Archive
Past BSidesNYC conferences — sessions, slides, and recordings.
2025 — BSidesNYC 0x05
▼ Gigabit: Google Cloud, Code Red Partners, Exaforce, Formal, LayerX, Tuskira Megabit: Culminate, Gecko Security, Konvu, TraceBit, Red Canary, StrongDM, Panther, Socket, SixMap, Heeler, nullify, DataBee, Dashlane, semgrep, armis Kilobit: deepTempo, Sublime Security, iVerify, Cotool, Jane Street Capital, Bugcrowd
Tech - Red
Keynote
John Hammond
Entrepreneur
Inside the Mind of a Cyber VC: What Founders Get Wrong and How to Pitch Like a Pro
Lucas Nelson
Tech - Blue
Detecting and Preventing Obfuscated Script Execution with Tree-sitter
David McDonald
Tech - Other
Down the Drain: Unpacking TON of Crypto Drainers
Elizaveta Mikheeva
Tech - Red
From Interview Questions to Cluster Damage: Adventures in k8s Cluster Hacking
Amit Serper
Entrepreneur
What It’s Like Being the Only Security Startup in Your YC Batch
Alex Chantavy, Kunaal Sikka
Tech - Other
Syndicate: The Life of a Ransomware Affiliate
Tammy Harper
Entrepreneur
Essential Marketing for Cyber Founders
Gianna Whitver
Tech - Blue
Spycraft 2.0: Hunting Dead Drops in Web Applications
Jonathan Fuller
Tech - Other
The Human-AI Handshake: A Framework to Build Trust and Unlock Innovation in Modern Security Ops
Michael Raggi
Tech - Red
Inboxfuscation: Out-of-the-Box Mailbox Obf{\u}scation - Turning BEC into Business Email Chaos
Andi Ahmeti
Tech - Other
SpyMax - Mobile Malware On The Frontlines of Syria's Civil War
David Feldman
Entrepreneur
They Don’t Want to Talk to Sales—So Let the Community Sell for You
Mariana Padilla
Tech - Blue
Unseen in the Stack: Mapping Hidden Java Dependencies for Real-World Defense
Oron Gutman
Tech - Other
Deconstructing LightSpy's True Scale: 70-Plugin Framework, Router Infections, Live Operator Panels,
Dmitry Bestuzhev, Dmitry Melikov
Tech - Red
Gridlock: The Dual-Edged Sword of EV and Solar APIs in Grid Security
Vangelis Stykas
Entrepreneur
How to Create Deep Partnerships with Technical Teams: Sales Engineering Lessons Learned
Samantha Pearlstein
Entrepreneur
Trust at Scale: Lessons Learned from a Decade of Engineering for Identity
Frederic Rivain
Tech - Blue
Using Volatility 3 to Detect Sophisticated Malware
Andrew Case
Tech - Other
Living off the (land)cloud: Scattered Spider and the cloud control plane
Shivakumar Buruganahalli
Tech - Red
When the Shadow Crosses Over
Ilya Yatsenko
Entrepreneur
Building a security startup as an outsider
Kabir Mathur
Tech - Red
Trust the Model? Weaponizing Windows AI for Payload Staging
Hari Shanmugam
Entrepreneur
When Build vs Buy Is Rigged: Selling to Enterprises That Prefer Building In-House
Amir Kavousian
Tech - Blue
The Log Rings Don’t Lie: Historical Enumeration in Plain Sight
Bleon Proko
Tech - Other
The History of Malware: From Floppies to Droppers
Eliad Kimhy
Tech - Red
From pocket to Pwn: How we hacked a multinational corp for $200 with whats in our pockets
Tim Shipp
Entrepreneur
Rebooting the cyber arsenal of democracy
Eric Foster
Tech - Blue
P0LR Espresso - Pulling Shots of Cloud Live Response & Advanced Analysis
Art Ukshini
Tech - Other
The Allure of Go's Cross-Platform Capability: A Gateway for Threat Actors to Mac and Linux
