Security BSides Prague 2026: Full Schedule

It is an annual, community-driven information security conference held in Prague. The event provides a platform for cybersecurity professionals, enthusiasts, and researchers to share knowledge, exchange ideas, and discuss the latest trends in the field. It’s a unique opportunity to connect with like-minded individuals, expand professional networks, and stay informed about the ever-evolving cybersecurity landscape.
More info at www.bsidesprg.cz

09:00 CEST

Autonomous Malware Logic: Practical Design and Analysis of Stealth Execution Techniques

Tuesday April 21, 2026 09:00 - 11:30 CEST

Novotel - WR2 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Modern malware increasingly relies on autonomous execution logic rather than immediate payload execution. This workshop demonstrates how they perform inspection and delayed activation to evade dynamic analysis and endpoint protection (practical learning for offensive + defensive security engineers). OverviewAs endpoint detection, sandboxing, and behavioral monitoring mature, malware has...
See More →

Speakers

Kashif Amanat

Offensive Security Engineer

I’m a security practitioner with 9+ years of hands-on experience in offensive security and system-level security analysis. My work focuses on how systems behave in practice — from Windows internals and enterprise infrastructure to AI-driven systems and software-defined vehicl... Read More →

Tuesday April 21, 2026 09:00 - 11:30 CEST
Novotel - WR2 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

09:00 CEST

Mad data science for practical C2 detection

Tuesday April 21, 2026 09:00 - 12:00 CEST

Novotel - WR1 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Are you tired of JupyterLab notebooks with single-threaded, unoptimized, PoC code that does not scale in real-world scenarios? Do you have a C2 beaconing problem on your network? Well, look no further! This workshop can fit so much data science for C2 detection! *slaps roof of a pile of code* If you always wanted to know how tools like Flare or RITA work, how to do C2 detection with frequency...
See More →

Speakers

Eva Szilagyi

Consultant, Alzette Information Security

David Szili

Principal consultant, Alzette Information Security

David Szili is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. He has more than ten years of professional experience in various areas like penetration testing, red teaming, security monitoring, security architecture... Read More →

Tuesday April 21, 2026 09:00 - 12:00 CEST
Novotel - WR1 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

12:00 CEST

Lunch Break

Tuesday April 21, 2026 12:00 - 13:00 CEST

Novotel Praha Wenceslas Square @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

DescriptionEnjoy the Lunch Break as an opportunity to step out, recharge, and grab something good to eat at one of the many nearby restaurants and cafés. Please note that lunch is not provided by the conference, so we encourage you to explore the local options around the venue. You can find a curated list of recommended restaurants in your attendee booklet, making it easy to choose a spot that...
See More →

Tuesday April 21, 2026 12:00 - 13:00 CEST
Novotel Praha Wenceslas Square Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Networking

12:00 CEST

BloodHound Basics Workshop

Tuesday April 21, 2026 12:00 - 18:00 CEST

Novotel - WR2 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

BECOME A BLOODHOUND OPERATORYou hear some of the Red teamers talk about Attack Paths, OpenGraph, and Cypher queries but you are not sure what it’s all about? No worries, we’ve got you covered. We’ll take you from new BloodHound user to power-level-over-9000-BloodHound-Ninja. During this workshop, we start from the basics and guide you from setup all the way to becoming a capable, hands-on...
See More →

Speakers

Martin Sohn Christensen

SpecterOps

I am a Security Researcher at SpecterOps, specializing in Microsoft technologies with expertise in Active Directory, identity attack paths, and secure system configuration. I bring a well-rounded perspective on security risks and challenges stemming from a background in system administration... Read More →

Joey Dreijer

Hugo van den Toorn

SpecterOps

Hugo is former Chief Information Security Officer and has now transitioned back to help other organizations understand adversary tradecraft. With over twelve years of experience in the Information Security industry, he has a solid technical and executive background as hands-on security... Read More →

Tuesday April 21, 2026 12:00 - 18:00 CEST
Novotel - WR2 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

13:00 CEST

Payload Obfuscation for Red Teams

Tuesday April 21, 2026 13:00 - 17:00 CEST

Novotel - WR1 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

In this hands-on workshop you will learn how to obfuscate your payloads with a custom VM. This will help to evade signature detections and make reverse engineering more difficult. Participants will walk away with new tooling they can try out in the field right away! In this workshop we will leverage the RISC-V architecture and the LLVM ecosystem to build a simple obfuscation pipeline. The VM...
See More →

Speakers

Duncan Ogilvie

Reverse Engineer

Reverse engineer, creator of x64dbg and other open source projects. Love binary analysis and Windows internals.

Tuesday April 21, 2026 13:00 - 17:00 CEST
Novotel - WR1 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

09:00 CEST

Digital Forensics on MacOS - Analyzing current Threats

Wednesday April 22, 2026 09:00 - 12:00 CEST

Novotel - WR1 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

As macOS gains traction in enterprises, so do attacks. This workshop equips participants with the skills to perform effective macOS forensic analysis, uncovering and understanding modern threats to strengthen enterprise defences.The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of...
See More →

Speakers

Evgen Blohm

Incident Responder, InfoGuard AG

Wednesday April 22, 2026 09:00 - 12:00 CEST
Novotel - WR1 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

09:00 CEST

Unveiling the Obscurity: Decrypting Agent-Server Communications

Wednesday April 22, 2026 09:00 - 12:00 CEST

Novotel - WR2 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Decrypting agent–server communications is not a subject that can be easily researched (limited information available). Either you find corner cases debugging a binary or quite simple examples using Burp. This workshop covers them all and opens new topics that might be expanded in the future. DescriptionUsually, as a pentester or a defender, when it comes to agent-server communications, we always...
See More →

Speakers

Jorge Escabias

Security Engineer

I´m Jorge, a pentester at NATO Communications and Information Agency. I´m from Spain, but I live in Belgium. I studied Mathematics but I hold a Master’s in Cybersecurity (a bit random, I know). My professional career has always been tied to pentesting and presenting my researchs... Read More →

Wednesday April 22, 2026 09:00 - 12:00 CEST
Novotel - WR2 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

