The Mayfair neighborhood in Northwest Chicago is understood for its dense inventory of historic Chicago bungalows, which is so in depth that the North Mayfair Bungalow District was added to the Nationwide Register of Historic Locations in 2006. Mayfair’s bungalow historical past isn’t just architectural. The neighborhood drew working- and middle-class households from totally different ethnic backgrounds round a shared aim: proudly owning a stable, fashionable dwelling. That made it the right place to carry BSides312 2026, the place individuals with totally different paths, expertise, and roles gathered across the shared work of defending outdated techniques, constructing sturdy foundations, and preserving inherited infrastructure helpful below new pressures.
“Chicago’s Largest Little Non-Revenue Cybersecurity Convention” returned to Chicago on Might 16, 2026, with two discuss tracks, group villages, lockpicking, CTF, and an in-house after-party. This occasion is run by and for the area people. Greater than 400 individuals confirmed up, with the four-hundredth ticket offered the day earlier than, and the organizers opened with the sort of inside jokes and sensible logistics that make a neighborhood safety convention really feel lived in. The Keynote from Heidi Potter, COO at Turngate, “Neighborhood Doesn’t Begin With a Convention,” bolstered the temper that we had been there for one another, and the occasion was only one extra method for us to collaborate, not the sum of how our group operates.
Listed here are just some alternative highlights from the third annual BSides312.
Open Supply Poison and the Fundamentals We Preserve Skipping
The session by Sean Juroviesky, Senior Safety Engineer at SoundCloud, referred to as “OpenSource Poison: A Lengthy Ignored Threat,” started with a well-recognized contradiction that open supply runs every little thing, but a lot of it stays underfunded. It’s loosely maintained, but additionally deeply trusted by default throughout the enterprise. We maintain constructing on shared elements, shared maintainers, and shared belief, whereas pretending the inspiration has infinite capability.
The session centered on open supply poisoning, the place attackers compromise the belief round a bundle somewhat than breaking in by means of the entrance door. Attackers construct a constructive status, submit one thing delicate, then use it to steal developer npm tokens and pull malicious packages into the ecosystem. The identical sample confirmed up throughout stolen repositories, uncovered tokens, compromised tooling, and malicious variations tagged as newest. Sean’s assault examples are largely additionally coated by our group as nicely.
Sean gave us some sensible recommendation: Cease leaning on private entry tokens the place higher choices exist. Don’t mechanically belief :newest, and pin dependencies with cryptographic hashes or digests. Tags aren’t immutable, and attackers know transfer them. Lock down GitHub Actions, limit runner permissions, take away passwordless sudo, and deal with secrets and techniques in steady integration and steady supply techniques as high-value targets.
Within the period of AI-assisted growth and vibe coding, the cut up is turning into clearer: some builders are shifting quicker than their guardrails, whereas others are caught firefighting the harm. The reply just isn’t one heroic cleanup. It’s a safe software program growth lifecycle, steady monitoring of non-human identities and entry, and an software safety course of that retains returning to the fundamentals.
Safety just isn’t a time limit. Unhealthy habits construct up, so higher habits need to be constructed on objective.
Forensics Begins The place the Logs Get Quiet
Within the session from Dr. Cathy Ullman, Principal Expertise Architect, Safety on the College at Buffalo, referred to as “So, You Need to be a Forensicator…,” she introduced digital forensics as a self-discipline of endurance, proof, and pressure-tested curiosity. Her story began with a brand new “forensicator,” a networking group below stress, and a suspicious Russian IP handle. Occasion logs had been simply the tip of the iceberg on this case, as attackers know keep away from or manipulate them. Cathy led us on the deeper, actual path a forensic investigator would take and the information and expertise they would wish.
In digital forensics, the work is amassing, preserving, and analyzing proof from digital media in a forensically sound method. Chain of custody issues. So does proving that the unique proof was not modified. A write blocker, for instance, helps purchase a disk picture with out altering the supply. That separates forensics from incident response: one is the detective work of preserving and decoding proof, whereas the opposite is the firefighting work of figuring out, managing, and mitigating an lively breach.
Cathy defined that doing this work requires curiosity, persistence, endurance, objectivity, communication, consideration to element, and the flexibility to work below stress. The work can imply lengthy hours, late nights, and uncomfortable materials. It’s not what tv sells. However for the best individual, it may be rewarding, puzzle-like work with no typical day, a useful group, and a future-proof objective. Her recommendation was that in an period of AI-assisted safety tooling, you must perceive networks, working techniques, file techniques, cloud management planes, and the proof in entrance of you. The information is the information. Your job is to interpret it actually.
DNS Is the Outdated Infrastructure Everybody Nonetheless Trusts
Within the session from Matt Scheurer, host of the ThreatReel Podcast, “Positively Not Safe (DNS),” he introduced DNS as a foundational system whose familiarity makes it simple to underestimate. The web nonetheless leans on outdated fundamentals. DNS converts names into addresses and should at all times be publicly addressable. That makes it helpful. However there is no such thing as a built-in, foolproof option to solely safe it, which additionally makes it dangerous.
