BSides Ume 2026

16 Jun 2026, 09:00 → 17 Jun 2026, 17:40 Europe/Copenhagen

HUM.D.210 Hummelhonung (Umeå Universitet)

Keynote speaker: TBC

The fourth BSides Conference in Umeå, Sweden will take place June 16th to 17th. It is a community conference on IT security and related fields, part of the global BSides community and is arranged by Academic Computer Club in Umeå.

Previous events are available here: https://indico.neic.no/category/29/

For more interactions and micro updates, follow us on Mastodon or join our discord or slack server

Gold sponsors:

Silver sponsors:

Truesec

Omegapoint

 

 NetNordic 

Bronze sponsors: 

Tuesday 16 June

09:00 → 10:00 Registration and snacks

10:00 → 12:00 Talks

10:00 Introduction and Practical Matters

Welcome from the organizers and practical matters

Speaker: Mattias Wadenstein (NeIC)

12:00 → 13:00 Lunch

13:00 → 14:30 Talks

13:00 Mobile Is the New Perimeter (And It’s Already Broken)

Mobile devices are everywhere in the enterprise—but they are still frequently out of scope for security testing. That blind spot creates real risk.

Modern mobile platforms introduce a wide range of attack surfaces, from phishing and malicious applications to vulnerabilities that allow silent device compromise. Once compromised, mobile devices can act as pivot points into internal networks and sensitive corporate systems, bypassing many traditional security controls.

In this talk, I will walk through the current mobile threat landscape and show how to bring mobile devices and enterprise mobility solutions into scope for meaningful security testing. We will look at common attack vectors, including mobile phishing, malicious applications, and device-level exploitation, as well as how attackers can use compromised devices to move further into enterprise environments.

I will also cover practical approaches to testing mobile security using freely available tools, along with an evaluation of enterprise mobile security solutions such as MDM, MTD, and MAM. Attendees will leave with concrete techniques they can apply in their own environments, as well as a clearer understanding of where existing defenses succeed—and where they fall short.

Speaker: Georgia Weidman (Bulb Security)

13:45 A Stealth and Safety Issue - Exfiltration using 'data bouncing'

Overview

The concept of “data bouncing” via a third-party web server provides an extremely stealthy method of bypassing traditional network safeguards. By directing web requests to certain domains that process hostnames in headers, you can relay small pieces of data to your DNS listener, allowing you to collect and reconstruct data, be it strings, files, or any other type of data.
The discovery of this technique has received minimal publicity, which seems to be partly attributable to the unfamiliar use of familiar services, and partly to a lack of easy to use tooling. This talk aims to rectify both of these by providing a clear explanation of the concept and presenting a new tool to allow the exfiltration to be carried out easily.

Agenda

Introduction:
-whoami
-What will I be talking about?
History of Data Exfiltration:
-Quick recap of older techniques
-Coverage of the reasons for data exfiltration
HTTP and DNS Lookups Overview:
-Short explanation of what's going on when lookups happen
Discovery of Data Bouncing
-The original discovery of the issue (by accident) during a pen test
How Does this Work and What Does it Mean?:
-The technique and how ir can be used
-Coverage of uses for almost undectable data exfiltration, C2 heartbeat, etc.
Putting it to Use:
-Tool demo
Conclusion

Speaker: Nick Dunn

14:30 → 15:00 Coffee break

15:00 → 17:00 Talks

15:00 Avoid Being Bounced from the Party - Persistence for Fun & Profit 2026 Edition

In any cyber attack, adversaries must maintain a presence within the target environment to achieve their objectives. Whether aiming to disrupt critical infrastructure, spy on and extract data from industrial or intellectual targets, or execute a ransomware operation, sustained access is crucial.

Persistence provides stable access, enabling adversaries to better explore, move laterally, gather information, and generally impact the environment. Even those seeking a quick victory prefer to leave a backdoor for potential future access.

We will explore and analyze techniques observed in real attacks carried out by a diverse range of adversaries, from nation-state-sponsored actors to less sophisticated criminals.

Additionally, we will discuss the efforts required to effectively detect and neutralize ongoing attacks before they reach their goals.

Speaker: Hasain Alshakarti (TRUESEC)

16:00 Bypassing App Control via Managed Installer

App Control is the latest Microsoft solution to determine what application are allowed to run on Windows 11. To increase the security, it is possible to create signed policies that even should prevent administrators from changing the policies.
One day, Microsoft introduced Managed Installer to simplify installation and updating of App Control rules - gues what: It allows to completely bypass any signed App Control policy.
During this talk we will explain the basic idea befind App Control and explain and demonstrate an attack were the Managed Installer rule is abused by an attacker with administrative privileges to bypass any App Control policies. The attack is automated using PowerShell to setup the necessary App Locker ruleset and define PowerShell as Managed Installer allowing an attacker to download and execute any arbitrary software.

