Join us for the 11th
Security BSides CT

Saturday, Sept. 20th, 2025

Sacred Heart University (West Campus)
3135 Easton Turnpike
Fairfield, CT 06825
Tickets On Sale Now!

A conference for the Connecticut information security (infosec) community, run by the Connecticut infosec community!

The Security BSides community began in 2009 so more talented security professionals could share their insights. BSides CT hosts an annual event open to all people interested in cybersecurity from students to professionals.

See security differently
with BSides...

The annual BSides CT event is a place for the community to share ideas and learn with:

  • Insightful discussions: Formal and informal networking and educational opportunities
  • Practical demonstrations: Hands-on activities, like our annual Capture the Flag (CTF) and workshops
  • Interactive sessions: Talks covering latest trends and ongoing events that shape the future of infosec

What's BSides?

Security BSides started in 2009 when some talented speakers couldn't fit into a major conference. So, they decided to make room for them. The goal of a BSides is to break down the typical barriers of conferences, allowing for more speakers, more topics, and more events. Since 2009 every state, and every country has held a Security BSides event, with many states holding more than one per year!

SCHEDULE

Schedule is subject to change.
TRACK 1TRACK 2
08:00 - 16:00
Registration
09:00 - 09:15
Opening Remarks
09:15 - 10:15
Keynote
John Hammond
10:30 - 11:00
How to Make Your Reverse Shell Disappear (via Linux Rootkits)
Asritha Bodepudi
This talk will show how to build an invisible reverse shell with Linux rootkits. Rootkits are post-exploitation implants used to conceal malicious activity from system administrators. Step by step, we’ll demonstrate how to craft a rootkit that hides reverse shell processes and network activity from tools like ps and ss. The same techniques apply to altering any Linux utility. We’ll cover both userspace (e.g. LD_PRELOAD injection) and kernel space approaches (e.g. loadable kernel modules), while also touching on supporting concepts like Linux internals, binary linking and loading, the /proc filesystem, etc.
(Perfect) Cell Games: You Thought It Was Just Surveillance... But This Is My True Power!!
Mike Curnow
Rogue cell towers are usually framed as surveillance tools, but the story does not end with privacy. The cellular arena is wrapped in mysticism that discourages deeper inquiry, yet flaws in 3GPP cell selection reveal a broader danger. Fake base stations can deny or disrupt the connections that critical infrastructure depends on, from power telemetry to traffic coordination and connected vehicles. This talk reframes rogue cells as a cyber-physical threat, showing how design choices rooted in trust and permissiveness open the door to cascading real-world risks that extend well beyond surveillance.
11:30 - 12:00
0xDEAD: Domain Exploitation and Domination
Jon Milkins
Active Directory is still the heart, and soft underbelly, of most corporate networks and compromising it is often faster than getting through HR onboarding. In this talk, we will cover Active Directory pentesting TTPs and walk through attack chains observed during recent real-world penetration tests showing how attackers go from zero to domain overload with surprising speed. No zero day exploits, no new or novel techniques, just application of techniques in a semi-efficient process and data from reconnaissance. It's that simple.
How EDRs See Everything (Until They Don’t)
Jacob Kalat
This presentation offers a deep dive into the instrumentation points that Windows provides to Endpoint Detection and Response (EDR) products. We'll explore how EDR solutions collect the telemetry, and examine the impact when attackers disable these critical data sources. Key topics include AMSI, user-mode hooks, ETW, and the role of kernel drivers in telemetry collection. We'll also examine how EDRs implement key features like network containment using the Windows Filtering Platform (WFP). You'll gain a clearer understanding of the mechanisms behind EDR visibility and functionality, and the implications of their compromise.
12:15 - 13:15
Lunch
TRACK 1TRACK 2
13:30 - 14:00
AppLocker vs. Banking Trojans (A multi-year case study)
Dr. Robert Riskin
This presentation showcases a multi-year study (2021–2024) that evaluated the effectiveness of Microsoft Windows’ AppLocker, a native/built-in application control technology, against banking trojans. Using over 3,000 samples across 17 file types from various trojan families (including Emotet, Gozi, and Trickbot), this research compared a baseline system, a default AppLocker ruleset, and a tuned ruleset. This session will provide technical AppLocker details, providing attendees with take-home knowledge on how to further protect Windows environments. Additionally, an unpatched bug in a component of AppLocker will also be discussed.
Beyond Base-64: When Your Data Gets Emojional
TBA
TBA
14:30 - 15:00
AI-Powered Spear Phishing: Precision Attacks at Machine Speed
Kyle Ryan
Spear phishing has always been one of the most effective attack vectors, but AI has erased its traditional limits. With generative AI, attackers now launch hyper-personalized campaigns at machine speed and massive scale. This talk traces the evolution from 'spray-and-pray' phishing to precision AI-driven operations, profiling groups like Scattered Spider, APT42, and MuddyWater. We will examine the attacker infrastructure behind these campaigns, from cloud platforms to botnets, and show how defenders can fight back by replicating attacker playbooks, scoring user risk, and personalizing remediation to each user’s point of exposure.
