequency.  Understanding digital supply chain risk is essential to cyber risk management.  This session will show attendees what some of the cost factors and ways to navigate the changing risk environment.\r\n\r\nMarsh McLennan collects cybersecurity incidents, cybersecurity controls, claims data from thousands of organizations in its client portfolio.  There are different organization-dependent factors that contribute to the severity of cyber events.  These include record counts and types in possession, industry, revenue, and cyber security controls.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DLZK3V", "name": "Wendy Hou-Neely", "avatar": "https://pretalx.com/media/avatars/DLZK3V_ujaohhR.webp", "biography": "Wendy is from Marsh McLennan Cyber Risk Intelligence Center. She specializes in data, data analytics, risk quantification models for all aspects of cyber. She designed and created the various cyber risk models for MMC as well as consulting on cyber risk quantification for clients from various industries since 2017.\r\n\r\nWendy has over 30 years\u2019 experience in the information technology industry, analytics, both in enterprise software, hardware and security. Like many others in the space, she began working in the area of cyber security more than 10 years ago to understand the financial impact of cyber breaches on businesses. Her skills in analytics and data science, combined with her understanding finance, technology and the nature of cyber breaches uniquely afford her the ability to quantify cyber risks.", "public_name": "Wendy Hou-Neely", "guid": "8c774349-7e70-551b-859d-fcc546a075c8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DLZK3V/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8KYQ3Q/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8KYQ3Q/", "attachments": []}, {"guid": "5c2b703d-8d6e-5ead-96f2-84f1d46fb797", "code": "TKNLJQ", "id": 69839, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/TKNLJQ/rage__wjmGGli.png", "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-69839-rag-against-the-machine-using-retrieval-augmented-generation-and-mcp-to-fortify-cybersecurity-defenses", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TKNLJQ/", "title": "RAG Against the Machine: Using Retrieval-Augmented Generation and MCP to Fortify Cybersecurity Defenses", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "As threat actors evolve faster than our security tools, defenders need a new playbook\u2014one that blends explainable AI with real-world cyber context. Enter CADDIE: a Retrieval-Augmented Generation (RAG) engine driven by the Model Context Protocol (MCP) to supercharge SOCs, auditors, and compliance teams. This talk will unpack how we use RAG + MCP to inject real-time policy, threat intel, and log data into large language models, enabling automation for tasks like gap analysis, alert triage, and regulatory mapping. Whether you're a blue teamer, GRC lead, or AI practitioner, you'll walk away understanding how to wield GenAI as a precise, compliant tool\u2014not a hallucinating risk vector.", "description": "In this session, I will present the architecture, use cases, and lessons learned from deploying CADDIE, a self-hostable Retrieval-Augmented Generation platform tailored to cybersecurity. With growing adoption of LLMs, enterprises are facing a gap: how to contextualize outputs with real, trusted data across threat detection, policy writing, and compliance monitoring. This is where the Model Context Protocol (MCP) shines\u2014allowing structured ingestion of logs, threat intelligence, policy documents, and MITRE mappings into an LLM interface.\r\n\r\nAttendees will see:\r\n\r\nHow MCP structures retrieval pipelines and token-efficient prompts\r\n\r\nRAG in action for GRC (e.g., SOC 2, ISO 27001, DORA) and threat detection workflows\r\n\r\nCase studies from proof-of-concepts with financial institutions, think tanks, and public-sector orgs\r\n\r\nWhy context-aware GenAI reduces hallucinations and increases interpretability in cyber operations\r\n\r\nRed team and blue team applications of MCP: from compliance automation to contextualized alert triage\r\n\r\nThis talk draws on prior research and presentations, including Black Hat 2024 (\u201cLeveraging RAG for Proactive Cybersecurity Posture\u201d) and my AI Summit talk on RAG-powered policy agents. Attendees will leave with an understanding of how to incorporate RAG in their cyber environments and how structured context via MCP is a key defense layer when working with LLMs in production", "recording_license": "", "do_not_record": false, "persons": [{"code": "UDLSCL", "name": "Brennan Lodge", "avatar": "https://pretalx.com/media/avatars/UDLSCL_7t2eCOD.webp", "biography": "Brennan Lodge is the Director of Information Security at the Manhattan Institute and founder of BLodgic Inc., a cybersecurity firm pioneering Retrieval-Augmented Generation (RAG) systems for governance and threat detection. Brennan\u2019s work in AI-driven cyber defense has been featured at Black Hat 2024, KernelCon, AI Summit NY, and Compliance Week 2024. A former data scientist at Goldman Sachs and R&D AI for Cyber Security lead at HSBC, Brennan now teaches AI and cybersecurity at NYU and advises on AI policy, deepfake detection, and regulatory compliance automation.", "public_name": "Brennan Lodge", "guid": "02091c40-36b0-549b-8d57-7adeaca070da", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UDLSCL/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TKNLJQ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TKNLJQ/", "attachments": []}, {"guid": "f30c09cc-ad94-5979-b332-25adb23a846e", "code": "GTYAKW", "id": 67777, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-67777-predicting-the-lifespans-of-internet-services-falling-down-the-ml-rabbit-hole-and-what-we-learned-from-the-thud", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GTYAKW/", "title": "Predicting the Lifespans of Internet Services: Falling down the ML Rabbit Hole, and What We Learned From The Thud", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "Last year, we learned a key truth: not everything on the Internet is forever, and there is far more variability in host lifespan across different ports, protocols, and networks than we initially thought. Today, we\u2019re going to focus on how we moved beyond the descriptive analyses to ask the next natural question: Given all this variability, how can we actually predict the lifespan of a host? \r\n\r\nIn this talk, I invite participants to dive down the ML rabbit hole with me. I\u2019ll walk through how our research questions evolved, where our early methods/initial attempts failed, and what we learned from those failures to finally arrive at a practical solution. While ML has improved many aspects of our lives, applying it to solve problems in niche, high-noise areas like security and the Internet-wide measurement space is not always straightforward. With the right tweaks and persistence, we found a path forward, and I hope that audience members walk away with a better understanding of some of these ML pitfalls, as well as a way to think about how to apply ML to their own similarly gnarly problems, using our case study as an example.", "description": "One key aspect of Internet-Wide scanning research is \u201cWhen should I scan this entity again?\u201d. In this talk, I talk about how descriptive analyses (presented last year!) are insufficient in finding trends at an Internet-scale, and instead a better way to tackle this question is via a more methodological approach with ML techniques. In this talk, I go over the promises of ML, and what we faced in reality at each step of the way. While we were inevitably successful in applying ML techniques to our use case, it does illuminate that sometimes you can\u2019t just throw an ML model at the problem naively, especially when you have so many contextual aspects to account for, and the need to re-work your outputs and expectations to match a more realistic model. Specifically, my talk will cover the following: \r\n\r\n1) How did we get here?\r\n- Last year we were like WOAH, lots of differences, but then trying to apply it in practice meant shifting the question to \u201ccan we predict the lifespan of a service\u201d, such that we can predict when to scan it again?\r\n2) What were the promises of ML?\r\n- ML models would help with prediction, and also bring up interesting facets such as feature importance (should we be scanning based on port, or port and some other variable?).\r\n- We tried some straightforward methods based on our inputs and outputs and immediately ran into some crazy and gnarly problems \r\n3) Taking a step back \u2013 what do we need, and what do we have?\r\n- We have a highly multi dimensional categorical dataset that we really cannot change.\r\n- We really want to know when we should rescan something, or even a gradient of \u201cscan these more, scan these other ones less\u201d\r\n4) Reframing the question and recognizing the aspects we couldn\u2019t change led us down a new path\r\n- Can we predict ephemerality? Which allows us to bucket hosts that we need to rescan more frequently vs hosts that we dont need to rescan more frequently\r\n- Yes!! We can. \r\n5) Now that we found a model that worked for us, we discuss evaluation and metrics\r\n- Typically you focus on things like precision, recall, and f1 scores, and we see some variance in those that is not unexpected given the output data (walk through this example)\r\n- In practical settings, we might want to reframe our metrics to be \r\n- We also show which features are most important to the prediction, which is slightly different than our hypothesis going into the problem, but not wholly unexpected", "recording_license": "", "do_not_record": false, "persons": [{"code": "QTGZ9X", "name": "Ariana Mirian", "avatar": "https://pretalx.com/media/avatars/QTGZ9X_mSgqayr.webp", "biography": "Ariana Mirian currently works as a senior security researcher at Censys, where she uses Internet Measurement to answer interesting security questions. Prior to Censys, she received her PhD from UCSD, where her thesis focused on answering the question: how can we use large scale measurement and analysis to better prioritize security processes? When not geeking out about Internet Measurement and security, Ariana is also an avid aerialist and birder.", "public_name": "Ariana Mirian", "guid": "9761bd07-aa6f-5a99-8002-3ef9fecd96e2", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QTGZ9X/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GTYAKW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GTYAKW/", "attachments": []}, {"guid": "c03d6985-467a-5ae2-a50a-516bf76cda3e", "code": "ZRBVME", "id": 70093, "logo": null, "date": "2025-08-05T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-70093-indexing-the-chaos-extract-pii-from-ransomware-leaks", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRBVME/", "title": "Indexing the Chaos: Extract PII from Ransomware Leaks", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "Modern ransomware attacks no longer just encrypt files\u2014they exfiltrate and leak terabytes of internal corporate documents. These leaks contain unstructured chaos: scanned passports, HR forms, insurance records, and other sensitive data. Yet most breach-checking tools ignore them completely.\r\n\r\nThis talk presents Have I Been Ransomed? (HIBR), a toolchain and public search engine designed to extract meaningful PII from this mess using OCR and Large Language Models (LLMs). We\u2019ll explore how we crawl these leaks, how we safely extract identifiers without exposing PII, and how LLMs allow us to detect personal data buried deep inside PDFs and image scans. We'll also address the ethical landmines, legal constraints (e.g., GDPR), and our design decisions to avoid becoming a privacy nightmare.\r\n\r\nAttendees will walk away with a practical understanding of how to process complex ransomware dump data and build awareness tools responsibly\u2014while seeing live examples of HIBR in action.", "description": "The tool was developed as a response to a growing blind spot in breach awareness: unstructured data dumped by ransomware gangs. Traditional tools focus on structured email/password leaks. In contrast, ransomware leaks are a dumpster fire of scanned ID cards, tax records, and resumes, usually dropped on .onion sites or mirror dumps. No one wants to parse that\u2014so I did.\r\n\r\nThis talk breaks down how I built:\r\n\r\n    A crawler (breach.house) that collects dump data (Ransomware Leaks, Normal Breaches, Stealer Logs, Leads)\r\n\r\n    A backend pipeline that:\r\n\r\n        Ingests mixed-format files (PDF, DOC, images, databases, etc.)\r\n\r\n        Uses OCR to extract text from image-based leaks\r\n\r\n        Feeds results into a fine-tuned LLM that recognizes contextual PII\r\n\r\n    A frontend search engine (haveibeenransom.com) that shows only metadata, not PII, and flags where data might have been exposed.\r\n\r\nThis talk will explain how I implemented protections to comply with privacy law (GDPR, Article 6) and prevent misuse. No PII is shown. Users can only search identifiers (email, passport number) and see where it may have appeared\u2014without downloading any leak.\r\n\r\nThis tool is open-source (in part) and still under active development. It\u2019s a blend of OSINT, NLP, ethical grey zones, and threat intelligence, all rolled into one live system.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QHQJ3G", "name": "Juanma", "avatar": "https://pretalx.com/media/avatars/QHQJ3G_VhIdb7q.webp", "biography": "Juanma is a security researcher and developer focused on threat intel tooling and dark web data analysis. He builds open-source tools that turn leaked chaos into structured awareness, with a strong focus on privacy, legality, and responsible disclosure. His current project, Have I Been Ransomed?, is part of a broader mission to make ransomware leak awareness accessible and useful\u2014without exposing the data that bad actors already dumped.", "public_name": "Juanma", "guid": "04e92ae4-bea7-5b0b-9929-854df983526a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QHQJ3G/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRBVME/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRBVME/", "attachments": []}], "Copa": [{"guid": "b0625e6a-90ac-5da6-9109-c0c70fa13b15", "code": "KQWJAH", "id": 67790, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "01:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-67790-power-play-ai-dominance-depends-on-energy-resilience", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KQWJAH/", "title": "Power Play: AI Dominance Depends on Energy Resilience", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-45m", "language": "en", "abstract": "This talk explores how energy infrastructure forms the backbone of resilient and robust AI ecosystems and challenges like transformer shortages and foreign dependencies threaten AI ecosystems and national security. We'll examine how disruptions in the energy sector can cascade across AI development, national security, and global competitiveness. By focusing on the often-overlooked role of power infrastructure, including the critical shortage of domestic sourced electrical equipment such as transformers, we'll reveal how energy resilience is the true key to AI dominance beyond algorithms and computing power.", "description": "The United States faces a multifaceted challenge in maintaining its technological edge, particularly in AI. While much attention is given to semiconductor production and algorithm development, the foundation of AI supremacy lies in a stable, resilient, flexible, and abundant energy infrastructure. Private capital flows into chips and frontier models; government agencies and labs can only chase and shape the attention of resources. Disruptions in one sector can profoundly impact another: recent challenges, such as the extreme shortage of voltage step-down transformers and heavy reliance on non-domestic equipment, significantly hinder the growth and expansion of AI data centers.\r\n\r\nMoreover, U.S. utilities and energy projects remain heavily reliant on non domestic equipment - for large and distribution power transformers, battery energy storage systems, and communications equipment - introducing potential cybersecurity risks that could destabilize power grids and erode energy resilience. China's control over critical mineral processing further compounds U.S. supply chain fragility, threatening to disrupt key industries essential for AI infrastructure. This interconnectedness demonstrates that dominance in AI is not just about computational performance but about securing and optimizing the power that fuels it.", "recording_license": "", "do_not_record": false, "persons": [{"code": "AKCTUT", "name": "Emma M Stewart", "avatar": "https://pretalx.com/media/avatars/AKCTUT_W34hxiN.webp", "biography": "Dr.\u00a0Emma\u00a0M. Stewart, is a respected power systems specialist with expertise in power\r\ndistribution, clean energy, modeling, and simulation, as well as operational cybersecurity. She\r\nholds a Ph.D. in Electrical Engineering and an M.Eng. degree in Electrical and Mechanical\r\nEngineering. Emma is Chief Scientist, Power Grid at INL currently and leads activities in supply\r\nchain consequence analysis for digital assurance in particular for clean energy cybersecurity\r\nrelated programs. Throughout her career, Dr. Stewart has made significant contributions to the\r\nfield of power systems, receiving patents for innovations in power distribution systems and\r\nconsequence analysis for cyber and physical events. Her responsibilities have also included\r\nproviding electric cooperatives with education, training, information sharing, incident support,\r\ntechnology integration, and R&D services in clean energy integration, resilience and grid\r\nplanning and microgrid technologies.", "public_name": "Emma M Stewart", "guid": "f7dbc3b9-3486-599c-9fe1-ff06731d3bec", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/AKCTUT/"}, {"code": "DCU8WU", "name": "Munish Walther-Puri", "avatar": "https://pretalx.com/media/avatars/DCU8WU_F3vGRHN.webp", "biography": "Munish Walther-Puri is a seasoned risk advisor and security strategist with two decades of experience translating complex cybersecurity and geopolitical realities into actionable frameworks. His expertise lies in identifying critical blind spots for decision-makers and developing innovative risk assessment methodologies. Currently, he serves as Interim Deputy CISO for a major manufacturer, building enterprise IT GRC programs and uplifting cybersecurity maturity. Munish's career spans diverse roles, including VP of Cyber Risk at Exiger, first Director of Cyber Risk at NYC Cyber Command, and Chief Research Officer at a dark web monitoring startup. His academic engagements include adjunct faculty positions at NYU, Columbia, and IANS Research, as well as a focus on the nexus of cyber, tech, national security, and industrial policy. He is a Life Member of the Council on Foreign Relations and a Senior Fellow at the Institute for Security and Technology. With a keen interest in the intersection of cyber, geopolitical, and supply chain risks, Munish is committed to bridging theory and practice, contributing to academic discourse, and advancing cutting-edge research in interconnected risk.", "public_name": "Munish Walther-Puri", "guid": "ec436f35-a733-5c71-b273-f251901ec272", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DCU8WU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KQWJAH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KQWJAH/", "attachments": []}, {"guid": "bb52eb89-3147-5010-a6a6-9a61cd2ff65e", "code": "JKHHMR", "id": 66371, "logo": null, "date": "2025-08-05T11:00:00-07:00", "start": "11:00", "duration": "00:30", "room": "Copa", "slug": "security-bsides-las-vegas-2025-66371-ransomware-as-canary-for-societal-disruption", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JKHHMR/", "title": "Ransomware As Canary For Societal Disruption", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-20m", "language": "en", "abstract": "Ransomware is one of the more prevalent and expensive cyber incidents, and more pervasive and arguably more disruptive than outright disruptive cyber attacks. In this discussion, we will review the impact of ransomware on critical social services and functions, and detail how unchecked such operations may lead to unacceptable disruption in vital services and operations. Based on this understanding, we will then expand the conversation in two directions: how addressing the ransomware issue through defensive countermeasures and preventative investment can also curtail more \"advanced\" actor operations; and how dealing with pervasive cyber threats may justify enhanced countermeasures to deny, deter, or degrade adversary capabilities. From this discussion, we will arrive at a nuanced, complex view of the ransomware ecosystem and its outsized role in actual, observable critical infrastructure disruption.", "description": "Ransomware, like other e-crime actions, is typically viewed as a nuissance and a law enforcement matter from a policy and strategic perspective. However, the economic impact of ransomware (along with other crimes such as business email compromise) is vast, while the disruptive impact - to schools, hospitals, the industrial base, and civil functions - is immense. Compared to actual cyber \"attacks\" outside of events in Ukraine, ransomware has arguably had a much greater impact on societal function than any \"APT\" intrusion or incident across the developed world.\r\n\r\nTo set the stage, we will first review the persistent and long-standing e-crime epidemic and particularly disruptive events such as ransomware that induce loss of availability and functionality. While ransomware carries a significant economic cost in payouts and lost output, there is also a non-trivial social cost in lost functionality related to the operations of schools, hospitals, local governments, and similar entities. When reviewed in detail, especially in the cases of rural hospitals and similar disadvantaged entities, ransomware may serve as a killing function for vital services for marginalized populations.\r\n\r\nWith this context in mind, we can then review the nature of ransomware operations: often aligning or overlapping with the same tactics, techniques, and procedures employed in supposedly more concerning state-sponsored intrusion operations. Based on this threat actor convergence in behavior, we see an interesting opportunity: that defending against and closing opportunities to criminal actors will improve community defense against a variety of threat actors. For example, the rapid weaponization and exploitation of vulnerabilities in edge devices represents a primary initial access mechanism for both state-sponsored and criminal entities. Developing and implementing planning to more rapidly address these items while advocating for improved development and engineering practices at vendors may thus reduce the impact and likelihood of an incident from multiple threats.\r\n\r\nHowever, defensive measures cannot just be passive in nature. The critical nature of disruptive ransomware to vital societal functions also demands active measures to reduce the scope of adversary activity. This \"impose cost\" approach is increasingly popular in the current administration, but carries operational and ethical costs depending on how far it is pushed. Yet simply standing by and letting adversaries operate with relative impunity places a significant burden on often poorly-resourced organizations to respond to and mitigate against such threats. Therefore, we will discuss a \"reasonably effective and ethically supported\" approach to counter-ransomware operations focused on targeting adversary infrastructure, operations, and communication networks for disruption utilizing law enforcement and other authorities.\r\n\r\nFrom this discussion, we will arrive at a conclusion where the ransomware (and broader e-crime) threat is simply no longer sustainable under current mechanisms. By providing for response functions both passive and active in nature, we can \"drain the swamp\" of ransomware operations to provide greater resilience to critical societal functions across the western world. Furthermore, doing so may not just dramatically alter matters with respect to criminal entities, but have the positive externality of making life significantly harder for state-sponsored hacking teams to breach critical infrastructure entities for more focused and targeted disruption.", "recording_license": "", "do_not_record": false, "persons": [{"code": "W779UA", "name": "Joe Slowik", "avatar": "https://pretalx.com/media/avatars/W779UA_qR48YJk.webp", "biography": "Joe Slowik has over 15 years of experience across multiple domains in information security. Starting with the US Navy where he performed multiple offensive and defensive roles, Joe has continued his threat-informed and threat-centric career in cyber across multiple public and private organizations. Joe currently conducts in-depth research into critical infrastructure cyber threats and their potential impacts while engaging in extensive teaching through his company Paralus LLC.", "public_name": "Joe Slowik", "guid": "562a5788-dfd5-5580-a3ee-0a7d79081c91", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/W779UA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JKHHMR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/JKHHMR/", "attachments": []}, {"guid": "5de758f8-4997-583c-afc8-ab0969c65a10", "code": "LNMTZM", "id": 72400, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "02:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-72400-emergency-urgent-care-remains-in-critical-condition", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LNMTZM/", "title": "Emergency & Urgent Care Remains in Critical Condition", "subtitle": "", "track": "I Am The Cavalry", "type": "Event2HR", "language": "en", "abstract": "Hospitals and trauma centers have been increasingly targeted by sophisticated cyber threats that jeopardize patient safety, disrupt critical care, and compromise sensitive health data. In 2025, the healthcare sector remains one of the most attacked industries, with ransomware, phishing, and supply chain disruptions posing daily risks to clinical operations. These threats are especially acute in trauma centers, where even brief system outages can result in life-threatening delays.