2.0 -//Pentabarf//Schedule//EN PUBLISH RZZMHT@@cfp.pacifichackers.com -RZZMHT OPENING CEREMONY en en 20260323T104500 20260323T110000 0.01500 OPENING CEREMONY PUBLIC CONFIRMED Lightning Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/RZZMHT/ WORKSHOPS PUBLISH PTHYVR@@cfp.pacifichackers.com -PTHYVR NO BADGE REQUIRED: An Unconventional Journey Through Cybersecurity's Front Lines en en 20260323T110000 20260323T113000 0.03000 NO BADGE REQUIRED: An Unconventional Journey Through Cybersecurity's Front Lines PUBLIC CONFIRMED Keynote https://cfp.pacifichackers.com/hackthebay-2026/talk/PTHYVR/ WORKSHOPS Ryan Massfeller @Ryan4n6 PUBLISH HPJMLP@@cfp.pacifichackers.com -HPJMLP Catch & Release Phramework: Credential Harvesting Without the Phishing Page en en 20260323T113000 20260323T124000 1.01000 Catch & Release Phramework: Credential Harvesting Without the Phishing Page PUBLIC CONFIRMED Workshop https://cfp.pacifichackers.com/hackthebay-2026/talk/HPJMLP/ WORKSHOPS David Porcello Rob Wright PUBLISH LBXQ3P@@cfp.pacifichackers.com -LBXQ3P Red teaming with LoRa and Meshtastic en en 20260323T130000 20260323T143000 1.03000 Red teaming with LoRa and Meshtastic This workshop introduces LoRa, a low-power, long-range wireless technology gaining traction in commercial and community networks. We will then explore a popular community networking application called Meshtastic. Using our devices, we will join the local community network and become familiar with how to locate other nodes and communicate with them. We will then learn how to create a closed community in which only we can participate. Will then download the Meshtastic firmware build system on our laptops and learn how to build custom firmware. Finally, we will explore how this technology can be used for red-teaming, considering that the bad guys are already looking for ways to exploit this new and fantastic technology. As part of this exercise, you will hack a remote system miles away using your LoRa node! For the best experience, participants should bring their laptops and also have access to a LoRa device. If you would like to purchase a LoRa kit, we will have kits for sale for $35. PUBLIC CONFIRMED Workshop https://cfp.pacifichackers.com/hackthebay-2026/talk/LBXQ3P/ WORKSHOPS Venky Raju PUBLISH HAWGXZ@@cfp.pacifichackers.com -HAWGXZ Malware analysis: Learn Windows internals and how malware operates en en 20260323T143000 20260323T160000 1.03000 Malware analysis: Learn Windows internals and how malware operates PUBLIC CONFIRMED Workshop https://cfp.pacifichackers.com/hackthebay-2026/talk/HAWGXZ/ WORKSHOPS Sam Bowne PUBLISH QRWHYC@@cfp.pacifichackers.com -QRWHYC Let’s hack from the beginning en en 20260323T160000 20260323T171500 1.01500 Let’s hack from the beginning This will be a presentation followed by a workshop on methods and tactics i’ve learned along my hacking adventures. I will pick a exploit or method that worked for me in each field and will drill down on how to look at it from the beginning with only beginner knowledge, I will share my way of thinking and how not to be afraid of going down weird rabbit holes PUBLIC CONFIRMED Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/QRWHYC/ WORKSHOPS Rotem Bar PUBLISH NDP7DU@@cfp.pacifichackers.com -NDP7DU CLOSING CEREMONY en en 20260323T171500 20260323T173000 0.01500 CLOSING CEREMONY PUBLIC CONFIRMED Lightning Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/NDP7DU/ WORKSHOPS PUBLISH 3NCYCE@@cfp.pacifichackers.com -3NCYCE Identity Hunting with Malicious Documents en en 20260323T113000 20260323T124500 1.01500 Identity Hunting with Malicious Documents Outline 1 - Introduction & Context - Why identity is the real target behind document-based attacks. - The role of malicious documents in modern infostealer campaigns. 2 - Malicious Documents as Identity Attack Vectors - PDFs, Word, and Excel as weaponized platforms. - Common identity theft objectives in document-based attacks. - From initial access to credential harvesting. 3 - Understanding Malicious Document Structures - High-level overview of PDF, Word, and Excel internals. - Execution flow: scripts, macros, embedded objects, and actions. - Where and how identity-harvesting logic is hidden. 4 - Dissecting a Malicious Document (Live Demo) - Step-by-step analysis of a weaponized document. - Practical use of tools such as: - pdfid, pdf-parser, pdftk and others 5 - Encoding, Obfuscation, and Evasion Techniques ( Demo ) - Common encoding and obfuscation methods used in documents. - Layered techniques to bypass detection engines. - How attackers protect identity-stealing workflows. 