We hope you enjoy the exciting collection of speakers, talks and workshops we have accepted for BSides Delaware 2025. Enjoy our list of accepted talks and workshops below!
Looking for the Schedule? Visit our Schedule Page!
Support our speaker and learn more about them by visiting the Speaker Bios Page!
2025 Accepted Workshops
*Subject to change due to speaker availability*
| Title | Speaker | Description |
|
Cloud Forensics Workshop: Power, Light, and Intelligence |
Kerry Hazelton | Every watt and bit tells a story — if you know how to listen. The Cloud Forensics Workshop: Power, Light, and Intelligence explores how breaches unfold across cloud platforms, ICS/OT systems, and hybrid infrastructures — and how digital forensics can illuminate the path an attacker took. Students will follow real-world attack simulations based on events like Volt Typhoon and Colonial Pipeline, tracing adversary movements from the Cloud to operational systems. With hands-on labs, forensic artifact analysis, and collaborative investigation techniques — including AI-enhanced insights from co-instructor Aeris — attendees will sharpen their response skills and build real-world resilience. The training culminates in a live tabletop exercise and an optional Capture-the-Flag competition. Hardware requirements for the Cloud Forensics training on November 14 (6 hours) and optional CTF on November 15 (also 6 hours): Windows laptop w/ 16GB of RAM or greater; or MacBook running a Windows VM. If attendees choose to take the Cloud route, it is highly recommended to spin up a Windows Server 2022 t3a.large EC2 instance in AWS (or Azure equivalent) Software requirements: Latest version of TSK/Autopsy (Windows version) Volatility or Volatilty Workbench (latter is preferred as it is GUI-based) Wireshark CFF Explorer Detect It Easy Wireshark Trivy CyberChef An AI-enabled browser is helpful but not necessary (unless the attendees are familiar with prompt engineering) Audience: This workshop is designed for security professionals, DFIR analysts, Cloud engineers, and advanced students ready to deepen their understanding of real-world forensic investigations. A working knowledge of Cloud platforms and basic forensic principles is helpful but curiosity, persistence, and a willingness to learn will serve attendees best. Hardware requirements for the Cloud Forensics training on November 14 (6 hours) and optional CTF on November 15 (also 6 hours): Windows laptop w/ 16GB of RAM or greater; or MacBook running a Windows VM. If attendees choose to take the Cloud route, it is highly recommended to spin up a Windows Server 2022 t3a.large EC2 instance in AWS (or Azure equivalent) Software requirements: Latest version of TSK/Autopsy (Windows version) Volatility or Volatilty Workbench (latter is preferred as it is GUI-based) Wireshark CFF Explorer Detect It Easy Wireshark Trivy CyberChef An AI-enabled browser is helpful but not necessary (unless the attendees are familiar with prompt engineering) |
| Re-thinking IAM: A CTF – Driven Approach |
Hampi Thumati |
Identity and Access Management (IAM) is at the heart of cybersecurity, but too often it’s taught only through theory or vendor documentation. This workshop brings IAM to life with a blend of storytelling, demonstrations, and hands-on Capture the Flag (CTF) challenges designed to make complex concepts accessible and engaging. We’ll begin with a clear, practical overview of basic IAM principles, explained in a clear and relatable way so that everyone can understand the importance. We’ll explore how identity shapes our daily lives, why secure thinking and setting proper access boundaries matter, and examine past vulnerabilities that highlight the risks of weak identity controls. Once the foundation is set, attendees will move into an active CTF environment built specifically for this session, where they can put concepts into practice by testing, breaking, and defending identity systems in a safe, guided way. No prior IAM experience is required. the challenges are approachable for beginners but layered to provide deeper insights for mid-career professionals. Attendees should bring a laptop to participate fully. By the end of the session, you’ll have gained new skills, hands-on practice, and the confidence to better secure identity systems in your own environment. This is not a talk where you only sit back and listen—you’ll be solving, breaking, and fixing along the way. Whether you’re new to IAM or looking to sharpen your skills, this session promises to be an interactive and memorable way to strengthen your technical foundation. Audience: No prior IAM experience is required, the challenges are approachable for beginners but layered to provide deeper insights for mid-career professionals. Attendees should bring a laptop to participate fully |
|
DFIR ‘Tools of the Trade’ and Backdoors and Breaches Sessions |
