BSidesSF 2025 — Here Be Dragons

April 26-27, 2025 · San Francisco, CA · 89 talks

San Francisco’s premier community security conference. 89 talks covered with full articles, word-level timestamps, and Dr. Zero reviews.

→ See editor’s top picks at BSidesSF 2025 — Here Be Dragons

• Understanding IRSF Fraud: Protecting Against International Revenue Share Fraud — Vien Van, Senthil Sivasubramanian

  International Revenue Share Fraud (IRSF) is a largely unknown but financially devastating attack vector in which fraudsters abuse SMS and voice OTP endpoints to generate traffic to premium-rate…

• Your Intrusion Detection Still Sucks (And What to Do About It) — Jason Craig

  Detection and response teams are drowning in low-fidelity alerts, letting attackers dwell for ten to fifteen days on average before detection. Jason Craig, Director of Detection and Response at…

• How to Train Your Detection Dragon — Geet Pradhan

  Building a detection and response pipeline from scratch is less a technology problem than a design and communication problem. Geet Pradhan, a security engineer speaking from hard-won experience…

• CISO Series Podcast LIVE! — David Spark, Andy Ellis, Alexandra Landegger

  Recorded live at BSidesSF 2025 in a movie theater in San Francisco, the CISO Series Podcast tackled four substantive topics: the real barriers to entering cybersecurity, the contested value of the…

• Slaying the Dragons: A Security Professional's Guide to Burnout and Resilience — Kirill Boychenko

  Modern software applications are 70–90% open-source by composition, making package ecosystems an irresistible attack surface. Kirill Boychenko, senior threat intelligence analyst at Socket, walked…

• Trust Engineering: Building Security Leadership at Early-Stage Startups — Mike Privette

  Being the first security hire at a startup is fundamentally different from enterprise security — it is a business leadership role that happens to do security. Mike Privette's "trust engineering"…

• The Four Tribes of Security Champions — Marisa Fagan

  Security Champions programs are not a monolith — there are four distinct program archetypes, and applying the wrong one to a given organizational culture is a primary reason programs fail. Marisa…

• Blank Space: Filling the Gaps in Atomic and Composite Detection — Merav Bar, Gili Tikochinski

  Threat intelligence for cloud environments is systematically incomplete — the industry reports IPs, hashes, and domains while leaving cloud-specific indicators of compromise undocumented and…

• The Power of Persuasion: Better Security Through Manipulation? — Nate Lee

  Security professionals spend most of their careers trying to influence people — engineers, executives, end users — who don't report to them and don't have to care. Nate Lee surveys the psychological…

• Trawling for IOCs: Catching C2 in a Sea of Data — Moses Schwartz

  Detection engineering today scales linearly with headcount — more rules require more engineers, and the backlog compounds. Moses Schwartz from Google Security Operations presents a data-driven…

• There and Back Again: Discovering OT Devices Across Protocol Gateways — Rob King

  Operational technology (OT) devices — the PLCs, SCADA systems, and field devices controlling physical infrastructure — are increasingly reachable over IP networks, often with no authentication…

• Follow the Trace: How Traditional AppSec Tools Have Failed Us — Kennedy Toomey

  Traditional application security tools — SAST, DAST, WAFs — each carry significant blind spots that produce high false-positive rates and slow development teams. Kennedy Toomey, application security…

• Navigating the Unknowns: Fraud Mitigation for Netflix Live Events — Aditi Gupta, Yue Wang

  When Netflix began streaming live events in 2023, its Trust and Safety team faced a fraud problem without historical precedent: no baseline traffic patterns, conflicting priorities between user…

• Sharing Vulnerabilities — Clint Gibler

  In his fifth BSidesSF talk, Clint Gibler — security researcher and author of the TLDRsec newsletter — makes a case that interpersonal skills, emotional intelligence, and the willingness to be…

• Everyday AI: Leveraging LLMs for Simple Security Tasks — Matthew Sullivan, Dominic Zanardi