\r\n\r\nThis panel will explore the evolving cybersecurity landscape facing healthcare providers, with a focus on high-impact vulnerabilities such as legacy medical devices, unsegmented networks, and third-party software dependencies. Panelists will discuss recent incidents and their cascading effects on emergency care delivery, as well as the broader implications for public health and national security.\r\n\r\nThe discussion will also highlight emerging policy challenges, including the impact of new federal funding and regulatory frameworks. In addition, the panel will explore operational mitigations such as zero-trust architectures, incident response planning, and workforce training.\r\n\r\nAttendees will gain a deeper understanding of the systemic risks facing healthcare infrastructure and leave with actionable insights into how policy, technology, and cross-sector collaboration can strengthen resilience in the face of growing cyber threats.", "description": "Hospitals and trauma centers are increasingly targeted by sophisticated cyber threats that jeopardize patient safety, disrupt critical care, and compromise sensitive health data. In 2025, the healthcare sector remains one of the most attacked industries, with ransomware, phishing, and supply chain disruptions posing daily risks to clinical operations. These threats are especially acute in trauma centers, where even brief system outages can result in life-threatening delays.\r\n\r\nThis panel will explore the evolving cybersecurity landscape facing healthcare providers, with a focus on high-impact vulnerabilities such as legacy medical devices, unsegmented networks, and third-party software dependencies. Panelists will discuss recent incidents and their cascading effects on emergency care delivery, as well as the broader implications for public health and national security.\r\n\r\nThe discussion will also highlight emerging policy challenges, including the impact of new federal funding and regulatory frameworks. In addition, the panel will explore operational mitigations such as zero-trust architectures, incident response planning, and workforce training.\r\n\r\nDr. Dameff will provide an informational briefing on an ARPA H project that he is working on.\r\n\r\nIn this session, Beau Woods shares his unexpected journey into the world of medical device security\u2014a path that began with curiosity and evolved into a mission to protect lives. As a prominent voice in the \"Hackers for Health\" movement, Woods will recount how he first encountered vulnerabilities in life-critical systems and the profound ethical questions that followed. Unlike traditional cybersecurity domains, hacking medical equipment involves systems that are directly connected to human bodies\u2014pacemakers, infusion pumps, ventilators, and more\u2014where even minor disruptions can have life-or-death consequences.\r\n\r\nAttendees will gain a deeper understanding of the systemic risks facing healthcare infrastructure and leave with actionable insights into how policy, technology, and cross-sector collaboration can strengthen resilience in the face of growing cyber threats.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YR8GAP", "name": "Beau Woods", "avatar": "https://pretalx.com/media/avatars/YR8GAP_n1ozq5Q.webp", "biography": "Beau Woods is a leader with the I Am The Cavalry grassroots initiative, Founder/CEO of Stratigos Security, a Cyber Safety Innovation Fellow with the Atlantic Council, leads the public policy space at DEF CON, and helps run the I Am The Cavalry track at BSides Las Vegas. In addition, Beau helped found the ICS Village, Aerospace Village, Hack the Sea, and Biohacking Village: Device Lab. His work bridges the gap between the security research and public policy communities, to ensure connected technology that can impact life and safety is worthy of our trust. He formerly served as Senior Advisor with US CISA, Entrepreneur in Residence with the US FDA, and Managing Principal Consultant at Dell SecureWorks. Over the past several years, Beau has consulted with the energy, healthcare, automotive, aviation, rail, and IoT industries, as well as cyber security researchers, US and international policy makers, and the White House. Beau is a published author, public speaker, media contributor.", "public_name": "Beau Woods", "guid": "26dc0c65-db13-59c4-91e2-0aacfa5862e0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YR8GAP/"}, {"code": "DKBS9E", "name": "Christian Dameff", "avatar": "https://pretalx.com/media/avatars/DKBS9E_Jjy2BV2.webp", "biography": "Dr. Christian (quaddi) Dameff is an ER doc. He is also an Associate Professor of Emergency Medicine, Biomedical Informatics, and Computer Science at the University of California San Diego. He co-directs the UCSD Center for Healthcare Cybersecurity. He is also a hacker, a former open capture the flag champion, and DEF CON/RSA/Black Hat/BSIDES Speaker.", "public_name": "Christian Dameff", "guid": "396ec850-0f17-5978-9e38-04a86c395481", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DKBS9E/"}, {"code": "MEBWZE", "name": "Dina Carlisle", "avatar": "https://pretalx.com/media/avatars/MEBWZE_WRvhz2U.webp", "biography": "Dina Carlisle has been a registered nurse since 1996 and a proud union member since 2000. She has been a member of the OPEIU Local 40 Executive Board since 2005, and has served as a trustee, chief, vice president and is now president of the local\u2019s four units. Carlisle is a founding member of the OPEIU Nurses Council (ONC), and served as its first secretary-treasurer from 2011-2022. She\u2019s also a member of the Labor Council for Latin American Advancement (LCLAA) and the Coalition of Labor Union Women (CLUW), both constituency groups of the AFL-CIO. Raised in a union family, her grandfather and stepfathers were Teamsters. Carlisle is the daughter of a first generation Mexican/American Indian. She\u2019s a happy wife to James, mother/bonus mom to six children and their spouses, and a proud grandmother of 15, her greatest joy.", "public_name": "Dina Carlisle", "guid": "f5d36beb-9d1a-55a9-b90d-abfc4967d5c9", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/MEBWZE/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LNMTZM/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LNMTZM/", "attachments": []}, {"guid": "946b57dc-46eb-515a-8649-dd3b6dcaa83c", "code": "TLPNPG", "id": 72783, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "01:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-72783-hackers-kinda-like-to-eat", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TLPNPG/", "title": "Hackers Kinda Like to Eat", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-45m", "language": "en", "abstract": "The U.S. food industry\u2014an essential pillar of national security and economic stability\u2014is increasingly vulnerable to cyber threats and systemic concentration risks. From farm to fork, the sector relies heavily on digital infrastructure for logistics, processing, refrigeration, and supply chain coordination. Yet, many food producers and distributors operate with limited cybersecurity maturity, making them prime targets for ransomware, data breaches, and operational disruption.", "description": "This session will explore the dual challenges facing the food sector: the growing frequency and sophistication of cyberattacks, and the economic concentration that amplifies their impact. With a small number of corporations controlling large portions of meat processing, grain distribution, and food logistics, a single cyber incident can ripple across the entire national food supply. The 2021 ransomware attack on JBS Foods, the world\u2019s largest meat processor, is a stark example of how digital vulnerabilities can threaten food availability, pricing, and public trust.\r\n\r\nPanelists will examine the policy landscape, including the role of the Food and Agriculture Sector Coordinating Council, recent CISA advisories, and the implications of proposed cybersecurity mandates for critical infrastructure. The discussion will also address economic incentives and disincentives for cybersecurity investment in a low-margin industry, and the need for public-private collaboration to build resilience.\r\n\r\nAttendees will gain a deeper understanding of the systemic risks facing the food industry, the policy levers available to mitigate them, and the urgent need to treat food security as a national cybersecurity priority.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GRHPT9", "name": "Curtis Hanson", "avatar": "https://pretalx.com/media/avatars/GRHPT9_tC9iLdl.webp", "biography": "Curtis Hanson is a seasoned cybersecurity leader with a strong background in cyber threat intelligence, incident response, and strategic advisory. He has held key roles in PwC's Global Threat Intelligence team and later at Palo Alto Networks' Unit 42, where he worked on high-impact threat research and response efforts.\r\nBefore joining these global teams, Curtis ran his own consultancy focused on open-source intelligence and attribution. His work included uncovering fraud, tracking threat actors, and enabling successful takedowns of cybercriminal operations. Now as U.S. Managing Partner at Invictus Incident Response, Curtis helps organizations take an intelligence-led approach to security, while bridging technical depth with business priorities to build resilience against evolving threats.", "public_name": "Curtis Hanson", "guid": "3529d8e9-4d28-57e6-88cd-5850b962182f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GRHPT9/"}, {"code": "PUYDWL", "name": "Whitney Bowman-Zatzkin", "avatar": "https://pretalx.com/media/avatars/PUYDWL_dnEUvCI.webp", "biography": "Whitney Bowman-Zatzkin, MPA, MSR, is a passionate community architect obsessed with connecting the dots to provoke change for the greater good.\r\n\r\nWhitney started in healthcare 20 years ago as the manager of a clinical practice, launching its EHR, redesigning the patient record, and engaging in advocacy efforts around maternal-infant health and malpractice reform. Moving to DC, she collaborated with policy leaders on research and policy changes around health professions education and workforce design.\r\n\r\nIn the past, she has served as the Managing Director of Flip the Clinic, a project of the Robert Wood Johnson Foundation and Co-PI for Scouting Health, an investigative horizon-hunting effort with Westat. She also led the Great Challenges at TEDMED, producing 50+ broadcasts on the toughest conversations in health care.\r\n\r\nAdditional projects featuring her work include Digital Therapeutics Alliance, Adoption-Share, VitalCrowd, CPESN, Access our Medicine - a project of Mindset Foundation, and Script your Future, a grassroots adherence project, where she was commended by the U.S. Surgeon General and multiple Members of Congress.\r\n\r\nWhitney has a Master of Public Administration and a Master of Survey Research from the University of Connecticut, her research on health insurance models was awarded Best Capstone.", "public_name": "Whitney Bowman-Zatzkin", "guid": "0bb42873-e867-52ba-a41f-a3729d0f4549", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PUYDWL/"}, {"code": "KJ3R8F", "name": "Andrew Rose", "avatar": "https://pretalx.com/media/avatars/KJ3R8F_3p1MGLS.webp", "biography": "Tk", "public_name": "Andrew Rose", "guid": "4b38ca60-7ca4-5a17-a309-236d57647d54", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/KJ3R8F/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TLPNPG/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TLPNPG/", "attachments": []}, {"guid": "6278ea74-63f8-5a68-93d8-4bff7566a1a7", "code": "NB8XNJ", "id": 72784, "logo": null, "date": "2025-08-05T18:20:00-07:00", "start": "18:20", "duration": "01:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-72784-end-of-life-eol-equipment-should-not-mean-end-of-life-your-life", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NB8XNJ/", "title": "End of Life (EOL) Equipment should not mean End of Life (Your Life)", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-45m", "language": "en", "abstract": "As digital infrastructure ages, a growing number of critical systems across sectors\u2014from healthcare and manufacturing to energy and transportation\u2014continue to rely on end-of-life (EOL) equipment that no longer receives security updates or vendor support. These legacy systems often harbor \u201cforever-day\u201d vulnerabilities: known flaws for which no patches exist and none are forthcoming. The persistence of these unfixable weaknesses poses a significant and growing threat to national security, public safety, and economic stability.", "description": "This panel will examine the multifaceted challenges of managing EOL technology in high-risk environments. Topics will include the operational and financial barriers to replacing legacy systems, the risks of continued reliance on unsupported software and hardware, and the ethical dilemmas faced by defenders who must secure the unsecurable. Panelists will also explore real-world incidents where forever-day vulnerabilities were exploited, and the cascading consequences that followed.\r\n\r\nThe discussion will highlight emerging policy proposals aimed at mitigating these risks, including mandatory lifecycle planning, incentives for modernization, liability frameworks for unsupported systems, and the potential role of government-backed vulnerability research and mitigation programs. Attendees will gain insight into how public and private stakeholders can collaborate to reduce systemic exposure, prioritize critical upgrades, and build a more resilient digital ecosystem.", "recording_license": "", "do_not_record": false, "persons": [{"code": "QSN7XF", "name": "Silas Cutler", "avatar": "https://pretalx.com/media/avatars/QSN7XF_m4kH1n9.webp", "biography": "Silas Cutler is an experienced security researcher and malware analyst. His focus has been researching organized cyber-crime groups and state-sponsored attacks.", "public_name": "Silas Cutler", "guid": "ae6d90c3-ab82-5c87-a214-0d32b0931d50", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/QSN7XF/"}, {"code": "BGVVS7", "name": "Paul Roberts", "avatar": "https://pretalx.com/media/avatars/BGVVS7_5dtl73V.webp", "biography": "Paul is a respected cybersecurity journalist and Editor in Chief at The Security Ledger. Since 2018 he has spearheaded efforts to organize the information security community to support a right to repair as founder of the group Secure Repairs.", "public_name": "Paul Roberts", "guid": "9fc2a656-07a2-59e1-acd6-e8df45fa0d86", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/BGVVS7/"}, {"code": "V3KCN8", "name": "Stacey Higginbotham", "avatar": "https://pretalx.com/media/avatars/V3KCN8_ekuLe7h.webp", "biography": "Stacey Higginbotham has been covering technology for major publications for two decades. She is an expert when it comes to the internet of things and technology in general. Her work has appeared in Fortune (where she was Senior Editor), PCMag, MIT Technology Review, Gigaom and Worth magazine. She is a policy fellow at Consumer Reports.", "public_name": "Stacey Higginbotham", "guid": "e3c089c2-b578-5ac9-9e66-6b9c7093bab5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/V3KCN8/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NB8XNJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NB8XNJ/", "attachments": []}, {"guid": "2dccd3af-9fb1-5802-ade0-1b58c4af66ff", "code": "CBW9Y8", "id": 70749, "logo": null, "date": "2025-08-05T21:00:00-07:00", "start": "21:00", "duration": "03:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-70749-bsides-pub-quiz", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CBW9Y8/", "title": "BSides Pub Quiz", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "BSides Pub Quiz", "description": "BSides Pub Quiz", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CBW9Y8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CBW9Y8/", "attachments": []}], "Pool": [{"guid": "b898bcf9-6d78-541e-bba0-573feaccc342", "code": "DZ7B39", "id": 79257, "logo": null, "date": "2025-08-05T19:00:00-07:00", "start": "19:00", "duration": "3:01:00", "room": "Pool", "slug": "security-bsides-las-vegas-2025-79257-proving-ground-mentors-meet-up", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DZ7B39/", "title": "Proving Ground Mentors Meet-Up", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "A meet-up for Proving Ground Mentors, past or present.  Hang out and chill poolside with your fellow BSides heroes.", "description": "A meet-up for Proving Ground Mentors, past or present.  Hang out and chill poolside with your fellow BSides heroes.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DZ7B39/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DZ7B39/", "attachments": []}, {"guid": "6e8c5a93-adbf-5d83-91ac-e8bf3aa07988", "code": "HHVRQ9", "id": 70741, "logo": null, "date": "2025-08-05T19:00:00-07:00", "start": "19:00", "duration": "01:00", "room": "Pool", "slug": "security-bsides-las-vegas-2025-70741-data-science-meet-up", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HHVRQ9/", "title": "Data Science Meet-Up", "subtitle": "", "track": "Events", "type": "Event1HR", "language": "en", "abstract": "Data Science Meet-Up", "description": "Data Science Meet-Up", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HHVRQ9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HHVRQ9/", "attachments": []}, {"guid": "b21ce504-194e-5bc9-a510-55627fd3d2dc", "code": "GUPQKX", "id": 70747, "logo": null, "date": "2025-08-05T20:00:00-07:00", "start": "20:00", "duration": "02:00", "room": "Pool", "slug": "security-bsides-las-vegas-2025-70747-speaker-reception", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GUPQKX/", "title": "Speaker Reception", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "2025 BSides LV Speaker Reception.  Come meet and hang out with the Program Committee and your fellow presenters at a private poolside function.", "description": "2025 BSides LV Speaker Reception.  Come meet and hang out with the Program Committee and your fellow presenters at a private poolside function.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GUPQKX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GUPQKX/", "attachments": []}, {"guid": "8354b0ef-e6a6-553b-baf0-cd0a02b8933d", "code": "MYMJAW", "id": 70751, "logo": null, "date": "2025-08-05T22:00:00-07:00", "start": "22:00", "duration": "04:00", "room": "Pool", "slug": "security-bsides-las-vegas-2025-70751-bsides-karaoke", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MYMJAW/", "title": "BSides Karaoke", "subtitle": "", "track": "Events", "type": "Event4HR", "language": "en", "abstract": "Security BSides Karaoke, poolside!", "description": "Security BSides Karaoke, poolside!", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MYMJAW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MYMJAW/", "attachments": []}], "G-103": [{"guid": "19ebdc31-7801-5bbb-93fc-7b8804a6011a", "code": "MEABSP", "id": 70744, "logo": null, "date": "2025-08-05T19:30:00-07:00", "start": "19:30", "duration": "02:00", "room": "G-103", "slug": "security-bsides-las-vegas-2025-70744-recovery-hackers-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MEABSP/", "title": "Recovery Hackers, Tuesday", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "Not a formal 12-step meeting. Rather, a supportive gathering for folks taking Summer Camp one day at a time. Monday, Tuesday and Wednesday, 19:30-21:30 in G103. Look for the sign on a patio on the pool side of building G and enter through the patio door.", "description": "Not a formal 12-step meeting. Rather, a supportive gathering for folks taking Summer Camp one day at a time. Monday, Tuesday and Wednesday, 19:30-21:30 in G103. Look for the sign on a patio on the pool side of building G and enter through the patio door.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MEABSP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MEABSP/", "attachments": []}], "Hallway": [{"guid": "b80ed386-86dc-5512-b87e-25570722a6e0", "code": "EUXUJ3", "id": 70717, "logo": null, "date": "2025-08-05T07:00:00-07:00", "start": "07:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70717-info-booth-opens-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EUXUJ3/", "title": "Info Booth Opens, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Info Booth Opens, Tuesday", "description": "Info Booth Opens, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EUXUJ3/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EUXUJ3/", "attachments": []}, {"guid": "49b5b835-ef13-5e0d-8204-b0283178ac59", "code": "KALKCA", "id": 70719, "logo": null, "date": "2025-08-05T08:00:00-07:00", "start": "08:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70719-registration-opens-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KALKCA/", "title": "Registration Opens, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Registration Opens, Tuesday", "description": "Registration Opens, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KALKCA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KALKCA/", "attachments": []}, {"guid": "0a46b24d-792b-57ff-bb13-f45581b3ac30", "code": "H9N7UE", "id": 70725, "logo": null, "date": "2025-08-05T09:00:00-07:00", "start": "09:00", "duration": "00:30", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70725-skytalks-token-drop-3", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/H9N7UE/", "title": "Skytalks Token Drop 3", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Skytalks Token Drop 3\r\nSkytalks token distribution for Tuesday MORNING sessions (10:00-11:30)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "description": "Skytalks Token Drop 3\r\nSkytalks token distribution for Tuesday MORNING sessions (10:00-11:30)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/H9N7UE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/H9N7UE/", "attachments": []}, {"guid": "33645a39-639d-5770-9d6c-6376765a7125", "code": "3E78YM", "id": 70736, "logo": null, "date": "2025-08-05T12:30:00-07:00", "start": "12:30", "duration": "01:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70736-skytalks-token-drop-4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3E78YM/", "title": "Skytalks Token Drop 4", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Skytalks Token Drop 4\r\nSkytalks token distribution for Tuesday AFTERNOON sessions (2:00-4:00 PM)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "description": "Skytalks Token Drop 4\r\nSkytalks token distribution for Tuesday AFTERNOON sessions (2:00-4:00 PM)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3E78YM/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/3E78YM/", "attachments": []}, {"guid": "107d9d89-b326-5e4e-9b31-6da4c080bc35", "code": "7A79C9", "id": 70722, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70722-registration-closes-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7A79C9/", "title": "Registration Closes, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Registration Closes, Tuesday", "description": "Registration Closes, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7A79C9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7A79C9/", "attachments": []}, {"guid": "8ff13a1a-36c2-5fa4-bbed-8aa4f3289f25", "code": "SVTTCL", "id": 70718, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70718-info-booth-closes-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SVTTCL/", "title": "Info Booth Closes, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Info Booth Closes, Tuesday", "description": "Info Booth Closes, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SVTTCL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/SVTTCL/", "attachments": []}], "Ballroom": [{"guid": "c703a30d-ad50-588e-931f-22ea32bcbfc9", "code": "87YVWJ", "id": 73342, "logo": null, "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Ballroom", "slug": "security-bsides-las-vegas-2025-73342-multi-cloud-aws-azure-gcp-security-25-edition-day-two-am", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/87YVWJ/", "title": "Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, AM", "subtitle": "", "track": "Training Ground", "type": "Training-16h", "language": "en", "abstract": "CyberWarFare Labs workshop on \"Multi-Cloud Security\" aims to provide practical insights of the offensive / defensive techniques used by the Red & Blue Teams in an Enterprise Cloud Infrastructure. Learn from the creators of the renowned CWL RedCloud OS, a cloud adversary simulation VM, how to perform enterprise offensive / defensive operations.\r\n\r\n- As a Red Team / Penetration Tester:\r\n  Trainees will understand advanced real-world cyber attacks against major cloud vendors like AWS, MS Azure, and GCP.