BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.bsidescbr.com.au//bsides-canberra-2026//talk//88SUTA
BEGIN:VTIMEZONE
TZID:AEST
BEGIN:STANDARD
DTSTART:20000326T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3;UNTIL=20050326T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20060402T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060401T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20070325T040000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=3;UNTIL=20070324T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20080406T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000827T030000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=8;UNTIL=20000826T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20011028T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20071027T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20081005T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2026-88SUTA@cfp.bsidescbr.com.au
DTSTART;TZID=AEST:20260926T100000
DTEND;TZID=AEST:20260926T105500
DESCRIPTION:ServiceNow is at the center of workflows and platform integrati
 ons for roughly 85% of enterprises - yet it rarely charts high as a priori
 ty in the pentesting backlog. Instances are generally put togther by "no-c
 ode / low-code" citizen developers who rarely have a software-engineering 
 background. Combine all of this with the fact they are tinkering with a 20
  year old monolith to plumb together some of your organisations most sensi
 tive data - and you have an incredibly bespoke attack surface\, unique to 
 every org.\n\nThis talk is a field guide to attacking that surface\, how t
 o navigate and dissect a ServiceNow instance to review the custom code and
  components for critical vulnerabilities. Covering insecure patterns that 
 lead to unauthorized data access\, privilege escalation\, and even arbitra
 ry code execution. \n\nWhile this talk isn't aimed at identifying platform
  level bugs\, it reviews CVE-2026-0542\, a critical unauthenticated arbitr
 ary code execution vulberabiltiy discovered using the same techniques. Thi
 s vulnerability was present in default components written by ServiceNow th
 at affected every instance - and the deep dive reveals why customer instan
 ces could still harbor their own versions of this.\n\nDefenders leave know
 ing their actual attack surface and how to reduce it\, what to audit in cu
 stom code\, enabling better logging and monitoring\, and awareness of a re
 porting gap between ServiceNow's own CVEs versus the advisories that go st
 raight to customers — including a public CVE record that still reads "fi
 xed" for a bug class only truly closed by patches much later. \n\nSince mo
 st customers get exactly one self-run pentest per calendar year\, the goal
  of this talk is to leave you able to make that one shot really count.
DTSTAMP:20260715T215345Z
LOCATION:Main Track
SUMMARY:javascript:pwn() - A Field Guide to Hacking ServiceNow - Paul Alkem
 ade
URL:https://cfp.bsidescbr.com.au/bsides-canberra-2026/talk/88SUTA/
END:VEVENT
END:VCALENDAR
