Loading…
Type: Presentation clear filter
Saturday, April 26
 

11:15am PDT

How to Train Your Detection Dragon
Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 06
Ever wanted to start fresh and train the "detection and response" dragon? Hear my account of how I did this (and hope to continue building!) from scratch with learnings from my professional experience so far!
Speakers
avatar for Geet Pradhan

Geet Pradhan

Sr Security Engineer, Lime
Big fan of Aesop’s hand cream.
Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

11:15am PDT

Inside the Information Stealer Ecosystem: From Compromise to Countermeasure
Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 14
Information stealer malware is underestimated by our industry. In this deep-dive, we look into what is captured by them (desktop screenshots, password vaults, browser extensions, MFA bypass material, etc.), cover the Redline takedown, and offer defensive countermeasures, including code and samples.
Speakers
avatar for Olivier Bilodeau

Olivier Bilodeau

Principal Cybersecurity Researcher, Flare
Olivier Bilodeau, a principal researcher at Flare, brings 12+ years of cutting-edge infosec expertise in honeypot operations, binary reverse-engineering, and RDP interception. Passionate communicator, Olivier spoke at conferences like BlackHat, DEFCON, SecTor, Derbycon, and more... Read More →
Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive

1:00pm PDT

Into The Dragon’s Den
Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 06
In this talk, we will take you through our journey of bringing a high-stakes SaaS product to the Chinese market while exploring the challenges faced and sharing what we learned. We will offer insights and practical advice for navigating the unique threats of the Chinese market for a global company.
Speakers
avatar for Jacob Salassi

Jacob Salassi

Former director of Product Security at Snowflake. Led Snowflake's pre- & post IPO transformation from a bottlenecked, security engineer centric process that slowed teams down to a developer owned security process that ships features faster and more securely. My teams & I handled security... Read More →
MF
Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

1:00pm PDT

Light in the Labyrinth: Breach Path Analysis for Anyone
Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 14
Learn to build your own treasure map of how threat actors might move laterally through your company’s assets. We’ll provide a conceptual engineering framework for breach path analysis, recommend no- or low-cost tools, share examples, and release an open-source security graph ontology to learn from.
Speakers
PS

Parker Shelton

Principal Software Engineer, Microsoft
Light In the Labyrinth BSidesSF 2025 pdf
Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive

2:00pm PDT

Hack, Patch, Repeat: Insider Tales from Android’s Bug Bounty
Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 14
What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective.
Speakers
MU

Maria Uretsky

Google
Maria Uretsky is the Tech Lead on the Android Vulnerability Rewards program at Google. Her passion is to break all the things before the bad actors do, to ensure they are kept out. During her 10+ years of software engineering and security work, she has been part of Google Cloud Security... Read More →
CC

Camillus Cai

Google
Camillus plays a key role in the Android Vulnerability Reporting Program at Google, where he investigates security bugs that range from bug bounty submissions to reverse-engineered adversarial exploits. Based in Seattle, his past experience encompasses security engineering, software... Read More →
Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive

2:00pm PDT

Trace to Triage: How to Connect Product Vulnerabilities to Security Paths
Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 06
AppSec must balance usability and security, but traditional approaches often lead to disjointed efforts—developers patching blindly, detection teams creating incomplete rules, and threat hunters chasing past compromises. This talk uses eBPF to show how tracing brings context for actionable insights.
Speakers
BS
Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

3:00pm PDT

0.0.0.0 Day: Exploiting Localhost APIs From The Browser
Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 14
While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface and leaving the floodgates ajar to remote network attacks. This session will dive into the 0.0.0.0 exploit research conducted by the team.
Speakers
GE
Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive

3:00pm PDT

Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out
Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 06
We uncovered a data exfiltration technique, capable of bypassing all major DLP vendors listed by Gartner. We will dissect the architectural flaws in endpoint and proxy-based DLP, showcase live bypass demos, and launch Angry Magpie, an open-source toolkit for red teams to replicate these attacks.
Speakers
VR

Vivek Ramachandran

Founder, SquareX
Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from governmen... Read More →
avatar for Audrey Adeline

Audrey Adeline

Researcher, SquareX
Audrey is currently a security researcher at SquareX and published author of The Browser Security Field Manual. She leads the Year of Browser Bugs (YOBB) project which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic... Read More →
Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

4:00pm PDT

Decentralized Communications: Deep-Dive into APRS and Meshtastic
Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 06
This talk compares APRS and Meshtastic protocols for decentralized communications, examining their security models, vulnerabilities, and real-world applications. We will explore how these systems handle encryption, authentication, and their attack surface.
Speakers
AT
MD
Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

