{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2024.3.1"}, "schedule": {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/schedule/", "version": "2.8", "base_url": "https://cfp.bsidespdx.org", "conference": {"acronym": "bsidespdx-2025", "title": "BSidesPDX-2025", "start": "2025-10-24", "end": "2025-10-25", "daysCount": 2, "timeslot_duration": "00:05", "time_zone_name": "America/Los_Angeles", "colors": {"primary": "#3aa57c"}, "rooms": [{"name": "Talk 1", "guid": "bbad7f90-0031-526b-a2b4-a24297bad71a", "description": null, "capacity": null}, {"name": "Talk 2", "guid": "be32c789-7108-5ced-b7b2-fb4c999e015b", "description": null, "capacity": null}, {"name": "Workshop A", "guid": "ea8c4933-023f-54e8-a074-158c9cb958ee", "description": null, "capacity": null}, {"name": "Workshop B", "guid": "9ac700f7-432a-5c3c-9710-9d08eabb567b", "description": null, "capacity": null}, {"name": "Registration Room", "guid": "d9c2d9c3-467e-589a-93ee-b63b25199203", "description": null, "capacity": null}], "tracks": [{"name": "Talk 1", "color": "#009e73"}, {"name": "Talk 2", "color": "#0072b2"}, {"name": "Workshop B", "color": "#d55e00"}, {"name": "Workshop A", "color": "#cc79a7"}, {"name": "Registration Room", "color": "#9e9e9e"}, {"name": "CTF Room", "color": "#d6c808"}, {"name": "Sponsors", "color": "#d6c808"}, {"name": "Social Event", "color": "#d6c808"}], "days": [{"index": 1, "date": "2025-10-24", "day_start": "2025-10-24T04:00:00-07:00", "day_end": "2025-10-25T03:59:00-07:00", "rooms": {"Talk 1": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/AQAFJM/", "id": 107, "guid": "1ee7de0b-6457-50aa-9599-6adad7c32879", "date": "2025-10-24T09:00:00-07:00", "start": "09:00", "logo": null, "duration": "00:00", "room": "Talk 1", "slug": "bsidespdx-2025-107-registration-opens-all-day-", "title": "Registration opens (all-day)", "subtitle": "", "track": "Registration Room", "type": "Other", "language": "en", "abstract": "Registration opens at the registration room.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c91e44aa-eae9-59fb-b620-0a8d5df7b567", "id": 107, "code": "9ECH7E", "public_name": "Registration Room", "avatar": null, "biography": "--", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/UAS9ZC/", "id": 104, "guid": "5f736d87-a4a0-5436-9ec7-ccbaae2b51a7", "date": "2025-10-24T09:30:00-07:00", "start": "09:30", "logo": null, "duration": "00:15", "room": "Talk 1", "slug": "bsidespdx-2025-104-opening-remarks", "title": "Opening remarks", "subtitle": "", "track": "Talk 1", "type": "Remarks", "language": "en", "abstract": "Opening remarks", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c44082c1-ee65-5690-9261-5551ea9dea64", "id": 120, "code": "MUVFTW", "public_name": "BSidesPDX 2025 Organizers", "avatar": null, "biography": "BSidesPDX 2025 Organizers", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/7TCNV8/", "id": 103, "guid": "af873411-b0fd-5df5-b5c4-f60cf9508262", "date": "2025-10-24T09:45:00-07:00", "start": "09:45", "logo": null, "duration": "01:00", "room": "Talk 1", "slug": "bsidespdx-2025-103-day-1-keynote", "title": "Day 1 Keynote", "subtitle": "", "track": "Talk 1", "type": "Keynote", "language": "en", "abstract": "Day 1 Keynote", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9e72924c-13f8-5638-9305-b6cd82264686", "id": 106, "code": "33Y3A8", "public_name": "Perri Adams", "avatar": "https://cfp.bsidespdx.org/media/avatars/33Y3A8_l99LVEm.jpg", "biography": "Perri Adams is a fellow at Dartmouth\u2019s Institute for Security Technology Studies (ISTS) and former Special Assistant to the Director at the Defense Advanced Research Projects Agency (DARPA), where she advised stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.\r\n\r\nPrior to this role, Ms. Adams was a DARPA Program Manager within the Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC). A frequent speaker on both technical and cyber policy issues, her written work has been published by Lawfare and the Council on Foreign Relations. She has advised and collaborated with think tanks such as the as Carnegie Endowment for International Peace and Georgetown\u2019s Center for Security and Emerging Technology. She is also an adjunct professor at the Alperovitch Institute at Johns Hopkins School of Advanced International Studies and served for two years on the organizing committee of the DEF CON CTF, the world\u2019s premier hacking competition.\r\n\r\nMs. Adams holds a Bachelor of Science degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/HPQW7B/", "id": 112, "guid": "6236658f-d97e-53b7-935b-d98c1b0604bb", "date": "2025-10-24T10:58:00-07:00", "start": "10:58", "logo": null, "duration": "00:00", "room": "Talk 1", "slug": "bsidespdx-2025-112-meet-the-sponsors-all-day-", "title": "Meet the Sponsors (all-day)", "subtitle": "", "track": "Sponsors", "type": "Other", "language": "en", "abstract": "Stop by the Registration Room to chat with our amazing sponsors, grab some swag, and learn about the cool things they\u2019re building. They\u2019ll be here throughout the day!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c91e44aa-eae9-59fb-b620-0a8d5df7b567", "id": 107, "code": "9ECH7E", "public_name": "Registration Room", "avatar": null, "biography": "--", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/SJPXCX/", "id": 113, "guid": "9967de0c-afca-59b5-9a3c-fb1d5e02f719", "date": "2025-10-24T10:59:00-07:00", "start": "10:59", "logo": null, "duration": "00:00", "room": "Talk 1", "slug": "bsidespdx-2025-113-ctf-live-challenges-open-for-the-day-all-day-", "title": "CTF live challenges open for the day (all-day)", "subtitle": "", "track": "CTF Room", "type": "Other", "language": "en", "abstract": "BSidesPDX 2025 CTF\r\n\r\nThe annual BSidesPDX 2025 CTF competition, brought to you by an amazing group of volunteers!\r\n\r\nGo to https://ctf.bsidespdx.org to register and play!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ea974d71-47c1-59ca-9471-ca1c4bbae3a7", "id": 119, "code": "YMAHM8", "public_name": "CTF Room", "avatar": null, "biography": "CTF Room", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/QYQNDG/", "id": 1, "guid": "880d5ad1-f2fa-5534-992b-e6de02bf3bf6", "date": "2025-10-24T11:00:00-07:00", "start": "11:00", "logo": "https://cfp.bsidespdx.org/media/bsidespdx-2025/submissions/QYQNDG/wronginbox_icon_420TB54.png", "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-1-accidental-honeypot-how-i-ended-up-receiving-tens-of-thousands-of-emails-meant-for-no-one-", "title": "Accidental Honeypot: How I Ended Up Receiving Tens of Thousands of Emails Meant for \"No One\"", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "In 2020, I registered a domain as a joke and privacy experiment. I never expected it to become a passive honeypot. But over the next five years, I received over 30,000 unsolicited emails. From pizza orders and job applications to password resets, IT tickets, and sensitive government faxes, it turns out a lot of systems assume that \u201cnoreply\u201d means no one is actually watching.\r\n\r\nIn this 20-minute talk, I\u2019ll walk through how I accidentally built a data-collecting black hole, what I\u2019ve uncovered inside, and what it reveals about our collective assumptions around placeholder email addresses, dev defaults, and ghost domains. Spoiler: someone is reading the mail.", "description": "This talk is a follow-up to my 10-minute lightning talk from Hackboat. I\u2019ll go deeper into the types of misdirected email I\u2019ve received, the Python tooling I built to analyze the data, and the broader security, privacy, and ethical questions this raises. This is equal parts funny, unsettling, and surprisingly useful for anyone managing email infrastructure or threat modeling misconfiguration risks.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d3dded2b-bb89-5346-8ad8-cfa2c7c3f75b", "id": 6, "code": "HFK98R", "public_name": "Cory Solovewicz", "avatar": null, "biography": "Cory Solovewicz spent over a decade as a full-stack web developer before realizing breaking things was even more fun than building them. During COVID, he made the jump to the dark side (legally), and has spent the past four years as a cyber security consultant hacking web apps, APIs, mobile apps, and the occasional thick client.\r\n\r\nWhen he\u2019s not poking at authentication logic or accidentally discovering new ways companies leak personal data, he\u2019s racing bikes, going on long walks with his awesome partner, or hacking random gadgets in his free time. He's passionate about digital privacy, human error, and making security just a little more relatable (and a lot more fun).\r\n\r\ncontact@cory.so", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/KLX7SV/", "id": 26, "guid": "9346ed83-8412-53e8-87d1-989c201ed3e5", "date": "2025-10-24T11:30:00-07:00", "start": "11:30", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-26-drone-blind-spots-pentesting-the-airspace-above-critical-infrastructure", "title": "Drone Blind Spots: Pentesting the Airspace Above Critical Infrastructure", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Critical-infrastructure sites have hardened perimeters, access controls, and robust camera systems that deter and catch ground-level intrusions. But what about the airspace above them? This talk addresses a gap many sectors share: detecting and responding to drones. We\u2019ll walk through how airspace pentesting over critical infrastructure actually works, what on-site defenders can do to strengthen detection and response, and demystify how to legally and safely get started with aerial assessments. Attendees will leave with equipment recommendations, a clear runbook for performing this work, and a persuasive narrative to secure budget and buy-in for launching aerial assessment and drone-defense programs.", "description": "**Who this talk is for:**\r\n\u2022\tOffensive-security practitioners: penetration testers, red-teamers, and physical-security assessors who want to add an aerial dimension to their repertoire.\r\n\r\n\u2022\tDefenders & Incident Responders: facility-security, SOC analysts, and OT/ICS staff responsible for protecting critical sites and infrastructure.\r\n\r\n\u2022\tAspiring newcomers: students, hobbyists, and those curious about where drones, radio frequency, and physical security intersect.\r\n\r\n**Helpful Knowledge:**\r\n\u2022\tA working grasp of the standard pentest workflow and common physical-security controls (cameras, access systems, perimeters).\r\n\r\n\u2022\tBasic awareness of FAA Part 107 / small-UAS regulations (key points and every acronym will be spelled out on slides).", "recording_license": "", "do_not_record": false, "persons": [{"guid": "2db82f7e-3bc9-5f2a-9e12-36a14d3bc3cc", "id": 33, "code": "NBBUUT", "public_name": "Alec Hunter", "avatar": "https://cfp.bsidespdx.org/media/avatars/NBBUUT_1PxWnnD.jpg", "biography": "Alec [(@brathadair)](https://x.com/brathadair) is a cyber-physical systems (CPS) security researcher specializing in Electromagnetic Spectrum Operations (EMSO), with extensive experience in drone-based Red Air engagements. He currently serves as a Security Consultant at SpookSec and was previously the Lead Offensive Security Engineer at Phoenix Technologies. He holds several certifications, including DSOC, DOCP, CSVA, CBBH, CDFP, OSWP, and FAA Part 107.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/VFDN3T/", "id": 22, "guid": "a0b42d60-1576-5cfe-a910-a67d28a5b16e", "date": "2025-10-24T12:00:00-07:00", "start": "12:00", "logo": null, "duration": "00:40", "room": "Talk 1", "slug": "bsidespdx-2025-22-how-zero-trusty-is-your-network-access-", "title": "How Zero Trusty is Your Network Access?", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Zero Trust is everywhere: on vendor datasheets, compliance frameworks, and executive roadmaps. But how do you separate real enforcement from marketing noise?\r\n\r\nIn this talk, I present a practical, adversary-informed evaluation of several leading ZTNA solutions tested across the five core pillars of Zero Trust: Identity, Device, Network, Application, and Data. Using a controlled lab environment, I simulated trusted and untrusted scenarios, configured granular access policies, and executed known attack patterns to test each vendor\u2019s actual enforcement capabilities.\r\n\r\nSome solutions successfully blocked unauthorized access, enforced policy based on device posture, and prevented common web exploits and data loss. Others fell short: failing to detect endpoint misconfigurations, bypassing service cloaking, or letting malware and sensitive data flow freely. In multiple cases, achieving basic Zero Trust behavior required purchasing additional modules outside the core ZTNA platform.\r\n\r\nThis session delivers clear results, testing methodology, and takeaways any security team can apply when evaluating ZTNA vendors. If you're tired of buzzwords and want to see how \u201cZero Trust\u201d actually performs under pressure, this talk is for you.", "description": "This presentation is designed for security architects, blue teamers, and red teamers alike\u2014anyone involved in selecting, testing, or bypassing Zero Trust Network Access (ZTNA) solutions. It provides value to defenders who want to validate vendor claims under real-world conditions, and to offensive security professionals interested in understanding how ZTNA solutions can be fingerprinted, evaded, or misconfigured in ways that expose internal assets.\r\n\r\nA foundational understanding of Zero Trust architecture is helpful, as is familiarity with common security controls like MFA, endpoint posture checks, and DLP. Attendees with experience in adversary simulation, web exploitation (e.g., OWASP Top 10), and network enumeration (e.g., Nmap) will find deeper value in the testing methodology presented. However, the session is structured to benefit both technically savvy practitioners and strategic stakeholders looking to cut through the noise and assess ZTNA solutions based on evidence\u2014not just promises.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "df7e4260-10c0-5a4a-ae4d-314a670acc76", "id": 29, "code": "VRMY3B", "public_name": "Derron Carstensen", "avatar": "https://cfp.bsidespdx.org/media/avatars/VRMY3B_1ZUtd5b.jpg", "biography": "Derron Carstensen is a cybersecurity architect with over 20 years of hands-on experience across network security, cloud security, offensive security, and Zero Trust architecture. His career spans roles in security engineering, penetration testing, and most recently, leading secure access and Zero Trust initiatives for complex enterprise environments. Derron specializes in Secure Access Service Edge (SASE) deployments, ZTNA validation, and building adversary-informed testing frameworks that bridge the gap between marketing promises and real-world security enforcement. He\u2019s passionate about helping both defenders and assessors make evidence-based decisions in the face of growing vendor noise.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/FXWBEA/", "id": 11, "guid": "76b7fdc7-7448-58dd-b6a7-54b8eca71512", "date": "2025-10-24T13:00:00-07:00", "start": "13:00", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-11-securing-graphql-from-design-to-production", "title": "Securing GraphQL from Design to Production", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Learn to secure GraphQL interfaces by looking at design decisions and actual attacks. This talk dives into a half dozen GraphQL services that were deployed at a tech unicorn. You'll learn practical defensive strategies, discover where common security controls fall short, and see the fall out from attack scenarios that were missed.", "description": "People who are already familiar with REST APIs and HTTP requests. No prior GraphQL required. We'll cover enough to highlight key aspects of GraphQL and how it could impact security decisions for blue and red teams.