\r\n  Simulate Tactics, Techniques, and Procedures (TTPs) widely used by APT groups in a practical lab environment.\r\n\r\n- As a Blue Team / Defender:\r\nTrainees will learn to identify and defend against various emerging threats in a multi-cloud infra.\r\nUnderstand complex attack vectors & sophisticated compromise scenarios from a defensive mindset", "description": "To make the workshop hands-on in the real sense all the trainees will be provided with Lab Access to the Multi-Cloud Environment. Lab Architecture is designed to cover all the attacks from both aspects that are demonstrated during the sessions.\r\n\r\n### DAY 1 (8 Hrs)\r\n- Part-1 : Introduction about Multi Cloud Environment\r\n\r\n  - Module-1 : Azure Cloud Environment\r\n    - Azure Identity : Entra ID & RBAC\r\n    - O365 / Microsoft 365\r\n    - Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)\r\n\r\n  - Module-2 : AWS Cloud Environment\r\n    - Identity & Access Management\r\n    - AWS Cloud Services (IaaS, PaaS, SaaS)\r\n    - AWS identity Center\r\n\r\n  - Module-3 : GCP Cloud Environment\r\n    - GCP Identity & Access Management\r\n    - GCP Cloud Services (IaaS, PaaS, SaaS)\r\n    - Google Suite / Workspace + Cloud Identity\r\n\r\n- Part-2 : Enumeration & Initial Access on Cloud Infrastructure\r\n\r\n  - Module-1 : Unauthenticated Enumeration\r\n    - Enumerating Information from DNS Records\r\n    - Enumerating Information from Cloud Vendors\r\n    - Leaked secrets from github\r\n    - Enumeration storage & other information from OSINT\r\n\r\n  - Module-2 : Initial Access\r\n    - Exploiting Cloud Services\r\n    - Leaked Credentials\r\n    - Compromising CI/CD pipeline\r\n    - Compromising storage accounts\r\n\r\n  - Module-3 : Authenticated Enumeration : IAM, Compute & Storage\r\n    - AWS Services\r\n    - Entra ID & Azure Services\r\n    - Cloud Identity, Google Workspace, GCP Services\r\n\r\n### DAY 2 (8 Hrs)\r\n- Part-3 : Exploiting Multi-Cloud Services\r\n\r\n  - Module-1 : Exploiting Multi-Cloud Services\r\n    - AWS : cross account, within account\r\n    - Azure : service principal, cross tenant, Entra ID\r\n    - GCP : Access organization, Cloud Identity\r\n\r\n  - Module-2 : Privilege Escalation\r\n    - Elevating Privileges on AWS\r\n    - Elevating Privileges on Azure\r\n    - Elevating Privileges on GCP\r\n\r\n- Part-4 : Lateral Movement\r\n\r\n  - Module-1 : Within Multi-Cloud\r\n    - AWS, GCP, Azure to each other\r\n\r\n- Part-5 : Case Study (Multi-Cloud Red Team Simulation)\r\n  - Red Teaming in Simulated Multi-Cloud Lab (Initial Access to Data Exfiltration)\r\n\r\n###### NOTE : Attendees do not require cloud accounts, they will get access to the seamless environment & have access to the environment for 15 days with a dedicated discord channel.\r\n\r\n- Why should people attend your course?\r\n  - Practically Understand Enterprise Grade Red Team Operation Methodology in Multi-Cloud Environment\r\n  - Perform Red Team Attack Cycle in Simulated Enterprise Environment\r\n  - Stealth Lateral Movement Techniques in Multi-Cloud, Cloud to on-premise & vice-versa\r\n  - Core Services Mapping / Enumeration / Exploitation\r\n  - Create custom tools to perform manual enumeration\r\n\r\n- Student Requirements :\r\n\r\n  - Fair Knowledge of Networking and Web Technology\r\n  - Familiarity with CLI\r\n  - An Open mind (*No prior Cloud knowledge is required).\r\n\r\n- Who Should Take This Course ?\r\n  - Targeted Audience may include the following group of people:\r\n  - Penetration Testers / Red Teams\r\n  - Cloud Security Professionals\r\n  - Cloud Architects\r\n  - SOC analysts\r\n  - Threat Hunting Team\r\n  - Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud\r\n\r\n- How many years of practical experience would the ideal student have to get most out of this workshop?\r\n  - Minimum 1-3 years in Penetration Testing Domain.\r\n\r\n- What Students Should Bring?\r\n\r\n  - System with at least 16GB RAM having VMWare Workstation PRO installed\r\n  - CWL RedCloud VM With Internet Connectivity\r\n\r\n- What Students Will Be Provided With?\r\n\r\n  - Soft Copy of the Course Content.\r\n  - Great Knowledge about the Offensive Cloud Techniques used by adversaries.\r\n  - Defense Tactics & Techniques against the discussed offensive techniques.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TVGCHC", "name": "Yash Bharadwaj", "avatar": "https://pretalx.com/media/avatars/TVGCHC_7Bbj7gR.webp", "biography": "Yash Bharadwaj, doing Security R&D & Technical  Director at CyberWarFare Labs with over 7.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, simulation based teachings, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat (USA, EU, Asia), Microsoft BlueHat, Nullcon India, c0c0n India ,X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc. You can reach out to him on Twitter @flopyash", "public_name": "Yash Bharadwaj", "guid": "d9524ba0-3e43-535f-b6d0-6dad8e687abc", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/TVGCHC/"}, {"code": "PUA7XA", "name": "Manish Gupta", "avatar": "https://pretalx.com/media/avatars/PUA7XA_U6dgLEG.webp", "biography": "Training Ground Presenter.", "public_name": "Manish Gupta", "guid": "7444c704-5b21-5650-9626-eac2477a9052", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PUA7XA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/87YVWJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/87YVWJ/", "attachments": []}, {"guid": "26c90f8d-c1a5-5003-b356-e03a2b63b2f3", "code": "WBBRNJ", "id": 73343, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Ballroom", "slug": "security-bsides-las-vegas-2025-73343-multi-cloud-aws-azure-gcp-security-25-edition-day-two-pm", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WBBRNJ/", "title": "Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, PM", "subtitle": "", "track": "Training Ground", "type": "Training-16h", "language": "en", "abstract": "CyberWarFare Labs workshop on \"Multi-Cloud Security\" aims to provide practical insights of the offensive / defensive techniques used by the Red & Blue Teams in an Enterprise Cloud Infrastructure. Learn from the creators of the renowned CWL RedCloud OS, a cloud adversary simulation VM, how to perform enterprise offensive / defensive operations.\r\n\r\n- As a Red Team / Penetration Tester:\r\n  Trainees will understand advanced real-world cyber attacks against major cloud vendors like AWS, MS Azure, and GCP.\r\n  Simulate Tactics, Techniques, and Procedures (TTPs) widely used by APT groups in a practical lab environment.\r\n\r\n- As a Blue Team / Defender:\r\nTrainees will learn to identify and defend against various emerging threats in a multi-cloud infra.\r\nUnderstand complex attack vectors & sophisticated compromise scenarios from a defensive mindset", "description": "To make the workshop hands-on in the real sense all the trainees will be provided with Lab Access to the Multi-Cloud Environment. Lab Architecture is designed to cover all the attacks from both aspects that are demonstrated during the sessions.\r\n\r\n### DAY 1 (8 Hrs)\r\n- Part-1 : Introduction about Multi Cloud Environment\r\n\r\n  - Module-1 : Azure Cloud Environment\r\n    - Azure Identity : Entra ID & RBAC\r\n    - O365 / Microsoft 365\r\n    - Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)\r\n\r\n  - Module-2 : AWS Cloud Environment\r\n    - Identity & Access Management\r\n    - AWS Cloud Services (IaaS, PaaS, SaaS)\r\n    - AWS identity Center\r\n\r\n  - Module-3 : GCP Cloud Environment\r\n    - GCP Identity & Access Management\r\n    - GCP Cloud Services (IaaS, PaaS, SaaS)\r\n    - Google Suite / Workspace + Cloud Identity\r\n\r\n- Part-2 : Enumeration & Initial Access on Cloud Infrastructure\r\n\r\n  - Module-1 : Unauthenticated Enumeration\r\n    - Enumerating Information from DNS Records\r\n    - Enumerating Information from Cloud Vendors\r\n    - Leaked secrets from github\r\n    - Enumeration storage & other information from OSINT\r\n\r\n  - Module-2 : Initial Access\r\n    - Exploiting Cloud Services\r\n    - Leaked Credentials\r\n    - Compromising CI/CD pipeline\r\n    - Compromising storage accounts\r\n\r\n  - Module-3 : Authenticated Enumeration : IAM, Compute & Storage\r\n    - AWS Services\r\n    - Entra ID & Azure Services\r\n    - Cloud Identity, Google Workspace, GCP Services\r\n\r\n### DAY 2 (8 Hrs)\r\n- Part-3 : Exploiting Multi-Cloud Services\r\n\r\n  - Module-1 : Exploiting Multi-Cloud Services\r\n    - AWS : cross account, within account\r\n    - Azure : service principal, cross tenant, Entra ID\r\n    - GCP : Access organization, Cloud Identity\r\n\r\n  - Module-2 : Privilege Escalation\r\n    - Elevating Privileges on AWS\r\n    - Elevating Privileges on Azure\r\n    - Elevating Privileges on GCP\r\n\r\n- Part-4 : Lateral Movement\r\n\r\n  - Module-1 : Within Multi-Cloud\r\n    - AWS, GCP, Azure to each other\r\n\r\n- Part-5 : Case Study (Multi-Cloud Red Team Simulation)\r\n  - Red Teaming in Simulated Multi-Cloud Lab (Initial Access to Data Exfiltration)\r\n\r\n###### NOTE : Attendees do not require cloud accounts, they will get access to the seamless environment & have access to the environment for 15 days with a dedicated discord channel.\r\n\r\n- Why should people attend your course?\r\n  - Practically Understand Enterprise Grade Red Team Operation Methodology in Multi-Cloud Environment\r\n  - Perform Red Team Attack Cycle in Simulated Enterprise Environment\r\n  - Stealth Lateral Movement Techniques in Multi-Cloud, Cloud to on-premise & vice-versa\r\n  - Core Services Mapping / Enumeration / Exploitation\r\n  - Create custom tools to perform manual enumeration\r\n\r\n- Student Requirements :\r\n\r\n  - Fair Knowledge of Networking and Web Technology\r\n  - Familiarity with CLI\r\n  - An Open mind (*No prior Cloud knowledge is required).\r\n\r\n- Who Should Take This Course ?\r\n  - Targeted Audience may include the following group of people:\r\n  - Penetration Testers / Red Teams\r\n  - Cloud Security Professionals\r\n  - Cloud Architects\r\n  - SOC analysts\r\n  - Threat Hunting Team\r\n  - Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud\r\n\r\n- How many years of practical experience would the ideal student have to get most out of this workshop?\r\n  - Minimum 1-3 years in Penetration Testing Domain.\r\n\r\n- What Students Should Bring?\r\n\r\n  - System with at least 16GB RAM having VMWare Workstation PRO installed\r\n  - CWL RedCloud VM With Internet Connectivity\r\n\r\n- What Students Will Be Provided With?\r\n\r\n  - Soft Copy of the Course Content.\r\n  - Great Knowledge about the Offensive Cloud Techniques used by adversaries.\r\n  - Defense Tactics & Techniques against the discussed offensive techniques.", "recording_license": "", "do_not_record": false, "persons": [{"code": "TVGCHC", "name": "Yash Bharadwaj", "avatar": "https://pretalx.com/media/avatars/TVGCHC_7Bbj7gR.webp", "biography": "Yash Bharadwaj, doing Security R&D & Technical  Director at CyberWarFare Labs with over 7.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, simulation based teachings, Pwning On-Premise & Multi cloud infrastructure. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Blackhat (USA, EU, Asia), Microsoft BlueHat, Nullcon India, c0c0n India ,X33fCon Poland, NorthSec Canada, BSIDES Chapters (US & Asia Pacific), OWASP Chapters, CISO Platform, YASCON etc. You can reach out to him on Twitter @flopyash", "public_name": "Yash Bharadwaj", "guid": "d9524ba0-3e43-535f-b6d0-6dad8e687abc", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/TVGCHC/"}, {"code": "PUA7XA", "name": "Manish Gupta", "avatar": "https://pretalx.com/media/avatars/PUA7XA_U6dgLEG.webp", "biography": "Training Ground Presenter.", "public_name": "Manish Gupta", "guid": "7444c704-5b21-5650-9626-eac2477a9052", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/PUA7XA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WBBRNJ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WBBRNJ/", "attachments": []}], "Pearl": [{"guid": "5a938d78-ea39-5aa7-86cb-e842ac3275ee", "code": "EAYEJC", "id": 72731, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/EAYEJC/CIE_L_c6mIGgt.png", "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Pearl", "slug": "security-bsides-las-vegas-2025-72731-engineering-cyber-resilience-for-the-water-sector", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EAYEJC/", "title": "Engineering Cyber Resilience for the Water Sector", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "What Engineers Need to Know About Cyber and Why (and are not getting this in school).\r\nThis workshop uses a case study of a hypothetical engineering project to support discussion and application of the principles for Cyber-Informed Engineering  (CIE) throughout the workshop. The scenario draws from a selection of real-world case studies, is fictional, and is crafted to support the application of CIE principles. Workshop participants get a workbook to structure their journey, capture insights and lessons learned, and provide a useful takeaway item that can further conversations after the event. \r\nThis is a hands-on workshop filled with exercises to develop understanding of the principles of Cyber Informed Engineering. This training event is designed for anyone who is interested in learning a methodology of designing out cyber-risk before a system is placed into operation.", "description": "This training session emerges from the Idaho National Laboratory Cyber Informed Engineering project, a Department of Energy supported effort to improve system resilience and risk reduction through design efforts to include cyber risks alongside other engineering considered hazards. Previous versions of this course have been conducted using different specific engineering problems to local industry groups. This class is a product from those experiences. The diversity of the BSidesLV attendee base will make this class much more engaging than an industry specific audience.\r\n\r\nCyber-Informed Engineering (CIE) offers an opportunity to \u201cengineer out\u201d some cyber risk across the entire system lifecycle, starting from the earliest possible phases of conceptual design and requirements development and system design\u2014the most optimal times to introduce mitigations against cyber risk. CIE is an emerging method to integrate cybersecurity risk considerations into the conception, design, development, and operation of any physical system that has digital connectivity, monitoring, or control. CIE uses design decisions and engineering controls to mitigate or even eliminate avenues for cyber-enabled attacks or reduce the consequences when an attack occurs. In the same way that engineers design systems for safety, engineers informed by CIE use similar methods to prevent or lessen the impact of a cyber-attack. CIE also allows the engineers to advise the approaches used by specialized Information Technology (IT) and Operational Technology (OT) cybersecurity experts to align cybersecurity mitigations to the most critical consequences identified by the engineers. \r\n\r\nWhat are the 12 principles of CIE?\r\n1. Consequence-Focused Design \r\n2. Engineered Controls \r\n3. Secure Information Architecture \r\n4. Design Simplification \r\n5. Layered Defenses \r\n6. Active Defense \r\n7. Interdependency Evaluation \r\n8. Digital Asset Awareness \r\n9. Cyber-Secure Supply Chain Controls \r\n10. Planned Resilience \r\n11. Engineering Information Control \r\n12. Organizational Culture \r\n\r\nThe purpose of the training is to help people understand how to use these principles during engineering design to design out many sources of cyber risk. The hands-on workshop engages participants in a journey that helps improve their skills in designing out issues that would later potentially affect cyber risk.\r\n\r\nThe session begins with a presentation of the principles for Cyber Informed Engineering and leads thoughts with an initiating question to prompt thoughts and actions for each principle. The scenario used to facilitate discussion is then presented, providing a template upon which the principles can then be addressed. The exercise then moves through the 12 principles where each is given an overview by one of the facilitators. What follows next is small group exercise tasks designed to facilitate the operationalization of each principle. The facilitators help the groups advance their discussion and learning. The training exercise concludes with a lessons-learned discussion.\r\n\r\nReferences:\r\nU.S. Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Cyber Informed Engineering Implementation Guide. Version 1.0, August 7, 2023. https://www.osti.gov/biblio/1995796.\r\nTechnical Report: Cyber-Informed Engineering Workbook: CIE Hands-On Training. Cyber-Informed Engineering Workbook: CIE Hands-On Training. May 29, 2024. https://www.osti.gov/biblio/2371031.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XF7YZE", "name": "Art Conklin", "avatar": "https://pretalx.com/media/avatars/XF7YZE_JVvMVz2.webp", "biography": "Dr. Kitty is a Professor Emeritus at the University of Houston, joint appointee at Idaho National Laboratory. An internationally recognized expert in cybersecurity for operational technology (OT) systems and critical infrastructures. He is also recognized as a national leader in the development of educational programs in industrial control systems cybersecurity. \r\nTaught 20 different classes (5 undergraduate, 15 graduate classes) over 19 years. \r\nPublished 6 books on cybersecurity.\r\nSpeaker at numerous conferences including regional BSides, DefCon ICS Village, Hack the Capital, RSAC (twice).", "public_name": "Art Conklin", "guid": "ff2a07e1-a8bf-5f70-ac04-81517e454718", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XF7YZE/"}, {"code": "UCFYY3", "name": "Virginia \u201cGinger\u201d Wright", "avatar": "https://pretalx.com/media/avatars/UCFYY3_xlnGVre.webp", "biography": "Virginia \u201cGinger\u201d Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL\u2019s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER\u2019s Cyber Testing for Resilient Industrial Control Systems (CyTRICS\u2122) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.", "public_name": "Virginia \u201cGinger\u201d Wright", "guid": "c47e9417-6bb3-5a6e-9c02-0dc6a1bdde06", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UCFYY3/"}, {"code": "L87ZPR", "name": "Andrew Ohrt", "avatar": "https://pretalx.com/media/avatars/L87ZPR_u0KXwg2.webp", "biography": "Andrew is the Resilience Practice Area Lead for West Yost. Based in Duluth, MN, Andrew support Idaho National Laboratory and the American Water Works Association with the development of CIE and cybersecurity resources to support the water and wastewater sector.", "public_name": "Andrew Ohrt", "guid": "6c5abb7e-7613-50b9-90c4-0b134516adb8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/L87ZPR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EAYEJC/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/EAYEJC/", "attachments": []}, {"guid": "394e772e-1572-5d87-8225-7f6759896c68", "code": "DVKZMR", "id": 69214, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/DVKZMR/sweet_4s7y3de.png", "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Pearl", "slug": "security-bsides-las-vegas-2025-69214-wi-fi-so-serious", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DVKZMR/", "title": "Wi-Fi-So-Serious", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "In Wi-Fi-So-Serious, we will explore setting up and troubleshooting our 802.11 assessment rig. Then we will look at passive reconnaissance and cracking different Wi-Fi security protocols. Using the Kali Linux VM we will setup our 802.11 cards in monitor mode and see how to set them up to collect PCAPs. Troubleshoot drivers and common Linux commands needed for troubleshooting the cards. We will work with command line tools such as iw, iwconfig, hostapd, wpa_cli, wpa_supplicant and others. Next move on to passive collections and common Wireshark display filters. Finishing up the lecture portion of the class with cracking common 802.11 security protocols using such tools as Aircrack-ng, Wifite, Airgeddon, Reaver, and Wacker. And finally, we will finish out the workshop with a Capture The Flag (CTF) so all participants can apply what we have learned during the workshop. The participants will also learn how to setup a lab that they can take home with them.", "description": "Wi-Fi-So-Serious is a beginner-friendly course teaching the basics of 802.11, common Wi-Fi troubleshooting, command-line tools, network reconnaissance, and attacks against common Wi-Fi security protocols. It wraps up with a hands-on CTF to apply the learned skills.\r\n\r\nPractical Troubleshooting Skills:\r\nParticipants will learn:\r\nCommon Wi-Fi Issues: Identifying and understanding typical connectivity problems, such as signal interference, authentication failures, and dropped connections.\r\nTroubleshooting Methodologies: Developing a systematic approach to diagnose Wi-Fi issues, including checking physical connections and analyzing network configurations.\r\nBasic Troubleshooting Tools: Getting introduced to software or built-in operating system tools that can help analyze Wi-Fi environments and identify problems.\r\n\r\nNetwork Reconnaissance:\r\nUnderstanding the surrounding wireless environment is a key step in both network management and security testing. The course will cover methods for:\r\nPassive Scanning: Detecting and gathering information about Wi-Fi networks without actively interacting with them. This includes identifying SSIDs, BSSIDs, supported data rates, and security protocols.\r\nActive Scanning: Probing networks to gather more detailed information, potentially revealing hidden networks or vulnerabilities.\r\nPCAP Analysis: Using Wireshark to extract information from PCAP files. \r\n\r\nAttacking Common 802.11 Security Protocols and cracking:\r\nOpen/OWE: Coffee Shop attacks and recon\r\nWPS/Wi-Fi Direct: An overview and look at useful tools for attacking WPS and Wi-Fi Direct.\r\nWEP: Understanding the historical weaknesses of WEP and how it can be easily cracked using readily available tools.\r\nWPA/WPA2: Exploring the vulnerabilities in WPA and WPA2, including handshake capture and password cracking techniques (e.g., dictionary attacks, brute-force attacks).\r\nWPA3: An overview of the improvements in WPA3 and its resistance to some of the older attack methods. Participants will learn how to attack WPA3 by leveraging transition mode.\r\nEAP: A high level overview, recon, and basics of EAP network attacks \r\n\r\nHands-On CTF:\r\nThe course culminates in a CTF, which is an invaluable way for participants to solidify their learning in a practical and engaging manner. The CTF will involve a series of challenges where participants need to use what they have learned during the class.\r\n\r\nWhat to Bring: \r\n\r\nStudents should bring a laptop with at least 8GB of ram. VMware or VirtualBox already installed. Students should have the provided VM loaded as well.  \r\nStudents should also bring a Wi-Fi card that is capable of monitor mode and packet injection. Recommended card: AWUS036ACM", "recording_license": "", "do_not_record": false, "persons": [{"code": "7EU9LM", "name": "James Hawk", "avatar": "https://pretalx.com/media/avatars/7EU9LM_wsqYRSr.webp", "biography": "James Hawk (He/Him) is a Principal Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to numerous assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 15 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything Sci-Fi.", "public_name": "James Hawk", "guid": "be2147d5-ea5e-5c2e-a720-6c2e875fa1d4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/7EU9LM/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DVKZMR/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DVKZMR/", "attachments": [{"title": "Getting Started", "url": "/media/security-bsides-las-vegas-2025/submissions/DVKZMR/resources/_3yg4tPW.pdf", "type": "related"}]}], "Opal": [{"guid": "16bf1b9d-c63f-5a48-8077-da2ce4743afc", "code": "XMWTBT", "id": 69901, "logo": null, "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Opal", "slug": "security-bsides-las-vegas-2025-69901-llm-mayhem-hands-on-red-teaming-for-llm-applications", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XMWTBT/", "title": "LLM Mayhem: Hands-On Red Teaming for LLM Applications", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "Join us in this workshop to engage in hands-on attacks to identify weaknesses in generative AI. If you\u2019re interested in learning about getting started in red teaming generative AI systems, this is the workshop for you.", "description": "In this workshop we have set up hypothetical chatbots with varying levels of difficulty to walk attendees through various attack techniques. We'll model the attack after typical red team engagements we have been on in order to test the resiliency of a LLM powered application. The goals of this session are: (1) Provide a foundation on red teaming chatbots, (2) understand how and why the attacks work, and (3) provide guidance on how attendees can set up their own infrastructure to test and hone their skills after the conference has concluded.", "recording_license": "", "do_not_record": false, "persons": [{"code": "LVSTRK", "name": "Travis Smith", "avatar": "https://pretalx.com/media/avatars/LVSTRK_fsLzUhv.webp", "biography": "Travis Smith is the Vice President of ML Threat Operations at HiddenLayer where he is responsible for the services offered by the organization, including red-teaming machine learning systems and teaching adversarial machine learning courses. He has spent the last 20 years building enterprise security products and leading world class security research teams. Travis has presented his original research at information security conferences around the world including Black Hat, RSA Conference, SecTor, and DEF CON Villages.", "public_name": "Travis Smith", "guid": "961c13f4-cd60-5373-b3fb-48c09a47b348", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/LVSTRK/"}, {"code": "8RSPQG", "name": "Kasimir Schulz", "avatar": "https://pretalx.com/media/avatars/8RSPQG_tMxLcQu.webp", "biography": "Kasimir Schulz, Director of Security Research at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in Forbes, BleepingComputer, and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.", "public_name": "Kasimir Schulz", "guid": "1d8b03c9-bc6c-567a-b159-2d9a452138ee", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/8RSPQG/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XMWTBT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XMWTBT/", "attachments": []}, {"guid": "b01859d2-0846-5293-ba99-d316c5f82e60", "code": "88YDQ7", "id": 69919, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Opal", "slug": "security-bsides-las-vegas-2025-69919-hands-on-duckyscript-introduction-to-hid-attacks-with-o-mg-devices", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/88YDQ7/", "title": "Hands on DuckyScript: Introduction to HID Attacks with O.MG Devices", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "Don't plug in devices you don't trust - It's an often repeated mantra everywhere from the workplace to the movies. But, have you ever wondered how it works in real life, and what the risks truly are?