BSides Brisbane 2026: Time Travel - Journey through the past, present, and future of cybersecurity!
Join us for a dynamic and inclusive cyber security conference that transcends time, offering a welcoming environment for individuals at all stages of their professional journey.
Event Details
04 July 2026
QUT Gardens Point Campus - Z Block
Schedule
Please note this schedule is still in a draft state and is subject to change.
| Time | Track 1
MC
Kelsy Luengen
|
Workshops |
|---|---|---|
| 08:00 |
Doors and Check In Open
All Day
Doors and Check In OpenWelcome to BSides Brisbane! Head to the registration desk to check in, grab your badge, and collect your conference t-shirt. Coffee and tea will be available at the Cafe, so feel free to network with fellow attendees before the opening session. |
Track 1 only
2 hours
|
| 08:15 |
Networking
45 mins
NetworkingTake this opportunity to network with fellow attendees, catch up over coffee, and connect with members of the security community before the conference begins. |
|
| 08:30 | ||
| 08:45 | ||
| 09:00 |
Welcome to BSides Brisbane & Opening
15 mins
Welcome to BSides Brisbane & OpeningJoin us for the official opening of BSides Brisbane 2026. We'll kick off the day with a brief welcome, run through the schedule, and cover everything you need to know to make the most of your conference experience. |
|
| 09:15 |
Hacks Under Pressure
Joe Grand
45 mins
Hacks Under PressurePresented by: Joe Grand Talk SummaryThroughout his career, Joe Grand has taken on projects where βdoing it liveβ was a necessary evil. Whether hacking cryptocurrency wallets worth millions of dollars or testing prototypes on the streets of San Francisco, the expectation of success in front of others was ever present. Inspired by the title of Rushβs tenth studio album, Grace Under Pressure, Joe will talk about the hacks that brought him the most amount of pressure and the often unexpected results that followed. Speaker BioJoe Grand, also known as Kingpin, is an American computer engineer and hardware hacker. He was a member of the legendary hacker group L0pht Heavy Industries and was a co-host of Prototype This on Discovery Channel. He specialises in creating, exploring, manipulating, and teaching about electronic devices. Learn more at joegrand.com and grandideastudio.com. |
|
| 09:30 | ||
| 09:45 | ||
| 10:00 |
Cowboys and Endianness
Macca and James
30 mins
Cowboys and EndiannessPresented by: Macca and James Talk SummaryIn this talk, Macca and James take a chainsaw to the OSI model and ask a simple question: what happens when the protocol itself is the bypass? Starting from the gloriously unhinged world of custom binary protocols and cursed encapsulation stacks, the team demonstrates live how trivially modern security controls can be defeated when defenders are pattern-matching on protocols they expect to see. Equal parts education and crimes against networking, this talk will leave you questioning every assumption your security stack is quietly making about what βnormalβ traffic looks like. Warning: may contain interpretive dance. Speaker BioMacLeonard Starkey, better known as Macca, is a Brisbane-based security practitioner with over two decades of incident response experience across the public and private sectors. He currently hunts threats in industrial and operational technology environments at Dragos as a Senior Principal Threat Detection Engineer. |
OFDS, Google Earth & KML Mapping Workshop
Warren Finch
2 hours
OFDS, Google Earth & KML Mapping WorkshopPresented by: Warren Finch Workshop SummaryThis hands-on workshop begins with a detailed introduction to the Open Fibre Data Standard (OFDS), Google Earth, and KML for visualising internet infrastructure and facility data. After the intro, attendees will work through a guided lab to create their own map. Please bring a laptop that you can use to install or run QGIS and access Google Earth. Tutor BioWarren joined the Internet Society in June 2025 as an IXP Development Expert, focusing on supporting Internet infrastructure growth and interconnection initiatives across the Asia-Pacific region. With a career in IT that began in 1994, he brings a broad range of experience from technical consulting to Internet community training. He previously served as a Senior Network Analyst/Technical Trainer at APNIC, where he delivered technical workshops and provided support to Internet operators throughout the Asia-Pacific. |
| 10:15 | ||
| 10:30 |
Morning Tea
15 mins
Morning TeaIt's time for a morning tea break! While food is not provided, there are many excellent cafes and restaurants just a short walk from the conference venue. Explore the local area and enjoy a well-deserved break. |
|
| 10:45 |
The Accidental Security Architect (and why that needs to change)
Lidia Giuliano
30 mins