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9991c809-f65a-561b-8b0a-da9f97a2b463", "id": 19, "code": "BH3YBK", "public_name": "Corey Le", "avatar": null, "biography": "Corey has been in the Information Security space for over 20 years and building software applications even longer. He spent years on the east coast as a principle security consultant with the Interpidus Group before joining the in-house security teams at places like Etsy and Simple. He spent 6 years at a unicorn tech company becoming their Director of Product Security. Currently living on the Oregon Coast, he enjoys tinkering with PCB designs in KiCad, signing off-key punk songs with his son, and trying to convince people that video games can be art.\r\n\r\nCorey has previously presented at BlackHat, CanSecWest, Yandex, and BSidesRoc.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/YGBGET/", "id": 81, "guid": "b8c62121-9fc3-5a3d-abf9-49418b90f5df", "date": "2025-10-24T13:30:00-07:00", "start": "13:30", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-81-i-m-not-actually-an-sccm-admin-i-just-implied-it", "title": "I'm not actually an SCCM admin...I just implied it", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Microsoft's Configuration Manager (more commonly known as System Center Configuration Manager or SCCM) has received a great deal of attention from the offensive security community in recent years. The service's 30 year history includes a mountain of techincal debt that is still heavily relied on by enterprises across the globe. In fact, even with the industry's shift to cloud, SCCM remains the most depended on solution for endpoint management.  This presentation will publicly disclose how an attacker under the right circumstances can abuse this dependence to escalate to SCCM admin simply by implying it.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "f9bb7c45-d578-5f2c-8f0b-65eb536d0894", "id": 86, "code": "E3FP9E", "public_name": "Garrett Foster", "avatar": "https://cfp.bsidespdx.org/media/avatars/E3FP9E_ZOKUu34.jpg", "biography": "Garrett Foster is an offensive security researcher with over 6 years of experience in information technology. He has conducted successful engagements against organizations that include the finance, healthcare, and energy sectors. Garrett enjoys researching Active Directory and developing offensive security tools. His background also includes roles as a Security Operations Center Analyst and Systems Administrator.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/D7VR9J/", "id": 68, "guid": "8b7ef0b6-9455-58b7-b70e-290b4312007f", "date": "2025-10-24T14:00:00-07:00", "start": "14:00", "logo": null, "duration": "00:40", "room": "Talk 1", "slug": "bsidespdx-2025-68-redacted", "title": "Redacted", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Following the discovery of BadBox 1.0, I identified another device disguised as a streaming product called [redacted]. This one is particularly concerning, as it includes: [redacted]\r\n\r\nThis situation has underscored the growing need for research at the intersection of cybersecurity and social psychology, highlighting the importance of helping users recognize and protect themselves from products that offer services that seem \u201ctoo good to be true.\u201d\r\n\r\nPublic reporting on this activity began emerging in early 2024, with major coverage appearing in March 2025. I initially discovered this campaign in February 2024 and have since tracked its evolution and broader ecosystem connections. This led to a second PSA from IC3 in May of 2025.\r\n\r\nIn this talk, I\u2019ll provide:\r\n[redacted]", "description": "Anyone. Everyone has likely encountered these at some point.", "recording_license": "", "do_not_record": true, "persons": [{"guid": "cc58809c-08de-5377-aa27-27ec04ad0861", "id": 73, "code": "TMW9BB", "public_name": "D3ada55", "avatar": null, "biography": "Ashley is a Senior Security Solutions Engineer at Censys, where she\r\nspecializes in finding things on the internet that really shouldn\u2019t be\r\non the internet (spoiler: you know it\u2019s everything). Her research has\r\nuncovered IoT botnets hiding in your \u201ctotally legitimate\u201d streaming\r\nboxes, pig-butchering scam infrastructure masquerading as romance, and\r\nentire threat actor clusters that probably wish she\u2019d just stop\r\nlooking at the internet on the weekends.\r\n\r\nWhen not teaching students how to blue team, red team, or \u201cplease stop\r\nclicking on that link\u201d team, Ashley moonlights as a professional cat\r\nherder at BSides Las Vegas SafetyOps as the Chief Security Officer and\r\nBSides Albuquerque: wrangling volunteers, laptops, and chili-themed\r\nchallenge coin designs all in the same day.\r\n\r\nShe has worn many hats: Army Taekwondo competitor, Army Band musician,\r\nSOC analyst, Palo Alto trainer, Google Cloud wrangler, WWE fanatic,\r\nand n00b security researcher (ask her about the latest exploits in\r\nbreaking her own lab builds). If it's a device that seems too good to\r\nbe true, it probably is and she\u2019s likely researching it.\r\n\r\nCome for the IoT horror stories, stay for the leggings.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/8MC8MG/", "id": 7, "guid": "2468b8fb-7d48-5d75-97b2-c79100ac38b5", "date": "2025-10-24T15:00:00-07:00", "start": "15:00", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-7-from-pi-to-pwnage-building-a-wearable-hacking-station", "title": "From Pi to Pwnage: Building a Wearable Hacking Station", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Ever dreamed of a portable hacking device that packs the punch of a full Linux system but is cool enough to wear on your arm? This talk is for you. We'll dump the bulky laptops and dive into creating a powerful, Pip-Boy-inspired wearable from scratch, without breaking the bank.\r\nI'll take you through my whole chaotic journey: from picking the right parts to the rage-inducing 3D modeling, cramming a jungle of wires into a tiny space, making a Linux GUI actually usable on a touchscreen, and keeping the thing powered for more than five minutes. I\u2019ve already bricked the components, scoured the darkest corners of GitHub, and copy-pasted with pride, so you get the blueprint without the pain. You\u2019ll leave ready to build your own rig for whatever digital mayhem you have in mind.", "description": "Hardware Enthusiast & Maker: Anyone who loves tinkering, building custom gadgets, and working with single-board computers like the Raspberry Pi.\r\nAspiring Hardware Hacker: If you've been curious about building your own devices but felt intimidated, I break down the entire process, sharing the mistakes so you can avoid them.\r\nCybersecurity practitioners looking for creative, low-cost ways for pentests, assessments, or just for fun.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ef6e3833-6261-53f0-82c1-7541cd8e313d", "id": 12, "code": "JUGA8B", "public_name": "Stefan", "avatar": "https://cfp.bsidespdx.org/media/avatars/JUGA8B_yfHxpHw.png", "biography": "Stefan is a middle school student with curiosity for computer security that borders on an obsession with digital mayhem. When he's not in class, you can find him with a soldering iron and a keyboard. He got his start early diving deep into code, slinging Python, JavaScript, and GDScript, while also dabbling in C#. His proudest achievement to date? Getting his Flipper Zero banned from his middle school. He's excited to be at BSides PDX to learn from the best and share his own discoveries.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/ZFZDA7/", "id": 45, "guid": "52534a7d-fe1a-5912-a9a2-5ad849e17e40", "date": "2025-10-24T15:30:00-07:00", "start": "15:30", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-45-beyond-the-mask-the-snitchpuck", "title": "Beyond the Mask: The Snitchpuck", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Most organizations that deploy surveillance / safety technology don't actually know what they're putting on their networks exactly. i got curious about one specific device i had found in my high school's network.\r\nwhen i finally got my hands on one, it raised bigger questions then i expected,\r\nnot just about the software or hardware. but about how widely it had been deployed without much scrutiny.\r\n\r\nSharing the research publicly showed me just how much people were questioning it, both inside and outside the security community.\r\nwhat really surprised me was realizing how tightly knit the Portland Infosec community is, and how many people helped me along this journey. \r\n\r\nin this talk, I'll share that story. from the initial discovery, to the struggles, and reflections.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "65bdb781-3dcc-5e4b-96e9-49a45e86c905", "id": 51, "code": "GN3V3M", "public_name": "Rey", "avatar": null, "biography": "Rey is an 18-year-old security researcher who started out finding bugs and holes in websites at 15. He began attending local infosec meetups in Portland, Oregon\u2014like RainSec and PDX2600\u2014soaking up everything he could. After stumbling across a creepy surveillance device at his high school, he drifted into hardware security and reverse engineering. He\u2019s determined to keep learning and digging deeper.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/GPX8BE/", "id": 28, "guid": "1742a36d-b5dc-5f8d-a00c-81bd12ad78e8", "date": "2025-10-24T16:00:00-07:00", "start": "16:00", "logo": null, "duration": "00:40", "room": "Talk 1", "slug": "bsidespdx-2025-28-cfaa-plus-moving-computer-law-past-the-world-of-the-boombox-and-magnetic-tape", "title": "CFAA Plus: Moving Computer Law Past the World of the Boombox and Magnetic Tape", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "A lot has changed since the 80s.  Gone is the boom box with a cassette tape.  You have a Flipper Zero instead of a magstripe writer.  Forget ISDN: you can get better than an OC-24 at your house for less than your long distance bill.  Viruses don't put random text on your screen, they shut down hospitals.  But you know what hasn't changed?  The CFAA.  It's about time we look at how our laws can transform the incentives and move us beyond the cyber-vandalism era to respond to real threats with real defenses.  Let's stop wringing our collective hands about evil hackers, and get real about how it actually works.", "description": "I'm sending a policy talk here mostly because Sen Wyden has established Portland as one of the most important constituencies in infosec policy.  But this is also near to the heart of any hacker who hated what happened to everyone from Aaron Swartz to Marcus Hutchens to Paige Thompson and beyond, and anyone who's watched security programs get cut to the point of ineffectiveness and then experienced a preventable breach.  I previously briefed democratic congressional staff on this topic.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d1a838f6-7bf8-5868-8409-28135d4b5501", "id": 34, "code": "NNHELY", "public_name": "Falcon Darkstar Momot", "avatar": "https://cfp.bsidespdx.org/media/avatars/NNHELY_Y4ryVEv.png", "biography": "Falcon (MBA, M.Sc., B.Acc.) is an infosec generalist currently managing product security at Aiven.io, and has over a decade of purple team experience at dozens of firms across a variety of industries.  He does systems work, whether the systems are human or computer, and is as at home setting up a security program as figuring out how to verify application code, show immunity to an attack class, or model attackers across the value chain.  He will be starting a PhD this winter at Dartmouth working on practical applications for LangSec.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/8Z3EFS/", "id": 109, "guid": "11339b4a-9db4-501e-8377-e6d5cf601280", "date": "2025-10-24T17:00:00-07:00", "start": "17:00", "logo": null, "duration": "00:15", "room": "Talk 1", "slug": "bsidespdx-2025-109-closing-remarks", "title": "Closing remarks", "subtitle": "", "track": "Talk 1", "type": "Remarks", "language": "en", "abstract": "Closing remarks and reception", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c44082c1-ee65-5690-9261-5551ea9dea64", "id": 120, "code": "MUVFTW", "public_name": "BSidesPDX 2025 Organizers", "avatar": null, "biography": "BSidesPDX 2025 Organizers", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/XMFSQG/", "id": 115, "guid": "18f64bd4-5469-56ce-8467-c5702f90fbc6", "date": "2025-10-24T17:15:00-07:00", "start": "17:15", "logo": null, "duration": "00:00", "room": "Talk 1", "slug": "bsidespdx-2025-115-friday-reception-evening-", "title": "Friday Reception (evening)", "subtitle": "", "track": "Social Event", "type": "Other", "language": "en", "abstract": "Appetizers and drinks in the back room of Track 1", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9678ae45-d8c8-593b-89db-5ca671f89569", "id": 122, "code": "PDJNGN", "public_name": "Back Room in Talk 1", "avatar": null, "biography": "Room at the back of Talk 1", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/QYYSYK/", "id": 30, "guid": "1880b3bd-b1a3-5209-a6aa-5d6b118d2ba6", "date": "2025-10-24T17:30:00-07:00", "start": "17:30", "logo": null, "duration": "01:00", "room": "Talk 1", "slug": "bsidespdx-2025-30-bsides-pdx-quiz-show", "title": "BSides PDX Quiz Show", "subtitle": "", "track": "Talk 1", "type": "Event", "language": "en", "abstract": "This is the game where we take some BSides attendees and pit them against each other in a battle of wits to see who\u2019s the smartest\u2026 who\u2019s the fastest\u2026 who\u2019s going to emerge with the ultimate alpha- geek status for the next year!\r\n\r\nWHAT\u2019S IT LIKE? Just like many TV game shows you\u2019re probably already familiar with. We take three contestants, put them on stage and ask them a series of questions relating to aspects of system and network security, exploits, hacking, hardware, software, administration, history, and even some random bits of pop culture thrown in for hack value.\r\n\r\nAnd then maybe we'll do it again with three more contestants!\r\n\r\nThis event is for anyone with an interest in any or all of the topics that bring people to BSides. Questions for the quiz show are drawn from current events, information security, computer technology, hardware, software, geek culture, games, and general interest topics.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "3b99afd7-0dfc-5a96-b848-6c5011410aaf", "id": 37, "code": "8L9V9K", "public_name": "Steve Willoughby", "avatar": null, "biography": "Steve Willoughby is a Senior Software Developer currently focused on observability in Go. He discovered Version 7 Unix while in high school and, apart from brief forays into VMS in college and failed attempts to hide from other operating systems, he\u2019s been spending most waking hours tinkering on UNIX in one form or another, either writing software or administering systems. He lives in the Portland, Oregon area and keeps a vintage Altair 8800 and COSMAC Elf as pets. In his spare time, he runs a MUD game and creates microcontroller gizmos to make his Christmas lights flash in the most over-engineered way possible.", "answers": []}, {"guid": "37a5f796-bfb3-5c5f-9a4b-d77a12de0d31", "id": 128, "code": "QLS38P", "public_name": "John Mechalas", "avatar": null, "biography": "John has been doing systems administration since the dawn of time servers. Armed with degrees in aeronautical engineering, and a formal CS class in FORTRAN, he is uniquely prepared for our modern age where everything is computer. When he's not working, whenever that is, you can find him doing improvisational comedy, working in his garden, and yelling at clouds.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Talk 2": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/RZMNNX/", "id": 44, "guid": "90063879-d587-5565-92c5-1215ae1f121f", "date": "2025-10-24T11:00:00-07:00", "start": "11:00", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-44-portland-hacker-foundation-asymmetric-impact-year-1", "title": "Portland Hacker Foundation : Asymmetric Impact Year 1", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Last year at BSides Portland we started the conversation about creating the Portland Hacker Foundation, and by many measures it seems to have been a roaring success. This session will talk about what we've done, where we're going, and what you can do to help.", "description": "People interested in making an impact in their community, and interested in learning how to start a 501(c)(3).", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e0d2c9c0-289e-5753-bf82-8879ba2949d3", "id": 50, "code": "HV8YXX", "public_name": "Dean Pierce", "avatar": null, "biography": "Dean Pierce is a security researcher from Portland Oregon.