BSides Canberra 2026

The speaker's profile picture
"Alex"

“Alex” (mangopdf) has hacked their employer an unspecified number of times Red Teaming, committing metaphorical crimes and writing really really detailed confession letters. Once they found former Australian Prime Minister Tony Abbott’s passport number using Google Chrome, talked to him on the phone about it, and did not get arrested. They just started mangopdf Communication, a legitimate business in which they teach security people how to present and write in a way that non-security people understand.

On the side, they organise purplecon, a gentle, pastel, inclusive security conference, but it’s unclear whether the whole thing is like a joke, or what.
More "Alex" content, blog posts, and past conference talk recordings: https://mango.pdf.zone.

  • Finding vibe leaked API keys every day
The speaker's profile picture
Aaron

Aaron has spent 20 years developing and maintaining security systems from within or on behalf of governments. More recently, those skills and experience have also been invested into home lab and hobby projects. One of which is the subject of a BSides Canberra 2026 talk.

  • Inside of an Android
The speaker's profile picture
Aeriana Lawler

Aeri is a Linux sysadmin who these days [unfortunately] works in cyber security policy and auditing. In between making biltong and hiking around Namadgi, she likes to level the playing field in Pokemon Go by developing tools to annoy spoofers in the game.

  • Waffling Around WAFs
The speaker's profile picture
Aidan Stansfield

Aidan is a penetration tester and security researcher at Division 5. Over the years, he has tested most attack surfaces across most industries, with a particular focus on internal networks and critical infrastructure. Nowadays, he hunts for bugs that require a deeper dive then a traditional pentest permits. Outside of work, he creates CTF challenges for his local hackercons (BSides BNE and Crikeycon), and represented Team Oceania at the International Cybersecurity Challenge (ICC) in 2022 and 2023.

  • Password MisManagers: Hunting for Authentication Bypasses in Enterprise Password Managers
The speaker's profile picture
Angus

Angus is a vulnerability researcher at InfoSect. At work, he is well known for giving talks that go way over time and contain unnecessary amounts of detail. Outside of work, Angus enjoys learning new (usually useless) skills, attempting (and forever failing) to win CTFs, cooking (hopefully) tasty food, and is known to be overly competitive when playing (video|board|role-playing|war)games with his friends.

  • Viral Vulnerabilities: Unpacking Copy.Fail and related Linux Kernel bugs
The speaker's profile picture
Animesh Acharya

Animesh is a Senior Security Consultant working at Tanto Security. He is interested in web security research and also does Bug Bounties. You can get in touch with him on LinkedIn at https://www.linkedin.com/in/an1msh/

  • Escalating XSS into session hijacking in modern SSO ecosystems
The speaker's profile picture
Chewhacker

Chewhacker entered the cyber security world in 2020, diving head first into cyber threat intelligence and quickly developing a passion for understanding adversary behaviour. While her work now spans multiple areas of security, CTI and adversary emulation remain her favourite playgrounds.

Outside of work, she can usually be found hunting for her next mechanical keyboard, spending time with her sausage dogs, trying to obtain more sausage dogs, or making friends with people so she can hug their sausage dogs. After assembling badges at past BSides Canberra events, she discovered a new hobby that escalated into building a robotic, AI enabled cyber security dog — because every good defender deserves a loyal companion.

  • Bark to the Future: Network Security with Wi‑Fido
The speaker's profile picture
Christopher Vella (Kharosx0)

Christopher Vella is a security researcher @ Microsoft (MORSE) and develops trainings and custom vulnerability research tooling @ Signal Labs

  • Unlimited Exploitation of Signed Windows Drivers
The speaker's profile picture
Dr Silvio Cesare

-

  • Opening Ceremony
The speaker's profile picture
Faraz

Faraz is a Lead Blockchain Security Researcher at Zellic. When not busy with work, he likes to play video games and indulge in low level vulnerability research and exploit development.

  • Doppelganger - Weaponizing CVE-2026-23066 at ZeroDay.Cloud
The speaker's profile picture
James L

James is an automation engineer at ASD's ACSC, working on automated malware analysis platforms to improve the speed and accuracy of incident response activities.

  • Azul: How to build “good” malware analysis platforms
The speaker's profile picture
Justin Steven

Justin is a seasoned computer security professional with 14 years of experience across Incident Response and Software Security. As Tanto Security's Director of Research, Justin fosters the curiosity and ingenuity of our consultants, supporting them as they engage in their own research projects.

  • Time Crisis: Exploiting time-based padding oracle vulnerabilities using Timeless Timing Attacks
The speaker's profile picture
Kylie McDevitt

-

  • Opening Ceremony
The speaker's profile picture
Mario Weigel

Mario Weigel has been in the Linux and automation world since 2002, moving through support, testing, and systems administration before the DevOps movement caught up with skills he’d already built. For several years, he’s been consulting in complex, heavily regulated sectors to design solutions that enable security and development teams to thrive in tandem. In his own time, he leads the Auckland Kubernetes meetup.