Robin Noyes www.linkedin.com/in/robin-noyes | “Backdoors and Breaches” provides a hands-on, engaging way for cybersecurity professionals and enthusiasts to practice and develop critical incident response skills. As participants work through the scenarios, they can familiarize themselves with different types of attacks, such as ransomware, data exfiltration, and denial-of-service (DoS), and practice identifying the best security measures to counter them. The scenarios are designed to mimic real-life security challenges, requiring both technical knowledge and problem-solving skills. The gameplay encourages participants to not only rely on their technical expertise but also to engage in collaborative problem-solving, making it an excellent tool for teams looking to build coordination and effective communication in high-pressure situations. This hands-on approach bridges the gap between theoretical learning and practical application, helping team members develop the experience needed to respond quickly and efficiently during real incidents. Backdoors and Breaches” is intentionally designed to cater to all experience levels—from those just getting interested in cybersecurity to seasoned experts. For beginners, the game provides a low-pressure environment where they can learn about security tools, the mechanics of a cyberattack, and how to defend against breaches. The scenarios are carefully structured to guide less experienced players through key concepts, allowing them to gradually build their understanding of cybersecurity. Audience: All experience levels—from those just getting interested in cybersecurity to seasoned experts. |
| Paper-based Table Top Exercise (TTX) – Ransomware Simulation for State and Local Governments (SLG) | Jason Wright and Amber Kirylak | This is a paper based table top exercise. While it is based on a ransomware attack on a SLG (State or Local Government), it is applicable to all industries. Why paper based? Because it forces everyone to put their phones and laptops away and actually talk to one another. There will be 6-8 individuals per table, allowing those groups to communicate throughout each stage of the exercise. Then, after each stage, the proctor will go around the room and allow each team to debrief with their ideas before chiming in with other ideas that may have been missed or forgotten. Audience: The best part of this exercise is that it is applicable for all skill levels and backgrounds? GRC, SecOps, IAM, Service Desk, Infrastrcuture, it doesn’t matter, everyone will think and respond to an incident differently and that provides so much value during the debriefs. |
2025 Accepted Talks
*Subject to change due to speaker availability*
| Talk Title | Speakers | Description |
| WiCyS Delaware Valley – Career Panel | WiCyS Delaware Valley | Join us for an inspiring panel discussion featuring accomplished women in cybersecurity, moderated by an industry expert. This dynamic conversation will explore each speaker’s unique journey into the field, the challenges they’ve overcome, and the insights they’ve gained along the way. Through a series of thought-provoking questions, attendees will hear firsthand stories of resilience, innovation, and leadership in cybersecurity. Whether you’re a seasoned professional or just starting out, this event offers valuable perspectives and actionable advice to empower and connect women in tech. |
| Hacking planes. What can we learn on the ground from vulnerabilities in the air? | Paul Brownridge, Security Consultant | Flying is safe, far safer than many other modes of transport. However, aeroplanes are increasingly connected and consume data from multiple sources. We’ve been carrying out independent research in to aviation cyber security for several years and have found some interesting vulnerabilities along the way. We’ll look at some issues we’ve found in in-flight entertainment systems and electronic flight bags & the challenges we’ve had getting these resolved. Some of these could affect flight safety. Fortunately, many aviation technology vendors have been very proactive at fixing bugs, but not all. Is it really possible to hack a plane and how do we go about mitigating security issues? What can we learn on the ground from vulnerabilities in the air? |