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/JYWGKZ/", "id": 29, "guid": "bf157d14-f2e0-582b-a2f6-67e6cf95c029", "date": "2025-10-24T11:30:00-07:00", "start": "11:30", "logo": "https://cfp.bsidespdx.org/media/bsidespdx-2025/submissions/JYWGKZ/Kve73rdIVQJqi7_R4LxPCE.jpg", "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-29-instant-api-hacker", "title": "Instant API Hacker", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "\"Instant API Hacker\" is a fast-paced, 20-minute presentation that demonstrates how quickly someone can learn to identify and exploit API vulnerabilities. Led by Corey Ball, author of \"Hacking APIs\" and founder of APIsec University and hAPI Labs. This talk provides a practical introduction to API security testing using real-world tools and techniques. Attendees will witness the exploitation of critical vulnerabilities from the OWASP API Security Top 10, including broken authentication, authorization flaws (BOLA), and excessive data exposure. Through live demos using the crAPI vulnerable lab, participants will see firsthand how APIs can be compromised and gain actionable insights they can apply immediately. The presentation concludes with free resources for continued learning, including access to vulnerable labs and APIsec University courses.", "description": "This presentation is designed for anyone interested in API security, regardless of experience level:\r\n\r\nDevelopers who want to understand how their APIs can be attacked\r\nSecurity professionals seeking to add API testing to their skillset\r\nIT managers and leaders who need to understand API security risks\r\nStudents and beginners curious about getting started in API security\r\nAnyone interested in cybersecurity and how modern applications can be compromised\r\n\r\nNo prior API hacking experience required.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "2ccae5ea-c2ae-5a83-bd54-ce7e5dd933d8", "id": 35, "code": "V9WZAB", "public_name": "Corey Ball", "avatar": "https://cfp.bsidespdx.org/media/avatars/V9WZAB_5h9QfA7.jpg", "biography": "Corey Ball is the author of Hacking APIs and founder of APIsec University a completely free learning platform with over 120,000 students. He was the winner of the SANS Difference Makers Award for book of the year. With over 15 years of experience in IT and Cybersecurity, Corey now leads penetration testing as the CEO of hAPI Labs.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/A9ZD8V/", "id": 89, "guid": "991a3773-e806-5613-992f-05f2f48450fd", "date": "2025-10-24T12:00:00-07:00", "start": "12:00", "logo": null, "duration": "00:40", "room": "Talk 2", "slug": "bsidespdx-2025-89-the-life-and-death-of-a-municipal-surveillance-technology-in-seattle", "title": "The Life and Death of a Municipal Surveillance Technology in Seattle", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Seattle was one of the first USA cities to have a Surveillance Ordinance. This enables Seattle residents to pull back the curtain on a type of mass surveillance not as commonly discussed by the news media: a service that provides real-time travel time calculations using a system of WiFi/Bluetooth MAC address sniffers deployed across the city. I'll bring you up to speed on this surveillance technology, the variety of issues that have been identified with it (both technical and non-technical), and its removal from Seattle. I'll also discuss some aspects about privacy of mobile devices specific to challenges with MAC addresses (i.e. randomization, anonymization, etc). Lastly, I will give you pointers on how to get started reviewing surveillance technologies your local municipality has deployed, so that you too can put your technical/security skills to use to help your neighbors and community.", "description": "This presentation is for a technical audience interested in privacy and anti-surveillance. I'll discuss hashing (naming algorithms but not explaining them). I will also assume the audience will know what a rainbow table is and salting.", "recording_license": "", "do_not_record": true, "persons": [{"guid": "836ee0e2-75f0-54b0-bde8-64d69802ea3c", "id": 92, "code": "HUF3CJ", "public_name": "C.S.", "avatar": "https://cfp.bsidespdx.org/media/avatars/HUF3CJ_hEJO3NK.png", "biography": "They are an independent security researcher & privacy advocate. Over the last 7 years, they've reviewed and given public comment on all of Seattle's official surveillance technologies. They've worked closely with the Seattle Community Surveillance Working Group. They've also organized with various local non-profits and grassroots groups participating in the Seattle Surveillance Ordinance process and on state-level legislation spanning: civil liberties, data privacy, digital IDs, automated decision systems, right to repair, and other bills.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/J7FAJ8/", "id": 31, "guid": "109095cb-984c-5d35-8006-59de40888227", "date": "2025-10-24T13:00:00-07:00", "start": "13:00", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-31-from-walkie-talkies-to-meshtastic-an-overview-of-communication-platforms", "title": "From walkie-talkies to Meshtastic: an overview of communication platforms", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "When traditional infrastructure fails, as it often does in the PNW, we may lose power, water, and even accessible roads. How do you plan to check in with your friends, family, share resources, and help others? In this talk, we\u2019ll cover what options are available for long-distance remote communications between individuals: FRS, GMRS, CB, Amateur Radio, as well as Meshtastic. For the second half of the talk, we'll dive in deeper on Meshtastic: how it compares in terms of capabilities, legality, range, and ease of integration, as well as edge cases. By the end of the presentation, participants will be equipped with actionable knowledge to select affordable communication tools for their needs, ensuring they remain connected when it matters most.", "description": "When traditional infrastructure fails, as it often does in the PNW, we may lose power, water, and even accessible roads. How do you plan to check in with your friends, family, share resources, and help others? In this talk, we\u2019ll cover what options are available for long-distance remote communications between individuals: FRS, GMRS, CB, Amateur Radio, as well as Meshtastic. For the second half of the talk, we'll dive in deeper on Meshtastic: how it compares in terms of capabilities, legality, range, and ease of integration, as well as edge cases. By the end of the presentation, participants will be equipped with actionable knowledge to select affordable communication tools for their needs, ensuring they remain connected when it matters most.\r\n\r\nThose new to radio communications in general, and those new to Meshtastic will be most interested in listening.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "93a48523-28f2-5cba-856a-3de6dd51c488", "id": 39, "code": "3CQLYE", "public_name": "Slava I. Maslennikov", "avatar": "https://cfp.bsidespdx.org/media/avatars/3CQLYE_6OCIAsr.jpg", "biography": "Slava holds a general-level license for Amateur Radio. When away from Meshtastic and HF, he manages DevOps, SRE, and Cloud teams - or provides consulting services in these fields. He has two orange cats and by now is probably one himself. Either get him a beer or a job - he\u2019s currently unemployed.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/JJS3TQ/", "id": 75, "guid": "9fe7ba3c-14e0-5e37-9b44-fec72d75fc7d", "date": "2025-10-24T13:30:00-07:00", "start": "13:30", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-75-disaster-ready-digital-safety-building-resilient-support-systems-for-domestic-violence-survivors", "title": "Disaster Ready Digital Safety: Building resilient support systems for domestic violence survivors", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Safety Net Project, the tech safety team at the National Network to End Domestic Violence (NNEDV) has seen a significant uptick in recent years with local organizations requiring additional aid and guidance on best practices to support survivors of domestic violence and continue critical communication, in the face of natural disaster events like fires, hurricanes, and flooding. This project was born out of a direct response to this need - inspired by literal natural disasters across the United States.\r\n\r\nGraduate students from the University of Washington (UW) are conducting research on this critical topic of cyber security best practices and guidelines for local victim service providers in the context of disaster preparedness and response. Some key topics covered include: emergency response communication plans, privacy and digital protection during disasters, as well as location tracking (stalkerware, tracking through car, airtag, dog pet finder, children\u2019s devices, etc.), detection, and prevention. The research presented will serve as a comprehensive guide that fills the current gap in NNEDV\u2019s resources, by offering actionable recommendations to help local organizations continue critical communication and safeguard survivors during and after natural disasters.", "description": "Anyone!", "recording_license": "", "do_not_record": false, "persons": [{"guid": "29e866f3-f33b-5ab3-834b-5f39de39e1c3", "id": 80, "code": "8E7TKJ", "public_name": "Naomi Meyer", "avatar": "https://cfp.bsidespdx.org/media/avatars/8E7TKJ_Ze16SV2.png", "biography": "Naomi brings over a decade of expertise spanning software engineering, cybersecurity, and education leadership. She just graduated honors with her Master's in Cybersecurity and Leadership from the University of Washington, while conducting ethical bug bounty research. During her 5 years at Adobe as a Software Development Engineer, she built large-scale features and served on technical committees while becoming a seasoned speaker at international engineering conferences. Before transitioning to tech, Naomi taught English as a foreign language in local classrooms across Asia and with the Peace Corps in West Africa. She enjoys weekends outside in the mountains with her dog.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/GKC3X3/", "id": 49, "guid": "bb05dfa1-4dca-5ebb-b4a6-0638c62a2da8", "date": "2025-10-24T14:00:00-07:00", "start": "14:00", "logo": null, "duration": "00:40", "room": "Talk 2", "slug": "bsidespdx-2025-49-a-history-of-fuzzing", "title": "A History of Fuzzing", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Many a presenter, including myself, has talked about fuzzing. Usually, we touch on a small amount of theory and then show off what a cool tool we built or what a difficult target we fuzzed. Instead this talk will focus on fuzzing history. Where did we start? How did we get here? What were the turning points along the way? For each major development, we'll cover a motivating example, the theory behind a solution, and a tiny implementation until we arrive at the modern day.", "description": "This presentation is for both people who are interested in fuzzing as a security method and practitioners who do it on a daily basis. Because I'll be starting at the beginning, attendees won't need any previous fuzzing knowledge or experience, but some knowledge of common software defects like memory corruption and some knowledge of general testing practice will help contextualize the topic.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "97609c3e-0ae6-58f2-8b34-bb5ed3857248", "id": 54, "code": "UYRFTY", "public_name": "Rowan Hart", "avatar": "https://cfp.bsidespdx.org/media/avatars/UYRFTY_CYZUsFw.jpg", "biography": "Rowan is a Senior Security Engineer at Microsoft and previously worked at Intel as a fuzzing researcher. He also dabbles in security tooling as a hobbyist and as a writer. When not at the computer, you can find him at the skate park, on Mt. Hood, or on the rock wall.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/83PV9P/", "id": 51, "guid": "2a5c1f14-c6a9-5de3-81fd-3070b897c578", "date": "2025-10-24T15:00:00-07:00", "start": "15:00", "logo": "https://cfp.bsidespdx.org/media/bsidespdx-2025/submissions/83PV9P/AI-Sasquatch-smaller_mkoyOZB.jpg", "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-51-hackers-ai-faster-smarter-more-dangerous", "title": "Hackers + AI: Faster, Smarter, More Dangerous", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Hackers are turning AI into a force multiplier for cybercrime. In this 20-minute talk, we\u2019ll demo real hacker AI tools such as WormGPT and show how criminals use them to uncover vulnerabilities, generate exploits, and even weaponize zero-days at unprecedented speed. These tools also churn out phishing emails and call scripts in any language, letting novice hackers attack like experts on a global scale. See how AI is reshaping cybercrime and what defenders must prepare for now.", "description": "This talk is for anyone in cybersecurity. Whether you\u2019re a novice or an experienced professional, you\u2019ll benefit from seeing real hacker AI tools in action. Attendees will gain an understanding of how criminals are already using AI to accelerate attacks\u2014and why defenders need to adapt quickly.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "58a65903-e631-545a-bf40-b97628353d81", "id": 56, "code": "XWZ9XW", "public_name": "Sherri Davidoff", "avatar": "https://cfp.bsidespdx.org/media/avatars/XWZ9XW_2ZhvUst.jpeg", "biography": "Sherri Davidoff\u202fis the founder of LMG Security and the author of three books, including \u201cRansomware and Cyber Extortion\u201d and \u201cData Breaches: Crisis and Opportunity.\u201d As a recognized expert in cybersecurity, she has been called a \u201csecurity badass\u201d by The New York Times. Sherri is an instructor for Black Hat, where she serves on the Black Hat USA Review Board and trains security professionals from around the world. She is also a faculty member at the Pacific Coast Banking School, where she teaching bankers and regulators about cybercrime.  She is a GIAC-certified forensic analyst (GCFA) and penetration tester (GPEN) and received her degree in computer science and electrical engineering from MIT.", "answers": []}, {"guid": "32c4bdc5-e291-5fef-ab3e-10c0192b6426", "id": 110, "code": "RWMVE3", "public_name": "Matt Durrin", "avatar": "https://cfp.bsidespdx.org/media/avatars/RWMVE3_5q7LlGn.jpg", "biography": "Matt Durrin is the Director of Training and Research at LMG Security and a Senior Consultant with the organization. He is an instructor at the international Black Hat USA conference, where he has taught classes on ransomware and data breaches. Matt has conducted cybersecurity seminars, tabletop exercises and classes for thousands of attendees in all sectors, including banking, retail, healthcare, government, and more. He is also the co-author of a new book, Ransomware and Cyber Extortion: Response and Prevention. A seasoned cybersecurity and IT professional, Matt specializes in ransomware response and research, as well as deployment of proactive cybersecurity solutions. Matt holds a bachelor\u2019s degree in computer science from the University of Montana, and his malware research has been featured on NBC Nightly News.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/FCGW8Y/", "id": 65, "guid": "964248ff-b7a5-5d08-9c18-f90acb423b8b", "date": "2025-10-24T15:30:00-07:00", "start": "15:30", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-65-new-phone-who-dis-the-quest-for-a-true-burner-phone", "title": "New phone, who dis? The quest for a true Burner Phone", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Do burner phones really still exist, or are they the stuff of urban legend? Can you get a phone that's untraceable any more? Why would you even want to?