{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2024.3.1"}, "schedule": {"url": "https://cfp.pacifichackers.com/hackthebay-2026/schedule/", "version": "0.12", "base_url": "https://cfp.pacifichackers.com", "conference": {"acronym": "hackthebay-2026", "title": "HackTheBay 3.0", "start": "2026-03-23", "end": "2026-03-23", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "UTC", "colors": {"primary": "#e32e88"}, "rooms": [{"name": "WORKSHOPS", "guid": "d77edf65-2fbf-5623-b46b-ab8f9fdf66a7", "description": "UPSTAIRS ROOM", "capacity": null}, {"name": "TALKS", "guid": "d705d63d-8ce7-5f6e-9393-3d63d6e419ec", "description": "TALKS", "capacity": 20}, {"name": "SOLDERING VILLAGE", "guid": "ea96732d-8e4f-5509-a0a9-e596050a9c96", "description": "SOLDERING VILLAGE", "capacity": null}, {"name": "VENDOR AREA", "guid": "27365dc7-e19d-5d29-b150-c7c5d4cf8952", "description": "VENDOR", "capacity": null}], "tracks": [{"name": "TALK", "color": "#04acd6"}, {"name": "WORKSHOP", "color": "#b91176"}, {"name": "KEYNOTE", "color": "#ff5000"}, {"name": "HAPPY HOUR", "color": "#7600ff"}, {"name": "OPENING CEREMONY", "color": "#d2d931"}, {"name": "CLOSING CEREMONY", "color": "#27e751"}], "days": [{"index": 1, "date": "2026-03-23", "day_start": "2026-03-23T04:00:00+00:00", "day_end": "2026-03-24T03:59:00+00:00", "rooms": {"WORKSHOPS": [{"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/RZZMHT/", "id": 95, "guid": "e1e3114a-493b-5ce9-8bb2-ed29a1b6d8ee", "date": "2026-03-23T10:45:00+00:00", "start": "10:45", "logo": null, "duration": "00:15", "room": "WORKSHOPS", "slug": "hackthebay-2026-95-opening-ceremony", "title": "OPENING CEREMONY", "subtitle": "", "track": "OPENING CEREMONY", "type": "Lightning Talk", "language": "en", "abstract": "OPENING CEREMONY", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/PTHYVR/", "id": 94, "guid": "d654b65e-6897-527c-b7d2-5ec9f0d2f32c", "date": "2026-03-23T11:00:00+00:00", "start": "11:00", "logo": null, "duration": "00:30", "room": "WORKSHOPS", "slug": "hackthebay-2026-94-no-badge-required-an-unconventional-journey-through-cybersecurity-s-front-lines", "title": "NO BADGE REQUIRED: An Unconventional Journey Through Cybersecurity's Front Lines", "subtitle": "", "track": "KEYNOTE", "type": "Keynote", "language": "en", "abstract": "You don't need a linear path or a specific degree to build an extraordinary career in cybersecurity. Tailored for junior professionals, career-switchers, and veterans, this keynote dives into the realities of the front lines. Ryan shares his unconventional journey\u2014from IT administration and law enforcement to managing massive incident response teams and leading physical red teaming.\r\n\r\nKey Highlights:\r\n- The Art of the Masquerade: Jaw-dropping stories of physical penetration testing, including how to breach a cruise ship's bridge using open-source intel, fake uniforms, and a cup of espresso.\r\n- High-Stakes Incident Response: A raw look at the emotional weight of managing 2 AM ransomware crises for hospitals and defense contractors.\r\n- Actionable Advice: Discover why non-traditional backgrounds are a superpower, how to leverage AI tools, and why communication is your ultimate security control.", "description": "", "recording_license": "", "do_not_record": true, "persons": [{"guid": "c7b04e04-1ad3-5711-ac9f-26526790e447", "id": 103, "code": "WJK8XG", "public_name": "Ryan Massfeller @Ryan4n6", "avatar": "https://cfp.pacifichackers.com/media/avatars/WJK8XG_SgcMXbr.png", "biography": "Mandiant / Google Cloud | Cybersecurity Leader | Red / Blue Team SME\r\n\r\nA 20-year veteran of technology and security and court-recognized as a Subject Matter Expert in digital forensics, Mr. Massfeller serves as an Incident Response Manager within Mandiant\u2019s Mid-Atlantic Southeast region, where he leads complex consulting engagements with a primary focus on large-scale incident response and digital forensics. He acts as the strategic lead for clients from initial kickoff through complete remediation, providing expert project management and technical subject matter expertise to navigate critical security breaches. Additionally, Mr. Massfeller holds the role of Service Line Owner for Physical Security Penetration Testing. In this capacity, he provides strategic oversight for the service line, defining its mission to proactively mitigate critical business risks by securing physical perimeters. This is achieved through comprehensive security reviews and realistic penetration tests that challenge and mature an organization's physical security posture. He is responsible for establishing the methodologies that enable clients to defend against physical threats and ensure their physical security posture matures in alignment with evolving global risks.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/HPJMLP/", "id": 91, "guid": "407e4b75-db57-5f40-820b-72e05293f0e7", "date": "2026-03-23T11:30:00+00:00", "start": "11:30", "logo": null, "duration": "01:10", "room": "WORKSHOPS", "slug": "hackthebay-2026-91-catch-release-phramework-credential-harvesting-without-the-phishing-page", "title": "Catch & Release Phramework: Credential Harvesting Without the Phishing Page", "subtitle": "", "track": "WORKSHOP", "type": "Workshop", "language": "en", "abstract": "Victims see the real site; you see everything. C.A.R.P. gives each visitor an isolated Firefox container that loads the actual target URL (Gmail, banks, SSO), no fake login page, just the real site in a browser you control. Passwords, 2FA codes, and session cookies are all captured allowing sessions to be hijacked in real time. Combine C.A.R.P. with ARP and DNS spoofing on the local network, and victims who type real URLs or use bookmarks can be silently redirected into your controlled browser.