Anmol Maurya
Tech - Red
Inside Ransomware: Facts and Findings from the Blackbasta and Lockbit Leaks
Cory Wolff
Tech - Other
Sniffing Out Cert Abuse: A Dogged Approach to ESC Remediation
Emily Leidy
Tech - Red
Inside Cloud Attack Paths: End-to-End Adversary Simulation
Mauricio Velazco
Entrepreneur
Why Being A Great Technologist May Not Make You A Great CEO (And How To Bridge The Gap)
Jason Kaplan
Tech - Blue
Contribute to Learn: Building DFIR Expertise Through Open Source
Christopher Eng
Tech - Red
Hidden Payloads: Advanced Malware Exploitation via PDF Files
Filipi Pires
Entrepreneur
From CISA to Starting Up: Shifting Secure by Design at Scale
Jack Cable
Tech - Blue
Slaying Hidden Threats in Residential (and Mobile!) IP Proxies
Christo Roberts
Tech - Other
Beyond Vibe Coding: Building Reliable AI AppSec Tools
Emily Choi-Greene
Entrepreneur
The Good Business: How to Bootstrap a Business to $10M and Beyond
Christian Hyatt
Tech - Blue
Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots
Allyn Stott
Tech - Other
Cloud’s Dirty Little Secret: It Was Misconfigs All Along
Karl Ots
Tech - Red
Navigating the Virtualization Battlefield: A Deep Dive into Hypervisor Attack Vectors
Austin Gadient
Tech - Other
Exploit Intelligence with Agentic AI: Patch What Matters
Dmitrijs Trizna
2024 — BSidesNYC 0x04
▼Tech - Red
BSidesNYC 0x04 Keynote: When Do We Get to Play On Easy Mode?
Wendy Nather
Entrepreneur
Raising money from and engaging with Angel Investment Syndicates
Anshu Gupta
Tech - Blue
10 Things to Know Before You Work on Your Next M365 BEC
Ida Musheyev-Polishchuk, Natasha Vij
Tech - Other
Reflections and Lessons from Defending NYC
Munish Walther-Puri
Tech - Red
Building Burp Extensions with Kotlin
Nick Coblentz
Entrepreneur
Building a niche product in a consolidating macro climate
halffinn
Tech - Blue
Bridging the Gap: Developing Accessible Anti-Phishing Solutions
Lydia Stepanek
Tech - Other
Cybersecurity Considerations for Brain-Computer Interfaces
Tyler Schroder, Renee Sirbu
Tech - Red
Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy
gl4ssesbo1, Opie
Entrepreneur
GEN-Z Critique on SOC 2
Charissa Kim
Tech - Blue
Building canaries with ELK and ElastAlert2
Andrew Januszak, Keith Erekson
Tech - Other
Quantum Computing and Its Impact on Cybersecurity
Rashmi
Tech - Red
How I hacked a cloud production environment with external Terraform manipulation
Uri Aronovici
Entrepreneur
The blood, sweat, and tears (of pride) in bootstrapping
euphoricfall
Tech - Blue
Trusted Types: DOM XSS Protection at Scale
Jen Ozmen, Youssef Attia
Tech - Other
Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers
Mariya Gedrich
Tech - Red
Discover the Unseen: Azure Vulnerability Exploitation
Scott Miller
Tech - Blue
CloudTail: Making Heads or Tails of Selectively Retaining Multi-Cloud Logs (w/o a SIEM!)
Ela Dogjani
Tech - Other
Cloud Warfare: Grappling and Strangling Scattered Spider
Andi Ahmeti, Abian Morina
Entrepreneur
How to Talk So That They Will Listen: Selling Cybersecurity
May Brooks
Tech - Other
The Life of an SBOM: Where does it go and what do organizations do to it and with it?