| Burnout by Design: Let’s Build a Better SOC | Casey Cochran | “Alert fatigue” remains one of the most persistent and underestimated challenges in modern security operations. Despite growing awareness and advances in automation, SOAR, and AI/ML, many organizations continue to drown in low-fidelity alerts, causing stress for analysts, missed detections, and costly breaches. This problem is often self-inflicted, driven by an unrealistic desire to detect “everything” and delegate ambiguous or irrelevant work to the SOC. The result? Burned-out teams and a weakened security posture. The solution is straightforward, but requires discipline: focus detection efforts on high-fidelity, actionable alerts relevant to the environment and real-world threats. In this talk, we will explore how to: Apply threat intelligence and threat modeling to align security controls and detection with actual business risk adversary behaviors. Shrink the attack surface using governance, least privilege, and secure configuration practices. Engineer efficient, relevant, and low-noise detections which are continually reviewed and refined. Ensure analysts have time for high-value activities such as threat hunting, purple teaming, and incident preparedness. Use automation and AI/ML tools to augment analyst decision-making, not replace human decisions or introduce more noise. Attendees will leave with actionable strategies to improve SOC effectiveness, reduce analyst burnout, and strengthen their organization’s cyber resilience through smarter, streamlined detection practices. |
| ATT&CK’ing the Death Star while Bow-TIEs D3FEND | Jim Gilsinn @jimgilsinn | MITRE ATT&CK and D3FEND frameworks provide fingerprints of an attack, but they can lose the context of how attackers chain TTPs together to achieve their objective and how mitigations combine to defend systems. Other analysis, like ICS Kill Chain or bow-tie, can provide more narrative, but may not include the nuances that ATT&CK and D3FEND provide on the TTPs or mitigations. This talk takes a fun look at linking these models using Star Wars as a backdrop. |
| How we hacked YC Spring 2025 batch’s AI agents | Rene Brandel @renebrandel | We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we’ll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk. |
| First in Threats, First in Defense: Getting Started with Threat Modeling | James Rabe – Head of Global Services – IriusRisk | Delaware was the first to ratify the Constitution — and maybe it’s time you were first to spot the threats in your own systems. Whether you’re a developer, security analyst, or just someone curious about building more secure software, this session will give you a solid starting point for threat modeling. We’ll cover the basics: what threat modeling is, why it matters, and how to actually do it without drowning in theory. You’ll learn how to think like an attacker (in a good way), understand what you’re trying to protect, and figure out what can go wrong — using approachable methods like STRIDE and simple data flow diagrams. No prior experience required — just bring your curiosity and a willingness to look at systems a little differently. Let Delaware’s “first in the nation” energy power your first step into threat modeling. |
| Aligning Cyber Defense and Compliance: Leveraging ATT&CK, D3fend, and the Cyber Defense Matrix for Modern Regulatory Readiness | Steve Dyson | In today’s rapidly evolving threat landscape, organizations are under increasing pressure to maintain robust cybersecurity postures while ensuring compliance with newly implemented regulations such as the SEC Cybersecurity Rules, EU AI Act, and DORA. This presentation explores how proactive defensive measures, including the use of the Cyber Defense Matrix and the MITRE ATT&CK framework, DeTT&CT, & D3fend projects, can significantly enhance an organization’s ability to align security operations with compliance requirements. By mapping capabilities, identifying gaps, and systematically organizing security functions, these tools not only strengthen cyber defenses but also provide structured approaches to meeting regulatory controls. Attendees will gain insight into integrating these frameworks into their cybersecurity strategy to improve visibility, accountability, and resilience while maintaining audit-readiness and governance alignment. |
| LLMsec 2025: A Practical Guide to Attacks and Mitigations | Sheshananda Reddy Kandula | Large Language Models (LLMs) are now powering business-critical applications—from chatbots and developer copilots to security analysis platforms. This rapid adoption brings new attack surfaces that traditional security models fail to address. This talk delivers a practical, attacker-focused tour of modern LLM vulnerabilities, including prompt injection, jailbreaks, safety evasion, model extraction, and insecure tool/plugin integrations. Live demos using open-source models will illustrate how these attacks work in realistic environments and how they can be chained for greater impact. We’ll pair each exploit with actionable defensive strategies—such as prompt hardening, input/output filtering, context isolation, and AI red teaming—so attendees leave with the knowledge and tools to secure their own GenAI applications. No prior machine learning expertise is required; this session is built for security professionals on both the offensive and defensive sides. |