\r\n\r\nFollow my journey as I find out, and maybe discover some privacy tips along the way.", "description": "* Why would you want one?\r\n* Getting the phone - the easy part, right?\r\n* Prepaid cards\r\n* Don't cross the streams!\r\n* Signing up for service\r\n* Picking a number\r\n* Identity theft is a crime, Jim\r\n* Anonymous email\r\n* Location, location, location\r\n* Summary\r\n\r\nTarget audience: Privacy advocates, political activists, and data-broker haters", "recording_license": "", "do_not_record": false, "persons": [{"guid": "0cd04ec7-6d41-50d5-96b4-ea098fc62f36", "id": 69, "code": "KTJVCW", "public_name": "Mike Niles", "avatar": null, "biography": "Mike works in Municipal Government IT, and has over 25 years of varied tech jobs under his belt ranging from end-user and application support to systems administration, patch management and cybersecurity.\r\n\r\nMike's spare time is typically consumed with gaming with his kids, cybersecurity conferences, and referring to himself in the third person.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/L9FEKD/", "id": 83, "guid": "90ffc482-34e2-533b-8994-95bbc433fcb4", "date": "2025-10-24T16:00:00-07:00", "start": "16:00", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-83-pnw-vs-bay-area-observations-from-the-seattle-startup-scene", "title": "PNW vs. Bay Area: Observations from the Seattle Startup Scene", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "In this raw, open, and honest session, I'll pull from my own and fellow VC-backed founder experiences on the crazy journey to build a security startup based in the PNW. We'll cover all major parts of the 0 -> 1 journey, including: ideation / idea validation, learning to sell, raising capital, building an MVP, finding PMF, and building a team. 1 year after graduating from the Y Combinator 2024 cohort, I'll open up about the things I wish I knew sooner, and the secrets to YC's success.  I'll specifically talk about the challenges and strengths of building a non-SF-based startup.", "description": "Folks thinking about starting a startup, PNW folks considering relocating to Bay Area (or vice versa!)", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d0e8d3c3-ef86-5191-923b-9ce72adbf71d", "id": 88, "code": "YHYVXP", "public_name": "Emily Choi-Greene", "avatar": "https://cfp.bsidespdx.org/media/avatars/YHYVXP_iC8dPC8.jpg", "biography": "Emily is the CEO and co-founder of Clearly AI, a YC-backed startup automating security and privacy reviews based in Seattle. Previously, she oversaw application security for Amazon's Alexa AI organization and owned data security and privacy at Moveworks (an enterprise AI assistant).", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/XWDACA/", "id": 100, "guid": "f14959a1-2db0-5980-ae1e-b69f11a96c73", "date": "2025-10-24T16:30:00-07:00", "start": "16:30", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-100-automating-threat-modeling-with-vision-models-lesson-learned", "title": "Automating Threat Modeling with Vision Models - Lesson learned", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Threat modeling has always been critical but also slow, manual, and often skipped. What if your security champions could generate a first draft of a STRIDE analysis from architecture diagram itself ? In this talk, we\u2019ll explore how vision models (like Gemini Vision) and LLMs can automate early threat modeling by \u201cseeing\u201d system diagrams and translating them into structured security insights.\r\nI\u2019ll show how we built an agent that ingests architecture diagrams, interprets flows and trust boundaries, and outputs threat models in a developer-friendly format. We\u2019ll cover practical benefits (speed, adoption, developer engagement) as well as real challenges: hallucinations, missing context, and having humans in the loop. Finally, I\u2019ll share how we turn these outputs into generating adversarial test cases, making threat modeling more actionable.\r\nAttendees will leave with a framework to experiment with their own AI-assisted threat modeling pipeline, lessons learned from real reviews of AI agents, and a realistic sense of what today\u2019s vision models can (and can\u2019t) do for security.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "182e3edd-de54-5f8a-a561-720f9dd13876", "id": 102, "code": "DKGSZA", "public_name": "Pankaj Upadhyay", "avatar": "https://cfp.bsidespdx.org/media/avatars/DKGSZA_1U3rw3f.jpeg", "biography": "Pankaj Upadhyay is a Principal Cybersecurity Engineer at Workday, where he focuses on secure architecture, threat modeling, and the emerging challenges of AI/ML security. He has been recognized across the industry through published CVEs, responsible disclosures, and inclusion in multiple security \u201cHall of Fame\u201d acknowledgments (Google, Adobe, Cert-EU etc.) for his contributions to improving software security. \r\nWith a background spanning application security, cloud security, and open-source research, Pankaj\u2019s recent work explores how generative AI and vision models can augment traditional security processes from automated threat modeling to adversarial testing of AI agents.\r\n\r\nAt BSidesPDX 2025, Pankaj shares his lessons learned from building an AI-assisted threat modeling agent that \u201csees\u201d architecture diagrams and generates structured analysis automatically. His talk dives into what works, what breaks, and how AI can make threat modeling faster, more accessible, and actionable for modern engineering teams, if done with an interactive feedback loop and constant user engagement.", "answers": []}, {"guid": "a447bb0c-c2ed-556f-b226-40bfbf1fc109", "id": 132, "code": "HWPLVZ", "public_name": "MAYANK VATS", "avatar": "https://cfp.bsidespdx.org/media/avatars/HWPLVZ_4aVvykv.jpg", "biography": "Mayank Vats is a Principal Software Engineer at Workday, where he focuses on designing secure, large-scale AI and conversational platforms. He has led multiple initiatives around agentic AI systems, low-code frameworks, and enterprise-grade automation, bridging the gap between developer experience, system reliability, and security.\r\n\r\nWith a background spanning both enterprise software architecture and applied AI, Mayank\u2019s recent work explores how vision models and LLMs can enhance traditional security processes, particularly in areas like automated threat modeling and developer-centric risk analysis.\r\n\r\nAt BSidesPDX 2025, Mayank shares his lessons learned from building an AI-assisted threat modeling agent that \u201csees\u201d architecture diagrams and generates structured STRIDE analyses automatically. His talk dives into what works, what breaks, and how AI can make threat modeling faster, more accessible, and actionable for modern engineering teams.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop A": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/YX9EAY/", "id": 8, "guid": "9dc1fe7c-7d93-5d0d-b584-677cf5ebd340", "date": "2025-10-24T11:00:00-07:00", "start": "11:00", "logo": null, "duration": "02:00", "room": "Workshop A", "slug": "bsidespdx-2025-8-llm-mayhem-hands-on-red-teaming-for-llm-applications", "title": "LLM Mayhem: Hands-On Red Teaming for LLM Applications", "subtitle": "", "track": "Workshop A", "type": "Workshop", "language": "en", "abstract": "Join us in this workshop to engage in hands-on attacks to identify weaknesses in generative AI. If you\u2019re interested in learning about getting started in red teaming generative AI systems, this is the workshop for you.\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "We welcome any attendee who is interested in learning about the resiliency of a LLM based application against an adversary set on causing it to output unintended content. No prior experience with red teaming or attacking LLMs is necessary, as we will cover the basics and ramp students up throughout the session.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "961c13f4-cd60-5373-b3fb-48c09a47b348", "id": 15, "code": "8AV8GT", "public_name": "Travis Smith", "avatar": null, "biography": "Travis Smith is the Vice President of ML Threat Operations at HiddenLayer where he is responsible for the services offered by the organization, including red-teaming machine learning systems and teaching adversarial machine learning courses. He has spent the last 20 years building enterprise security products and leading world class security research teams. Travis has presented his original research at information security conferences around the world including Black Hat, RSA Conference, SecTor, and DEF CON Villages.", "answers": []}, {"guid": "a3caff8a-2b7f-54f7-911a-f16ae42d8206", "id": 16, "code": "BTVL97", "public_name": "David Lu", "avatar": "https://cfp.bsidespdx.org/media/avatars/BTVL97_ZjxPBxm.jpg", "biography": "David Lu is a Senior ML Threat Operations Specialist at HiddenLayer, focusing on ML red teaming exercises, adversarial ML instruction, and the development of security ontologies. With 8 years of experience in security research, David also brings over a decade of academic expertise, having taught computer science at Portland State University and philosophy at Syracuse University. His interdisciplinary background uniquely positions him at the intersection of AI/ML security and ethical technology development.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/JH3GBP/", "id": 111, "guid": "3cd8b497-f307-5c1f-9f7e-7ce07664eb71", "date": "2025-10-24T13:00:00-07:00", "start": "13:00", "logo": null, "duration": "02:00", "room": "Workshop A", "slug": "bsidespdx-2025-111-so-you-d-like-to-present-at-a-conference", "title": "So you\u2019d like to present at a conference", "subtitle": "", "track": "Workshop A", "type": "Workshop", "language": "en", "abstract": "So, you\u2019d like to present at a conference? Awesome - but making that decision is just the first step of a long journey. This workshop is primarily intended for people who already have ideas of things to present, but need some help fine-tuning them and understanding the process. We\u2019ll start off in a lecture format covering all the parts of preparing, submitting and presenting your work, answering a lot of questions you might ask yourself. We\u2019ll proceed into an extended question and answer session. Think of your questions ahead of time, and perhaps even ask them before the workshop. Finally, we\u2019ll use the remaining time to team up in groups to share our ideas and give each other feedback. Hopefully you\u2019ll leave with a better idea of how to navigate the process, as well as a clearer idea of how to structure your submission and presentation.\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c1e8342a-78a6-567d-9311-d49c593510e0", "id": 3, "code": "TGQZYH", "public_name": "Joe FitzPatrick", "avatar": null, "biography": "Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent most of his career working on low-level silicon debug, security validation, and penetration testing of CPUs, SoCs, and microcontrollers. He has spent the past decade developing and delivering hardware security related tools and training, instructing hundreds of security researchers, pen testers, and hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/UFVTME/", "id": 14, "guid": "f723a66d-665e-5900-ac70-c6e97036ce5d", "date": "2025-10-24T15:00:00-07:00", "start": "15:00", "logo": null, "duration": "02:00", "room": "Workshop A", "slug": "bsidespdx-2025-14-pentestmcp-a-toolkit-for-agentic-penetration-testing", "title": "PentestMCP: A Toolkit for Agentic Penetration Testing", "subtitle": "", "track": "Workshop A", "type": "Workshop", "language": "en", "abstract": "Advances in Generative AI have enabled the development of autonomous agents, combining large-language models (LLMs) and custom tools with plan generation, reasoning, and tool execution to automate security tasks. One drawback of initial agentic approaches has been their monolithic development. However, much like HTTP decoupled the development of web clients and servers by standardizing the communication protocol between them, the Model-Context-Protocol (MCP) has emerged to decouple the development of agents and their tools. This workshop will provide an introduction to LLM agents and their construction using MCP. Attendees will first walk through a set of simple MCP clients and servers for automating database and file system tasks to get an understanding of how agents and MCP work using labs from https://codelabs.cs.pdx.edu. They will then experiment with a range of MCP servers from the open-source PentestMCP project https://github.com/Craftzman7/pentest-mcp that leverage penetration testing tools such as nmap, nuclei, and metasploit to automatically find, exploit, and exfiltrate data from a vulnerable web application.  Note: Due to the nature of the exercises, they will be hosted on a Google Cloud Project that registered attendees will be given access to during the workshop.\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "Security practitioners interested in automating their workflows with Generative AI, LLM agents, and MCP. Students interested in learning about agentic security.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9d8cd41a-cab5-595a-8051-465b5adb23a5", "id": 7, "code": "GJLBPB", "public_name": "Wu-chang Feng", "avatar": "https://cfp.bsidespdx.org/media/avatars/GJLBPB_eYgMspm.jpg", "biography": "Wu-chang Feng is a professor at Portland State University where he focuses on applications of Generative AI in security.", "answers": []}, {"guid": "9cd0de7c-a1de-512b-828d-12c56a256484", "id": 21, "code": "X8CKPA", "public_name": "Zachary Ezetta", "avatar": "https://cfp.bsidespdx.org/media/avatars/X8CKPA_MFuObL0.jpeg", "biography": "Zachary Ezetta is a senior at Grant High School, network operator of AS214092, and the software lead for FIRST Robotics Competition Team 3636: Generals. He is also a former Intern for Portland State University's Department of Computer Science.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop B": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/CPJTNR/", "id": 69, "guid": "efad6e2c-8600-5ba1-95aa-f8bbf3765cbe", "date": "2025-10-24T11:00:00-07:00", "start": "11:00", "logo": null, "duration": "06:00", "room": "Workshop B", "slug": "bsidespdx-2025-69-binary-jiu-jitsu-white-belt-fundamentals", "title": "Binary Jiu-jitsu: White Belt Fundamentals", "subtitle": "", "track": "Workshop B", "type": "Workshop", "language": "en", "abstract": "Abstract\r\n\tBinary exploitation can feel overwhelming for beginners. With so many tools, techniques, and architectures to learn, it\u2019s easy to get lost without a structured path. Binary Jiu-Jitsu is designed to guide students through the fundamentals of binary exploitation using a skill-based, hands-on approach inspired by martial arts training.\r\n\tIn this workshop, we\u2019ll cover the essential building blocks for exploiting simple 64-bit Linux ELF binaries. Attendees will learn the fundamentals of computer architecture, reverse engineering with Ghidra, debugging with GDB, finding stack-based buffer overflows, and developing custom exploits using pwntools.\r\n\tThroughout the session, participants earn \u201cstripes\u201d by completing progressively harder hands-on challenges in a live CTFd environment. By the end, students will have the knowledge \u2014 and practical skills \u2014 to identify vulnerabilities, write working exploits, and pop their first shell.\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "This workshop is geared towards complete beginners. Linux CLI experience would be helpful but can be learned on the fly.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "7b548f94-2f29-5fec-9a21-e03158c6e0ff", "id": 74, "code": "RGFXGA", "public_name": "Joshua Connolly", "avatar": null, "biography": "I am a vulnerability researcher/reverse engineer focused on embedded devices. I love playing CTFs and teaching interesting topics to people.