• Ian Levy

From protecting a country to security guard in a bookshop

Ian has spent more than 35 years in security. As a youngster, Ian had equipment confiscated for abusing X.25 PADs and the systems connected to them. He had a 25 year career in GCHQ, the UK signals intelligence and security agency, including setting up the UK’s National Cyber Security Centre and is now a Distinguished Engineer at Amazon. He will talk about some of the things he’s learned over the years, what he still desperately wants to change about the security industry, and will almost certainly poke fun at many things as well.

• Natalie Silvanovich
• Seth Jenkins

A 0-click exploit chain for the Pixel 9

Attackers are often reported to target mobile devices with 0-click exploits, but limited information is available about how such exploits work on modern Android devices. This talk will explain how Project Zero exploited two vulnerabilities to compromise a Google Pixel 9 remotely without user interaction.

The chain starts with a vulnerability in an audio decoder used across the Android ecosystem. We will describe how we exploited this bug without device feedback and demonstrate how we escaped the media codec sandbox to gain privileged access to the device. The techniques we’ll share are broadly applicable to Android devices.

Finally, we’ll share what we learned from this project, what went right and wrong with Android mitigations, and how mobile device vendors can further protect their devices against these types of attacks.

• Danielle Aminov

Auths Gone Wild: When ‘Authenticated’ Means Anyone

“Public access - off” should mean safe, right? Not when a wildcard principal sneaks into Terraform or a quick-start template letting any logged-in account including yours, mine, or a stranger’s access your sensitive data.

We ran a large-scale, cross-cloud hunt for this quiet misconfiguration, testing it in AWS, Azure and GCP and measuring how often it shows up in real environments. The flaw is sneaky: anonymous requests are getting blocked, yet any authenticated account can still perform actions such as list, get, or even put objects, letting a quick browser check trick you into thinking the bucket is private. Our data shows that more than 15% of cloud environments had at least one bucket publicly exposing sensitive data. As for the remaining 85%, “not public” doesn’t always mean private. Further analysis revealed that many of these supposedly restricted buckets still exposed sensitive information unintentionally and included configuration files, code, and AI models.

In this talk we’ll outline our scan approach, present the headline numbers and walk through our methodology for detecting risky buckets.

• Darius Houle

Making Myself at Chrome: Stealthy Local Backdoors for Signal, 1Password, Slack, and more

Electron applications use the Chromium engine’s V8 heap snapshot mechanism to improve app startup time. Unlike bundled code, snapshots are not signed, allowing attackers to plant stealthy backdoors in a valid code-signed application using a tailor-made malicious snapshot. Signal, 1Password, and Slack were previously all vulnerable to this attack, despite enabling Electron’s strictest integrity checking and code-signing features. Even more concerning, this vulnerability extends beyond Electron to potentially affect all Chromium-based applications including Chrome itself.

Attendees will learn how attackers can exploit CVE-2025-55305 in vulnerable applications to achieve unsigned code execution. Also discussed are implications for offensive tradecraft, the potential for abuse in the wider Chromium ecosystem, why application integrity is challenging to maintain in practice, and what developers can do to protect their applications from similar attacks.

• Leah Siskind

Defending Democracy from the Bottom Up: State Response to Federal Retreat on Foreign Influence

The federal government is systematically dismantling critical foreign influence monitoring capabilities—slashing CISA's election security programs, dissolving DOJ's Foreign Influence Task Force, gutting ODNI's Foreign Malign Influence Center, and defunding State's Global Engagement Center. This leaves a massive gap in America's defenses against hostile foreign interference operations targeting our infrastructure, elections, and information environment. This roundtable explores how states, cities, and the private sector must step up to fill this void. We'll examine Texas's new Hostile Foreign Adversaries Unit as a model, debate what state-level foreign influence monitoring should look like, and tackle thorny questions about information sharing, legal authorities, and coordination. Can decentralized defense work? Should tech companies play a bigger role? How do we avoid creating 50 different approaches to the same threat? The feds are walking away from this fight—it's time to figure out who's stepping up.

• Trey Keown

No Heatsinks Allowed

A love letter to the low-resource misfits clogging our junk drawers.