| Beating the Company Phishing Test with Phish Cutter | Brad Sherman | The company phishing test is now commonplace, often ensnaring employees who are simultaneously encouraged to move fast and be more agile but also remain ever vigilant to the threats of phishing. Our employers, however, fail to give us any real help beyond basic training and then deploy tests. Phish Cutter was my response to company phishing tests that befell even the most seasoned, battle tested veterans of the internet. |
| Algorithmic Fate | Chris Glanden | With AI essentially taking over the world, the line between human agency and algorithmic influence becomes almost indistinguishable. Algorithmic Fate examines theories, studies, and evolving AI capabilities to not only predict but potentially steer human outcomes. As predictive models improve, they open profound possibilities and questions about AI’s role in shaping the future. This presentation explores predictive AI mechanisms, including generative models and concepts like Artificial Psi Intelligence (APsi-I), where human intuition and machine learning converge. Attendees will gain insight into real-world applications in healthcare, emotional intelligence, and decision-making, as well as ethical dilemmas posed by AI’s ability to influence life-altering decisions. Join us to explore whether AI can predict and shape the future and what that means for humanity. This session challenges us to envision a future where human and machine intelligence coexist responsibly and collaboratively. |
| Taming the AppSec Data Deluge: AI-Driven Work Discovery and Prioritization for Security Teams | Benjamin Sleek @ Proof | Application Security engineers face a critical challenge: information overload from disparate security tools create “decision paralysis”. How do you balance design reviews, threat modeling, code reviews, monitoring alerts and managing your bug bounty program in an intentional instead of ad-hoc or reactive way? This presentation demonstrates a novel approach using AI agents combined with Model Context Protocol (MCP) servers to automate work discovery and prioritize intelligently. Through practical examples, I’ll show how Claude Code integrates with existing enterprise infrastructure—including issue tracking systems, content management platforms, Cloud Security Posture Management (CSPM) tools, and version control systems—to create an autonomous triage and prioritization engine. You’ll see how AI agents can pull together security data from all your different tools, figure out what actually matters based on your business context and threat intel, and spit out a prioritized to-do list that makes sense. I’ll walk through real examples showing how this approach cuts down remediation times and helps you cover more ground with the same resources. |
| Building RAG Systems: From PDF to Production with Docker and Open Source AI | Kaden Pirmohamed | This talk demonstrates how to build a complete Retrieval-Augmented Generation (RAG) system for educational applications using entirely open-source tools. Developed as a summer research project at Towson University, this system enables students to interact with textbooks and course materials through AI-powered question answering. The talk covers the end-to-end process: converting PDF documents into searchable vector indexes using FAISS, containerizing the entire stack with Docker Compose, integrating OpenWebUI for user interaction, and deploying Ollama for local language model inference. Attendees will learn practical implementation details including text chunking strategies, embedding model selection, retrieval optimization, and pipeline development for OpenWebUI. The system was specifically designed for cybersecurity education but the architecture is adaptable to any field requiring document-based AI assistance. All code and documentation will be shared, enabling attendees to deploy similar systems in their own educational or professional environments within hours rather than weeks |
| Windows Privileges: The Powers Behind Administrator | Josh Kimmel | Windows has many esoteric features as a result of its history as an operating system. In this talk we will dive into the world Windows permissions and why we as security professionals should care about them. We will look at Windows’ underlying systems for giving users and groups access to different features of the operating system. Attendees will see methods to analyze and change these permissions on both a system and domain level. Finally, we will go over how these permissions can be used by both red teams and blue teams. The talk will be accompanied by scripts based on the ideas presented. |