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}, {"index": 2, "date": "2025-10-25", "day_start": "2025-10-25T04:00:00-07:00", "day_end": "2025-10-26T03:59:00-07:00", "rooms": {"Talk 1": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/S9CDWJ/", "id": 108, "guid": "2ef36eed-5172-5464-9100-4c667ba5e132", "date": "2025-10-25T09:00:00-07:00", "start": "09:00", "logo": null, "duration": "00:00", "room": "Talk 1", "slug": "bsidespdx-2025-108-registration-opens-all-day-", "title": "Registration opens (all-day)", "subtitle": "", "track": "Registration Room", "type": "Other", "language": "en", "abstract": "Registration opens at the registration room.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c91e44aa-eae9-59fb-b620-0a8d5df7b567", "id": 107, "code": "9ECH7E", "public_name": "Registration Room", "avatar": null, "biography": "--", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/3S83HA/", "id": 105, "guid": "3e81016c-ceb8-5bfb-88e6-2148159dd25f", "date": "2025-10-25T09:30:00-07:00", "start": "09:30", "logo": null, "duration": "00:15", "room": "Talk 1", "slug": "bsidespdx-2025-105-opening-remarks", "title": "Opening remarks", "subtitle": "", "track": "Talk 1", "type": "Remarks", "language": "en", "abstract": "Opening remarks", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c44082c1-ee65-5690-9261-5551ea9dea64", "id": 120, "code": "MUVFTW", "public_name": "BSidesPDX 2025 Organizers", "avatar": null, "biography": "BSidesPDX 2025 Organizers", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/JKBL8M/", "id": 106, "guid": "97789210-9562-5e4d-94de-e7ddb06a4e99", "date": "2025-10-25T09:45:00-07:00", "start": "09:45", "logo": null, "duration": "01:00", "room": "Talk 1", "slug": "bsidespdx-2025-106-day-2-keynote", "title": "Day 2 Keynote", "subtitle": "", "track": "Talk 1", "type": "Keynote", "language": "en", "abstract": "Day 2 Keynote", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ceafab41-0d92-5a85-8411-4ad47ce10ba1", "id": 108, "code": "RPYVXJ", "public_name": "Micah Lee", "avatar": "https://cfp.bsidespdx.org/media/avatars/RPYVXJ_YNAvfW7.jpg", "biography": "I\u2019m an information security engineer, a software engineer, an investigative data journalist, and an author. I use he/him pronouns, and my name is pronounced \u201cmy-kah.\u201d\r\n\r\nI started the Lockdown Systems Collective where I help develop an open source app called Cyd that helps people claw back their data from Big Tech.\r\n\r\nI worked for The Intercept for a decade, where I was director of information security. I also used to work as a staff technologist at Electronic Frontier Foundation, and I helped co-found Freedom of the Press Foundation. I did opsec for journalists while Edward Snowden was leaking NSA docs to them.\r\n\r\nI\u2019m the author of \u201cHacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data\u201d, a hands-on book that teaches journalists, researchers, and activists how download, research, analyze, and report on datasets. (No prior experience required.)\r\n\r\nI develop open source security tools like OnionShare and Dangerzone. You can check out my GitHub activity [here](https://github.com/micahflee/).", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/7V3ALW/", "id": 116, "guid": "148288db-b3d3-56c8-ae38-a3f06210e634", "date": "2025-10-25T10:58:00-07:00", "start": "10:58", "logo": null, "duration": "00:00", "room": "Talk 1", "slug": "bsidespdx-2025-116-meet-the-sponsors-all-day-", "title": "Meet the Sponsors (all-day)", "subtitle": "", "track": "Sponsors", "type": "Other", "language": "en", "abstract": "Stop by the Registration Room to chat with our amazing sponsors, grab some swag, and learn about the cool things they\u2019re building. They\u2019ll be here throughout the day!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c91e44aa-eae9-59fb-b620-0a8d5df7b567", "id": 107, "code": "9ECH7E", "public_name": "Registration Room", "avatar": null, "biography": "--", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/QEAGEJ/", "id": 114, "guid": "76441572-9925-59e9-9a0f-44759e389e1f", "date": "2025-10-25T10:59:00-07:00", "start": "10:59", "logo": null, "duration": "00:00", "room": "Talk 1", "slug": "bsidespdx-2025-114-ctf-live-challenges-open-for-the-day-all-day-", "title": "CTF live challenges open for the day (all-day)", "subtitle": "", "track": "CTF Room", "type": "Other", "language": "en", "abstract": "BSidesPDX 2025 CTF\r\n\r\nThe annual BSidesPDX 2025 CTF competition, brought to you by an amazing group of volunteers!\r\n\r\nGo to https://ctf.bsidespdx.org to register and play!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ea974d71-47c1-59ca-9471-ca1c4bbae3a7", "id": 119, "code": "YMAHM8", "public_name": "CTF Room", "avatar": null, "biography": "CTF Room", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/FEKYPS/", "id": 17, "guid": "8fd96f27-fdd9-5bfb-b4e7-334d5e188290", "date": "2025-10-25T11:00:00-07:00", "start": "11:00", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-17-from-context-switching-hell-to-ai-powered-ops-eliminating-security-on-call-toil-with-the-model-context-protocol", "title": "From Context-Switching Hell to AI-Powered Ops: Eliminating Security On-Call Toil with the Model Context Protocol", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Context switching during incident response is a silent productivity killer that costs security engineers hours of valuable time and significant cognitive load. This talk shares a real-world case study of how we transformed our on-call experience at Databricks by implementing Model Context Protocol (MCP) servers to enable AI-assisted incident triage and investigation.\r\n\r\nAttendees will learn how traditional incident response workflows\u2014involving dozens of browser tabs, multiple tools, and constant context rebuilding\u2014can be revolutionized through natural language interfaces. We'll demonstrate how MCP servers provide a standardized way for AI assistants to interact with infrastructure tools like PagerDuty and Databricks, reducing incident investigation time from 15+ minutes to under 2 minutes.\r\n\r\nThrough real-world examples, we'll show how this approach eliminated overhead during on-call rotations, enabled cross-cloud investigation capabilities without manual intervention, and allowed engineers to focus on actual problem-solving rather than tool navigation. The talk includes practical implementation details and lessons learned from production deployments across 55+ multi-cloud Databricks workspaces.", "description": "This talk is designed for security professionals who handle incident response or participate in on-call rotations, including SOC analysts, security engineers, detection engineers, and incident responders. It's particularly relevant for those looking to reduce the cognitive burden and operational friction of interrupt-driven investigations. Technical leaders considering AI-assisted tooling for their teams will also find valuable insights. While the examples use Databricks and PagerDuty, the concepts apply broadly to any security operations environment dealing with multi-tool workflows and context switching challenges. Participants will leave this presentation with concrete ideas for applying these concepts in their own environments.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d0b551f1-d225-5431-8f90-813bfcc50c6b", "id": 23, "code": "CFNQYH", "public_name": "Will Urbanski", "avatar": "https://cfp.bsidespdx.org/media/avatars/CFNQYH_44BfBph.jpg", "biography": "Will is the tech lead for detection and response at Databricks. His expertise lies at the intersection of threat detection and software engineering, specializing in detection engineering, attack simulation, and the practical applications of threat intelligence. Previously, Will drove detection and intelligence initiatives at Stripe, Datadog, and SecureWorks, where he played key technical leadership roles in shaping security strategies and mentoring teams. He has authored four patents in the cybersecurity space, and his research has been published in well-known academic journals, including IEEE Security & Privacy.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/KPQTX3/", "id": 95, "guid": "831adbb9-0cc7-50d2-bda6-936a051c78ae", "date": "2025-10-25T11:30:00-07:00", "start": "11:30", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-95-tag-you-re-leaked-surviving-the-tj-actions-supply-chain-attack", "title": "Tag, You're Leaked: Surviving the tj-actions Supply Chain Attack", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "In March 2025, the tj-actions/changed-files GitHub Action, which is used by 24,000 repositories, was weaponized to steal CI/CD secrets. All 361 version tags were pointed to malicious code that dumped credentials from memory directly into build logs. We were the first responders.\r\n\r\nCome hear the untold story of the 72-hour incident response. You'll learn how we detected an attack that traditional tools missed, built an IOC scanner over a weekend while the attack was live, and coordinated disclosure with dozens of organizations.\r\n\r\nYou'll walk away with:\r\n- A tested incident response playbook you can adapt for your organization\r\n- Open-source tools: harden-runner (behavioral monitoring) and ghscan (IOC scanning)\r\n- Practical defenses for resilience against similar attacks", "description": "### Talk Outline\r\n\r\n**The Alert**\r\n- March 14, 1:01 PM: harden-runner's behavioral monitoring detects anomaly\r\n- Quick realization of scope: 24,000 affected repositories\r\n- Ashish and Mark were first responders to attack\r\n\r\n**The Attack**\r\n- Attack masqueraded as renovate[bot] with commit 0e58ed8\r\n- All 361 version tags redirected to malicious commit\r\n- Memory scraping exfiltrated secrets to action logs\r\n- Brief demo: What the malicious base64 logs looked like\r\n\r\n**Initial Response**\r\n\r\n*Friday: Detection & Triage*\r\n- March 14, 22:20 UTC: StepSecurity reports compromise\r\n- Internal and external response of orgs\r\n\r\n*Saturday: Emergency Engineering*\r\n- Creating tj-scan/ghscan from scratch (live code snippet)\r\n- Scanning results reveal : 233 system.github.tokens, 151 github_tokens compromised\r\n- Discovering cloud.gov, CISA, and other government credentials leaked\r\n\r\n*Sunday: Disclosure Coordination*\r\n- Managing disclosure to 50+ organizations with leaked credentials\r\n- Reporting government credentials to CISA\r\n\r\n**What Actually Helped**\r\n\r\n*Quick Wins*\r\n- Demo: How harden-runner detected the attack\r\n- Demo: Using ghscan to check for similar compromises\r\n- Action pinning that doesn't break your workflows\r\n\r\n*Longer-term Improvements*\r\n- Migrating from static secrets to OIDC\r\n- Setting up runtime monitoring\r\n- Config changes that made the biggest difference\r\n\r\n**Resource**\r\n- Links to tools and response playbook (QR code)\r\n- Open invitation for questions and help", "recording_license": "", "do_not_record": false, "persons": [{"guid": "1ffde217-6a57-5f58-af35-7dd5fa2743bb", "id": 55, "code": "MSHNLM", "public_name": "Mark Esler", "avatar": "https://cfp.bsidespdx.org/media/avatars/MSHNLM_niQuCyw.jpg", "biography": "Mark Esler works on software supply chain security, vulnerability disclosure, and system hardening.", "answers": []}, {"guid": "8293ed18-b605-5637-b9c9-ae9ecb7cd508", "id": 57, "code": "TLENBB", "public_name": "Ashish Kurmi", "avatar": "https://cfp.bsidespdx.org/media/avatars/TLENBB_30CQz2N.jpeg", "biography": "Ashish Kurmi is the CTO and co-founder of StepSecurity, a cybersecurity startup securing CI/CD pipelines against supply chain attacks. Before StepSecurity, he was with Microsoft Corporation, Uber Technologies, and Plaid Inc. in security leadership roles. He primarily worked with software developers at these companies to understand their security pain points and built security systems to remediate security issues at scale. He has 15 years of experience in security and software engineering.\r\n\r\nAshish has previously spoken at several conferences such as BlackHat USA, (ISC)2 Security Congress, and Open Source 101.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/E3QPU9/", "id": 27, "guid": "2b7bb78c-82a8-5ffc-a52f-4877d6d0aeed", "date": "2025-10-25T12:00:00-07:00", "start": "12:00", "logo": null, "duration": "00:40", "room": "Talk 1", "slug": "bsidespdx-2025-27-keep-your-return-address-close-and-your-enemies-closer-how-a-kernel-engineer-and-security-researcher-collaborated-to-tighten-up-linux-shadow-stack", "title": "Keep Your Return Address Close and Your Enemies Closer. How a kernel engineer and security researcher collaborated to tighten up Linux shadow stack", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Intel's CET Shadow Stack is a CPU feature aimed at preventing Control-Flow Hijacking shenanigans by implementing a redundancy copy of the process stack, which can be verified for integrity through the program execution. Supporting CET Shadow Stacks in Linux applications is something that took a long long time to be implemented and deployed, and given the magnitude of changes required both in the kernel and in the toolchain, there was a reasonable chance that security details could be missed in the process. In this talk we'll cover the interactions between a kernel engineer and a security researcher regarding a last minute security finding that ended-up surfacing an intricate trade-off discussion around safety, performance and compatibility. These discussions led into redesigns of the shadow stack support at the brink of its release and are still relevant as new feature designs still stumble on the gritty details of these trade-offs.\r\n\r\nBesides the technical scope, this talk aims on emphasizing how the collaborations between software engineers and security researchers can be fruitful, fun and crucial to achieving more reliable security outcomes.", "description": "Open source warriors, security ninjas and apprentices, kernel sorcerers, toolchain forgers, low level dwellers.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c1d2efa9-1a64-5574-b71c-54f1abe03676", "id": 5, "code": "DVKNGX", "public_name": "Joao Moreira", "avatar": "https://cfp.bsidespdx.org/media/avatars/DVKNGX_Xr5cezK.jpg", "biography": "Jo\u00e3o Moreira is a systems security researcher passionate about compilers, OS internals, and digging deep into low-level bugs. At Microsoft, he works on securing cloud infrastructure by reviewing service designs, building secure architectures, and developing defenses against emerging threats. Prior to Microsoft, Jo\u00e3o worked at Intel, SUSE Linux, and spent time in academia, where he focused on low-level systems topics like control-flow integrity and binary live patching. His research was presented at conferences such as Black Hat Asia, the Linux Plumbers Conference, and the Linux Security Summit. Every now and then, Jo\u00e3o contributes to open-source projects like the LLVM compiler and the Linux kernel. More recently, he\u2019s been trying to figure out this AI thingy \u2014 but he still struggles to write short conference bios with the help of chatbots.", "answers": []}, {"guid": "910de9aa-0a82-540a-be6e-a45c62cae3ac", "id": 125, "code": "MENCFF", "public_name": "Rick Edgecombe", "avatar": null, "biography": "Rick is a Linux kernel engineer who works on security related features, virtualization and memory management.