About The Event
BSides Berlin is an event for and by information security community members, a part of BSides community. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Where
CIC Berlin – Lohmühlenstraße 65, 12435 Berlin, Germany
When
Saturday
8 November, 2025
Event Speakers

Patrick Ventuzelo
CEO & Founder @ FuzzingLabs

Stuart McMurray
Principal Offensive Security Engineer @ Klarna

Anshu Gupta
Chief Information Security Officer

Kikimora Morozova
Trail of Bits Researcher

Massimo Bertocchi
Cyber Security Professional @ SIX Group

Valeriy Shevchenko
Chief Technology Officer @ Darknotice.com

Stephan Berger
Head of Investigations @ InfoGuardAG
Event Schedule
Doors open - Registration
Opening Words
Opening Keynote
Break
Sneaky Remap - Shared Object Cloaking with a Minimum of Fuss Stuart McMurray
This talk describes sneaky remap, a technique for hiding a loaded shared object file on Linux. It starts with the context surrounding shared object loading during operations on Linux Targets but the bulk of the talk revolves around sneaky remap's nuts and bolts.
Coffee Break
Weaponizing Image Scaling Against Production AI Systems Kikimora Morozova
AI vision systems see differently than humans do. When platforms downscale uploads to save compute, the mathematical properties of interpolation algorithms create exploitable artifacts. In this presentation, we'll show how to craft images which use invisible pixel perturbations to reveal malicious prompts after downscaling, triggering unauthorized tool execution across Google Gemini, Vertex AI, Google Assistant, and Genspark.
Beyond image downscaling, we’ll explore the broader attack surface, including audio transformations, dithering algorithms, and other preprocessing steps that become prompt injection vectors. You'll learn to fingerprint vulnerable systems using test patterns that reveal specific downscaling implementations across ML libraries. We'll demo Anamorpher, our open-source tool for automated attack generation, with both Python APIs and visual interfaces, as well as examine practical mitigations from displaying actual processed images to implementing design patterns resistant to prompt injection, such as the action selector pattern.
Break
A Deep Dive into Model Context Protocol (MCP) Security Anshu Gupta
As organizations rapidly adopt Large Language Models (LLMs) to power enterprise applications, ensuring the security of context-driven interactions has become a critical challenge. The Model Context Protocol (MCP) is emerging as a standardized framework that governs how models are prompted, contextualized, and integrated into real-world workflows. While MCP enables richer, more adaptive use cases, it also introduces new and complex attack surfaces that require deliberate security strategies.
This session provides a comprehensive exploration of MCP security, highlighting the unique risks and defenses associated with context-aware LLM deployments. We will examine threat vectors such as context injection, prompt leakage, chaining abuse, and data exfiltration through contextual inputs—issues that can compromise both system integrity and sensitive enterprise data. Participants will gain insight into adversarial use cases, including indirect prompt injection and model manipulation via context chaining, demonstrating how attackers can exploit seemingly benign contextual elements.
In addition to identifying risks, the session will provide a practical roadmap for hardening MCP implementations across diverse environments, from proprietary in-house systems to API-based LLMs like OpenAI, Anthropic, and Cohere. Core strategies include input validation, sandboxing, establishing contextual trust boundaries, and embedding audit logging into MCP workflows. We will also discuss the role of prompt hygiene, red teaming, and continuous monitoring to build resilience against evolving threats.
By the end of the session, attendees will have a clear understanding of MCP’s structure and components, practical techniques for securing LLM interactions, and recommendations for aligning MCP security with existing AppSec and SOC workflows..
Lunch Break
Linux Malware Packers and Loaders - A Comprehensive Analysis of Evasion Techniques and Detection Challenges Massimo Bertocchi
This presentation examines Linux malware packers and loaders as sophisticated evasion techniques that pose significant challenges to modern cybersecurity defenses. Malware packers compress, encrypt, and obfuscate executable code, while loaders execute the original malware directly in memory, enabling fileless execution that bypasses traditional detection mechanisms.
