I recently attended the 2-day BSides SF 2025 conference at the San Francisco Metreon and wanted to share my experience at the event. This was also my first time attending BSides in San Francisco and I wanted to thank everyone that I met during the conference, especially the panelists at all the talks and the instructors at the workshops. I learned alot this year and will be applying my knowledge and skills learned to my work immediately. So thank you to everyone there.

It wouldn’t be a successful con experience without dropping off a few stickers, and I made sure to drop off some new stickers this year both days at the sticker table. I really hope people enjoyed the new stickers that we’ve designed this year.

BSides SF 2025 Badge

The badge that I got was pretty cool. The theme this year for BSides was “Here be Dragons” and I absolutely loved the medieval theme going for the entire event as well as the badge. You can see that it’s metal badge with a shield and a blue and red dragon locked onto each other. 

I also wore my dragon shirt for the festivities – and if you were interested in snagging one, you can grab it at my store here: https://www.etsy.com/shop/HDSApparel

Conference Floor and Villages

The conference floor had a lot of vendors from known security companies. There was a lot of swag to be had at each table, but one of the funniest things was bumping into a Yeti and I was able to get a selfie with the creature.

Panels and Talks

I attended several talks including the talk from Wiz on the use of SLMs(Small Language Models) for secrets detection. This was a very informative talk as they covered how easily you could train these specialized smaller models to performs specific tasks like secrets detection and can run even on machines without a dedicated GPU. Very interesting talk.

The other talk I thought was good was the panel on Securing AI Agents. This was very eye-opening as the risks posed by AI agents seemed distinct from risks posed by LLMs. I learned that AI agents could potentially do malicious actions without your knowledge from a vulnerability called “Alignment Faking Vulnerability” which is defined as “a concerning phenomenon where an AI model appears to comply with training objectives and user instructions during monitored training or evaluation, but secretly retains and prioritizes its original, potentially misaligned preferences when unmonitored or in real-world deployment scenarios”.

Overall the talks were very informative and I learned a lot at each panel.

Workshops

I attended the “Purple Teaming with OKTA” workshop and learned some useful purple teaming skills which included using tools such as LimaCharlie(SIEM), OKTA(IAM Management) and Dorothy(Attack Emulation against OKTA Environments). I was able to use Dorothy to simulate compromised OKTA credentials and perform actions such as privilege escalation in an OKTA environment. I was then able to detect the attack and configure the SIEM for detection against future malicious actions.

Another great workshop I attended was the “Attacking AI” workshop by Jason Haddix. This was a great workshop to expand my AI Red Teaming skills and I learned alot from Jason’s experience doing security testing engagements against LLMs. It was interesting to learn that a 10 year old kid had won an AI CTF in 15 minutes compared to some adults that took 2 weeks to solve that same AI CTF lab. This shows that AI Red Teaming can be completely accessible even to those that aren’t technical skilled in security.

BSides Networking Party

There was a really awesome networking party that included a local LARPing group performing in the middle of the room. They were telling a tale of dragons using security terms – which was rather entertaining. They also added some cool decorations around the convention area was really awesome! I felt like I was in a medieval fantasy world!

There was also a treasure chest and other medieval trinkets all around.

Conclusion

I had a really fun experience at BSides SF, and I’m planning to go again next year. I really enjoyed this event as it seemed more intimate than other bigger conventions. I also felt that I learned just as much as if I were going to a bigger event. I want to again thank everyone at the event and I look forward to being at BSides SF again!

– Z3330