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/M8J3NP/", "id": 57, "guid": "3fedb74b-0798-5603-ac55-44696b73c70c", "date": "2025-10-25T13:00:00-07:00", "start": "13:00", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-57-nintendon-t-look-at-my-github-dmca-dodging-and-other-shenanigans", "title": "Nintendon't Look at my GitHub: DMCA Dodging and Other Shenanigans", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "GitHub forks are...weird. A couple implementation quirks lead to some funny (or alternatively, scary) consequences. And yeah, this is publicly documented, but who reads these days? This talk walks through real-world personal examples: recovering commits from a deleted project, brute forcing hidden commit history back into existence, and skirting a DMCA takedown by inserting hidden commits in a someone else's repository.", "description": "This talk was originally given at an internal conference for a small pentesting firm, with a mixture of technical pentesters and nontechnical project managers/executive staff in the audience and written to be accessible to all. Familiarity with Git/GitHub is recommended (and mostly a given, considering BSides' audience) but there is a brief explanation at the beginning in case it is helpful (and to set up a joke).", "recording_license": "", "do_not_record": false, "persons": [{"guid": "81b7cc68-4f88-5811-a21b-5b0cf1e1b03e", "id": 62, "code": "ZAVQBW", "public_name": "James Martindale", "avatar": null, "biography": "James is a web/cloud penetration tester at Anvil Secure, based in Seattle. His research interests include API security, hardware hacking, and abuse cases. He spends too much of his free time in Grand Theft Auto Online, where the hacking minigames are much easier than his day job.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/3Q9WWR/", "id": 79, "guid": "faa7d520-2e26-580b-8600-e71ab82fcaaf", "date": "2025-10-25T13:30:00-07:00", "start": "13:30", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-79-quantum-computing-hype-hope-and-the-cybersecurity-horizon", "title": "Quantum Computing: Hype, Hope, and the Cybersecurity Horizon", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Quantum computing has sparked both excitement and alarm in the cybersecurity world and honestly, I\u2019ve felt both. Between promises of solving problems previously thought impossible and fears of cracking RSA wide open, it\u2019s hard to tell what\u2019s real and what\u2019s just well-dressed science fiction.\r\n\r\nIn this talk, I want to cut through the noise not from a purely academic standpoint, but from the perspective of someone who's actively working on quantum readiness in the fintech world. I\u2019ve been navigating the hype, hope, and hard truths that come with trying to future-proof sensitive systems against a threat that\u2019s not quite here\u2026 but definitely not imaginary.\r\nWe'll look at quantum computing from a high level without drowning in math and break down what's real vs. speculative. We'll cover which cryptographic algorithms are truly at risk, where post-quantum cryptography (PQC) comes into play, and how to think about timelines without spiraling into paranoia.\r\n\r\nWhether you're in offensive security, defense, leadership, or just crypto-curious, this session will give you a clear picture of where things stand and how to start preparing without panicking (or overpaying a vendor with a quantum logo slapped on their pitch deck).", "description": "Security Engineers / Architects \u2013 interested in threat modeling and cryptographic resilience\r\nCISOs / Security Leaders \u2013 making strategic decisions about long-term security posture\r\nResearchers / Students \u2013 wanting a no-nonsense intro to quantum\u2019s real implications\r\nCrypto Curious \u2013 those overwhelmed by the jargon but want the signal, not the noise\r\n\r\nTechnical Depth: Intermediate \u2013 no quantum physics or cryptography background required, but technical familiarity with cybersecurity concepts (PKI, encryption, risk modeling) will help.", "recording_license": "", "do_not_record": true, "persons": [{"guid": "870a4ab8-9d63-5511-b008-888a7dea9068", "id": 84, "code": "9P8WCM", "public_name": "Neha Srivastava", "avatar": "https://cfp.bsidespdx.org/media/avatars/9P8WCM_0zmpOql.png", "biography": "With over 14 years of global experience at the intersection of cybersecurity, emerging tech, and financial services, Neha is a recognized leader shaping the future of secure digital infrastructure. As Vice President of Cybersecurity Products at J.P. Morgan Chase, she drives innovation in cryptographic systems and quantum-safe architectures that safeguard the next generation of financial technology.\r\n\r\nNeha\u2019s career journey includes leading roles at industry heavyweights like Deloitte, EY, Accenture, NVIDIA, Flagstar Bank, and Bank of America, spanning multiple countries and domains. Her work now centers on preparing for the quantum era with a strong focus on Post-Quantum Cryptography (PQC), Quantum readiness, quantum-safe protocols, and the ethical, sustainable design of cryptographic systems that can withstand tomorrow\u2019s computing power.\r\n\r\nBeyond her corporate work, Neha actively advises startups, helping founders navigate the complex intersection of security, compliance, and product strategy. She\u2019s passionate about making sure innovation in quantum and cryptography is not just cutting-edge, but responsible, resilient, and ready for real-world impact.\r\n\r\nFrom securing today\u2019s digital economy to building quantum-resilient systems for the future, Neha brings a visionary yet grounded perspective to cybersecurity one that\u2019s deeply technical, future-facing, and driven by purpose.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/H9ZHVX/", "id": 66, "guid": "74e8ddfa-eb81-5f73-9876-1020b9a437a0", "date": "2025-10-25T14:00:00-07:00", "start": "14:00", "logo": null, "duration": "00:40", "room": "Talk 1", "slug": "bsidespdx-2025-66-this-is-not-a-camera", "title": "This is not a camera", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Webcams secretly running Linux reveal embedded system vulnerabilities, insecure firmware, and broken update mechanisms. Tracing the tech stack from distributors to chipset manufacturers exposes supply chain issues, security oversights, and risks at the hardware-software boundary. The talk includes demos and highlights the need for transparency and responsibility.", "description": "Hackers\r\nThis talk was presented at DEFCON, a link to the video is here:\r\nhttps://drive.google.com/file/d/1-WCn2r5TLD2L9waDJggugB-DtkebX04Z/view?usp=sharing", "recording_license": "", "do_not_record": true, "persons": [{"guid": "73a2075b-f055-55c8-b96a-ccb8f725587c", "id": 70, "code": "M9DF7U", "public_name": "Mickey Shkatov", "avatar": null, "biography": "Mickey has been involved in security research for over a decade, specializing in breaking down\r\ncomplex concepts and identifying security vulnerabilities in unusual places. His experience spans a\r\nvariety of topics, which he has presented at security conferences worldwide. His talks have covered\r\nareas ranging from web penetration testing to the intricacies of BIOS firmware.", "answers": []}, {"guid": "744e0983-c10c-5333-ac71-c6078ab4e332", "id": 71, "code": "WLEGJY", "public_name": "Jesse Michael", "avatar": null, "biography": "Jesse is an experienced security researcher focused on vulnerability detection and mitigation\r\nwho has worked at all layers of modern computing environments from exploiting worldwide\r\ncorporate network infrastructure down to hunting vulnerabilities inside processors at the\r\nhardware design level. His primary areas of expertise include reverse engineering embedded\r\nfirmware and exploit development. He has also presented research at DEF CON, Black Hat,\r\nPacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/KRR9NX/", "id": 88, "guid": "f697a369-e4c5-580a-b5c6-4a14f710790f", "date": "2025-10-25T15:00:00-07:00", "start": "15:00", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-88-unwitting-hosts-how-residential-proxies-increase-risk", "title": "Unwitting Hosts: How Residential Proxies Increase Risk", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "Residential proxy networks, which reroute user traffic through residential IP addresses, present unique risks to enterprise networks and individual users. These proxies, often bundled with low-reputation applications, enable external traffic to appear as if originating from legitimate endpoints, frequently without user consent. Cisco Security's research highlights that residential proxies are 4.8 times more likely to connect to malicious domains compared to regular enterprise network traffic, underscoring the threats posed by such activity.\r\nThis research investigates the mechanics, detection, and prevalence of residential proxies, leveraging datasets from Cisco Network Visibility Module (NVM) and the open-source mercury tool. By analyzing billions of network flows and telemetry data from approximately 240,000 devices, researchers identified residential proxy activity linked to applications like Infatica and Rave Helper. These programs, while not inherently malicious, misuse enterprise resources and can serve as vectors for attacks, including click fraud, spam, and internal reconnaissance by adversaries. The research also presents a novel detection approach based on Transport Layer Security (TLS) random nonces enables robust identification of residential proxy behavior in network traffic. \r\nThis study underscores the risks posed by residential proxies and emphasizes the importance of addressing these threats to safeguard enterprise environments. By detailing threat detections for this behavior and some of the tools that exhibit it, it provides practical tools that can be leveraged to identify residential proxy behavior through network traffic analysis. These insights aim to empower organizations with actionable strategies to mitigate the misuse of their resources and reduce exposure to malicious activity.", "description": "Security analysts and IT administrators, we'll define all terms and concepts so it should be a pretty approachable entry level talk, but hopefully interesting to more advanced practitioners as well.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "221a5ddc-7092-5f69-a29c-3c64268670e0", "id": 91, "code": "DR9PBT", "public_name": "Darin Smith", "avatar": "https://cfp.bsidespdx.org/media/avatars/DR9PBT_TU9UIBH.jpeg", "biography": "Darin is a security research leader at Cisco Talos, focused on mentorship, security management, cloud native security research and detection engineering. Former affiliations include Amazon, the FBI, UC Davis and King's College London. In his spare time he loves playing music, hiking and travelling.", "answers": []}, {"guid": "940476f8-1765-5643-b194-9b92b635ecfa", "id": 101, "code": "93HAH8", "public_name": "Blake Anderson", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/CJV8TZ/", "id": 4, "guid": "843d1423-af5a-56c9-b91b-753fad80e0c4", "date": "2025-10-25T15:30:00-07:00", "start": "15:30", "logo": null, "duration": "00:20", "room": "Talk 1", "slug": "bsidespdx-2025-4-an-unexpected-journey-building-a-cybersecurity-program-from-scratch-at-a-risk-taking-state-agency", "title": "An Unexpected Journey - Building a Cybersecurity Program from Scratch at a Risk-Taking State Agency", "subtitle": "", "track": "Talk 1", "type": "Presentation", "language": "en", "abstract": "In a state agency responsible for fighting wildland fires (including a fleet of drones, aircraft, and firetrucks) and responding to regional natural disasters, securing sensitive data and IT infrastructure is critical and challenging. From protecting endangered species data to ensuring secure computing at the most remote locations, a cybersecurity program in such an agency requires speed, flexibility, and hand-tailored problem solving. This session will share how the Washington State Dept of Natural Resources built a cybersecurity program from the ground up, addressing unique challenges like risk tolerance, rapid deployment, and balancing security with mission-critical operations.", "description": "Anyone looking for inspiration in what's possible with little resources and a whole lot of heart.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "df9a48de-3b8c-5f0b-b4b3-0038564fff9d", "id": 10, "code": "9WZTRK", "public_name": "Ralph Hogaboom", "avatar": "https://cfp.bsidespdx.org/media/avatars/9WZTRK_Fbrkzui.png", "biography": "He/him, from Aberdeen WA. Married, parent, state govt employee in cybersecurity. Interested in gaming, trans rights, writing music, recovery, cooking, esports, feminism, running, pop science, knitting, and baking a really nice loaf of bread.", "answers": []}, {"guid": "5947f5c3-3094-5d2a-bbb5-a5e44be0694c", "id": 11, "code": "VHD3V3", "public_name": "Liz Lewis-Lee", "avatar": null, "biography": "I am currently the CIO at the Washington State Department of Natural Resources. I have spent the majority of my career in state IT, from Operations to Security and now management. I was born and raised in the PNW, have two kids, two dogs, a cat and a husband.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/QUPP8Z/", "id": 110, "guid": "cd276ff9-8570-5632-94af-0901c3b4652b", "date": "2025-10-25T16:00:00-07:00", "start": "16:00", "logo": null, "duration": "00:15", "room": "Talk 1", "slug": "bsidespdx-2025-110-closing-remarks", "title": "Closing remarks", "subtitle": "", "track": "Talk 1", "type": "Remarks", "language": "en", "abstract": "Closing remarks", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c44082c1-ee65-5690-9261-5551ea9dea64", "id": 120, "code": "MUVFTW", "public_name": "BSidesPDX 2025 Organizers", "avatar": null, "biography": "BSidesPDX 2025 Organizers", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/TY88XJ/", "id": 117, "guid": "7b4fec73-009e-5ddc-ad20-a723e1e9f74f", "date": "2025-10-25T17:00:00-07:00", "start": "17:00", "logo": null, "duration": "03:00", "room": "Talk 1", "slug": "bsidespdx-2025-117-afterparty-ctrl-h", "title": "Afterparty @ Ctrl-H", "subtitle": "", "track": "Social Event", "type": "Other", "language": "en", "abstract": "PDX Hackerspace (Ctrl-H)\r\n7600 N Interstate Ave\r\nPortland, OR 97217\r\n\r\nTake the Yellow Line MAX to the N. Lombard Station - Parking is VERY limited\r\n\r\nhttps://maps.app.goo.gl/tw4NeRZEG9jMt8CG7", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c44082c1-ee65-5690-9261-5551ea9dea64", "id": 120, "code": "MUVFTW", "public_name": "BSidesPDX 2025 Organizers", "avatar": null, "biography": "BSidesPDX 2025 Organizers", "answers": []}], "links": [], "attachments": [], "answers": []}], "Talk 2": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/YTF7RW/", "id": 63, "guid": "12e9570e-b5c9-50e8-a48b-2e1d651bd910", "date": "2025-10-25T11:00:00-07:00", "start": "11:00", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-63-cracking-the-domain-evolution-of-active-directory-password-attacks", "title": "Cracking the Domain: Evolution of Active Directory Password Attacks", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "From LM hashes and rainbow tables to GPU rigs and Kerberoasting, the art of cracking Active Directory (AD) passwords has changed dramatically over the past two decades. What once took hours on a desktop can now be achieved in seconds with cloud GPUs and smarter wordlists. At the same time, attackers have shifted tactics\u2014favoring low-and-slow spraying, ticket roasting, and credential theft over brute force.\r\n\r\nThis talk traces the history of AD password cracking, exploring the techniques that defined each era and how defenses evolved in response. We\u2019ll walk through legacy weaknesses, modern attacks like AS-REP roasting, and the growing role of hybrid AD/cloud identity. Along the way, you\u2019ll see demos of cracking in action and gain a deeper appreciation of why old best practices (like complexity rules) don\u2019t hold up today.\r\n\r\nMost importantly, we\u2019ll cover practical steps defenders can take right now: from smarter password policies and banned password lists to detection strategies and long-term mitigations like MFA and passwordless authentication.\r\n\r\nWhether you\u2019re red team, blue team, or somewhere in between, you\u2019ll walk away with a clear understanding of how AD password cracking works, how it\u2019s evolved, and what you can do to stay ahead of the curve.