hack sydney 2025

Agenda (Unscheduled, more to be added)

Day 1

Keynote

Shortest History of AI: six ideas are all you need to know!

Toby Walsh is Laureate Fellow and Scientia Professor of Artificial Intelligence at the Department of Computer Science and Engineering at the University of New South Wales, research group leader at Data61, adjunct professor at QUT, external Professor of the Department of Information Science at Uppsala University, an honorary fellow of the School of Informatics at Edinburgh University and an Associate Member of the Australian Human Rights Institute at UNSW.

Toby Walsh Professor of AI, UNSW

—

Your Ransomware Playbook Will Fail – Inside the Real TTPs Behind Australia’s Worst Extortion Breaches
Most ransomware playbooks collapse under real-world pressure. Based on Australian breaches like Medibank and HWL Ebsworth, this talk reveals how RansomOps groups like LockBit and BianLian bypass EDR, wipe backups, and use staged extortion tactics to force payment. We’ll show you where defences fail, how some orgs survived without paying, and what actually works - before you become the next headline.

Gaurav V. 

—

The Mysterious China Clouds

China’s cloud platforms — Azure21 and Aliyun — come with their own set of rules, capabilities, and limitations. In this session, I’ll unpack their native security and forensic features, and what that means for detection, incident response, and evidence handling on the ground. We’ll also explore what it takes to run secure, compliant, and globally-aligned operations in China — offering practical insights for any organisation navigating the region's unique cloud landscape.

Monica Zhu PepsiCo

—

Unseen, Unscored: Deep Insights from Analyzing 10,000+ Browser Extensions
Browser extensions are a dangerously overlooked part of the enterprise attack surface. Trusted by default, whitelisted without scrutiny, and distributed via official stores, they often bypass traditional security controls entirely. Yet time and again, they’ve been exploited in real-world breaches—from stealthy surveillance to credential theft. In this talk, I’ll walk through findings from a large-scale, AI-driven analysis of over 10,000 browser extensions—exposing how attackers abuse permissions, misconfigure manifests, and embed risk in plain sight. You’ll learn why reputation-based or whitelist-centric policies fail, and how even “popular” extensions can silently undermine organizational security. 

Qasim Khan ANZ 

—

UNC-6179: Unmasking a Persistent Threat Actor Leveraging Bitbucket Cloud for Global Malware Campaigns
UNC-6179 is a Threat Actor tracked by Mandiant who has been involved in distributing malware and performing spearphishing with malware implants attached (BADREAD, AdvancedInstaller) using the PDFast software lure, targeted attacks against Tech, Finance, Government entities in Canada, Switzerland, United Kingdom and United States since 2024. However, this TA has been active since 2018, this talk is about the one mistake made by the TA, which lead to multiple malware tools, IoCs and TTPs being linked back to them.

David Wearing Atlassian

—

Unmasking AI-Themed Malvertising Targeting Social Media Users
Discover the dark side of social media advertising! Cybercriminals are exploiting the AI hype, crafting deceptive malvertising campaigns that lure users into downloading malicious payloads disguised as trendy AI tools. Our talk unmasks a prolific AI-themed campaigns targeting social media users, revealing its sneaky infection chains - from fake posts to info-stealing malware. We’ll break down the tactics, showcase real-world examples, and share cutting-edge threat-hunting techniques to help you stay ahead of these evolving threats.

Jaromír Hořejší Checkpoint 

—

Securing GenAI and AI Agents in the Enterprise: Cyber Risks, Governance & Real-World Defences
As enterprises rapidly adopt GenAI tools and autonomous AI agents, a new wave of cyber risks and governance challenges has emerged. This talk delivers practical strategies to secure AI-native environments, prevent prompt-based attacks, and navigate the rising tide of AI regulations, without slowing innovation.

Furrukh Taj Netskope

—

Spear & Shield – EDR/AV Bypass

A number of ransomware malware samples, containing EDR/AV bypass features, have been discovered. EDR/AV bypass is also often required for red teaming engagements so red teams can compromise endpoints without being detected by blue teams. Many malware developers and security researchers in the world have been exploring the EDR/AV bypass area. New EDR/AV evasion techniques are constantly reported. This session will discuss some notable techniques that have been used in the wild.

