Schedule Tuesday August 5th
Middle Ground Events Breaking Ground Common Ground Ground Floor Ground Truth Hire Ground I Am The Cavalry PasswordsCon Proving Ground Training Ground Skytalks

Find us on HackerTracker

Monday
August 4th

Tuesday
August 5th

Wednesday
August 6th

07:00

Info Booth Opens, Tuesday

08:00

Registration Opens, Tuesday

08:30

Silent Auction Opens, Tuesday

08:30

Middle Ground Opens, Tuesday

09:00-09:30

Skytalks Token Drop 3

10:00-11:30

Morning Talks, Tuesday

10:30-14:30

Morning Trainings, Tuesday

12:30-13:30

Skytalks Token Drop 4

14:00-16:00

Afternoon Talks, Tuesday

14:30

Trainer Box Lunches Delivered, Tuesday

15:00-19:00

Afternoon Trainings, Tuesday

16:00

Registration Closes, Tuesday

16:00

Silent Auction Closes, Tuesday

16:00

Info Booth Closes, Tuesday

17:00-19:00

Evening Talks, Tuesday

19:00

Middle Ground Closes, Tuesday

09:00

PvJ CTF Play Begins, Tuesday

12:30-14:00

Lunch Break, Tuesday

16:00

PvJ CTF Play Ends, Tuesday

16:00-17:00

Happy Hour, Tuesday, Sponsored by Stroz Friedberg

17:00-17:30

PvJ CTF Hotwash, Tuesday

19:00-20:00

Proving Ground Mentors Meet-Up

19:00-20:00

Data Science Meet-Up

19:00-22:00

Global BSides Organizers Un-Conference Meet-Up

19:30-21:30

Recovery Hackers, Tuesday

20:00-22:00

Speaker Reception

21:00-00:00

BSides Pub Quiz

22:00-02:00

BSides Karaoke

09:30-09:55

Opening Remarks, Tuesday

10:00-10:20

Poison in the Wires: Interactive Network Visualization of Data Attacks

10:30-10:50

Rusty pearls: Postgres RCE on cloud databases

11:00-11:20

No IP, No Problem: Exfiltrating Data Behind IAP

11:30-12:15

Vulnerabilities Beyond CVEs: Cyber Resilience and the Next Financial Crisis

13:00-13:45

What Should CVE Be When It Grows Up?

14:00-14:45

Stealing Browser Cookies: Bypassing the newest Chrome security measures

15:00-15:45

The Protocol Behind the Curtain: What MCP Really Exposes

17:00-17:45

Inside the Open-Source Kill Chain: How LLMs Helped Catch Lazarus and Stop a Crypto Backdoor

18:00-18:45

Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling

10:00-10:45

The Unbearable Weight of Commercial Licensing. Combining Closed Systems with Open Source Defense

11:00-11:20

Rewriting the Playbook: Smarter Vulnerability Management with EPSSv3, CVSSv4, SSVC & VEX Frameworks

14:00-14:20

Thwarting Key Extraction and Supply Chain attacks by Detonating GPUs

14:30-14:50

The Art of Concealment: CVE's Challenge with Transparency

15:00-15:45

So... You want to build your own hacking device...

17:00-17:45

Dungeons & Dragons: The security tool you didn’t know you needed

18:00-18:20

Keeping Our History Alive: The Hacker’s Guide to Sticker Preservation

18:30-18:50

The Not So Boring Threat Model of CSP-Managed NHI’s

10:00-10:45

Thinking Outside the SOC: Structured Analytics for the Overloaded Cyber Analyst

11:00-11:20

Securing Frontends at Scale: Paving our Way to the Post-XSS World

14:00-14:20

XSS is dead - Browser Security Features that Eliminate Bug Classes

14:30-14:50

Infiltrating Like a Ninja: Unveiling Detection Gaps in Physical Security Across Japan and the U.S

15:00-15:45

Vibe Check: The dark side of vibe coding

17:00-17:45

We Fight for the User's... Session

18:00-18:45

A Cheat Code for Security Programs

10:00-10:45

Mental Models to Anticipate the Next Stages of the AI and Cybersecurity Revolution

11:00-11:20

Advancing Network Threat Detection Through Standardized Feature Extraction and Dynamic Ensemble Learning

14:00-14:45

Increasing Complexity and Frequency of Cyber Events: Trends, Costs, and Risk Mitigation Strategies

15:00-15:45

RAG Against the Machine: Using Retrieval-Augmented Generation and MCP to Fortify Cybersecurity Defenses

17:00-17:45

Predicting the Lifespans of Internet Services: Falling down the ML Rabbit Hole, and What We Learned From The Thud

18:00-18:45

Indexing the Chaos: Extract PII from Ransomware Leaks

10:00-10:45

Interview Like a Legend: No Slides, Just Vibes

13:00-13:45

Beyond the Command Line: Transitioning from Individual Contributor to Leader

13:00-14:00

Hire Ground Resume Reviews, Tuesday Lunch Break

14:00-14:45

Your Interview Game is Weak: Gamifying Technical Interviews through Role-Playing

15:00-15:45

Root To CISO or not?