12:00 CEST

Lunch Break

Wednesday April 22, 2026 12:00 - 13:00 CEST

Novotel Praha Wenceslas Square @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Wednesday April 22, 2026 12:00 - 13:00 CEST
Novotel Praha Wenceslas Square Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

13:00 CEST

Beyond the Web: Exploration of Windows Userland Weaknesses

Wednesday April 22, 2026 13:00 - 17:00 CEST

Novotel - WR1 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Internet is big and scary. Let’s ignore all the remote web apps for a while and stay cozy and warm on our localhost. Attack surface of Windows apps is also interesting!What we’ll look into?OS Interaction Technologies: protocol handlers, COM/DCOM, named pipes, MSRPC, NTLM, handles, …Userland OS Weaknesses: ACLs, MSI, filesystem, TOCTOU, junctions3 practical exercises on premade lab VMs:...
See More →

Speakers

malacupa

red teamer, former pentester, former web dev. 8 years in sec
i like cool vulnerabilities

Wednesday April 22, 2026 13:00 - 17:00 CEST
Novotel - WR1 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

13:00 CEST

Practical Threat Modeling: from vague worries to an actionable backlog

Wednesday April 22, 2026 13:00 - 17:00 CEST

Novotel - WR2 @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

No more drowning in checklists! Change “we should probably be more secure” into an actual, risk-prioritized engineering backlog. In this hands-on workshop you’ll learn to threat model systems using STRIDE + data-flow diagrams. You'll leave with a repeatable approach you can drop into product work. No more drowning in checklists! Change “we should probably be more secure” into an actual,...
See More →

Speakers

Michal Svoboda

Wednesday April 22, 2026 13:00 - 17:00 CEST
Novotel - WR2 Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Workshop

08:00 CEST

Open doors

Thursday April 23, 2026 08:00 - 08:45 CEST

All @ Kateřinská 38, Nové Město, 120 00 Praha-Praha 2, Czechia

Thursday April 23, 2026 08:00 - 08:45 CEST
All

Networking

08:40 CEST

Opening talk

Thursday April 23, 2026 08:40 - 09:00 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Martin Hron will open BSides Prague 2026 with a short welcome session that sets the tone for the entire conference, introduces the spirit and community values of BSides, and provides essential information for all attendees. The talk will cover key organizational details about the venue, agenda, tracks, partners, and practical logistics, along with important reminders about the Code of Conduct and...
See More →

Speakers

Martin Hron

Staff Offensive Researcher, BSides Czech z.s. / SentinelOne

Thursday April 23, 2026 08:40 - 09:00 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

09:00 CEST

Keynote: Do Not Build the Torment Nexus

Thursday April 23, 2026 09:00 - 09:45 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Speakers

Eva Galperin

Director of Cybersecurity, Electronic Frontier Foundation

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state... Read More →

Thursday April 23, 2026 09:00 - 09:45 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

09:45 CEST

Coffee Break

Thursday April 23, 2026 09:45 - 10:10 CEST

All @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Take a well-deserved pause during our Coffee Break — a perfect moment to stretch your legs, grab a fresh cup of coffee or a quick snack, and recharge before the next round of talks. Use this time to move to your selected session, explore partner booths, or catch up with familiar faces you haven’t seen since the last event. Whether you’re continuing a deep technical debate or just enjoying a...
See More →

Thursday April 23, 2026 09:45 - 10:10 CEST
All

Networking

10:10 CEST

Adventures in Router Firmware Through Dynamic Taint Analysis

Thursday April 23, 2026 10:10 - 10:35 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

While the security industry is captivated by AI/ML advancements, the fundamentals of VR remain as critical as ever. This presentation returns to these essentials, demonstrating advanced techniques for discovering firmware vulnerabilities, the most prevalent security flaw in router firmware.

Speakers

Ravshan Rikhsiev

Researcher, ONESEC

I am currently a Cybersecurity Researcher at ONESEC, dedicated to uncovering new challenges and pushing the boundaries of cybersecurity. With over three years of hands-on experience in the field, I have developed a deep passion for binary exploitation, vulnerability research, firmware... Read More →

Thursday April 23, 2026 10:10 - 10:35 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

10:10 CEST

From Prompt to Pwn: Abusing Browser Small Language Models

Thursday April 23, 2026 10:10 - 10:55 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

The Chrome browser's new Prompt API opens up the next frontier of AI exploitation: for the first time, a local AI model is embedded directly into the browser’s runtime environment. This presentation shows how browsers can be turned into high-value AI exploitation platforms, and what to do about it.

Speakers

Eyal Arazi

LayerX Security

Eyal Arazi is Director of Strategy at LayerX Security. He has over 15 years of offensive and defensive cybersecurity experience, on both the application and network layers. He has also written and spoken on topics of cybersecurity extensively.

Thursday April 23, 2026 10:10 - 10:55 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

10:40 CEST

JA3/JA4+ hashes: A "Secret" Fingerprint Identifying Bots and Scrapers

Thursday April 23, 2026 10:40 - 11:05 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

The internet is full of bots and some aren't nice (DDoS, scraping, exploits, AI..). To block bots, we must identify them in the traffic. That's hard as some pretend to be human/browsers! Let's explore JA3 (and their successor JA4+) hashes - a lesser-known method based on the client TLS capabilities.

Speakers

Miloslav Homer

Lead Application Security Architect, Sandoz

I am a defender, a hacker, a tinkerer. My focus is on application security, linux (vim FTW), and python. Coming from a cryptography background, I managed to up my tech skills, practiced pentesting, and completed OSCP. I switched to the protective side, currently working in security... Read More →

Thursday April 23, 2026 10:40 - 11:05 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:00 CEST

Building Deception at Scale: Automating Honeypots with Autonomous AI Agents

Thursday April 23, 2026 11:00 - 11:45 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

What if honeypots could deploy, adapt, and learn on their own? See how autonomous AI agents build realistic deception environments targeting vibe-coded and AI-built apps, interact with real attackers, and uncover exploitation patterns-without constant human tuning.

