

Pedram Hayati
(Cyber) Security Researcher | Serial Entrepreneur | Lecturer | Keynote Speaker | Baba 🛡️
Sydney, Australia
Actions
Dr Pedram Hayati is the founder and CEO of SecDim, where he helps developers to balance engineering velocity with application security rigor. As a researcher across both offensive security and application security, Pedram has:
* Published 25 + zero-day advisories since 2005
* Reported thousands of vulnerabilities to Fortune 500 companies
* Led the global penetration-testing unit at the world’s second-largest defence contractor
Holding a PhD in Information Security & Machine Learning, Pedram lectures postgraduate cyber-security at the University of New South Wales – Australian Defence Force Academy (UNSW ADFA) and founded SecTalks.org, a multinational non-profit security community with more than 25,000 members. His research regularly features on the global stage at Black Hat, DEF CON, FIRSTCon, NDC, and OWASP AppSec.
Area of Expertise
Topics
🇺🇸 LLM (in)Security Workshop - Find, Hack and Fix LLM Apps @ TechBash 2025
During this workshop we will go over the OWASP LLM Top 10 with hands-on labs and hacking scenarios. Once we master some concepts like prompt injection, LLM deserialization or supply chain attack we will start a fun and educational secure coding AI wargame.
🇦🇺 Fuzzing Cloud Native Apps: Zero to Hero @ NDC Melbourne 2022
This technical deep-dive demonstrates how modern fuzzing techniques have been revitalized to uncover critical vulnerabilities in cloud-native applications, moving far beyond their classical C/C++ origins. Focusing on the powerful methodology of Property-Based Fuzzing, this hands-on session guides you through the entire lifecycle—from theory to building and deploying your own fuzzers against Go, Python, Java, and JavaScript codebases. You will leave equipped with the practical skills to architect robust fuzzing strategies, secure your own services, and contribute to large-scale security projects like OSS-Fuzz.
🇺🇸 AppSec Wargame @ DEF CON AppSec Village 2023
Find a security vulnerability in an app and get a score when you effectively fix it. The winner of the competition is the first person who fixes the vulnerability.
🇦🇺 Proactively defending your software workshop @ NDC Melbourne 2025
This is not a theory lecture. In this workshop, you will actively attack and defend a series of applications. We will dive into the code to identify, exploit, and remediate critical security vulnerabilities. You'll walk away with a practical methodology for prioritizing threats using application context and the OWASP ASVS, transforming your approach to secure development. All you need is a browser and an internet connection.
🇺🇸 Secure Coding Wargame (Fix The Flag) @ DEF CON AppSec Village 2024
This isn't your standard CTF. In partnership with SecDim, the AppSec Village contest rewards builders, not just breakers. Your mission: fix security vulnerabilities to win. Choose your battleground: master secure coding challenges solo, or enter our Attack & Defence arena where you must patch your own app before you can pwn your rivals😈. Think you can design a better challenge? Submit your own—the best contributor also wins. Glory awaits the top-scoring player and the most impressive challenge creator.
🇺🇸 Secure Coding Attack and Defence Challenge (Fix The Flag) @ DEF CON AppSec Village 2023
Find a security vulnerability in an app and get a score when you effectively fix it. The winner of the competition is the first person who fixes the vulnerability.
🇦🇺 Jailbreaking and Protecting LLM Apps: A Public Wargame Experiment @ Programmable Sydney 2025
This presentation details the findings from a live AI security wargame designed to test the resilience of Large Language Models against prompt injection. In a competitive Attack & Defence scenario, participants were tasked with hardening their own LLM-powered applications against secret exfiltration while simultaneously attempting to breach their rivals' systems, leading to a real-time arms race of evolving offensive and defensive strategies. The stark conclusion from this experiment was that every participating LLM was successfully exploited at least once, underscoring that prompt injection is a fundamentally complex and open problem for which no silver-bullet solution currently exists.