16:00-16:50

Hire Ground Resume Reviews, Tuesday Evening

16:00-16:25

The World Famous Hire Ground Panel, Tuesday Edition

17:00-18:50

Hire Ground Mixer, Tuesday

10:00-11:00

Power Play: AI Dominance Depends on Energy Resilience

11:00-11:30

Ransomware As Canary For Societal Disruption

14:00-16:00

Emergency & Urgent Care Remains in Critical Condition

17:00-18:00

Hackers Kinda Like to Eat

18:20-19:20

End of Life (EOL) Equipment should not mean End of Life (Your Life)

10:00-10:20

Reversing F5 Service Password Encryption

10:30-10:50

Phish-Back: How to turn the problem into a solution.

11:00-11:20

Lessons from Black Swan Events and Building Anti-Fragile Cybersecurity Systems

14:00-14:45

Taking down the power grid!

15:00-15:45

What to Tell Your Developers About NHI Secrets Security and Governance

17:00-17:45

Cracking 936 Million Passwords

18:00-18:45

Cracking Hidden Identities: Understanding the Threat Surface of Hidden Identities and Protecting them Against Password Exposure

10:00-10:25

Harnessing AI and Post-Quantum Cryptography for Cybersecurity in the Quantum Era

10:30-10:55

Desktop Applications: Yes, We Still Exist in the Era of AI!!!

11:00-11:25

Security Theater, Now Playing: When Security Is a Sideshow Instead of a Strategy

14:00-14:25

Shorts Begone: Modding YouTube on iOS (without jailbreaking)

14:30-14:55

Unawakened Wakeup: A Novel PHP Object Injection Technique to Bypass __wakeup()

15:00-15:25

Boost Your Career: Get Practical InfoSec Experience in Your Community!

15:30-15:55

Let's Go Shopping: Third-Party Vendors and CyberRisk

17:30-17:55

Malicious Packages - they're gonna get ya!

18:00-18:25

Take all my money – penetrating ATMs

18:30-18:55

Broke but Breached: Secret Scanning at Scale on a Student Budget

Reservations via Eventbrite are required.

10:30-14:30

Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, AM

10:30-14:30

AI Governance in Action: Fundamentals & Tabletop Workshop

10:30-14:30

Engineering Cyber Resilience for the Water Sector

10:30-14:30

Gremlin Hunting with SIGMA rules

10:30-14:30

From Zero Trust to Trusted Advisor: Selling Security to Stakeholders

10:30-14:30

LLM Mayhem: Hands-On Red Teaming for LLM Applications

15:00-19:00

Hands on DuckyScript: Introduction to HID Attacks with O.MG Devices

15:00-19:00

Active Directory Attacks and Defense 101

15:00-19:00

Wi-Fi-So-Serious

15:00-19:00

Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense

15:00-19:00

Threat and adversary emulation operational exercises

15:00-19:00

Multi-Cloud (AWS, Azure & GCP) Security [25 Edition], Day Two, PM

Tokens required for entry. Don't forget to pick up your Skytalks token in Middle Ground. Click here for more info.

10:00-10:25

HR Hates My Mugs: Evading AI Censorship (Token 07)

10:30-11:15

Sex Work Is Tech Work: What Technologists Should Know From the Sex Industry (Token 07)

14:00-14:20

Mapping the Gaps: How Disconnects in Critical Infrastructure Leave Cities Vulnerable (Token 08)

14:25-14:45

Organizing Cyber: Why We Need More IT & Cybersecurity Unions (Token 08)

15:00-15:45

Ask EFF (Token 09)

16:00-16:45

From Drone Strike to File Recovery, outsmarting a nation state (Token 10)

17:00-17:20

Stopping the Nuclear Apocalypse with Threat Intel (Token 11)

17:25-17:45

Crossing the Border Again with a Burner Phone (Token 11)

18:00-18:45

A glitch in the matrix: HUMINT OSINT and Digital Forensics to identify & remove hostile foreign corporate espionage actors (Token 12)

Code of Conduct & Photo Policy

Security BSides Las Vegas, Inc. is a federally recognized 501(c)(3) since 2012

©2025 Security BSides Las Vegas, Inc.