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "72b64aa0-56d4-5fa1-a58e-49020b13e60e", "id": 99, "code": "L8UQY3", "public_name": "David Porcello", "avatar": "https://cfp.pacifichackers.com/media/avatars/L8UQY3_0gi1ZVM.png", "biography": "David Porcello (aka grep8000) is an independent security researcher, consultant, pentester, instructor, course developer, OSCP certificate holder, founder of Pwnie Express, and creator of the award-winning Pwn Plug and other penetration testing devices featured in Wired, Ars Technica, PC Magazine, Forbes, and Mr. Robot. Over the years, David has built covert hacking devices for DARPA, hosted workshops at Defcon, authored the Pentester's Handbook GitHub book, and built the tech behind NPR\u2019s Project Eavesdrop.", "answers": []}, {"guid": "c8f458ba-7a56-5720-832c-b8cff4dd4ab3", "id": 94, "code": "G8J7GX", "public_name": "Rob Wright", "avatar": "https://cfp.pacifichackers.com/media/avatars/G8J7GX_A6kanrK.jpg", "biography": "Rob Wright (aka eth0.rwx) got his start in security in 1997, back when exploits were traded on mailing lists and vulnerability databases were just being invented. He founded Security-Source, one of the first online vulnerability databases, and spent years in offensive security before stepping away in 2002. Returning in 2022, he now works in vulnerability management focused on automation, remediation, and closing real risk in production environments.\r\n\r\nHe brings an attacker\u2019s perspective to defensive security, with a focus on how things actually break and how to fix them at scale.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/LBXQ3P/", "id": 73, "guid": "64c921f4-9c2c-589a-83b5-40e4dd61470d", "date": "2026-03-23T13:00:00+00:00", "start": "13:00", "logo": null, "duration": "01:30", "room": "WORKSHOPS", "slug": "hackthebay-2026-73-red-teaming-with-lora-and-meshtastic", "title": "Red teaming with LoRa and Meshtastic", "subtitle": "", "track": "WORKSHOP", "type": "Workshop", "language": "en", "abstract": "Hackers are already gearing up to exploit the next new unlicensed wireless protocol \u2013 LoRa. It\u2019s time to add LoRa-based attacks to your red team arsenal. Learn about LoRa, how it is used by a popular peer-to-peer network called Meshtastic, and how you can build your own LoRa-based implant.", "description": "This workshop introduces LoRa, a low-power, long-range wireless technology gaining traction in commercial and community networks. We will then explore a popular community networking application called Meshtastic. Using our devices, we will join the local community network and become familiar with how to locate other nodes and communicate with them. We will then learn how to create a closed community in which only we can participate.\r\n\r\nWill then download the Meshtastic firmware build system on our laptops and learn how to build custom firmware.\r\n\r\nFinally, we will explore how this technology can be used for red-teaming, considering that the bad guys are already looking for ways to exploit this new and fantastic technology. As part of this exercise, you will hack a remote system miles away using your LoRa node!\r\n\r\nFor the best experience, participants should bring their laptops and also have access to a LoRa device. If you would like to purchase a LoRa kit, we will have kits for sale for $35.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d89bb00e-dd66-50aa-88a5-d93f96609221", "id": 70, "code": "Q9ZXHF", "public_name": "Venky Raju", "avatar": "https://cfp.pacifichackers.com/media/avatars/Q9ZXHF_O7L2wYv.jpg", "biography": "Venky Raju is Field CTO at ColorTokens, advising CISOs and business leaders on resilient, Zero Trust strategies to stay ahead of AI-enabled cyber threats. With a career spanning embedded systems, cloud-native platforms, and global networks, he brings a unique lens to securing complex environments. Previously, Venky was a founding member of Samsung Knox, the groundbreaking Android security platform protecting billions of devices. He is a named inventor with multiple patents and holds CISSP and CCSP certifications. He is also passionate about giving back through hackerspaces and maker communities.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/HAWGXZ/", "id": 82, "guid": "e7a21660-d385-528d-8201-ea5a8cc0de1d", "date": "2026-03-23T14:30:00+00:00", "start": "14:30", "logo": null, "duration": "01:30", "room": "WORKSHOPS", "slug": "hackthebay-2026-82-malware-analysis-learn-windows-internals-and-how-malware-operates", "title": "Malware analysis: Learn Windows internals and how malware operates", "subtitle": "", "track": "WORKSHOP", "type": "Workshop", "language": "en", "abstract": "Analyze malware to find indicators of compromise using static and dynamic techniques. We will modify Windows executables to cheat at games and examine malware's actions, including droppers, botnets, and keyloggers.\r\n\r\nParticipants need a computer with VMware and at least 30 GB of free storage space.\r\nAll workshop materials are freely available on the Web and will remain available after the workshop ends.