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "57c6adb8-3e4c-5ff9-b394-18ef57d062b5", "id": 67, "code": "9BCZJ3", "public_name": "Zach Mead", "avatar": "https://cfp.bsidespdx.org/media/avatars/9BCZJ3_pSW0glg.jpg", "biography": "Zach is the founder of Harbor's Edge Consulting LLC, where he focuses on offensive security consulting and helping organizations strengthen their overall security posture. With over seven years of experience in the security world, he has worked across red teaming, penetration testing, and advisory roles to help organizations better understand and defend against modern threats. Zach is passionate about bridging the gap between offensive techniques and defensive strategies, and he enjoys sharing practical insights with the broader security community.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/RKFEPJ/", "id": 77, "guid": "1ee40759-ae5b-5694-801f-e1f64334b387", "date": "2025-10-25T11:30:00-07:00", "start": "11:30", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-77-from-suspicious-query-to-real-incident-deciding-when-endpoint-alerts-really-matter", "title": "From Suspicious Query to Real Incident: Deciding When Endpoint Alerts Really Matter", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Security teams drown in endpoint telemetry: processes spawned, commands executed, binaries triggered. But not every log line should become an alert, and not every alert should trigger a 2 a.m. wake-up call. The real challenge is knowing when a query result crosses the line from \u201cinformational\u201d to \u201cactionable.\u201d\r\n\r\nIn this talk, I\u2019ll walk through how different types of endpoint queries; single-process anomalies, correlated multi-event queries, and time-bounded patterns; map to thresholds that determine whether engineers should escalate or suppress. We\u2019ll explore practical heuristics for building alert thresholds that balance false positives and false negatives, tie signals back to MITRE ATT&CK techniques, and prioritize based on host and user context.\r\n\r\nUsing an open-source EDR as a demo environment, I\u2019ll showcase how raw suspicious process data can be transformed into high-confidence detections. The goal: give engineers and SOC analysts a framework for deciding not just what they can detect, but when they should start worrying.", "description": "Who: SOC analysts, detection engineers, incident responders, and security engineers designing endpoint detections.\r\n\r\nBackground helpful: Basic familiarity with endpoint telemetry (Windows/Linux process logs, Sysmon, EDR/XDR data). No need for deep reverse engineering or malware expertise.\r\n\r\nTakeaway: A mental model and practical heuristics for designing, tuning, and escalating endpoint detections without drowning in alert fatigue.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "538b440b-189e-5123-953b-51624ee19d33", "id": 82, "code": "P8LBE9", "public_name": "Udochi Nwobodo", "avatar": null, "biography": "Udochi Nwobodo is an Infrastructure and Product Security Engineer with over five years of experience securing large-scale systems at Adobe, Coinbase, and Juniper Networks. She has led efforts to design and deploy cloud security solutions, integrate security into product lifecycles, and build vulnerability management programs that scale with business needs.\r\n\r\nHer work spans cloud, container, application security and modern detection engineering. Beyond technical execution, Udochi focuses on strategic impact: enabling teams to balance speed with security, aligning detection thresholds with business risk, and turning raw telemetry into meaningful decisions.\r\n\r\nShe holds a Master\u2019s degree in Cybersecurity along with CISSP and CISM certifications. Udochi is passionate about bridging the gap between engineering and strategy, helping organizations move from reactive security to proactive resilience.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/ZRPCLV/", "id": 67, "guid": "63982940-8040-5e08-adb4-10bfe821b80a", "date": "2025-10-25T12:00:00-07:00", "start": "12:00", "logo": null, "duration": "00:40", "room": "Talk 2", "slug": "bsidespdx-2025-67-okta-detection-engineering-from-logs-to-detections", "title": "Okta Detection Engineering: From Logs to Detections", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "Okta is at the heart of identity for many organizations, which also makes it a prime target for attackers. For security engineers, the real challenge isn\u2019t just understanding Okta logs \u2014 it\u2019s turning them into reliable detections that catch threats without overwhelming the SOC with noise.\r\n\r\nThis talk provides a hands-on roadmap for building Okta detections from the ground up. We\u2019ll begin by breaking down the different types of Okta logs and classifying them into meaningful categories (authentication, application access, administrative actions, MFA events, etc.). From there, we\u2019ll show how multiple log types can be grouped to reveal attack patterns such as account takeovers, suspicious MFA bypasses, or privilege escalations.\r\n\r\nThe core of the session focuses on the detection design process itself:\r\n\r\nResearching and threat hunting to baseline your Okta environment.\r\n\r\nIdentifying the behaviors or signals you want to catch.\r\n\r\nMapping those behaviors back to specific log fields and event types.\r\n\r\nEnriching with user, device, and IP context to reduce noise and add clarity.\r\n\r\nTesting and tuning the detection to validate it in production.\r\n\r\nAttendees will walk away not just knowing what data Okta provides, but how to use that data to design, build, and test an effective detection end-to-end. Whether you\u2019re starting from zero or refining your existing Okta detections, this talk gives you a repeatable workflow for turning identity logs into actionable security signals.", "description": "Intermediate (security engineers, detection engineers, incident responders)", "recording_license": "", "do_not_record": false, "persons": [{"guid": "706c068e-1ad3-5128-97e0-f404a4b471bf", "id": 72, "code": "8WFQYU", "public_name": "Fevin George", "avatar": "https://cfp.bsidespdx.org/media/avatars/8WFQYU_ZuQW2zu.jpg", "biography": "Fevin George is a Senior Security Engineer on the Detection and Response Team at Remitly, where he focuses on building and refining detections, leading incident response, and driving proactive threat hunting initiatives across cloud-native infrastructure. With a background in digital forensics and incident response (DFIR), Fevin has investigated over 400 ransomware, insider threat, APT/nation-state intrusion, and cloud breach cases during his time as a Senior Consultant at Charles River Associates. His work also included supporting ransomware negotiations and advising clients across healthcare, finance, education, and technology sectors.\r\n\r\nFevin holds a Master\u2019s degree in Cybersecurity from the University of Maryland and a Bachelor\u2019s in Computer Engineering from the University of Mumbai. He is a GIAC Certified Forensic Analyst (GCFA), Offensive Security Certified Professional (OSCP), and a recipient of the SANS Lethal Forensicator Coin.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/EAZZL7/", "id": 98, "guid": "95ab851c-f7fc-5e99-9370-af9950c7b08f", "date": "2025-10-25T13:00:00-07:00", "start": "13:00", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-98-keeping-phi-out-of-the-model-practical-patterns-for-privacy-preserving-llms-in-healthcare", "title": "Keeping PHI Out of the Model: Practical Patterns for Privacy Preserving LLMs in Healthcare", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "LLMs are racing into clinics and back offices, but a single prompt, log or misstep can leak Protected Health Information (PHI) and erode trust. This fast paced, vendor agnostic talk shows how to ship useful Large Language Model (LLM) features in healthcare without violating privacy or slowing delivery. Instead of theory, we\u2019ll focus on what can go wrong across the LLM lifecycle (e.g. in training, prompts, logs, embeddings etc.) and how to think like an attacker. Then translate all of it into a pragmatic, privacy by design workflow you can adopt immediately. You\u2019ll leave with a concise blueprint, a threat to control matrix you can copy into your program, and a simple decision rubric for on-premises versus cloud deployments. If you own security, ML or compliance and need practical patterns, this session is for you!", "description": "Healthcare AI systems face two simultaneous pressures: deliver real utility (focusing on intake, documentation, triage and clinical guidance) and avoid exposing Protected Health Information (PHI) at any point in the lifecycle. This talk presents a practical, privacy by design workflow for Large Language Model (LLM) use in healthcare that teams can implement without stalling delivery.\r\n\r\nWe begin with a concise threat model that traces how PHI can leak during training, inference, logging and analytics. From there, we build a layered architecture: \r\n  (1) a deterministic de-identification pipeline that removes identifiers, tokenizes sensitive terms, and generalizes identifiers before prompts or training \r\n  (2) input, output and system guardrails that block prompt injection, redact emergent PHI, enforce tone/policy and create auditable traces\r\n  (3) Retrieval Augmented Generation (RAG) constrained to pre approved, up to date clinical sources to reduce hallucinations and citation drift\r\n  (4) a hosting decision rubric for on-device/on-premises vs cloud going over points like maximal control, scale etc. while also discussing relevant compensating controls\r\n\r\nOn top of that foundation, we cover where Privacy Enhancing Technologies (PETs) fit. This would go over Differential Privacy for training to resist membership/attribute inference, Federated Learning with Secure Aggregation to keep raw data local while learning across institutions, Confidential Computing for data in use protection at inference/training time, and Machine Unlearning to honor \u201cright to be forgotten\u201d events without full retrains. The aim is for attendees to leave with a minimal threat to control matrix, a rollout checklist and concrete patterns they can adopt in hospital or vendor environments.", "recording_license": "", "do_not_record": true, "persons": [{"guid": "441d4b2c-3ea6-5d2c-8abd-3e4f877eddd9", "id": 98, "code": "NZGH3S", "public_name": "Anoop N.", "avatar": null, "biography": "I\u2019m Anoop Nadig, a security engineer with seven years of experience. I specialize in Cloud and Application security, with professional interests in automation, threat modeling, and \u201cshift-left\u201d practices.\r\n\r\nOutside of work, you\u2019ll often find me on a hiking trail, at a live concert, or supporting security conferences and community initiatives.", "answers": []}, {"guid": "f6d65944-7ee6-5afd-a620-0b05eb4a6acf", "id": 104, "code": "TJZRTH", "public_name": "Snahil", "avatar": null, "biography": "Snahil is a cybersecurity professional with over a decade of experience in the software security industry. Her work spans biometric authentication and access control systems, IoT security, AI and ML infrastructure protection, applied cryptography and software supply chain security. She champions inclusive growth in security through mentoring, organizing technical events and speaking across industry and academia, opening doors for new voices and turning ideas into practice.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/QNBEK7/", "id": 92, "guid": "a9880cf5-48bd-5d3a-8a73-c314c3755a50", "date": "2025-10-25T13:30:00-07:00", "start": "13:30", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-92-the-hardware-procurement-iceberg-a-framework-for-keeping-embedded-research-fun-cheap-and-ethical", "title": "The Hardware Procurement Iceberg: A Framework For Keeping Embedded Research Fun, Cheap, and Ethical", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "The last decade has been revolutionary for making embedded security research intellectually and financially accessible for thousands of curious minds around the world. Just by watching YouTube recordings of talks and reading blogposts from individual tinkerers and security firms alike, one can quickly start making a splash in a research area that was formerly thought to be prohibitively expensive and required lots of prerequisite knowledge.\r\n\r\nPan back to you: you saw the title of this presentation, and thought it was interesting. You have a $5 multimeter, a crusty soldering iron, a few bootleg debug adapters, and a wallet full of lint and toothpicks, but not a lot of bread. Where to now?\r\n\r\nThis talk presents the Hardware Procurement Iceberg (not coincidentally modeled off of the iceberg meme template): three distinct visualizations that show off different ways to procure (see: legally purchase and own) hardware to probe and modify for the sake of vulnerability and security research. Each visualization lays out various procurement methods measured by cost effectiveness, ethicality, and ease, which is left to the audience as to which route they choose to take.\r\n\r\nWhether it be eBay, GovDeals, or somewhere more obscure/exotic, this talk walks through all possible routes to find your desired router, medical equipment, ICS/SCADA device, or whatever you fancy to complete your end-to-end research testbed.", "description": "Any and all novice to intermediate hardware security researchers that want to improve their workflows by testing bugs/throwing PoCs at live physical targets.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c31ead47-63f2-55f2-ba50-7bd34de9aea4", "id": 95, "code": "H7ASQQ", "public_name": "yltsi", "avatar": "https://cfp.bsidespdx.org/media/avatars/H7ASQQ_qMxDPNW.png", "biography": "yltsi spends his time during business hours conducting product security research for a large technology company. Outside of that, he spends an overwhelming amount of time quenching his curiosity with web, mobile, game, and embedded security research for the spirit of the craft, as well as electronics reverse engineering and repair. He is a pro-gratis bug hunter and live hacking enthusiast, having taken 1st place in DistrictCon's inaugural Junkyard EOL PwNATHON competition in 2025 and given a talk at DEF CON Skytalks long ago.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/AJD8HP/", "id": 72, "guid": "ee5683c6-2716-5139-a4d4-e877928a3f32", "date": "2025-10-25T14:00:00-07:00", "start": "14:00", "logo": null, "duration": "00:40", "room": "Talk 2", "slug": "bsidespdx-2025-72-kidnapping-a-library-how-ransomware-taught-the-british-library-to-follow-well-known-best-practices", "title": "Kidnapping a Library: How Ransomware Taught the British Library to Follow Well-Known Best Practices", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "In 2023 one of the largest libraries in the world fell victim to a ransomware attack. Their online catalogs were down for months, and the cost of recovery exceeded eight million dollars. In March 2024 the Library posted a detailed 18-page account of what happened and what they learned from the experience. I studied the full report so you don\u2019t have to.\r\n\r\nIf the analysis contains any surprises, it\u2019s that there are no real surprises: the problems the British Library faced are common to many businesses, and the improvements the Library developed in response to the attack are reassuringly familiar best practices. We know how to reduce risk from ransomware.\r\n\r\nThis 35-minute talk draws from the Library\u2019s report to summarize the attack and explain how security controls such as network monitoring capabilities, multi-factor authentication, defined intrusion response processes, holistic risk management, and cyber-risk awareness at senior levels would have made a difference for the British Library-\u2013and might in your company too.", "description": "This talk is for a general audience interested in understanding how a specific ransomware attack unfolded at a major cultural institution.