Tomàs Roy Català, Agencia de Ciberseguretat de Catalunya |
| Roy Català es ingeniero superior en Telecomunicaciones por la UPC, ingeniero superior en Electrónica en el Politécnico de Turín de Italia y licenciado en Ciencias de la Educación en la UNED. También ostenta un máster en Función Gerencial en las Administraciones Públicas por ESADE, un máster interuniversitario en analista de inteligencia por la UAB y un posgrado en Innovación y Design Thinking por el MIT de Estados Unidos. Además, se ha certificado en diferentes ámbitos de ciberseguridad, auditoría y gestión de servicios TIC, y ha asistido a cursos relacionados con sus funciones, como Comunicación Efectiva del IESE, entre otros. Como directivo experto en ciberseguridad, cuenta con más de 20 años de experiencia. Entre 2002 y 2004 fue directivo de Ciberseguridad y Privacidad en FIAT GM POWERTRAIN. De 2004 hasta la actualidad, ha desarrollado diferentes áreas de responsabilidad directiva en ciberseguridad en la Generalitat: 8 años en el Centro de Telecomunicaciones y Tecnologías de la Información, 2 años como director ejecutivo del Centro de la Seguridad de la Información de Cataluña (CESICAT) y 9 años como director del área de Estrategia en la Agencia de Ciberseguridad de Cataluña. Hasta ahora, era director del área Centro de Innovación y Competencia en Ciberseguridad de la Agencia de Ciberseguridad. |
| Keynote: Catalan Cybersecurity Ecosystem Overview |
Alixia Rutayisire & Santiago Rocha Vargas, QuoIntelligence  |
| Alixia is an accomplished Geopolitical Analyst at QuoIntelligence, with extensive experience in cybersecurity and international relations. She previously served as a Geopolitical Analyst for West Africa at the French Ministry of Defense, where she was responsible for analyzing geopolitical risks, including political and security situations, as well as internal and international conflicts. Santiago is a seasoned Cyber Threat Intelligence Analyst at QuoIntelligence. His experience in investigating the dark web, allows him to navigate the depths of the darknet with ease. Before joining QuoIntelligence, Santiago honed his skills as a Technical Cyber Threat Intelligence Analyst, gaining valuable experience protecting organizations against cyber threats. |
| DEEPFAKES IN THE AGE OF DISINFORMATION: Risk Analysis and Their Propagation In The Dark Web Our presentation will delve into the intricate landscape of deepfakes, exploring their creation, dissemination, and the alarming implications they pose for the threat landscape. We will shed light on the multiple ways in which threat actors can leverage deepfakes. To do so, we will dissect the technical intricacies of deepfake creation and analyze various clandestine platforms where a range of tools or techniques designed to misuse deepfake technology are discussed, marketed, and distributed. We will also address the use of deepfakes in disinformation campaigns, including their potential to fabricate content, impersonate public figures, and manipulate facts. With more than 60 elections worldwide in 2024, awareness of this threat to election integrity is crucial to protect our democratic systems. |
Matt Kiely, Huntress Labs |
| Learn. Teach. Build. Repeat. Matt Kiely (HuskyHacks) is a cybersecurity practitioner with 12 years of experience in offensive security research, malware reverse engineering, and network administration. Matt is a Principal Security Researcher at Huntress Labs, where he spends most of his time turning cybercriminals into examples. He is also the creator and instructor of Practical Malware Analysis & Triage (PMAT) available on TCM Security Academy and has a combined 40k students under his tutelage across the globe. Matt thru-hiked the 2200 miles of the Appalachian Trail in 2023 to prevent anyone from telling him to “touch grass” ever again. |
| Identity Crisis: Combating Microsoft 365 Account Takeover at Scale Every day in the United States, about $8 million is siphoned from individuals, small businesses, large corporations, and non-profit organizations as a result of business email compromise attacks. These attacks are the symptom of a new rising tide of cloud attack tradecraft. In the cloud, proof of identity is all that you need enough to access private resources, even if that proof is stolen. Welcome to the identity crisis! How wide is the attack surface for these identity attacks? In the case of Microsoft 365, it is about 345 million identities and counting! M365 remains a tantalizing target for cybercriminals who want to cash in on the relative simplicity of these attacks. This talk focuses on how we can cut off attackers during one of the most critical phases of their attacks: initial access. Through technical demonstration of three common initial access attacks, this presentation will cover how