How to fight DDoS attacks from the command line
Michael McMahon
The modern Internet is a hostile environment to run a website or service in 2025 full of aggressive scrapers, vulnerability scanners, and CI/CD services. Many sites have chosen to keep their sites running by hiding behind Cloudflare and other shields. Some of our sites have been under attack for more than a year now and I will share several tools and techniques that I use as a system administrator at the Free Software Foundation to keep the sites up. I will share some of the tools that I use including monitoring tools, analysis tools such as custom bash scripts to analyze logs and local ASN look-ups, automated protection, and firewall tools.
15:30 - 16:00
Prompt Panic: Weaponizing Attacks against Large Language Models
Wardell Scott Motley
As Large Language Models (LLMs) become embedded in business workflows, customer support, and decision-making systems, their attack surface expands dramatically. This session exposes the growing field of LLM security—where AI meets adversarial intent. Attendees will gain insight into real-world attack scenarios including prompt injection, adversarial inputs, training data poisoning, and sensitive data leakage.. If you're deploying or evaluating LLMs, this session will arm you with the knowledge to protect them.
The Next Generation of Web Exploits: From cache poisoning to multi-layer fingerprinting, why complexity itself is the vulnerability
Steve Sprecher
Web infrastructure is growing in complexity, with nearly every web request traversing a chain of systems. This interconnectedness has given rise to a new breed of attacks that target the entire system rather than a single component. Recent high-profile “desync” vulnerabilities are a clear example of this emerging threat. This session aims to make these complex, multi-stage attacks, easier to understand through real-world examples from our academic research and bug bounty findings. As attackers begin to leverage AI to discover these vulnerabilities at scale, understanding this new generation of security threats is more critical than ever.
16:30 - 17:00
Using OSINT to Build Pretexts
Patrick Laverty
You could just wing it and pick a seemingly reliable pretext. 'Just be the food delivery guy!' Maybe it'll work. But if we use some Open Source Intelligence (OSINT), we'll have a higher likelihood of success. Patrick will take us through some of his social engineering jobs and how the pretext was chosen, the OSINT that was found, and how well it worked (or didn't work). Plus, there will be fun stories along the way.
Catching the Catchers: Open Source Stingray Detection in the Wild
Michael Raymond
Cell-site simulators (Stingrays) impersonate legitimate cell towers to track devices, harvest IMSIs, and sometimes intercept communications. Yet little is known about where and how they’re deployed. Rayhunter, developed by the Electronic Frontier Foundation, is an open-source tool that detects these rogue towers. This talk explores how Rayhunter works, what it reveals in the field, and how hackers, researchers, and privacy advocates can use it to shed light on one of the most secretive surveillance technologies in existence.
17:30 - 18:00
Closing Remarks
08:00 - 16:00
Registration
09:00 - 09:15
Opening Remarks
09:15 - 10:15
Keynote
John Hammond
10:30 - 11:00
How to Make Your Reverse Shell Disappear (via Linux Rootkits)
Asritha Bodepudi
This talk will show how to build an invisible reverse shell with Linux rootkits. Rootkits are post-exploitation implants used to conceal malicious activity from system administrators. Step by step, we’ll demonstrate how to craft a rootkit that hides reverse shell processes and network activity from tools like ps and ss. The same techniques apply to altering any Linux utility. We’ll cover both userspace (e.g. LD_PRELOAD injection) and kernel space approaches (e.g. loadable kernel modules), while also touching on supporting concepts like Linux internals, binary linking and loading, the /proc filesystem, etc.
(Perfect) Cell Games: You Thought It Was Just Surveillance... But This Is My True Power!!
Mike Curnow
Rogue cell towers are usually framed as surveillance tools, but the story does not end with privacy. The cellular arena is wrapped in mysticism that discourages deeper inquiry, yet flaws in 3GPP cell selection reveal a broader danger. Fake base stations can deny or disrupt the connections that critical infrastructure depends on, from power telemetry to traffic coordination and connected vehicles. This talk reframes rogue cells as a cyber-physical threat, showing how design choices rooted in trust and permissiveness open the door to cascading real-world risks that extend well beyond surveillance.
11:30 - 12:00
0xDEAD: Domain Exploitation and Domination
Jon Milkins
Active Directory is still the heart, and soft underbelly, of most corporate networks and compromising it is often faster than getting through HR onboarding. In this talk, we will cover Active Directory pentesting TTPs and walk through attack chains observed during recent real-world penetration tests showing how attackers go from zero to domain overload with surprising speed. No zero day exploits, no new or novel techniques, just application of techniques in a semi-efficient process and data from reconnaissance. It's that simple.