Through vintage tech and today's simple devices, we trace the evolutionary lines that underlie the world of technology around us and probe at the limits of computation - not in terms of speed, but in terms of simplicity. We will end with a special showcase of "Wait, it runs DOOM?" (Yes. Yes it does.)

• Aviv Yahav

When Security Products Become the Target

WAFs are built to stop attackers - yet subtle flaws can turn them into new attack surfaces. This session walks through two critical bugs in a major enterprise firewall, including a cryptographic failure that enabled forged admin sessions, detailing the reverse engineering process from discovery to exploitation and mitigation.

• Michael Grube

Dendrite: An Evolving, Decentralized Bot Swarm

Dendrite is an evolving, decentralized botnet that can create code to meet the needs of the network operator. Dendrite works as a single cohesive system and can execute arbitrary learning tasks over its network.

• Andrew Whittaker

The Next Chapter of the Pall Mall Process: Building Accountability in the Cyber Intrusion Industry

After the successful negotiation of a Code of Practice for States setting out commitments and recommendations for states as responsible regulators and customers of the commercial cyber intrusion industry, the Pall Mall Process is now turning its attention to complementary measures for the industry itself. This roundtable (with representatives from states, industry and civil society) will provide an opportunity to discuss the recently-released findings of a widespread consultation and the implications of these for the development of a Code of Practice, just before negotiations begin. What is the right balance of carrot and stick in fostering a responsible CCIC industry? What are examples of good practice that companies should be putting in place to prevent irresponsible activity? And how do we ensure that measures taken do not have unintended consequences?

• Marc Newlin

Why does my battery have Bluetooth?

Custom protocols are the best protocols? This talk tells the story of reverse-engineering the communications and DFU protocols on Anker power banks in order to push malicious firmware updates over BLE. We'll look at how the protocols were implemented on the different MCUs and the Android app, the hilariously verbose logging, and the process of YOLO-updating modified firmware images without a fallback plan. Before a live demo, we'll look at the disclosure process and the firmware changes Anker implemented to mitigate the vulnerabilities.

• Ali Ahmad

Attacking File System Minifilters - A Case Study of cldflt.sys

This talk walks through a deep technical exploration aimed at discovering a privilege escalation vulnerability in the Windows ecosystem, targeting a specific component for Pwn2Own Berlin 2025. It will begin with an overview of the Windows architecture and set the stage for a focused dive into the Cloud Filter technology — a lesser-known but rich area of the operating system.

Attendees will learn about the attack surface exposed by the Cloud Filter and how it fits into the broader Windows security model. The talk outlines the strategies and tools used during the bug hunting process, shedding light on both methodology and mindset. It also includes a survey of past vulnerabilities from 2020 and 2025 related to this component, offering context and patterns that informed the research.

A detailed examination of four memory corruption vulnerabilities—each tied to the same underlying issue—provides insight into common pitfalls and exploitation opportunities. It will conclude with a research retrospective discussing lessons learned and what could be improved in future vulnerability discovery efforts.

• Brian Reilly

Control the Variables and You Control the Code: Language-Level Vulnerabilities in Adobe ColdFusion

Adobe ColdFusion is still around in 2026 and can be found in some of the key sectors of the DC Metro area and around the world. Maybe you haven’t thought about ColdFusion in years, maybe it's a sore tech debt subject, or maybe it plays a role in your favorite old pentest story (IYKYK). And if you've never heard of ColdFusion you can just think of it as another dynamic scripting language that runs on the JVM.

Variables: how do they work? In this talk I’ll walk through a few recent language-level vulnerabilities in ColdFusion, including some attack vectors that are being publicly disclosed here, that allow attackers to control variables that they should not be able to control and control program flow as a result. ColdFusion stores variables in defined scopes, but some of these scopes are known sources of tainted data and user-controlled input such as URL parameters and POST data. Other variable scopes, such as global application settings and server configuration values, are considered to be protected values that developers will assume are safe. But when we can tamper with values used for authentication, security decisions, file I/O, and other sensitive actions, the results can be unexpected and severe. You’ll get an understanding of how the ColdFusion compilation and runtime work, where and how the vulnerabilities can occur, and how they can be exploited.

• Paul Tagliamonte

Paging all radio curious hackers!