  Instacart's infrastructure security team built a suite of LLM-powered automations to tackle identity and access management problems that deterministic code could not solve — access request…

• Can Cyber Mercenaries and Human Rights Defenders Coexist? — Bill Marczak, Cooper Quintin, Eva Galperin

  The panel's opening answer — "no" — barely scratched the surface of a decade-long arms race between spyware vendors and the researchers chasing them. Cooper Quintin (EFF), Bill Marczak (Citizen…

• Light in the Labyrinth: Breach Path Analysis for Anyone — Parker Shelton

  Security teams are not Theseus navigating the maze — they are Daedalus, having built a complex environment in which they are themselves lost. Breach path analysis, implemented as a security graph…

• Centralizing Egress Access Controls Across a Hybrid Environment — Ramesh Ramani

  When applications running across Kubernetes clusters, multiple clouds, and on-premises data centers each manage their own egress rules, the result is a fragmented, unauditable mess. Ramesh Ramani, a…

• Radical Results: A Security Org's Version of Radical Candor — Evan Johnson

  Security teams are notoriously hard to evaluate — there are no quarterly numbers to hit, no obvious product ships, and success is often defined by things that don't happen. Evan Johnson, co-founder…

• Future-Proof Your Security: AI-Powered Detection and Response — Jay Sarwate, Alok Tongaonkar, Prutha Parikh, Ketan Nilangekar

  AI in cybersecurity is not new, but the arrival of generative AI has fundamentally changed who can use it and what it can be applied to. A panel of practitioners from Cohere, Palo Alto Networks, and…

• Log In Through the Front Door: Automating Defense Against Credential Attacks — Barath Subramaniam

  Attackers increasingly bypass technical defenses entirely by using stolen credentials to simply log in as legitimate users — a technique implicated in one out of every three breaches. Barath…

• Decentralized Communications: Deep-Dive into APRS and Ham Radio Security — Ankur Tyagi, Mayuresh Dani

  APRS (Automatic Packet Reporting System) and Meshtastic represent two fundamentally different approaches to decentralized, infrastructure-independent communication — one optimized for range and open…

• Enhancing Secret Detection in Cybersecurity with Semantic Analysis — Danny Lazarev, Erez Harush

  Regex-based secret detection generates too many false positives, misses context-dependent secrets, and can't keep pace with the explosion of new API integrations. Researchers Danny Lazarev and Erez…

• State of AppSec (Panel) — Seth Law, Ariel Shin, Lakshmi Sudheer, Ken Johnson

  At BSidesSF 2025, an experienced AppSec panel examined where application security has genuinely improved, where it remains stubbornly broken, and how AI-driven development is reshaping both the…

• Shadow IT Battlefield: The CyberHaven Breach and Browser Extension Security — Rohit Bansal, Zach Pritchard

  The December 2024 CyberHaven breach — in which attackers phished a developer's Google credentials, abused OAuth to upload a malicious Chrome extension, and compromised a data-loss prevention tool…

• WHOIS Your Daddy: Tracking Iranian-backed Cyber Operations Through Infrastructure — Austin Northcutt

  Starting from just four malicious domains attributed to Iranian state-sponsored threat actor MuddyWater, DomainTools solutions engineer Austin Northcutt used passive DNS pivoting and name server…

• Into The Dragon's Den — Jacob Salassi, Michele Freschi

  After years leading product security at a major SaaS database company during its China expansion, Jacob Salassi and Michele Freschi share the hard-won mental models they developed for operating in a…

• One SOC, The Whole SOC, and Nothing But The SOC, So Help Me — Carson Zimmerman

  Carson Zimmerman, architect of Microsoft's Security Operations Center and author of MITRE's *Eleven Strategies of a World-Class Cybersecurity Operations Center*, argues that SOCs fail not from lack…

• The Growing Crisis in CVE Data Quality — Jerry Gamblin

  The CVE program is the backbone of global vulnerability management — but its data quality is deteriorating under the weight of exploding volume, underfunded enrichment, and minimal publishing…

