-
Opening Talk
- Martin Hron
-
Do Not Build The Torment Nexus
- Eva Galperin
-
From Prompt To Pwn:
Abusing Browser Small Language Models
- Eyal Arazi
-
Adventures In Router Firmware
Through Dynamic Taint Analysis
- Ravshan Rikhsiev
-
JA3/JA4+ Hashes: A "Secret" Fingerprint
Identifying Bots And Scrapers
- Miloslav Homer
-
Building Deception At Scale:
Automating Honeypots With Autonomous AI Agents
- Yotam Perkal & Gil Maman
-
Malware Evasion:
Packers, Loaders, And Why Your EDR Misses Them
- Massimo Bertocchi
-
Prompt, Pwn, Profit: A $30k Deep
Dive Into AI Agent Vulnerabilities
- Vasyl Spachynskyi
-
Exploit Is In The Logic: Reversing An Android
Application To Hack Transactions On An NFC Tag
- Luigi Gubello
-
Harder, Better, Faster, Stronger: Because
"FROM Ubuntu:latest" Is A Supply-Chain Horror Story
- Vojtech Trcka
-
How Infostealers Slipped Through EDRs: Process
Doppleganging By IDAT Loader For Over 18 Months
- Niranjan Jayanand & Archana Manoharan
-
Inside The Fortress:
Attacking RFID Access Control Systems
- Marco Sanchez
-
The CSI Hijack:
Default Kubernetes Storage Drivers Exploitation
- Shaul Ben Hai and Karan Bamal & Idan Nagar
-
Ghost In The Script: Impersonating Google
App Script Projects For Stealthy Persistence
- Bleon Proko & Jakub Pavlík
-
Cloud Agent To Physical Access:
How Cursor Unlocked My Front Door
- Roi Nisimi & Ari Marzuk
-
(Security) Operations Fuckups
- Nicol Daňková
-
Blind The Kernel: Subverting
Integrity Checks Via Semantic Asymmetry
- Tejaswini Sandapolla
-
Hunting Malicious Domains At
Scale With AI-Augmented OSINT
- Zohar Buber
-
The Forgotten Fingerprint:
OSINT Through DNS TXT Record Analysis
- Rishi C.
-
Who Defends The Defenders?
EDR Killers Landscape Boom
- Tomáš Zvara & Radek Jizba
-
CLOSING KEYNOTE
- Louis Nyffenegger
-
Closing Day 1
- Martin Hron
-
Opening Day 2
- Martin Hron
-
Role Of Security Expert
During Cognitive Revolution
- Dmitrijs Trizna
-
The Agents Of Chaos:
AI Driven Malware Generation
- Arad Donenfeld
-
Breaching The Perimeter: The Forgotten
Attack Vector That Always Works
- Jiří Vaněk & Chris Cowling
-
Forked And Owned: Taking Over GitHub
Repositories Via A Single Pull Request
- Roi Nisimi & Ari Marzuk
-
Abusing The Ordinary:
New COM-Based Windows Attack Vectors
- Marco Balzarin
-
Mad Data Science For Practical
C2 Detection - The Talk
- David Szili & Eva Szilagyi
-
1 Click, 0 Warnings: Hijacking Mic,
Camera & GPS Via Browser UI Blindspots
- Armaan Pathan
-
Painless IOS App Pentesting
- Khayal Farzaliyev
-
Beyond Classic Detections: Unlocking
The Full Potential Of EDR Telemetry
- Dylan Guerville
-
What An "Exploitable CVE" Really Means:
Moving Beyond CVSS Scores
- Eryx Paredes
-
Uncovering SAP BTP Attack Vectors,
Before Someone Else Does!
- Waseem Ajrab
-
Decoding Chinese State-Sponsored Cyber Activity:
Behavioral Models For Early Detection And Effective Threat Hunting
- Nathaniel Jones
-
LLMs For Vulnerability Fixing:
Hype Or Reality?
- Edouard Viot
-
LazarOps: APT Tactics Targeting
The Developers Supply Chain
- Diogo Machado
-
From Input To Impact:
Prompt Injection In Production Pipelines
- Mackenzie Jackson
-
Call Me By Your [User]Name:
Modern Identity-Centric Attacks
- Lucie Kadlecova
-
RTFM - Read The Fatal Manual: When
Documentation Creates Critical Misconfiguration
- Martin Sohn Christensen
-
So You Want To Write A Book? Writing
About AI Security For No Starch Press
- Harriet Farlow
-
Closing Bsides 2026
- Martin Hron
-
Airport Security! - S01 E008:
Breaking Into Your Baggage
- Héctor Cuevas Cruz
-
Last Night A DJ Erased My Drive
- Mathew Caplan
-
The Great Train Robbery:
Hacking Like It’s 1855
- Paul Zenker