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "f162fa68-ae25-5a43-b925-1c5f4342796a", "id": 9, "code": "8LVUTK", "public_name": "Sam Bowne", "avatar": "https://cfp.pacifichackers.com/media/avatars/8LVUTK_At9aFNv.png", "biography": "Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/QRWHYC/", "id": 80, "guid": "91bc396d-4f04-52f8-81eb-b9eec0122a89", "date": "2026-03-23T16:00:00+00:00", "start": "16:00", "logo": null, "duration": "01:15", "room": "WORKSHOPS", "slug": "hackthebay-2026-80-let-s-hack-from-the-beginning", "title": "Let\u2019s hack from the beginning", "subtitle": "", "track": "WORKSHOP", "type": "Talk", "language": "en", "abstract": "There are so many techniques, methods, focus areas in the hacking world which makes it overwhelming to begin. I would want to pause with all my research, pentesting, hacking, exploiting, writing ai to replace me.. and take an hour or two and guide you from the beginning.\r\n\r\ntackling 10 different areas I played with over the years, how to start, how to dive deep and how to think like a hacker. This presentation will be technical but built for anyone who wants to join this amazing world. We will learn web, mobile, iot, browsers, and more.. how to leverage code analysis and anything that can help you cheat your way into the exploit \r\nFollowing the talk we will have a collaborative workshop practicing these methods \r\n\r\nLet\u2019s have fun!!", "description": "This will be a presentation followed by a workshop on methods and tactics i\u2019ve learned along my hacking adventures. I will pick a exploit\r\nor method that worked for me in each field and will drill down on how to look at it from the beginning with only beginner knowledge,  I will share my way of  thinking and how not to be afraid of going down weird rabbit holes", "recording_license": "", "do_not_record": false, "persons": [{"guid": "8dab161d-b175-5b10-bad9-e78fab200483", "id": 87, "code": "R97NGP", "public_name": "Rotem Bar", "avatar": "https://cfp.pacifichackers.com/media/avatars/R97NGP_sYV9M0f.jpeg", "biography": "Hacker | Security Researcher | AppSec Innovation at Palo Alto Networks\r\n\r\nRotem Bar is a veteran hacker and security researcher with over 20 years of experience breaking\u2014and then fixing\u2014complex systems. Currently serving as a Hacker within the InfoSec organization at Palo Alto Networks,\r\n\r\nRotem focuses on offensive security, identifying novel attack vectors in modern cloud infrastructures, and securing the software supply chain. Rotem's career spans the full spectrum of the industry, from early days in the IDF\u2019s elite technology units to securing critical infrastructure in the automotive and SaaS sectors. Before joining Palo Alto Networks (via the acquisition of Cider Security), he led security initiatives at AppsFlyer and Cymotive, where he specialized in penetration testing and automotive security concept design.\r\n\r\nAs a bug bounty hunter, Rotem has uncovered critical vulnerabilities in major global platforms, including TikTok, Aws, General Motors, AT&T, and many more. His research has led to significant industry disclosures, for example the discovery of a vulnerability in Elementor that exposed over 6 million websites (CVE-2022-29455) and groundbreaking research on hacking automotive clouds presented at DEF CON.\r\n\r\nHe is a frequent speaker at top-tier conferences like DEF CON (Cloud & AppSec Villages), BSidesTLV, and Security Fest, where he often shares new novel reaearch,\" CI/CD security, and the intricacies of the hacker mindset.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/NDP7DU/", "id": 97, "guid": "f6a4e47a-5eba-5ad7-b6f6-02000b3efb3e", "date": "2026-03-23T17:15:00+00:00", "start": "17:15", "logo": null, "duration": "00:15", "room": "WORKSHOPS", "slug": "hackthebay-2026-97-closing-ceremony", "title": "CLOSING CEREMONY", "subtitle": "", "track": "CLOSING CEREMONY", "type": "Lightning Talk", "language": "en", "abstract": "CLOSING CEREMONY", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "TALKS": [{"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/3NCYCE/", "id": 72, "guid": "ac51b31d-3ff8-50f6-88d3-79a3cda68a01", "date": "2026-03-23T11:30:00+00:00", "start": "11:30", "logo": null, "duration": "01:15", "room": "TALKS", "slug": "hackthebay-2026-72-identity-hunting-with-malicious-documents", "title": "Identity Hunting with Malicious Documents", "subtitle": "", "track": "TALK", "type": "Talk", "language": "en", "abstract": "This session focuses on identity-driven cyber investigations using malicious documents as the primary intelligence source. Rather than treating documents merely as delivery mechanisms, the talk explores how weaponized files especially PDFs, Word, and Excel documents are intentionally crafted to harvest identities, map victims, and support large-scale infostealer and credential theft campaigns.\r\n\r\nAttendees will explore how malicious documents abuse embedded scripts, macros, metadata, and obfuscation techniques to evade detection while silently collecting identity-related data. The session breaks down how these files act as both an initial access vector and a rich source of intelligence, revealing attacker behavior, targeting strategies, and operational patterns.\r\n\r\nThrough real-world case studies, the talk demonstrates how OSINT techniques can be applied directly to malicious documents to uncover attacker infrastructure, command-and-control relationships, reused artifacts, leaked credentials, and victim profiling indicators. By correlating file metadata, extracted indicators, and open-source intelligence, participants will learn how to transform a single malicious document into a full identity investigation.\r\n\r\nBy the end of the session, attendees will understand how to investigate malicious documents beyond the payload, using them as intelligence artifacts to trace identity abuse, campaign evolution, and attacker tradecraft.", "description": "Outline\r\n\r\n1 - Introduction & Context\r\n    - Why identity is the real target behind document-based attacks.