\r\n\r\nThis training covers the basics of Hak5's DuckyScript-Language (Version 3) and how to utilize O.MG Devices to develop HID based attacks.\r\n\r\nLearn the basics of Hak5's DuckyScript, how to script human input, how to GeoFence, Remote Control, and much more. This workshop covers exploiting the \"human factor\" of security and will go over Physical Red Team Assessments, Attacks, and normalizing strategies to improve reliability and performance of your scripts.", "description": "This beginner-friendly training will be approximately 4 hours and introduces attendees to the world of physical red teaming using O.MG Devices. This training is meant for those with minimal prior experience covers the fundamentals of HID (Human Interface Device) attacks, ethical hacking, and how attackers exploit physical access to systems using tools that emulate keyboards and mice. Participants will learn how to use the O.MG Plug. Attendees will be encouraged to bring their own devices, however O.MG Plugs will be able to purchased to ensure uniformity of the training. While the class focuses on O.MG devices, the techniques and scripting knowledge are transferable to other DuckyScript-compatible devices like those offered by Hak5.\r\nThe trainers have a variety of experiences including experience with blue teaming, red teaming (physical attacks), and accessibility. Each trainer will bring these unique personal experiences to the attendees and introduce use cases common tools, deployment strategies, and the truth behind popular portrayals of hacking. It then delves into the technical workings of USB HID protocols and how DuckyScript leverages them to automate keystrokes, launch payloads, and even initiate wireless or geo-fenced commands.\r\nStudents will get hands-on experience flashing, configuring, and scripting O.MG Devices. The course also covers payload design\u2014emphasizing reliability, stealth, and accessibility\u2014and explores advanced features such as remote control, C2 (Command and Control) integration, and security best practices.\r\nNo prior scripting experience is required, though basic familiarity with networking and operating systems will be helpful. Students must bring their own laptop. By the end of the course, students will have a strong foundational understanding of HID-based attacks, be able to create and deploy basic payloads, and appreciate the role of human factors in security breaches.\r\n\r\nWednesday if possible due to flight itinerary of one of our workshop presenters", "recording_license": "", "do_not_record": false, "persons": [{"code": "FYZDCM", "name": "Wasabi", "avatar": "https://pretalx.com/media/avatars/FYZDCM_0Cxf3rt.webp", "biography": "Educator, hands-on hacker, and Blue Team strategist exploring the frontiers of embedded systems, AI, academic research, and competitive challenges. Previously spoken a number of conferences including DefCon, SCALE, BSides LA, and ShellCon to name a few.", "public_name": "Wasabi", "guid": "927570c4-9acf-57fe-a15c-aef94ed168d5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/FYZDCM/"}, {"code": "JZUACE", "name": "Kalani Helekunihi", "avatar": "https://pretalx.com/media/avatars/JZUACE_mlaYAwh.webp", "biography": "The partially blind Hawaiian priest. Builds accessibility tools for self reliance.", "public_name": "Kalani Helekunihi", "guid": "211835a1-9000-5d82-ab79-85c78c4301e7", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/JZUACE/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/88YDQ7/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/88YDQ7/", "attachments": []}], "Emerald": [{"guid": "d1567c21-9fde-54da-bb5c-eec45647a4ff", "code": "TG9SK9", "id": 70260, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/TG9SK9/cd5f6_WVScSik.png", "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Emerald", "slug": "security-bsides-las-vegas-2025-70260-from-zero-trust-to-trusted-advisor-selling-security-to-stakeholders", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TG9SK9/", "title": "From Zero Trust to Trusted Advisor: Selling Security to Stakeholders", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "You\u2019ve identified the vulnerability, tested the exploit, and written the report. But they just don\u2019t see the urgency. Now what? This 4-hour, hands-on workshop bridges the gap between technical mastery and executive and influence. We\u2019ll move beyond simply reporting risks to crafting compelling narratives, quantifying value, and building the relationships necessary to drive meaningful security improvements.\r\n\r\nWe\u2019ll delve into the psychology of decision-making, explore adversarial communication tactics (including those used against YOU), and arm you with practical strategies to become a trusted advisor who can effectively advocate for security and get things done.", "description": "Target Audience:\r\nSecurity professionals of all levels (penetration testers, security engineers, analysts, red teamers, etc.) who want to improve their communication and persuasion skills to influence stakeholders and drive security initiatives.\r\n\r\nWorkshop Objectives:\r\nParticipants will be able to:\r\n\u2022 Identify and analyze key stakeholders, influencers, and decision makers within their organizations.\r\n\u2022 Translate technical findings or concepts, such as security by design, into business-centric language.\r\n\u2022 Tailor your message to your stakeholders and influence them to make better decisions (social engineering for good!).\r\n\u2022 Articulate the ROI of security investments.\r\n\u2022 Effectively counter common objections and adversarial tactics.\r\n\u2022 Develop a practical method for ongoing stakeholder engagement.\r\n\u2022 Practice communicating complex security issues to non-technical audiences.\r\n\u2022 Build trust and credibility with diverse stakeholders.\r\n\u2022 Overcome their own fears and perceived limitations when dealing with key business decision makers.", "recording_license": "", "do_not_record": false, "persons": [{"code": "J3PRCC", "name": "Glen Sorensen", "avatar": "https://pretalx.com/media/avatars/J3PRCC_2Vu87sY.webp", "biography": "Glen Sorensen is a Virtual Chief Information Security Officer (vCISO) with Cyber Risk Opportunities. He has worn numerous hats in his career, in areas such as security engineering and architecture, security operations, GRC, and leadership. He has held a variety of roles as an analyst, engineer, consultant, auditor, regulator, and information security officer for a financial institution.\r\n\r\nGlen approaches problems with practical solutions that bring good business value and has worked across many sectors, including financial services, healthcare, manufacturing, and others. He has served as a consulting expert in a large legal case involving healthcare and cyber attack detection technology. He has been in IT and security for 15+ years, longer if you count years of misspent youth bending technology and countless hours of roleplaying games. He is a sucker for a good tabletop exercise and serves as an Incident Master for HackBack Gaming, the fun kind of TTX.", "public_name": "Glen Sorensen", "guid": "b3a24141-a593-5cb2-b2f2-84110e0c2875", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/J3PRCC/"}, {"code": "WPNVNV", "name": "Daniela Parker", "avatar": "https://pretalx.com/media/avatars/WPNVNV_SIe0C7z.webp", "biography": "Daniela Parker is a risk and resilience professional with 20+ years of experience in the financial services industry. As the founder of Parker Solutions, she helps organizations navigate uncertainty and build resilience. Daniela brings a unique blend of deep risk management expertise and operational know-how, gained from leadership roles (including CRO and COO) at multiple credit unions.\r\nShe holds a Master's in Business Continuity, Risk, and Security from Boston University and is a Certified Business Continuity Professional (DRI). Daniela is passionate about helping organizations identify vulnerabilities, strengthen their response capabilities, and create a culture of preparedness.", "public_name": "Daniela Parker", "guid": "7439377f-3883-5436-9135-d036d98e68cd", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/WPNVNV/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TG9SK9/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TG9SK9/", "attachments": []}, {"guid": "d08d6bc3-5d41-5b38-a27e-05d572801580", "code": "8AZNL7", "id": 67796, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Emerald", "slug": "security-bsides-las-vegas-2025-67796-active-directory-attacks-and-defense-101", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8AZNL7/", "title": "Active Directory Attacks and Defense 101", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "This hands-on class provides students with practical experience attacking and defending Active Directory (AD) environments. Designed for system administrators, IT professionals, and security practitioners, the course covers foundational AD infrastructure, common misconfigurations, and real-world attack techniques. Students will gain insight into threats like NTLM Relay, Kerberoasting, Machine Account Quota abuse, and Unconstrained Delegation.\r\n     Each student will access a dedicated lab environment in Azure featuring three virtual machines: a Windows 10 client, a Windows Server 2019 domain controller, and an Ubuntu VM configured with relevant attack tools (including Docker containers for NTLM relay). Participants will perform each attack step-by-step, then implement defensive measures such as restricting delegation, reducing MachineAccountQuota, disabling unnecessary services, and enabling LDAP signing.\r\n     The class also covers defensive logging practices, including increasing LDAP diagnostic levels and configuring Windows Event Forwarding (WEF) from the domain controller to a log aggregator. Students will leave with a solid understanding of how to identify, exploit, and mitigate common AD weaknesses.\r\n     This class balances theory and hands-on labs, giving students actionable skills to improve the security posture of their AD environments.", "description": "Active Directory remains a critical and often vulnerable component in enterprise environments. Misconfigurations, legacy protocols, and overly permissive defaults frequently expose organizations to high-impact attacks. This 4-hour technical workshop equips attendees with both offensive and defensive AD skills, focusing on real-world threats and mitigation strategies.\r\n     The session begins with a quick primer on AD architecture\u2014covering domain controllers, LDAP, Kerberos, NTLM, and common user/computer misconfigurations. Students will learn how attackers enumerate domains and locate exploitable targets using built-in Windows tools and open-source utilities.\r\n     Students will then perform impactful attacks in their own isolated Azure lab environments including:\r\n- NTLM Relay using an Ubuntu Docker machine to capture and relay credentials to AD services.\r\n- Kerberoasting, where students request service tickets for SPNs and crack them offline.\r\n- Machine Account Quota abuse, exploiting the default ability for authenticated users to create computer accounts.\r\n- Unconstrained Delegation, showing how attackers impersonate users when delegation is misconfigured.\r\n      After each attack, students will implement defenses including:\r\n- Configure SMB and LDAP signing to prevent relay attacks.\r\n- Restrict MachineAccountQuota and delegate computer creation privileges.\r\n- Convert Unconstrained Delegation to Constrained/Resource-Based Delegation.\r\n- Using Blue Team tools such as Bloodhound CE and PingCastle to investigate a possible breach.\r\n     Logging and detection are core to any defense. Students will learn how to increase LDAP diagnostic logging levels on the DC, identify key logs associated with each attack, and configure Windows Event Forwarding (WEF) to send critical events to a centralized Ubuntu-based log collector. The lab demonstrates how increasing visibility makes even stealthy attacks detectable.\r\n     All scenarios will be demonstrated live and reinforced through guided student lab exercises. Lab guides include screenshots and command snippets for easy reference. Students will walk away with a reusable lab environment and deeper insight into AD threats, defense-in-depth strategies, and hardening techniques suitable for real-world environments.\r\n     This course is ideal for Windows administrators, red teamers, blue teamers, and anyone responsible for defending Microsoft environments.", "recording_license": "", "do_not_record": false, "persons": [{"code": "RRAKHR", "name": "Darryl G. Baker", "avatar": "https://pretalx.com/media/avatars/RRAKHR_2JclK1L.webp", "biography": "Darryl G. Baker, CISSP, CEH is a seasoned cybersecurity professional with extensive experience in securing enterprise environments and conducting in-depth security assessments. With a strong background in both offensive and defensive security, Darryl specializes in identifying and mitigating risks within Active Directory and cloud-based infrastructures.\r\nOver the course of his career, Darryl has led numerous security engagements across a variety of industries, helping organizations improve their security posture through technical assessments, red team operations, and strategic guidance. He holds certifications including the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), reflecting his broad expertise in information security.\r\n                                                                                                                                                                               \r\n                                                                                                                            Darryl is passionate about sharing knowledge and advancing the cybersecurity community. He regularly speaks at industry events, where he delivers practical insights on threat detection, identity security, and real-world attack techniques. His presentations are known for combining deep technical detail with actionable takeaways.", "public_name": "Darryl G. Baker", "guid": "5087fbdd-29d5-548d-bd65-1558d838adf8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/RRAKHR/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8AZNL7/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/8AZNL7/", "attachments": []}], "Diamond": [{"guid": "1d137dcc-79c3-5eeb-8ad5-cee81f7b4311", "code": "9GQUFW", "id": 68763, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/9GQUFW/AI_Sy_V7iWUCt.png", "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Diamond", "slug": "security-bsides-las-vegas-2025-68763-ai-governance-in-action-fundamentals-tabletop-workshop", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9GQUFW/", "title": "AI Governance in Action: Fundamentals & Tabletop Workshop", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "As AI systems become integral to enterprise operations, effective governance is essential to mitigate associated risks. This hands-on workshop offers a comprehensive introduction to AI governance, focusing on AI system lifecycle oversight, alignment with frameworks like the NIST AI RMF, and compliance with regulations such as the EU AI Act. Participants will engage in a guided tabletop exercise simulating a real-world AI incident, fostering collaborative response strategies and practical risk mitigation planning. Attendees will leave equipped with actionable insights and tools to implement responsible AI governance within their organizations.\u200b", "description": "This workshop is designed for security professionals, risk managers, and compliance officers seeking to understand and apply AI governance principles. The session begins with an overview of AI governance fundamentals, including risk assessment, policy development, and regulatory compliance. The latter half involves a tabletop exercise where participants navigate a simulated AI incident, encouraging the application of learned concepts in a controlled environment. The workshop emphasizes interactive learning, providing participants with templates, checklists, and a practical playbook for managing AI risks.\u200b", "recording_license": "", "do_not_record": false, "persons": [{"code": "BHVP8Z", "name": "Josh Harguess", "avatar": "https://pretalx.com/media/avatars/BHVP8Z_7nyGUYV.webp", "biography": "Dr. Josh Harguess is the Chief Technology Officer of Fire Mountain Labs, where he drives the company\u2019s technical vision and leads advancements in AI security and assurance. Prior to joining Fire Mountain Labs, Josh was the first Chief of AI Security at Cranium AI, a global leader in AI Security products, where he led AI and AI strategy, and the R&D, Engineering, and AI Security departments. Previous to Cranium, Josh was a Senior Principal AI Scientist and department manager at MITRE, shaping national AI security strategies and developing cutting-edge adversarial machine learning defenses. His research has focused on ensuring the reliability, safety, and resilience of AI systems deployed in mission-critical environments. Josh has authored numerous publications on AI risk, trust, and adversarial robustness, contributing to industry frameworks such as MITRE ATLAS and NIST AI RMF. Throughout his career, he has led high-impact AI security programs funded by the Department of Defense, Department of Homeland Security, and major private sector stakeholders. With a strong foundation in AI risk assessment and safe AI deployment, Josh ensures Fire Mountain Labs remains at the forefront of AI security innovation, delivering solutions that enable organizations to deploy AI with confidence.", "public_name": "Josh Harguess", "guid": "75e23925-27a1-51f6-abb3-dedda341d182", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/BHVP8Z/"}, {"code": "9BVZQF", "name": "Chris Ward", "avatar": "https://pretalx.com/media/avatars/9BVZQF_27p4AHx.webp", "biography": "Chris is the CEO of Fire Mountain Labs, leading the company\u2019s mission to advance safe and assured AI. Under his direction, Fire Mountain Labs delivers pioneering AI assurance solutions to enterprise and government clients, ensuring AI systems are deployed with security, integrity, and accountability.\r\n\r\nWith over a decade of experience in AI and AI Security, Chris has coauthored 23 publications in the field and brings deep technical and operational expertise. A veteran of Active Duty U.S. Navy service, Chris also brings deep expertise from Space and Naval Warfare (SPAWAR) Systems Center Pacific, the Naval Information Warfare Center (NIWC), the MITRE Corporation, and several successful AI startups. His background spans operational technology, national security, and cutting-edge AI innovation.\r\n\r\nAs a trusted voice in the AI ecosystem, Chris operates as an honest broker, bridging government, industry, academia, and small organizations. He advocates for AI adopters navigating a crowded and hype-driven landscape, championing pragmatic, secure, and trustworthy solutions.\r\n\r\nBefore founding Fire Mountain Labs, Chris held senior leadership roles in AI security research and red teaming, where he shaped industry standards in AI risk assessment, penetration testing, secure AI governance, and adversarial threat modeling.", "public_name": "Chris Ward", "guid": "40c2f9b5-d021-5e14-916d-a789a6d40223", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9BVZQF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9GQUFW/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9GQUFW/", "attachments": []}, {"guid": "e1e488d8-d7a4-59ec-8e3d-4d3ecb99ee39", "code": "KRY9EL", "id": 67125, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Diamond", "slug": "security-bsides-las-vegas-2025-67125-eliminating-bug-classes-at-scale-leveraging-browser-features-for-proactive-defense", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KRY9EL/", "title": "Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "Traditional patching has failed to scale - it\u2019s time for a new approach. This hands-on workshop teaches you to eliminate entire bug classes with modern browser security features instead of endlessly reacting to reports. Instead of firefighting the same issues, you\u2019ll learn how Content-Security-Policy v3, Trusted Types, and Sec-Fetch-Metadata to go beyond traditional recommendations to prevent vulnerabilities at scale.\r\n\r\nYou\u2019ll work with a training app that\u2019s already secured, but we\u2019ll go further. By applying advanced browser defenses, monitoring their effectiveness, and enforcing it at scale, you\u2019ll experience firsthand how modern web standards protect both new and legacy systems.\r\n\r\nThis isn\u2019t just about fixing issues - it\u2019s about scaling security across an organization. We\u2019ll explore measuring adoption across hundreds of services, automating enforcement, and applying defense-in-depth beyond single vulnerabilities.\r\n\r\nThrough interactive group challenges, you\u2019ll tackle XSS vulnerabilities (among others) but not as you are used to it. Whether you\u2019re a developer, security engineer, or architect, you\u2019ll leave with practical tools and a proactive security mindset - moving from patching to prevention.", "description": "Fixing the same vulnerabilities over and over doesn\u2019t scale. This workshop takes a different approach - eliminating entire bug classes (where we can) using latest browser security features (some are very new). With the new OWASP Proactive Controls list now including C6 browser security, it\u2019s the perfect time to focus on prevention instead of endless patching.\r\n\r\nI first ran this workshop inside my own organization, and even experienced AppSec leads found it eye-opening. The idea was inspired by some work happening behind closed doors at big tech companies, e.g. Google. One of the things made public was the Security Signals research paper by Google. I took those ideas, built on them, and created this hands-on training. \r\n\r\n- Attendees will exploit vulnerabilities in a training app, then apply defenses like CSP v3, Trusted Types, and Sec-Fetch-Metadata to see their impact in real-time.\r\n- Teams will compete to break and defend a web application using modern security headers and policies.\r\n- We\u2019ll analyze security breaches that could have been prevented with these mechanisms, making the session practical and engaging.\r\n- Attendees will learn how to measure and enforce adoption across an organization using their own automation, rather than relying on one-off fixes.\r\n\r\n- Many security workshops focus on finding and fixing individual bugs. This workshop shifts the perspective toward eliminating entire bug classes using modern browser security features.\r\n- Unlike classic hands-on labs, this workshop helps attendees think at scale - how to enforce security measures across entire organizations, making it relevant to large enterprises as well as individual developers.\r\n- Covers new web security standards that didn\u2019t exist a few years ago, offering attendees fresh, actionable knowledge beyond OWASP basics.\r\n- Unlike many offensive security workshops, this is a security-builder-focused session, empowering developers and security teams to integrate security-by-design.