The Allure of Go’s Cross-Platform Capability: A Gateway for Threat Actors to Mac and Linux Anmol Maurya, Staff Malware Reverse Engineer at Palo Alto Networks, examines how threat actors use Go to target Mac and Linux systems and what makes detection and analysis so challenging. #BSidesNYC

Contribute to Learn: Building DFIR Expertise Through Open Source Christopher Eng, Independent Digital Forensic Researcher and CIO, shares how contributing to open-source DFIR tools like KAPE and Velociraptor can accelerate hands-on learning and community growth. #BSidesNYC

Inside Ransomware: Facts and Findings from the BlackBasta and LockBit Leaks Cory Wolff, Director of Offensive Security at risk3sixty, breaks down leaked data from major ransomware groups to reveal how affiliates collaborate, develop payloads, and profit. #BSidesNYC

Interactive Networking Fingerprinting Walkthrough Vlad Iliushin, Cybersecurity Expert at ELLIO and President of AMTSO, leads a hands-on workshop on modern passive fingerprinting techniques like JA3, JA4, p0f, and MuonFP. #BSidesNYC

Rebooting the Cyber Arsenal of Democracy Eric Foster, CEO of TENEX.ai, shares hard-earned lessons from building and exiting multiple security companies and what it takes to launch and scale a cybersecurity startup in 2025. #BSidesNYC

P0LR Espresso: Pulling Shots of Cloud Live Response & Advanced Analysis Art Ukshini, Threat Researcher at Permiso Security, presents P0LR Espresso, a tool built to cut through noisy cloud logs, detect threats in real time, and speed up incident response. #BSidesNYC

The Log Rings Don’t Lie: Historical Enumeration in Plain Sight Bleon Proko, Security Engineer, shows how attackers can use logs to perform enumeration, run C2 channels, and exfiltrate data through cloud infrastructure. #BSidesNYC

The History of Malware: From Floppies to Droppers Eliad Kimhy, Senior Security Researcher at Acronis, traces the evolution of malware from its early floppy disk days to modern ransomware, showing what has changed and what has stayed the same. #BSidesNYC

Atomic Red Team 101 Gerard Johansen from Red Canary and Ryan Lanciali lead a hands-on workshop on using Atomic Red Team to emulate threats, validate defenses, and strengthen detection and response. #BSidesNYC

When the Shadow Crosses Over Ilya Yatsenko, Offensive Security Engineer and OSCE3, explores Remote Desktop shadowing in Windows and how the same techniques can now be used from Linux and macOS systems. #BSidesNYC

Trust at Scale: Lessons Learned from a Decade of Engineering for Identity Frédéric Rivain, CTO at Dashlane, shares lessons from building secure-by-design systems and scaling trust across millions of users in the evolving world of identity security. #BSidesNYC

Living off the (land)cloud: Scattered Spider and the Cloud Control Plane Shivakumar Buruganahalli, Senior Director of Customer Engineering at Acalvio, breaks down how Scattered Spider exploits cloud identities and IAM to move laterally and evade detection. #BSidesNYC

Using Volatility 3 to Detect Sophisticated Malware Andrew Case, Director of Research at Volexity, shows how new features and plugins in Volatility 3 help detect modern ransomware and APT techniques that evade traditional defenses. #BSidesNYC

Mastering OWASP Amass v5.0 Jeff Foley, Project Leader at the OWASP Foundation, leads a hands-on workshop on the new graph-powered capabilities in Amass v5.0 for next-level asset discovery and reconnaissance. #BSidesNYC

Essential Marketing for Cyber Founders Gianna Whitver, Co-Founder and CEO of the Cybersecurity Marketing Society, shares how founders can stretch their budgets and market smarter at every stage of their startup journey. #BSidesNYC

Understanding Python Bytecode Rocky Bernstein, Chief Mad Scientist Emeritus, leads a hands-on workshop on disassembling, assembling, and decompiling Python bytecode using tools like xdis, xasm, and uncompyle6. #BSidesNYC

The Human-AI Handshake: A Framework to Build Trust and Unlock Innovation in Modern Security Ops Michael August Raggi, Principal Threat Response Specialist at Crowdstrike, shares how AI can build trust, boost efficiency, and spark innovation in security operations. #BSidesNYC

Spycraft 2.0: Hunting Dead Drops in Web Applications Jonathan Fuller, CISO and Academy Professor at West Point, explains how attackers hide command and control servers inside public web apps and how defenders can uncover these digital dead drops. #BSidesNYC

Inboxfuscation: Out-of-the-Box Mailbox Obfuscation Andi Ahmeti, Threat Researcher at Permiso Security, shares new findings on unseen obfuscation techniques in Exchange mailboxes that turn Business Email Compromise into business email chaos. #BSidesNYC

What It’s Like Being the Only Security Startup in Your YC Batch SubImage Co-founders Alex Chantavy and Kunaal Sikka share what it was like building a cybersecurity startup in Y Combinator’s Winter 2025 batch surrounded by AI ventures. #BSidesNYC

Syndicate: The Life of a Ransomware Affiliate Tammy Harper from Flare breaks down the world of ransomware-as-a-service, showing how affiliates evolve from small-time operators to full syndicates and what keeps these underground groups running. #BSidesNYC

From Interview Questions to Cluster Damage: Adventures in k8s Cluster Hacking, presented by Amit Serper, Lead Security Researcher at CrowdStrike. The talk highlights Kubernetes vulnerabilities found during testing and offers practical ways to secure cluster setups. #BSidesNYC

Detecting and Preventing Obfuscated Script Execution with Tree-sitter, presented by David McDonald, Software Engineer at Volexity. This talk shows how tree-sitter can detect and block obfuscated scripts, strengthening defenses against AMSI bypasses and malware attacks. #BSidesNYC

Down the Drain: Unpacking TON of Crypto Drainers, presented by Elizaveta Mikheeva, Cybersecurity Researcher at Neplox. The talk explores how attackers use wallet impersonation and data manipulation on the TON Network to steal coins and NFTs. #BSidesNYC

At BSidesNYC, Lucas Nelson, Founding Partner at Lytical Ventures, shares an inside look at how cybersecurity investors think. His talk highlights common pitching mistakes founders make and what truly captures a VC’s attention.