6 - OSINT: From Document to Identity Infrastructure ( Demo) - Extracting indicators from malicious documents. - Pivoting to OSINT sources for enrichment. - Identifying Command & Control endpoints and identity abuse infrastructure. - Correlating domains, emails, reused artifacts, and leaked data. 7 - Building an Identity-Focused Investigation -Mapping document artifacts to attacker behavior. - Campaign tracking and attribution signals. - Using document intelligence to support IR, SOC, and Threat Intel teams. 8 - Conclusion & Key Takeaways - Turning malicious documents into intelligence assets. - Investigating identity abuse beyond the payload. - Final insights and open discussion. PUBLIC CONFIRMED Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/3NCYCE/ TALKS Filipi Pires PUBLISH ZHCF3M@@cfp.pacifichackers.com -ZHCF3M Reverse Engineering Embedded AI Models in Firmware and Binaries en en 20260323T131500 20260323T140000 0.04500 Reverse Engineering Embedded AI Models in Firmware and Binaries This presentation takes a technical, hands-on look at how reverse engineers encounter AI models once they are deployed inside firmware images and compiled binaries. Rather than treating AI as a black box, the session walks through concrete analysis workflows that expose how models are packaged, optimized, and executed at the binary level. The talk covers multiple deployment patterns, including serialized model formats and fully compiled inference pipelines produced by modern AI toolchains. Attendees will see how common reverse engineering tools can be used to locate model artifacts, distinguish inference logic from surrounding code, and reason about model structure and behavior even when traditional metadata is absent. Practical demonstrations illustrate how recovered information can be used to reconstruct portions of a model, validate assumptions about its architecture, and assess downstream risks such as unauthorized reuse, tampering, and adversarial manipulation. The session concludes by discussing defensive implications and what these findings mean for teams responsible for deploying or securing AI-enabled systems. PUBLIC CONFIRMED Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/ZHCF3M/ TALKS Stephen Brennan Ulrich Lang PUBLISH KNEYAQ@@cfp.pacifichackers.com -KNEYAQ What Happens After You Report an AI Bug: From Model Behavior to Real Impact en en 20260323T140000 20260323T144500 0.04500 What Happens After You Report an AI Bug: From Model Behavior to Real Impact PUBLIC CONFIRMED Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/KNEYAQ/ TALKS Ani Turner PUBLISH XNRRSQ@@cfp.pacifichackers.com -XNRRSQ Bluetooth Warwalking: Hacking the Airwaves with Your Phone and a Pair of Sneakers en en 20260323T144500 20260323T153000 0.04500 Bluetooth Warwalking: Hacking the Airwaves with Your Phone and a Pair of Sneakers TALK STRUCTURE & TIMELINE (45 MINUTES) ___ This presentation delivers comprehensive coverage of Bluetooth exploitation, moving from accessible demonstrations through systematic data collection to large-scale privacy implications with detailed technical methodology. PART 1: PRACTICAL EXPLOITATION (12-15 MINUTES) ___ I'll demonstrate real-world Bluetooth hijacking using only commodity hardware with expanded audience interaction: • Receipt Printer Takeover: I'll bring an Epson TM-M30II thermal printer and demonstrate the complete connection process step-by-step. I'll share the story of how I discovered and exploited an unsecured café printer using only the free iOS Epson TM Utility app to print messages claiming to be from "time travelers from 2036," which convinced local high school employees they'd made contact with the future. The printer will be live in the room with time for 2-3 audience members to attempt connections during the presentation. This attack requires zero technical knowledge, just opening your phone's Bluetooth menu and downloading an app. • Samsung TV Hijacking: I'll walk through my two-stage attack progression in detail: (1) Audio-only takeover using smartphone Bluetooth pairing (demonstrated at a smoothie bar), showing the actual pairing interface, and (2) Full video control combining Flipper Zero IR commands (universal Samsung remote) with same-network Wi-Fi access (demonstrated at a Chicago bar). I'll demonstrate the Flipper Zero IR commands live if the venue has a Samsung TV. The vulnerability: manufacturer default settings with no authentication. In Chicago, simply asking the bartender for WiFi password gave me complete control of all their