WhoisXML API Participates in the BSides Chicago 2025 Conference
Representatives from WhoisXML API joined hundreds of cybersecurity professionals and enthusiasts at the BSides Chicago 2025 conference, held at the Hilton Chicago from October 31 to November 1, 2025.
The WhoisXML API team, including Tara Conneally (Enterprise Partnership Development III), Hanna Frank (Technical Account Executive), and Michael Kaparos (DevSecOps & Threat Researcher), was on site. We participated with a booth alongside vendors from across the cybersecurity community, such as Aikido, Bitwarden, GitGuardian, Guidepoint Security, Push Security, and SecurityScorecard.
This year marked the 12th in-person edition of the nonprofit, volunteer-run conference. BSides structured a two-day event, with the first day dedicated to workshops on crucial skills such as improving OSINT gathering, threat modeling, malware analysis, and password management. The second day focused entirely on sessions that covered the community’s most pressing issues.
Here’s a recap of the most recurring themes from the event.
Common Threats Are Continuously Evolving
Several sessions at BSides Chicago focused on the most persistent and damaging threats organizations face today:
- Nation-state attacks: These threats were front and center. A keynote speech by Tarah Wheeler, “Me and What Army: Civilian Defenders vs. Foreign Military Cyberattacks,” took participants through the journey of civilian defenders fighting against these organized forces. Another session, “Weapons of Mass Disruption: Nation-State Hacks in Labs and Industry,” explored how nation-state cyberattacks unfold.
- Account takeover (ATO) attacks: A session highlighted how basic multi-factor authentication (MFA) is no longer enough. Modern threat actor techniques have evolved to go around this defense, allowing them to target and take control of digital workspaces.
- Social engineering: Attendees learned how easy it is for attackers to compromise internal security through social engineering. The session “Social Engineering in the Wild: Lessons from 7,000 Vishing Calls” showed how easily staff at Fortune 500 companies and U.S. government agencies shared SSO and MFA codes and internal technology details over the phone. This is stark evidence that no one is immune to phishing or vishing attempts.
- Ransomware: Cybersecurity Analyst Anushree Vaidya tackled this major threat in a session where she demonstrated a gamified experience for creating a ransomware playbook, guiding participants through the lifecycle of a ransomware incident.
Identity and Access Management (IAM) Is a Core Security Component
The conference extensively covered IAM from various angles, which reflects its status as a core component of modern security. The session, “I'm A Machine, And You Should Trust Me: The Future Of Non-Human Identity,” talked about a growing trend where attackers are pivoting away from human users and are instead exploiting service accounts and automated systems to gain access and move laterally.
Several sessions focused on managing and securing permissions within major cloud providers. For instance, a session led by security consultants Nikos Vourdas and Marios Gyftos demonstrated how attackers can exploit over-privileged Microsoft Graph API permissions and weak Entra ID roles to escalate and compromise Azure resources. The speakers cited real-world misconfigurations and other vulnerabilities, as well as ways to detect them. Another session, “Pruning garden paths in AWS,” addressed the limitations of current AWS attack path graphing tools, which often fail due to overly simple identity policy analysis, lack of resource coverage, and single-round analysis.
AI Is a Cybersecurity Tool and Threat
AI was also a recurring topic throughout the conference, which is not surprising, as it continues to shape cybersecurity. The session, “AI Agents: Augmenting Vulnerability Analysis and Remediation,” demonstrated how AI agents can be used to improve human-driven processes to accelerate vulnerability management.
The use of MCP servers was also discussed multiple times. At WhoisXML API, we use an MCP server to fetch threat intelligence, investigate suspicious resources, and build asset inventories. The session, “Smart OSINT: How AI Supercharges Recon and Manipulation,” resonated with us as it explored how large language models (LLMs) can function as OSINT tools, transforming the process from slow and manual to fast and automated.
Other BSides Chicago sessions, meanwhile, tackled how security teams can leverage MCP servers as threat traps to catch and contain attackers, effectively helping organizations maintain a zero-trust infrastructure. Another session examined the other side of the coin and explained how important it is to secure MCP servers to avoid critical vulnerabilities.
About WhoisXML API
WhoisXML API is a seasoned OEM data provider, specializing in delivering well-parsed, normalized, and comprehensive WHOIS, IP, and DNS intelligence. With more than 15 years of industry experience, we have amassed a vast repository of data, encompassing more than 25.5 billion historical WHOIS records, 50+ billion hostnames, 116+ billion DNS records, 10.5+ million IP netblocks, and 99.5% coverage of active IPv4 and IPv6 addresses.
We offer a wide range of domain, DNS, and other Internet intelligence solutions delivered via comprehensive databases, secure APIs, and intuitive web GUIs. Regardless of the consumption model, our intelligence serves as a robust foundation for leading cybersecurity products and services, with products like predictive threat intelligence data feeds leveraging AI predictive analytics capabilities and domain telemetry to enable organizations to detect potential malicious web properties early.
Trusted by more than 52,000 satisfied customers spanning cybersecurity, marketing, law enforcement, e-commerce, and financial services, WhoisXML API has consistently been recognized for its rapid growth and innovation, earning multiple accolades as an Inc. 5000 honoree and a Financial Times Top Fastest-Growing Company.