The Accidental Security Architect (and why that needs to change)Presented by: Lidia Giuliano Talk SummarySecurity Architecture is a strategic and high-impact position. It demands broad and deep technical skill sets across IT and security. Despite this demand, no clear definition exists for the role. Subsequently, no clear pathway exists to becoming a security architect, leading to fragmented expectations, skills, and responsibilities across the industry. This needed to change. In 2025, we surveyed 332 practicing security architects globally across industries and regions to understand their career pathways, their formal and informal training, and their daily responsibilities β to answer the question: What is a Security Architect? The results reveal consistent and troubling patterns. This talk walks through the research and findings, covering overall themes by region, industry, and other segments to help diagnose the problems facing the sector. We then establish a blueprint for security architecture roles and careers so that security architecture will remain effective and sustainable into the future. For aspiring architects, we highlight what skills and experience are the best pathway to landing that position. For practicing architects, we raise the most common challenges faced by your peers and provide a standardised and clear position description for your role. For managers and leaders, we outline how security architecture must be structured to deliver genuine value for your organisation, as well as give you the tools to identify and reduce the sources of friction that lead to retention and hiring challenges. Whether youβre aspiring, practicing, or hiring, this talk will provide the benchmarks and blueprint the industry has been missing! Speaker BioLidia Giuliano has been involved in the information security field for over 20 years, working in the financial, defence, telco, retail and health care sectors. She has an extensive background in security with a key focus on defensive, cloud security and security architecture. In her spare time, she loves mentoring others on their security presentations, reads way too many CFPs, and you'll find her on the beach drinking the occasional Aperol Spritz. |
|
| 11:00 | ||
| 11:15 |
Purple Teaming yo ICS
Bruce Large
45 mins
Purple Teaming yo ICSPresented by: Bruce Large Talk SummaryIn this presentation Bruce builds on where it all started with Blue Teaming yo ICS and presents Purple Teaming yo ICS. Bruce will outline the case for why Critical Infrastructure operators need to do purple teaming to ensure they are defensibly managing cyber security risks for their Operational Technology (OT). This presentation will start with a primer on purple teaming and walk through how critical asset operators should develop purple team assessments for their OT systems. It will discuss methods to gather relevant Cyber Threat Intelligence to inform assessments. Critically for asset operators, Bruce will discuss why purple teaming needs to happen in a representative test lab environment initially to give both teams confidence in their assessments. The presentation will cover useful tools and techniques to support asset operators plan and execute their purple team assessment, and finally Bruce will discuss how he built his home lab to support this presentation. Session outline:
Speaker BioBruce has 20 years experience working with IT and Operational Technology in network, telecommunications and system engineering roles. Bruce has worked in Electricity Generation & Transmission, Railway, Aviation, Emergency Services and Consulting industries. Bruce is the Founder and Principal Cyber Security Architect at BLARGE. |
|
| 11:30 | ||
| 11:45 | ||
| 12:00 |
Lunch
60 mins
LunchIt's time for a lunch break! While lunch is not provided, there are many excellent cafes and restaurants just a short walk from the conference venue. Explore the local area and enjoy a well-deserved break. |
Lunch
60 mins
LunchIt's time for a lunch break! While lunch is not provided, there are many excellent cafes and restaurants just a short walk from the conference venue. Explore the local area and enjoy a well-deserved break. |
| 12:15 | ||
| 12:30 | ||
| 12:45 | ||
| 13:00 |
Threat Actors are Stakeholders
Skye Slater
30 mins
Threat Actors are StakeholdersPresented by: Skye Slater Talk SummaryThreat-Informed GRC reframes governance, risk, and compliance around the real behaviours of adversaries. This talk shows how treating threat actors as stakeholders can turn GRC into a practical prioritisation engine: helping teams cut through noise, focus technical effort where it matters, and make stronger cases for security investment. Attendees will learn how to partner with GRC teams to connect adversary tactics to governance decisions, board conversations, and day-to-day security work. Speaker BioSkye Slater is a Governance, Risk, and Compliance (GRC) specialist focused on practical, people-centred security. Her work is driven by a simple goal: helping organisations protect the data communities rely on so people can use the internet with greater confidence. She supports organisations in building defence from the inside, preparing for worst-case scenarios, and using threat knowledge to make better security decisions. |
Competitive Cyber Tabletop Challenge Walkthrough
Chris Djamaludin
90 mins