Speakers

Yotam Perkal

Director, Security Research, Pluto Security

Gil Maman

CO-Founder & CTO, Pluto Security

Gil Maman is the Co-Founder and CTO of Pluto Security.

Prior to founding Pluto, Gil spent more than six years in Israeli Military Intelligence, where he held multiple technical leadership roles spanning advanced cyber R&D, operational security engineering, and leading multidiscipl... Read More →

Thursday April 23, 2026 11:00 - 11:45 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:10 CEST

Malware Evasion - Packers, Loaders, and Why Your EDR Misses Them

Thursday April 23, 2026 11:10 - 11:35 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Are your Linux security systems truly protecting you? This cutting-edge presentation exposes a critical blind spot in modern cybersecurity: sophisticated Linux malware packers and loaders that are silently evading detection across enterprise environments.

Speakers

Massimo Bertocchi

SIX group AG

Massimo Bertocchi is a cybersecurity professional currently working in the Threat Detection and Hunting team at SIX Group in Zürich, Switzerland. He holds dual master's degrees in Security and Cloud Computing from two European institutions: KTH Royal Institute of Technology in Stockholm... Read More →

Thursday April 23, 2026 11:10 - 11:35 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:40 CEST

Prompt, Pwn, Profit: A $30k Deep Dive into AI Agent Vulnerabilities

Thursday April 23, 2026 11:40 - 12:05 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

I earned over $30,000 by exploiting 25 vulnerabilities in major AI Agents like Claude Code, Google Gemini, and other. This talk reveals the specific techniques— Argument Injection, Regex bypasses, AST limitation and Sandbox escapes—used to turn "safe" coding assistants into weapons for RCE.

Speakers

Vasyl Spachynskyi

I’m a security researcher from Ukraine. Yes—we’re still here, and we’re still doing security research.

I studied cybersecurity and computer science starting in 2010 and hold a Master’s degree in the field. I have nearly 15 years of experience as a software developer, w... Read More →

Thursday April 23, 2026 11:40 - 12:05 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:50 CEST

Hackerdy

Thursday April 23, 2026 11:50 - 12:35 CEST

Lucerna Cinema - Lounge @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Are you ready to test your knowledge in the New Age? The game is what you expect of the ever popular "Jeopardy" but with a hacker twist, hence "Hackerdy". Expect to understand not only the fundamental aspects of cybersecurity and its history, but the growing trends of AI and its impacts. The game will consist of three teams pitted against each other! You'll go through two rounds and then you'll be...
See More →

Speakers

Danny Henderson Jr.

Associate Director, Threat Hunting & Response, Novartis Pharmaceutical

Danny Henderson has over 11 years in the IT field from his time in the U.S. Public Sector to life in the Private Sector. He holds a master's degree in Cyber and Information Security from Capitol Technology University and certifications such as GCIH, GCFA, and CISSP. Danny currently... Read More →

Thursday April 23, 2026 11:50 - 12:35 CEST
Lucerna Cinema - Lounge Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

11:50 CEST

Exploit is in the logic: Reversing an Android application to hack transactions on an NFC tag.

Thursday April 23, 2026 11:50 - 12:35 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

A punk journey in a home-made reversing engineering project to hack an NFC tag for ̶p̶r̶o̶f̶i̶t̶ ̶a̶n̶d̶ ̶f̶u̶n̶ free drinks (and fun, it's always about fun). Reversing a Hermes-encoded Android bundle to understand how an NFC tag (NXP NTAG 21X) works and how to exploit it.

Speakers

Luigi Gubello

Senior Security Engineer

Security Engineer. Sometimes I try to hack stuff. Investigated by the authorities due to an SQL injection, financed by the powers that be, someone said.

Thursday April 23, 2026 11:50 - 12:35 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

12:10 CEST

Harder, Better, Faster, Stronger: Because “FROM ubuntu:latest” Is a Supply-Chain Horror Story

Thursday April 23, 2026 12:10 - 12:25 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Most Docker images are obese, vulnerable, and emotionally unstable. Let’s go Harder, Better, Faster, Stronger—cut the fat, drop root, and make containers so minimal attackers think they’re hallucinating.

Speakers

Vojtech Trcka

Product Security Engineer, Tricentis

I’m Vojtěch, better known as TheSysRat — a cybersecurity maniac in the best sense of the word. I work as a Product Security Engineer at Tricentis, spend my free time on CTFs, and publish detailed write-ups to help others learn. I’m a Linux-first technologist who loves building... Read More →

Thursday April 23, 2026 12:10 - 12:25 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

12:35 CEST

Lunch Break

Thursday April 23, 2026 12:35 - 13:35 CEST

All @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Enjoy the Lunch Break as an opportunity to step out, recharge, and grab something good to eat at one of the many nearby restaurants and cafés. Please note that lunch is not provided by the conference, so we encourage you to explore the local options around the venue. You can find a curated list of recommended restaurants in your attendee booklet, making it easy to choose a spot that fits your...
See More →

Thursday April 23, 2026 12:35 - 13:35 CEST
All

Networking

13:35 CEST

How Infostealers slipped through EDRs - Process Doppleganging by IDAT Loader for over 18 months

Thursday April 23, 2026 13:35 - 14:20 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Infostealers slip through EDR engines by obfuscating code but at later stage of kill chain when they reconstruct their code or inject into a benign process, they start leaving some tips for hunters and our talk covers over 12 tricks unique to IDAT Loader that bypassed over 100 cases.

Speakers

Archana Manoharan

Threat Hunter, Cyberproof

I’m a cybersecurity threat hunter focused on identifying and mitigating advanced threats across enterprise environments. My work revolves around proactive threat hunting, vulnerability analysis, and building detection logic using tools like Microsoft Defender, Sentinel, and other... Read More →

Niranjan Jayanand

CyberProof

Niranjan holds over 18 years experience working with SentinelOne, Microsoft, CyberProof, McAfee, Symantec and HCL Technologies working on malware detection, reverse engineering, developing cleaning utilities etc. He has published his research in multiple blogs, journals and presented... Read More →

Thursday April 23, 2026 13:35 - 14:20 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

13:35 CEST

Inside the Fortress: Attacking RFID Access Control Systems

Thursday April 23, 2026 13:35 - 14:20 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

RFID access control systems have become one of the primary ways in which corporate and residential buildings around the world control physical access. Thus, in this talk, we will address some of the main security issues presented by these systems, from bypass techniques to long-range tag cloning.