| Graylog: An Open-Source Introduction to SIEMs and the Story of “MongoBongo” | Jackson Stockstill | System information and event management (SIEM) solutions provide resources for analysts to aggregate information from several systems, monitor system activity, and detect adversarial threats efficiently. Learning how to use SIEMs is important to contribute to a security team; however most SIEMs are locked behind enterprise paywalls or trial periods that interfere with the learning process. Graylog offers an open-source, free solution for beginners to learn skills and core concepts for use in other SIEMs. In this talk, we’ll explore how Graylog can be used as an effective learning tool for newcomers. Atendees will learn important techniques such as log normalization, configuring log forwarders on systems, and organizing logs using pipeline rules and streams. Additionally, I will cover mistakes that I made while learning Graylog and ways that my Graylog has been exploited, such as getting Rick-rolled and the story of the “MongoBongo”. The presentation will provide examples of Graylog aggregating logs from a vulnerable network with simulated persistent threat actors. These scenarios demonstrate how visualizations and proper configuration results in insights that analysts can use to effectively respond to cyber-threats. Attendees will leave with an understanding of SIEM fundamentals and a roadmap for applying Graylog to learning environments and real security operations. |
| Bias in AI – The Underrated Vulnerability | Mahender Mangalasri | Organizations are increasingly deploying AI as a core component to power everything from routine tasks to fraud detection, as well as hiring and shaping decisions that affect our security and trust. The idea of algorithms as fair judges is appealing. But what if this fairness is just an illusion, creating a new and risky attack surface? We patch zero-days and hunt for CVEs, but one of the most serious vulnerabilities in AI systems isn’t hidden in code. Its bias built into AI. Unlike traditional bugs, this one doesn’t crash programs. Instead, it quietly skews outcomes, catches defenders off guard, and erodes trust across the board. This talk will dissect real-world incidents, supported by verifiable data and statistics, to demonstrate how seemingly neutral systems can become engines of Bias. From Amazon’s scrapped recruitment AI that downgraded women’s resumes, to facial recognition systems misidentifying people of color, to predictive policing tools reinforcing decades-old prejudices, the evidence is clear: bias in AI isn’t just a “social” issue — it’s a security risk impacting integrity. This talk reframes AI bias as an underrated vulnerability in the security landscape. I will break down the types of bias like Sampling, Historical, Deployment, Algorithmic etc, how bias enters through data, design, and deployment; show how adversaries might exploit it; and, most importantly, map defensive strategies for monitoring, testing, and mitigating bias in AI/ML pipelines. |
| “Shut the Front Door” Forming Attack Profiles from Risky Hiring Practices | Jessica Weiland | This presentation is a novel way to look at the “open windows” that job listings provide to cyber criminals to profile a business from an attack perspective. From open windows to creaky back doors, a conversation needs to be had about the do’s and don’ts of what our teams include as we search for new talent to join our teams. I have spent enough time using companies job postings to do my own version of OSINT, to create a cyber blueprint that reveals where there might be gaps or vulnerabilities in a company’s tech stack, where there are resource gaps, & how your program might be immature and primed for someone to slip past your defenses and take up residency in your systems. In my presentation we will look at job postings across US businesses, examine the doors, windows, and disabled security systems (do they have a dog? is it a Chihuahua or a Doberman) that the data suggests, and use it to profile the company and the level of risk that the posting reveals. We will also open the conversation to “how we do better” without loosing the technical hiring requirements. Audience: Everyone because even those in technical roles sometimes need to re-examine their approach |
| Why Teachers are the Best Hackers | Jen Langdon | There’s the adage that says those who can’t do, teach. But what if, in fact, we’re undermining and overlooking some of the greatest social engineers of our time? This session plans to bestow upon you the skills (and swagger) of the greatest hackers; classroom teachers. You might not need to get twenty 12 year olds to correctly identify the parts of a volcano, but you’re going to figure out how to apply the same methodology and know-how to get the results YOU need. You’ll gain the skills and resources to lead, guide, mentor, redirect and plan like a master, but apply it to your own work. Get ready to level up your toolbox like you never have before. Audience: This talk is relevant to everyone because it’s about effective leadership. Anyone who works with other people will find this valuable; rising students but also practitioners because as much as we work we tech, really we need to work with people to get movement on what we want to achieve |