Competitive Cyber Tabletop Challenge WalkthroughPresented by: Chris Djamaludin Workshop SummaryThis workshop runs twice β 13:00 and 15:15. Choose the session that suits your schedule. Step into a facilitated tabletop exercise (TTX) run as a mini CTF challenge. Work through a realistic cyber crisis scenario, make the calls that matter, and see how your decisions stack up against other players in the room. Designed for executives, board members, and technical practitioners alike, this 90-minute interactive session puts you at the decision table β not just watching from the sidelines. Your choices are scored as you progress, adding a competitive edge to the learning experience. Please bring your own laptop to participate in the challenge. Tutor BioChris is a Co-Founder and Chief Technology Officer for Crisis Commanded, an innovative crisis management product to help organisations prepare and respond to a variety of crisis situations. He is also a Technical Director with NSB Cyber specialising in red team operations and offensive security. Chris plays an active role in the technical development and training of the offensive security practice. |
| 13:15 | ||
| 13:30 |
OculaRCE: From Bluetooth to Contractor
Brendan Scarvell
60 mins
OculaRCE: From Bluetooth to ContractorPresented by: Brendan Scarvell Talk SummaryEV chargers are becoming a common part of home and business networks, but they often donβt get much security attention. This talk covers the discovery of a vulnerability leading to remote code execution in a smart EV charger. It also looks at how built-in IoTHotspot functionality can turn a compromised charger into a pivot point into internal networks. The session will walk through the research process, vulnerability discovery, exploitation, and the broader risks of increasingly connected charging infrastructure. Speaker BioBrendan is a security researcher and co-founder of Signal 11, with a background spanning web application, network, hardware, and embedded device security. His work focuses on finding and exploiting vulnerabilities in real-world systems, with a particular interest in connected devices and the security risks created when consumer and business infrastructure overlap. |
|
| 13:45 | ||
| 14:00 | ||
| 14:15 | ||
| 14:30 |
Afternoon Tea
15 mins
Afternoon TeaIt's time for an afternoon tea break! While food is not provided, there are many excellent cafes and restaurants just a short walk from the conference venue. Explore the local area and enjoy a well-deserved break. |
Afternoon Tea
15 mins
Afternoon TeaIt's time for an afternoon tea break! While food is not provided, there are many excellent cafes and restaurants just a short walk from the conference venue. Explore the local area and enjoy a well-deserved break. |
| 14:45 |
Piracy as an Emergent Socio-Technical Preservation System
Joel Panther
30 mins
Piracy as an Emergent Socio-Technical Preservation SystemPresented by: Joel Panther Talk SummaryAs digital media shifted from owned objects to licensed services, libraries were replaced by platforms, preservation by authentication, and custody by policy. At the same time, platform enshitification and AI have hollowed out search, archives, public knowledge, and scholarly access. Rather than treating modern piracy as a moral failure, this talk reframes it as an emergent response to institutional and information collapse - a form of fault-tolerant infrastructure that arose because official and legal systems abandoned stewardship. The goal is not to romanticise or endorse piracy, but to use it as a diagnostic: a signal of where our knowledge systems have failed, and what properties any legitimate successor must restore. Speaker BioJoel is a cybersecurity researcher, penetration tester, and educator, with over 15 years' experience in system administration, security, and consulting. His PhD produced a framework for designing dynamically generated penetration testing laboratories. His current research interests are centred on offensive security skills development. |
Track 1 only
1 hour
|
| 15:00 | ||
| 15:15 |
The Honest Conman
Malcolm Gregory
30 mins
The Honest ConmanPresented by: Malcolm Gregory Talk SummaryWe are trained to recognise social engineering as something attackers do to us. Reciprocity, trust, relevance, urgency: we can name every lever. Then we walk back to our desk and try to change human behaviour with a policy document. This talk is about the reframe. Every principle attackers use to break in is available to defenders to build culture. Used ethically, deliberately, and out in the open, that is not manipulation. That is the job. Speaker BioMalcolm is a one-person security function pretending to be a department across four business units. He spent over a decade in helpdesk and IT service delivery before security started looking more interesting. It mostly is. |
|
| 15:30 | ||
| 15:45 |
EDR Survival Tactics: An Old Croc Doesn't Need New Tricks
Chris Spencer
60 mins