Speakers

Marco Sanchez

Security Consultant at Bishop Fox, member of RF Village MX, enthusiast of electronics, hardware hacking, hiking, music, and radio frequencies. Works as a penetration tester testing web applications, APIs, mobile applications, cloud, and networks. Has been a speaker at Ekoparty (Argentina... Read More →

Thursday April 23, 2026 13:35 - 14:20 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

13:35 CEST

Threat Modeling through Play: A Hands-On Elevation of Privilege Game Workshop

Thursday April 23, 2026 13:35 - 14:35 CEST

Lucerna Cinema - Lounge @ Vodičkova 704 /36/110 00, 110 00 Nové Město

In this session, we go back to where systems begin: the whiteboard - where designs take shape and the right question is: what could go wrong? That’s the essence of threat modelling: finding weaknesses before anything is built.In this hands-on workshop, we use the Elevation of Privilege card game, created by Adam Shostack, to turn threat modelling into an engaging, team-based activity. Working in...
See More →

Speakers

Devika Gibbs

Co-founder, CyberSecGames

Co-Founder of CyberSec Games, I help design and deliver serious games to raise awareness, build skills, and inspire better collaboration and conversations about cybersecurity risk.

Simon Gibbs

CyberSecGames

An experienced software engineer and team leader with a variety of experience across content, ecommerce, systems integration and finance. Talk to me about how games can be the easy and reliable way to make complex processes like Thread Modeling actually happen.

Thursday April 23, 2026 13:35 - 14:35 CEST
Lucerna Cinema - Lounge Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

14:25 CEST

Ghost in the Script: Impersonating Google App Script projects for stealthy persistence

Thursday April 23, 2026 14:25 - 15:10 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

This talk will go through how Google Apps Script projects work and how an attacker can utilize the Apps Script projects to persist in a target’s environment. Then, we will look into how these techniques can be detected and prevented, so they will not be able to be maliciously utilized by attackers.

Speakers

Jakub Pavlík

Head of Engineering, Exaforce

Working on Exaforce. It is an early stage startup working on difficult engineering and operations problems faced by security, devops, and SRE teams. We are a group of engineers from Google, Palo Alto Networks, F5 and are backed by some of my favorite VC firms - Mayfield, Khosla Ventures... Read More →

Bleon Proko

Exaforce

Bleon is an Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented in conferences like BlackHat and BSides... Read More →

Thursday April 23, 2026 14:25 - 15:10 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

14:25 CEST

The CSI Hijack: Default Kubernetes Storage Drivers Exploitation

Thursday April 23, 2026 14:25 - 15:10 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

We demonstrate multiple new 0days and insecure defaults in EKS/EKS Auto - AWS kubernetes enabling escalation from Kubernetes access to full AWS account data-plane control + 0day and similar CSI/IAM flaws in AKS and GKE enabling admin-level escalation. We also show control-plane ransomware via CSI.

Speakers

Shaul Ben Hai

Idan Nagar

Karan Bamal

Senior Security Researcher, Offensive Research Team, SentinelOne

Senior Security Researcher @ SentinelOne (Offensive Research Team). Previously @ PingSafe, acquired by SentinelOne for $120M+.

I work on 0-day discovery, EDR/XDR internals, cloud-native attacks (Kubernetes, Azure, AWS), and AI-driven detection research. All hats offensive.

Certs - ... Read More →

Thursday April 23, 2026 14:25 - 15:10 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

14:40 CEST

Building a safe harbor for folks in cyber security

Thursday April 23, 2026 14:40 - 15:00 CEST

Lucerna Cinema - Lounge @ Vodičkova 704 /36/110 00, 110 00 Nové Město

This lightning talk explores workplace well-being in cybersecurity through positive and negative examples. It emphasizes the critical role of mental health for operational teams like SOCs and CSIRTs, while also addressing the pressure CISOs face today. By explaining how to build a "safe harbor" and create an open environment, the talk will demonstrate how such a supportive approach is reciprocated...
See More →

Speakers

Ondrej Nekovar

Thursday April 23, 2026 14:40 - 15:00 CEST
Lucerna Cinema - Lounge Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

15:20 CEST

(Security) Operations fuckups

Thursday April 23, 2026 15:20 - 15:45 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

The most things you learn with failures. That is known wisdom, but it is hard to allow yourself to fail, when you are a newbie in the field, right? This talk is focusing on sharing of the most epical (security) operation fails and WTF moments - not only for laughter, but also to support new talents.

Speakers

Nicol Daňková

Friendly face of cybersecurity, grown and rotted in incident response. Seen a lot, including many weird people and even weirder incidents - including strangest excuses. Trying to de-mistify obscure topics and I openly hate buzzword technologies.

Thursday April 23, 2026 15:20 - 15:45 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

15:20 CEST

Cloud Agent to Physical Access: How Cursor Unlocked My Front Door

Thursday April 23, 2026 15:20 - 15:45 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Cursor cloud agents promise isolation, but new research reveals a cloud→local attack chain. Using Cursor’s client‑server interaction, an attacker can trigger arbitrary URI handlers on the victim's machine with impact ranging from potential RCE to physical impact via smart IoT devices.

Speakers

Roi Nisimi

Orca Security

Roi Nisimi is a Principal Security Researcher at Orca Security with over a decade of experience in vulnerability research and offensive cybersecurity. He honed his skills during six years of service in the Intelligence Corps of the IDF, where he achieved the rank of Lieutenant before... Read More →

Ari Marzuk

Senior Security Researcher, Microsoft

Ari Marzuk (also known as MaccariTA) is a Senior AI Security Researcher at Microsoft with nearly a decade of cybersecurity experience. He previously worked for Salesforce, NSO Group and the Israeli Military Intelligence. In 2025, Ari published "IDEsaster" revealing 25 new CVEs in... Read More →

Thursday April 23, 2026 15:20 - 15:45 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

15:45 CEST

Coffee Break 2

Thursday April 23, 2026 15:45 - 16:10 CEST

All @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Thursday April 23, 2026 15:45 - 16:10 CEST
All

Networking

16:10 CEST

Hackerdy

Thursday April 23, 2026 16:10 - 16:55 CEST

Lucerna Cinema - Lounge @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Speakers

Danny Henderson Jr.

