BSides Delaware 2025 will be Friday, November 14th, and Saturday, November 15th, 2025, at the Fintech Innovation Hub, University of Delaware (591 Collaboration Way, Newark, DE 19713).
The conference will run from 9:00 AM – 5:00 PM both days with talks, villages, and CTFs for everyone!
Check out the 2025 villages HERE.
Sign up for Pros vs Joes HERE.
Please bare with our small team of volunteer organizers as we put the finishing touches on the schedule for speaker track assignment and talks. 🙂
For now, feel free to browse the amazing talks we will be hosting this year!
2025 Accepted Talks
*Schedule TBA – pending speaker availability*
| Talk Title | Speakers | Description |
| WiCyS Delaware Valley – Career Panel | WiCyS Delaware Valley | Join us for an inspiring panel discussion featuring accomplished women in cybersecurity, moderated by an industry expert. This dynamic conversation will explore each speaker’s unique journey into the field, the challenges they’ve overcome, and the insights they’ve gained along the way. Through a series of thought-provoking questions, attendees will hear firsthand stories of resilience, innovation, and leadership in cybersecurity. Whether you’re a seasoned professional or just starting out, this event offers valuable perspectives and actionable advice to empower and connect women in tech. |
| Hacking the Machine: Unmasking the Top 10 LLM Vulnerabilities and Real-World Exploits | Reet Kaur | In this talk, we’ll explore real-world attack scenarios, recent security incidents, and live demonstrations to show how LLM-based systems are being abused. Attendees will gain practical insights on exploitation techniques, the latest adversarial AI tactics, and defensive strategies that can be implemented to secure LLM applications. |
| Hacking planes. What can we learn on the ground from vulnerabilities in the air? | Paul Brownridge, Security Consultant | Flying is safe, far safer than many other modes of transport. However, aeroplanes are increasingly connected and consume data from multiple sources. We’ve been carrying out independent research in to aviation cyber security for several years and have found some interesting vulnerabilities along the way. We’ll look at some issues we’ve found in in-flight entertainment systems and electronic flight bags & the challenges we’ve had getting these resolved. Some of these could affect flight safety. Fortunately, many aviation technology vendors have been very proactive at fixing bugs, but not all. Is it really possible to hack a plane and how do we go about mitigating security issues? What can we learn on the ground from vulnerabilities in the air? |
| Burnout by Design: Let’s Build a Better SOC | Casey Cochran | “Alert fatigue” remains one of the most persistent and underestimated challenges in modern security operations. Despite growing awareness and advances in automation, SOAR, and AI/ML, many organizations continue to drown in low-fidelity alerts, causing stress for analysts, missed detections, and costly breaches. This problem is often self-inflicted, driven by an unrealistic desire to detect “everything” and delegate ambiguous or irrelevant work to the SOC. The result? Burned-out teams and a weakened security posture. The solution is straightforward, but requires discipline: focus detection efforts on high-fidelity, actionable alerts relevant to the environment and real-world threats. In this talk, we will explore how to: Apply threat intelligence and threat modeling to align security controls and detection with actual business risk adversary behaviors. Shrink the attack surface using governance, least privilege, and secure configuration practices. Engineer efficient, relevant, and low-noise detections which are continually reviewed and refined. Ensure analysts have time for high-value activities such as threat hunting, purple teaming, and incident preparedness. Use automation and AI/ML tools to augment analyst decision-making, not replace human decisions or introduce more noise. Attendees will leave with actionable strategies to improve SOC effectiveness, reduce analyst burnout, and strengthen their organization’s cyber resilience through smarter, streamlined detection practices. |
| ATT&CK’ing the Death Star while Bow-TIEs D3FEND | Jim Gilsinn @jimgilsinn | MITRE ATT&CK and D3FEND frameworks provide fingerprints of an attack, but they can lose the context of how attackers chain TTPs together to achieve their objective and how mitigations combine to defend systems. Other analysis, like ICS Kill Chain or bow-tie, can provide more narrative, but may not include the nuances that ATT&CK and D3FEND provide on the TTPs or mitigations. This talk takes a fun look at linking these models using Star Wars as a backdrop. |
| How we hacked YC Spring 2025 batch’s AI agents | Rene Brandel @renebrandel | We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we’ll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk. |