4:00pm PDT

Service Mesh Security: Shifting Focus to the Application Layer
Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 14
Discover how Yelp's Infrastructure Security team transformed past challenges and failures into success by shifting authentication and authorization from the infrastructure to the application layer. Learn how this pragmatic approach met all security requirements applicable to Yelp's threat model.
Speakers
avatar for Daniel Popescu

Daniel Popescu

Security Group Tech Lead, Yelp
Daniel Popescu is the Group Tech Lead for Security at Yelp where they are responsible for all facets of security. Previously he worked at Microsoft on non-security products, but has maintained a passion for security since his undergrad years at the University of California, Santa... Read More →
Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive

5:00pm PDT

Netsec is Dead(?): Modern Network Fingerprinting for Real-World Defense
Saturday April 26, 2025 5:00pm - 5:45pm PDT
AMC Theatre 14
From p0f to MuonFP and JA4+, learn how network fingerprinting evolved. See how each step helps security teams spot malicious traffic, detect scanners, and more. Attendees gain real-world use cases and practical tips to deploy fingerprinting for monitoring and threat hunting.
Speakers
avatar for Vlad Iliushin
Saturday April 26, 2025 5:00pm - 5:45pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive
 
Sunday, April 27
 

11:30am PDT

Don’t Sh*t-Left: How to Actually Shift-Left
Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 14
Shift-left sounds great — catch issues early, save time, empower devs — but too often it backfires, creating noise and chaos. Learn from real-world fails, laugh at sh*t-left stories, and discover practical strategies to make shift-left work. Let’s fix AppSec, one bug at a time.
Speakers
avatar for Ahmad Sadeddin

Ahmad Sadeddin

CEO, Corgea
Ahmad is the CEO at Corgea. He's a 3x founder with 1 exit. He's been coding since he was 12 and loves building software solutions to solve deep customer problems. In his spare time (very little of), he loves to BBQ and spend time with family and friends.
Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive

11:30am PDT

Effective Handling of Third-Party Supplier Incidents
Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 06
Discover efficient incident handling strategies for third-party supplier incidents. Learn the importance of a predefined process and collaboration between risk management and incident response teams. Gain insights into key decision-making considerations and elevate your IR capabilities.
Speakers
avatar for Kasturi Puramwar

Kasturi Puramwar

Information Security Manager, Equinix
Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

11:30am PDT

When AI Goes Awry: Responding to AI Incidents
Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 11
This talk details challenges in incident response for AI systems, including insufficient logging, visibility, and accountability, as well as the risks of data exposure and prompt injection. We examine a case of RAG-enabled LLM and propose triaging strategies and improved IR practices for mitigation.
Speakers
avatar for Eoin Wickens

Eoin Wickens

Director of Threat Intelligence, HiddenLayer
Eoin Wickens is the Technical Research Director - Field at HiddenLayer, where he both researches and speaks about security for artificial intelligence and machine learning. He has previously worked in threat research, threat intelligence and malware reverse engineering and has been... Read More →
avatar for Marta Janus

Marta Janus

Principal Researcher, HiddenLayer
Marta is a Principal Researcher at HiddenLayer, focused on investigating adversarial machine learning attacks and the overall security of AI-based solutions. Prior to HiddenLayer, Marta spent over a decade working as a researcher for leading anti-virus vendors. She has extensive experience... Read More →
Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 11 AMC at Metreon
  Presentation, Deep Dive

1:15pm PDT

AI's Bitter Lesson for SOCs: Let Machines Be Machines
Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 11
We've been forcing AI to imitate human analyst workflows, but what if that's holding both machines and humans back? Through real-world experiments at Anthropic, we'll show how letting AI tackle security problems its own way can allow humans to focus on the nuanced work machines can't do (yet).
Speakers
avatar for Jackie Bow

Jackie Bow

Technical Staff, Anthropic
A Jackie-of-all- trades, master of some, Jackie seems to be physically unable to stop returning to threat detection and response. Her 15 years in the industry have been spent across multiple disciplines including malware analysis, reverse engineering, infrastructure and product security... Read More →
PS
Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 11 AMC at Metreon
  Presentation, Deep Dive

1:15pm PDT

Confidential Computing: Protecting Customer Data in the Cloud
Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 14
Ever wonder how your data is really handled in the cloud? Confidential Computing gives you an answer by isolating your data and cryptographically proving what code was run. This talk dives into the hardware and software behind Confidential Computing, and how to ship it in real-world cases.
Speakers
JM
Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 14 AMC at Metreon
  Presentation, Deep Dive

1:15pm PDT

CyberCAN: A Roadmap for Municipal Support of Nonprofit Cybersecurity in SF
Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 06
UC Berkeley studied 68 San Francisco nonprofits to assess their cybersecurity needs, resources, and adoption of protective controls. Our findings include actionable recommendations for the City of San Francisco to improve support for nonprofits and boost resilience against growing cyber threats.
Speakers
SP

