| Web | https://www.bsidesprg.cz |
| [email protected] |
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Waseem Ajrab
Uncovering SAP BTP Attack Vectors, Before Someone Else Does!
A red team look at breaking SAP BTP via misconfigs, over-permissioned services, vulnerable Kyma flows & Cloud Connector shortcuts.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Khayal Farzaliyev
Painless iOS App Pentesting
iOS is harder to test than ever—no jailbreaks, stricter entitlements, limited dynamic analysis. This talk shows smarter ways to pentest modern iOS apps.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Armaan Pathan
1 Click, 0 Warnings: Hijacking Mic, Camera & GPS via Browser UI Blindspots
Hidden iframes can abuse browser UI blind spots to hijack camera, mic & GPS while prompts show a trusted domain—even on Fortune 500 portals.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Zohar Buber
Hunting Malicious Domains at Scale with AI-Augmented OSINT
Learn how AI + OSINT can detect emerging malicious domains and route high-confidence findings into Slack, SIEM, and SOAR without overwhelming analysts.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Tejaswini Sandapolla
Blind the Kernel: Subverting Integrity Checks via Semantic Asymmetry
See how modern malware abuses ZwQueryVirtualMemory and the “Twin Patch” evasion to bypass Windows integrity checks.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Vojtěch Trčka
Harder, Better, Faster, Stronger: Because “FROM ubuntu:latest” Is a Supply-Chain Horror Story
Docker images are often bloated & vulnerable. Learn how to build minimal, hardened containers that cut the attack surface.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Eyal Arazi
From Prompt to Pwn: Abusing Browser Small Language Models
The new Chrome Prompt API embeds local AI in the browser. Learn how this opens the door to new AI exploitation techniques—and how to defend against them.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Ravshan Rikhsiev
Adventures in Router Firmware Through Dynamic Taint Analysis
A deep dive into router firmware vulnerabilities using dynamic taint analysis and advanced VR techniques.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Marco Balzarin
Abusing the Ordinary: New COM-Based Windows Attack Vectors
Explore Windows COM from an offensive angle—new hunting methods and undocumented techniques for stealthy code execution via legitimate components.
🚨 Speaker Announcement – #BSidesPrague2026
🎤 Roi Nisimi
Forked and Owned: Taking Over GitHub Repositories via a Single Pull Request
Learn how a single PR from a fork can trigger RCE via GitHub Actions, compromising repos of major companies.