🇵🇱 Hacking LLM applications: trends and live secure coding lessons @ Code Europe 2025
Let's go beyond the hype and see security vulnerabilities of LLM apps. This workshop will take you through the OWASP LLM Top 10 via hands-on hacking labs. You will learn various techniques to exploit LLM applications vulnerabilities, and how to implement robust secure design patterns. Whether you are a builder or breaker of LLM applications this is for you! At the end of the day there will be an exciting attack-and- defense wargame. Plenty of learning and fun, guaranteed.
🇨🇦 Security Attacks as Software Tests: How to build security unit tests @ BlackHat SecTor 2023
Build security unit and integration tests like how hackers hack your app using Play open source SDK
🇬🇧 Build security unit and integration tests like a hacker @ BlackHat EU 2023
This talk focuses on the unique process of transforming security attacks into software tests for building secure programming challenges using an open-source SDK, 'Play'. A practical workshop where we explore the mechanics of choosing real-world-inspired security vulnerabilities, and transforming them into cloud-native apps with integrated security tests which can then be played as challenges. These challenge provides a new dimension to the traditional Capture The Flag experiences, emphasizing not just the identification but the remediation of vulnerabilities
🇸🇬 AI Wargame @ Black Hat Asia 2024
Defend your AI's secret and hack your rivals in a king-of-the-hill chatbot wargame for all skill levels.
🇸🇬 AI Wargame @ Black Hat Asia 2025
Defend your AI's secret and hack your rivals in a king-of-the-hill chatbot wargame for all skill levels.
🇸🇦 AI Wargame @ Black Hat MEA 2024
Think you can build an unhackable AI? Prove it in our attack-and-defence wargame.
🇬🇧 AI Wargame @ Black Hat EU 2024
Pwn their chatbot, protect yours: an AI security king-of-the-hill challenge.
🇨🇦 AI Wargame @ Black Hat SecTor 2024
Pwn their chatbot, protect yours: an AI security king-of-the-hill challenge.
🇸🇬 LLM Security Is Broken: Data Collected From an AI Wargame @ OWASP AppSec Days 2024
This presentation captures findings from a public AI security challenge designed to evaluate the resilience of Large Language Models (LLMs) against prompt injection attacks. The experiment involved an Attack & Defence wargame where participants were tasked with securing their LLMs, specifically preventing secret phrase disclosure. They were given access to the source code of the app that interfaced with OpenAI API. Simultaneously, participants were to attack other LLMs in an attempt to exfiltrate the secret phrase. A notable aspect of this experiment was the real-time evolution of defensive strategies and offensive tactics by participants. The results indicated that all LLMs were exploited at least once. This underscores how there is no silver bullet for securing against prompt injection and that it remains as an open problem.
🇦🇺 Securing and attacking LLM-Based apps @ AISA CyberCon 2024
Lessons learned from a public experiment
🇨🇦 AppSec & DevSecOps Challenges @ FirstCon 2023
Built and hosted official FirstCon 2023 AppSec and DevSecOps challenges
🇯🇵 AppSec & Secure AI Challenges @ FirstCon 2024
Built and hosted official FirstCon 2024 AppSec and Secure AI challenges
🇩🇰 AppSec & DevSecOps Challenges @ FirstCon 2025
Built and hosted AppSec and DevSecOps challenges at official FirstCon 2025
🇸🇦 Prompt injection and secure prompt engineering @ Black Hat MEA 2024
Latest project injection and secure prompt engineering techniques. Why LLM security is still broken.
🇺🇸 AI Wargame @ Black Hat USA 2024
Defend your AI's secret and hack your rivals in a king-of-the-hill chatbot wargame for all skill levels.
🇺🇸 AI Wargame @ Black Hat USA 2025
Defend your AI's secret and hack your rivals in a king-of-the-hill chatbot wargame for all skill levels.
🇺🇸 Web 3 and AppSec Challenges @ DEF CON AppSec Village 2025
Built and hosted Web 3 and AppSec challenges for DEF CON AppSec Village 2025
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top