• How to Tame Your Dragon: Productionizing Agentic AI Systems for Security — Thomas Vissers, Tim Van Hamme

  Post-doctoral security researchers Thomas Vissers and Tim Van Hamme from KU Leuven walked through four fundamental reasons LLMs are "powerful yet unreliable," demonstrated a live prompt injection…

• Versus Killnet — Alex Holden

  Alex Holden of Hold Security delivered a gripping first-person account of how his firm infiltrated and dismantled the Russian hacktivist group Killnet by targeting its financial backer — a…

• The Art of Cybersecurity Mastery: From Entry-Level to Staff+ — Florian Noeding

  Adobe Principal Security Architect Florian Noeding drew on fifteen years of experience — from econophysics to software engineering to bug bounty hunting to product security — to deliver a practical…

• Data Splicing Attacks: Breaking Enterprise Data Loss Prevention — Vivek Ramachandran, Audrey Adeline

  Researchers from Square X introduced a new class of attack they call "data splicing" — five distinct techniques that systematically bypass both endpoint DLP and SASE/SSE proxy DLP solutions by…

• How to Pull Off a Near Undetectable DDoS Attack Using DNS — Simon Wijckmans

  Simon Wijckmans, founder of c/side (formerly Csides), demonstrated how an attacker could build a nearly undetectable DDoS botnet using nothing but malicious JavaScript running in legitimate human…

• Threat Modeling Meets Model Training: Web App Security Skills for AI Red Teams — Breanne Boland

  Breanne Boland, a product security practitioner at Gusto, made a practical and encouraging case that security professionals who already know web application security fundamentals have most of what…

• Dragging Out Dragons: Slaying Hidden Threats in Residential Networks — Christo Roberts

  Residential and mobile IP proxies — services that route malicious traffic through ordinary home internet connections and cell phones — are far harder to detect than datacenter proxies and are…

• Charting the SSH Multiverse — HD Moore

  SSH was once considered a solved problem, but since 2023 it has become a hotbed of novel vulnerabilities, backdoors, and implementation quirks spanning dozens of incompatible forks and third-party…

• Inside the Information Stealer Ecosystem: From Compromise to Cash-Out — Olivier Bilodeau

  Information stealer malware — a category that requires no admin rights, leaves no persistence, and can exfiltrate an entire computer's credentials in one shot — has become the backbone of the modern…

• 15 Years of BSidesSF (Anniversary Panel) — Reed Loden, Ricky Lawshae, Steve Christey Coley, Tania McClain, Meghan Manfre

  Five core BSidesSF organizers — some with a decade-plus of involvement — gathered for a candid, AMA-style retrospective on 15 years of running one of the Bay Area's most beloved community security…

• The Product Security Imperative: Lessons from CISA — Jack Cable

  Jack Cable, who spent two years at CISA leading the Secure by Design initiative before delivering this talk, made the case that the software industry is still building products riddled with…

• Adventures & Findings in ISP Hacking — Ian Foster

  A hobbyist offensive security engineer found that two Bay Area ISPs had left their control plane networks fully accessible to customers — one due to missing VLANs, the other through a chain of…

• Secure Designs, UX Dragons, Vuln Dungeons: The Art of Secure Product Design — Mike Shema, Kalyani Pawar

  Recorded live as episode 328 of the Application Security Weekly podcast, this panel-style talk argues that secure design failures are primarily organizational rather than technical — companies…

• Plays Incident Response — Maya Kaczorowski, Whitney Merrill

  Maya Kaczorowski and Whitney Merrill turned their BSidesSF session into a live incident response tabletop, walking the audience through a realistic vendor data breach scenario at a fictional fintech…

• Mind vs Machine: The Role of Human Psychology in AI-Driven Security — Anubha Nagawat, Ashutosh Gupta

  Security controls fail not just because of vulnerabilities but because of behavior — human and machine alike. Anubha Nagawat and Ashutosh Gupta examine the psychological patterns that trip up…

