Brazil’s cybersecurity community enters 2026 during one of its most active periods in recent years. BSides São Paulo 2026 takes place on May 16 and 17, marking not only the 15th anniversary of the BSidesSP community but also the continued expansion of offensive security culture, independent research and technical collaboration across the country.
The event will be hosted in São Paulo and will focus heavily on offensive security, AppSec, threat hunting, malware analysis, cloud forensics and applied research. This year’s theme is “Hack The Planet. Again”.
What to expect technically from BSidesSP 2026
The agenda includes hands-on trainings covering AWS forensics, Dark Web operations and modern offensive techniques, along with talks about ATS malware, QUIC-based attacks, DLP evasion and enterprise threat hunting operations.
One of the biggest highlights of this edition is the record-breaking number of 22 villages, significantly expanding dedicated community spaces. These environments usually concentrate independent research, live exploitation demonstrations, lockpicking, hardware hacking, reverse engineering, OSINT and secure development discussions.
The official BSidesSP 2026 CTF is another major attraction. The competition included an online qualification phase between May 5 and 7 using the Hack in Cariri platform. Top teams advanced to the in-person finals during the conference.
The growth of the offensive security community in Brazil
Beyond São Paulo, the Brazilian BSides circuit continues expanding rapidly in 2026. Confirmed events are taking place in Rio de Janeiro, Florianópolis, Recife, Vitória, Fortaleza, João Pessoa, Curitiba and Brasília.
The expansion mirrors a broader global movement strengthening independent cybersecurity communities. According to the international BSides organization, more than 1,276 BSides events have already taken place across 72 countries as of May 2026.
For companies, the growth of this ecosystem also serves as an indicator of the offensive maturity currently available in the market. Many techniques first discussed at community-driven events eventually appear in real-world operations involving ransomware, credential theft, web application exploitation, MFA bypass, EDR evasion and cloud-focused attacks.
Why technical events often anticipate real-world attacks
In practice, techniques presented at these events frequently appear months later in real-world incidents involving initial access, lateral movement and identity abuse.
This is where mature offensive security assessments become critical. Pentests driven only by compliance checklists rarely reproduce modern chained exploitation scenarios, lateral movement, identity abuse, cloud-native attack paths or DevSecOps pipeline compromises.
These scenarios require offensive assessments capable of reproducing real attacker behavior instead of relying only on automated scanning or superficial compliance validation.
Antisec works daily simulating real-world attack scenarios against applications, APIs, cloud environments, enterprise infrastructure and development pipelines. The goal is not simply identifying isolated vulnerabilities, but understanding how an experienced attacker could transform small weaknesses into operational compromise.
Tips for getting the most out of BSidesSP 2026
Events like BSides usually have multiple simultaneous tracks, and much of the most valuable technical content happens outside the main presentations. Conversations inside villages, CTF areas, hallways and workshops often provide deeper discussions than formal talks.
For professionals working with AppSec, Red Team, cloud security or DevSecOps, prioritizing sessions focused on practical exploitation, evasion techniques, identity abuse, modern malware and cloud-native attacks is highly recommended.
Preparing your environment also matters. Many attendees bring dedicated lab laptops, isolated Linux environments, VPN access and separate accounts for challenges and hands-on activities during the event.
Another major aspect is technical networking. BSides typically gathers independent researchers, offensive operators, defensive teams, recruiters and specialized cybersecurity companies. Informal conversations often generate partnerships, job opportunities and valuable technical exchanges.
For companies, events like this also help measure the current offensive maturity level available in the Brazilian market. Techniques discussed by the community frequently evolve into real-world attack vectors later observed in enterprise incidents.
Organizations with higher security maturity frequently use events like BSides to monitor new offensive techniques, validate attack assumptions and continuously improve defensive strategies.