\r\n    - The role of malicious documents in modern infostealer campaigns.\r\n\r\n2 - Malicious Documents as Identity Attack Vectors\r\n    - PDFs, Word, and Excel as weaponized platforms.\r\n    - Common identity theft objectives in document-based attacks.\r\n    - From initial access to credential harvesting.\r\n\r\n3 - Understanding Malicious Document Structures\r\n    - High-level overview of PDF, Word, and Excel internals.\r\n    - Execution flow: scripts, macros, embedded objects, and actions.\r\n    - Where and how identity-harvesting logic is hidden.\r\n\r\n4 - Dissecting a Malicious Document (Live Demo)\r\n    - Step-by-step analysis of a weaponized document.\r\n    - Practical use of tools such as:\r\n    - pdfid, pdf-parser, pdftk and others\r\n\r\n5 - Encoding, Obfuscation, and Evasion Techniques ( Demo )\r\n    - Common encoding and obfuscation methods used in documents.\r\n    - Layered techniques to bypass detection engines.\r\n    - How attackers protect identity-stealing workflows.\r\n\r\n6 - OSINT: From Document to Identity Infrastructure ( Demo)\r\n    - Extracting indicators from malicious documents.\r\n    - Pivoting to OSINT sources for enrichment.\r\n    - Identifying Command & Control endpoints and identity abuse infrastructure.\r\n    - Correlating domains, emails, reused artifacts, and leaked data.\r\n\r\n7 - Building an Identity-Focused Investigation\r\n    -Mapping document artifacts to attacker behavior.\r\n    - Campaign tracking and attribution signals.\r\n    - Using document intelligence to support IR, SOC, and Threat Intel teams.\r\n\r\n8 - Conclusion & Key Takeaways\r\n    - Turning malicious documents into intelligence assets.\r\n    - Investigating identity abuse beyond the payload.\r\n    - Final insights and open discussion.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "f46dcde4-d4c8-5594-ada4-c0b9c6ae1bba", "id": 7, "code": "ZJZRU9", "public_name": "Filipi Pires", "avatar": "https://cfp.pacifichackers.com/media/avatars/ZJZRU9_kfPdVWR.jpeg", "biography": "I\u2019ve been working as Head of Technical Advocacy at SCYTHE, Founder & Investor at CROSS-INTEL, Advisor & Investor at Sherlockeye, BSides Porto Organizer, Red Team Village Director (DEF CON), Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM),  AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I\u2019ve served as University Professor in Master Degree in Portugal, Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/ZHCF3M/", "id": 78, "guid": "f3f02b6b-3d91-518f-8a34-d47b7e30368d", "date": "2026-03-23T13:15:00+00:00", "start": "13:15", "logo": null, "duration": "00:45", "room": "TALKS", "slug": "hackthebay-2026-78-reverse-engineering-embedded-ai-models-in-firmware-and-binaries", "title": "Reverse Engineering Embedded AI Models in Firmware and Binaries", "subtitle": "", "track": "TALK", "type": "Talk", "language": "en", "abstract": "AI models are increasingly delivered as compiled artifacts inside firmware images and native binaries, particularly in IoT, OT, and embedded environments. While these deployment models improve performance and reduce operational dependencies, they also create security blind spots that are poorly understood.\r\n\r\nThis session examines how AI models can be discovered and analyzed once deployed in embedded systems. The talk focuses on practical reverse engineering techniques used to identify model components, recover structural and behavioral information, and understand the risks introduced by different model packaging and compilation approaches. Attendees will leave with a clearer view of how embedded AI expands the attack surface and why it matters for both offensive and defensive security work.", "description": "This presentation takes a technical, hands-on look at how reverse engineers encounter AI models once they are deployed inside firmware images and compiled binaries. Rather than treating AI as a black box, the session walks through concrete analysis workflows that expose how models are packaged, optimized, and executed at the binary level.\r\n\r\nThe talk covers multiple deployment patterns, including serialized model formats and fully compiled inference pipelines produced by modern AI toolchains. Attendees will see how common reverse engineering tools can be used to locate model artifacts, distinguish inference logic from surrounding code, and reason about model structure and behavior even when traditional metadata is absent.\r\n\r\nPractical demonstrations illustrate how recovered information can be used to reconstruct portions of a model, validate assumptions about its architecture, and assess downstream risks such as unauthorized reuse, tampering, and adversarial manipulation. The session concludes by discussing defensive implications and what these findings mean for teams responsible for deploying or securing AI-enabled systems.