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CCLUQG", "name": "Javan Rasokat", "avatar": "https://pretalx.com/media/avatars/CCLUQG_Q1X2eEn.webp", "biography": "Javan works as Senior Application Security Specialist at Sage, helping product teams enhance security throughout the software development lifecycle. On the side, he lectures Secure Coding at DHBW University in Germany. His journey as an ethical hacker began young, where he began to automate online games creating bots and identified security bugs, which he then reported to the game operators. Javan made his interests into his profession and began as a full stack web and mobile engineer before transitioning into a passionate security consultant. Javan holds a Master\u2019s degree in IT Security Management and several certifications, including GXPN, AIGP, CISSP, CCSP, and CSSLP. He has shared his research at conferences, including OWASP Global AppSec, DEFCON, and HITB.", "public_name": "Javan Rasokat", "guid": "b56de23f-3015-50f5-9763-4c01b99ea4a0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/CCLUQG/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KRY9EL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/KRY9EL/", "attachments": []}], "Boardroom": [{"guid": "4ff2e459-1a26-547b-b419-a8354aade388", "code": "PEKNAB", "id": 67736, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/PEKNAB/greml_vocPWTM.jpg", "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Boardroom", "slug": "security-bsides-las-vegas-2025-67736-gremlin-hunting-with-sigma-rules", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PEKNAB/", "title": "Gremlin Hunting with SIGMA rules", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "SIGMA rules are an agnostic, text-based, open signature format written in YAML for creating threat detections, developed and open-sourced in 2017 by Florian Roth and Thomas Patzke. The project was conceived to address the challenges facing analysts when sharing and translating rule logic across the various SIEMs and EDRs tools.  \r\nI will share with you how I implemented the gift of SIGMAs in our hunting workflow to assist with sniffing out gremlins hiding in the network. I will walk through the SIGMA creation process, sharing tips on how to tackle some of the challenges you might run into in real life when working with SIGMA. Hopefully my story can prove helpful for you, whether you are looking for ways to mature and streamline your hunting programs or just getting started playing around with Sigma.", "description": "Training will start with a walk through of what a SIGMA rule is, how they work, and how to construct them. I will show various community resources available on how to get started implementing SIGMA in your environment. I will then cover in detail the workflow for our guided hunt framework, \"Gremlin Hunters\".\r\n1) How the hunts are developed using the SIGMA rule format, using OSINT and internal research.  \r\n2) How rules are inputted into our MISP instance, where we use pySIGMA to process and translate the rules. \r\n3) Show how the rules are then sent over to our ticketing system where they are distributed to the hunting team on a weekly basis. \r\n4) How hunt team uses the translations, tailors to environment, then submits findings (and a prod ready rule if applicable).", "recording_license": "", "do_not_record": false, "persons": [{"code": "9D8DHL", "name": "Rain Baker", "avatar": "https://pretalx.com/media/avatars/9D8DHL_s3GTL1H.webp", "biography": "Gremlin hunter, kitten and puppy wrangler, snickers fan. \r\nCame into the field of cybersecurity a bit later in life after shifting into the field from a background in philosophy, psychology, and conflict resolution, which have given me a unique perspective. \r\nI enjoy solving puzzles and scavenger hunts, so this kinda work suits me well. \r\nI started in cyber in late 2016 and have been working in the field ever since. I have worked for a few state government agencies doing a bit of everything, security administration, awareness training, vulnerability testing, and incident response. I moved to the private sector and I am now working for a company that supports both public and private sector customers. \r\nMy roles have included SOC analyst tier I and II, and now I work with my company's Cyber Threat Intelligence team as a cyber threat analyst and cybersecurity content engineer.", "public_name": "Rain Baker", "guid": "74bd311d-f749-58c2-b2cc-7716cbb4212e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/9D8DHL/"}, {"code": "THDRPU", "name": "Nicholas Carroll", "avatar": "https://pretalx.com/media/avatars/THDRPU_1FStRJ7.webp", "biography": "Nicholas Carroll is a seasoned cybersecurity professional with a career spanning over two decades. He currently serves as a Manager of Cyber Incident Response with Nightwing, leading a team of cyber threat intelligence and DFIR professionals defending Fortune 500 organizations and government agencies. Prior to this, he held the position of CISO for a state government agency, overseeing election cyber projects. His journey in IT and cybersecurity began at the help desk, providing him with a broad perspective on the field. But his skills earned in jobs outside of IT and cyber helped craft the success he has today. He is also a certified cybersecurity instructor, demonstrating his commitment to continuous learning and knowledge sharing to help grow the field.", "public_name": "Nicholas Carroll", "guid": "803b3caa-c3a2-5f60-854a-2e87d646a05f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/THDRPU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PEKNAB/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PEKNAB/", "attachments": []}, {"guid": "e87270c9-5b8d-5982-a9b6-72658540c54c", "code": "RB9NV3", "id": 68805, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Boardroom", "slug": "security-bsides-las-vegas-2025-68805-threat-and-adversary-emulation-operational-exercises", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RB9NV3/", "title": "Threat and adversary emulation operational exercises", "subtitle": "", "track": "Training Ground", "type": "Training-4h", "language": "en", "abstract": "This hands-on workshop provides participants with foundation in practical threat and adversary emulation. Designed for security professionals looking to enhance their offensive and defensive capabilities, the training takes place in a controlled, enterprise-grade lab environment equipped with real-world defensive technologies, including Anti-Virus, Web Proxies, EDR, SIEM integration, and other detection mechanisms.\r\nParticipants will engage in guided step-by-step exercises to safely emulate real-world threat actors and assess the effectiveness of common security controls. The workshop covers key areas such as gathering actionable cyber threat intelligence, planning and executing adversary emulation engagements, and using a variety of emulation tools and frameworks. Attendees will also learn how to map techniques to the MITRE ATT&CK framework, conduct threat hunting activities, and design custom adversary emulation plans tailored to organizational needs.\r\nBy the end of the workshop, attendees will be equipped with the practical skills needed to operationalize threat emulation efforts and strengthen their organization\u2019s cyber defense posture.\r\n\\", "description": "This hands-on workshop is designed to equip participants with a solid foundation in practical threat and adversary emulation. Through guided exercises in a controlled, enterprise-grade lab environment, attendees will learn how to safely emulate real-world threat actors. All lab systems will include active defenses such as Anti-Virus, Web Proxies, EDR, SIEM integration and other detection mechanisms.\r\nKey topics covered include:\r\n\u2022\tGathering actionable cyber threat intelligence\r\n\u2022\tPlanning and executing adversary emulation engagements\r\n\u2022\tUtilizing attack emulation tools and frameworks\r\n\u2022\tLeveraging MITRE ATT&CK for mapping and execution\r\n\u2022\tThreat hunting techniques\r\n\u2022\tBuilding custom adversary emulation plans\r\n\u2022\tAn introduction to dynamic adversary simulation\r\nEach module includes step-by-step walkthroughs of attack vectors, guiding participants through realistic attack paths across enterprise environments. The goal is to help attendees evaluate the effectiveness of security controls and better understand how to test and improve cyber defenses through adversary emulation.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GBKR9Q", "name": "Abhijith \"Abx\" B R", "avatar": "https://pretalx.com/media/avatars/GBKR9Q_RFSqYxB.webp", "biography": "Abhijith B R, also known by the pseudonym Abx, has over a decade of experience in the offensive cyber security industry. He is a professional hacker, offensive security specialist, red team consultant, researcher, trainer, and public speaker.\r\nHe is currently building Breachsimrange.io and working with multiple organizations as a consulting specialist, helping them build offensive security operations, improve their security posture, assess cyber defense systems, and bridge the gap between business leadership and security professionals.\r\n\r\nAbhijith previously worked with Envestnet, Nissan Motor Corporation and EY.\r\nAs the founder of Adversary Village, Abhijith leads a community initiative focused on adversary simulation, tactics, purple teaming, threat actor and ransomware research-emulation, and offensive cyber security. Adversary Village is part of the DEF CON Villages and hosts hacking villages at major events like DEF CON and RSA Conference.\r\nHe also leads the Tactical Adversary project (https://tacticaladversary.io/), a personal initiative focused on offensive cybersecurity, adversary simulation, and red teaming tradecraft.\r\nAbhijith has spoken at conferences including DEF CON, RSA Conference, The Diana Initiative, Opensource India, Security BSides (Las Vegas, SF, Delhi), Hack Space Con, Nullcon, and c0c0n.", "public_name": "Abhijith \"Abx\" B R", "guid": "3be8c18e-b192-5b53-b7c2-950e770c2c72", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GBKR9Q/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RB9NV3/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RB9NV3/", "attachments": []}], "Misora": [{"guid": "4355a92c-afb7-5c0a-a946-934b65940e1f", "code": "7MBYEA", "id": 69115, "logo": null, "date": "2025-08-05T10:00:00-07:00", "start": "10:00", "duration": "00:25", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69115-hr-hates-my-mugs-evading-ai-censorship-token-07", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7MBYEA/", "title": "HR Hates My Mugs: Evading AI Censorship (Token 07)", "subtitle": "", "track": "Skytalks", "type": "Talk-20m", "language": "en", "abstract": "How can we undermine AI censorship for freedom, activism, truth, and of course\u2026for trolling? We rely on AI more and more to generate and moderate our content, but how do we operate in a world conditioned to accept unwarranted censorship for the sake of convenience? How do we control the systems that control ours? Do not obey in advance! Learn what hackers and artists have in common for evading graphical content moderation and writing bots that fight mod bots. Automate to manipulate AI before it is weaponized to manipulate you. Why is this all possible? Because AI can\u2019t tell how many \u201clegs\u201d a person has, and that includes the third leg. Warning: NSFW content.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "WCRKKJ", "name": "TerryBibbles", "avatar": "https://pretalx.com/media/avatars/WCRKKJ_0URHCua.webp", "biography": "TerryBibbles has been hacking since high school, and has been a software engineer, red teamer, independent AI consultant, and pen tester. Most of all, TerryBibbles is thrilled to return to the SkyTalks stage!", "public_name": "TerryBibbles", "guid": "238fff75-0cb6-5a0e-830a-04d5045218b2", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/WCRKKJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7MBYEA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7MBYEA/", "attachments": []}, {"guid": "b16d97e1-fca3-5909-b319-a920bcb25d3d", "code": "TRNJJY", "id": 69123, "logo": null, "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69123-sex-work-is-tech-work-what-technologists-should-know-from-the-sex-industry-token-07", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TRNJJY/", "title": "Sex Work Is Tech Work: What Technologists Should Know From the Sex Industry (Token 07)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "Not only is sex work real work, it\u2019s work that overlaps heavily with the work technologists do in non-sex career paths. As a marginalized professional community, sex workers are often the first hit by new forms of risk or abuse, and have had to remain innovative through a culture of continuous education and community care. As we go through a time when many groups in the US are finding themselves increasingly marginalized and sometimes newly-criminalized, looking at the ways the same skills manifest in sex work and tech work communities can help us recontextualize our skills and seek new approaches from other industries that have more experience with these challenges.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "GDY8N3", "name": "Gwyndolyn", "avatar": "https://pretalx.com/media/avatars/GDY8N3_CdmW2vY.webp", "biography": "Gwyndolyn is a former performer and practicing kink educator of over a decade who finds fulfillment in a wide variety of skills. They have taught classes on a variety of kink and mundane topics, including rope safety for models and lighting for fetish photography. They\u2019re also an avid technologist focusing on risk and process management, and firmly believe that tech has a lot to learn from sex work about systemic risk.", "public_name": "Gwyndolyn", "guid": "a49f0abc-db01-532b-a3db-a8ef2a3acb38", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GDY8N3/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TRNJJY/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TRNJJY/", "attachments": []}, {"guid": "01298203-a262-53c4-b4ef-a8faceae938c", "code": "PBWQHT", "id": 69911, "logo": null, "date": "2025-08-05T14:00:00-07:00", "start": "14:00", "duration": "00:20", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69911-mapping-the-gaps-how-disconnects-in-critical-infrastructure-leave-cities-vulnerable-token-08", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PBWQHT/", "title": "Mapping the Gaps: How Disconnects in Critical Infrastructure Leave Cities Vulnerable (Token 08)", "subtitle": "", "track": "Skytalks", "type": "Talk-20m", "language": "en", "abstract": "When a cybersecurity director for a major American city realized the city lacked a clear mapping of the 16 critical infrastructure sectors, they set out to create one. What began as a straightforward exercise revealed enormous blind spots, gaps, and disconnects between federal definitions and state/local realities of cybersecurity. This talk explores how the process of mapping critical infrastructure exposed vulnerabilities in areas like energy, transportation, and emergency services\u2014and highlighted the systemic misalignment between federal priorities and local preparedness. The disconnect isn\u2019t just about definitions; it\u2019s about resources, communication, and the ability to respond effectively to cyber threats.\r\nThrough this journey, attendees will see how critical infrastructure mapping can uncover hidden risks, challenge assumptions, and reveal the consequences of fragmented cybersecurity strategies. The talk will also examine how these gaps leave cities under-resourced and unprepared for increasingly sophisticated threats to vital systems. By sharing lessons learned and actionable insights, this session aims to inspire better coordination between federal and local stakeholders to strengthen critical infrastructure resilience.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "HU7KDJ", "name": "QuietRoar", "avatar": "https://pretalx.com/media/avatars/HU7KDJ_mv95iSs.webp", "biography": "Specializes in safeguarding essential infrastructure against emerging digital and geopolitical threats. Focuses on risk mitigation in high-stakes sectors including energy networks and advanced manufacturing. Expertise spans protective frameworks for technology supply chains, crisis response modeling, and analysis of global trade impacts on cyber-physical systems. Recent initiatives include securing AI development pipelines and  decentralized software ecosystems. Advises organizations on operational resilience, threat intelligence integration, and policy-driven security strategies. Collaborates across sectors to address vulnerabilities in interconnected technological networks while balancing innovation with systemic risk management. Key interest include economic implications of converging digital-industrial ecosystems.", "public_name": "QuietRoar", "guid": "66902cb4-3293-565a-883e-dc9f27bd4a0c", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HU7KDJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PBWQHT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PBWQHT/", "attachments": []}, {"guid": "93050ae3-d8dc-523f-8377-cdc3acc53945", "code": "9JKECQ", "id": 69117, "logo": null, "date": "2025-08-05T14:25:00-07:00", "start": "14:25", "duration": "00:20", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69117-organizing-cyber-why-we-need-more-it-cybersecurity-unions-token-08", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9JKECQ/", "title": "Organizing Cyber: Why We Need More IT & Cybersecurity Unions (Token 08)", "subtitle": "", "track": "Skytalks", "type": "Talk-20m", "language": "en", "abstract": "The cybersecurity industry thrives on innovation but exploits its workforce - regardless of seniority of an employee. As corporations strip away protections and consolidate power, cybersecurity and IT professionals must fight back - through unions. This talk explores the urgent need for cybersecurity workers to organize, the challenges we face in unionizing, and how we can build a coalition to push for fair wages, job security, and ethical workplace conditions. Whether by supporting existing unions or launching new movements, it\u2019s time to act. The fight isn\u2019t just for blue-collar workers - white-collar cyber professionals need collective power too. Now is the time.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "YQCHC9", "name": "CyberGuy", "avatar": "https://pretalx.com/media/avatars/YQCHC9_4GHiTo5.webp", "biography": "This speaker believes in giving back to the cybersecurity community, probably because they've seen what happens when we don't during their time as a former fed and military veteran. With over 20 years spent navigating the digital battlefield, their insights into CTI and cybersecurity are battle-tested and forged in real-world scenarios. From the serious business of threat hunting to the lively (and occasionally chaotic) halls of security conferences, they've learned that shared knowledge is our strongest defense. They've likely volunteered at more security events than they've had regulation haircuts (which is saying something, considering they literally sport a mohawk). Their experiences are seasoned with the wisdom of countless late nights, passionate debates, and a healthy dose of non-conformity.", "public_name": "CyberGuy", "guid": "26a12c85-d162-5598-a112-61a14c36cfe8", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YQCHC9/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9JKECQ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9JKECQ/", "attachments": []}, {"guid": "0f63acfc-caf1-52d0-bfb1-503fd7f99861", "code": "7RPBUM", "id": 69905, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69905-ask-eff-token-09", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7RPBUM/", "title": "Ask EFF (Token 09)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "Electronic Frontier Foundation (EFF) is thrilled to return to BSides Las Vegas and delve into policy issues that matter most to the security community. At this interactive session, our panelists will share updates on critical digital rights issues and EFF's ongoing efforts to safeguard privacy, combat surveillance, and advocate for freedom of expression. From discussions on hardware hacking to navigating legal and policy landscapes, we invite attendees to engage in dynamic conversations with our experts. This session isn't about passive lectures; it's about fostering meaningful exchanges on today's most pressing policy issues and addressing your most burning questions. We will be joined by EFF\u2019s Staff Attorney Hannah Zhao; Grassroots Advocacy Organizer Chris Vines; Staff Attorney Lisa Femia, and Director of Engineering Alexis Hancock.", "description": "Panelists from the EFF Staff will give brief updates on key topics in their expertise before turning it over to BSides attendees to ask their burning questions about policy, advocacy and making the future of tech brighter.  It's a dynamic session fostering engaging discussions on digital rights featuring an EFF staff attorney, activist, and public interest technologist. \r\n\r\nModerator Hannah Zhao (she/her) is a Senior Staff Attorney on EFF\u2019s Coders Rights Project. Her work with CRP protects hackers, researchers, and tinkerers on the digital frontier through legal defense, amicus briefs, and education. She also works to push back on emerging surveillance technologies like face recognition, electronic monitoring, and government drones. Hannah has a background in computer science, criminal justice, and international human rights law before her time at EFF. \r\n\r\nChris Vines (he/him) is EFF's Grassroots Advocacy Organizer, working with members of the Electronic Frontier Alliance (EFA). With over a decade of experience in organizing and having been a part of over 50 successful electoral & non-profit campaigns, Chris has been instrumental in building progressive bases in several states and is passionate about mobilizing people and getting them the tools needed to bring about progressive change.  \r\n\r\nLisa Femia (she/her) is a Staff Attorney on EFF's civil liberties team. Her work focuses on surveillance, privacy, free speech, and the impact of technology on civil rights and civil liberties. Lisa came to EFF from Hogan Lovells US LLP, where she maintained a robust pro bono practice centered on democracy reform, criminal justice, and civil rights. \r\n\r\nAlexis Hancock (she/her) is EFF\u2019s Director of Engineering on our Public Interest Technologist team. She researches an intersection of issues on digital rights, encryption, and consumer technology. She is also well known for managing the Certbot project, advocating for open technology standards and for unveiling insecurities in consumer devices.", "recording_license": "", "do_not_record": false, "persons": [{"code": "UFL9NF", "name": "Chris Vines", "avatar": "https://pretalx.com/media/avatars/UFL9NF_hSIi8zs.webp", "biography": "Chris is the Grassroots Advocacy Organizer for EFF, working with members of the EFA. Chris previously served as a Campaign Manager & Strategist for various political and non-profit campaigns across the country. With over a decade of experience in organizing and having been a part of over 50 successful electoral & non-profit campaigns, Chris has been instrumental in building progressive bases in several states and is passionate about mobilizing people and getting them the tools needed to bring about progressive change", "public_name": "Chris Vines", "guid": "601be6a9-2639-5671-afad-98cc3994921d", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UFL9NF/"}, {"code": "J7HNPW", "name": "Hannah Zhao", "avatar": "https://pretalx.com/media/avatars/J7HNPW_9efSSXm.webp", "biography": "Moderator Hannah Zhao (she/her) is a Senior Staff Attorney on EFF\u2019s Coders Rights Project. Her work with CRP protects hackers, researchers, and tinkerers on the digital frontier through legal defense, amicus briefs, and education. She also works to push back on emerging surveillance technologies like face recognition, electronic monitoring, and government drones. Hannah has a background in computer science, criminal justice, and international human rights law before her time at EFF.", "public_name": "Hannah Zhao", "guid": "1d4aef30-5ee0-5dbf-9241-952034695e8e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/J7HNPW/"}, {"code": "KLGWDJ", "name": "Lisa Femia", "avatar": "https://pretalx.com/media/avatars/KLGWDJ_K2i0c0C.webp", "biography": "Lisa Femia (she/her) is a Staff Attorney on EFF's civil liberties team. Her work focuses on surveillance, privacy, free speech, and the impact of technology on civil rights and civil liberties. Lisa came to EFF from Hogan Lovells US LLP, where she maintained a robust pro bono practice centered on democracy reform, criminal justice, and civil rights.", "public_name": "Lisa Femia", "guid": "2f1c25d1-f1af-57f5-823d-d5f3b5dd245a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/KLGWDJ/"}, {"code": "STYZWT", "name": "Alexis Hancock", "avatar": "https://pretalx.com/media/avatars/STYZWT_u2v1Tdi.webp", "biography": "Alexis Hancock (she/her) is EFF\u2019s Director of Engineering on our Public Interest Technologist team. She researches an intersection of issues on digital rights, encryption, and consumer technology. She is also well known for managing the Certbot project, advocating for open technology standards and for unveiling insecurities in consumer devices.", "public_name": "Alexis Hancock", "guid": "bb8976c6-40c7-5f7f-a533-7c9961b6736e", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/STYZWT/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7RPBUM/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7RPBUM/", "attachments": []}, {"guid": "52fbec9a-84fc-50f7-a19b-5ed56229eaff", "code": "93CHRX", "id": 69122, "logo": null, "date": "2025-08-05T16:00:00-07:00", "start": "16:00", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69122-from-drone-strike-to-file-recovery-outsmarting-a-nation-state-token-10", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/93CHRX/", "title": "From Drone Strike to File Recovery, outsmarting a nation state (Token 10)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "This is our stage, set in early 2023, a nation state is prepping a campaign against several organizations - using similar TTPs.