How EDRs See Everything (Until They Don’t)
Jacob Kalat
This presentation offers a deep dive into the instrumentation points that Windows provides to Endpoint Detection and Response (EDR) products. We'll explore how EDR solutions collect the telemetry, and examine the impact when attackers disable these critical data sources. Key topics include AMSI, user-mode hooks, ETW, and the role of kernel drivers in telemetry collection. We'll also examine how EDRs implement key features like network containment using the Windows Filtering Platform (WFP). You'll gain a clearer understanding of the mechanisms behind EDR visibility and functionality, and the implications of their compromise.
12:15 - 13:15
Lunch
13:30 - 14:00
AppLocker vs. Banking Trojans (A multi-year case study)
Dr. Robert Riskin
This presentation showcases a multi-year study (2021–2024) that evaluated the effectiveness of Microsoft Windows’ AppLocker, a native/built-in application control technology, against banking trojans. Using over 3,000 samples across 17 file types from various trojan families (including Emotet, Gozi, and Trickbot), this research compared a baseline system, a default AppLocker ruleset, and a tuned ruleset. This session will provide technical AppLocker details, providing attendees with take-home knowledge on how to further protect Windows environments. Additionally, an unpatched bug in a component of AppLocker will also be discussed.
Beyond Base-64: When Your Data Gets Emojional
TBA
TBA
14:30 - 15:00
AI-Powered Spear Phishing: Precision Attacks at Machine Speed
Kyle Ryan
Spear phishing has always been one of the most effective attack vectors, but AI has erased its traditional limits. With generative AI, attackers now launch hyper-personalized campaigns at machine speed and massive scale. This talk traces the evolution from 'spray-and-pray' phishing to precision AI-driven operations, profiling groups like Scattered Spider, APT42, and MuddyWater. We will examine the attacker infrastructure behind these campaigns, from cloud platforms to botnets, and show how defenders can fight back by replicating attacker playbooks, scoring user risk, and personalizing remediation to each user’s point of exposure.
How to fight DDoS attacks from the command line
Michael McMahon
The modern Internet is a hostile environment to run a website or service in 2025 full of aggressive scrapers, vulnerability scanners, and CI/CD services. Many sites have chosen to keep their sites running by hiding behind Cloudflare and other shields. Some of our sites have been under attack for more than a year now and I will share several tools and techniques that I use as a system administrator at the Free Software Foundation to keep the sites up. I will share some of the tools that I use including monitoring tools, analysis tools such as custom bash scripts to analyze logs and local ASN look-ups, automated protection, and firewall tools.
15:30 - 16:00
Prompt Panic: Weaponizing Attacks against Large Language Models
Wardell Scott Motley
As Large Language Models (LLMs) become embedded in business workflows, customer support, and decision-making systems, their attack surface expands dramatically. This session exposes the growing field of LLM security—where AI meets adversarial intent. Attendees will gain insight into real-world attack scenarios including prompt injection, adversarial inputs, training data poisoning, and sensitive data leakage.. If you're deploying or evaluating LLMs, this session will arm you with the knowledge to protect them.
The Next Generation of Web Exploits: From cache poisoning to multi-layer fingerprinting, why complexity itself is the vulnerability
Steve Sprecher
Web infrastructure is growing in complexity, with nearly every web request traversing a chain of systems. This interconnectedness has given rise to a new breed of attacks that target the entire system rather than a single component. Recent high-profile “desync” vulnerabilities are a clear example of this emerging threat. This session aims to make these complex, multi-stage attacks, easier to understand through real-world examples from our academic research and bug bounty findings. As attackers begin to leverage AI to discover these vulnerabilities at scale, understanding this new generation of security threats is more critical than ever.
16:30 - 17:00
Using OSINT to Build Pretexts
Patrick Laverty
You could just wing it and pick a seemingly reliable pretext. 'Just be the food delivery guy!' Maybe it'll work. But if we use some Open Source Intelligence (OSINT), we'll have a higher likelihood of success. Patrick will take us through some of his social engineering jobs and how the pretext was chosen, the OSINT that was found, and how well it worked (or didn't work). Plus, there will be fun stories along the way.
Catching the Catchers: Open Source Stingray Detection in the Wild
Michael Raymond
Cell-site simulators (Stingrays) impersonate legitimate cell towers to track devices, harvest IMSIs, and sometimes intercept communications. Yet little is known about where and how they’re deployed. Rayhunter, developed by the Electronic Frontier Foundation, is an open-source tool that detects these rogue towers. This talk explores how Rayhunter works, what it reveals in the field, and how hackers, researchers, and privacy advocates can use it to shed light on one of the most secretive surveillance technologies in existence.
17:30 - 18:00
Closing Remarks

