BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.bsidescbr.com.au//bsides-canberra-2026//talk//EQ7PKG
BEGIN:VTIMEZONE
TZID:AEST
BEGIN:STANDARD
DTSTART:20000326T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3;UNTIL=20050326T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20060402T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060401T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20070325T040000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=3;UNTIL=20070324T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20080406T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000827T030000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=8;UNTIL=20000826T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20011028T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20071027T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20081005T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2026-EQ7PKG@cfp.bsidescbr.com.au
DTSTART;TZID=AEST:20260924T151500
DTEND;TZID=AEST:20260924T161000
DESCRIPTION:Enterprise password managers hold the keys to the kingdom. Pop 
 one\, and you can instantly compromise every piece of infrastructure whose
  admin credentials were kept inside. So how well do these pieces of softwa
 re hold up? In this talk\, I'll walk through three different authenticatio
 n bypass vulnerabilities I've found in self-hosted enterprise password man
 agers used by Australian organisations. Each one allowing a user without a
 ccess to walk on in as an admin and loot all the secrets. Along the way\, 
 I'll discuss overcoming two commercial code obfuscators\, a fun bonus vuln
 erability that wandered straight out of a CTF and into production\, and wh
 at defenders should actually do about all of this.
DTSTAMP:20260715T215534Z
LOCATION:Main Track
SUMMARY:Password MisManagers: Hunting for Authentication Bypasses in Enterp
 rise Password Managers - Aidan Stansfield
URL:https://cfp.bsidescbr.com.au/bsides-canberra-2026/talk/EQ7PKG/
END:VEVENT
END:VCALENDAR