The research includes a case study of the Lazarus APT group's ThreatNeedle malware, demonstrating real-world implementation of multi-stage deployment with in-memory execution capabilities. A practical analysis of the hARMless ARM64 ELF packer/loader system illustrates key technical components including RC4 encryption, CRC32 integrity verification, and direct ARM64 syscall implementation. The presentation reveals critical security implications: traditional EDR solutions have significant detection gaps on Linux systems, static analysis proves insufficient against packed malware, and memory-based execution complicates forensic analysis. Defensive strategies require implementing syscall-level monitoring, deploying behavioral analysis capabilities, and maintaining comprehensive logging for effective threat detection and response.
Break
Inside Mythic: Dissecting a Modern Attack Framework Stephan Berger
Your mission, if you choose to accept it: take on the role of a detection engineer to dissect the most popular attack framework for attacks against macOS, Mythic.
Mythic has various agents that can be easily integrated into the framework. In this talk, we will show common features of the agents, including how C2 communication works, how persistences can be set up, and how additional code can be executed.
Our goal is to develop robust strategies for detecting these agents and to identify additional traces on the system that can be found by executing these agents on an infected computer.
For the red teamers, we will discuss OPSEC considerations that need to be taken into account when using specific commands to prevent immediate detection through an EDR.
Break
Accidental Backdoors: Supply Chain Stories That Could Happen to You Valeriy Shevchenko
Even well-defended companies can be compromised through their supply chain. In my bug bounty experience, I discovered cases where third-party contractors—without malicious intent—introduced vulnerabilities that completely bypassed strong internal security. Misconfigured integrations, unsecured development environments, and overlooked vendor practices became unexpected entry points.
This talk will share real-world stories of how unconventional approaches to vulnerability hunting uncovered hidden weaknesses in trusted partnerships. We’ll explore why organizations often fail to account for contractor security, and how those blind spots can lead to full system compromise.
Attendees will gain practical insights on recognizing supply chain risks, strengthening vendor oversight, and ensuring that external partners don’t become the weakest link in their security strategy.
Coffee Break
Talk to be confirmed
.
Break
Closing Keynote
AI for AppSec and Offensive Security: From Automation to Autonomy Patrick Ventuzelo
Artificial Intelligence is transforming the way we approach application security and offensive security — moving us from tool-based automation to the early stages of autonomous vulnerability research. From DARPA’s AIxCC challenge to emerging agent-based systems, AI is showing how fuzzing, auditing, and workflow orchestration can scale beyond what human teams alone can achieve.
This keynote will explore how AI is applied to code auditing, harness generation for fuzzing, and vulnerability triage, before introducing the new paradigm of multi-agent systems that act like a full red team. We’ll also examine the challenges of benchmarking and reproducibility in this space, and speculate on what comes next: specialized models, autonomous red teams, and community-driven marketplaces for sharing knowledge, agents, and workflows.
The offensive security engineer of tomorrow won’t just run tools — they’ll orchestrate a team of AI collaborators.
Closing Words
Event Venue
Sponsors
CTF Partner
Drop us an email at contact@bsides.berlin if you are interested in supporting the event.
Review committee

Luca Melette
IT Security Consultant @ Positive Security

Vincent Ulitzsch
Postdoctoral Researcher @ MIT

Diana Janetzky
Senior Security Architecture @ Nvidia
Buy Tickets
Student pass
€49
excl. VAT and booking fee
- Access to all talks
- Lunch & Coffee Break
- You need to show your student ID
Self Payer
€99
excl. VAT and booking fee
- Access to all talks
- Lunch & Coffee Break
Business ticket
€175
excl. VAT and booking fee
- Access to all talks
- Lunch & Coffee Break
- Invoice for company reimbursement
Supporter Ticket
€250
excl. VAT and booking fee
- Helps fund the event
- Access to all talks
- Lunch & Coffee Break
- Invoice for company reimbursement
Contact Us
Feel free to drop us an email, or a message on Twitter