HackTheBay 3.0

OPENING CEREMONY

You don't need a linear path or a specific degree to build an extraordinary career in cybersecurity. Tailored for junior professionals, career-switchers, and veterans, this keynote dives into the realities of the front lines. Ryan shares his unconventional journey—from IT administration and law enforcement to managing massive incident response teams and leading physical red teaming.

Key Highlights:
- The Art of the Masquerade: Jaw-dropping stories of physical penetration testing, including how to breach a cruise ship's bridge using open-source intel, fake uniforms, and a cup of espresso.
- High-Stakes Incident Response: A raw look at the emotional weight of managing 2 AM ransomware crises for hospitals and defense contractors.
- Actionable Advice: Discover why non-traditional backgrounds are a superpower, how to leverage AI tools, and why communication is your ultimate security control.

Victims see the real site; you see everything. C.A.R.P. gives each visitor an isolated Firefox container that loads the actual target URL (Gmail, banks, SSO), no fake login page, just the real site in a browser you control. Passwords, 2FA codes, and session cookies are all captured allowing sessions to be hijacked in real time. Combine C.A.R.P. with ARP and DNS spoofing on the local network, and victims who type real URLs or use bookmarks can be silently redirected into your controlled browser.

This session focuses on identity-driven cyber investigations using malicious documents as the primary intelligence source. Rather than treating documents merely as delivery mechanisms, the talk explores how weaponized files especially PDFs, Word, and Excel documents are intentionally crafted to harvest identities, map victims, and support large-scale infostealer and credential theft campaigns.

Attendees will explore how malicious documents abuse embedded scripts, macros, metadata, and obfuscation techniques to evade detection while silently collecting identity-related data. The session breaks down how these files act as both an initial access vector and a rich source of intelligence, revealing attacker behavior, targeting strategies, and operational patterns.

Through real-world case studies, the talk demonstrates how OSINT techniques can be applied directly to malicious documents to uncover attacker infrastructure, command-and-control relationships, reused artifacts, leaked credentials, and victim profiling indicators. By correlating file metadata, extracted indicators, and open-source intelligence, participants will learn how to transform a single malicious document into a full identity investigation.

By the end of the session, attendees will understand how to investigate malicious documents beyond the payload, using them as intelligence artifacts to trace identity abuse, campaign evolution, and attacker tradecraft.

Do you want to learn how to solder? Are you afraid of thinking you are going to burn yourself? Don't be scared, we've got your back. Famous and renowned badge Maker Abhinav (Panda) Pandagale will teach you the basics of soldering. You are going to have a chance to solder a badge.

Hackers are already gearing up to exploit the next new unlicensed wireless protocol – LoRa. It’s time to add LoRa-based attacks to your red team arsenal. Learn about LoRa, how it is used by a popular peer-to-peer network called Meshtastic, and how you can build your own LoRa-based implant.

AI models are increasingly delivered as compiled artifacts inside firmware images and native binaries, particularly in IoT, OT, and embedded environments. While these deployment models improve performance and reduce operational dependencies, they also create security blind spots that are poorly understood.

This session examines how AI models can be discovered and analyzed once deployed in embedded systems. The talk focuses on practical reverse engineering techniques used to identify model components, recover structural and behavioral information, and understand the risks introduced by different model packaging and compilation approaches. Attendees will leave with a clearer view of how embedded AI expands the attack surface and why it matters for both offensive and defensive security work.

THANK YOU YESWEHACK FOR YOUR SUPPORT

AI is not just changing the systems we build, but the kinds of issues that show up in a bug bounty queue. As someone who triages submissions for a large public bug bounty program, I've seen how AI related findings introduce new gray areas. These issues do not always look like traditional vulnerabilities. They often sit at the intersection of model behavior, product design, and real security impact.

In this workshop, I'll walk through how AI reports enter our bug bounty program, how policy boundaries are applied in practice, and how we evaluate whether a finding represents meaningful risk.

In the second half, we'll get hands-on with a vulnerable MCP style server adapted from the open source Vulnerable MCP Servers Lab. We'll reproduce a trust boundary failure, analyze its impact, and walk through how a report like this would be classified and triaged inside a real bug bounty program.

This session offers a practical look at how AI vulnerabilities are evaluated from the triage side and how architectural decisions determine whether an AI issue stays theoretical or becomes infrastructure risk.

Analyze malware to find indicators of compromise using static and dynamic techniques. We will modify Windows executables to cheat at games and examine malware's actions, including droppers, botnets, and keyloggers.

Participants need a computer with VMware and at least 30 GB of free storage space.
All workshop materials are freely available on the Web and will remain available after the workshop ends.

The most exploitable attack surface in modern businesses might not be their network perimeter, it's the Bluetooth-enabled receipt printer broadcasting without authentication. This talk demonstrates how trivially easy it is to hijack commercial Bluetooth devices using only a smartphone, then scales that threat to reveal city-wide surveillance implications through systematic warwalking research.

I'll demonstrate live exploitation of devices I've compromised in the wild: receipt printers, Samsung TVs, and commercial IoT devices, all requiring zero technical knowledge to attack. Then I'll show how I scaled this from opportunistic hacking to systematic research using a $100 Raspberry Pi rig running Kismet with GPS tracking, collecting over 100,000 device observations across San Francisco, Nashville, NYC, and Las Vegas.

The privacy implications are severe: 60-65% of Bluetooth devices broadcast persistent identifiers enabling long-term tracking as people move through cities. I'll present data-driven analysis showing how static MAC addresses combined with GPS logs create a surveillance infrastructure accessible to anyone with basic Python skills. Hotel door locks broadcast room numbers in plaintext. Air purifiers send 50 packets per minute for no legitimate reason. The gap between "possible to secure" and "secured in practice" is enormous.

Attendees will see live demonstrations including a receipt printer available for audience hijacking attempts, real-time Kismet data collection from conference attendees' devices, and Python analysis scripts running against live data. I'll share open-source tools for conducting this research and provide actionable defensive recommendations for manufacturers, businesses, and individuals.

This presentation combines accessible exploitation demonstrations with rigorous data science to show that if I can build city-scale surveillance infrastructure without Bluetooth expertise, anyone can.

This talk is a follow-up to our September research on denial-of-service and permission escape in Claude Code. We now examine how LLM-powered coding agents can be weaponized end-to-end, including paths to remote code execution. Using Claude Code as a primary case study, and extending to VS Code extension exploits and recent Cursor incidents, we show how agent autonomy, extension APIs, and execution boundaries collapse into a practical RCE surface.

This hands-on workshop dives into real-world AWS misconfigurations that attackers actively
exploit to gain privilege escalation and access sensitive data. You’ll step into the shoes of an
adversary and learn how common oversights like loose IAM roles, misconfigured Cognito
identity pools, or exposed metadata endpoints can be chained into full-blown breaches.

There are so many techniques, methods, focus areas in the hacking world which makes it overwhelming to begin. I would want to pause with all my research, pentesting, hacking, exploiting, writing ai to replace me.. and take an hour or two and guide you from the beginning.

tackling 10 different areas I played with over the years, how to start, how to dive deep and how to think like a hacker. This presentation will be technical but built for anyone who wants to join this amazing world. We will learn web, mobile, iot, browsers, and more.. how to leverage code analysis and anything that can help you cheat your way into the exploit
Following the talk we will have a collaborative workshop practicing these methods

Let’s have fun!!

CLOSING CEREMONY