BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.bsidescbr.com.au//bsides-canberra-2026//talk//G9B7GT
BEGIN:VTIMEZONE
TZID:AEST
BEGIN:STANDARD
DTSTART:20000326T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3;UNTIL=20050326T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20060402T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060401T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20070325T040000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=3;UNTIL=20070324T170000Z
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:STANDARD
DTSTART:20080406T040000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
TZNAME:AEST
TZOFFSETFROM:+1100
TZOFFSETTO:+1000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000827T030000
RRULE:FREQ=YEARLY;BYDAY=4SU;BYMONTH=8;UNTIL=20000826T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20011028T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20071027T170000Z
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20081005T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=10
TZNAME:AEDT
TZOFFSETFROM:+1000
TZOFFSETTO:+1100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-canberra-2026-G9B7GT@cfp.bsidescbr.com.au
DTSTART;TZID=AEST:20260925T133000
DTEND;TZID=AEST:20260925T163000
DESCRIPTION:Finding an XSS and getting alert(1) to fire is one thing. Turni
 ng it into something a program or a client treats as high impact is anothe
 r\, and often the trickier part. A reflected or stored XSS on a subdomain 
 that holds no session\, or an XSS you can only trigger on yourself\, is ea
 sy to set aside as low severity.\n\nModern applications\, though\, are rar
 ely a single site. They are ecosystems tied together by shared single sign
 -on\, OAuth\, parent-domain cookies\, CDN caches\, and postMessage. Once y
 ou understand how those pieces fit together\, an XSS almost anywhere on an
  origin can often be escalated into a one-click account takeover of the ma
 in application.\n\nOver the last couple of years I have reported a number 
 of these escalations to bug bounty programs\, taking reflected\, stored\, 
 DOM\, and self XSS and chaining them into session hijacking. This workshop
  walks through how that is done\, using a lab built from those findings. I
 t is aimed at testers and bug bounty hunters who can already find XSS and 
 want to learn how to take it further. This workshop will leave you with a 
 set of techniques\, a sense of which one fits a given situation\, and the 
 confidence to build your own session hijacking chains.
DTSTAMP:20260715T215429Z
LOCATION:Murray-Fitzroy Room
SUMMARY:Escalating XSS into session hijacking in modern SSO ecosystems - An
 imesh Acharya
URL:https://cfp.bsidescbr.com.au/bsides-canberra-2026/talk/G9B7GT/
END:VEVENT
END:VCALENDAR
