While most conferences I film are still here only, Twitter's annoyed me one too many times so I created https://t.co/89NPtatRSm Timely, since it seems clear now that the exodus has begun. While I'll still be here, my focus will be on the other app. Please do join us!

🔥 Speaker: Ari Marzouk @Ari_MaccariTA IDEsaster: A Novel Vulnerability Class in AI IDEs Cross-vendor exploit chains (prompt injection + agent actions + IDE features) 20+ vulns disclosed + new CVEs & mitigations. Nov 28–29 · PT/EN · ~500 · https://t.co/yS0ggG4S2d #BSidesPorto

🔥 Speaker: Pedro Falé @zur4t How to Takeover a Botnet: In 5 mins Investigative mindset + abusing malware features → live 5-min takeover. Real case: ToxicPanda (banking malware; ~70% infections in PT). Nov 28–29 PT/EN · ~500 · https://t.co/yS0ggG4S2d #BSidesPorto #Botnet

🧐 Google 4K TV Streamer runs Android 14 on a MediaTek SoC with Pixel-level security (AVB, SELinux, TEE). At #hw_ioNL2025, @tieknimmers will demonstrate a #FaultInjection attack using an EM glitch to escalate from adb shell to root via the #setresuid 👉 https://t.co/JvVUGnp8Gx

It is decided, the final round of #BSidesVienna tickets will be in 7 days from now on Sunday 09.11.2025 at 7 pm. That is 19:00 o'clock Vienna time UTC+1!

I think the answer is fairly simple, if you’re targeting open source projects you should also provide a patch, even if the patch is a bit shit, even if it wouldn’t get merged, just to alleviate the burden

I am actually very empathetic to the devs here, Google has the best security team money can buy, sets them loose on really important, but still hobby, projects and provides no help to actually fix the issues and instead gives them a deadline that they probably can’t meet

I told them biometric systems could be fooled Then I did it live at @BSidesDublin to show what’s coming if we don’t rethink trust in machines as security engineers The era of blind faith in biometrics is over. My fav part 11:00 ongoing what’s yours ? 🚀 https://t.co/GSDwe49U78

Unpacking Real Malware With Their Runtime Protection: Insights From Southeast Asia - Huy Ngo https://t.co/Pxxz5UUabB #OOTB2025BKK @HITBSecConf

Build Your Own SOC - Kristen Huang https://t.co/Sf4sk5Bxbs #OOTB2025BKK @HITBSecConf

Hot Off The Presses: AI Agents As Your Organization's Personal Security Newsroom - Brett Andrews https://t.co/IcHmu8wQa2 #OOTB2025BKK @HITBSecConf

Architecting Security Onion For Enterprise Resilience: A Case Study In Scaling Open-Source SIEM For High-Performance Threat Detection - Piroon Srisawang and Peerapong Thongpubet & Korrawit Chaikangwan https://t.co/GWvZRbRkzb #OOTB2025BKK @HITBSecConf

Agentic ProbLLMs: Exploiting Al Computer-Use And Coding Agents - Johann Rehberger https://t.co/olRG0kDLtJ #OOTB2025BKK @HITBSecConf

The Power Of Powerlogs - Sarah Edwards https://t.co/9g8Ef9Ataw #OOTB2025BKK @HITBSecConf

Ghosts In The Lobby: Covert Entry Stories (And The Lessons That They Teach Us) - Cori Macy https://t.co/AAYXCkaU8o #OOTB2025BKK @HITBSecConf

Why'd You Only Call Me When You're In SMM? Exploiting UEFI SMM Vulnerabilities For Persistent Firmware Implants - Nika Korchok Wakulich https://t.co/95yNKiZhOP #OOTB2025BKK @HITBSecConf

Cloud Edge Phishing: Breaking The Future Of Auth - Carlos Gómez Quintana https://t.co/F8IVwqCy4D #OOTB2025BKK @HITBSecConf

Long Live Short-Lived Certificates! Updates On Public Key Infrastructure - Alexis Hancock https://t.co/1xYZyfcjmb #OOTB2025BKK @HITBSecConf

Today is the day! The last release of #BSidesLDN2025 tickets! No code required, release time 1337hrs today! ONLY available here: https://t.co/lRbIvBBVUz

Revisiting Widevine L3: DRM As A Playground For Hackers - Felipe Custodio Romero https://t.co/N23bdXsDGN #HackLu @hack_lu

Happy Saturday! Videos from #OOTB2025BKK are out on the HITB Youtube channel -