Anita D'Amico, Ken Zalevsky
Tech - Red
From HiatusRAT to Cuttlefish: advances in credential theft through the router
Danny Adamitis
Entrepreneur
Startup Survival Tips and Uncommon Sense for First-Time Tech Founders
Eldon Sprickerhoff
Tech - Red
How We Impersonated Cloud Code by Google Cloud and Took Over GCP Accounts
Moshiko
Tech - Blue
Open & Secure: Novel Sandboxing Technique for Any Open Source Library
Gal Elbaz
Tech - Other
Volt Typhoon and the Threat to Critical Infrastructure
Jonathan Goll
Entrepreneur
Eat Your Own Dog Food: Why (Even Security) Startups Suck at Security & How to Fix it
Eric Olson
Tech - Red
Remote Code Execution with Serialization Vulnerabilities
John Iwasz
Tech - Blue
Protecting Snowflake and Critical Data Systems from Unauthorized Access
Shelley, Stephen Spano
Tech - Other
Challenges of GraphQL security in 2024
Tristan Kalos, iCarossio
Tech - Blue
Detection and Triage of Domain Persistence
Joshua Prager, Nico
Tech - Other
Combating Deepfakes: Safeguarding Election Integrity in the AI Era
Vaibhav Malik
Tech - Red
RE-Thinking: Modernizing the Malware Analyst
Joseph Edwards
Entrepreneur
My Journey from a $99K Cybersecurity Research Project to a Commercial Product and Acquisition
Anita D'Amico
Tech - Blue
When Apps Attack: Hunting Traitorware and Rogue Microsoft 365 Apps at Scale
Matt Kiely | HuskyHacks, Christina Parry
Tech - Other
The new SaaS cyber kill chain
Luke Jennings
Tech - Red
XZ Backdoor: Navigating the Complexities of Supply Chain Attacks Detected by Accident
DevSecYoad
Entrepreneur
Building Cyber Products Customers Love
Ross Haleliuk
Tech - Blue
Fortifying Active Directory: Combatting Misconfigurations
Jeff
Tech - Other
Securing a Generative AI Implementation
eyrsec
Tech - Red
Local to Global: Tracing Kimsuky's Network Infra Adaptations in a Changing Geopolitical Landscape
Dmitry
Entrepreneur
Building a Cybersecurity Powerhouse: Insights from a Serial Entrepreneur
Ben
2023 — BSidesNYC 0x03
▼ Platinum: Confiant, SpecterOps, Artico Search, OccamSec, Material Security, Synack, Revbits, SolCyber, mSOC, Block, IncludeSecurity Gold: Tanium, Huntress, F5, Sublime Security, Cruise Automation, Elteni, North Star Silver: Justworks, ComplianceCow, SecureCodeWarrior, CREST
Talk - Red
Keynote
Lance James
Talk - Blue
Hunting for RomCom RAT inside of the context of the war in Ukraine
Dmitry, Jacob Faires
Talk - Other
The Rise and Fall of the Trickbot and Conti Empires
Alex Holden
Talk - Red
Low Code High Risk: Enterprise Domination via Low Code Abuse
Michael Bargury
Talk - Blue
Hunting Threat Actors using OSINT Forensics
Abi Waddell
Talk - Other
The FBI Citizen's Academy: Outreach Experience
Beck (blither)
Talk - Red
xIoT Hacking Demonstrations & Strategies to Disappoint Bad Actors
Brian Contos
Talk - Blue
Analyzing volatile memory on a Google Kubernetes Engine node
Marcus Hallberg
Talk - Other
Modern Day Automobile Safety: Rescue Ops using CanBus
Checco
Talk - Red
Pen Testing for NOT Dummies
Alex Holden
Talk - Blue
Closing the Gap vs Adversaries With Community Resources
Ian Davila
Talk - Other
BTC as an IOC: Using Blockchain for Attribution
Jackie Burns Koven
Talk - Red
Hacking Serverless Applications: A Treasure Map for Uncharted Waters
Matteo Rosi
Talk - Blue
Elements of an Effective Software Supply Chain Strategy
Anita D'Amico
Talk - Other
The Dark Side of ChatGPT: Balancing Innovation and Security in the Age of Generative AI
Aditya Patel
Talk - Red
Infrastructure as Remote Code Execution: How to abuse Terraform to elevate access
Mike McCabe
Talk - Blue
The Metrics Mess: Why the Lack of Clear and Common KPIs is Undermining SecOps (and How We Can Fix It)
Eric Olson
Talk - Other
Beyond the Buzz: SBOMs, AI, and DataOps for Organizational Resilience in a Post-Log4j World
Jessie Jamieson
Talk - Red
Save the Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint
Wietze Beukema
Talk - Blue
Broken links - Behind the scenes of Supply Chain breaches