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e87e724f-6cbe-50bb-a5cf-95b59960da33", "id": 104, "code": "CKKBTW", "public_name": "Stephen Brennan", "avatar": "https://cfp.pacifichackers.com/media/avatars/CKKBTW_iQjIO66.jpg", "biography": "Stephen Brennan is a mathematician who researches neural network model\r\ninternals in the quest to increase the explainability of AI. His hobbies\r\ninclude hiking, camping, and deck building games. He has contributed\r\nsignificantly to R&D for in-depth neural network analysis to identify\r\nvulnerabilities, weaknesses, and inefficiencies, helping improve the\r\nrobustness and security of AI systems.", "answers": []}, {"guid": "9c58a5eb-314c-5c53-9a9a-b535d5fae90c", "id": 55, "code": "MUJPDQ", "public_name": "Ulrich Lang", "avatar": "https://cfp.pacifichackers.com/media/avatars/MUJPDQ_7mq96p7.png", "biography": "Ulrich Lang received his PhD from Cambridge University Computer\r\nLaboratory (Security Group) on Access Policies for Middleware in 2003\r\nafter having completed a Master's in Information Security from Royal\r\nHolloway College (London) in 1997. With 25+ years in infosec, he is a\r\nrenowned thought leader in vulnerability analysis of AI, binary\r\nsoftware, 5G, as well as supply chain risk analysis, Zero Trust access\r\ncontrol, and more. He is responsible for the business and technical\r\nstrategy, architecture, and direction of ObjectSecurity and its\r\nproducts. He has published over 150 papers/presentations, 10+ patents,\r\nand was a proposal and project evaluator, Board Member of the Cloud\r\nSecurity Alliance (Silicon Valley Chapter), conference program\r\ncommittee, panel moderator, consultant, and book author.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/KNEYAQ/", "id": 88, "guid": "aecb86ec-0db6-53c4-a287-19da0ff28ff0", "date": "2026-03-23T14:00:00+00:00", "start": "14:00", "logo": null, "duration": "00:45", "room": "TALKS", "slug": "hackthebay-2026-88-what-happens-after-you-report-an-ai-bug-from-model-behavior-to-real-impact", "title": "What Happens After You Report an AI Bug: From Model Behavior to Real Impact", "subtitle": "", "track": "TALK", "type": "Talk", "language": "en", "abstract": "AI is not just changing the systems we build, but the kinds of issues that show up in a bug bounty queue. As someone who triages submissions for a large public bug bounty program, I've seen how AI related findings introduce new gray areas. These issues do not always look like traditional vulnerabilities. They often sit at the intersection of model behavior, product design, and real security impact.\r\n\r\nIn this workshop, I'll walk through how AI reports enter our bug bounty program, how policy boundaries are applied in practice, and how we evaluate whether a finding represents meaningful risk.\r\n\r\nIn the second half, we'll get hands-on with a vulnerable MCP style server adapted from the open source Vulnerable MCP Servers Lab. We'll reproduce a trust boundary failure, analyze its impact, and walk through how a report like this would be classified and triaged inside a real bug bounty program.\r\n\r\nThis session offers a practical look at how AI vulnerabilities are evaluated from the triage side and how architectural decisions determine whether an AI issue stays theoretical or becomes infrastructure risk.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e66aea71-1b75-588f-a781-16ebb000f3f8", "id": 92, "code": "KJQZQU", "public_name": "Ani Turner", "avatar": "https://cfp.pacifichackers.com/media/avatars/KJQZQU_lEUQBhg.jpeg", "biography": "Ani Turner is a Senior Security Engineer at Adobe, where she leads the bug bounty program and works closely with ethical hackers to help strengthen product security. She sits at the intersection of research and engineering, triaging vulnerability reports, assessing real world impact, and guiding findings from submission to remediation. With a background in full-stack development and psychology, Ani brings a unique, practical, and collaborative approach to building scalable security programs.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/XNRRSQ/", "id": 77, "guid": "5a0796b3-1d25-5ca0-a1e2-3413cb5fb226", "date": "2026-03-23T14:45:00+00:00", "start": "14:45", "logo": null, "duration": "00:45", "room": "TALKS", "slug": "hackthebay-2026-77-bluetooth-warwalking-hacking-the-airwaves-with-your-phone-and-a-pair-of-sneakers", "title": "Bluetooth Warwalking: Hacking the Airwaves with Your Phone and a Pair of Sneakers", "subtitle": "", "track": "TALK", "type": "Talk", "language": "en", "abstract": "The most exploitable attack surface in modern businesses might not be their network perimeter, it's the Bluetooth-enabled receipt printer broadcasting without authentication. This talk demonstrates how trivially easy it is to hijack commercial Bluetooth devices using only a smartphone, then scales that threat to reveal city-wide surveillance implications through systematic warwalking research.\r\n\r\nI'll demonstrate live exploitation of devices I've compromised in the wild: receipt printers, Samsung TVs, and commercial IoT devices, all requiring zero technical knowledge to attack. Then I'll show how I scaled this from opportunistic hacking to systematic research using a $100 Raspberry Pi rig running Kismet with GPS tracking, collecting over 100,000 device observations across San Francisco, Nashville, NYC, and Las Vegas.\r\n\r\nThe privacy implications are severe: 60-65% of Bluetooth devices broadcast persistent identifiers enabling long-term tracking as people move through cities. I'll present data-driven analysis showing how static MAC addresses combined with GPS logs create a surveillance infrastructure accessible to anyone with basic Python skills. Hotel door locks broadcast room numbers in plaintext. Air purifiers send 50 packets per minute for no legitimate reason. The gap between \"possible to secure\" and \"secured in practice\" is enormous.\r\n\r\nAttendees will see live demonstrations including a receipt printer available for audience hijacking attempts, real-time Kismet data collection from conference attendees' devices, and Python analysis scripts running against live data. I'll share open-source tools for conducting this research and provide actionable defensive recommendations for manufacturers, businesses, and individuals.