EDR Survival Tactics: An Old Croc Doesn't Need New TricksPresented by: Chris Spencer Talk SummaryThis talk dissects the anatomy of a modern Windows EDR sensor, examines its main components, and explores methods (including one or two possibly unpublished techniques) that continue to remain effective. Weβll wrap up with pointers on performing EDR security research and building an environment to help you discover new evasion techniques for your next red team engagement. Speaker BioChris Spencer is the founder of Ruxcon security conference. With a career rooted in offensive security, he has spent years in security research and red teaming. More recently, he has worked in incident response and threat hunting. Chris once dabbled in pop stardom with Germany and Austria's least-remembered boy band, TESO. |
Competitive Cyber Tabletop Challenge Walkthrough
Chris Djamaludin
90 mins
Competitive Cyber Tabletop Challenge WalkthroughPresented by: Chris Djamaludin Workshop SummaryThis workshop runs twice β 13:00 and 15:15. Choose the session that suits your schedule. Step into a facilitated tabletop exercise (TTX) run as a mini CTF challenge. Work through a realistic cyber crisis scenario, make the calls that matter, and see how your decisions stack up against other players in the room. Designed for executives, board members, and technical practitioners alike, this 90-minute interactive session puts you at the decision table β not just watching from the sidelines. Your choices are scored as you progress, adding a competitive edge to the learning experience. Please bring your own laptop to participate in the challenge. Tutor BioChris is a Co-Founder and Chief Technology Officer for Crisis Commanded, an innovative crisis management product to help organisations prepare and respond to a variety of crisis situations. He is also a Technical Director with NSB Cyber specialising in red team operations and offensive security. Chris plays an active role in the technical development and training of the offensive security practice. |
| 16:00 | ||
| 16:15 | ||
| 16:30 | ||
| 16:45 |
40 Years of Encoding Flexibility: How BER Ambiguity Breaks SS7 Signalling Firewalls
D8RH8R aka Ryan Williams
45 mins
40 Years of Encoding Flexibility: How BER Ambiguity Breaks SS7 Signalling FirewallsPresented by: D8RH8R aka Ryan Williams Talk SummarySS7 signalling firewalls are the primary defence carriers deploy against phone tracking, SMS interception, and subscriber data theft. These firewalls inspect MAP (Mobile Application Part) messages encoded in ASN.1 BER (Basic Encoding Rules) and apply policy based on the decoded contents β blocking suspicious location queries, filtering unauthorised subscriber lookups, and enforcing GSMA FS.11 category rules. The problem: BER was designed for encoding flexibility. The same data can be encoded multiple valid ways. When the firewallβs BER decoder and the target network elementβs decoder disagree about how to parse a PDU, the firewall fails to extract security-critical fields β and if it fails open, the attackerβs query passes through uninspected. This talk presents a taxonomy of every publicly known SS7/MAP firewall bypass technique, unified under a single root cause: decoder divergence caused by legal-but-rarely-used BER encoding constructs. We cover seven techniques spanning 2018-2024: global opcode substitution, double MAP component injection, extended application context manipulation, long TCAP transaction IDs, missing SCCP subsystem numbers, extended tag encoding (the 9F 00 technique disclosed by Enea in July 2025), and a previously undocumented technique (flag65711) discovered through source code analysis of a production SS7 library. For each technique, we show the exact bytes on the wire, explain which BER construct creates the decoder divergence, demonstrate the bypass in a live Osmocom testbed with Wireshark captures, and provide detection signatures. We then identify BER constructs that have not yet been exploited β indefinite-length encoding, constructed primitive types, multi-octet tag forms beyond two bytes, and nested encoding ambiguities β providing a research roadmap for both offensive researchers and firewall vendors. The talk concludes with six defensive rules for building signalling firewalls that survive BER ambiguity, anchored by the most important: fail closed on decode failure. Speaker BioRyan builds things that find the things you missed. Security operations at Applied Computing by day, editor of HVCK magazine and contributor at HVCK Academy by night. Focused on autonomous security infrastructure, offensive tooling, and making defences smarter. Doesn't wait for alerts. Goes looking. |
|
| 17:00 | ||
| 17:15 |
Track 1 only
1 hour
|
|
| 17:30 |
CTF Announcements
15 mins
CTF AnnouncementsJoin us for the CTF results and winner announcements. Prizes will be awarded to the top teams. |
|
| 17:45 |
Thanks from BSides Brisbane
15 mins
Thanks from BSides BrisbaneA final thank you to all our attendees, speakers, sponsors, and volunteers for making BSides Brisbane 2026 possible. We'll wrap up the day with some closing remarks and announce the after-party details. |
|
| 18:00 |
Conference Closed
15 mins
Conference Closed |