François Proulx
Talk - Other
A Chess Tournament: China/Russia Underground Ecosystem Comparison
Mao Sui, Oxana
Talk - Red
A few tricks to Anonymizing your Red Team
Patrick Matthews
2018 — BSidesNYC 0x02
▼ Platinum: MWR InfoSecurity, Virtue Security, Cisco, context, Mandiant, Crowe Horwath, Red Balloon Security, Jet Gold: F5, OccamSec, Syncurity, tCell, Cybereason, MongoDB, Red Canary Silver: NSA, L.J. Kushner, Senrio, Cortex Insight, enSilo, Dispel, Splunk
Keynote
Runa Sandvik
Keynote
Amber Baldet
Entrepreneur Track
Return Oriented: A 2017 Market Round Up
Kelly Shortridge
Entrepreneur Track
The Things No One Tells You About Launching a Startup
Loren Mahler
Track 1
Practical Analysis of Awareness
Kendra Cooley
Track 2
Hunting for Lateral Movement
Mauricio Velazco
Entrepreneur Track
Creating a New Security Product Category
Galina Antova
Entrepreneur Track
Bootstrapping
Paul Vixie
Track 1
Open Up and Say 0x41414141: Attacking Medical Devices
Robert Portvliet
Track 2
Evading C2 Detection with Asymmetry
Brandon Arvanaghi, Andrew Johnston
Entrepreneur Track
Venture Capital in Security
Roselle Safran
Entrepreneur Track
Marketing and Advertising for Security Startups
Nicole Enslein
Track 1
Threat hunting .NET malware with YARA
Santiago Pontiroli
Track 2
Moving Graph Analytics to Higher Dimensions to Discover Network Activity / Anomalies that are implicit in behavior - Connections in High Dimensions
Richard Lethin
Entrepreneur Track
Startup Panel
Mikala Vidal, Lenny Zeltser, Omri Segev Moyal, Regine Gilbert, Joe Bernik
Track 1
firewalls-- threat or menace?
Paul Vixie
Track 2
Moving like a Spook through Walls Or how to be only a shadow for APT detectors
Dmitry Bestuzhev
Entrepreneur Track
Growing & Monetizing Your Open Source Side Project
Kevin Chung
Entrepreneur Track
Sales: How long until you really need it?
Adrian Mahieu
Track 1
Threat-Based Risk Management
Julian Cohen, Justin Berman
Track 2
Taste the Rainbow
David Hartley
Entrepreneur Track
How Security Startups Can Help Build the Next Generation of Cyber Security Leaders
Jessica Santana
Entrepreneur Track
Product Management of Security Solutions
Lenny Zeltser
Track 1
I Want To Break Free
Stuart Morgan
Track 2
The Politics of Intelligence: Applying History to Modern Day Cyber Threat Intelligence
Paul Jaramillo
Entrepreneur Track
(From) Concept to Profit
Ryan Young
Entrepreneur Track
Startup Security Research
Irena Damsky, Omri Segev Moyal
Track 1
2FA was part of the solution, now it's part of the problem
Roel Schouwenberg
Track 2
Signal Safari: Investigating RF Controls with RTL-SDR
Katie Knowles
2016 — BSidesNYC 0x01
▼Keynote
Chris Wysopal
Visionary Keynote
Dino Dai Zovi
Track 1
Docker Containers for Malware Analysis
Lenny Zeltser
Track 2
The Ransomware Threat: Tracking the Digital Footprints
Kevin Bottomley
Track 3
Entrepreneur Hour
Elad Yoran, Stephen A. Ridley, Dr. Ang Cui, Vera Sell
Track 1
Defense at Scale
Jan Schaumann
Track 2
How Hackers View Your Web Site
Patrick Laverty
Track 1
Mobile implants in the age of cyber-espionage
Dmitry Bestuzhev
Track 2
Beyond IDS: Practical Network Hunting
Josh Liburdi
Track 1
99 Problems but a Microkernel ain't one!
Alex Plaskett
Track 2
The Insecurity Of Things
Stephen A. Ridley
Track 1
Change is the only constant: A day in the life of DNS changes
Ben April
Track 2
Making & Breaking Machine Learning Anomaly Detectors in Real Life
Clarence Chio
Track 1
No Silver Bullet. Multi contextual threat detection via Machine Learning
Rod Soto, Joseph Zadeh
Track 2
The Pagentry of Lateral Movement
Stuart Morgan
Track 1
An Adversarial View of SaaS Malware Sandboxes
Jason Trost, Aaron Shelmire
Track 2
Warranty Void If Label Removed - Attacking MPLS Networks
G. Geshev
Video Provider
Internet Society
Internet Society
The Internet Society supports and promotes the development of the Internet as a global technical infrastructure, a resource to enrich people’s lives, and a force for good in society.