Speaker: Christian Biehler (Deutsch)

19:00 → 21:00 Dinner

Wednesday 17 June

09:00 → 10:30 Talks

09:00 Software Supply Chain Security - why should I care?

Software supply chain attacks are increasing in frequency and impact—but how concerned should we really be, and what can we do about it?

To deploy software rapidly and safely, organizations must ensure their software is trustworthy, compliant, and secure. In this session, you’ll learn how a shift-left security approach introduces security checks and guardrails at every stage of the software development lifecycle to protect the software supply chain.

We’ll explore different tools we can use as well as easy-to-adopt practices that empower developers, platform engineers, and security teams alike—such as generating Software Bills of Materials (SBOMs), analyzing dependencies, and using Git commit signing and verification — to significantly reduce supply chain risk without slowing down delivery.

Speaker: Magnus Eklund (Red Hat)

09:45 Hardening of a Linux appliance

The decision of which remote computers you can trust and which you can’t is hard. You probably think that you can trust a machine that you’ve just done a fresh install upon, but when that machine leaves your physical control and is shipped off somewhere in the world, has it then left your trust boundary and is completely untrusted? How can you know it’s the same machine, running the same configuration, and it hasn’t been tampered with?

In this talk I’ll discuss techniques that can be used to try to keep that machine in a trustworthy state, and procedures to prove that it’s still running the expected configuration and code.
The same and closely related techniques are also used to prevent the machine from running code which aren't approved.
Another side of the same techniques can be used to establish trust in a remote machine that’s not in your physical control, like a VM in a cloud provider, a remote machine needing a reinstall, initial keying of your fleet of compute nodes etc.

This talk is about TTP’s which are applicable to any system where you run reasonably controlled workloads, like managed laptops, workstations, kubelets, or as in my case, Linux appliances.

Speaker: Anton Lundin

10:30 → 11:00 Coffee break

11:00 → 12:00 Talks

12:00 → 13:00 Lunch

13:00 → 15:00 Workshops

13:00 Cyber Crisis Table Top Exercise

Maximum: 20 participants

This half day workshop provides a focused, scenario‑based cyber crisis exercise designed to build competence in crisis coordination, communication, and decision‑making. Participants receive a short introduction to crisis management, engage in a light icebreaker, and then work through an escalating cyber incident simulation.

Speaker: Maria Edblom Tauson (SUNET)

13:00 Hands-On Penetration Testing: From Recon to Exploitation

Penetration testing is often presented as a collection of tools—but effective testing requires understanding how attacks actually unfold in real environments.

In this hands-on workshop, participants will walk through the core phases of a penetration test, from reconnaissance and vulnerability discovery to exploitation and post-exploitation. Rather than focusing on a single tool, we will emphasize methodology and decision-making: how to identify viable attack paths, prioritize findings, and move from initial access to meaningful impact.

Participants will work through guided exercises using accessible tools and techniques that can be applied immediately in real-world environments. Topics will include reconnaissance, vulnerability scanning, exploitation, and basic post-exploitation concepts.

This workshop is designed to be accessible to beginners while still providing useful insights for more experienced practitioners. Attendees will leave with a practical framework for conducting penetration tests and a deeper understanding of how attackers think.

Speaker: Georgia Weidman (Bulb Security)

15:00 → 15:30 Coffee break

15:30 → 17:30 Workshops

15:30 Cyber Crisis Table Top Exercise

Maximum: 20 participants

This half day workshop provides a focused, scenario‑based cyber crisis exercise designed to build competence in crisis coordination, communication, and decision‑making. Participants receive a short introduction to crisis management, engage in a light icebreaker, and then work through an escalating cyber incident simulation.

Speaker: Maria Edblom Tauson (SUNET)

15:30 Hands-On Penetration Testing: From Recon to Exploitation

Penetration testing is often presented as a collection of tools—but effective testing requires understanding how attacks actually unfold in real environments.

In this hands-on workshop, participants will walk through the core phases of a penetration test, from reconnaissance and vulnerability discovery to exploitation and post-exploitation. Rather than focusing on a single tool, we will emphasize methodology and decision-making: how to identify viable attack paths, prioritize findings, and move from initial access to meaningful impact.

Participants will work through guided exercises using accessible tools and techniques that can be applied immediately in real-world environments. Topics will include reconnaissance, vulnerability scanning, exploitation, and basic post-exploitation concepts.

This workshop is designed to be accessible to beginners while still providing useful insights for more experienced practitioners. Attendees will leave with a practical framework for conducting penetration tests and a deeper understanding of how attackers think.

Speaker: Georgia Weidman (Bulb Security)