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "60d80db8-9ae1-5f6f-a8bc-f4c750f8374f", "id": 27, "code": "9YJEVF", "public_name": "Brian Myers", "avatar": "https://cfp.bsidespdx.org/media/avatars/9YJEVF_Mq4kMvq.jpg", "biography": "Brian Myers (PhD, CISSP) has 20+ years of experience spanning software development and information security. He built the first application security program at WorkBoard and served as HIPAA Security Officer at WebMD Health Services, helping them achieve HITRUST certification. As an independent consultant, he assists organizations with SOC 2, HIPAA compliance, and secure development practices. He regularly speaks at security conferences about practical approaches to security implementation and governance\r\n\r\nMore at https://safetylight.dev", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/XWLBHM/", "id": 90, "guid": "9a2448f5-51a3-5307-ab6c-8eac92133afd", "date": "2025-10-25T15:00:00-07:00", "start": "15:00", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-90-from-assistant-to-adversary-when-agentic-ai-becomes-an-insider-threat", "title": "From Assistant to Adversary: When Agentic AI Becomes an Insider Threat", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "This talk explores the converging risk factors that could transform helpful AI systems into potential security threats within organizations. We examine three critical ingredients that create this vulnerability: increasing capability, expanding agency, and exploitable motivation. As AI task capabilities surpass human performance in some domains, organizations naturally grant these systems greater autonomy and access privileges\u2014mirroring how we treat valuable human employees. However, current AI systems remain fundamentally gullible, lacking robust skepticism when faced with indirect prompt injections and social engineering techniques. This talk will analyze how these three factors interact to create novel security challenges.", "description": "This is a technical presentation connecting concrete examples of generative AI system attacks to the ramifications viewed through the lense of agents as insider threats. While the audience doesn't need to have deep understanding of LLMs, the presentation will cover some basic aspects of how LLMs work and why that translates to gullibility, and give examples of agentic systems with dangerous agency.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "235b0998-b9f3-53eb-aea7-d12d3c5ca891", "id": 93, "code": "YHLFSY", "public_name": "Jason Martin", "avatar": "https://cfp.bsidespdx.org/media/avatars/YHLFSY_22xJZVd.jpeg", "biography": "Jason is Director of Adversarial Research at HiddenLayer, where he explores how the latest AI security research intersects with practical application. Jason was amongst the earliest researchers to recognize the need for AI security, founding the Secure Intelligence Team in Intel Labs in 2016 to research AI security and privacy threats and defenses. For 20+ years Jason has covered such diverse security topics as CPU microcode, authentication and biometrics, trusted execution environments, wearable technology, and network protocols, resulting in over 40 issued patents and several high profile research papers in adversarial machine learning and federated learning. When he\u2019s not working Jason is either lost in the Pacific Northwest camping and hiking with his family; or he is lost in a technical project involving 3D printing, microcontrollers, or designing holiday lighting displays synchronized to music.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/SD9L8Z/", "id": 59, "guid": "029dcb43-7300-5966-90b9-fa741cd927b8", "date": "2025-10-25T15:30:00-07:00", "start": "15:30", "logo": null, "duration": "00:20", "room": "Talk 2", "slug": "bsidespdx-2025-59-towards-agentic-incident-handling", "title": "Towards Agentic Incident Handling", "subtitle": "", "track": "Talk 2", "type": "Presentation", "language": "en", "abstract": "As automation and orchestration become key components in security operations, their limitations are becoming equally apparent. Static workflows and predefined playbooks often fall short when facing novel threats or when responders are overwhelmed by false positives and incident fatigue. Agentic solutions\u2014where large language models (LLMs) operate as autonomous or semi-autonomous agents\u2014arises then as a promising evolution. \r\n\r\nThis talk will explore the spectrum of AI-enabled assistance, starting with simple LLM usage for text-based tasks and moving toward autonomous multi-agent systems designed to handle complex, dynamic security scenarios. We will highlight both the opportunities and the challenges: while LLMs are accessible through simple chat interfaces, applying agentic solutions to real-world incident handling requires thoughtful orchestration, integration with tools, and recognition of inherent limitations.\r\n\r\nExamples will be provided, including email Security Agents implemented on top of workflow orchestration frameworks. \r\n\r\nAttendees will gain insight into the technical, operational, and human factors needed to responsibly adopt agentic solutions in security. By the end, they will better understand how to balance ambition with practicality, and how to begin experimenting with agent-driven incident response in their own environments.", "description": "Incident responders, threat analysts, threat researchers, SOC managers, and practitioners interested in the intersection of AI, agents, and security.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "76d59f88-6c3d-5376-89a8-4d9ada32652a", "id": 64, "code": "ZRB8LP", "public_name": "Cristian Fiorentino", "avatar": null, "biography": "Cristian Fiorentino is a Systems Engineer with over 20 years of professional experience in designing, building, and securing enterprise distributed systems. He specializes in cybersecurity and security detection systems, with a career spanning app-sec, security validation and architecture, as well as incident handling, automation and threat detection.\r\n\r\nAs an enthusiast of artificial intelligence, he is particularly interested in the intersection of AI and security, exploring how agentic systems and large language models can enhance detection, response, and resilience.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop A": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/FWLJ7B/", "id": 42, "guid": "eaf8be4e-b9d3-5eec-b8c1-f81595ca2a74", "date": "2025-10-25T11:00:00-07:00", "start": "11:00", "logo": null, "duration": "02:00", "room": "Workshop A", "slug": "bsidespdx-2025-42-capture-the-flag-ctf-with-hints", "title": "Capture The Flag (CTF) With Hints", "subtitle": "", "track": "Workshop A", "type": "Workshop", "language": "en", "abstract": "Capture the flag (CTF) exercises can be great practice and fun. However, sometimes things get complicated. Even the best of us may sometimes be lost, move in the wrong direction or get frustrated. In this workshop, not only are we giving you an overview and access to several CTF exercises, you are also provided hints (in case you need some). This way, everybody who shows up and spends some time can successfully complete some CTF exercises.\r\n\r\nInstruction for attendees:\r\nBring a laptop.\r\n(It is nice if you can ssh via terminal. Otherwise have a browser ready.)\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "Short descriptions of some of our CTF exercises can be found at https://edurange.org/scenarios.html", "recording_license": "", "do_not_record": false, "persons": [{"guid": "a7b61ef2-bf17-542d-943a-2e7aeb3fc46e", "id": 47, "code": "RLVWMH", "public_name": "Jens Mache", "avatar": null, "biography": "I teach cybersecurity at Lewis & Clark. My certifications include SANS/ GIAC Certified Intrusion Analyst (GCIA), Penetration Tester (GPEN), Incident Handler (GCIH). \r\nCollaborators include Richard Weiss (Evergreen State), Jack Cook, Taylor Wolff, Ishan Abraham, Ryder Selikow, Julia Scott, Joseph Granville, and Justin Wang.", "answers": []}, {"guid": "a0b30d57-d34b-59ff-90fa-806d18a620d2", "id": 48, "code": "PF9SSG", "public_name": "Richard Weiss", "avatar": null, "biography": "Richard Weiss has been at the Evergreen State College since 2005. He has a Ph.D. in mathematics from Harvard University. His research has included cybersecurity education, computer vision and robotics, applications of machine learning, computer architecture. He was a research faculty member in Computer Vision at the University of Massachusetts for 15 years.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/AX3LJT/", "id": 47, "guid": "49e90432-0d67-5b0a-af72-ec67e8e28f83", "date": "2025-10-25T14:00:00-07:00", "start": "14:00", "logo": null, "duration": "02:00", "room": "Workshop A", "slug": "bsidespdx-2025-47-long-range-cheap-comms-through-meshtastic", "title": "Long range, cheap comms through Meshtastic", "subtitle": "", "track": "Workshop A", "type": "Workshop", "language": "en", "abstract": "Learn how to configure, use, and abuse long-range, cheap communication devices through Meshtastic, without a license! Talk to friends, control remote devices, gather remote sensor data - all at low power use, low cost, with encryption.\r\n\r\nThis workshop is designed for experience levels ranging from 0/5 to 2/5:\r\n\r\n* Beginner: never touched Meshtastic\r\n* Intermediate: installed Meshtastic, played with the app, messaged people\r\n\r\nSpecifically, we\u2019ll cover:\r\n\r\n* Hardware involved, mild theory\r\n* Configuration and set-up\r\n* Messaging and interacting with others\r\n* Working with telemetry and sensors\r\n* Basic walkthrough of controlling remote devices\r\n* Show and tell of several projects that use Meshtastic\r\n* How to keep advancing after the workshop\r\n\r\nFor the price of admission ($50), you\u2019ll receive hardware you\u2019ll be working with at the workshop, that you will keep:\r\n\r\n* Heltec v3\r\n* 4000mAh battery\r\n* Temperature/humidity/barometric pressure sensor\r\n* GPS sensor\r\n* A custom case to house all of the above \r\n* An ultrasonic distance sensor\r\n* Stickers\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "93a48523-28f2-5cba-856a-3de6dd51c488", "id": 39, "code": "3CQLYE", "public_name": "Slava I. Maslennikov", "avatar": "https://cfp.bsidespdx.org/media/avatars/3CQLYE_6OCIAsr.jpg", "biography": "Slava holds a general-level license for Amateur Radio. When away from Meshtastic and HF, he manages DevOps, SRE, and Cloud teams - or provides consulting services in these fields. He has two orange cats and by now is probably one himself. Either get him a beer or a job - he\u2019s currently unemployed.", "answers": []}, {"guid": "b169976b-fc6c-526e-9ba2-c1c0595ba13a", "id": 52, "code": "LEZJ3D", "public_name": "Ryan", "avatar": null, "biography": "Ryan is a Senior Infrastructure Engineer in aerospace who spends his days keeping critical systems running and his nights tinkering with homelab projects that definitely don't always work on the first try. After years in the public sector and nonprofits learning that uptime matters most when the people are your end users and networks span multiple sites, he recently made the jump to the private sector where the stakes are just as high but the scale is... different. \r\n\r\nHe believes in learning by doing, especially by taking the hard way, and is always happy to chat about the \"why\" behind the tech we use every day, things like: why containerization, IaC, or why your homelab *really* needs 10Gb, 25Gb, or hell 100Gb networking. Fixing your motorcycles or car wrong is also part of the same journey, don't discount how deep the rabbit hole goes.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop B": [{"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/LRA3HH/", "id": 25, "guid": "46ccf01f-d641-5d94-9633-df54a3645158", "date": "2025-10-25T11:00:00-07:00", "start": "11:00", "logo": null, "duration": "02:00", "room": "Workshop B", "slug": "bsidespdx-2025-25-tabletop-exercises-de-cryptid", "title": "Tabletop Exercises De-Cryptid", "subtitle": "", "track": "Workshop B", "type": "Workshop", "language": "en", "abstract": "In this hands-on workshop, you'll learn to design intelligence-driven exercises using the Hero's Journey storytelling format. We'll explore how to transform generic \"bad thing happened, now what?\" scenarios into compelling stories that energize players and highlight real gaps. \r\n\r\nYou'll walk away with:\r\n\u2022\tA draft tabletop scenario outline tailored to YOUR organization\r\n\u2022\tPractical techniques for incorporating adversary tradecraft using MITRE ATT&CK Navigator\r\n\u2022\tFacilitation skills for managing the room, asking the right questions, and avoiding common pitfalls\r\n\r\nPlease bring a laptop if possible.\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "Engineers seeking buy-in for their security recommendations, managers building team cohesion, leaders dusting off IR plans, or anyone who thinks work should be more fun (because, let\u2019s face it, security is stressful).\r\n\r\nNo prior exercise experience required - just bring your organization's context and a willingness to think like an adversary. Whether you're planning for 3 people or 30, this workshop offers the tools to create exercises that prepare your team for the inevitable.\r\n\r\nPlease bring a laptop if possible.", "recording_license": "", "do_not_record": true, "persons": [{"guid": "3241850a-cf03-540b-8f0d-ee27a5a167c9", "id": 32, "code": "MQNKER", "public_name": "Chloe Tucker", "avatar": null, "biography": "Chloe Tucker is an intelligence-driven information security professional with a focus on learning experience design. As a hybrid human risk and threat intelligence specialist, she spends most of her time trying to understand who's doing what, when, why, and how. She's designed & facilitated over 35 exercises in the past 3 years and is passionate about meeting people where they're at, facilitating conversations, and drinking tea. She also has a smattering of certifications (CISSP, GCTI, GCIH, GSEC).", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.bsidespdx.org/bsidespdx-2025/talk/UJPGWQ/", "id": 70, "guid": "5c438c4b-f802-5c9b-bdcb-58cfb37120b0", "date": "2025-10-25T14:00:00-07:00", "start": "14:00", "logo": null, "duration": "02:00", "room": "Workshop B", "slug": "bsidespdx-2025-70-introductory-firmware-reverse-engineering", "title": "Introductory firmware reverse engineering", "subtitle": "", "track": "Workshop B", "type": "Workshop", "language": "en", "abstract": "We will be taking a look at a photo printer firmware for no particular purpose other than having fun and learning something. We will start by downloading a firmware update from the manufacturer's website, continue with figuring out firmware update format and start digging into the code. We will be using free and open tools, we will be introducing common reverse engineering principles and learning firmware and microcontroller concepts. We'll go as slow as necessary and will get as far as we can in the time allotted.\r\n\r\n\u26a0\ufe0f Important:\r\nWorkshops require registration via this link: https://square.link/u/LYlZ89gC\r\n(Registration will open at 12:00 Noon PDT, on Friday, October 10th)", "description": "The goal of this workshop is to introduce common reverse engineering principles to wide audience. Beyond C  programming basics, no other experience is required to follow along. The target firmware is an RTOS running on an ARM application processor, but that doesn't matter. We will be relying on Ghidra and its decompiler as our main reverse engineering tool.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "0611d8b1-06ec-5dd7-81db-c1044728e7a0", "id": 75, "code": "7CTWFA", "public_name": "Aleks Nikolic", "avatar": null, "biography": "Aleks is a security researcher with a primary focus on finding memory corruption vulnerabilities in widely used server-side and client-side software. \r\n\r\nAleks\u2019 previous published research topics have included fuzzer augmentation techniques, mitigation bypass techniques, and Internet-wide vulnerability scans. In his spare time he likes to tinker with devices around him and has previously published writeups of his reverse engineering efforts of useless cameras, obsolete car systems and x-ray imaging.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}