\r\nJoin us on an exhilarating journey through a massive incident response (IR) in an incredibly intricate setting. Picture this: A drone strike motivates a nation state to attack an organization and launch an InfoOps campaign. With over 30 distinct Business Units, each with its own unique IT structure. Every endpoint directly exposed to the vast expanse of the internet, boasting a class B IP range. And to top it off, varying levels of security hygiene.\r\nBut wait, there's more! The attackers unleashed a devastating ransomware attack, which, surprise, turned out to be successful. Countless terabytes of data held hostage, with no possibility of a key.\r\nFear not, for we have discovered a remarkable method to exploit this ransomware and reclaim the majority of the encrypted data. Prepare to witness the magic of resourcefulness, innovation, and the art of cracking cryptography. Brace yourself for a talk that will leave you in awe!", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "NJUF3A", "name": "Guy Barnhart-Magen", "avatar": "https://pretalx.com/media/avatars/NJUF3A_EMM1Dy5.webp", "biography": "With nearly 35 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups.\r\n\r\nAs the Co-Founder and CTO of the Incident Response company Profero, his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud-native approach.\r\n\r\nMost recently, he led Intel\u2019s Predictive Threat Analysis group, which focused on securing machine learning systems and trusted execution environments. At Intel, he defined the global AI security strategy and roadmap. In addition, he spoke at dozens of events on the research he and the group have done on Security for AI systems and published several white papers on the subject.\r\n\r\nGuy is the BSidesTLV chairman and CTF lead, a Public speaker in well-known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages, to name a few), and the recipient of the Cisco \u201cblack belt\u201d security ninja honor \u2013 Cisco\u2019s highest cybersecurity advocate rank.", "public_name": "Guy Barnhart-Magen", "guid": "b3ac3f5a-dd85-5ef7-a386-746fc42471c0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/NJUF3A/"}, {"code": "H3RVGF", "name": "Brenton Morris", "avatar": "https://pretalx.com/media/avatars/H3RVGF_z3f9HbX.webp", "biography": "Brenton leads Incident Response engagements on a daily basis. From cloud sophisticated attackers to ransomware events. Brenton has a unique set of combined security research and DevOps experience allowing him to resolve many cyber-attacks while fully understanding the impact on production systems.", "public_name": "Brenton Morris", "guid": "fa4d6fce-3332-5b74-b12b-a86ae7d6e66b", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/H3RVGF/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/93CHRX/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/93CHRX/", "attachments": []}, {"guid": "484deb64-1f9e-5480-8fae-3995535a675e", "code": "XZ9RXT", "id": 70238, "logo": null, "date": "2025-08-05T17:00:00-07:00", "start": "17:00", "duration": "00:20", "room": "Misora", "slug": "security-bsides-las-vegas-2025-70238-stopping-the-nuclear-apocalypse-with-threat-intel-token-11", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XZ9RXT/", "title": "Stopping the Nuclear Apocalypse with Threat Intel (Token 11)", "subtitle": "", "track": "Skytalks", "type": "Talk-20m", "language": "en", "abstract": "Sometimes in our industry you get to put on your supersuit. In March of 2022 my team and I uncovered an attack on a customer that was specifically targeted at backdooring/incapacitating nuclear reactor control systems.\r\n\r\nThis is our story.", "description": "Please see above abstract.\r\n\r\nThis is a short talk talking about what we saw that day, and how we used threat intel on top of our X&Os playbooks to understand that what we were looking at was a way bigger attempt than it appeared.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DHG8S3", "name": "Paul Miller", "avatar": "https://pretalx.com/media/avatars/DHG8S3_g7VKXjx.webp", "biography": "Paul is an Infosec leader who started in systems hardening and laying traps for attackers nearly 30 yrs. ago. He is now a Defense Lead at Broadcom as part of the Carbon Black and Symantec teams. His areas of focus are Threat Research, Response, and personal privacy.", "public_name": "Paul Miller", "guid": "e18e335a-26b5-52cf-88be-f39d8dbbaac4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DHG8S3/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XZ9RXT/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XZ9RXT/", "attachments": []}, {"guid": "c48ad562-0e83-5470-998a-b92adebd3529", "code": "TAMDET", "id": 69118, "logo": null, "date": "2025-08-05T17:25:00-07:00", "start": "17:25", "duration": "00:20", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69118-crossing-the-border-again-with-a-burner-phone-token-11", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TAMDET/", "title": "Crossing the Border Again with a Burner Phone (Token 11)", "subtitle": "", "track": "Skytalks", "type": "Talk-20m", "language": "en", "abstract": "A Lawyer Explains Legal & Security Issues at the Border: if you\u2019re returning to the US and are stopped at customs and immigration, what are your rights (or lack of rights)? This talk was first given in 2017 in the wake of the Muslim Ban, and has been brought out, dusted off, and updated for 2025. This is not a talk about hiding volumes on your phone with whiz-bang crypto software. This is a pragmatic discussion of the border search exception to the 4th Amendment and what could actually happen if CBP or ICE seize your laptop and phone.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "EUGQ7W", "name": "Wendy Knox Everette", "avatar": "https://pretalx.com/media/avatars/EUGQ7W_Flez855.webp", "biography": "Wendy is a software developer & hacker lawyer who is currently the CISO at a healthcare data analytics firm. She has co-authored a peer reviewed article on FedRAMP in IEEE Security & Privacy, as well as another reviewing other security issues caused by control frameworks published at NDSS.  She is a also hacker lawyer who began her career as a software developer at Amazon.com and Google, before going to law school, where she focused on national security law and computer security issues. She interned with the FTC, FCC, and several other three letter agencies, and completed a fellowship with ZwillGen in Washington, D.C.", "public_name": "Wendy Knox Everette", "guid": "5e0cd01d-cb53-5b37-a736-9abe5b49ed78", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/EUGQ7W/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TAMDET/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TAMDET/", "attachments": []}, {"guid": "7c8cdf48-d805-5139-a663-6277de858e3d", "code": "AWCU7W", "id": 69915, "logo": null, "date": "2025-08-05T18:00:00-07:00", "start": "18:00", "duration": "00:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69915-a-glitch-in-the-matrix-humint-osint-and-digital-forensics-to-identify-remove-hostile-foreign-corporate-espionage-actors-token-12", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AWCU7W/", "title": "A glitch in the matrix:  HUMINT OSINT and Digital Forensics to identify & remove hostile foreign corporate espionage actors (Token 12)", "subtitle": "", "track": "Skytalks", "type": "Talk-45m", "language": "en", "abstract": "In early 2025, former Intelligence Officers in the commercial sector identified and removed foreign actors from physical and virtual access to a major portion of US Infrastructure. Using a commercial blend of HUMINT, OSINT, Digital Forensics and AI, the risk posed was mitigated through long hours developing new defensive techniques with AI and old-school OSS tradecraft.  This talk will equip the attendees to better protect their network, their employer, and their clients.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "UGZ7AU", "name": "John O. Thorne", "avatar": "https://pretalx.com/media/avatars/UGZ7AU_cG7hRyd.webp", "biography": "A career CIA officer specializing in Technical and HUMINT Operations entered the commercial sector  after the pandemic ended a role as a European based  NATO SOF Sensitive Site Exploration trainer He  found a second career as a Digital Forensics/Insider Threat specialist.  \r\nIn January 2025, applied threat intelligence identified multiple North Korean IT workers in the enterprise network for $Employer.  \r\nThis talk will provide digital forensic, network log analysis, and Humint methodologies applied to identify the active human threats inside the network.", "public_name": "John O. Thorne", "guid": "09115467-708d-58b6-9737-09c43181d180", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/UGZ7AU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AWCU7W/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AWCU7W/", "attachments": []}], "Foyer, Platinum Hotel Conference Center": [{"guid": "06eb902a-704a-5d1f-a106-6af9cb1ba32a", "code": "HM7REA", "id": 70733, "logo": null, "date": "2025-08-05T10:30:00-07:00", "start": "10:30", "duration": "04:00", "room": "Foyer, Platinum Hotel Conference Center", "slug": "security-bsides-las-vegas-2025-70733-morning-trainings-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HM7REA/", "title": "Morning Trainings, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Training-4h", "language": "en", "abstract": "Morning Trainings, Tuesday", "description": "Morning Trainings, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HM7REA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HM7REA/", "attachments": []}, {"guid": "4f88659b-0986-57dc-b4a6-7a6874d5b285", "code": "TKFECF", "id": 70737, "logo": null, "date": "2025-08-05T14:30:00-07:00", "start": "14:30", "duration": "00:00", "room": "Foyer, Platinum Hotel Conference Center", "slug": "security-bsides-las-vegas-2025-70737-trainer-box-lunches-delivered-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TKFECF/", "title": "Trainer Box Lunches Delivered, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Trainer Box Lunches Delivered, Tuesday", "description": "Trainer Box Lunches Delivered, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TKFECF/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/TKFECF/", "attachments": []}, {"guid": "4034e940-0d4f-5a9a-8daa-6b974e8aa91e", "code": "ULDGKP", "id": 70738, "logo": null, "date": "2025-08-05T15:00:00-07:00", "start": "15:00", "duration": "04:00", "room": "Foyer, Platinum Hotel Conference Center", "slug": "security-bsides-las-vegas-2025-70738-afternoon-trainings-tuesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ULDGKP/", "title": "Afternoon Trainings, Tuesday", "subtitle": "", "track": "Middle Ground", "type": "Training-4h", "language": "en", "abstract": "Afternoon Trainings, Tuesday", "description": "Afternoon Trainings, Tuesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ULDGKP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ULDGKP/", "attachments": []}]}}, {"index": 3, "date": "2025-08-06", "day_start": "2025-08-06T04:00:00-07:00", "day_end": "2025-08-07T03:59:00-07:00", "rooms": {"Florentine A": [{"guid": "3b7f56f0-d807-517c-b87b-b534e4915a3f", "code": "ZRR3WQ", "id": 67775, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-67775-breaking-the-guest-list-hacking-invitation-systems-for-fun-and-profit", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRR3WQ/", "title": "Breaking the Guest List: Hacking Invitation Systems for Fun and Profit", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "Invitation systems in social media platforms often appear simple, but they can hide critical business logic vulnerabilities. In this talk, I\u2019ll reveal how I exploited these flaws in platforms like Facebook and Snapchat to gain unauthorized access, maintain connections indefinitely, and even block users from their own accounts. These real-world examples demonstrate how overlooked invitation mechanics can expose significant security risks, leading to privacy breaches and persistent access issues. Attendees will gain insight into how these vulnerabilities can be exploited and what measures can be taken to defend against them.", "description": "Invitation systems are an essential part of many social platforms, designed to help users connect and engage. However, these systems can also harbor subtle business logic flaws that, when exploited, allow attackers to manipulate their functionality in unexpected ways. This talk uncovers how vulnerabilities in social media invitation mechanisms can lead to severe security risks.\r\n\r\nThrough detailed examples from Facebook and Snapchat, I'll share how I:\r\n\r\n- Discovered a way to create permanent invites in Facebook Groups, granting indefinite access to outsiders.\r\n- Exploited flaws in Facebook's friend management system to stay friends with anyone indefinitely, bypassing their attempts to remove me.\r\n- Broke Snapchat\u2019s invitation system to block legitimate users from accessing their own accounts.\r\n\r\nThis session will explore the technical and logical breakdowns behind these exploits, showing how these vulnerabilities could be leveraged by attackers for persistent access, privacy violations, and account disruption. Attendees will learn how to identify, prevent, and fix business logic vulnerabilities in their own systems, strengthening the overall security of user interaction workflows.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DLVPLW", "name": "Ali Kabeel", "avatar": "https://pretalx.com/media/avatars/DLVPLW_2sNFx58.webp", "biography": "With over a decade of bug hunting experience, Ali Kabeel has uncovered critical vulnerabilities across top tech platforms and ranks second on Snapchat\u2019s Hall of Fame. He\u2019s especially passionate about business logic vulnerabilities\u2014the kinds of flaws rooted in real-world misuse rather than broken code\u2014because they often evade automated scanners yet carry high impact.\r\n\r\nAli is currently a Security and Privacy Engineering Lead at Bending Spoons, where he has led security efforts across major products including Evernote, WeTransfer, and Brightcove. He has published research on microservice security and actively shares his expertise through conference talks, mentoring, and community engagement.", "public_name": "Ali Kabeel", "guid": "40a76e33-ea3d-5c10-b5c9-0ce362b1052f", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DLVPLW/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRR3WQ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZRR3WQ/", "attachments": []}, {"guid": "3099864d-79e4-5d58-8f7f-4a227368488c", "code": "YGNSNC", "id": 70306, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/YGNSNC/Thumb_jXy9FQL.png", "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70306-the-age-of-zygote-injection", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YGNSNC/", "title": "The Age of  Zygote Injection", "subtitle": "", "track": "Breaking Ground", "type": "Talk-45m", "language": "en", "abstract": "Zygote is the first process to be started on Android, serving as a template/interface for launching new processes. As such, it has sufficient privileges to interact with any application, unlike the application-to-application perspective, which is extremely limited due to Android\u2019s SELinux policies. Here, therefore, we find the state of the art for breaking the Android sandboxing system!\r\n\r\nTools like Riru and Zygisk use root privileges to alter Android's properties and subvert the system's behavior in order to inject code into Zygote, thereby reaching any loaded application and enabling hooking techniques for both native code and Dalvik (DEX) code.\r\n\r\nIn this talk, we will understand how these injections are carried out during the loader process, Zygote hooking, and hooking of both native and Dalvik (DEX) application code. Interesting, right? Come unlock the true potential of Android!", "description": "This project, called Yaga, was developed with the goal of learning how Zygote injection attacks and frameworks like Riru and Zygisk works, and how they can be applied in an offensive context. Over the past two years, I\u2019ve become fascinated by understanding how the Android system works and how its behavior differs from other operating systems.\r\n\r\nThe Zygote process is the first one launched on Android, acting as a template or interface for spawning other processes. Due to its elevated privileges, it can interact with any application, unlike the highly restricted communication between apps enforced by Android\u2019s SELinux policies. This makes Zygote an interesting target for bypassing Android\u2019s sandboxing mechanisms.\r\n\r\nToday, many people use root binaries like Magisk to customize their devices without understanding what the modules do. Some modules might even use Zygisk to steal sensitive user information or hook critical application functions to subvert them!\r\n\r\nIn this talk, I will explain and demonstrate how these injections are carried out during the loader process, Zygote hooking, and hooking of both native and Dalvik (DEX) application code.\r\n\r\nIn a few years or months, I hope to use this project as a tool or a way to educate others on how to conduct these attacks and emphasize the importance of studying this technique deeply.\r\n\r\nReference Projects:\r\nRiru - https://github.com/RikkaApps/Riru\r\nZygisk - https://github.com/topjohnwu/Magisk\r\nARTDroid - https://github.com/vaioco/ARTDroid\r\n\r\nYaga project will be released on beginning of June! I will put a PoC here to give an idea what is coming, on the video I show the installation of Magisk module and a log message showing the injection was performed successfully coming from Zygote process and making it print process names:\r\nhttps://drive.google.com/file/d/1U3WYDDI5KS2B-uGUdYTdpgKkHIhKJnkK/view?usp=sharing\r\n\r\nThe project will be released on my GitHub:\r\nhttps://github.com/Tricta", "recording_license": "", "do_not_record": false, "persons": [{"code": "NNWM7W", "name": "Tricta", "avatar": "https://pretalx.com/media/avatars/NNWM7W_EWYqhJJ.webp", "biography": "- 19 Years\r\n- Pentester at https://hakaisecurity.io\r\n- Programmer\r\n- Gamer\r\n- Cat lover\r\n- Compulsive pizza eater\r\n- Passionate about sysInternals, binary exploitation, offensive development and mobile", "public_name": "Tricta", "guid": "71c896ae-a44a-5830-9831-4c057d1df795", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/NNWM7W/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YGNSNC/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/YGNSNC/", "attachments": []}, {"guid": "c29855a3-85d8-58b6-a7b0-c078c8039940", "code": "ZSU7J8", "id": 70763, "logo": null, "date": "2025-08-06T12:00:00-07:00", "start": "12:00", "duration": "00:45", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70763-the-two-types-of-fool-generations-in-cybersecurity", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZSU7J8/", "title": "The Two Types of Fool - Generations in Cybersecurity", "subtitle": "", "track": "Keynotes", "type": "Talk-45m", "language": "en", "abstract": "In cybersecurity, wisdom doesn't always come from experience alone\u2014it often starts with recognizing what we don't know. This talk examines the contradictions and challenges we all encounter in security work, highlighting the growing need for effective knowledge sharing between different technology and actual generations of practitioners.\r\n\r\nAs a 25 year veteran of cybersecurity and someone who has been facilitating collaboration at the coalface full-time for the last 13 years, Casey go through the thesis, some observations of why this is increasingly critical, some stories of where it has worked and failed, and provide some practical ideas for how understanding the two types of fool can make you a wiser, smarter, and more effective defender.", "description": "Keynote, Wednesday", "recording_license": "", "do_not_record": false, "persons": [{"code": "HN8AZB", "name": "Casey John Ellis", "avatar": "https://pretalx.com/media/avatars/HN8AZB_VFGiPJo.webp", "biography": null, "public_name": "Casey John Ellis", "guid": "768d512b-a0e2-583a-a527-0c4304df2af2", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HN8AZB/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZSU7J8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZSU7J8/", "attachments": []}, {"guid": "e6141e0a-bae3-50bc-a6c7-3ff14b5b8cae", "code": "HWGE3E", "id": 70764, "logo": null, "date": "2025-08-06T13:00:00-07:00", "start": "13:00", "duration": "01:00", "room": "Florentine A", "slug": "security-bsides-las-vegas-2025-70764-closing-ceremony", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HWGE3E/", "title": "Closing Ceremony", "subtitle": "", "track": "Keynotes", "type": "Event1HR", "language": "en", "abstract": "Closing Ceremony", "description": "Closing Ceremony", "recording_license": "", "do_not_record": false, "persons": [{"code": "397WDJ", "name": "milqtst", "avatar": "https://pretalx.com/media/avatars/397WDJ_YnZvFps.webp", "biography": "Bloom County Picayune \r\nPresidential Candidate advisor", "public_name": "milqtst", "guid": "c60821cb-2546-5963-9408-effda083d925", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/397WDJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HWGE3E/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/HWGE3E/", "attachments": []}], "Florentine B": [{"guid": "a4affc1a-49d1-536b-9a09-964fdb79b291", "code": "7YTJNV", "id": 73247, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "01:55", "room": "Florentine B", "slug": "security-bsides-las-vegas-2025-73247-hire-ground-resume-reviews-wednesday-morning", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7YTJNV/", "title": "Hire Ground Resume Reviews, Wednesday Morning", "subtitle": "", "track": "Hire Ground", "type": "Event2HR", "language": "en", "abstract": "Free resume reviews in Hire Ground.", "description": "Free resume reviews in Hire Ground.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7YTJNV/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/7YTJNV/", "attachments": []}], "Florentine C+D": [{"guid": "902cdad0-ad9a-5274-b268-5592c44854ab", "code": "RUSV93", "id": 78179, "logo": null, "date": "2025-08-06T08:30:00-07:00", "start": "08:30", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-78179-silent-auction-opens-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RUSV93/", "title": "Silent Auction Opens, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Silent Auction Opens", "description": "Silent Auction Opens", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RUSV93/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RUSV93/", "attachments": []}, {"guid": "75e39fef-1164-5c78-bd33-c34aa71a9462", "code": "B7AYTL", "id": 70760, "logo": null, "date": "2025-08-06T08:30:00-07:00", "start": "08:30", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70760-middle-ground-opens-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/B7AYTL/", "title": "Middle Ground Opens, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Middle Ground Opens, Wednesday", "description": "Middle Ground Opens, Wednesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/B7AYTL/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/B7AYTL/", "attachments": []}, {"guid": "0eb59a5b-0af6-5465-b4bc-a5bbf0bd7767", "code": "LLYXAP", "id": 70762, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "02:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70762-morning-talks-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LLYXAP/", "title": "Morning Talks, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Talk-45m", "language": "en", "abstract": "Morning Talks, Wednesday", "description": "Morning Talks, Wednesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LLYXAP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/LLYXAP/", "attachments": []}, {"guid": "24c1a25a-0aef-5ad9-b01e-d0d56369433a", "code": "XYBGFV", "id": 70683, "logo": null, "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70683-silent-auction-closes-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XYBGFV/", "title": "Silent Auction Closes, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Silent Auction Closes", "description": "Silent Auction Closes", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XYBGFV/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/XYBGFV/", "attachments": []}, {"guid": "7d730595-ac6d-5517-bfa1-d34745000245", "code": "NWHBU3", "id": 70761, "logo": null, "date": "2025-08-06T14:00:00-07:00", "start": "14:00", "duration": "00:00", "room": "Florentine C+D", "slug": "security-bsides-las-vegas-2025-70761-middle-ground-closes-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NWHBU3/", "title": "Middle Ground Closes, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Middle Ground Closes, Wednesday", "description": "Middle Ground Closes, Wednesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NWHBU3/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NWHBU3/", "attachments": []}], "Florentine E": [{"guid": "aee3afb3-e294-59d3-8da8-eae17ed7e701", "code": "S3QCRP", "id": 70002, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-70002-hardening-containers-with-seccomp-hands-on-profiles-pitfalls-and-real-exploits", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/S3QCRP/", "title": "Hardening Containers with Seccomp: Hands-On Profiles, Pitfalls, and Real Exploits", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "Syscall filtering with seccomp is one of the most effective defenses for containerized workloads, but despite its power, it's underused, misunderstood, or plain painful to deploy at scale.