Devices communicate all around us. We may first think of WiFi or Bluetooth connected devices but plenty of devices still use simple RF protocols to communicate. I'll demonstrate how to blind demodulate some restaurant pagers using Software Defined Radios (SDRs) assuming some programming knowledge but very little radio-specific knowledge, and transmit (live) to set one off.

• Grace Menna

Leveraging Hacker Skillsets to Maintain Democratic Norms

Our Nation is undergoing change, and a growing body of citizenry wishes to maintain our traditional democratic norms through this change. What can hackers do with their skillsets of gathering and processing information, understanding information systems, and leveraging technology for amplified impact to aid these causes? If hackers were available to non-profit organizations and other causes what would they do to assist? Does there exist a body of cybersecurity legal experts willing to lend expertise to guide and shield these efforts?

• Hila Ramati
• Gili Tikochinski

IMDS Abused: Hunting Rare Behaviors to Uncover Exploits

Cloud metadata services like IMDS and VM metadata are designed to deliver short-lived credentials safely and conveniently, but they’ve also become a favored target for credential theft and privilege escalation. In this talk we show how large-scale anomaly detection across diverse cloud environments surfaced hidden abuse patterns in IMDS usage, leading us to identify programs that unintentionally enable SSRF as well as a previously unknown zero-day in the wild. We’ll walk through our hunting methodology, distill what “normal” IMDS access looks like versus tell-tale anomalies like rare processes, sensitive paths, and suspicious contexts, and finish with a very cool finding we found using this methodology.

Attendees will leave with a hands-on hunting methodology, lessons learned from real incidents, and an actionable defensive playbook to protect their own environments.

• John Cipriati
• Joe Dussault

Beyond Static: Augmenting Static Analysis with Dynamic Traces and Statistical Insights

This talk will present our novel, open-source Ghidra plugin, Catalyst. Catalyst leverages user-provided program traces to augment traditional static analysis workflows. By statistically analyzing changes in control flow the tool uncovers insights not readily visible through static techniques alone. Specifically, it quantifies the execution frequency of basic blocks which can help researchers categorize code paths by giving them another metric to correlate with inputs and events that occur at runtime. A program may exercise all possible code paths during a trace which can make it difficult to understand what parts of the program correspond to specific inputs or events using standard code coverage explorers. Correlating the frequency of each basic block with the inputs given to a program tells the reverse engineer what parts of the code correspond to those inputs. Catalyst also computes the entropy and frequency distribution of branch sequences to highlight complex changes in control flow.

Beyond statistical metrics, Catalyst provides other utilities such as resolving indirect branches using trace data, significantly improving accuracy in control flow reconstruction, and differential analysis across multiple execution traces, enabling comparative studies of program behavior under varying inputs or environments. These capabilities offer a powerful complement to static analysis, equipping researchers with actionable information about code paths that merit deeper investigation if they have the ability to run and instrument the program. We will demonstrate Catalyst’s features and the applicability of these techniques in reverse engineering real-world software.

• -- --

Policy Roundtable 4 [INVITE ONLY]

• Travis Goodspeed

Exploring USB DFU

The Device Firmware Upgrade class is the USB standard protocol used for reading and writing firmware. It's used in laptops, cameras, two-way radios, phones, and microcontrollers. In this talk I'll introduce you to the protocol, its bugs and its incompatible dialects, and my new tool for exploring devices and dumping firmware.

• nyx -
• ☁ Maxie ☁

Hotel Room Monitoring for Extreme Paranoiacs - And You Too

Guests staying at a hotel have a reasonable expectation of privacy according to US law and court precedent. In practice, however, that does not make hotel rooms safe environments. Hotel door locks are riddled with security vulnerabilities, deadbolts are often software-controlled, physical safeguards are easily bypassed when there is no one inside, and access to the room is required by the hotel for housekeeping and emergency purposes. This leaves plenty of opportunity for unexpected visitors such as cops, thieves, stalkers, and literal evil maids, to gain access. Without the ability to prevent entry a guest’s only reasonable option is to festoon the room with sensors and redundant cameras.

This talk will discuss some prior art in securing and monitoring hotel rooms and the challenges in deploying sensors and and network infrastructure in a space we do not and cannot control. We’ll then move on to recommending specific hardware and software solutions and will announce the release of a toolkit that makes deploying such systems as accessible as possible to people who may not be used to rolling their own surveillance.