• Care and Feeding of HSMs: Key Management in Hard Mode — Nick Pelis

  Hardware Security Modules (HSMs) are the right answer for protecting high-value cryptographic keys — but operating them in practice is a catalog of operational disasters waiting to happen. Nick…

• Uncharted Minds: Mental Health in Cybersecurity (Panel) — Peter Coroneos, Deidre Diamond, Kayla Williams

  Burnout in cybersecurity is not just feeling overwhelmed — it is a neurological phenomenon recognized by the World Health Organization, with three specific clinical dimensions that predict…

• Slaying Dragons Together: Women in Security (Panel) — Stanley Barr, Mary C Yang, Leslie Z Anderson

  MITRE researchers Stanley Barr and Leslie Anderson, alongside marketing strategist Mary Yang, used the origin stories of MITRE ATT&CK and MITRE Engage to illustrate a broader thesis: complex…

• Decoding GraphQL: How to Map Hidden Attack Surfaces — Antoine Carossio, Tristan Kalos

  Tristan Kalos and Antoine Carossio, co-founders of the API security company Escape, scanned the top one million domains on the internet, discovered nearly 200,000 exposed GraphQL APIs, and found an…

• Mind the Gap: Career Transitions in Security (Panel) — Josh Liburdi, Elle McKenna, Sarai Rosenberg, Andrew Kline

  Four security practitioners — a senior security engineer, a cloud security manager at Netflix, a security and IT leader at a 200-person startup, and a DoorDash security operations engineer — spent…

• The Silent Breach: Security Threats in Google Workspace — Rex Guo, Khang Nguyen

  Khang Nguyen of Cominate, in collaboration with Shu Jang Wang at Obsidian Security, walked through three real-world Google Workspace attack scenarios — Chrome extension backdooring via OAuth…

• AppSec as Glue (Panel) — Mukund Sarma, Tad Whitaker, Sarah Liu, Ariel Shin, Jacob Salassi

  Application security teams cannot scale through individual heroics alone — they scale by acting as organizational glue, building relationships with engineering, platform, detection, and business…

• Preparing for Dragons: Don't Sharpen Swords. Set Traps, Gather Intel. — Adrian Sanabria

  Most organizations are overwhelmed not by sophisticated adversaries but by distraction — an ever-expanding threat landscape amplified by vendor marketing, exotic CVEs, and side-channel attacks that…

• Hack, Patch, Repeat: Insider Tales from Android's Security Team — Maria Uretsky, Camillus Cai

  Android's attack surface is far larger than most researchers appreciate — it spans Google, AOSP, OEMs, carriers, chipset vendors, and third-party apps, all under a multi-party consent model enforced…

• Scalably Securing Third-party Dependencies in Large Codebases — Ziyad Edher, Chris Norman

  Supply chain attacks are now the most effective way to compromise highly secured environments, because everything else has gotten harder. Ziyad Edher and Chris Norman from Anthropic's security team…

• Lessons from Running a Product Security-Focused Bug Bounty Program — Aditya Saligrama, Joey Holtzman

  Stanford's Applied Cyber group runs a product security clinic that has engaged with dozens of student startups over the past year and a half — and found critical vulnerabilities in essentially every…

• CyberCAN: A Roadmap for Municipal Support of Cybersecurity — Sarah Powazek, Shannon Pierson

  Researchers Sarah Powazek and Shannon Pierson from UC Berkeley's Center for Long-Term Cybersecurity surveyed 68 San Francisco nonprofits and found that 85% had suffered at least one cyberattack…

• When AI Goes Awry: Responding to AI Incidents — Eoin Wickens, Marta Janus

  When an agentic AI system deletes a database and exfiltrates data in the middle of the night, organizations discover they have no playbook, no adequate logging, and no clear owner for the incident…

• One Search To Rule Them All: Threat Modelling AI Search — Kane Narraway

  Enterprise AI search tools like Glean consolidate access to every connected data source behind a single query interface — and that consolidation is precisely what makes them a high-value security…