Huge thank you to John Jay College for their continued support and for hosting BSidesNYC again this year. Always a great space for the community to come together.

Great start to the day with John Hammond’s keynote at BSidesNYC 0x05 #BSidesNYC

Kicking of BSidesNYC 0x05 with opening remarks from Huxley Barbee.

BSidesNYC welcomes @semgrep.com as a megabit sponsor for our Oct 18, 2025, conference. bsidesnyc.org Semgrep: All the insights from static analysis. None of the false positives. semgrep.com

BSidesNYC welcomes Cotool as a kilobit sponsor for our Oct 18, 2025, conference. bsidesnyc.org Cotool works alongside security engineers during alert triage & investigation, reducing time spent by up to 90%. cotool.ai

BSidesNYC welcomes Google Cloud as a gigabit sponsor for our Oct 18, 2025, conference. bsidesnyc.org Google Cloud: Build What's Next cloud.google.com

BSidesNYC welcomes iVerify as a kilobit sponsor for our Oct 18, 2025, conference. bsidesnyc.org iVerify protects every phone in the workplace from the actual threats they face. iverify.io

BSidesNYC welcomes Armis as megabit sponsor for our Oct 18, 2025, conference. bsidesnyc.org Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization’s cyber risk exposure in real time. www.armis.com

BSidesNYC welcomes BugCrowd as a kilobit sponsor for our Oct 18, 2025, conference. bsidesnyc.org With BugCrowd, find and fix hidden vulnerabilities faster by accessing the world’s best hackers and pentesters. www.bugcrowd.com

BSidesNYC welcomes DataBee as a Megabit sponsor for our event on Oct 18. bsidesnyc.org DataBee, a Comcast company, that connects and contextualizes enterprise data for proactive compliance and risk management.” www.databee.ai

BSidesNYC welcomes Exaforce as a gigabit sponsor for our Oct 18, 2025, conference. bsidesnyc.org Exaforce agentic AI empowers the entire SOC lifecycle, across detection, triage, investigation and response. Available as SaaS or MDR. www.exaforce.com

BSidesNYC welcomes Jane Street as a kilobit sponsor for our Oct 18, 2025, conference. bsidesnyc.org Jane Street is a research-driven trading firm where curious people work together on deep problems. www.janestreet.com

Prep for @bsidesnyc.org 0x05 is in full swing. Many thanks to Code Red Partners, DataBee, Gecko, Heeler, iVerify, Jane Street, StrongDM, and Tracebit for contributing swag.

BSidesNYC welcomes Tuskira as a gigabit sponsor for our Oct 18, 2025, conference. bsidesnyc.org Tuskira unifies your security stack and simulates attacks in a live digital twin to cut 95% of alert noise. www.tuskira.ai

BSidesNYC welcomes Dashlane as a Megabit sponsor for our event on Oct 18. bsidesnyc.org Go beyond password management. Turn password risks into proactive security with Dashlane. www.dashlane.com

BSidesNYC welcomes Nullify as a Megabit sponsor for our event on Oct 18. bsidesnyc.org Nullify is the first complete AI Agent platform that augments security teams to automate their entire AppSec program, end-to-end. www.nullify.ai

BSidesNYC welcomes SixMap as a Megabit sponsor for our event on Oct 18. bsidesnyc.org SixMap provides autonomous, accurate, and always relevant—exposure data you can trust for faster, more effective decision-making. www.sixmap.io

BSidesNYC welcomes Heeler as a Megabit sponsor for our event on Oct 18. bsidesnyc.org Heeler automates the open source security grind—research, triage, and remediation—so developers can focus on product and AppSec gets real fixes. www.heeler.com

Come volunteer at @bsidesnyc.org on October 18, 2025. Sign up: forms.gle/QhtstsGV9wPB...

Learn by doing. Join the Pros Vs Joes CTF at @bsidesnyc.org on October 18. Apply with the links below: Call for Joes: forms.gle/N2FVjC7EBedU... Call for Pros: forms.gle/JxSSipN8AdeS...

BSidesNYC welcomes Socket as a Megabit sponsor for our event on Oct 18. bsidesnyc.org Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies. socket.dev

@bsidesnyc.org 0x05 tickets are now on sale: bsidesnyc.org/registration/

Try your hand at an offensive/defensive CTF on October 18, 2025, at @BSidesNYC . Apply here for Pros V Joes. Call for Joes: forms.gle/N2FVjC7EBedU... Call for Pros: forms.gle/JxSSipN8AdeS...

BSidesNYC welcomes StrongDM as a Megabit sponsor for our conference on Oct 18, 2025. bsidesnyc.org StrongDM provides comprehensive privileged access management for servers, databases, Kubernetes, cloud platforms, and more. www.strongdm.com

We are thrilled to announce that @johnhammond.bsky.social will be the keynote speaker at BSidesNYC on October 18, 2025! We look forward to John sharing his insights.