• Zion Leonahenahe Basque

Your AI Is Only as Smart as Your Decompiler: Binary Hacking in the Age of LLMs

In the aftermath of DARPA’s AIxCC, one thing has become clear: LLMs are now powerful enough to identify 0-days and fix them at scale, but these systems rely almost entirely on high-quality source code. Give them binaries without source code and their program comprehension collapses.

Decompilation should bridge this gap by recovering source from binaries yet today’s decompilers often produce lossy, misleading code that sends LLMs down the wrong path. In this talk I connect lessons from AIxCC with ongoing research in binary decompilation, showing that enabling LLM-driven cyber reasoning on binaries requires more than “best-effort” guessing and demands high-fidelity, near-source recovery.

Using case studies from autonomous patching, I demonstrate how even small decompilation errors derail otherwise capable LLMs and how improving decompilation quality directly boosts success rates. Finally, I present two open-source tools: the angr decompiler and our improved AIxCC PatcherY patching system which has been preliminarily extended to work on binaries. Together they chart a path toward a future where LLMs can reason about and repair software even when source is nowhere to be found.

• Erik de Jong

No web interface, no problem! Pwning mesh routers through cloud management

With more and more devices moving away from web interfaces for management to app- and cloud- based configuration this opens up a different attack surface. In this session I'll go through the process of reverse engineering the binary protocol used to manage TP-Link Deco devices remotely in order to craft an exploit for a vulnerability identified through the management app.

• Daniel Ridge

Neither: The space between bug and feature

A discussion of digital sprue, system design choices that are neither bug nor feature but the scaffolding that makes a product manufacturable. Exploitation through this pathway is key 'unmanufacturing'. From a new technique for code execution on the original IBM PC through the keyboard port to microprocessor microcode update mechanisms, these facilities don't need expert reverse engineering to discover - in fact many are documented.

We will reflect on the present reality that datasheets are no longer harder to reason about than binary images and that hacking bonanzas like the PC keyboard, JTAG, BadUSB, and over-the-air wireless firmware updates are not just good luck, but inevitable.

• Steven Salerno

Android WLAN: A Journey From QCACLD to SCSC

OEM kernel drivers continue to be a lucrative target for attackers looking to gain access to the wide range of Android devices in the wild. While WLAN is typically sought after for remote access, it can also be valuable for local attackers. In this presentation we’ll cover one of these attack surfaces that is often overlooked and present multiple issues that have been disclosed. We’ll also discuss how it’s often helpful to take everything you’ve learned to a fresh code base to reduce the time to finding that first bug.

• Mary Brooks
• Tim Starks
• Kim Zetter

Meet the Press: Hacker Edition

The relationship between hackers and the press has historically been fraught. Reporters shape how hackers are perceived, with broad latitude to amplify certain stories and ignore others. Yet most hackers rarely get a chance to see how journalism actually works—or how they might influence the narratives that define them.

This event invites hackers and technologists in the audience to hear directly from some of the country’s leading cybersecurity journalists. Instead of being written about, they’ll get to ask hard questions, probe assumptions, and gain insight into the process behind headlines, interviews, and editorial choices.

What drives reporters’ decisions? How are sources’ identities protected? How do editors frame a breach or a discovery? Why do some stories land on the front page while others never see the light of day?

Through candid conversation on stage, followed by a moderated Q&A from the floor, this discussion will unpack the rules of engagement between the hacking world and the media. Listeners will walk away with practical insight into how stories about hacking are formed and how they can be reshaped.

Come for a rare chance to peek behind the curtain of the press, and to better understand how to tell your own stories when the moment is right.

• Nikita Shah

Competing in Cyberspace: The Hackers' View

Despite countless national strategies, technical innovations, and countering adversaries in cyberspace, we remain as insecure and vulnerable as ever. China is emerging as a new class of adversary through its ability to exploit systemic weaknesses in other societies’ infrastructure, whilst cyber crime continues rampant. This raises fundamental questions as to how states respond. Yet, as the US and UK head into new national cyber strategies, current policy thinking feels stuck, not progressing beyond the notion that adversaries can be ‘deterred’ through more offensive cyber.