SPONSORS

Sponsor us!

Organizations should sponsor BSides CT 2025 to engage directly with cybersecurity professionals and decision-makers in an intimate, community-driven setting!

This sponsorship offers a unique opportunity to enhance brand visibility, establish thought leadership, and showcase products and services to a diverse audience of security experts, practitioners, and students.

By supporting this grassroots event, companies demonstrate their commitment to advancing the field and nurturing local talent, while also staying at the forefront of emerging trends in the rapidly evolving cybersecurity landscape.

Click Here to Become a Sponsor

Who We Are

BSides Connecticut started in 2011 with an all-volunteer crew. As more people learn about us, we've grown ever larger in size and scope. BSides events are about sharing and learning from each other. They're a platform for security experts and professionals to share ideas and make lasting connections. Each BSides event, including ours, is driven by the community. The idea is to take the conversation beyond the usual conference setting and encourage collaboration. It's a chance for participants to share their knowledge and learn from each other.

Newsletter



Sign up and be among the first to know when news about next year's show drops!


Security BSides is a community-led initiative where information security enthusiasts come together to learn, share, and connect. Our events are designed for everyone, whether you're presenting or just participating. We cultivate an environment that sparks collaboration and insightful conversations. Our intense, engaging experiences break the mold of typical meetings with hands-on demos and deep discussions. Here, you'll find cutting-edge talks about what's next in our industry.

Contact

Code of Conduct Accessibility BSides.org
𝝿