Samsung displays. • Extended Device Tour: Detailed demonstrations of additional vulnerable devices including ProSmart bed bases at Mattress Firm, commercial speakers, hotel door locks broadcasting room numbers in plaintext, and smart home devices, all with specific exploitation scenarios and video footage where available. PART 2: SCALING RESEARCH WITH KISMET (15-18 MINUTES) ___ How I moved from opportunistic hacking to systematic research with technical depth: • Hardware Deep Dive: Raspberry Pi 4 + GPS dongle + battery (~$100 total). I'll show the actual physical rig and walk through the complete setup: auto-connects to phone hotspot, establishes Tailscale VPN for remote access, syncs Kismet logs to home server via rsync. I travel with this constantly and will explain why each component matters for scalable data collection. • Kismet Configuration: I'll share my actual Kismet config files, explain what data fields I'm capturing (device names, MAC addresses, manufacturer data, signal strength/RSSI, timestamps, GPS coordinates) and discuss storage requirements and data management at scale. • Dataset Overview: ~100,000+ device observations across San Francisco, Nashville, NYC, Las Vegas. • Extended Live Analysis Session: I'll have the rig running during the talk, collecting data from the conference room. I'll SSH in and execute multiple Python analysis scripts live, showing my complete data pipeline from raw Kismet logs to actionable intelligence. Expect to see real-time enumeration of Flipper Zeros, smart watches, meshtastic nodes, and whatever else attendees are carrying. I'll demonstrate querying patterns across cities and show visualization of tracking patterns. • Cross-City Comparisons: Detailed statistics comparing device security posture across San Francisco vs Nashville vs NYC vs Las Vegas, discussing how geographic and demographic factors influence what devices are present and how they're configured. PART 3: PRIVACY IMPLICATIONS & TRACKING (10-12 MINUTES) ___ Data-driven privacy implications with concrete examples: • Key Statistics: 7-8% devices broadcast human-readable names, 60-65% have persistent identifiers enabling tracking, 99% are Bluetooth Low Energy (IoT dominance), 1,300 devices detected in a 1/4-mile suburban walk. • Tracking Demonstration: I'll show actual examples of tracking specific devices across multiple days and locations using GPS-tagged data (anonymized), explaining how correlation attacks work in practice. Hotel Lock Analysis: Detailed discussion of Bluetooth door locks broadcasting room numbers in plaintext and the privacy implications for hotel guests who don't realize their room location is being broadcast to anyone nearby. • Surveillance Infrastructure: Static MAC addresses + GPS logs = anyone with $100 and basic Python skills can track people moving through cities. I'll discuss how retailers could use this technology, compare it to existing WiFi tracking infrastructure, and explain why Bluetooth tracking is actually more problematic due to its ubiquity and constant broadcasting. • Statistical Deep Dive: I'll present my data science methodology, show visualizations of device density patterns, and discuss temporal patterns (time of day, day of week variations). • Wasteful Broadcasting: Some devices transmit absurdly: Molekule air purifiers send 50 packets/minute (38,000 in 12 hours), Pura fragrance diffusers constantly broadcasting. No legitimate reason for this frequency. PART 4: DEFENSIVE MEASURES & CALL TO ACTION (5-6 MINUTES) ___ • Manufacturers: Specific technical standards they should adopt (default-secure configs, require authentication, rotate MAC addresses), with examples of companies doing it right vs wrong. • Enterprise Security: How businesses should audit their Bluetooth attack surface, specific tools for continuous monitoring, disable discoverability on commercial devices. • Individual Actions: Practical steps attendees can take today to audit their own devices, discussion of iOS/Android privacy controls, understand what your devices broadcast. • Policy Discussion: Should there be regulations around Bluetooth device security? What would effective regulation look like? Core Problem: If I can do this without Bluetooth expertise, anyone can. Q&A (Remaining Time) TECHNICAL DETAILS FOR REVIEWERS ___ • Tools & Code: Open-source Python scripts for Kismet log analysis (available via GitHub), Kismet REST API for real-time data access, FastAPI backend for querying cross-city statistics, integration with WiGLE database (4.5 billion Bluetooth devices mapped