Vincent Lo Qantas

​

Day 2

Keynote

Secure the Hack!
This keynote will focus on how to operationalize threat intelligence, red team findings, and breach learnings into hardened defenses, real-time detection, and executive-ready cyber resilience.  Secure the Hack supports our key themes, takeaways, and why it is important to motivate, empower, and champion SydneyHack into our standard way we should defend, protect, and respond!

Erika Voss

—

Common Security Pitfalls
Avoid common security pitfalls and level up your software! This session delivers real-world examples and practical tips on planning, coding, supply chain, secrets, and PII. Walk away with actionable insights you can apply immediately!

Lachlan Ashcroft Stake 

—

Red Team Tactics: Let’s defend!

You implement all the Cybersecurity basics, you try to defend against all initial attack vectors, (think continuous patching, MFA for all accounts, yearly external pen tests for all web facing apps …) But then an attacker exploits a zero day vulnerability on a global internet facing software you use and is suddenly inside your network! This is where this talk starts, relying on my experience working on mitigating findings from Red and Purple team reports for the past 3 years specifically, I want to walk the audience through a few different common techniques that the attacker use once inside the network to move laterally and provide them with the necessary actionable security controls to help defend against them.

Joseph El Khoury

—

Democratizing ML for Enterprise Security Detection at Scale
Security operations teams are drowning in alerts from traditional rule-based systems that are noisy and miss novel threats. Meanwhile, advanced machine learning solutions are too complex and require vast amounts of labeled data that most organizations don't have. This talk introduces a self-sustaining framework that makes ML-powered threat detection accessible to any security team. We use a two-stage approach: a simple, broad rule catches potential threats, and a lightweight ML classifier filters out the noise. Crucially, we solve the data problem by using an AI agent to generate high-quality synthetic training data, and the system continuously learns and improves from analyst feedback. In production, this system has reduced 250 billion daily events to a handful of high-priority tickets, with precision that gets better over time.

Ge Zhang Google 

—

The AI Prince: Out with the old, in with the new. Leveraging increased AI chatbot trust to access private information.
As AI becomes more integrated in daily life, people are gaining excessive trust to it, even resulting in sharing private information they wouldn’t disclose elsewhere. This misplaced trust creates opportunities for new social engineering techniques, where malicious chatbots can exploit this trust and gather sensitive data; similar to how early Nigerian Prince email scams thrived on novelty. Just as society adapted to such traditional scams, we must now recognize how evolving AI-driven techniques exploit our growing comfort with chatbot interactions. This talk will explore how social engineering evolves alongside AI perception, revealing new risks and how to spot them.

Jonothan Kim BDO

—

Fog of Cyber Crisis - The Wins and Fails
Navigating the chaos of a cyber crisis is one of the toughest challenges facing leaders today. My talk cuts through that 'fog' by analysing real-world case studies of publicly disclosed cyber incidents. We'll explore the critical leadership, communication, and strategic decisions made under pressure. I will highlight what worked brilliantly and what went wrong, so you can walk away with concrete, actionable lessons to improve your organization's readiness and resilience.

Mustafa Qaim Flight Centre

—

Homegrown Cyber Ranges: What You Can Build With Almost Nothing
This talk shows how I built practical cyber security skills and landed a job at 17 using free tools and recycled gear. It’s a real-world guide to building your own cyber lab on a low budget; without needing racks of hardware or a massive wallet. Whether just starting out or helping others get started, attendees will leave with clear setups, free resources, and a better idea of how to turn home labs into real experience.

George Ferres

—

How we established a PSIRT capability (Product Security Incident Response Team) at Atlassian
A PSIRT (Product Security Incident Response Team) capability is essential to ensure timely, coordinated, and expert response to security vulnerabilities in products. Without a dedicated team, incident response is ad hoc, leading to delays, burnout, and loss of critical knowledge. PSIRT enables proactive investigation, clear ownership, and effective communication, minimising customer impact and reputational risk while supporting continuous improvement in product security practices. In this talk, we will walk through how we established this capability at Atlassian.

Tanvir Ahmed Atlassian

—