| npm should-i-install: Attacks, Detection Gaps & Defenses | Diptendu Kar, Derian Stenglein | The software supply chain is under constant attack, and nowhere is this more visible than the JavaScript ecosystem. In 2023, over 5,000 malicious npm packages were removed, and by mid-2024 the count had exploded past half a million. Recent compromises such as NX Singularity, Chalk/Debug, and the “Shai-Hulud” worm demonstrate that attackers are no longer just uploading random malware, they are hijacking trusted packages with millions of weekly downloads. This talk dissects how attackers infiltrate npm, from typosquatting and dependency confusion, to maintainer account takeovers via phishing or poisoned CI pipelines. We will look at the payload tricks that follow like install-time scripts, obfuscated JavaScript, bundled binaries, and the Shai-Hulud self-replicating worm, showing how these techniques exfiltrate secrets, hijack credentials, and silently drain cryptocurrency. We will also explore the window of exposure, the critical hours and days before security advisories, vendor detection, and Dependabot alerts catch up. During this window, both developers and organizations are vulnerable. Finally, we will discuss the role of AI in malware detection, where it succeeds (catching readable malicious code), where it might fail (minified and adversarial samples), and whether a “deny-by-default” policy can realistically protect developers. Expect concrete examples, real incident timelines, and live code walkthroughs, not just theory. Whether you are a developer installing packages, a security engineer protecting CI/CD pipelines, or a researcher following the evolution of supply-chain malware, you will leave with practical insights and defenses you can apply today. Audience: This talk is for developers, DevSecOps engineers, and security practitioners with beginner to intermediate experience in supply chain security. If you ever run/ran npm install, this talk is appropriate. |
| The Algorithm of Deception: Inside AI-Powered Social Engineering | Amera Mohamed | AI is rewriting the rules of manipulation! What used to be obvious phishing emails are now hyper-personalized scams powered by machine learning and complete with cloned voices, fake profiles, and real-time conversations that feel human. In this talk, we’ll explore how AI tools like chatbots, voice clones, and deepfakes are being used today to supercharge social engineering and erode digital trust. We’ll break down real-world examples of AI-assisted deception, show how these attacks exploit human psychology, and end with a practical framework that anyone can use to defend against them. You’ll learn how to recognize the psychological triggers that AI mimics, verify before acting using secure workflows, and defend with smarter detection and responsible AI adoption. Audience: This is for anyone curious about how human psychology and technology intersect in today’s threat landscape. It’s ideal for cybersecurity practitioners, IT professionals, and everyday users who want to learn how AI-driven deception works and how to defend against it. |
| Catching the Catchers: Open Source Stingray Detection in the Wild | Michael Raymond @the_Hoid | Cell-site simulators (CSS), also known as Stingrays, are surveillance devices that impersonate legitimate cell towers, forcing nearby phones to connect. They can track devices, harvest IMSIs, and in some cases intercept communications, all while operating in secrecy. Despite their widespread use, little is publicly known about how or where they are deployed. Rayhunter, developed by the Electronic Frontier Foundation (EFF), is an open-source tool that puts CSS detection into the hands of everyone. Running on an inexpensive Orbic mobile hotspot, Rayhunter passively monitors cellular control traffic to identify suspicious behavior, such as forced downgrades to insecure 2G networks or unusual IMSI requests. It presents findings in a simple interface; green for normal, red for suspicious, and also logs PCAP files for researchers to analyze in tools like Wireshark. This talk will explore how Rayhunter works, why it fills a critical gap left by existing detection methods, and what early deployments are revealing. Attendees will learn how to run Rayhunter themselves, contribute data to the community, and join a global effort to expose one of the most secretive surveillance technologies in operation today. Audience: This talk is intended for information security practitioners, researchers, journalists, activists, and privacy advocates who want practical tools and real data on detecting cell-site simulators. |