\r\nThis talk goes beyond theory: we'll get hands-on with practical seccomp profile generation, live demos of defending real vulnerable apps, and show how syscall filtering can contain actual exploits \u2014 using an Apache Druid vulnerability as a live case study.\r\nYou'll leave knowing not just why seccomp matters but also how to build, tune, and deploy real-world profiles with open-source tools like Kubescape and how to avoid the common traps that derail seccomp adoption in production.", "description": "Containers have transformed how we build and deploy applications, but the attack surface at runtime remains dangerously exposed in many environments. Seccomp, Linux\u2019s built-in syscall filtering mechanism, offers a powerful way to reduce that surface, but it\u2019s often seen as too painful or risky to apply in production. This talk takes a practical, hands-on approach to solving that.\r\nWe'll start by grounding the audience in what seccomp is, why it's critical for modern container security, and where profiles and the ecosystem fall short. From there, we'll dive into live demonstrations: showing how to monitor actual container behavior, generate tailored seccomp profiles using open-source tools like Kubescape, and deploy these profiles effectively within Kubernetes environments.\r\nWe'll walk through a real-world vulnerable application (Apache Druid) and demonstrate a remote code execution exploit inside a container. Then, using a generated seccomp profile, we'll block the attacker\u2019s execution path live, without changing the application code.\r\nAlong the way, we\u2019ll tackle real operational pitfalls: handling noisy apps, evolving profiles with your software lifecycle, and keeping the dev team moving without constant breakages.\r\nAttendees will leave with precise, repeatable techniques for using syscall filtering to harden their workloads against real-world attacks and a realistic sense of the strengths and limitations of seccomp as a defense-in-depth strategy.", "recording_license": "", "do_not_record": false, "persons": [{"code": "GYEMZH", "name": "Ben Hirschberg", "avatar": "https://pretalx.com/media/avatars/GYEMZH_6usDipU.webp", "biography": "Ben is a cloud security researcher, open-source contributor, and co-founder and CTO of ARMO, the creators of Kubescape. With over 15 years of experience in cybersecurity, in the past years, Ben has specialized in Cloud and Kubernetes security, runtime hardening, and cloud-native defense strategies. His work bridges the gap between theory and practical security, helping organizations protect their workloads against real-world threats.\r\nBen frequently speaks at security and open-source conferences, bringing a hands-on, honest perspective rooted in real operational experience. When he's not building tools to defend containers, he usually tries to break them and then writes about what he learned.", "public_name": "Ben Hirschberg", "guid": "b3139863-deb9-5dab-b79a-04be2d2ac9ea", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/GYEMZH/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/S3QCRP/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/S3QCRP/", "attachments": []}, {"guid": "75dbcc02-5118-5ad2-8feb-138ef41dd402", "code": "78QXVQ", "id": 67805, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/78QXVQ/Scree_0a4IBqA.png", "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "00:45", "room": "Florentine E", "slug": "security-bsides-las-vegas-2025-67805-russian-nesting-dolls-when-turla-got-into-the-isi-who-was-into-an-indian-embassy-and-how-we-found-them", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/78QXVQ/", "title": "Russian Nesting Dolls: when Turla got into the ISI who was into an Indian Embassy, and how we found them", "subtitle": "", "track": "Ground Floor", "type": "Talk-45m", "language": "en", "abstract": "The Black Lotus Labs team at Lumen Technologies documented a 3 year campaign by one of the more elusive threat actors in the world, Secret Blizzard (aka Turla). Here they discovered and broke into Pakistani ISI C2s that were part of an espionage campaign against Indian, Syrian and Afghan governments. Turla is infamous for repurposing the infrastructure of other threat actors, while exfiltrating data and deploying their own tool sets. This was the 4rd documented case of Turla hacking another actors C2 nodes, but it is the first case of their moving past the C2 servers and into operators workstations. \r\nWe'll talk about the Sidecopy threat actor, their tradecraft, and how they appeared on our radar. We'll show one of the rare cases where we observed Sidecopy deploy Hak5 equipment in real world operations and how we tied this back to known infrastructure. \r\nA rogue C2 node allowed us to map out Turla's efforts. We'll talk about networks where Turla had access to C2s, but choose not to deploy their agents. Lastly we'll talk about how their activities have shifted due to public disclosure and where they have been operating for the last several months.", "description": "This talk came from research that took place over the course of a year, but the overall scope of activity had been going on for roughly 3 years. We originally got on the trail of a ReverseRAT sample and developed analytics that allowed us to enumerate the C2s being used by Sidecopy. Soon we found some interesting aspects that led us down the rabbit hole. The first of which was the Hak5 device that communicated with those Pakistani C2s from inside an Indian Embassy in Europe. This was our first sign of something very interesting, as we don't see that every day. We'll talk about how that was identified and of course we can speculate on how a physical device got in there, but as interesting as it is, that's a story we can only guess at. In this case, they were clearly going after some of their more strategic objectives, breaking into the Indian government and those of their neighbors in Afghanistan, while keeping tabs on the government in Syria during the conflict there. \r\nWhere things got even more interesting is how pivoting off those original ISI C2s, led us to Turla.\r\nGiven the international climate over the last few years, Turla was of special interest to us. Turla is infamous for using old-school spycraft to camouflage their activities by working through other's infrastructure and appearing to be anything other than what they are. While we can expect them to stay true to their core techniques in the future, our reporting has changed some of their activities and we'll include that in the talk. \r\nThe talk will chart the connections of the ISI into their targets, as well as those of Turla into the ISI and downstream in each direction. We'll be using slides to show the scope of activity, and to describe the tradecraft and tools used by both parties. We'll also go over some of the indicators that defenders can use to help identify tendencies that reveal these threat actors. \r\nAnd of course, we'll have some memes along the way. Probably some dogs in there for good measure.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SQ8JJA", "name": "Danny Adamitis", "avatar": "https://pretalx.com/media/avatars/SQ8JJA_5erJ2Gb.webp", "biography": "Danny Adamitis is a Distinguished Engineer at Black Lotus Labs, the threat research team at Lumen Technologies. Danny has tracked nation-state adversaries and cybercriminals using both open-source and proprietary datasets in various roles for several years. More recently he has focused on threats to ISPs, including campaigns in which actors targeted networking equipment, Linux servers, and DNS infrastructure. Prior to joining Lumen Technologies, Daniel worked at Cisco Talos. Danny has a bachelor\u2019s degree in Diplomacy and International Relations from Seton Hall University.", "public_name": "Danny Adamitis", "guid": "fcb82fb0-2b39-5f96-861e-8158007b2c42", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/SQ8JJA/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/78QXVQ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/78QXVQ/", "attachments": []}], "Florentine F": [{"guid": "5a529c2c-d885-59c2-b4ec-65098962ac5d", "code": "ZNXL8D", "id": 68705, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-68705-union-select-from-hackers-why-we-should-be-building-infosec-worker-power-through-the-labor-movement", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZNXL8D/", "title": "UNION SELECT * FROM hackers: Why We Should Be Building InfoSec Worker Power Through the Labor Movement", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "As a community, we can no longer count on power, be it the government or our employers, to engage with us out of goodwill. As workers, we cannot assume that \"the cybersecurity workforce shortage\" will protect us either. While our jobs, working conditions, and friends are threatened, the institutions we would turn to have also been eroded. However, this community knows how to build things for each other, and it's past time we turn that solidarity into broader power by channeling it through one of the few robust institutions left: unions and the labor movement.\r\n \r\nThis talk will use my experience as a member of the InfoSec community and as my department's union rep to make an argument for all of us, at least those of us who currently or want to sell our skills for a paycheck, to focus on building power as workers. It will build on existing arguments for tech worker unions by adding context specific to the InfoSec community, my practical experience in a union and the labor movement, and the current moment. All views are my own and not necessarily my employer's or any labor organization\u2019s.", "description": "In recent years, there has been high-level talk within the InfoSec community about the role for organized labor in the community but with no active stakeholders \"from labor\" or practical InfoSec worker organizing experience present (see Cory Doctorow's DEF CON 32 talk, the White House's Cybersecurity Workforce Strategy, etc.). Similarly, in the tech worker space, I've noticed very little attention given explicitly to InfoSec workers and the unique considerations that apply to our community and industry.\r\n\r\nI am mildly frustrated by this discrepancy, particularly since I've been involved with the labor movement long before I ever wrote my first \"Hello World\" program. It\u2019s also a discrepancy ripe with opportunity, as many of the skills and values that define the InfoSec community are directly applicable to labor organizing. This talk is my attempt to start remediating the situation by making the pitch for unions and broader labor movement organizing to the InfoSec community as a member of both this community and the labor movement.\r\n\r\nInitially, I waited to pitch this talk to Hacker Summer Camp until I could find a coalition of other unionized InfoSec professionals, or until I had buy-in from other parts of the labor movement that may be able to process any increased interest generated by this talk. However, the recent deterioration of the community's soft power policy influence and heightened attacks on the labor movement convinced me of the urgency of giving this talk this year.\r\n\r\nThis talk builds on arguments on the need for and utility of tech sector unions made by Cory Doctorow, Ethan Marcotte, the Tech Workers Coalition, various tech unions, grassroots organizers, and others. I tailor those general arguments towards the InfoSec community and industry to stress the relevance of organized labor as one of the best tools this community has to build power and influence people as we lose the voluntary deference, particularly as individuals, we received from our bosses and the government in the past.\r\n\r\nThis talk goes beyond a few words on how \"you should unionize your workplace!\" and provides an in-depth discussion on why building collective power as workers is more important now than ever, shows how it has worked in ways other forms of organizing cannot, and provides practical insight from the perspective of someone who actively represents developers, incident responders, analysts, auditors, cloud engineers, etc. when I'm not in a terminal or VSCode.", "recording_license": "", "do_not_record": false, "persons": [{"code": "T9MH9A", "name": "Logan Arkema", "avatar": "https://pretalx.com/media/avatars/T9MH9A_fekEbH3.webp", "biography": "Logan is a Sr. Cybersecurity Specialist at a government agency and the Union Rep for its IT & Cybersecurity Team, but is speaking in a purely personal and union capacity. Professionally, he has worked across technical topics, including incident response, privacy, and cloud engineering. He has been a union rep for five years; serves on his union's bargaining, dispute resolution, and legislative committees; provides informal tech policy advice to the International Federation of Professional and Technical Engineers; and is a member of the Tech Workers Coalition and the Federal Unionist Network. He has a Master's Degree in Tech Law and Policy, but is not a lawyer and certainly not your lawyer.\r\n\r\nIn his spare time, he built and sells a \"\"\"badge\"\"\" of a live LED display of the DC Metro System and developed ResidueFree, a privacy-enhancing tool for personal computers, as part of an academic paper and presented as a DEF CON 30 demo lab. He has volunteered with BSides NoVA, the DEF CON Policy Village, and Hackers on the Hill. Outside of tech and labor, he can be found doing Typical Nerd Things (playing D&D).", "public_name": "Logan Arkema", "guid": "67bde923-10a2-5ba0-b0da-237653d4feca", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/T9MH9A/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZNXL8D/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZNXL8D/", "attachments": []}, {"guid": "3a2f4045-facb-59f2-aa74-40cb81aaed0a", "code": "9WYQKB", "id": 68804, "logo": null, "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "00:45", "room": "Florentine F", "slug": "security-bsides-las-vegas-2025-68804-breaking-the-illusion-bypassing-endpoint-security-controls-with-simple-tactics", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9WYQKB/", "title": "Breaking the Illusion: Bypassing Endpoint Security Controls with Simple Tactics", "subtitle": "", "track": "Common Ground", "type": "Talk-45m", "language": "en", "abstract": "This talk unveils previously undisclosed vulnerabilities in Microsoft Defender and Zscaler, currently under review by Microsoft and US-CERT. It explores how adversaries can bypass EDR protections without malware or exploits\u2014leveraging native OS tools, misconfigurations, and weak self-protection mechanisms. Through real-world examples and live demos, the session will challenge assumptions about EDR resilience and reveal how simple, repeatable techniques can disable or remove endpoint security controls.", "description": "At BSidesLV, we will unveil previously undisclosed vulnerabilities affecting Microsoft Defender and Zscaler\u2014flaws currently being triaged by Microsoft and coordinated with US-CERT. These vulnerabilities expose critical weaknesses in how endpoint and network security solutions enforce protection and prevent tampering.\r\n\r\nBut beyond new vulnerabilities, this talk will demonstrate how EDR solutions can be bypassed using built-in OS functionality, overlooked misconfigurations, and flawed integrity protections\u2014no exploits, no malware, just simple, repeatable techniques that adversaries are already using.\r\n\r\nOrganizations often assume that EDR is resilient\u2014that once deployed, it provides a reliable defense against attackers. But what happens when an adversary removes, disables, or renders it ineffective using nothing more than tools already available on the system?\r\n\r\nWe will walk through real-world examples of how:\r\n\r\nScripts found in the wild silently bypass endpoint security uninstallation logic.\r\n\r\nEDR solutions fail to enforce self-protection, allowing simple tampering techniques.\r\n\r\nNative Windows tools like wmic, sc, and PowerShell can be abused to disable or remove security software.\r\n\r\nNewly discovered vulnerabilities in Defender and Zscaler can be exploited to weaken security controls.\r\nThis talk will include exclusive first-time disclosures of new security weaknesses alongside live demonstrations of real-world security bypasses that work today.", "recording_license": "", "do_not_record": false, "persons": [{"code": "T7WN7A", "name": "Blake Hudson", "avatar": "https://pretalx.com/media/avatars/T7WN7A_HXrbjP9.webp", "biography": "Blake is a seasoned cybersecurity professional, boasting over 6 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and cloud security. Previously a Red Teamer through the Department of Education where he obtained several SANS certifications and is currently serving as an Offensive Security Engineer at PayPal. Blake orchestrates and executes engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Blake demonstrates his ability to identify common vulnerability patterns through continual participation in CTFs and has a passion for continuing education. Additionally, he has refined his skills through constant security research, further enhancing his expertise in cybersecurity.", "public_name": "Blake Hudson", "guid": "58b251bc-7a1b-587e-9411-c68c829ea0d0", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/T7WN7A/"}, {"code": "XJRBXD", "name": "Caleb Sargent", "avatar": "https://pretalx.com/media/avatars/XJRBXD_nawhmzk.webp", "biography": "Caleb is a seasoned cybersecurity professional, boasting over 9 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and physical security assessments. Previously a consultant at Optiv where he obtained the OSCP, and currently serving as an Offensive Security Engineer at PayPal, Caleb orchestrates and executes red team engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Caleb demonstrates his ability to identify vulnerabilities and mitigate risks through active participation in bug bounty programs on platforms like HackerOne and PayPal, contributing as both a researcher and in supportive roles. Additionally, he has refined his skills through endpoint detection and response testing, further enhancing his expertise in cybersecurity. Caleb has presented the following talks:\r\n\r\n\u2022 Blackhat USA 2024: Into the Inbox: Novel Email Spoofing Attak Patterns\r\n\u2022 Optiv Team Summit 2018 - OSINT from the Ground Up \r\n\u2022 Optiv Team Summit 2019 - Bypassing Windows Defender \r\n\u2022 Optiv Team Summit 2020 - Data Security for Consulting \r\n\u2022 PayPal ECS Conference 2021 - Anatomy of a Red Team Engagement", "public_name": "Caleb Sargent", "guid": "9361dbc3-9584-54d2-a1a7-44e750ce333a", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XJRBXD/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9WYQKB/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9WYQKB/", "attachments": []}], "Tuscany": [{"guid": "93111a9e-2dd5-541c-9ccf-00f42c504a3c", "code": "ZUWAF8", "id": 70289, "logo": "https://pretalx.com/media/security-bsides-las-vegas-2025/submissions/ZUWAF8/PassC_cr7je1x.jpg", "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-70289-password-audit-cracking-in-ad-the-fun-part-of-compliance", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZUWAF8/", "title": "Password ~Audit~ Cracking in AD: The Fun Part of Compliance", "subtitle": "", "track": "PasswordsCon", "type": "Talk-45m", "language": "en", "abstract": "This is the story of three organizations: EvilCats (a criminal group), YOLO Corp (a new company that don't have any security staff) and CoolSec (a company that goes above security compliance). We will see how two corporations fret against EvilCats during various attack scenarios that all involve passwords.", "description": "To begin, we will present the latest NIST recommendation for passwords and the risks and benefits of implementing them. We will also present our 3 corporations (with AI generated icon style images) (~5 mins)\r\n\r\nWe will then jump in the heart of the subject. \r\n\r\n**Attack 1**: Password Spray \r\nWe will present stats about breach that starts with Brute Force/PassSpray attacks\r\nWe'll see how YOLO Corp falls from an exposed RDP service to a ransomware scenario VS CoolSec who was able to both detect the attack and resist the PassSpray Attacks because they audits their passwords and eliminates the common one (~ 5 mins)\r\n\r\n**Attack 2**: Evils gets a copy of NTDS.dit from an unprotected backup from YOLO Corp & CoolSec\r\nThey attempt cracking the passwords. Typically that'll get over 50% of the password within a few days and some will fall in seconds (anything that has 7 characters long)\r\nWe will then see that dumping NTDS.dit from your DC to perform Password Audit isn't the most elegant way to go about it. Fortunately Michael Grafnetter's DSInternals got us covered. This Open Source PowerShell project will pull the information for the DC (just like the DCSync attack) and will perform some basic analysis of the hashes found. We will go over the main modules of this project and how to configure a user that can fetch the hashes. \r\nAnd finally how to detect this type of activity if another user (or if that account ever gets compromised!!) ever perform a similar action (~15 mins)\r\n\r\nFrom there it's also easy (built-in command) to convert the user & hash to a format John the Ripper or Hashcat can ingest for additional cracking. We will go over some effective password cracking rules and methodology for Hashcat and reference Travis Palmer's Defcon 28 Red Team Village talk \"Passwd Cracking Beyond 15 Chars, Under $500\" \r\nUsing either Password Filter or Azure AD \"ban list\" we can prevent users from choosing derivatives of these weak passwords in the future (~10 mins)\r\n\r\nIn conclusion we'll cover how once you have DSInternals & Hashcat in place, it's easy to create a wrapper script to automate the whole process : \r\n- Extract the hashes\r\n- Run a few check on hashes (without cracking)\r\n  - Any previously cracked hash present\r\n  - Any hash associated with multiple accounts\r\n  - Etc. \r\n- Launch a Password cracker against the account\r\n- Force change password on accounts with \"known passwords\" \r\n- Send a communication to the account's owner. \r\n(~5 mins)\r\n\r\nAfter attending this talk the attendees should leave the room with knowledge about the latest NIST recommendation for passwords and a plan to enforce them while making sure their users are not using weak passwords and putting the whole enterprise at risk.", "recording_license": "", "do_not_record": false, "persons": [{"code": "HAU8HJ", "name": "Mat Saulnier", "avatar": "https://pretalx.com/media/avatars/HAU8HJ_JcKc28o.webp", "biography": "With a passion for Offensive Security, he automates OffSec Tools to improve the security posture of organizations around the world. Building on his strong technical background he now focuses on Threat Research, Threat Hunting, Detection Engineering and Incident Response.\r\n\r\nMat (better known as Scoubi in this community) is a recognized security professional and Core Mentor for Defcon\u2019s Blue Team Village that has over 2 decades of experience in security. He shared his passion for IT Security and captivated audiences at Derbycon, SANS Summits and RSAC, amongst others.", "public_name": "Mat Saulnier", "guid": "a076326f-6c3c-5759-8ab5-364eb86663b4", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HAU8HJ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZUWAF8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/ZUWAF8/", "attachments": []}, {"guid": "107c84b9-7cbb-5542-8cb5-bc639056f209", "code": "BWUGRH", "id": 71900, "logo": null, "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Tuscany", "slug": "security-bsides-las-vegas-2025-71900-password-expiry-is-dead-real-world-metrics-on-what-rotation-actually-achieves", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BWUGRH/", "title": "Password Expiry is Dead: Real-World Metrics on What Rotation Actually Achieves", "subtitle": "", "track": "PasswordsCon", "type": "Talk-20m", "language": "en", "abstract": "For decades, organizations have enforced password rotation policies under the assumption that regular resets increase security. But do they really?\r\n\r\nIn this talk, we challenge the value of traditional password expiry policies using real-world data, cracked password timelines, and behavior analysis. By analyzing enterprise credential datasets before and after forced rotations, we reveal that most users simply mutate old passwords \u2014 creating predictable, pattern-based credentials that are easier to crack, not harder.\r\n\r\nWe\u2019ll discuss how password expiration policies:\r\nDecrease entropy over time\r\nEncourage poor user behaviors\r\nFail to meaningfully reduce compromise risk\r\n\r\nInstead, we'll introduce alternatives such as : time-to-crack scoring, event-driven rotations, and credential risk thresholds that align better with actual attacker models. If your org is still enforcing 90-day resets, this session will give you the ammunition \u2014 and the data \u2014 to rethink that approach entirely.", "description": "Our talk debunks the myth that routine password expiration improves security. Many audit outcomes and recommendations given push for password expiration as a way to prevent attacks. Using historical and real cracked password data, we show how forced rotations lead to predictable patterns and weaker passwords \u2014 not stronger ones. And propose smarter, risk-based alternatives to legacy policies.