• Compliance Without the Chaos: Building It Right Into Your DevOps Pipeline — Varun Gurnaney

  Compliance teams are stuck running painful, manual evidence-collection cycles while the DevOps pipelines they rely on already generate exactly the data they need. Varun Gurnaney argues that…

• Trace to Triage: How to Connect Product Vulnerabilities to Security Paths — Ben Stav

  Application security teams sit on a goldmine of runtime context that could transform how they triage findings — and most of them don't know it exists. Ben Stav from MIGO makes the case that…

• Not Every Groundbreaking Idea Needs to Become a Startup — Ross Haleliuk

  The cybersecurity industry has convinced itself that venture-backed startups are the only path to solving security problems — and that assumption is quietly strangling hundreds of niche but…

• Resilience in the Uncharted AI Landscape — Ranita Bhattacharyya

  Building resilient AI systems is not a post-deployment afterthought — it requires hundreds of small, deliberate decisions made from the earliest design stages. Ranita Bhattacharyya frames resilience…

• Let's Talk About the AI Apocalypse — Dylan Ayrey

  Dylan Ayrey, creator of TruffleHog and CEO of Truffle Security, delivers a hands-on workshop demonstrating that the ingredients for building a self-replicating, ransomware-spreading AI worm already…

• 0.0.0.0 Day: Exploiting Localhost APIs From The Browser — Gal Elbaz

  The IP address `0.0.0.0` is an 18-year-old bug hiding in plain sight — a single address that bypasses every browser-based private network protection ever built. Gal Elbaz, co-founder and CTO of…

• GenAI Application Security: Not Just Prompt Injection — Ahmed Abugharbia

  GenAI application security is not a completely new field — it is classical security applied to a new architecture. Ahmed Abugharbia, a security researcher and SANS instructor, argues that the key to…

• Mapping the SaaS Attack Surface — Jaime Blasco

  Attack surface management has long focused on infrastructure and cloud — but when 90% of an organization's applications are SaaS, the attack surface is mostly things the security team does not own…

• Service Mesh Security: Shifting Focus to the Application Layer — Daniel Popescu

  After years of failed attempts to bolt security onto Yelp's service mesh at the infrastructure layer, security group tech lead Daniel Popescu and his team pivoted to the application layer — using…

• Something's Phishy: See the Hook Before the Bait — Malachi Walker

  DNS forensics is one of the most underutilized tools in threat hunting and incident response. Malachi Walker from DomainTools argues that by treating domains as characterizers, connectors, and…

• Tracking the World's Dumbest Cyber Mercenaries — Cooper Quintin, Eva Galperin

  EFF researchers Cooper Quintin and Eva Galperin have spent nearly a decade tracking Dark Caracal — a cyber mercenary operation linked to Lebanon's General Directorate of General Security that…

• Fireproof Your Castle with Risk-First GRC — Aakash Yadav, Lindsey Pilver

  Most GRC programs start with compliance frameworks and work backward to risk — a sequence that reliably misses the actual threats to the business. Lindsey Pilver and Aakash Yadav from Roblox's…

• Don't Sh*t-Left: How to Actually Shift-Left — Ahmad Sadeddin

  Most "shift-left" security programs fail not because the concept is wrong, but because organizations mistake tool deployment for cultural change. Ahmad Sadeddin, founder and CEO of Corgea, argues…

• Cloud Security Podcast LIVE! — Ashish Rajan, Jackie Bow, Kane Narraway

  A live recording of the Cloud Security Podcast brought together Jackie Bow (Anthropic's threat detection engineering lead) and Kane Narraway (Canva enterprise security lead) to debate how defenders…

• Third-party Risk Management: SOC 2s, Security Questionnaires, and Beyond — Eleanor Mount

  Eleanor Mount, a GRC professional and security risk and compliance manager at Ansa, delivered a frank dissection of why third-party risk management programs consistently fail to deliver on their…

• Is Vulnerability Management Dead? A Security Architect's Take — Snir Ben Shimol

