2025 Agenda (unscheduled)

Modern Identity Providers Under Attack: Tactics, Techniques, and Mitigations
As identity has become the new perimeter, threat actors techniques to target Identity has evovled. Attackers are shifting focus from just stealing credentials to compromising the Identity Providers (IdPs) themselves. In this talk, we will share frontline experiences and lessons learned combating attacks on cloud-based identity providers, focusing on Entra ID, AWS Identity Provider, ADFS, Okta etc. We will talk about how modern adversaries exploit IAM misconfigurations, abuse trust relationships, register rogue domains or federation providers, manipulate multi-tenant apps, subvert SAML flows, and even bypass MFA protections. We’ll dig into real tactics, detection methods, and defensive playbooks for securing these high-value targets. This talk is valuable for both red and blue teamers: Red teamers will gain insight into current techniques used by threat actors, while blue teamers will learn how to detect and defend against these emerging threats.

Anurag Khanna
 

Insider Threat: Tips and Tricks from a Bad Guy ™ as a Service
As security professionals we strive to get things right. The right controls, the right technology, the right people. But what about when we get stuff wrong? What about when we make mistakes? How do we deal with those mistakes as people and as business professionals?
This presentation aims to look at insider threat by going through some real world engagement outcomes and looking at what actions we can take today to protect against insider threat and what actions we could take if we want to be a Bad Guy ™ performing a threat led Red Team.

@MewSec
 

Fog of War: What the Battle of Midway Can Teach Us About Modern Cyber Conflict
The Battle of Midway was not just about firepower. It was won through breaking enemy cryptography, clever deception, and quick decision-making under uncertainty. In this talk I will use a language model to walk through the battle’s key moments and show how they relate to modern cyber challenges like threat intelligence, incident response, and managing incomplete data. We face similar problems with limited visibility, advanced persistent threats, and the need to adapt quickly. I will also explain why these lessons matter for Australia and the broader Indo-Pacific region. If you want to learn how to improve decision-making in the complex world of cyber defense this session is for you.
Kenny Zhong

​

The Silent Data Breach: Unintended Exposure of Sensitive Information in Microsoft Enterprise Enrollment, Entra, and Intune

This talk reveals a silent but critical misconfiguration in Microsoft Enterprise Enrollment that allows any authenticated user to export sensitive enterprise user data including emails, job roles, and contact info without elevated permissions. We'll uncover how this overlooked flaw can lead to data breaches and share best practices for securely configuring Azure to prevent similar risks.

Jeffrey Gaor

​

Residential Proxies - what they are, how they are formed and detection methods.

Residential proxies disguise malicious bots as real users, bypassing traditional security to commit fraud, credential stuffing, and data theft. Since blocking IP addresses is no longer effective, businesses must adopt advanced, connection-level detection  techniques to identify and stop these hidden threats.

Adam Cassar

​

Your shortcut to cracking windows registry forensics

The Windows Registry is a forensic goldmine, but it’s a maze to navigate. RegSeek is an open-source tool with 137+ artifacts across 13 categories, making it easy to uncover evidence like program execution or malware persistence. In this talk, I’ll demo how RegSeek streamlines investigations.

Tonmoy Jitu 

​

Breaking the Mold: Women Thriving in Technical Roles

In this honest and empowering talk, Alissa and Paula share their journeys as women building deep technical capability in cyber security—across generations, industries, and lived experiences.
Paula Sillars | Alissa Borg

​

Leading in the AI Cyber Arms Race: Strategic Priorities for Security Leaders in 2025

AI isn't just changing the game; it's rewriting the rules of cyber warfare. Get ready for smarter attacks, deepfakes that look real, and third-party risks on steroids. As a security leader, you can't afford to play catch-up. You need a new plan, now. This session gives CISOs the strategies they need to defend their organisations today. We're talking AI risk assessments that actually work, real-world deepfake defense, third-party risk management that covers the AI blind spots, and cloud security that's rock solid.

Akhilesh Das

​

Error 404: Experience Not Required (When You Have a Homelab)

Turn your homelab into career rocket fuel! Learn to build projects that wow recruiters, craft resume gold, and ace interviews—without torching your electric bill. From containers to automation, we’ll cover how to turn tinkering into a job-winning skill set that makes you stand out.

Kat Fitzgerald

​

AI-Driven Threat Intel: Automate, Analyze, and Alert!
"AI-Driven Threat Intel: Automate, Analyze, and Alert!" introduces a game-changing approach to cyber threat intelligence. By combining Azure Logic Apps with the power of OpenAI GPT-4o-mini, this solution automates intel gathering, performs real-time analysis, and delivers targeted alerts directly into collaboration tools like Teams and Microsoft Sentinel. It transforms reactive security into a proactive force—arming defenders with actionable insights, faster detection, and smarter response. This is modern threat intel, reimagined through AI.