\r\n\r\nThis presentation combines accessible exploitation demonstrations with rigorous data science to show that if I can build city-scale surveillance infrastructure without Bluetooth expertise, anyone can.", "description": "TALK STRUCTURE & TIMELINE (45 MINUTES)\r\n___\r\nThis presentation delivers comprehensive coverage of Bluetooth exploitation, moving from accessible demonstrations through systematic data collection to large-scale privacy implications with detailed technical methodology.\r\n\r\nPART 1: PRACTICAL EXPLOITATION (12-15 MINUTES)\r\n___\r\nI'll demonstrate real-world Bluetooth hijacking using only commodity hardware with expanded audience interaction:\r\n\r\n\u2022 Receipt Printer Takeover: I'll bring an Epson TM-M30II thermal printer and demonstrate the complete connection process step-by-step. I'll share the story of how I discovered and exploited an unsecured caf\u00e9 printer using only the free iOS Epson TM Utility app to print messages claiming to be from \"time travelers from 2036,\" which convinced local high school employees they'd made contact with the future. The printer will be live in the room with time for 2-3 audience members to attempt connections during the presentation. This attack requires zero technical knowledge, just opening your phone's Bluetooth menu and downloading an app.\r\n\r\n\u2022 Samsung TV Hijacking: I'll walk through my two-stage attack progression in detail: (1) Audio-only takeover using smartphone Bluetooth pairing (demonstrated at a smoothie bar), showing the actual pairing interface, and (2) Full video control combining Flipper Zero IR commands (universal Samsung remote) with same-network Wi-Fi access (demonstrated at a Chicago bar). I'll demonstrate the Flipper Zero IR commands live if the venue has a Samsung TV. The vulnerability: manufacturer default settings with no authentication. In Chicago, simply asking the bartender for WiFi password gave me complete control of all their Samsung displays.\r\n\r\n\u2022 Extended Device Tour: Detailed demonstrations of additional vulnerable devices including ProSmart bed bases at Mattress Firm, commercial speakers, hotel door locks broadcasting room numbers in plaintext, and smart home devices, all with specific exploitation scenarios and video footage where available.\r\n\r\nPART 2: SCALING RESEARCH WITH KISMET (15-18 MINUTES)\r\n___\r\nHow I moved from opportunistic hacking to systematic research with technical depth:\r\n\r\n\u2022 Hardware Deep Dive: Raspberry Pi 4 + GPS dongle + battery (~$100 total). I'll show the actual physical rig and walk through the complete setup: auto-connects to phone hotspot, establishes Tailscale VPN for remote access, syncs Kismet logs to home server via rsync. I travel with this constantly and will explain why each component matters for scalable data collection.\r\n\r\n\u2022 Kismet Configuration: I'll share my actual Kismet config files, explain what data fields I'm capturing (device names, MAC addresses, manufacturer data, signal strength/RSSI, timestamps, GPS coordinates) and discuss storage requirements and data management at scale.\r\n\r\n\u2022 Dataset Overview: ~100,000+ device observations across San Francisco, Nashville, NYC, Las Vegas.\r\n\r\n\u2022 Extended Live Analysis Session: I'll have the rig running during the talk, collecting data from the conference room. I'll SSH in and execute multiple Python analysis scripts live, showing my complete data pipeline from raw Kismet logs to actionable intelligence. Expect to see real-time enumeration of Flipper Zeros, smart watches, meshtastic nodes, and whatever else attendees are carrying. I'll demonstrate querying patterns across cities and show visualization of tracking patterns.\r\n\r\n\u2022 Cross-City Comparisons: Detailed statistics comparing device security posture across San Francisco vs Nashville vs NYC vs Las Vegas, discussing how geographic and demographic factors influence what devices are present and how they're configured.\r\n\r\nPART 3: PRIVACY IMPLICATIONS & TRACKING (10-12 MINUTES)\r\n___\r\nData-driven privacy implications with concrete examples:\r\n\r\n\u2022 Key Statistics: 7-8% devices broadcast human-readable names, 60-65% have persistent identifiers enabling tracking, 99% are Bluetooth Low Energy (IoT dominance), 1,300 devices detected in a 1/4-mile suburban walk.\r\n\r\n\u2022 Tracking Demonstration: I'll show actual examples of tracking specific devices across multiple days and locations using GPS-tagged data (anonymized), explaining how correlation attacks work in practice.\r\nHotel Lock Analysis: Detailed discussion of Bluetooth door locks broadcasting room numbers in plaintext and the privacy implications for hotel guests who don't realize their room location is being broadcast to anyone nearby.\r\n\r\n\u2022 Surveillance Infrastructure: Static MAC addresses + GPS logs = anyone with $100 and basic Python skills can track people moving through cities. I'll discuss how retailers could use this technology, compare it to existing WiFi tracking infrastructure, and explain why Bluetooth tracking is actually more problematic due to its ubiquity and constant broadcasting.\r\n\r\n\u2022 Statistical Deep Dive: I'll present my data science methodology, show visualizations of device density patterns, and discuss temporal patterns (time of day, day of week variations).\r\n\r\n\u2022 Wasteful Broadcasting: Some devices transmit absurdly: Molekule air purifiers send 50 packets/minute (38,000 in 12 hours), Pura fragrance diffusers constantly broadcasting. No legitimate reason for this frequency.