BSides Kent

Posted on 08 May 2026

Another BSides down and many more to look forward to! BSides Kent was quite a bit smaller compared to the other BSide events I have visited. I’d put it on par with BSides Basingstoke, but that didn’t hamper the vibes, which were excellent. It was hosted in a cinema, which, when I initially thought about it, I saw as very novel, but it makes complete sense since they have great screens for the presentations! hahah! Plus, the late afternoon popcorn was a nice touch.

A few interesting vendors too, special shoutout to OSSPrey, with whom I had a great chat about the state of NPM malware and various detection and prevention mechanisms, which I covered in a post I co-wrote for the ControlPlane Blog.

Below is the list of talks I attended and some associated notes:

10:15 - 11:05 - What do we really know about hackers? - Conor Freeman & Lorne Rolins

• Job applications and diversity ~ Statistically, women are less likely to apply to jobs if they don’t meet all the requirements, but Men will. “Less is more” with job postings

11:05 11:55 - Know Thy Enemy: Ransomware Groups - Dr Jason Nurse & Andrew Phipps

11:55 - 12:25 - Red Teaming and The Impact of AI - Jack McBride

• Identity-based attacks are still on the rise
• Windows “One Click” Malware is still a popular execution method
• Credentials in network shares for privilege escalation are still going strong
• Mythic - C2 framework, still popular with testers
• “Bring your own vulnerable driver” is still popular with testers
• A good Conditional Access Policy is still an excellent tool to deter attacks

12:25 - 12:55 - Knight Screen - A Practical Incident-Response Framework for Generative AI Systems - Derrisa Tuscano

• Really nice paper, will definitely be one I’ll have to refer to again in the future!
• https://www.mdpi.com/2624-800X/6/1/20

14:00 - 14:50 - Friar Screen - Offensive Go, Driven by Python - Simardeep Singh

• Nice hybrid approach of using Python as a management layer with Go handling the heavy lifting.
• Utilises Go .so module to load into Python runtime
• Similar to a talk at DEFCON, which was investigating using Web Assembly as a “universal” language for post-exploitation modules

14:50 - 15:20 - Friar Screen - From Payloads to People - Dumisani Masimini

15:20 - 16:10 - Knight Screen - Red Teaming LLM Web Apps with Promptfoo - Adrian Tiron

• Ator plugin for Burp to token refresh automatically

Photos

← →