In a contested domain, securing cyberspace isn’t just about ‘defeating’ or ‘deterring’ adversaries, but about choosing where to compete, to build genuine advantage. This roundtable proposes a discussion to bring the hacker’s perspective into fresh thinking on building ‘strategic advantage’ in cyberspace, comprising two parts: 1) what does competing with adversaries look like for hackers, if they could compete without constraint, and with a high-risk appetite in cyberspace? How would they do this in a way that has meaning and impact against the systems or assets that adversaries value, and that allows the US and UK to get ahead? 2) How would this differ between state adversaries, and high-sophistication cyber criminals, as different types of adversary?

• Yu-Jye Tung
• Giyeol Kim

Binary Observability: Revealing Hidden Runtime Information with Static Binary Reassembly

Software observability is crucial for understanding a complex program. Typically, software engineers embed observability code throughout their program's source code so that at program runtime they can observe hidden internal states (e.g., in the form of log files) to assist in fixing bugs or performance issues.

For hackers who analyze binary programs, access to the corresponding source code is often impossible. Therefore, when analyzing a binary program what a hacker can observe is limited to the runtime information intended for all users. Although one can attach the binary program at runtime to a debugger to observe hidden runtime information, programs such as malware commonly contain anti-debugging code to thwart such attempts. Other programs such as firmware are difficult to attach to a debugger since they interact with specialized hardware.

In this talk we introduce our static binary reassembly tool called Uroboros, open sourced at https://github.com/s3team/uroboros. It is capable of embedding observability code post-compilation into 32- or 64-bit, statically- or dynamically-linked, position independent (PIE) or position dependent (no PIE) binary programs compiled for various architectures (x86, x86-64, and ARM Thumb mode). Join us to explore how Uroboros embeds hacker-specified observability code into all kinds of gnarly binary programs!

• Matthew Wollenweber

Defending New Orleans from a Private Spy Network

There are 5,000 private spy cameras in New Orleans, operated by a former New Orleans Police Department officer without any oversight or accountability. Project Nola uses banned Chinese facial recognition technology to spy on every man, woman, and child in New Orleans. The network was created to bypass local privacy ordinances and can target people based on race, clothing, and tattoos. Based on recent Supreme Court rulings, race, clothing, and tattoos are enough to be targeted by ICE. As Trump threatens to invade New Orleans, we detail how local activists track the spy network, advance legislation, and change policy.

• Anna Staats

Oh How The Turntables: A Discussion of Railway Security

The digitization of railway systems has brought an increase in efficiency and connectivity to rail infrastructure, but has also introduced the potential for cyber attacks as legacy systems and modern solutions intertwine. This open roundtable discussion will bring together DistrictCon attendees to examine current cyber vulnerabilities and mitigation strategies for rail networks. Recent incidents, including vulnerabilities in end-of-train braking systems in the US, ransomware attacks on backend infrastructure in Italy which lead to the suspension of in-station ticket sales and halting of freight services, and Wi-Fi service attacks in the UK that shut down public internet in 19 stations, underscore the urgent need for robust and adaptive security strategies.
Participants will explore the technical, operational, and policy challenges involved in protecting modern train systems, including legacy infrastructure and interjurisdictional collaboration issues. Key questions will include: How can railway operators detect and respond to cyber threats in real-time? What role should public-private partnerships play in building resilient transport networks? What proactive ways can the railway industry and security researchers collaborate to enhance railway cybersecurity standards?
This session aims to foster an open, multidisciplinary dialogue that identifies practical solutions and encourages collaboration across industries. With railways being critical to national security and economic stability, understanding and addressing cyber risks is not only a technological necessity but also a societal imperative. The roundtable will conclude with actionable recommendations for policymakers and industry leaders.

• Martin Wendiggensen

Recon-Nuisance? - AI Agents at the top of the kill-chain

AI Agents are already transforming offensive security from vulnerability finding to command and control, but the top of the cyber killchain has received less attention. This may be because reconnaissance remains a challenging mix of working with unstructured and structured data to identify points of leverage based on capability and target set. So how good at it are agents? Are they about to be integrated into fully autonomous systems or just a nuisance in the threat landscape? This talk will explore these questions by diving into real-life data stolen from Russian enterprises by Ukrainian hacktivists. It will showcase agentic AI systems that automate a classical reconnaissance cycle, showing both state-of-the-art performance but also identifying areas for improvement.