Associate Director, Threat Hunting & Response, Novartis Pharmaceutical

Thursday April 23, 2026 16:10 - 16:55 CEST
Lucerna Cinema - Lounge Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

16:10 CEST

Blind the Kernel: Subverting Integrity Checks via Semantic Asymmetry

Thursday April 23, 2026 16:10 - 16:55 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Kernels trust processes—but they shouldn't. We expose the architectural manipulation of ZwQueryVirtualMemory used by latest malwares. See the "Twin Patch" evasion in action, and learn why modern malware is shattering the foundation of Windows security. Trust is dead.

Speakers

Tejaswini Sandapolla

Sentinelone

Tejaswini Sandapolla is a Senior Malware Detection Researcher at SentinelOne with over seven years of specialized experience in cybersecurity, focusing primarily on reverse engineering. She has made significant contributions to the cyber security community through her in-depth analysis... Read More →

Thursday April 23, 2026 16:10 - 16:55 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

16:10 CEST

Hunting Malicious Domains at Scale with AI-Augmented OSINT

Thursday April 23, 2026 16:10 - 16:55 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Through real-world examples, we'll walk through how AI can be used to surface emerging malicious domain activity, explain attacker intent from sparse signals, and automatically route high-confidence findings into Slack, SIEM, and SOAR workflows without overwhelming analysts.

Speakers

Zohar Buber

Cato Networks

Zohar Buber is a security analyst in Cato Research Labs at Cato Networks. He focuses on network protocol analysis and malicious traffic detection, specializing in threat identification using network-based methods. He previously worked at Radware, where he examined threats in the DDoS... Read More →

Thursday April 23, 2026 16:10 - 16:55 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

17:00 CEST

The Forgotten Fingerprint: OSINT Through DNS TXT Record Analysis

Thursday April 23, 2026 17:00 - 17:25 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

This talk explores a DNS-based OSINT technique that reveals hidden services and tech dependencies through TXT record analysis. Learn how these overlooked records expose valuable insights for offensive and defensive security, and how to integrate this into recon workflows using Nuclei and Amass

Speakers

Rishi C.

Senior Security Researcher, KYND

Rishi is a London-based security researcher with experience in vulnerability research, threat intelligence, and enterprise risk analysis. His work focuses on identifying zero-day vulnerabilities and emerging CVEs, with a particular interest in building detection logic before threats... Read More →

Thursday April 23, 2026 17:00 - 17:25 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

17:00 CEST

Who defends the defenders? EDR killers landscape boom

Thursday April 23, 2026 17:00 - 17:25 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

In 2025, the landscape of EDR killers, tools to evade EDRs, expanded significantly, especially with a tight connection to ransomware. Our talk moves beyond the abused vulnerable drivers and explores where do these tools come from, who uses them and how we can leverage them for research and defense.

Speakers

Radek Jizba

Malware Researcher, ESET

Radek Jizba graduated from the Computer Security program at Czech Technical University (FIT CTU)[NF1] in 2022 and started working at ESET. Since 2023 he has worked as a malware researcher with a focus on crimeware. Among his publications you can find Telekopye: Hunting Mammoths u... Read More →

Tomáš Zvara

ESET

Tomáš Zvara is a malware researcher at ESET, specializing in malware analysis, reverse engineering, and threat intelligence. As part of ESET’s Prague crimeware research team, he focuses on financially motivated threat actors, with a particular emphasis on prominent ransomware... Read More →

Thursday April 23, 2026 17:00 - 17:25 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

17:30 CEST

CLOSING KEYNOTE

Thursday April 23, 2026 17:30 - 18:15 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Speakers

Louis Nyffenegger

Security Engineer and Founder, PentesterLab

is a renowned application security expert and the founder of PentesterLab, a leading platform for hands-on security training. As the primary author of PentesterLab’s labs, Louis has designed practical, real-world exercises that help security professionals and developers master vulnerabilities... Read More →

Thursday April 23, 2026 17:30 - 18:15 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

18:20 CEST

CLOSING DAY#1

Thursday April 23, 2026 18:20 - 18:35 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Martin Hron will close Day 1 of BSides Prague 2026 with a short wrap-up session reflecting on the key moments, insights, and energy that shaped the first day of the conference. The closing talk will highlight important announcements, share practical information for the evening program and networking opportunities, and outline what attendees can look forward to on Day 2. It’s a chance to thank...
See More →

Speakers

Martin Hron

Staff Offensive Researcher, BSides Czech z.s. / SentinelOne

Thursday April 23, 2026 18:20 - 18:35 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

08:00 CEST

OPEN DOORS

Friday April 24, 2026 08:00 - 08:45 CEST

All @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Friday April 24, 2026 08:00 - 08:45 CEST
All

Networking

08:40 CEST

Opening Day 2

Friday April 24, 2026 08:40 - 09:00 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Friday April 24, 2026 08:40 - 09:00 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

09:00 CEST

KEYNOTE

Friday April 24, 2026 09:00 - 09:45 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Speakers

Dmitrijs Trizna

Aisle

15 years of experience in cyber-security (both red & blue teaming). Defended critical energy sector SCADAs, protected Azure backend, created and evaded SIEMs, catched APT campaigns, emulated them, built appsec AI framework finding 0-days.