| First in Threats, First in Defense: Getting Started with Threat Modeling | James Rabe – Head of Global Services – IriusRisk | Delaware was the first to ratify the Constitution — and maybe it’s time you were first to spot the threats in your own systems. Whether you’re a developer, security analyst, or just someone curious about building more secure software, this session will give you a solid starting point for threat modeling. We’ll cover the basics: what threat modeling is, why it matters, and how to actually do it without drowning in theory. You’ll learn how to think like an attacker (in a good way), understand what you’re trying to protect, and figure out what can go wrong — using approachable methods like STRIDE and simple data flow diagrams. No prior experience required — just bring your curiosity and a willingness to look at systems a little differently. Let Delaware’s “first in the nation” energy power your first step into threat modeling. |
| Aligning Cyber Defense and Compliance: Leveraging ATT&CK, D3fend, and the Cyber Defense Matrix for Modern Regulatory Readiness | Steve Dyson | In today’s rapidly evolving threat landscape, organizations are under increasing pressure to maintain robust cybersecurity postures while ensuring compliance with newly implemented regulations such as the SEC Cybersecurity Rules, EU AI Act, and DORA. This presentation explores how proactive defensive measures, including the use of the Cyber Defense Matrix and the MITRE ATT&CK framework, DeTT&CT, & D3fend projects, can significantly enhance an organization’s ability to align security operations with compliance requirements. By mapping capabilities, identifying gaps, and systematically organizing security functions, these tools not only strengthen cyber defenses but also provide structured approaches to meeting regulatory controls. Attendees will gain insight into integrating these frameworks into their cybersecurity strategy to improve visibility, accountability, and resilience while maintaining audit-readiness and governance alignment. |
| LLMsec 2025: A Practical Guide to Attacks and Mitigations | Sheshananda Reddy Kandula | Large Language Models (LLMs) are now powering business-critical applications—from chatbots and developer copilots to security analysis platforms. This rapid adoption brings new attack surfaces that traditional security models fail to address. This talk delivers a practical, attacker-focused tour of modern LLM vulnerabilities, including prompt injection, jailbreaks, safety evasion, model extraction, and insecure tool/plugin integrations. Live demos using open-source models will illustrate how these attacks work in realistic environments and how they can be chained for greater impact. We’ll pair each exploit with actionable defensive strategies—such as prompt hardening, input/output filtering, context isolation, and AI red teaming—so attendees leave with the knowledge and tools to secure their own GenAI applications. No prior machine learning expertise is required; this session is built for security professionals on both the offensive and defensive sides. |
| Beating the Company Phishing Test with Phish Cutter | Brad Sherman | The company phishing test is now commonplace, often ensnaring employees who are simultaneously encouraged to move fast and be more agile but also remain ever vigilant to the threats of phishing. Our employers, however, fail to give us any real help beyond basic training and then deploy tests. Phish Cutter was my response to company phishing tests that befell even the most seasoned, battle tested veterans of the internet. |
| Algorithmic Fate | Chris Glanden | With AI essentially taking over the world, the line between human agency and algorithmic influence becomes almost indistinguishable. Algorithmic Fate examines theories, studies, and evolving AI capabilities to not only predict but potentially steer human outcomes. As predictive models improve, they open profound possibilities and questions about AI’s role in shaping the future. This presentation explores predictive AI mechanisms, including generative models and concepts like Artificial Psi Intelligence (APsi-I), where human intuition and machine learning converge. Attendees will gain insight into real-world applications in healthcare, emotional intelligence, and decision-making, as well as ethical dilemmas posed by AI’s ability to influence life-altering decisions. Join us to explore whether AI can predict and shape the future and what that means for humanity. This session challenges us to envision a future where human and machine intelligence coexist responsibly and collaboratively. |
| Taming the AppSec Data Deluge: AI-Driven Work Discovery and Prioritization for Security Teams | Benjamin Sleek @ Proof | Application Security engineers face a critical challenge: information overload from disparate security tools create “decision paralysis”. How do you balance design reviews, threat modeling, code reviews, monitoring alerts and managing your bug bounty program in an intentional instead of ad-hoc or reactive way? This presentation demonstrates a novel approach using AI agents combined with Model Context Protocol (MCP) servers to automate work discovery and prioritize intelligently. Through practical examples, I’ll show how Claude Code integrates with existing enterprise infrastructure—including issue tracking systems, content management platforms, Cloud Security Posture Management (CSPM) tools, and version control systems—to create an autonomous triage and prioritization engine. You’ll see how AI agents can pull together security data from all your different tools, figure out what actually matters based on your business context and threat intel, and spit out a prioritized to-do list that makes sense. I’ll walk through real examples showing how this approach cuts down remediation times and helps you cover more ground with the same resources. |