• Xeno Kovah

Reverse engineering RTL8761B* Bluetooth chips, to make better Bluetooth security tools & classes

We hold this truth to be self-evident: SUFFERING BUILDS STRENGTH! In this talk I will walk you through the trials, tribulations, and triumphs of the worst debugging setup I've ever hacked together, used to reverse engineer the Realtek RTL8761B* family of Bluetooth chips.

This work was done because Bluetooth security tools are in an abominable state. We use "CSR4" (Cambridge Silicon Radio) dongles that don't support packets newer than Bluetooth 4.0 (released in 2010), just to be able to spoof their BDADDR, which is an occasional requirement for performing MITM attacks.

Veronica Kovah & I have been creating Bluetooth security classes for OpenSecurityTraining2 (https://ost2.fyi). We wanted to improve the situation and to ideally support BT 5.4, released in 2023. I bought a bunch of cheap dongles off Amazon and found that most of them used the same RTL8761B* chips. The goal was clear to, at a minimum, figure out a way to spoof the BDADDR on these dongles. I also a set out a nice-to-have stretch goal to figure out how to use these dongles to send custom LMP packets which are architecturally not meant to be under full user control. That way I could replace a bulky & expensive $55 dev board, which is only used for BT Classic, with a cheap and small $14 USB dongle which has a better antenna to boot! This would make Blue2thprinting cheaper & better.

Bloodied, but not broken, by the ordeal, I achieved my goals and stretch goals. And given that there are no public descriptions of how Realtek Bluetooth chips work I look forward to sharing hitherto-unknown information about how to navigate and understand these MIPS16e-using systems and how their ROM-"patch"ing firmware update mechanism works, and the security implications thereof.

• Chi-en (Ashley) Shen

Knife Cutting the Edge: Dissecting A Gateway Surveillance & MitM Framework

Routers and other edge devices sit at the center of surveillance and espionage campaigns. As threat actors increase efforts to compromise these devices, it is crucial to understand the tools that enable traffic inspection, manipulation, and covert delivery on network gateways. Our research uncovers a framework that links mobile and desktop malware with gateway-based man-in-the-middle attacks used in surveillance campaigns.

This session shows how our hunt, starting from an exploit-delivery framework, led to the discovery of this tool, a gateway surveillance and MitM platform. The framework has seven ELF components that perform deep-packet inspection, traffic manipulation, and deliver malware via routers and other edge devices. We will explain its TTPs for: (1) serving as an update C2 for Android and Windows backdoors; (2) DNS and application-layer hijacking of APK and EXE updates, including delivery of backdoors; (3) selective disruption of security traffic; (4) IP-camera replay attacks; and (5) continuous user-activity reporting from the gateway.

We will walk through our hunting methodology, reverse engineer the framework, and demonstrate how we emulate the exploit delivery framework. Attendees will learn:
- How threat actors use modular implants to weaponize routers and other edge devices, outlining techniques that target both mobile and desktop traffic.
- Hunting approach, C2 tracking, indicators, and detection approach.

• Lena Cohen

How a Handful of Location Data Brokers Actively Track Millions, and How to Stop Them

Over the past few years, investigations have revealed how a handful of companies gather, store, and sell the location data of millions of devices—and by extension people—worldwide. These location data brokers often rely on technologies which power the online advertising industry. Their buyers include both law enforcement and private investigators who merely claim they work with law enforcement. To make matters worse, location data brokers have been subject to breaches which put the privacy of millions at risk. In this roundtable, we will explore the technologies, data flows, and industry players which comprise this complicated ecosystem. We'll cover some basic steps you can take to protect yourself from the wide array of location privacy harms your device subjects you to. Lastly, we'll outline and discuss the policy changes that are necessary to stop location data brokers and take back control of our devices.

• Alice Bibaud
• Amelia Shapiro

Negative Space: a JTW continuation project

Negative Space is a tool that automatically identifies hair-trigger content removal patterns over time. Originally developed at Jump the Wall by River Crabs, our initial implementation across two platforms, 81.cn and yicai.cn, validates the methodology's effectiveness in detecting censorship through character frequency analysis. Here we explore what happens when you have consistent access to power, more time, and more dedicated infrastructure to "Jump the Wall".

