Buffalo's favorite information security conference.
Version 5.0 coming June 6, 2026.
| Website | https://www.bsidesbuffalo.org |
Feeling those post-conference blues after such an awesome day yesterday? We get it.
You know what might help? Make plans to join the Buffalo hacker community for tacos in Delaware Park next month! Hope to see you there!
Things to bring to BSides Buffalo tomorrow:
* Coming to the Career Village? Bring a copy of your resume.
* Playing the CTF? Bring your laptop.
* Stickers to trade or share? Bring them for the table.
* Lockpicking or soldering challenges? Bring them for help.
See you all in the morning!
PARKING INFORMATION FOR TOMORROW
The conference will be held in Science Hall, at the corner of Main Street and Jefferson Avenue (N on the map below). There is parking available at either end of the building, in the lots labelled 14 and 15, or street parking on Main Street in front of the building. If those are full, there's also spots in the athletic lots on the other side of Delavan (16 and 18 on the map).
Our final Lightning Talk of the day will be Sai Jagadeesh presenting "Deep Link Vulnerabilities: When One Click Leads to Account Takeover".
"Deep links are widely used in mobile applications to provide seamless navigation to specific screens inside an app. However, when deep links are improperly validated, they can become powerful attack vectors that allow external inputs to directly influence internal application behavior.
This lightning talk explores how seemingly harmless deep links can lead to serious security issues such as token leakage, WebView exploitation, and even one-click account takeover.
In one example, a crafted deep link forces the app to open an attacker-controlled URL inside a WebView while automatically appending the victim’s authentication token, allowing the attacker to hijack the account with a single click.
We will also look at how vulnerable WebView configurations combined with exported deep link activities can enable attackers to exfiltrate session cookies, load malicious content, or execute privileged actions inside the app context.
This talk highlights common developer mistakes, demonstrates how attackers chain deep link handling with WebView behavior, and provides practical mitigation strategies to secure mobile applications against these hidden entry points."
Our final talk of the day in Track One will be the Lightning Talk "Still Cracking: WPA2 Prevalence and Password Weakness in 2026" by Dimitri Weaver.
"In 2021, a CyberArk researcher collected 5,000 network hashes across Tel Aviv using $50 in equipment and cracked over 70% of them via the clientless PMKID attack technique. Five years later, this talk revisits that methodology — this time closer to home.
This session presents the results of a real-world WPA2 survey conducted locally in 2026, measuring how prevalent WPA2 remains, how password hygiene has (or hasn’t) improved, and how accessible this attack vector continues to be for any motivated adversary. No live cracking — just honest data, a reproducible methodology, and a candid look at whether the security community has meaningfully moved the needle on wireless security.
Attendees will walk away with a clear understanding of the PMKID attack surface, what current data says about password practices in the wild, and actionable guidance for individuals and organizations looking to actually secure their wireless environments."
Our second 4pm Lightning Talk is Billy Gibson and Ryan Conry presenting "Bad Apples: Orchestrating Movement and Execution via Native macOS Protocols".
"As macOS adoption accelerates—with over 45% of enterprises now utilizing the platform—Mac endpoints have become high-value targets for attackers seeking cloud credentials, source code, and privileged access. Despite this trend, macOS lateral movement remains a significant blind spot; the MITRE ATT&CK framework documents far fewer techniques for macOS than for Windows, and recent industry reports indicate that macOS environments prevent significantly fewer attacks than their Linux or Windows counterparts. This research aims to close that gap by systematically validating macOS-native lateral movement and execution primitives.
While Remote Apple Events (RAE) are traditionally documented as a lateral movement vector (T1021.001), we also approach the protocol through the lens of Software Deployment Tools for Execution (T1072). We demonstrate how RAE can be weaponized as a standalone primitive for deploying and executing complex, multi-line shell scripts. Our investigation analyzes the inherent security features of the System Events handler and the parsing constraints of the AppleScript interpreter that typically restrict remote orchestration. We then present a robust bypass methodology utilizing Base64 transport encoding and Terminal.app orchestration to achieve arbitrary code execution.
This research also validates a broad catalog of macOS-native lateral tool transfer (T1570) techniques. One novel approach demonstrates how RAE can abuse Finder file metadata to stage arbitrary payloads on a remote host. Additionally, this talk covers practical transfer methods using SMB, SCP, SFTP, git over SSH, SNMP traps, unprivileged TFTP configurations and socat-based channels are analyzed for their utility in establishing interactive shells and file transfer. Finally, combining SSH with osascript unlocks full remote AppleScript execution (T1059.002), effectively bypassing Apple’s intentional security features. Finally, we provide detection logic suggestions applicable to various security engines and SIEMs. By illuminating these native pathways, this research provides defenders with the technical understanding necessary to prioritize detection efforts on a platform that can no longer be overlooked."
Our first Lightning Talk of the day will be in Track One at 4pm, Christopher Bruns presenting "Mapping Internal Networks - The Art of Finding Things".
"As a Pentester, the discovery process is one of the most important steps to get right. With timed engagements, quick and efficient discovery processes are a must to produce meaningful results for customers. This session will talk about the art of internal network enumeration. How to find networks. How to find assets within networks. Useful tools and strategies for large networks. And how to take the data found and use it to formulate attacks against systems and Active Directory."