Arijit Paul
 

AI Agent for Security Operations - ​​An Efficient Solution for Automated Alert Handling

How can Security Operations Centers (SOCs) evolve beyond alert fatigue and reactive workflows? This talk introduces AI Agents as the next evolution in security operations - autonomous, adaptive, and context-aware. By combining inference rules, reasoning engines, and behavioral analytics, AI Agents can automate alert triage, reduce analyst workload, and enable faster, smarter, and more scalable threat detection and response.

Thanh Do | Thu Nguyen

​

Breaking the Walled Garden: iOS Security Beyond the Sandbox
Apple’s iOS is often praised as a fortress, but this talk digs beneath the surface. From covert app analysis to GPU and radio stack attack surfaces, I’ll break down the real world offensive research paths into Apple’s most locked-down systems... No jailbreak required.
Jack Sessions

​

The Trifecta of Email Authentication

This talk would be about preventing and avoiding email spoofing. How these 3 email auth protocols and technique work together to avoid frauds from spoofing a domain or pretending to be you/your company :)
Denice Vitorio

​

Going Solo: Thriving as a Single Professional in Cybersecurity

Cybersecurity’s burnout advice often assumes you have a partner or kids to go home to—but what if you don’t? This talk is for the solo professionals: the ones always “available,” flying solo at conferences, and quietly carrying a different kind of emotional labor. We’ll unpack the myths, laugh at the awkward comments, and share real-world strategies for thriving in security when your +1 is a cat and your emergency contact is… you.

Kat Fitzgerald

​

Blue Team Brokenness: Fixing the Things That Always Fail

Despite years of investment in SIEMs, EDRs, threat intel feeds, and SOAR platforms, many blue teams still struggle with the same problems such as alert fatigue, underutilised intel, poorly tuned detections, and dashboards that overwhelm rather than inform. This talk is a candid, data-backed exploration of the real operational pain points inside SOCs and what we can do differently, beyond just buying another tool.

Krishna Bagla

​

Decoding Threat Intel: How to Read and Understand Cyber Threat Reports as a Beginner

Learn how to read and extract actionable insights from cyber threat intelligence reports, even if you’re just starting out. This talk will help you decode threat actor behavior, TTPs, and IOCs using real-world examples.

Mohaiminul Chowdhury

​​​

Homegrown Cyber Ranges: What You Can Build With Almost Nothing

This talk shows how I built practical cyber security skills and landed a job at 17 using free tools and recycled gear. It’s a real-world guide to building your own cyber lab on a student budget; without needing racks of hardware or a massive wallet. Whether attendees are just starting out or helping others get started, they'll leave with clear setups, free resources, and a better idea of how to turn home labs into real experience.

George Ferres

​

Securing the Cloud: Unveiling Vulnerabilities with AzurEye

AzurEye – a security tool I developed to automate and simplify vulnerability scanning across Azure services. Frustrated by the slow, manual process of cloud assessments, I built AzurEye to deliver fast, visual insights into misconfigurations and exposed secrets in services like Key Vaults, Storage Accounts, Logic Apps, and Function Apps. It uses Azure APIs for non-intrusive scanning and presents findings in a clean dashboard with charts and HTML reports—empowering Azure admins and security teams to take action quickly and confidently.

Rishabh Gupta

​

Prompted to Fail: Revealing the Hidden Dangers in Modern AI Systems

As AI systems like LLM models and autonomous agents become deeply embedded into business and consumer applications, they introduce a new and largely misunderstood attack surface. In "Prompted to Fail," we expose the hidden security threats lurking within prompts, model inference, APIs, and learning pipelines. From prompt injection and agent misalignment to API exploits and data poisoning, this talk unpacks real-world vulnerabilities and demonstrates how attackers can manipulate AI systems in dangerous ways. More importantly, we'll explore practical defence strategies to help developers, security teams, and decision-makers build safer, more trustworthy AI applications.

Anandan Krishnamoorthy​

​

Developing Your Own Local LLM

Public AI tools aren’t ideal for cybersecurity GRC—they can’t safely handle sensitive data. But building your own local LLM is often frustrating and technically complex. In this session, I’ll share a practical, no-fuss approach using Retrieval-Augmented Generation (RAG) to run a local model and easily add your own data without retraining. It’s a fast, workshop-style guide to get generative AI working securely and effectively in your GRC environment—no deep ML knowledge required.

Lee Yang Peng

​

Balancing Performance and Security: Open‑Source Evaluation of Quantum‑Secure Symmetric Key Agreement

As quantum computing threatens classical public‑key infrastructure, hybrid quantum‑safe protocols offer a promising path forward. This talk presents results from a fully open‑source, experimental evaluation of symmetric key agreement (SKA) schemes—classical, hybrid, and fully quantum-safe—demonstrating that even under adverse network conditions, post‑quantum SKAs only introduce minimal latency (≈99 ms for quantum-only, ≈199 ms for hybrid). With open implementations using ECDH, Kyber, AES‑256, Argon2, and TLS, we illustrate a practical roadmap to quantum-safe cryptography that is both accessible and scalable.

Amin Rois Sinung