• -- --

Junkyard

• Caleb Queern
• Slava Maslennikov

Shelter from the Typhoon: Last-resort comms with Meshtastic and SLIM

Volt Typhoon is built for quiet pre-positioning and noisy disruption. When critical infrastructure is stressed and traditional communication networks wobble, continuity depends on what we’ve prepared—not what we hope still works. This talk delivers a practical playbook to keep teams communicating under deliberate degradation: Meshtastic for last-mile, low-power mesh when there’s no service, plus Structured Low-bandwidth Information Markup (SLIM) for text-first pages that load over austere links.

This talk will show field-tested patterns like Meshtastic channel design, keys and OPSEC, range planning, power hardening, and gateway tactics to bridge islands. It will also threat-model likely failure modes including last-mile outages, ISP filtering, and power constraints. Using SLIM you’ll see single-fetch pages that render quickly when bandwidth is in limited supply. We'll share a draft standard that costs little to implement in advance of austere network conditions.

Attendees will learn how to build a 72-hour communications go-kit with parts lists, configurations, and checklists for a technical approach to delivering content when bandwidth is scarce. Prepare now; reduce disruption later.

• Natalie Somersall

There I FIPS'd It - misadventures in federal cryptography

Cryptography seems deceptively simple until you get into implementation. Tempted by shortcuts to save money, organizations ship something "just good enough" to pass compliance checks. This happens all the time working with the public sector and companies in highly-regulated industries making new products or trying to enter the market for the first time. Just when you think you've done everything right, a teeny tiny detail can become a security disaster waiting to happen, introducing vulnerabilities that are difficult to spot and even harder to mitigate.

This talk will be a tour of the most common footguns found in the field made by folks who are sure they've done it right, with live demos, example code, and the tools used to find these.

• Dan Bocknek

The Ethical Consideration of AI Agents in Offensive Workflows

AI agents and agentic workflows are becoming a prevalent method for implementing autonomous workflows. In cybersecurity specifically, where private companies bear the burden of defense, agents will likely play a critical role in defense that bleeds into what has traditionally been viewed as “offense”, even with guardrails in place. As the private offensive security landscape is shifting to a more legally and politically permissive posture (see Google’s Disruption Unit and others), how will the addition of AI affect this new paradigm?

This discussion will explore the shifting ethical landscape as AI agents are increasingly deployed for offensive and defensive operations. How does AI amplify risks in offensive cyber operations, or create new risks altogether? Who is accountable for unintended consequences? We will examine the implications of these advancements, considering perspectives from various stakeholders, including developers, operators, and those affected by cyber operations. Our discussion will aim to untangle the complex web of ethical considerations, from accountability and transparency to the broader social and legal impacts. We aim to foster a multidisciplinary dialogue to shape responsible AI deployment in cyber warfare.

• James Campbell

Hacking the High Seas — Making Maritime Cybersecurity Accessible to all

Maritime systems carry over 85% of global trade yet they continue to lack proper cybersecurity protections, leaving them vulnerable to spoofed navigation data and autopilot hijacks. Despite these flaws maritime cybersecurity continues to be overlooked due to the access to hardware required. This talk lowers the barrier to entry into maritime cybersecurity by explaining what hardware is needed to get started, which protocols matter, and how attacks can have real impacts. We'll showcase an open-source boat simulator, and a low-cost ESP32 attack platform that can be used for meaningful cybersecurity research. Leaving this talk, hackers will have a clear understanding of why maritime cybersecurity matters and will know what tools are needed to start hacking boats.

• Alex Matrosov
• Fabio Pagani

Broken Trust: Firmware Bypass Chains, BMC Persistence, and EDR Evasion

We will present an investigation into firmware-level attack chains and their practical impact on modern endpoint defenses. Through three real-world bypass chains observed in shipped firmware, we will explain the vulnerability classes and exploitation primitives, show a live demo compromising a fully patched system, and show how EDR can be effectively blinded long before their kernel drivers are active.

We will also dive into the technical root causes and mitigation implications for CVE-2025-6198 and CVE-2025-7937, two BMC-related vulnerabilities that enable an attacker to install malicious firmware images and host persistent, difficult-to-remove implants. Finally, we will survey a set of “forever” bugs discovered by Binarly REsearch which remain unpatched across vendor ecosystems or persist in end-of-life products still widely deployed in the field.