  Snir Ben Shimol, CEO and co-founder of Zest Security and a veteran of Varonis and Prisma Cloud, argued that traditional vulnerability management is broken — not because the tools are bad, but…

• Effective Handling of Third-Party Supplier Incidents — Kasturi Puramwar

  Kasturi Puramwar, incident response manager at Equinix, laid out a comprehensive cross-functional framework for handling third-party supplier incidents — arguing that the IR team alone cannot manage…

• Using AI to Discover Silently Patched Vulnerabilities in Open Source — Mackenzie Jackson

  Mackenzie Jackson of Aikido Security described research that used LLMs to monitor open-source changelogs at scale, discovering 550 undisclosed vulnerabilities in 2024 — 67% of which never received a…

• Securing AI Agents: Challenges and Solutions — Naveen Konrajankuppam Mahavishnu, Mohankumar Vengatachalam

  AI agents — autonomous systems that reason, plan, and take real-world actions — introduce an entirely new attack surface that existing security frameworks were not designed to address. Mohankumar…

• AI's Bitter Lesson for SOCs: Let Machines Be Machines — Jackie Bow, Peter Sanford

  The detection and response team at Anthropic built an AI-assisted investigation platform called Clue in roughly three months using Claude as both a co-engineer and runtime investigator, without any…

• Confidential Computing: Protecting Customer Data in the Cloud — Jordan Mecom

  Confidential computing uses hardware-backed Trusted Execution Environments (TEEs) combined with remote attestation to cryptographically prove how customer data is processed — shifting trust away…

• Netsec is Dead(?): Modern Network Fingerprinting for the Darknet — Vlad Iliushin

  Network fingerprinting — characterizing clients, servers, and connections from TCP/IP and TLS handshake data — is a practical, passive, non-noisy technique for detecting mass scanners, identifying…

• Fire, Brimstone, and Bad Security Decisions — Wendy Nather

  Security's deepest problems are not individual mistakes but structural decisions made long ago that were probably correct at the time and have never been fully revisited. Wendy Nather, drawing on…

• Lex Sleuther - A Novel Approach to Script Language Detection — Aaron James

  Script language misidentification is a quiet but costly failure mode in large-scale malware analysis pipelines — at CrowdStrike's processing volume, even a 10% miss rate translates to hundreds of…

• Fake Hires, Real Threats: When Background Checks Aren't Enough — Mabel Soe

  North Korean IT workers have been systematically infiltrating tech companies — including small startups — by constructing elaborate fake identities, passing background checks with stolen U.S…

• The Hidden Access Paths to Smaug's Cavern — Ben Arent

  Developers and SREs accumulate access the way Tolkien's Smaug accumulates treasure — and the hidden pathways they create to get their jobs done become the backdoors that attackers exploit. Ben…

• AI Won't Help You Here — Ian Amit

  The security industry's obsession with generative AI is producing expensive, unreliable outcomes in domains that require precision — including vulnerability remediation — while well-understood…

• Don't Trust, Verify! - How I Found a CSRF Bug Hiding in Plain Sight — Patrick O'Doherty

  A decade-old CSRF protection library called Gorilla CSRF contained a bug in which the entire same-origin enforcement code path was effectively inert in production — because it only ran when the…

• A Deep Dive into the Triad Nexus Pig Butchering & Money Laundering Operation — Zach Edwards

  Zach Edwards, senior threat analyst at Silent Push, exposed Triad Nexus — a Chinese-operated CDN called Funnel that serves as critical infrastructure for large-scale investment scams, money…

• Intro to Privacy-Enhancing Technologies (PETs) — Harshal Shah

  Harshal Shah, a senior software engineer, delivered a practical primer on Privacy-Enhancing Technologies (PETs) — a family of cryptographic techniques including Fully Homomorphic Encryption (FHE)…

• Round and Around We Go: Interviews, What Do You Know? — Erin Barry

  Erin Barry, VP of Security Talent at Code Red Partners, brought a year's worth of real hiring data from 30 security engineering and leadership placements to debunk myths and lay out hard truths…