Sarah Powazek

UC Berkeley CLTC
Sarah Powazek is the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads flagship policy and research work to help under-resourced public interest organizations improve their defenses. Sarah co-leads the Consortium... Read More →
avatar for Shannon Pierson

Shannon Pierson

Senior Fellow of Public Interest Cybersecurity, UC Berkeley Center for Long-Term Cybersecurity
Shannon Pierson is a senior fellow of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads research initiatives focused on strengthening the cybersecurity of organizations that often fall through the cracks of cyber defense—namely... Read More →
Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

2:15pm PDT

Compliance Without the Chaos: Building It Right Into Your DevOps Pipeline
Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 06
Compliance often feels like the party crasher in the DevOps world- unwanted, and slowing everyone down. But what if compliance could be an insider, seamlessly fitting into your CI/CD pipeline without breaking a sweat? In this talk, we’ll tackle the age-old battle between engineers and compliance.
Speakers
avatar for Varun Gurnaney

Varun Gurnaney

Staff Security Engineer, GRC Engineering
Security Engineer in of San Francisco. Previously held security roles at Robinhood, Zendesk and EY.  I didn’t watch the eclipse
Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

2:15pm PDT

Securing AI Agents: Exploring Critical Threats and Exploitation Techniques
Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 11
Our talk will focus on securing autonomous AI agents by addressing their unique threats. We will dive into threat modeling of real-world autonomous AI systems, model poisoning attacks with hacking demos, and then explore advanced prompt injection techniques and mitigation strategies.
Speakers
NK
MV
Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 11 AMC at Metreon
  Presentation, Deep Dive

3:15pm PDT

How to Tame Your Dragon: Productionizing Agentic Apps Reliably and Securely
Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 11
Taming dragons is risky—so is deploying agentic apps. Like dragons, they’re unpredictable, with threats like hallucinations, non-determinism, vast input spaces, and attacker prompt injections. We show how open-source tools tame the beast, so you can confidently deploy AI agents in production.
Speakers
avatar for Thomas Vissers

Thomas Vissers

Blue41 | KU Leuven
Thomas Vissers specializes in the dynamic intersection of cybersecurity and AI. He packs 10 years of experience in developing and operating production-grade AI security systems. Previously at Cloudflare, he served as an engineering leader for data-driven security products, scaling... Read More →
avatar for Tim Van hamme

Tim Van hamme

co-lead Blue41, PostDoc, Blue41, DistriNet, KU Leuven
Tim Van hamme is a computer scientist specialized in AI security and behavioral analysis, leading research at KU Leuven's DistriNet on secure and trustworthy AI adoption. As co-lead of Blue41, he bridges rigorous academic research with industry applications, helping organizations... Read More →
Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 11 AMC at Metreon
  Presentation, Deep Dive

3:15pm PDT

Slaying the Dragons: A Security Professional’s Guide to Malicious Packages
Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 06
This session reveals how attackers exploit typosquatting, author impersonation, and innovative malware campaigns to infiltrate software supply chains. Learn practical threat hunting methodologies and gain step-by-step guides to detect, analyze, and defend against these software supply chain dragons.
Speakers
KB
Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 06 AMC at Metreon
  Presentation, Deep Dive

4:15pm PDT

GenAI Application Security: Not Just Prompt Injection
Sunday April 27, 2025 4:15pm - 5:00pm PDT
AMC Theatre 11
As generative AI adoption grows, its interconnected components — agents, vector databases, and LLMs — introduce complex security risks. This session examines these concerns, offering actionable strategies to secure agent interactions, protect models, and fortify data workflows.
Speakers
avatar for Ahmed Abugharbia
Sunday April 27, 2025 4:15pm - 5:00pm PDT
AMC Theatre 11 AMC at Metreon
  Presentation, Deep Dive
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Saturday, April 26
Sunday, April 27
AMC Concessions
AMC IMAX
AMC Mezzanine
AMC Theatre 01
AMC Theatre 02
AMC Theatre 03
AMC Theatre 06
AMC Theatre 07
AMC Theatre 09
AMC Theatre 11
AMC Theatre 13
AMC Theatre 14
City View at Metreon
City View Lobby
City View Tent
City View Terrace
Coat Check
Participant Hall
Participant Hall / City View Tent
Participant Hall / Twin Peaks
  • Birds of a Feather
  • Community Organization
  • Food & Drink
  • General
  • Keynote
  • Meetup
  • Panel
  • Presentation
  • Village
  • Village/AI
  • Village/Demo
  • Workshop
  • Popular