Menu
Article

BSidesLV 2025

Patrick Ecord

• 6 min read

This year we decided to do BSidesLV and Defcon. We flew out Sunday and BSidesLV started on Monday.

I chose to do BSidesLV because I wanted to do a smaller conference as the last time I did Defcon it was at Caesars Forum and it felt like we were cattle being herded.

BSidesLV was a lot smaller than Defcon (in a good way) but the best part in my opinion was the Skytalks. I'll go into more detail below but quick overview; there was one about taking down a botnet, there was one about how scammers are turning ordinary people into unknowing criminals, one was on getting past AI image filters, there was one about the overlap of sex workers and tech workers, there was one about finding the gaps in critical infrastructure, finally there was one on bio hacking.

Skytalks is a sub-conference formerly held at DEF CON that offered a venue for researchers and industry professionals to discuss sensitive issues without public recording.

So let's dive into a couple of these a little more - sky talks aren't recorded but I'll do my best to convey the ideas presented in them.

Skytalk: Sex Work Is Tech Work: What Technologists Should Know From the Sex Industry

The sex workers and tech workers talk was interesting, a lot of it was like common sense stuff that makes sense when said out loud. For example - a hacker in some states can get charged for possessing lock picks just like a sex worker can get charged for carrying condoms. Sex workers are often the first to be targeted, similar to how hackers are often vilified as criminals. Sex workers often learn how to program because they can't use major publishing platforms. They also have to use crypto because major payment processors might seize or ban them.

ref - https://bsideslv.org/talks#TRNJJY

Skytalk: HR Hates My Mugs: Evading AI Censorship

Yeti has a service where you can customize a mug...

This was one of my favorites—funny and clever. The speaker used Yeti’s custom mug service to slip NSFW designs past AI image filters.

  • She exploited the same quirks that cause AI to “add fingers,” but in reverse—like giving a Scotsman in a kilt an extra “leg.”
  • A pig with six pairs of breasts passed while a photo of two human breasts didn’t.
  • Tentacle images would flag, so she uploaded small pieces at a time until she found what triggered the filter, then disguised it with extra “echo” lines.
  • Adding a simple grid overlay confused the AI enough to let things through.

She managed to get 6–7 mugs ordered before Yeti called her up.

ref - https://bsideslv.org/talks#7MBYEA

Skytalk: Mapping the Gaps: How Disconnects in Critical Infrastructure Leave Cities Vulnerable

This one I only caught the tail end of it but it was very interesting. Basically he works for NYC and he was talking about how the city departments do not directly map to CISA critical infrastructure sectors and so he was finding all these gaps where departments were not talking to each other or working together.

ref - https://bsideslv.org/talks#PBWQHT

Skytalk: The Botnet Strikes Back: how we assembled a coalition to take down a criminal network & their all-out response

This talk was also interesting - basically he works at Lumen / Black Lotus Labs and they run the biggest ASN in the world. They came across a really crafty botnet whereas soon as they would shut it down it would use different ASNs as a back connect and come back up. So then he started sending his research to all these ASN and formed a coalition and in order to take this very persistent botnet down they had to coordinate across multiple ASN and companies and setup a null route for the bad traffic. Interestingly the botnet guys tried to hire a lawyer send a threatening letter from a lawyer saying they were attacking them.

Skytalk: The Remote Grift: Cunning Meets Naivete, and the Victims Become the Criminals

This talk was about how criminals are getting ordinary people to commit crimes. One story was a very honest repair man and he got a call saying the building was under new management and they ordered him to break into the safe and try to get into the POS system before the (still) actual boss showed up and called the cops on him. Another lady got a call saying they had too much money deposited and she could park it into a crypto exchange and earn interest - surprise surprise - the crypto exchange wasn't real and she got charged. Notice how they didn't "click a link" like all the phishing emails tell you. He also went into how all the cyber training is all CYA (cover your ass) for companies/executives and it doesn't match up with the real world.

Skytalk: Advanced BioTerrorism Methods for the Discerning Practitioner

This was by far my favorite talk - the title is a bit misleading but here was my take on it. It's Four Thieves Vinegar Collective - it's a biohacking group that is basically working on open sourcing a lot of cool biomedical stuff. For example; so cavities; it's a bacteria that eats sugar and produces lactic acid which makes little holes in your teeth. They took that bacteria and made it emit something else instead and gave it the gene to out compete the regular bacteria - the thing that took the longest was breeding out the gene that made it resistant to most antibiotics.

Another project was around the monarch butterfly - it migrates from Mexico to Canada and mostly lives/eats milkweed plants. In the 90's farmers started to get "round up ready" crops - corn, soybeans, etc that were resistant to round up, which kills everything. What they didn't do is make a round up ready milkweed plant and because of that since the roll out of those crops the monarch population has been falling every year and now they are nearing extinction. So they created a round up ready version of the milkweed plant, which is just breeding them until you find one that is resistant to round up. He said he's ship you a petrie dish and you keep it at room temp for a month then plant it in the soil like a regular plant. He also showed a graph of the migration path and how fast the population falls off heading north, Kansas City had a 50% drop rate and I live in that area so I'm hoping I'll be able to help with that project.

The other projects I can remember was like an abortion card he was going to bring but instead sent to people in Texas. Another was HIV drugs that go for a lot of money ($5k?) that he made at cost ($30) and gave away.

He also had a like military pelican case with old server hardware in it that had the medical wiki self host and ChemHacktica. Basically you can look up what ever chemical and there is a SMILES code for it (an ascii representation of the molecule) and you can plug in the smiles code and it'll break it down into the pre-cursors used to make it - green if available online, red if not - even if its red you can drill into it and find the pre-cursors for that and make those.

Very cool stuff.

Photo Dump

Stickers
Cool talk where he did XSS against TrendMicro
Skytalk Tokens
Random Sticker I Liked "Imagination is the only weapon"
CotDC (Cult of the Dead Cow) Project - Veilid.com
Pool at the Tuscany
Bsides Vilnius Badge

Share