What an amazing #BSidesLuxembourg. Huge kudos to the @BSidesLuxembourg organizers who crafted a welcoming space for everyone to learn together. Who made everything work. Who really care about representation and inclusion - it shows. Thanks to all the volunteers for your support. Thanks to my fellow speakers and participants for the insightful exchange. Special shout-out to our lovely sightseeing group for the deep night-time conversations. I love the memories we've built together. ️ #BSides

New Talk Dropped for BSides Luxembourg 2026!🧰 𝗧𝗨𝗥𝗡𝗞𝗘𝗬 𝗖𝗢𝗗𝗘 – 𝗘𝗡𝗛𝗔𝗡𝗖𝗜𝗡𝗚 𝗦𝗘𝗖𝗥𝗘𝗧𝗦 𝗠𝗔𝗡𝗔𝗚𝗘𝗠𝗘𝗡𝗧 𝗜𝗡 𝗟𝗔𝗥𝗚𝗘 𝗦𝗖𝗔𝗟𝗘 𝗢𝗥𝗚𝗔𝗡𝗜𝗭𝗔𝗧𝗜𝗢𝗡𝗦 — Diogo Lemos Dive into a Talk (40 min) on building scalable secrets detection systems that actually reduce noise, improve triage, and integrate into real-world CI/CD pipelines.Secrets leakage remains one of the most persistent problems in modern software development, not because tools don’t exist, but because they fail at scale—producing too many false positives and too little actionable context. This session explores how a real-world turnkey platform was designed to solve this gap using open-source tooling, smarter validation, and CI/CD-native workflows.Through architecture insights and live demonstrations, learn how scanning strategies, confidence scoring, and automation can transform secrets detection from a noisy checkbox into a reliable security process. The talk also highlights practical lessons from deploying and scaling such a system in production environments.Diogo Lemos is an Application Security Engineer with experience at Checkmarx, Flutter Entertainment, and OLX, specializing in scalable AppSec programs, automation, and cloud security. He actively contributes to open-source security tooling and speaks internationally on practical SAST, SCA, and secrets management solutions. Conference Dates: 6–8 May 2026 | 09:00–18:00 14, Porte de France, Esch-sur-Alzette, Luxembourg️ Tickets: https://2026.bsides.lu/tickets/ Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/ View full schedule & build your agenda: https://hackertracker.app/schedule?conf=BSIDESLUX2026 #BSidesLuxembourg2026 #SecretsManagement #AppSec #DevSecOps #SAST #CyberSecurity

Added to the BSides Luxembourg 2026 Lineup️ 𝗢𝗨𝗧 𝗢𝗙 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗘𝗫𝗖𝗘𝗣𝗧𝗜𝗢𝗡: 𝗪𝗛𝗔𝗧 𝗧𝗢 𝗗𝗢 𝗪𝗜𝗧𝗛𝗢𝗨𝗧 𝗔𝗡 𝗘𝗫𝗣𝗘𝗥𝗧 𝗧𝗢 𝗦𝗘𝗖𝗨𝗥𝗘 𝗬𝗢𝗨𝗥 𝗦𝗢𝗙𝗧𝗪𝗔𝗥𝗘 — Lisi Hocke ( @lisihocke ) Take control in this Talk (40 min) and learn how development teams can build secure software even without dedicated security experts.Security shouldn’t be a blocker waiting on experts. This session shows how everyday engineering activities—like planning features, collaborating across teams, and maintaining code—can be leveraged to significantly improve your product’s security posture without slowing down delivery.Discover how to integrate threat modeling into regular workflows, catch vulnerabilities earlier through collaboration, and use production insights to detect malicious behavior. This talk empowers teams to shift from dependency on security teams to building “secure enough” systems through practical, developer-driven approaches.Lisi Hocke (@lisihocke ) is a security engineer focused on product security, with a passion for quality, collaboration, and continuous learning. A strong advocate for whole-team approaches, she shares her experiences to help teams build resilient and secure software while delivering real value. Conference Dates: 6–8 May 2026 | 09:00–18:00 14, Porte de France, Esch-sur-Alzette, Luxembourg️ Tickets: https://2026.bsides.lu/tickets/ Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/ View full schedule & build your agenda: https://hackertracker.app/schedule?conf=BSIDESLUX2026 #BSidesLuxembourg2026 #SecureDevelopment #AppSec #DevSecOps #SoftwareSecurity #CyberSecurity

Inside the Tech: New Talk Added to BSides Luxembourg 𝗧𝗛𝗘 𝗙𝗢𝗥𝗚𝗢𝗧𝗧𝗘𝗡 𝗙𝗜𝗡𝗚𝗘𝗥𝗣𝗥𝗜𝗡𝗧: 𝗗𝗡𝗦 𝗕𝗔𝗦𝗘𝗗 𝗢𝗦𝗜𝗡𝗧 𝗧𝗘𝗖𝗛𝗡𝗜𝗤𝗨𝗘𝗦 𝗙𝗢𝗥 𝗣𝗥𝗢𝗗𝗨𝗖𝗧 & 𝗦𝗘𝗥𝗩𝗜𝗖𝗘 𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥𝗬 – Rishi ( @rxerium ) Reveal hidden infrastructure in a Talk (40 min) using DNS TXT records to map technologies, dependencies, and external services at scale.DNS is often treated as infrastructure plumbing, but TXT records quietly expose far more than most defenders realize. This session introduces a DNS-based OSINT methodology that leverages large-scale TXT record analysis to uncover embedded service dependencies such as cloud platforms, SaaS integrations, and identity providers.By programmatically scanning DNS zones and integrating the technique into tools like Nuclei and OWASP Amass, this approach enables security teams to build detailed maps of organizational technology stacks and attack surfaces. A real-world case study from the Salesloft breach demonstrates how these signals translate into actionable intelligence for both offensive and defensive use cases.Rishi ( @rxerium ) is a London-based security researcher focused on vulnerability research, threat intelligence, and OSINT-driven attack surface discovery. He contributes to open-source security tooling, supports the UK OSINT community, and focuses on building scalable reconnaissance and detection methodologies. Conference Dates: 6–8 May 2026 | 09:00–18:00 14, Porte de France, Esch-sur-Alzette, Luxembourg️ Tickets: https://2026.bsides.lu/tickets/ Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/ View full schedule & build your agenda: https://hackertracker.app/schedule?conf=BSIDESLUX2026 #BSidesLuxembourg2026 #OSINT #DNS #AttackSurface #ThreatIntelligence #CyberSecurity