I’m excited to be speaking at CypherCon 2026 in Milwaukee, Wisconsin in April. CypherCon is the single largest technology conference in Wisconsin, with a strong focus on cybersecurity, hacker culture, and real-world security research. It’s one of my favorite events, primarily because it’s a unique experience with lots of interactivity, engagement, and collaboration. And Jaxon, my son, joins me and really enjoys the event.

This year I’m delivering two sessions that I’m really excited about. One on how OAuth and Microsoft’s identity platform can be weaponized to silently compromise an Azure tenant and what you should do to prevent it. I’m also co-presenting with my son Jaxon on what game hacking reveals about adversarial thinking and real-world security design.

Event Details

Dates: Wednesday, April 1 – Thursday, April 2, 2026 Location: Baird Center, 400 W Wisconsin Ave, Milwaukee, WI 53203

Sessions

I Stole Your Azure Tenant With a Login Link

Day: Thursday, April 2, 2026, 3 PM

Modern cloud breaches no longer begin with exploits or malware. They begin with a link.

In this live demo, I’ll show how a typical Microsoft Entra and Azure environment can be compromised using nothing more than B2B guest access and a standard “Sign in with Microsoft” OAuth flow. One click is all it takes to create a persistent, API-level foothold inside a tenant—one that survives password resets, bypasses MFA, and quietly expands over time.

This is how modern empires fall. No malware. No zero-days. Just 1999-era trust bugs, cookies, redirects, and pop-ups that were never designed to guard trillion-dollar clouds.

We’ll cover:

• How OAuth, B2B guest access, and Microsoft Graph turn trust into an attack surface
• How a standard login link becomes a persistent, elevated foothold
• What concrete controls and practical defenses actually stop these attacks

This one is for cloud architects, security engineers, identity admins, and anyone responsible for protecting an Azure or Microsoft 365 environment.

Inside the Mind of a Game Hacker

Day: Wednesday, April 1, 2026, 3 PM
Presented with: My son, Jaxon Boyd

Video games are some of the most heavily attacked software systems in existence. They combine real-time networking, virtual economies, identity, and competitive integrity—which makes them a perfect proving ground for modern cyber attacks.

In this session, Jaxon and I will demonstrate how game hacking techniques map directly to real-world security failures. We’ll use a simple multiplayer game and its backend services to show how attackers:

• Manipulate client state
• Forge and replay network traffic
• Exploit race conditions
• Abuse predictable identifiers and naive economic rules

Each exploit is mapped directly to a real-world security failure—API abuse, business-logic flaws, and zero-trust violations—showing how “trusting the client” and weak server-side validation collapse as soon as an attacker starts observing and modifying runtime behavior.

You’ll leave with a practical threat model for any interactive system and a new way to spot how ordinary features become an exploit playground under adversarial thinking.

Event Highlights

• Two days of security talks across multiple tracks covering offensive, defensive, and emerging threat topics.
• Live demos grounded in real-world attack patterns, not theory.
• A community built around hacker culture, cryptography, and open knowledge sharing.
• Wards (specialty areas run by community volunteers) covering everything from hardware hacking to CTF challenges.
• Networking with 2,750+ attendees from across the security community.

Register

Register now: CypherCon 2026 Registration

Full agendas:

• Wednesday, April 1
• Thursday, April 2

If you’re attending, let me know. You can message me on the CypherCon Discord, and find me in person at CypherCon 2026. I’d love to connect.