we can better approach detection, response, and deterrence of account takeovers. First, we will explore the problem statement when it comes to defending M365 from account takeovers. We will cover the high-level landscape of attacks and how they differ from their on-premise analogs. We will also cover some of the differences in our strategic approach to identity attacks compared to their predecessors. Then, we will step into the attack lab and learn three common M365 attacks that grant initial access when successful. For each attack, we cover the technical steps required to execute it. Then, we cover detections and mitigations for the attack, paying special attention to the best telemetry sources that allow effective threat hunting against the attack. By the end of this presentation, attendees will have a better understanding of the specifics of some of the most common and dangerous identity attacks that result in account takeover. But more importantly, they will see the clear shift in philosophy between how we should approach legacy threats and identity threats. |
Pete Herzog, ISECOM |
| Co-founder of ISECOM.org Security Research Organization, Ricochet.vip Exclusive Protection, Mewt.com Wireless Killswitch, and Invisibles.cat Neurohacking Music. Creator of the OSSTMM, HackerHighschool.org, and the Cybersecurity Playbook. Pete Herzog is a discrete problem-solver, straight-shooter, and hacker. He is likely the only person on the planet exclusively researching the universal theory of security. He lives by the motto: Hack everything but harm none. He has over 30 years of security experience and has applied his hacking techniques to everything from AI to Zero-Trust. Obviously he has no social life. |
| What If the Great Cybersecurity Solutions of Tomorrow Are Already Dead? Imagine if electricians didn’t have to understand how electricity works to do their job. Yet that is true of the Security Industry. Now, after 24 years of research we have finally identified much of how security actually works. We started researching “best practices” in 2000 and challenged every notion in security to separate fact from belief. We explored countless patterns and ideas. We wrestled with definitions. We dragged security by its neck into being a science. And we did it. We found that security has symmetry and outcomes can be predetermined. Furthermore it may possibly be the fundamental fabric of the universe according to the 2nd Law of Infodynamics. It proves that over time, quantum information stays the same or loses entropy whereby it organizes itself towards efficiency and error-correction, the fundamentals of protecting itself. This allows us to determine the properties of all possible controls in any dimension or on any means of interaction. We can define now the properties and functions of any security solution before the technology exists. As well as the attacks. So with the ability to predict the properties and functions of both attack and protection mechanisms into the future of any technology, have we just killed the Great Security Solutions of Tomorrow? |
Victor Micó, Comexi |
| With a background of Industrial Engineering and a Master in Data Science, Victor has experience in Hardware Cybersecurity, Data Science and Machine Learning. He has five years of experience working in a Security Laboratory, Applus+ Laboratories. There, he was responsible of maintaining the State of the Art of Machine Learning attacks using Side Channel Analysis. Additionally, he performed penetration testing using Fault Injection and Side Channel analysis techniques for schemes like Common Criteria, GSMA and EMVCo. During the development of his Master Thesis, he conducted an attack the Mbed TLS library using Side Channel techniques. Currently he is working as a Senior Data Scientist in Comexi, a company that provides solutions for the flexible packaging industry. He is responsible of developing Machine Learning models for the company’s products. |
| Breaking Mbed TLS RSA with one power trace During this talk, we will present a practical demonstration of how to break the RSA implementation of Mbed TLS using a single power trace. We will review the exponentiation algorithms used in RSA and the main countermeasures to avoid side-channel attacks. In particular, we will focus on the sliding windows exponentiation algorithm. We will show how, using simple techniques like pattern matching and low-pass filters, it is possible to extract the secret key from a single power trace. For this purpose, we will use a ChipWhisperer, an open-source and open-hardware toolchain for side-channel power analysis. |
Alvaro Muñoz & Toni Torralba, GitHub  |