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XY9MD8", "name": "Dimitri Fousekis", "avatar": "https://pretalx.com/media/avatars/XY9MD8_QtfGSJN.webp", "biography": "Dimitri Fousekis / Rurapenthe -  has been in the security industry for over 20 years, and is the CTO of Bitcrack Cyber Security. Having enjoyed many years of Passwords, and password-related talks, Dimitri has a passion for deception based cyber security, as well as OSINT and cybersecurity intelligence. He has spoken at many conferences including BSidesLV, BSidesZA, PasswordsCon Cambridge & Vegas, BSides Athens and others.", "public_name": "Dimitri Fousekis", "guid": "6a3a03be-cafd-5d16-bdfa-09e468e330ba", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/XY9MD8/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BWUGRH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BWUGRH/", "attachments": []}], "Siena": [{"guid": "a76b5296-b202-55d3-b7a9-5c2b510af047", "code": "RGNJER", "id": 69536, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "00:45", "room": "Siena", "slug": "security-bsides-las-vegas-2025-69536-root-cause-and-attack-flows-interpretable-ml-for-alert-log-correlation", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RGNJER/", "title": "Root Cause and Attack Flows: Interpretable ML for Alert & Log Correlation", "subtitle": "", "track": "Ground Truth", "type": "Talk-45m", "language": "en", "abstract": "In cybersecurity, analysts routinely drown in noisy, fragmented alerts\u2014making it difficult to uncover coordinated, multi-stage attacks. This talk introduces an innovative approach to contextualizing alerts and extracting hidden attack chains using fully explainable, open-source machine learning\u2014no black boxes or complex large-language models involved. Attendees will explore how clustering algorithms, temporal knowledge graphs, and Markovian sequencing methods can systematically map security alerts, logs, and telemetry to MITRE ATT&CK Techniques, clearly revealing attacker tactics and objectives. The session will include practical demonstrations using the speaker\u2019s open-source tool, Attack Flow Detector, available on GitHub. Participants do not need deep data science expertise; basic familiarity with MITRE ATT&CK and standard SOC processes will help maximize learning outcomes. After attending, participants will understand how to implement transparent ML-based correlation workflows, reduce false positives, accelerate response times, and detect stealthy, multi-step attack flows.", "description": "This talk introduces an open-source approach to alert correlation and attack flow reconstruction using interpretable machine learning\u2014not LLMs or black-box AI. Designed for SOC analysts and defenders, the presentation walks through how to map logs and alerts to MITRE ATT&CK techniques, cluster them into meaningful stages, and chain those stages into full attack narratives. The goal is to expose coordinated attacks that hide within fragmented telemetry, false positives, and lone incidents.\r\n\r\nAttendees will learn how to apply context-driven techniques\u2014like density-based clustering, temporal graph modeling, and simple NLP classifiers\u2014to turn noisy data into actionable insight. We\u2019ll demonstrate how the Attack Flow Detector tool performs this work in real-world-style environments, outputting root cause analysis and ticket-ready reports. The talk emphasizes transparency, explainability, and practicality\u2014giving hackers and blue teamers a framework to trace attacker movement through data they already have, without needing search-heavy SIEMs or opaque AI platforms.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CJK9WL", "name": "Ezz Tahoun", "avatar": "https://pretalx.com/media/avatars/CJK9WL_lr7Ebf3.webp", "biography": "Ezz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.", "public_name": "Ezz Tahoun", "guid": "a7f26b92-2283-5998-b659-e08f114af5ac", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/CJK9WL/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RGNJER/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/RGNJER/", "attachments": []}, {"guid": "1f48755c-3daf-5d92-ad90-5781f2382ef8", "code": "9CCKBA", "id": 70180, "logo": null, "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "00:20", "room": "Siena", "slug": "security-bsides-las-vegas-2025-70180-a-winning-competition", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9CCKBA/", "title": "A Winning Competition", "subtitle": "", "track": "Ground Truth", "type": "Talk-20m", "language": "en", "abstract": "This talk explores the design and creation of two cybersecurity competitions: WRCCDC (Western Regional Collegiate Cyber Defense Competition) and CIRCUS (Collegiate Incident Response Competition for Undergraduate Students). This brief talk will go over challenges, best ways to gain interest, grow competitions. In addition we will discuss how to build interest in different cyber-security based fields using competitions. Drawing on proven examples, we\u2019ll offer actionable guidance for competition organizers, coaches, and academic programs aiming to bridge the cybersecurity skills gap.", "description": "As new security challenges arise, hands-on competitions are vital for training the next generation of defenders and responders. Collegiate cyber competitions like WRCCDC and CIRCUS serve dual roles: they test students\u2019 technical skills under pressure and expose them to real-world operational and legal contexts. WRCCDC places teams in the role of network administrators defending \u201ccommercial\u201d infrastructure against persistent red-team attacks, while CIRCUS challenges participants to perform deep forensic analysis and defend findings before legal professionals. This talk will go over operation insight and technical challenges in running different structured competitions. You will gain insights into competition architecture, work involved in creating realistic scenarios, custom software development work, scoring mechanisms, red-team integration, and team development strategies that foster collaboration and technical proficiency. We\u2019ll also delve into role assignment (e.g., network, system, application, forensics, reporting), and training regimens, culminating in a blueprint for both organizers and competitors.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FYZDCM", "name": "Wasabi", "avatar": "https://pretalx.com/media/avatars/FYZDCM_0Cxf3rt.webp", "biography": "Educator, hands-on hacker, and Blue Team strategist exploring the frontiers of embedded systems, AI, academic research, and competitive challenges. Previously spoken a number of conferences including DefCon, SCALE, BSides LA, and ShellCon to name a few.", "public_name": "Wasabi", "guid": "927570c4-9acf-57fe-a15c-aef94ed168d5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/FYZDCM/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9CCKBA/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/9CCKBA/", "attachments": []}, {"guid": "5dd09c10-f747-59b2-a273-742d1a2764a0", "code": "AWLR99", "id": 67801, "logo": null, "date": "2025-08-06T11:30:00-07:00", "start": "11:30", "duration": "00:20", "room": "Siena", "slug": "security-bsides-las-vegas-2025-67801-manufacturing-breakthroughs-how-conflict-leads-to-innovation", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AWLR99/", "title": "Manufacturing Breakthroughs: How Conflict Leads to Innovation", "subtitle": "", "track": "Ground Truth", "type": "Talk-20m", "language": "en", "abstract": "What if cybersecurity\u2019s biggest challenges\u2014supply chain vulnerabilities, dark web economies, critical infrastructure risks\u2014already have solutions? The problem isn\u2019t finding new answers; it\u2019s identifying existing ones systematically. This talk introduces TRIZ (Theory of Inventive Problem Solving), an engineering-based methodology that resolves contradictions and forecasts innovation patterns to tackle complex problems effectively. Think of the contradiction matrix as a \u201cdecision tree for conflicts,\u201d helping you navigate dilemmas like \"secure but open\" or \"privacy vs functionality.\" Patterns of evolution act as \u201cforecasting the weather in technology,\u201d enabling professionals to anticipate emerging risks and opportunities.\r\n\r\nAttendees will learn how TRIZ can be applied to secure software supply chains, analyze underground economies on the dark web, design resilient critical infrastructure during natural disasters, and protect sensitive data while balancing privacy concerns. Through vivid case studies\u2014including anti-phishing strategies and internal data leakage prevention\u2014participants will gain actionable insights into integrating TRIZ into their analytical processes. By adopting this mindset, cybersecurity professionals can anticipate emerging threats, minimize surprises, and lead teams toward innovative solutions.", "description": "Cybersecurity is a field filled with contradictions: how do we balance security with openness, privacy with functionality, or resilience with complexity? TRIZ (Theory of Inventive Problem Solving) offers a roadmap for navigating these dilemmas systematically. Originally developed in engineering, TRIZ is a structured methodology that helps identify existing solutions to seemingly unsolvable problems by resolving contradictions and leveraging patterns of innovation.\r\n\r\nThink of TRIZ as a GPS for problem-solving. The contradiction matrix acts as a \u201cdecision tree for conflicts,\u201d guiding professionals to resolutions without compromise. Patterns of evolution serve as \u201cforecasting the weather in technology,\u201d enabling organizations to anticipate future risks and opportunities based on predictable progressions.\r\n\r\nThis talk focuses on applying TRIZ principles to three critical domains in cybersecurity: supply chain security, dark web economies, and critical infrastructure resilience. Using vivid case studies\u2014such as anti-phishing strategies that leverage contradiction resolution techniques or data leakage prevention through segmentation\u2014attendees will see how TRIZ can transform their approach to problem-solving.\r\n\r\nBy the end of this session, participants will understand how to integrate TRIZ into their analytical processes, empowering them to anticipate threats, minimize surprises, and design resilient systems that adapt dynamically to emerging challenges.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DCU8WU", "name": "Munish Walther-Puri", "avatar": "https://pretalx.com/media/avatars/DCU8WU_F3vGRHN.webp", "biography": "Munish Walther-Puri is a seasoned risk advisor and security strategist with two decades of experience translating complex cybersecurity and geopolitical realities into actionable frameworks. His expertise lies in identifying critical blind spots for decision-makers and developing innovative risk assessment methodologies. Currently, he serves as Interim Deputy CISO for a major manufacturer, building enterprise IT GRC programs and uplifting cybersecurity maturity. Munish's career spans diverse roles, including VP of Cyber Risk at Exiger, first Director of Cyber Risk at NYC Cyber Command, and Chief Research Officer at a dark web monitoring startup. His academic engagements include adjunct faculty positions at NYU, Columbia, and IANS Research, as well as a focus on the nexus of cyber, tech, national security, and industrial policy. He is a Life Member of the Council on Foreign Relations and a Senior Fellow at the Institute for Security and Technology. With a keen interest in the intersection of cyber, geopolitical, and supply chain risks, Munish is committed to bridging theory and practice, contributing to academic discourse, and advancing cutting-edge research in interconnected risk.", "public_name": "Munish Walther-Puri", "guid": "ec436f35-a733-5c71-b273-f251901ec272", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DCU8WU/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AWLR99/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/AWLR99/", "attachments": []}], "Copa": [{"guid": "40003ec1-b939-5f68-9b01-c704207fb005", "code": "GAYADE", "id": 67799, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "00:30", "room": "Copa", "slug": "security-bsides-las-vegas-2025-67799-na", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GAYADE/", "title": "NA", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-20m", "language": "en", "abstract": "NA", "description": "NA", "recording_license": "", "do_not_record": false, "persons": [{"code": "YX9Z3D", "name": "NA", "avatar": "https://pretalx.com/media/avatars/YX9Z3D_pkiepho.webp", "biography": "NA", "public_name": "NA", "guid": "893dd92d-fd5b-5bd3-a95f-e6b341cf8590", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/YX9Z3D/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GAYADE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/GAYADE/", "attachments": []}, {"guid": "988d6f4d-23c1-580f-9f71-5c6920124dce", "code": "MQCNWH", "id": 72396, "logo": null, "date": "2025-08-06T10:30:00-07:00", "start": "10:30", "duration": "00:30", "room": "Copa", "slug": "security-bsides-las-vegas-2025-72396-neighborhood-household-resilience-a-month-without-external-assistance", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MQCNWH/", "title": "Neighborhood & Household Resilience- A Month Without External Assistance.", "subtitle": "", "track": "I Am The Cavalry", "type": "Talk-20m", "language": "en", "abstract": "In an era marked by increasing natural disasters, geopolitical instability, and infrastructure vulnerabilities, personal emergency preparedness has become a critical component of resilience. \r\n\r\nThis panel will discuss approaches to maintaining a  one-month supply of food, water, and medicine per household member to ensure self-sufficiency during extreme emergencies. Such events\u2014ranging from hurricanes and earthquakes to cyberattacks and pandemics\u2014can disrupt supply chains, utilities, and emergency services, leaving communities isolated and vulnerable. \r\n\r\nA well-stocked reserve of non-perishable food, potable water, and essential supplies not only enhances individual and family safety but also reduces the burden on emergency responders and public resources. This proactive approach fosters a culture of readiness, empowering citizens to withstand crises with greater confidence and stability.", "description": "This panel will discuss approaches to maintaining a  one-month supply of food, water, and medicine per household member to ensure self-sufficiency during extreme emergencies. Such events\u2014ranging from hurricanes and earthquakes to cyberattacks and pandemics\u2014can disrupt supply chains, utilities, and emergency services, leaving communities isolated and vulnerable. David will be joined by some guests to talk about the art of the possible as it relates to maintaining resilience within the home and community.", "recording_license": "", "do_not_record": false, "persons": [{"code": "KPMTR9", "name": "David Batz", "avatar": "https://pretalx.com/media/avatars/KPMTR9_F5Y0dFo.webp", "biography": "Leveraging over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, he brings a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with multiple federal agencies, including the Department of Energy (DoE), and the Department of Homeland Security (DHS).\r\nDavid has been with the Edison Electric Institute for over 15 years and more broadly, has been instrumental in the development and expansion of an industry-wide program called Cyber Mutual Assistance.\r\nHe is a member of InfraGard and serves on the SANS Institute Advisory Board. He has authored various articles and presented at numerous events domestically and internationally on securing critical infrastructure, industrial systems as well as security baseline and standards topics for prominent industry associations including NIST, the National Academies of Sciences, United States Energy Association and the World Economic Forum to name a few.", "public_name": "David Batz", "guid": "d2bec2a9-0ebe-50c1-8bf5-b7e54c7691df", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/KPMTR9/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MQCNWH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MQCNWH/", "attachments": []}, {"guid": "96ab2089-ed78-5c09-b4a2-7de1c7a93e9e", "code": "WFYFWE", "id": 72402, "logo": null, "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "01:00", "room": "Copa", "slug": "security-bsides-las-vegas-2025-72402-time-is-running-out-tying-it-all-together-what-will-you-do-in-the-near-term", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WFYFWE/", "title": "Time is Running Out - Tying it All Together - What Will You Do in the Near Term?", "subtitle": "", "track": "I Am The Cavalry", "type": "Event1HR", "language": "en", "abstract": "This portion of the event is focused on no-kidding short-term measures to take to reduce risk. We have discussed water, urgent and emergency care, energy, public safety, household resilience and more. \r\n\r\nWhat actions can you take this month to protect your community, your family, yourself? What about next month? What about October? Ongoing, incremental steps can materially reduce risk.", "description": "This portion of the event is focused on no-kidding short-term measures to take to reduce risk. We have discussed water, urgent and emergency care, energy, public safety, and household resilience. \r\n\r\nWhat actions can you take this month to protect your community, your family, yourself? What about next month? What about October? Ongoing, incremental steps can materially reduce risk.", "recording_license": "", "do_not_record": false, "persons": [{"code": "HD7PCQ", "name": "Josh Corman", "avatar": "https://pretalx.com/media/avatars/HD7PCQ_dJ03840.webp", "biography": "Joshua Corman is the founder of I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA\u2019s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council\u2019s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.", "public_name": "Josh Corman", "guid": "1c5a135a-0f0b-5591-a9de-3f2d2ab50b35", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/HD7PCQ/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WFYFWE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/WFYFWE/", "attachments": []}], "Pool": [{"guid": "426ce136-62fa-5d0f-b1d0-4df1eec3256f", "code": "PFRLVK", "id": 70766, "logo": null, "date": "2025-08-06T21:00:00-07:00", "start": "21:00", "duration": "06:00", "room": "Pool", "slug": "security-bsides-las-vegas-2025-70766-bsides-pool-party", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PFRLVK/", "title": "BSides Pool Party", "subtitle": "", "track": "Events", "type": "Event6HR", "language": "en", "abstract": "BSides Pool Party", "description": "BSides Pool Party", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PFRLVK/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/PFRLVK/", "attachments": []}], "G-103": [{"guid": "26099800-d266-5e85-b9c6-3cfa588a6cea", "code": "D83EH8", "id": 70765, "logo": null, "date": "2025-08-06T19:30:00-07:00", "start": "19:30", "duration": "02:00", "room": "G-103", "slug": "security-bsides-las-vegas-2025-70765-recovery-hackers-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D83EH8/", "title": "Recovery Hackers, Wednesday", "subtitle": "", "track": "Events", "type": "Event2HR", "language": "en", "abstract": "Not a formal 12-step meeting. Rather, a supportive gathering for folks taking Summer Camp one day at a time. Monday, Tuesday and Wednesday, 19:30-21:30 in G103. Look for the sign on a patio on the pool side of building G and enter through the patio door.", "description": "Not a formal 12-step meeting. Rather, a supportive gathering for folks taking Summer Camp one day at a time. Monday, Tuesday and Wednesday, 19:30-21:30 in G103. Look for the sign on a patio on the pool side of building G and enter through the patio door.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D83EH8/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/D83EH8/", "attachments": []}], "Hallway": [{"guid": "dca720ad-f405-59a6-a6c3-8a23cdd28af2", "code": "NZA8EH", "id": 70754, "logo": null, "date": "2025-08-06T07:00:00-07:00", "start": "07:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70754-info-booth-opens-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NZA8EH/", "title": "Info Booth Opens, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Info Booth Opens, Wednesday", "description": "Info Booth Opens, Wednesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NZA8EH/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/NZA8EH/", "attachments": []}, {"guid": "fc5d6e77-3060-58b3-9e7b-57dd3667ac1f", "code": "UJBZWE", "id": 70757, "logo": null, "date": "2025-08-06T08:00:00-07:00", "start": "08:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70757-registration-opens-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UJBZWE/", "title": "Registration Opens, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Registration Opens, Wednesday", "description": "Registration Opens, Wednesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UJBZWE/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/UJBZWE/", "attachments": []}, {"guid": "7cd1fb4a-ab81-56fe-bd55-394dc6dfb87b", "code": "CMTLQN", "id": 70775, "logo": null, "date": "2025-08-06T09:00:00-07:00", "start": "09:00", "duration": "01:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70775-skytalks-token-drop-5", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CMTLQN/", "title": "Skytalks Token Drop 5", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Skytalks Token Drop 5\r\nSkytalks token distribution for Wednesday MORNING sessions (10:00-12:00)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "description": "Skytalks Token Drop 5\r\nSkytalks token distribution for Wednesday MORNING sessions (10:00-12:00)\r\nQueue in Tuscany Hallway between Middle Ground and Speaker Room.\r\nTokens are limited in number, and distribution ends when they are gone.", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CMTLQN/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/CMTLQN/", "attachments": []}, {"guid": "5477b1c5-3f30-5b90-985b-3fde3aab6010", "code": "DLKXPU", "id": 70758, "logo": null, "date": "2025-08-06T11:00:00-07:00", "start": "11:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70758-registration-closes-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DLKXPU/", "title": "Registration Closes, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Registration Closes, Wednesday", "description": "Registration Closes, Wednesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DLKXPU/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/DLKXPU/", "attachments": []}, {"guid": "505d0d7b-4920-5b26-8fe1-7b6d2717b1a5", "code": "BPC3MD", "id": 70755, "logo": null, "date": "2025-08-06T16:00:00-07:00", "start": "16:00", "duration": "00:00", "room": "Hallway", "slug": "security-bsides-las-vegas-2025-70755-info-booth-closes-wednesday", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BPC3MD/", "title": "Info Booth Closes, Wednesday", "subtitle": "", "track": "Middle Ground", "type": "Event1HR", "language": "en", "abstract": "Info Booth Closes, Wednesday", "description": "Info Booth Closes, Wednesday", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BPC3MD/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/BPC3MD/", "attachments": []}], "Misora": [{"guid": "f73b6c30-ed55-58ed-9ce6-c114c60cf980", "code": "MEGNEQ", "id": 69116, "logo": null, "date": "2025-08-06T10:00:00-07:00", "start": "10:00", "duration": "01:45", "room": "Misora", "slug": "security-bsides-las-vegas-2025-69116-advanced-bioterrorism-methods-for-the-discerning-practitioner-token-13", "url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MEGNEQ/", "title": "Advanced BioTerrorism Methods for the Discerning Practitioner (Token 13)", "subtitle": "", "track": "Skytalks", "type": "Event2HR", "language": "en", "abstract": "Do you have an idea for how you might make the world better with a genetically modified organism, but you hit roadblocks in your project because of regulation, licenses, or biosafety certifications? Well, the Four Thieves Vinegar Collective feels your pain. We have had the same issues, and we would like to show you all the methods we've used to circumvent those roadblocks so that you too can work to cure a disease, create a vaccine, or save a species from extinction.\r\n\r\nWe are going to show you these methods by detailing two projects, both of which have been in the pipeline for over seven years. One you might have already heard about, the other is a secret that you'll have to show up to see. Stage time allowing, we will also detail how to \"\"Nonconsentually Open-Source\"\" existing biotech products with a third concrete example. Let's reclaim the OG meaning of the word BioHacking, and actually manupulate organisms and ecosystems at the molecular level, and leave the world a little better than we found it. Come party.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "DKEU8K", "name": "Dr. Mixael S. Laufer", "avatar": "https://pretalx.com/media/avatars/DKEU8K_AWKC0Pt.webp", "biography": "Dr. Mix\u00e6l Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He now is the chief spokesperson for the Four Thieves Vinegar Collective which works to make it possible for people to manufacture their own medications and medical devices at home by creating public access to tools, ideas, and information.", "public_name": "Dr. Mixael S. Laufer", "guid": "3ebcf97d-a90c-52ac-b4e8-6e50f50e0606", "url": "https://pretalx.com/security-bsides-las-vegas-2025/speaker/DKEU8K/"}], "links": [], "feedback_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MEGNEQ/feedback/", "origin_url": "https://pretalx.com/security-bsides-las-vegas-2025/talk/MEGNEQ/", "attachments": []}]}}]}}}