\r\n\r\nPART 4: DEFENSIVE MEASURES & CALL TO ACTION (5-6 MINUTES)\r\n___\r\n\u2022 Manufacturers: Specific technical standards they should adopt (default-secure configs, require authentication, rotate MAC addresses), with examples of companies doing it right vs wrong.\r\n\r\n\u2022 Enterprise Security: How businesses should audit their Bluetooth attack surface, specific tools for continuous monitoring, disable discoverability on commercial devices.\r\n\r\n\u2022 Individual Actions: Practical steps attendees can take today to audit their own devices, discussion of iOS/Android privacy controls, understand what your devices broadcast.\r\n\r\n\u2022 Policy Discussion: Should there be regulations around Bluetooth device security? What would effective regulation look like?\r\n\r\nCore Problem: If I can do this without Bluetooth expertise, anyone can.\r\n\r\nQ&A (Remaining Time)\r\n\r\nTECHNICAL DETAILS FOR REVIEWERS\r\n___\r\n\u2022 Tools & Code: Open-source Python scripts for Kismet log analysis (available via GitHub), Kismet REST API for real-time data access, FastAPI backend for querying cross-city statistics, integration with WiGLE database (4.5 billion Bluetooth devices mapped globally).\r\n\r\n\u2022 What Makes This Different: Most Bluetooth talks focus on protocol vulnerabilities or specific CVEs. This demonstrates: (1) How trivially low the barrier to entry is (smartphone + curiosity), (2) Surveillance implications at scale, (3) Data science applied to security research, (4) The gap between \"possible to secure\" and \"secured in practice.\"\r\n\r\n\u2022 Interactive Elements: Receipt printer in room available for audience connection attempts (2-3 participants during talk), live Kismet session showing real-time device enumeration from conference attendees, multiple Python analysis scripts executed live against conference data, open-source tools shared for attendees to replicate research.\r\n\r\n\u2022 Audience Takeaways: Practical exploitation techniques requiring minimal technical knowledge, understanding of systematic warwalking methodology with detailed technical implementation, open-source tools to conduct this research in their own cities, privacy implications of always-broadcasting IoT devices with concrete tracking examples, actionable defensive measures for individuals and organizations.\r\n\r\nFORMAT NOTES\r\n___\r\nThis 45-minute format allows comprehensive coverage of both practical exploitation and research methodology. Real-world exploitation stories create immediate engagement, extended live technical demonstrations show research depth and reproducibility, and detailed privacy implications provide the \"why this matters\" hook with concrete examples. Live demos include fallback screenshots if connectivity fails.\r\n\r\nNEW CONTENT FOR HACKTHEBAY\r\n___\r\nThis is active, ongoing research with continuous data collection. The HackTheBay presentation will feature:\r\n\r\n\u2022 Latest multi-city comparative analysis including recently completed Las Vegas high-density environment data\r\n\u2022 Most current statistics from expanded dataset (growth from initial research to 100,000+ observations)\r\n\u2022 New exploitable device classes discovered through ongoing warwalking\r\n\u2022 Refined privacy pattern analysis showing geographic differences in device security posture\r\n\u2022 Updated defensive recommendations based on latest findings\r\n\u2022 Extended technical methodology section covering data pipeline architecture and analysis techniques\r\n\r\nCore demonstrations and methodology provide consistent framework, but specific statistics, device examples, privacy implications, and technical depth will reflect the current state of research at presentation time.\r\n\r\nRESPONSIBLE DISCLOSURE NOTE\r\n___\r\nAll exploitation demonstrations use devices I own or have explicit permission to access. No unauthorized access to third-party systems will be demonstrated. The research methodology and tools are shared for educational purposes to raise awareness of systemic security issues and encourage better manufacturer defaults. The goal is to demonstrate how accessible these vulnerabilities are to drive positive change in device security practices.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "6b1230eb-cb0a-5ccd-9838-92ae65b4fd07", "id": 86, "code": "QLZGWL", "public_name": "kn0ck0ut (Matt)", "avatar": "https://cfp.pacifichackers.com/media/avatars/QLZGWL_M349m9Q.png", "biography": "Matt Miller (kn0ck0ut) is an ethical hacker, Master's student in Data Science, and serial entrepreneur who likes breaking things to figure out how they work. With a background in application security and solo-founding multiple startups, he recently dove deep into wireless security research, combining data science methodologies with hands-on hacking. Over the past year, he's conducted extensive Bluetooth warwalking across multiple cities, collecting hundreds of thousands of device observations using custom Raspberry Pi rigs. His research applies statistical analysis to real-world security failures, revealing both exploitation opportunities and surveillance risks in urban wireless environments. He believes in making complex security concepts accessible while showing the practical consequences of wireless misconfigurations.