| From nOT to hOT, a quick look at OT cyber security | Eric Engman from Insane Cyber | A short history of OT cyber security, to where it is now, and what the future looks like. I will talk about how few people cared about OT cyber security, the kinetic effects from the past that opened eyes, and the rush to protect it now. I will highlight how intertwined IT/OT are and some inherent problems for protecting it. I will also highlight some recent OT attacks and their effects to highlight where OT cyber security is heading in the future and why it is an interesting field to get into. Audience: This talk is intended for students and those who wish to learn more about OT cyber security. |
| The Drone Renaissance – The Attack Surface Now Includes the Sky | Luke Canfield | Drones are no longer niche. What once required government budgets and classified tooling is now achievable with open-source software, consumer hardware, and a 3D printer. In this talk, we’ll explore a working DIY reconnaissance drone platform based on a fixed-wing VTOL airframe capable of both loitering and rooftop land-and-listen operations. It blends the “Perch and Stare” concept- passive rooftop intel collection- with long-range warflying, allowing for autonomous mapping of wireless infrastructure without ever crossing a standard physical perimeter. We’ll discuss the hardware stack (Raspberry Pi, SDRs, GPS modules, directional antennas), mission planning techniques, and considerations for RF data collection at altitude. We’ll also cover operational persistence using solar trickle charging and automated return-to-home logic for remote recovery and what you can do with a recovered drone using forensic tools. This isn’t speculative. These tactics have been used in the wild. Ukraine, Azerbaijan, and even U.S. corporate campuses have already seen variations of this approach. We’ll discuss why this represents a fundamental shift in how attackers can gather signal intel, breach networks, and why defenders need to start thinking three-dimensionally. The purpose isn’t to promote illegal activity- it’s to raise awareness of what’s now possible with off-the-shelf tech and creativity. Audience: Anyone interested in drones |
| When Cyber Meets the Spectrum: SIGINT and Application Security Lessons for ICS Satellite Communications | Norris Cornell (@the_cyb3rguy) | Critical infrastructure relies on satellites for remote operations, communications, and timing — but attackers are increasingly targeting the signals themselves, rather than just the networks. This talk combines cyber defense, SIGINT, and application security to demonstrate how satellite communications in ICS can be intercepted, spoofed, or disrupted, and how vulnerable applications can transform minor signal manipulations into significant operational risks. We’ll explore real-world incidents, such as the Viasat outage in Ukraine, and walk through a realistic attack path to impact critical infrastructure. We’ll also demonstrate how adversaries could exploit the unseen spectrum to achieve grid-scale effects. Attendees will leave with an actionable defense-in-depth playbook that combines RF awareness, AppSec hardening, and industry standards — practical strategies to secure the invisible layer of critical infrastructure most defenders overlook. Audience: Students, security professionals, and practitioners who want to understand how SIGINT and AppSec risks affect ICS and critical infrastructure. |
| We Don’t Like That Part, so we Turned it Off | William “Winter” Fielder | SELinux, Firewalld, FAPolicyd, AIDE, FIPS, wonderful built-in Red Hat Enterprise Linux security tools that many administrators disable or ignore. Yet all of these tools, when properly configured and working together, can make for a supremely hardened system. In this talk we will explore what each tool is for, how it’s used, and how they compliment each other to create a withering crossfire against attackers. |
| Bridging SRE and Cybersecurity – Operational Resilience at Scale | Akash Thakur – Global SRE Leader & Architect | As organizations scale their digital infrastructure, the boundaries between Site Reliability Engineering (SRE) and Security have become increasingly blurred. This talk explores practical frameworks for integrating reliability engineering principles with proactive security controls. Drawing on experience implementing enterprise-level SRE and resilience models across global organizations, I will discuss how combining observability, automation, and security posture management can significantly improve mean time to recovery (MTTR), reduce incidents, and strengthen compliance. Attendees will gain actionable insights on: Applying SRE metrics (SLOs, error budgets) to security operations. Automating secure release pipelines with reliability guardrails. Designing incident response that unifies DevSecOps and SRE workflows. |
