💙 Can you believe it’s already been a week since #BSidesBoulder25? We had an absolute blast and hope you did too! From experimenting with NFC badges, lock picking, and sticker swaps, to welcoming #MentalHealthHackers and @Cyversity Denver into the fold — we tried a few new things this year and you helped us raise the bar. With 200 tickets sold (up 50 from last year!), this was our biggest #BSidesBoulder yet. Huge thanks to everyone who came out, especially our friends from BSides Colorado Springs and BSides Denver for showing up and showing love. 💙

We're also proud to share that through our partnership with Boulder Food Rescue, we were able to provide ~50 meals to those in need. 🙌

Help us make next year even better by filling out the feedback form before 30 June: https://forms.gle/n1RgEN8G6NU9nSceA. Two folks will be randomly selected for a small thank-you prize. Don’t miss your chance to help shape the future of BSidesBoulder!🎁

A huge shout out again for our most excellent speakers and workshop hosts. You guys rock! Wendy Nather Andrew Brandt Anthony Galiette Ariel R.. Eric Harashevsky Gil Garcia Jibby Saetang
Nathan M. Natalie Somersall Ryan Thompson @yash Thapliyal John Doyle

Incoming shorthand...Tomorrow's #BSidesBoulder25 is sold out! Walk-ins may be available, no guarantee of a shirt, official stickers, or sandwiches. TL;DR topical blurbs:

—🆕 Sticker swap table + mini-lock picking village.

—📢 Day of comms. We will use non-LinkedIn social media and QR codes at the event. @bsidesboulder
@infosec.exchange @bsidesboulder @bsidesboulder.bsky.social

—🅿️ Parking. Lot 414 is the primary. Lots 406 and 415 can be used for overflow. Details with a promo code and parking map available on our website.

—🍻Happy Hour. Location: Sanitas Brewing Company. Sponsored by TenEleven Technology. Please RSVP: https://events.1011vc.com/June132025

—🙏 2025 Sponsors. Thank you!! @rule4 Panther, @ARKA Group, LP, and Ten Eleven Ventures.

—🤝 2025 Partners. #MentalHealthHackers, #Cyversity-denver, @wicysorg, @kc7cyber, #BoulderFoodRescue, @DenverSec #OWASPDenver, #NoCoISSA.

Two days until #BSidesBoulder25 and only 15 tickets remain! Today we highlight, two #BSidesBoulder25 talks: Andrew Brandt's "Smashing Smishing by Quashing Quishing" and Eric Harashevsky's "Firmware Readout Bypass in STM92 (Don't put this in an alarm control panel).

Andrew's talk will examine QR-based phishing attacks, how attackers are exploiting QR codes and SMS to steal credentials and MFA tokens, and how a cross-industry collaboration between mobile vendors, telcos, and the infosec community could finally slam the door on mobile phishing. Think SafeBrowsing, but for QR scans! And we promise that our BSidesBoulder event QR codes will not redirect you to an Andrew-controlled C2 server.

Eric's talk will explore his adventure tinkering with an old STM92's firmware - the talk will explore his findings, reverse engineering the legacy microcontroller, bypassing firmware protections, and what that means for devices still hanging on your wall! Expect a live demo that is sure to excite your future hardware hacking journey.

#BSides #BSidesBoulder #CyberSecurity #Quishing #Smishing #MobileSecurity #PhishingDefense #HardwareHacking #FirmwareSecurity

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

We are just days away from our annual #BSidesBoulder event on 13 June and just about 40 tickets are left. Today, we're highlighting an application of AI talk.

⚔️💥 AI is building websites faster than ever — but who's checking the locks? Unlock your potential with Yash Thapliyal's #BSidesBoulder25 talk "Taking Down Websites as Fast as They're Made: Common Vulnerabilities in AI-Generated Sites" that will provide a live, fast-paced walkthrough of how platforms like Wix, Durable, and Cursor Agent are unintentionally publishing XSS, SQLi, and other vulnerabilities by default. Yash will generate a site live with the audience, then hack it! Learn how to spot the cracks, secure your builds, and stay ahead of the script kiddies. 💥⚔️

#BSides #BSidesBoulder #RedTeam #AI #WebSec #AppSec

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

💥🖥️ Don't miss Nathan Montierth's #BSidesBoulder25 talk "Navigating the Virtualization Battlefield: A Deep Dive into Hypervisor Attack Vectors", which plans to explore how attackers are breaching hypervisors (think ESXi, Active Directory, and more), and what you can do to fight back! 🛡️💥

Organizations globally have embraced virtualization as a way to scale solutions and centralize network management, but if your hypervisor gets popped, it could cost your organization millions. If you run virtualized infrastructure, this one’s mission-critical. #BSides #BSidesBoulder #CyberSecurity #VirtualizationSecurity #HypervisorHacking #CyberDefense

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

🧠💻 Tired of endless hours fighting with obfuscation techniques embedded inside of malware? Check out Anthony Galiette's #BSidesBoulder25 talk "AI-Assisted Reverse Engineering for Enhanced Malware Analysis, Deobfuscation, and Threat Coverage"! Anthony's talk provides a hands on approach to using GenAI to reduce analytic toil while reverse engineering malware, which explores three open-source tools that harness LLMs to supercharge malware triage, reverse engineering, and threat artifact extraction. Whether you're in IR, threat hunting, or detection engineering, this talk will show you how AI can help extract answers faster from binary hell. 🚀🔍 #BSides #BSidesBoulder #IncidentResponse #CyberSecurity #MalwareAnalysis #ReverseEngineering #LLM4Sec #BlueTeamPower

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

🎉 It’s that time again! We’re proud to announce that #tenelevenventures is once again sponsoring an inclusive happy hour following #BSidesBoulder25! 🍻

Join us on June 13 at #SanitasBrewing right after the conference to unwind, connect, and celebrate with the local cyber security community. Whether you're a first-timer or a returning face, all are welcome!

📍 Sanitas Brewery
🗓️ June 13 | Post-Event
🎟️ Free for BSides attendees – just bring your badge!

Let’s make this second year even better than the last. See you there! 💥

#CyberSecurity #BSidesBoulder #tenelevenventures

🕵️‍♂️ Ever wonder how cybercriminals weaponize PDFs? 💥

Check out Filipi Pires' #BSidesBoulder25 talk, "Structural Insights: PDF Analysis for Detecting and Defending Against Threats"! In his session, he’ll explore the structure of PDFs and how malicious payload can be hidden within them, provide guidance on identifying how Indicators of Attack (IOAs) found within them, and show you how to outsmart common obfuscation routines found in them. Come for the malware, stay for the live demos and defense tips! 📄 #CyberSecurity #PDFThreats #MalwareAnalysis #BSides #BSidesBoulder

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389