BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.bsidescbr.com.au//bsides-canberra-2026//talk//3BGZWM
BEGIN:VTIMEZONE
TZID:AEST
BEGIN:STANDARD
DTSTART:20000326T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3;UNTIL=20050326T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20060402T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060401T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20070325T040000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=3;UNTIL=20070324T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20080406T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000827T030000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=8;UNTIL=20000826T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20011028T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20071027T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20081005T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2026-3BGZWM@cfp.bsidescbr.com.au
DTSTART;TZID=AEST:20260924T103000
DTEND;TZID=AEST:20260924T105500
DESCRIPTION:For years\, defending against North Korea-based threat actors m
 eant defenders using the same standard checklist. Block the phishing email
 \, sandbox the lure document\, or kill the macro. Since 2021 that checklis
 t has been quietly going out of date. This talk looks at how North Korea-b
 ased threat actors changed their game. They did not just write better malw
 are\, but they moved closer to targeting the workflows and assets that org
 anisations often implicitly trust.  They target developers\, maintainers\,
  recruiters\, SaaS logins\, CI/CD pipelines\, browser sessions\, crypto wa
 llets\, and in a growing number of cases\, they stopped breaking in entire
 ly and simply got hired. \n\nDrawing on PwC Threat Intelligence research i
 nto North Korea-based threat actor activity through 2026\, I will walk thr
 ough how the access model works today\, using real world examples. A recru
 iter message that turns into a terminal command. A job interview that beco
 mes the malware delivery mechanism. A developer laptop that quietly hands 
 over source code\, cloud keys and wallets\, and a new remote hire who was 
 never a real person. The point is simple and a little uncomfortable. The N
 orth Korea-based threat actor’s intrusion path no longer starts where mo
 st defenders are looking. It starts in your hiring pipeline\, your depende
 ncy tree\, your build system and your payroll. \n\nWhether you work in def
 ence\, threat intel\, offensive security\, or you are just breaking into t
 he industry\, you will leave this talk able to spot what these intrusions 
 look like\, not just "what payload ran" but "which trust relationship did 
 they abuse\, and what did it expose?".
DTSTAMP:20260715T215424Z
LOCATION:Off-Main Track
SUMMARY:From Dream Jobs to Developer Tokens: How North Korea-based threat a
 ctors abuse trust - Sohan Lokula
URL:https://cfp.bsidescbr.com.au/bsides-canberra-2026/talk/3BGZWM/
END:VEVENT
END:VCALENDAR