| Cyber Heroes to the Rescue: Earning a Nice Living Saving Small Business | Guy M. Bilyou | Small and medium-sized businesses (SMBs) form the backbone of the U.S. economy, comprising 99.9% of all firms, employing 46% of the workforce, and contributing over 43% of GDP. Yet, these entities face disproportionate cybersecurity risks, with over 80% of ransomware attacks targeting firms with fewer than 1,000 employees and 51% lacking any protective measures. Despite this vulnerability, many SMBs remain unaware of threats or deterred by the prohibitive costs of enterprise-grade solutions from “Big Cyber” providers. This conference is full of skilled cybersecurity talent, many of whom are finding it hard to find gainful employment doing meaningful work. There’s a need and a solution right before our eyes. Coupling these two phenomena seems a no-brainer. This presentation proposes a symbiotic solution: empowering cybersecurity professionals—from novices to veterans—to deliver affordable, effective security services tailored to SMBs. Drawing on free and low-cost tools like OpenVAS for vulnerability scanning, OWASP ZAP for web app testing, and Raspberry Pi-based network monitoring with Snort, attendees can affordably implement practical defenses, including email encryption, MFA setup, and policy development. The talk outlines strategies for client acquisition through demonstrations (e.g., Shodan scans), service bundling (e.g., incident response plans and employee training), and partnerships with managed security service providers like Heimdal or Trend Micro. By bridging the gap between SMB needs and cyber talent, this approach not only fortifies economic resilience but also enables professionals to build sustainable careers, transforming “hobby hacking” skills into profitable, impactful ventures. In an era of escalating threats, it underscores a rare win-win: securing America’s SMBs while fostering cyber career growth. |
| From Nobody to “KNOWN” – Tactics to Get Connected, Invited, & Referred | Chris Young @reachchrisyoung | What if there were a way to shift out of obscurity & into everyone knowing your name – in 8 months, all without 3 years of daily social media content? Follow Chris’ journey from struggling for attention in the cybersecurity landscape – to actually getting it! This briefing is presented by the co-founder of two cybersecurity community initiatives who developed into the conference presenter that now packs events to their attendance limits. Listen closely as he reveals what positioned him – from absolute zero – to receive: + a direct invite to a village committee for DefCon, + personalized requests to join cybersecurity communities, + conference speaker invitations, + online mentions by some of the biggest names in the game, and… + personalized job referrals by seasoned experts. Ready to end the struggle to get noticed in this fast-paced technological era? …look no further! Take control of your professional trajectory & cybersecurity future – once and for all! Set a reminder for this one; you won’t wanna miss it! |
| The Time Machine v3.0: Digging Through the Past to Hack the Future | Anmol K. Sachan (@FR13ND0x7F) and Arjun “T3R4_KAAL” Chaudhary | You’ve heard of time travel in movies — but what if you could do it for web applications? The Time Machine v3.0 is a weaponized recon tool that lets you “travel through time” using archived URLs from the Wayback Machine to uncover forgotten, vulnerable, or deprecated endpoints. This talk walks you through the real-world methodology behind finding exposed backups, outdated APIs, misconfigurations, and live vulnerabilities by mining years of historical web data. We’ll explore how archived intelligence can be used for OSINT, red teaming, and bug bounty hunting — including live demos showing how historical endpoints led to actual findings, such as an XSS and data exposure on real-world programs. Attendees will walk away understanding how to blend OSINT + Attack Surface Discovery + Automation for powerful recon results — using The Time Machine toolkit (publicly available on GitHub https://github.com/anmolksachan/TheTimeMachine |
| Value Chain Visibility and Risk Quantification (Stand By Talk) | Joshua Marpet | Value chain visibility is a huge problem. Sending surveys doesn’t work because vendors lie. Even if they tell the truth, it may be spun a little bit. What are the initiatives that are being put in place to allow us, the Information Security community, to view real time security and compliance status, and perform dynamic risk pricing? Because until we get there, we have no idea what risks are coming down the pike. So let’s discuss the next wave of compliance and security and how we can make it happen faster. |