The session moved from data to assaults. Matt rapidly walked us by means of explanations of how A data and CNAME data work. He talked about how TXT, MX, NS, and SOA data every carry belief. TTL, or time to reside, controls cache timing. He demoed the instruments nslookup and dig to assist reveal what’s uncovered.
DNS was constructed for reachability first. Belief got here later. Many requests nonetheless expose the place a system is attempting to go. Caches can be poisoned when a resolver accepts a foul reply. As soon as cached, that reply can ship customers to the fallacious place till it expires. Attackers can disguise instructions inside DNS queries. They will additionally encode stolen information into these lookups. Configuration issues, particularly when the protocol is outdated and nicely understood by attackers.
Within the period of AI, groups nonetheless have to know the plumbing. Refresh the fundamentals. Watch the visitors. By no means belief, at all times confirm.
Energetic Listing Remembers What Groups Neglect
Nikos Vourdas, Senior Offensive Safety Advisor, introduced “The Strolling Useless of AD: Uncovering uncommon DACL-led escalation and a BloodHound-integrated software.” He defined Energetic Listing escalation as a narrative of hidden permissions and outdated assumptions. The account he may entry was disabled. The consumer seemed useless. BloodHound confirmed no clear path to admin. On paper, there was nothing apparent to chase.
The hazard was within the permissions that nobody had cleaned up. Energetic Listing isn’t just customers and teams. It’s a net of objects, rights, and outdated choices. A disabled account can nonetheless matter if it holds the fallacious entry. A forgotten permission can change into a path. A previous admin state can depart behind threat lengthy after the function is gone.
That’s the reason this class of challenge is so harmful. It doesn’t require a flashy exploit. It requires a misconfiguration, a stale object, and an attacker who understands what the instruments are doing. As soon as an object turns into privileged, deal with it as privileged endlessly. Evaluation permissions on disabled accounts. Look ahead to accounts being re-enabled. Verify each inbound and outbound rights.
Instruments can present the trail, however defenders nonetheless want to grasp the why.
Outdated Foundations, New Strain
Throughout BSides312, the conversations had been about the price of forgetting the fundamentals. Open-source packages, DNS, Energetic Listing, logs, cloud controls, and CI/CD pipelines aren’t background plumbing. They’re the locations the place fashionable work occurs. They’re additionally the place outdated assumptions quietly change into new assault paths.
AI could also be altering how briskly groups construct, however it has not modified what techniques depend upon. Belief, identification, entry, and proof nonetheless determine the result.
Pace Makes Small Errors Larger
The period of AI-assisted growth makes this sharper. Sooner code doesn’t mechanically imply safer code. It might probably imply extra dependencies, extra secrets and techniques, extra automation, and extra “momentary” choices that by no means get revisited.
The hazard just isn’t at all times a zero-day. Generally it’s a stale token, a mutable tag, a poisoned cache, or a disabled account that also has harmful rights.
Proof Nonetheless Issues
Logs assist, however they aren’t the entire story. Attackers know keep away from them. Defenders want to grasp the system nicely sufficient to know the place else to look. Groups are drowning in alerts, dashboards, and AI summaries. These instruments will help, however they can not substitute judgment. The information remains to be the information. Somebody has to protect it, query it, and interpret it actually.
Safety isn’t just instruments and ways. It’s individuals, area, tradition, and intention. Conferences don’t create communities. They reveal them. Each technical discuss pointed again to human techniques. Maintainers want assist. Builders want guardrails. New analysts want mentors.
Communities aren’t comfortable extras. They’re how individuals survive onerous seasons and study quicker than the risk panorama adjustments.
Construct From What Is There
Safety doesn’t enhance as a result of somebody buys a software or attends a chat. It improves when groups look actually at what already exists, then make it higher on objective. Evaluation the outdated permissions. Repair the outdated data. Clear up the outdated tokens. Train the outdated protocols.
Assist the individuals carrying the work. AI raises the tempo, however it doesn’t erase the inspiration. The fundamentals nonetheless matter as a result of every little thing new is being constructed on prime of them.
The Work Begins The place We Are
Safety work can really feel limitless, as a result of it’s. The techniques change. The instruments change. The stress adjustments. In that spirit, your creator gave a chat on how we received to the place we’re in DevOps and what the potential way forward for workload identification and entry seems to be like.
The work nonetheless comes again to people who find themselves prepared to ask higher questions, share what they know, and assist another person get one step additional than they had been yesterday. The fundamentals matter, however no one can do it alone.
We encourage you to become involved in your native safety group. Present as much as conferences, meetups, do a CTF, and be a part of the hallway dialog. If you’re already a member of a group, be the somebody who takes care of these newcomers who look uncertain. Volunteer when you possibly can. Ask questions. Train what you simply discovered.
Safety improves when the individuals doing the work are linked, supported, and prepared to construct on what’s already there.
