I had the pleasure of visiting BSides Ume 2025 (10-11 June 2025)!

Why did I go?

There was a couple of reasons for me deciding to visit BSides;

  • Security Fest - IT Security Conference, Gothenburg, Sweden is a ton of volunteer work for me, and it is probably good to take a break be a normal participant.
  • Säkerhetspodcasten has been promoting BSides Ume for three years now. Time to see and experience what we are promoting!
  • I’ve never participated in a BSides before. Could be cool to check it out.
  • It has been years since I saw the north of Sweden.

BSides concept

BSides describes itself as:

BSides is a community-driven […] events […] information security community […] expand the spectrum of conversation […] opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Honestly I am not very social, and was very pretty tired from SecurityFest and travel. My social contributions could best be described as “minimal”. So maybe I personally did not implemented all ideals of BSides, even if they are pretty sweet.

BSides Ume

The event was hosted by Academic Computer Club in Umeå and was sponsored by Omegapoint, NetNordic, Truesec, PentesterLab.

The environment felt very non-commercial. Prices was very low, initially sold at early bird discount and then full prices as follows;

  • Regular: SEK 1200.
  • Student: SEK 600.

BSides Ume felt similar to a OWASP Gothenburg event but more bare bones. Utilizing Umeå University lecture rooms and a very basic university restaurant (“bamba”). Also students/researchers participated in the event as speakers.

Environment felt very friendly and inclusive.

Talks

My highlights

These are the talks I enjoyed the most:

  • Compliance-as-Code: how to do regulated business using public cloud. Emelie Ohlson (Omegapoint)
    Focus on:
    • preventive controls which denies deployment of non-compliant workloads / data stores.
    • be able to automatically generate reports on the current compliance state.
  • Bypassing Dynamic Taint Analyzers Yufei Wu
    interesting theoretical talk on how type confusion vulnerabilities interferes with dynamic analysis (DAST). On the inherent flaws of DAST frameworks where type information is within the application checks are within the runtime, potentially enabling bypass attacks. Demonstrated how type confusion vulnerabilities (CVE’s) can bypass checks.
  • Tales from Incident Response: Unmasking the Threat Actor’s Inner Sanctum. Hasain Alshakarti
    Lessons learned from incident response. Hasain is an amazing presenter as always.
  • Weaponized Open-Source Applications: Real-Life Cyberattack Scenarios. Juho Jauhiainen
    An excellent talk on Incident Response investigation finding a Keepass Trojan containing a password stealer and a Cobalt strike malware. That got installed by victim in Windows 11 by following links provided by Cortana/Bing.

Other talks

  • Towards Interpretable Android Malware Detection with Transformer-Based Models. HANTANG ZHANG
  • From p0f to JA4+: Network Fingerprinting and Reconnaissance. Vlad Iliushin
  • Modern Windows Software Cracking by a GNU Linux hacker. Jeremie A
  • Using the OWASP Top 10 to Save the Astronauts from HAL. Nick Dunn
  • Falling Off the Edge, and How to Help. Wendy Nather
  • Is Your Phone Spying on You? An In-Depth Analysis of Vulnerabilities in Cisco VoIP Phones. Balazs Bucsay
  • Apropos DeepSeek Dan Bergh Johnsson (Omegapoint)
    Dan is an incredible presenter, fun to see him again!

Exploring Umeå

I had some free time in Umeå; the evening on Tuesday before/after dinner, and after lunch on Wednesday. And it was put to good use, exploring the city, taking photos, etc.

Honestly Umeå surpassed my expectations, a very beautiful city. Things to see:

  • A river worth seeing.
  • A park by the river.
  • Lots of art and statues.
  • Lots of restaurants and cafés with a lively city life and a lot of students running around celebrating.

The weather was amazing with a lot of sun and warm weather.