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/D9EHLH/", "id": 98, "guid": "a31c69d9-4205-522b-b38c-f0f012ee097a", "date": "2026-03-23T15:30:00+00:00", "start": "15:30", "logo": null, "duration": "00:30", "room": "TALKS", "slug": "hackthebay-2026-98-when-agents-execute-rce-paths-in-llm-powered-coding-tools", "title": "When Agents Execute: RCE Paths in LLM-Powered Coding Tools", "subtitle": "", "track": "TALK", "type": "Talk", "language": "en", "abstract": "This talk is a follow-up to our September research on denial-of-service and permission escape in Claude Code. We now examine how LLM-powered coding agents can be weaponized end-to-end, including paths to remote code execution. Using Claude Code as a primary case study, and extending to VS Code extension exploits and recent Cursor incidents, we show how agent autonomy, extension APIs, and execution boundaries collapse into a practical RCE surface.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c622d78b-440b-5418-9a46-0599c6868f88", "id": 29, "code": "X8GHNC", "public_name": "Manesh Babu", "avatar": "https://cfp.pacifichackers.com/media/avatars/X8GHNC_WdCfAaK.jpeg", "biography": "Mahesh Babu is a former VP of Information Security turned company builder and now leads growth at Kodem, venture\u2011backed application security startup. At HSBC he built and scaled global application security and identity & access management platforms that safeguard billions of transactions. His career began at Purdue University\u2019s Information Assurance\u202f&\u202fSecurity Research Center, where he researched secure software engineering and biometrics. Mahesh blends academic rigor with enterprise and startup execution to help organizations stay ahead of modern threats.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/QQRLTF/", "id": 92, "guid": "63cb83fa-a2c2-5177-ad2f-aa4d3d47f19b", "date": "2026-03-23T16:00:00+00:00", "start": "16:00", "logo": null, "duration": "00:45", "room": "TALKS", "slug": "hackthebay-2026-92-hunting-shells-via-chaining-misconfigs-in-aws", "title": "Hunting Shells via Chaining Misconfigs in AWS", "subtitle": "", "track": "TALK", "type": "Talk", "language": "en", "abstract": "This hands-on workshop dives into real-world AWS misconfigurations that attackers actively\r\nexploit to gain privilege escalation and access sensitive data. You\u2019ll step into the shoes of an\r\nadversary and learn how common oversights like loose IAM roles, misconfigured Cognito\r\nidentity pools, or exposed metadata endpoints can be chained into full-blown breaches.", "description": "Key Takeaways:\r\n\r\n\u25cf Escalate IAM permissions to gain admin-level access\r\n\u25cf Exploit SSRF in EC2 to steal credentials\r\n\u25cf Abuse misconfigured Cognito identity pools for unauthorized access\r\n\u25cf Understand how small missteps can trigger large-scale compromise\r\n\u25cf Use tools like Cloud Nuke to safely clean and reset your infrastructure\r\n\r\nBuilt for all skill levels, this lab gives security engineers, DevOps teams, and developers a safe space to break things, fix them, and come out with a sharper eye for spotting these risks before attackers do.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "198dac34-e6ed-53ba-976d-20f74c4799ee", "id": 97, "code": "JGMKZD", "public_name": "Sumanth", "avatar": "https://cfp.pacifichackers.com/media/avatars/JGMKZD_UAPjr28.jpeg", "biography": "Sumanth Vankineni is a cybersecurity enthusiast who enjoys exploring a little bit of everything : breaking things, understanding how they work, and figuring out how they can be improved. His interest lies in how systems fail and how they behave when pushed in unexpected ways. He brings a chess player\u2019s mindset to security: curious, strategic, and always thinking a few moves ahead. His chess rule is his security rule: if it looks like a trap, it probably is, so don\u2019t click it!", "answers": []}, {"guid": "8170687f-d66f-553f-84a8-160f497ff11c", "id": 96, "code": "TKSWVN", "public_name": "Bhagavan Bollina", "avatar": "https://cfp.pacifichackers.com/media/avatars/TKSWVN_YrthF13.jpeg", "biography": "Bhagavan Bollina is a passionate security researcher who loves building and breaking things in the cloud. Parallelly he also dabbles in web, network and mobile security. When not building and breaking stuff in the cloud, he enjoys bug bounty submissions with over 200+ across crowd source platforms. He loves training\r\nhis dog as well in his spare time, but the dog weirdly seems to not like Bug Bounty.", "answers": []}], "links": [], "attachments": [], "answers": []}], "SOLDERING VILLAGE": [{"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/FX83XQ/", "id": 93, "guid": "ba2678fd-d12e-5cd8-82c5-8ebeeffbc7eb", "date": "2026-03-23T11:30:00+00:00", "start": "11:30", "logo": null, "duration": "05:00", "room": "SOLDERING VILLAGE", "slug": "hackthebay-2026-93-soldering-101", "title": "Soldering 101", "subtitle": "", "track": "WORKSHOP", "type": "Village", "language": "en", "abstract": "Do you want to learn how to solder? Are you afraid of thinking you are going to burn yourself? Don't be scared, we've got your back. Famous and renowned badge Maker Abhinav (Panda) Pandagale will teach you the basics of soldering. You are going to have a chance to solder a badge.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "2e7b7513-91bc-57ca-ac61-6288b7daef43", "id": 53, "code": "WYSW3X", "public_name": "Abhinav Pandagale", "avatar": "https://cfp.pacifichackers.com/media/avatars/WYSW3X_9bdyWvH.jpeg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}], "VENDOR AREA": [{"url": "https://cfp.pacifichackers.com/hackthebay-2026/talk/FFD9GD/", "id": 96, "guid": "237cab56-e0be-5447-b914-d540b2fd5b2d", "date": "2026-03-23T14:00:00+00:00", "start": "14:00", "logo": null, "duration": "03:00", "room": "VENDOR AREA", "slug": "hackthebay-2026-96-happy-hour", "title": "HAPPY HOUR", "subtitle": "", "track": "HAPPY HOUR", "type": "Village", "language": "en", "abstract": "THANK YOU YESWEHACK FOR YOUR SUPPORT", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}]}}]}}}