| Alvaro Muñoz is a Principal Software Security Researcher with GitHub, where he leads the Security Lab Code Analysis team. With a background as an Application Security Consultant, Alvaro has been instrumental in assisting top enterprises in deploying robust application security programs. His expertise lies primarily in Web Application security, which has been the focal point of his extensive research endeavors. Alvaro is a seasoned speaker, having delivered talks at numerous prestigious security conferences worldwide, including BlackHat, Defcon, RSA, AppSec EU & US, and JavaOne, among others. His insights and contributions to the field have earned him recognition and respect among peers and industry professionals. Tony Torralba is a Software Engineer at Github, currently working in the CodeQL team developing queries for static application security testing. He is passionate about cybersecurity, and is specially interested in vulnerability research and the offensive side of the field. He previously worked as application security analyst and pentester, and holds the OSCP, OSWE, and CRTO security certifications. His recent work has been focused on Android and web application security, where he has used CodeQL to uncover several vulnerabilities in popular open source Java and Kotlin projects. |
| Finding vulnerabilities at scale in Jenkins plugins with CodeQL Have you ever wondered how a static analysis tool like CodeQL behaves when fine-tuned and tailored to work on a specific codebase? How most FPs can be automatically removed by adding a few lines of code, or how entire classes of new vulnerabilities can be detected by simply modeling the attack surface of your application? In this talk, we will show you how the GitHub Security Lab collaborated with the Jenkins team to tailor CodeQL models to their specific frameworks, libraries and threat model. As a result we reported 30+ new vulnerabilities in the Jenkins plugin ecosystem, and were able to detect 65 old CVEs that now we can make sure will never come back. |
Toni de la Fuente, Prowler |
| I’m the creator of Prowler Open Source, the tool for cloud security, founder and CEO at Prowler. I also worked for AWS as senior security engineer, senior security consultant and incident responder. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. Over the last 25 years I have done some things for security and the Open Source community like phpRADmin, Nagios plugins, Alfresco BART (backup tool). I’ve also contributed to books and courses related to Linux, Monitoring and AWS Security for Packt Publishing. I spoke at many conferences including BlackHat, DEFCON, RootedCon, BSides Vegas, BSides Augusta and others. |
| The challenge of hardening multi-cloud with Open Source In this research we will show how we can track and collect security events from most important cloud providers into a single one using Open Source. Although we will use Prowler to make it happen, this may be achieved with other Open Source tools using the right formats and proper integrations, the talk will help others to do the same type of work. Prowler has expanded the foundational security checks for AWS to now GCP, Azure and Kubernetes, paving the path for a true multi-cloud DevSecOps journey. With the three plus one major cloud providers now covered, as an example, we will show how to simplify analysis and reuse automation and integrations. With more than 7 millions of downloads and a large community of users, Prowler is one of the most used Open Source tools when it comes to cloud security assessments, hardening, incident response and security posture monitoring. Whether you are a long time Prowler user or if you are just getting started, this talk will give you the resources to get multi-cloud security up and running and under control at your organization. |
Andrei Moldovan, QuoIntelligence |
| As a dedicated Threat Researcher at QuoIntelligence, I bring a pluriannual expertise in intelligence, malware reverse engineering, and criminology, as well as bringing my SOC luggage with me everywhere I go. My passion is deeply rooted in unraveling the complexities of Asian adversaries, a focus driven by their elusive nature and sophisticated attack patterns. |
| Operation Optimal: A Global Skimming Epidemic Brand impersonation and domain misuse are strategies cybercriminals use to fraudulently obtain user data and payment info. Our investigation began when we noticed strange domain patterns featuring well-known brands with country codes, targeting specific sectors. Initially, these domains showed a 403 Forbidden status, offering no clues. A breakthrough occurred when we found two domains using a basic Shopify template named “Optimal,” revealing the campaign’s scope. We traced over 6200 domains dating back to 2021, all sharing similar naming patterns, infrastructure, and enticing users with product discounts, notably a 7.77% discount, which seemed to hint at a joke but led nowhere. Further analysis, including simulating a purchase, uncovered redirections through sites with consistent layouts and clues pointing to Chinese origins, specifically within Alibaba’s network. Despite extensive mapping, we’ve yet to link this operation, now dubbed “Operation Optimal”, to any known malicious activities. Our work continues as we aim to understand the full impact and identify the perpetrators behind this scheme. |
