BSides Leeds 2026

Sat 13th June 2026 – Cloth Hall Court Leeds

2026 Speaker – Georgia Weidman

Shattering The Perimeter: Exploiting the Modern Mobile Ecosystem

Speaker card with photo of Georgia Weidman and text 'I'm speaking on Track 2, Sat 13th June'

Track 2 – 3:45pm

Bulb Security / Shevirah. Also author of the seimnal Pentesting Book Penetration Testing – A Hands-On Introduction to Hacking

Bio

Georgia Weidman is a cybersecurity researcher, entrepreneur, and author of Penetration Testing: A Hands-On Introduction to Hacking. She is the founder of Bulb Security and Shevirah, where she focuses on helping organizations understand and test real-world attack paths across mobile and enterprise environments.

With over 15 years in offensive security, Georgia has conducted security research ranging from DARPA-funded smartphone exploitation to enterprise penetration testing. She is a frequent speaker at conferences including Black Hat, DEF CON, and RSA, and has delivered training for organizations such as the NSA and West Point.

Georgia is passionate about making complex security concepts practical and accessible. She also teaches cybersecurity courses at the university level, where she focuses on hands-on learning and real-world skills.

Talk Abstract

The concept of a well-defined application boundary no longer reflects how modern systems operate. Applications today exist across a distributed ecosystem that includes mobile clients, backend APIs, cloud infrastructure, and third-party services. While each component may be individually secured, the interactions between them often introduce exploitable weaknesses.

In this talk, we demonstrate how attackers chain vulnerabilities across the mobile ecosystem to achieve real-world compromise. We show how initial access can be gained through mobile-native attack vectors, how device-level compromise can be established without advanced exploits, and how mobile devices can be leveraged as authenticated footholds into enterprise environments.

Through practical demonstrations, we illustrate how attackers intercept and manipulate application traffic, abuse authentication flows, and pivot from mobile devices into backend systems. We also examine why common enterprise controls—including mobile device management, API protections, and application security tools—fail to account for these attack paths.

This talk emphasizes how attackers think in terms of systems rather than components, and why mobile devices represent a critical and often overlooked expansion of the application attack surface.

Intended Audience

pentesters/red teamers, enterprise security teamers/blue teamers

How NSFW is this talk?

(How spicy is your talk in chilli's?)

no chilies.