Talked at BlackHat USA, DefCon AI Village, BlueHat, Nullcon, Troopers, many BSides. Certified: Stanford Online, OSCP, GIAC SANS (GREM, GDAT), etc. Strong scientific background: I have PhD, two (!) MSc degrees, and numerous peer-reviewed publications (ACM, IEEE, CAMLIS). Member of NATO cy... Read More →

Friday April 24, 2026 09:00 - 09:45 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

09:45 CEST

Coffee Break

Friday April 24, 2026 09:45 - 10:10 CEST

All @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Friday April 24, 2026 09:45 - 10:10 CEST
All

Networking

10:10 CEST

Breaching The Perimeter: The Forgotten Attack Vector That Always Works

Friday April 24, 2026 10:10 - 10:55 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Physical security failures still open the door to serious breaches. We show how attackers gain access, exploit trust, and bypass controls using real-world scenarios, including a live server-room door assessment, and provide concrete steps to harden facilities, meet regulations, and reduce risk.

Speakers

Jiří Vaněk

Co-founder, Red Teamers

Jiří Vanek is an security consultant with over 20 years of experience encompassing IT, Management, and Ethical Hacking. He has led Red Team engagements, relishes in physical intrusions, and has first-hand experiences of successful intrusions and successful detections for clients... Read More →

Chris Cowling

Red Teamers

Friday April 24, 2026 10:10 - 10:55 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

10:10 CEST

The Agents of Chaos: AI Driven Malware Generation

Friday April 24, 2026 10:10 - 10:55 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

AI agents are catching wind in offensive security, now it's the time to focus on malware. An agent that is incharge of the malware creation process directly.
From the spark of the idea, comparing different models, prompts, and results, to the challenges we faced, improvements, and actual testing.

Speakers

Arad Donenfeld

Attacks and Exploits Developer, SafeBreach

Arad Donenfeld is an attacks and exploits developer in SafeBreach, and has a background in security research from several roles (including Deep Instinct, where this research was conducted). With his strong foundations of development, security, and operating systems internals, Arad... Read More →

Friday April 24, 2026 10:10 - 10:55 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:00 CEST

Abusing the Ordinary: New COM-Based Windows Attack Vectors

Friday April 24, 2026 11:00 - 11:45 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

This talk explores Windows COM infrastructure from an offensive perspective, presenting COM hunting methodologies and several previously undocumented attack techniques that enable stealthy code execution and sensitive data access through legitimate system components.

Speakers

Marco Balzarin

SentinelOne

I'm a Security Engineer specializing in offensive security research within Windows environment. Over the years, I have worked extensively in red teaming, penetration testing, reverse engineering, and malware analysis and development. During this time, I have supported organizations... Read More →

Friday April 24, 2026 11:00 - 11:45 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:00 CEST

Forked and Owned: Taking Over GitHub Repositories via a single Pull Request

Friday April 24, 2026 11:00 - 11:45 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

GitHub Actions is broken. Attackers can now enjoy an RCE-as-a-service vector that can lead to significant downstream effects. In this talk, you will learn how I managed to compromise the repositories of Google, Microsoft and other Fortune-100 companies, simply by creating a pull request from a fork.

Speakers

Ari Marzuk

Senior Security Researcher, Microsoft

Roi Nisimi

Orca Security

Friday April 24, 2026 11:00 - 11:45 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:50 CEST

Hackerdy

Friday April 24, 2026 11:50 - 12:35 CEST

Lucerna Cinema - Lounge @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Speakers

Danny Henderson Jr.

Associate Director, Threat Hunting & Response, Novartis Pharmaceutical

Friday April 24, 2026 11:50 - 12:35 CEST
Lucerna Cinema - Lounge Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

11:50 CEST

1 Click, 0 Warnings: Hijacking Mic, Camera & GPS via Browser UI Blindspots

Friday April 24, 2026 11:50 - 12:35 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Browsers lie. Permission prompts show your trusted domain while hidden iframes hijack camera, mic, or GPS. This systemic flaw enables surveillance at scale. I’ll demo real exploits, dissect failed defenses, and reveal why even Fortune 500 portals remain vulnerable.

Speakers

Armaan Pathan

Katim LLC

Armaan Pathan is a Senior Security Engineer at KATIM with deep expertise in application security, penetration testing, and bug bounty hunting. Over the past 10+ years, he has uncovered and responsibly disclosed critical vulnerabilities at leading tech organizations including Google... Read More →

Friday April 24, 2026 11:50 - 12:35 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

11:50 CEST

Mad data science for practical C2 detection - the talk

Friday April 24, 2026 11:50 - 12:35 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Are you understaffed and never have enough time for threat hunting? Do you have a C2 beaconing problem on your network? You wish your middle name was automation or machine learning? Well, look no further! This talk can fit so much data science for C2 detection! *slaps roof of PowerPoint slide deck*

Speakers

Eva Szilagyi

Consultant, Alzette Information Security

David Szili

Principal consultant, Alzette Information Security

Friday April 24, 2026 11:50 - 12:35 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

12:35 CEST

Lunch Break

Friday April 24, 2026 12:35 - 13:35 CEST

All @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Friday April 24, 2026 12:35 - 13:35 CEST
All

Networking

13:35 CEST

Beyond classic detections: unlocking the full potential of EDR telemetry

Friday April 24, 2026 13:35 - 14:20 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Your EDR collects far more data than its built-in rules use. We'll show how to turn raw telemetry into custom detections for AD attacks like DCSync, lateral movement, and recon that default rules miss. We'll even explore if AI can help build new rules. The methodology applies to any modern EDR.

Speakers

Dylan Guerville

Red Team Tech Lead, Intrinsec

Friday April 24, 2026 13:35 - 14:20 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

13:35 CEST

Painless IOS App Pentesting

Friday April 24, 2026 13:35 - 14:20 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

IOS security is getting tighter, and many mobile pentesters feel locked out as there is no jailbreak for the latest versions. Entitlements are stricter than ever and traditional dynamic analysis has become much harder. However, modern iOS pentesting isn't dead - it just requires a smarter approach.