Anna Mazurkiewicz, Quorum Cyber |
| Currently a SOC Manager at Quorum Cyber, with diverse work experience spanning across various industries and roles. Anna currently lives in Scotland, UK and is originally from Poland. Apart from being very interested in human factor in security, she is also a huge OSINT enthusiast, as well as enjoys learning more about anything malicious in cybersecurity. |
| Leveraging OSINT Techniques to help locate Missing Persons – Insights from TraceLabs Search Party CTF Having been part of a team that came 7th out of 220 teams in one of the Trace Labs Search Party, this talk will explore what TraceLabs is, as well as some OSINT techniques used for investigating real Missing Persons cases. This CTF is truly one of the most meaningful CTFs to ever exist. Missing people statistics show a huge number each year, so let’s make a big difference with our skills! Additionally, we will walk through a full example of an OSINT investigation used for helping to locate missing persons. The Trace Labs is crowdsourcing Open Source Intelligence to help find real missing people, with the findings then being passed onto law enforcement for further action. As such – this is one of the most meaningful CTFs you will ever do and this talk will dive deeper into some methods and tools useful for it, as well as various methodological approaches to such an investigation. Moreover, it is worth noting that law enforcement is typically underfunded, therefore, such help is very appreciated. With many people going missing each year – together, we can contribute to faster family reunifications, so let’s make a huge difference with our skills! |
Inken Hagestedt, Apheris |
| I researched biomedical data privacy at CISPA Helmholtz Center for Information Security and obtained a PhD from Saarland University. Now I’m working for Apheris bridging the gap between privacy research and practice. |
| Here’s my data, what could possibly go wrong? An introduction into machine learning privacy and security with a survival analysis What does it mean to train a privacy-preserving, secure machine learning model? Research has some answers on that already, and many more interesting research questions. This talk gives both practitioners and researchers a gentle introduction into privacy and security attacks against machine learning models. As a running example, we will discuss the use case of a federated cox regression. Cox regression attempts to predict the patient outcome (e.g. survival) for a given point in time based on the effect of multiple variables representing the patient’s health condition. This data might be considered protected health information by law and is very costly to collect. Thus, to comply with local legislation as well as to collect diverse data from various sources, understanding privacy and security threats on the data, the training process and the resulting trained ML model is essential. We will discuss privacy threats such as membership inference, model inversion and data reconstruction attacks both for centralized and federated learning. Moreover, we will briefly touch upon security threats such as model poisoning and adversarial examples. Finally, additional constraints such as explainability and fairness and their influence on the privacy of the model will be mentioned. The talk will give participants a general understanding of those terms as well as references to relevant papers if they wish to learn more. |
Matias Busco, Mews |
| I’m a CyberSecurity Engineer working at Mews focusing on building security controls over the SDLC. I’m passionate about technology and I love to waste time trying to find ways of doing things more complicated than they really are, tbh that’s what this talk is about xD. |
| External Attack Surface Management… for dummies! Discover how to build an efficient External Attack Surface Management (EASM) framework using GitHub Actions and Kubernetes. This talk will explore the creation of automated, scalable security processes leveraging open-source tools. Gain practical insights into setting up native Kubernetes integrations for continuous monitoring and learn strategies to streamline your cybersecurity efforts. Hopefully you leave with actionable ideas to implement in your own environment. |
Fergus Hay, The Hacking Games |