  • Kubernetes Capture the Flag
The speaker's profile picture
Nathan Cobbald and Bayley Skerman

Amateur 'putting stuff in a box and making it do things'-ers . By two people who work together sometimes

  • Black Box Zero - Physical Challenge Box
The speaker's profile picture
Paul Alkemade

I'm an offensive security engineer based in Melbourne we're I've been hacking away for over six years. When I'm not staring at a computer screen I'm probably stuck out bush trying not to stare at my phone.

  • javascript:pwn() - A Field Guide to Hacking ServiceNow
The speaker's profile picture
Rick de Jager

Rick is a full-time security researcher at v12.sh and a member of the Pwn2Own team “PHP Hooligans.” He has competed in five editions of Pwn2Own, exploiting a wide range of targets including routers, printers, and automotive systems. Outside of Pwn2Own, Rick is an avid CTF player, having competed as part of 0rganizers and ICC’s Team Europe.

  • Chasing Shadows: Portable Memory Corruption in Ghostscript
The speaker's profile picture
Sohan Lokula

Sohan is a Senior Analyst in PwC’s Threat Intelligence team and the North Korea-based threats lead. He is a technical Cyber Threat Intelligence analyst focused on cyber crime and North Korea-based threat actors, with experience across deep and dark web intelligence, threat actor tracking, cyber criminal activity, and strategic intelligence reporting.

  • From Dream Jobs to Developer Tokens: How North Korea-based threat actors abuse trust
The speaker's profile picture
TBA
  • Black Bag - Day 1
  • Black Bag - Day 2
  • Black Bag - Day 3
The speaker's profile picture
Volunteers

BSides Canberra is entirely volunteer-run, with around 40 dedicated volunteers who contribute both before and during the event. Volunteers can be easily identified by their maroon t-shirts.

  • Locksport (Day 1)
  • Locksport (Day 2)
  • Locksport (Day 3)
  • Hardware Village (Day One)
  • Hardware Village (Day Two)
  • Hardware Village (Day Three)
The speaker's profile picture
Zoran Iliev

With over 25 years of pioneering digital forensics for government agencies, law enforcement, and global corporations, Zoran has shaped the future of forensic science. His innovative methodologies and insights have solved high-stakes investigations, from cyber fraud to international policy breaches. As a Lead Forensic Examiner at the Department of Home Affairs and a recognised educator, Zoran empowers organisations worldwide, transforming challenges into resolutions. Zoran holds a Master of eForensics and Enterprise Security from the University of Melbourne. He is a NATA technical assessor and the only ANAB technical assessor and auditor in Australia.

  • Fatal Errors: Forensics Pitfalls in the "Mushroom Murders" Case Study
The speaker's profile picture
skateboarding dog

After an outstanding debut as CTF hosts in 2025, skateboarding dog are back to design and run the BSides Canberra CTF for a second year.

They're not just any CTF team, they're one of Australia's most accomplished. A powerhouse of talented hackers, this team has dominated the local CTF scene for years, consistently finishing at the top of competitions around the country. Before taking over as hosts, they claimed first place in the BSides Canberra CTF for three consecutive years.

Known for deep technical expertise, creative exploitation techniques, and exceptionally well-crafted challenges, skateboarding dog has earned a reputation for building CTFs that are approachable for newcomers while still pushing seasoned players to their limits. If last year's competition was anything to go by, you're in for another fantastic weekend of hacking.

Whether you're chasing the podium or tackling your very first challenge, the BSides Canberra 2026 CTF promises another memorable experience with skateboarding dog at the helm.

Follow them on X: https://x.com/sk8boardingdog

  • Capture-the-Flag (Day One)
  • Capture-the-Flag (Day Two)
The speaker's profile picture
toasterpwn

Your Speedrun CTF host returns for 2026: toasterpwn https://x.com/toasterpwn

After a hugely successful debut at BSides Canberra last year, toasterpwn is back to put competitors through another fast-paced gauntlet of hacking challenges. Winner of the Hexacon Speedrun CTF 2024, captain of the Australian team Emu Exploit, and a professional vulnerability researcher at InfoSect, toasterpwn combines elite technical skills with a passion for creating fun, competitive challenges.

Known for lightning-fast exploitation and a love of all things pwn, toasterpwn has earned a reputation as one of Australia's rising offensive security talents. Whether you're chasing the top spot or simply looking to test your skills against the clock, the Speedrun CTF is back for another year of rapid-fire hacking action.

  • Speedrun CTF Finale
  • Speedrun CTF Qualifiers