Archives

All presentation slides are archived on our github page - https://github.com/BSidesSG

BSides Singapore 2023

Keynote - My Journey: Driven by the Inspiration from Hackers in SF Novels by Asuka Nakajima
Breaking Barriers: Using XSS to Achieve RCE by Aden Yap Chuen Zhen, Ali Radzali
Developing a Linux Loadable Kernel Module based rootkit from scratch by Soumyanil Biswas
How I Learned to Stop Worrying and Build a Modern Detection & Response Program by Allyn Stott
Knock, Knock - Abusing Ephemeral Ports for Data Exfil and C2 by Hubert Lin
Three's company: Investigating an Espionage Campaign featuring Multiple Threat Actors by Lior Rochberger, Tom Fakterman
It's raining creds - crawling DockerHub for leaked secrets at scale by Aliz Hammond
How threat actors are Using AI and other modern tools to enhance their phishing attempts by Chetan Raghuprasad
AI Package Hallucination – Spreading Malicious Packages Using Generative AI by Bar Lanyado
Workshop 1: Endpoint Forensics - A Hands On Workshop by Surya Teja Masanam and Santhosh Baswa
Workshop 2: Secure Coding: Fix from the root by Gopika Subramanian and Hitesh Kumar

Keynote - Case Studies in Embedded VR by Dr Silvio Cesare
Supply Chain Compromises - Understanding the Threat and Defending Your Organisation by Aaron Aubrey Ng
Once you POPTOP, you can’t stop. Putting the pieces together on a new and sophisticated APT malware by Billy James Velasco
Securing Kubernetes Deployment at Scale by Sohini Mukherjee
Malware Powered by Windows 11 No-Code by Michael Bargury
The call is coming from inside the building: Post-Exploitation with Kubernetes Webhooks by Abhay Bhargav
Uncovering 0-days in Healthcare Management Applications by Aden Yap Chuen Zhen, Sheikh Rizan and Muhammad Ali Akbar
HTTP Request Smuggling in the Multiverse of Parsing Flaws by Zhang Zeyu
Internal domain names: What are you hiding and what are you leaking? by Chen Zheng Wei and George Chen
Pwning Android Apps at Scale by Sparsh Kulshrestha and Shashank Shashank
360-degree view of Lambda Security by Apoorva Jois and Kajal Nair
Hacking AppLocker cache by Grzegorz Tworek
Workshop 1: Introduction to Kubernetes by Koh William and Sven Schleier
Workshop 2: Lateral Movement Techniques in windows environment by Samaksh Kaushik and Hari Prasad

Keynote - Who deserves Cybersecurity by Eva Galperin
Hunt the Beasts in the Bits A Proactive Approach by Meisam Eslahi
Hacking Modern Desktop apps with XSS and RCE by Abraham Aranguren
OAuth Bypass Technique by Sheikh Rizan
Finding the unknown before it finds you by Vandana Verma Sehgal
Intercepting Mobile App Network Traffic aka The Squirrel in the middle by Sven Schleier
Cybersecurity & The Board - Choosing success over the Sarlacc Pit by Brian Contos
Attacking and Defending Hybrid Active Directory Environments by Anurag Khanna, Thirumalai Natarajan
Ransomware and the eCrime Ecosystem by Aaron Aubrey Ng
The evolution of Android keystore by Gautamarvind Pandian, Vikas Gupta
h0neytr4p - How to catch the external threat actors with an easy to configure Honeypot by Subhash Popuri, Aakash Madaan
Practical offense and defence against 5G by Ali Abdollahi
Workshop 1: Hands On Attacking and Defending the Kubernetes Ecosystem by Vasant Chinnipilli
Workshop 2: Mobile Security Testing Guide Hands-On - iOS Edition by Sven Schleier
Workshop 3: Implementing One-Way Shellcoding in Windows x64 Systems by Arnold Anthony, Sristi Lakshmi Sravana Kumar
Workshop 4: Windows Forensics 101 for Beginners by Surya Teja Masanam

Keynote - Security BSides, Cybersecurity, and the Future by Jack Daniel
Welcome the Shadowbunny Leveraging virtual machines during lateral movement to evade detections and persist by Johann Rehberge
Automating Threat Hunting on the Dark Web and other nitty-gritty things by Apurv Singh Gautam
Hacking Serverless Architectures by Keith Rozario
Making your SIEM great again - Augmenting your detection via simple machine learning by Elaine Hung
DarkCrewBot – The Return of the Bot Shop Crew by Adi Ikan & Ori Hamama
Chinese Cyber Crime: A Graph Approach by Aaron Shraberg
Eradicating Vulnerability Classes by Embracing Secure Defaults and Invariants by Luke O’Malley
Anatomy of Automated Account Takeovers by Tal Eliyahu and Begum Calguner
Auto-remediation in cloud: win the race against cyber criminals by Sapna Singh
Android Malware Adventures by Mert Can Coskuner & Kursat Oguzhan Akinci
Seccomp for developers - making your applications more secure by Alexander Reelsen

Keynote - APAD: An EDR Grade Agent for Wi-Fi Access Points by Vivek Ramachandran
Pixel Heist – Pulling Corporate Files Out From Your Virtual Desktop Screens by Jeremy Soh
Leveraging Osquery for DFIR at Scale by Sohini Mukherjee
The Man-In-The-Middle Attack Against a Certain Password Manager by Soya Aoyama
Atomic Threat Coverage: Operationalized ATT&CK by Daniil Yugoslavskiy
Real-time Detection of ‘Module Stomping’ via Windows PFN Database by Aliz Hammond
The Changing Face of Supply Chain Security by Dharmesh Mehta & Neha Shukla
Deep Exploit: Fully Automatic Penetration Test Tool Using Machine Learning by Isao Takaesu
Popping 0days Out of a Thick Java Application: A Dive into Zimbra by An Trinh
How Smart is your Smart Contracts? by Shrutirupa Banerjiee
Workshop 1: Hacking and Securing Docker Containers by Srinivasa Rao Kotipalli & Abhijeth Dugginapeddi
Workshop 2: Offensive Red Teaming by Ajay Choudhary & Nitesh Malviya