globally). • What Makes This Different: Most Bluetooth talks focus on protocol vulnerabilities or specific CVEs. This demonstrates: (1) How trivially low the barrier to entry is (smartphone + curiosity), (2) Surveillance implications at scale, (3) Data science applied to security research, (4) The gap between "possible to secure" and "secured in practice." • Interactive Elements: Receipt printer in room available for audience connection attempts (2-3 participants during talk), live Kismet session showing real-time device enumeration from conference attendees, multiple Python analysis scripts executed live against conference data, open-source tools shared for attendees to replicate research. • Audience Takeaways: Practical exploitation techniques requiring minimal technical knowledge, understanding of systematic warwalking methodology with detailed technical implementation, open-source tools to conduct this research in their own cities, privacy implications of always-broadcasting IoT devices with concrete tracking examples, actionable defensive measures for individuals and organizations. FORMAT NOTES ___ This 45-minute format allows comprehensive coverage of both practical exploitation and research methodology. Real-world exploitation stories create immediate engagement, extended live technical demonstrations show research depth and reproducibility, and detailed privacy implications provide the "why this matters" hook with concrete examples. Live demos include fallback screenshots if connectivity fails. NEW CONTENT FOR HACKTHEBAY ___ This is active, ongoing research with continuous data collection. The HackTheBay presentation will feature: • Latest multi-city comparative analysis including recently completed Las Vegas high-density environment data • Most current statistics from expanded dataset (growth from initial research to 100,000+ observations) • New exploitable device classes discovered through ongoing warwalking • Refined privacy pattern analysis showing geographic differences in device security posture • Updated defensive recommendations based on latest findings • Extended technical methodology section covering data pipeline architecture and analysis techniques Core demonstrations and methodology provide consistent framework, but specific statistics, device examples, privacy implications, and technical depth will reflect the current state of research at presentation time. RESPONSIBLE DISCLOSURE NOTE ___ All exploitation demonstrations use devices I own or have explicit permission to access. No unauthorized access to third-party systems will be demonstrated. The research methodology and tools are shared for educational purposes to raise awareness of systemic security issues and encourage better manufacturer defaults. The goal is to demonstrate how accessible these vulnerabilities are to drive positive change in device security practices. PUBLIC CONFIRMED Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/XNRRSQ/ TALKS kn0ck0ut (Matt) PUBLISH D9EHLH@@cfp.pacifichackers.com -D9EHLH When Agents Execute: RCE Paths in LLM-Powered Coding Tools en en 20260323T153000 20260323T160000 0.03000 When Agents Execute: RCE Paths in LLM-Powered Coding Tools PUBLIC CONFIRMED Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/D9EHLH/ TALKS Manesh Babu PUBLISH QQRLTF@@cfp.pacifichackers.com -QQRLTF Hunting Shells via Chaining Misconfigs in AWS en en 20260323T160000 20260323T164500 0.04500 Hunting Shells via Chaining Misconfigs in AWS Key Takeaways: ● Escalate IAM permissions to gain admin-level access ● Exploit SSRF in EC2 to steal credentials ● Abuse misconfigured Cognito identity pools for unauthorized access ● Understand how small missteps can trigger large-scale compromise ● Use tools like Cloud Nuke to safely clean and reset your infrastructure Built for all skill levels, this lab gives security engineers, DevOps teams, and developers a safe space to break things, fix them, and come out with a sharper eye for spotting these risks before attackers do. PUBLIC CONFIRMED Talk https://cfp.pacifichackers.com/hackthebay-2026/talk/QQRLTF/ TALKS Sumanth Bhagavan Bollina PUBLISH FX83XQ@@cfp.pacifichackers.com -FX83XQ Soldering 101 en en 20260323T113000 20260323T163000 5.00000 Soldering 101 PUBLIC CONFIRMED Village https://cfp.pacifichackers.com/hackthebay-2026/talk/FX83XQ/ SOLDERING VILLAGE Abhinav Pandagale PUBLISH FFD9GD@@cfp.pacifichackers.com -FFD9GD HAPPY HOUR en en 20260323T140000 20260323T170000 3.00000 HAPPY HOUR PUBLIC CONFIRMED Village https://cfp.pacifichackers.com/hackthebay-2026/talk/FFD9GD/ VENDOR AREA