Speakers

Khayal Farzaliyev

Founder, Shaman Red Team

I’m an Application Security Engineer with over three years of practical experience across web and mobile penetration testing, secure software design, and vulnerability research - along with several CVE discoveries. I’m currently pursuing a PhD focused on Intrusion Prevention Systems... Read More →

Friday April 24, 2026 13:35 - 14:20 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

13:35 CEST

Play to Secure: Exploring AI Security Through Games

Friday April 24, 2026 13:35 - 14:35 CEST

Lucerna Cinema - Lounge @ Vodičkova 704 /36/110 00, 110 00 Nové Město

A hands-on session with the Elevation of Machine Learning Security (MLSEC) game.AI security is a problem no one is qualified to tackle alone, yet AI is the technology revolution of our time.Large Language Models, self driving cars, moon landers, online companions, and even your favourite custom cat emojis. All manner of enterprises benefit from AI. Meanwhile, even our traditional software is under...
See More →

Speakers

Devika Gibbs

Co-founder, CyberSecGames

Co-Founder of CyberSec Games, I help design and deliver serious games to raise awareness, build skills, and inspire better collaboration and conversations about cybersecurity risk.

Simon Gibbs

CyberSecGames

Friday April 24, 2026 13:35 - 14:35 CEST
Lucerna Cinema - Lounge Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

14:25 CEST

Uncovering SAP BTP Attack Vectors, Before Someone Else Does!

Friday April 24, 2026 14:25 - 15:10 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Think SAP BTP is secure by design? Think again. In this red team–driven talk, we’ll break into BTP using misconfigurations, over-permissioned services, vulnerable Kyma flows, and Cloud Connector shortcuts. Real attack paths. No fluff. Just cloud-native chaos, with demos.

Speakers

Waseem Ajrab

Head of Security Advisory, NO MONKEY GmbH

Waseem Ajrab, a seasoned cybersecurity professional, leads cybersecurity initiatives at NO MONKEY, focusing on SAP environments globally. With expertise in SOC, network security, and penetration testing, he fortifies critical systems through strategic vision. Waseem is a key contributor... Read More →

Friday April 24, 2026 14:25 - 15:10 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

14:25 CEST

What an "Exploitable CVE" Really Means: Moving Beyond CVSS Scores

Friday April 24, 2026 14:25 - 15:10 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Most CVEs never become real risks. We explore what makes a vulnerability truly exploitable by examining the economics of offensive research, the limitations of scoring systems, and the conditions required for exploitation. Attendees will learn why exploitability is discretional and how to prioritize

Speakers

Eryx Paredes

Staff Security Engineer, Lyft

Eryx is an enthusiast in Cybersecurity and OpenSource. Currently working as Staff Security Engineer at Lyft he leads the vulnerability management program, handling the strategy to identify and fix code, infrastructure and endpoint vulnerabilities at scale. His career includes roles... Read More →

Friday April 24, 2026 14:25 - 15:10 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

15:15 CEST

Decoding Chinese State-Sponsored Cyber Activity: Behavioral Models for Early Detection and Effective Threat Hunting

Friday April 24, 2026 15:15 - 15:40 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Key Takeaways: A structured approach to behavioral attribution for Chinese state-sponsored activity Case studies illustrating persistent behavioral patterns across varied campaigns Practical behavioral models that can be deployed by any security team to support threat hunting and early detection

Speakers

Nathaniel Jones

Darktrace

Drawing on his extensive background in both government and private sector cybersecurity, Nathaniel brings a global perspective to threat analysis and defense strategies. Prior to Darktrace, he spent 7 years at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), where... Read More →

Friday April 24, 2026 15:15 - 15:40 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

15:15 CEST

LLMs for Vulnerability Fixing: Hype or Reality?

Friday April 24, 2026 15:15 - 15:40 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Large Language Models seem ideal for fixing vulnerabilities, but how effective are they really? This talk explores how context, knowledge bases, and inference strategies impact LLM-based remediation, separating real progress from pure hype.

Speakers

Edouard Viot

CTO & Cofounder, Symbiotic Security

Edouard Viot is the co-founder and CTO of Symbiotic Security, an American-French startup specializing in AI-assisted code security. A passionate entrepreneur at the intersection of cybersecurity and innovation, he designs tools that help developers write more secure code through integrated... Read More →

Friday April 24, 2026 15:15 - 15:40 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

15:40 CEST

Coffee break

Friday April 24, 2026 15:40 - 16:05 CEST

All @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Friday April 24, 2026 15:40 - 16:05 CEST
All

Networking

16:05 CEST

From Input to Impact: Prompt Injection in Production Pipelines

Friday April 24, 2026 16:05 - 16:30 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Prompt injection is no longer a chatbot trick, it allowed us to hack Google. As AI agents enter CI/CD and build systems, untrusted input becomes an execution vector. This talk reveals real-world pipeline exploits affecting Fortune 500 firms and explains why prompt injection is a very real threat.

Speakers

Mackenzie Jackson

Developer advocate, GitGuardian

Mackenzie is a developer advocate with a passion for code security. As the co-founder and former CTO of the health tech startup Conpago, he learnt first-hand how critical it is to build secure applications with robust developer operations.
Today as the Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in our applications... Read More →

Friday April 24, 2026 16:05 - 16:30 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

16:05 CEST

Hackerdy

Friday April 24, 2026 16:05 - 16:50 CEST

Lucerna Cinema - Lounge @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Speakers

Danny Henderson Jr.

Associate Director, Threat Hunting & Response, Novartis Pharmaceutical

Friday April 24, 2026 16:05 - 16:50 CEST
Lucerna Cinema - Lounge Vodičkova 704 /36/110 00, 110 00 Nové Město

custom_talk

16:05 CEST

LazarOps: APT Tactics Targeting the Developers Supply Chain

Friday April 24, 2026 16:05 - 16:50 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

LazarOps is the name of an investigation done by Security Joes that uncovers how Lazarus built a network of fake GitHub accounts, malicious coding challenges, and cross-platform tooling to target developers and infiltrate software supply chains.

Speakers

Diogo Machado

Threat Researcher, Security Joes

Diogo Machado has been working in the cyber security field for the past 10 years. Staring in a public company in Portugal, he developed yearly the joy in malware analysis and reverse engineering. From then, he joined Siemens in which he practiced the investigation and response to... Read More →

Friday April 24, 2026 16:05 - 16:50 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

16:35 CEST

Call Me By Your [User]Name: Modern Identity-Centric Attacks

Friday April 24, 2026 16:35 - 17:00 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Forget malware. Attackers are logging in now. Discover the identity-centric attacks, accelerated by AI and used by threat actors like Scattered Spider to bypass MFA and turn trusted processes into their primary weapon. In a world of smart systems, vigilance starts with knowing who you’re talking to.