| Building RAG Systems: From PDF to Production with Docker and Open Source AI | Kaden Pirmohamed | This talk demonstrates how to build a complete Retrieval-Augmented Generation (RAG) system for educational applications using entirely open-source tools. Developed as a summer research project at Towson University, this system enables students to interact with textbooks and course materials through AI-powered question answering. The talk covers the end-to-end process: converting PDF documents into searchable vector indexes using FAISS, containerizing the entire stack with Docker Compose, integrating OpenWebUI for user interaction, and deploying Ollama for local language model inference. Attendees will learn practical implementation details including text chunking strategies, embedding model selection, retrieval optimization, and pipeline development for OpenWebUI. The system was specifically designed for cybersecurity education but the architecture is adaptable to any field requiring document-based AI assistance. All code and documentation will be shared, enabling attendees to deploy similar systems in their own educational or professional environments within hours rather than weeks |
| Windows Permissions: The Powers Behind Administrator | Josh Kimmel | Windows has many esoteric features as a result of its history as an operating system. In this talk we will dive into the world Windows permissions and why we as security professionals should care about them. We will look at Windows’ underlying systems for giving users and groups access to different features of the operating system. Attendees will see methods to analyze and change these permissions on both a system and domain level. Finally, we will go over how these permissions can be used by both red teams and blue teams. The talk will be accompanied by scripts based on the ideas presented. |
| Graylog: An Open-Source Introduction to SIEMs and the Story of “MongoBongo” | Jackson Stockstill | System information and event management (SIEM) solutions provide resources for analysts to aggregate information from several systems, monitor system activity, and detect adversarial threats efficiently. Learning how to use SIEMs is important to contribute to a security team; however most SIEMs are locked behind enterprise paywalls or trial periods that interfere with the learning process. Graylog offers an open-source, free solution for beginners to learn skills and core concepts for use in other SIEMs. In this talk, we’ll explore how Graylog can be used as an effective learning tool for newcomers. Atendees will learn important techniques such as log normalization, configuring log forwarders on systems, and organizing logs using pipeline rules and streams. Additionally, I will cover mistakes that I made while learning Graylog and ways that my Graylog has been exploited, such as getting Rick-rolled and the story of the “MongoBongo”. The presentation will provide examples of Graylog aggregating logs from a vulnerable network with simulated persistent threat actors. These scenarios demonstrate how visualizations and proper configuration results in insights that analysts can use to effectively respond to cyber-threats. Attendees will leave with an understanding of SIEM fundamentals and a roadmap for applying Graylog to learning environments and real security operations. |
| Bias in AI – The Underrated Vulnerability | Mahender Mangalasri | Organizations are increasingly deploying AI as a core component to power everything from routine tasks to fraud detection, as well as hiring and shaping decisions that affect our security and trust. The idea of algorithms as fair judges is appealing. But what if this fairness is just an illusion, creating a new and risky attack surface? We patch zero-days and hunt for CVEs, but one of the most serious vulnerabilities in AI systems isn’t hidden in code. Its bias built into AI. Unlike traditional bugs, this one doesn’t crash programs. Instead, it quietly skews outcomes, catches defenders off guard, and erodes trust across the board. This talk will dissect real-world incidents, supported by verifiable data and statistics, to demonstrate how seemingly neutral systems can become engines of Bias. From Amazon’s scrapped recruitment AI that downgraded women’s resumes, to facial recognition systems misidentifying people of color, to predictive policing tools reinforcing decades-old prejudices, the evidence is clear: bias in AI isn’t just a “social” issue — it’s a security risk impacting integrity. This talk reframes AI bias as an underrated vulnerability in the security landscape. I will break down the types of bias like Sampling, Historical, Deployment, Algorithmic etc, how bias enters through data, design, and deployment; show how adversaries might exploit it; and, most importantly, map defensive strategies for monitoring, testing, and mitigating bias in AI/ML pipelines. |
Don’t see your talk or have questions about acceptance? Please feel free to email us as cfp@bsidesdelaware.com
We are working through our queue of workshops and talks, so don’t hesitate to reach out with questions.