Speakers

Lucie Kadlecova

CTI analyst & manager, PwC

Lucie works as a CTI analyst and manager in the PwC Global Threat Intelligence team. She was previously a Fulbright visiting scholar at the Massachusetts Institute of Technology (MIT) in Cambridge, USA, and worked at the Czech National Cyber Security Centre. She holds a PhD from Charles... Read More →

Friday April 24, 2026 16:35 - 17:00 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

16:55 CEST

RTFM - Read The Fatal Manual: When Documentation Creates Critical Misconfiguration

Friday April 24, 2026 16:55 - 17:40 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Misconfigurations persist in enterprises despite widespread awareness - with AD CS being the prime example. This talk explores how vendors guide users into deploying critical misconfigurations, a large-scale responsible disclosure journey, and the shared responsibilities between us all.

Speakers

Martin Sohn Christensen

SpecterOps

Friday April 24, 2026 16:55 - 17:40 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

17:05 CEST

So You Want to Write a Book? Writing About AI Security For No Starch Press

Friday April 24, 2026 17:05 - 17:50 CEST

Lucerna Cinema - AUX @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Ever wondered what it’s like to write a technical book? I’ll share how I wrote an AI security book for No Starch Press—how it started, what made it so different from a PhD, the behind-the-scenes work, and the key lessons I learned for anyone tackling a big creative project.

Speakers

Harriet Farlow

Mileva Security Labs

Harriet Farlow is the CEO of AI Security company Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career... Read More →

Friday April 24, 2026 17:05 - 17:50 CEST
Lucerna Cinema - AUX Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

17:50 CEST

CLOSING BSIDES 2026

Friday April 24, 2026 17:50 - 18:15 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Martin Hron will officially close BSides Prague 2026 with a final wrap-up session marking the end of two days filled with knowledge sharing, technical deep dives, inspiring discussions, and new connections. This closing talk will thank all speakers, partners, volunteers, and attendees who made the event possible, briefly reflect on the highlights of the conference, and encourage the community to...
See More →

Speakers

Martin Hron

Staff Offensive Researcher, BSides Czech z.s. / SentinelOne

Friday April 24, 2026 17:50 - 18:15 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

18:30 CEST

Airport Security! - S01 E008 - Breaking into your baggage

Friday April 24, 2026 18:30 - 18:55 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

When we travel with valuable luggage, we rely on the security of locks, especially those that are TSA-approved. But, are they really? In this talk, we’ll discuss how lock picking techniques, master keys, and bypass methods can compromise the security of TSA-approved locks.

Speakers

Héctor Cuevas Cruz

Senior Managing Security Consultant, Bishop Fox

Héctor is a Senior Managing Security Consultant at Bishop Fox with over 12 years of experience in offensive security, digital forensics, threat hunting, and incident response, and has presented on multiple occasions at international conferences such as DEFCON, Ekoparty, WWHF and... Read More →

Friday April 24, 2026 18:30 - 18:55 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

19:10 CEST

Last night a DJ erased my drive

Friday April 24, 2026 19:10 - 19:55 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

Music and security have much in common. Both require a trigger that sets off a series of events. Music can cause destruction and has been used for torture as well for encryption to bypass censorship. Music is also fun and this talk will be an audio-visual journey through cybersecurity.

Speakers

Mathew Caplan

Director of Professional Services, Orange Cyberdefense

Mathew Caplan is Director of Professional Services for Orange Cyberdefense, based in London, England. He is a highly experienced cybersecurity specialist with over 25 years in the field and a proven record in the implementation of information risk management processes. As a recognised... Read More →

Friday April 24, 2026 19:10 - 19:55 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

20:10 CEST

The Great Train Robbery - Hacking Like It’s 1855

Friday April 24, 2026 20:10 - 20:55 CEST

Lucerna Cinema - MAIN @ Vodičkova 704 /36/110 00, 110 00 Nové Město

In his book “The Great Train Robbery” Michael Crichton details a train robbery in 1855 involving a prostitute and scaling buildings. Although these methods are not included in any letter of engagement, the most famous train robbery of its time has parallels to modern day physical security.

Speakers

Paul Zenker

KPMG

I am a security consultant for KPMG specialising in the fields of AI security and physical security. I have given talks on both topics across conferences in Europe and I am a co organiser of BSides Dresden.

Friday April 24, 2026 20:10 - 20:55 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

09:00 CEST

09:00 CEST

12:00 CEST

12:00 CEST

13:00 CEST

09:00 CEST

09:00 CEST

12:00 CEST

13:00 CEST

13:00 CEST

08:00 CEST

08:40 CEST

09:00 CEST

09:45 CEST

10:10 CEST

10:10 CEST

10:40 CEST

11:00 CEST

11:10 CEST

11:40 CEST

11:50 CEST

11:50 CEST

12:10 CEST

12:35 CEST

13:35 CEST

13:35 CEST

13:35 CEST

14:25 CEST

14:25 CEST

14:40 CEST

15:20 CEST

15:20 CEST

15:45 CEST

16:10 CEST

16:10 CEST

16:10 CEST

17:00 CEST

17:00 CEST

17:30 CEST

18:20 CEST

08:00 CEST

08:40 CEST

09:00 CEST

09:45 CEST

10:10 CEST

10:10 CEST

11:00 CEST

11:00 CEST

11:50 CEST

11:50 CEST

11:50 CEST

12:35 CEST

13:35 CEST

13:35 CEST

13:35 CEST

14:25 CEST

14:25 CEST

15:15 CEST

15:15 CEST

15:40 CEST

16:05 CEST

16:05 CEST

16:05 CEST

16:35 CEST

16:55 CEST

17:05 CEST

17:50 CEST

18:30 CEST

19:10 CEST

20:10 CEST

Get help with the event