| Founder and CEO of The Hacking Games: an entertainment, training and talent enterprise committed to creating a generation of Ethical Hackers to make the world safer. With $23.8 Trn forecasted to be lost to Cybercrime in 2027 and 60% of teenagers having hacked by age of 16, we are facing a generational crisis. The Hacking Games will inspire, educate and equip this generation to be defenders and not attackers. I am also Co-Founder of marketing and fundraising advisory firm Elysian Fields for venture backed tech sector, Venture Partner at Blue Lion Global VC, Advisory board member of Blue Horizon AG and Digital Health Investment Fund Ryse Asset Management Former CEO of marketing agency Leagas Delaney during which the agency climbed the ranks for growth from #55 to #3 in the UK. Ogilvy Alumni leading global integrated marketing clients, and ran Asia’s largest social media agency, Social@Ogilvy. An industry expert and regular commentator on global tech news for BBC World News, Sky News and NBC Euronews. |
| How The Hacking Games will create a generation of ethical hackers to make the world safer The Hacking Games is a global multi-media entertainment, training and recruitment enterprise committed to creating a generation of Ethical Hackers making the world safer. The Hacking Games will build, educate and recruit the ethical hacking workforce of the future to reduce the labour deficit. With the cost of Cybercrime forecasted to be $23trn in 2027, and 60% of NYC Teens polled having tried hacking before they were 16 years old, we are facing a generational crisis. We believe that the perception of hacking needs to be reframed from criminal to creative and constructive, and an ethical code developed to guide this generation to make the right decisions. To do this we are creating global entertainment properties (Documentary, Reality TV show and metaverse platforms) under the brand The Hacking Games. We are in development on the documentary with multi award winning documentary makers Noah Media Group, have a JV with the world’s leading metaverse platform Improbable and developing the TV Show with twenty six 03 productions who were behind Survivor, Britain’s Got Talent and X Factor. |
Miguel Hernández, Sysdig |
| Miguel Hernández, Sr. Threat Research Engineer at Sysdig, is a lifelong learner with a passion for innovation. Over the past decade, Miguel has honed his expertise in security research, leaving his mark at prominent tech companies and fostering a spirit of collaboration through personal open-source initiatives. Miguel has been a featured speaker at cybersecurity conferences such as HITB, HIP, CCN-CERT, and RootedCon, among others. |
| Beyond Cryptominers: Unveiling the Depths of AWS Post-Exploitation Strategies Explore AWS post-exploitation beyond the typical narratives of cryptominers running amok in EC2 instances. Drawing from our extensive research (SCARLETEEL & AMBERSQUID) we aim to shed light on the multifaceted techniques employed by malicious actors once they gain unauthorized access to AWS accounts. |
Dr. Tine Munk, Nottingham Trent University |
| Senior Lecturer in Criminology. Cybercrime and Cybersecurity. Author. Cyber-security and cybercrime is my general research area – and these are mostly related to the European region drawing on regulatory practices and policing from a criminological and legal perspective. My main interest areas are GenAI, the Internet-of-Things, A.I., online surveillance, online privacy, the Dark Web and encryption, cyber-terrorism, cyberwarfare/information warfare, online propaganda, mis, dis and malinformation, politically motivated cybercrime, large-scale attacks and public and private policing of cyber-space. I am particularly interested in Memetic Warfare, and civic resistance involved in defensive actions against information disorder. I am currently the PI of a project investigating memetic war in Ukraine, funded by BA/Leverhulme Small Research Grant. This project is in partnership between Nottingham Trent University, United Kingdom, and Aarhus University, Denmark. |
| React, Resist, Reclaim: The Memetic Frontline of Ukraine Memetic warfare in Ukraine’s battle against Russian information disorder showcases memes evolving from digital humour to crucial resistance tools, reshaping narratives and bolstering defences. This study delves into memetic warfare’s complexities, the online actors, and its strategic importance. |
Nicolás Villalobos Ramírez, OKTA |
| Nicolas has been working in the cybersecurity field for over 5 years, specializing in securing cloud environments. Before cloud security, he was involved in multiple topics such as offensive security (pentest/red team), consultancy, compliance, and generally, assisting engineering teams to operate securely. Nicolas holds a master’s degree in Computer Security Engineering and Artificial Intelligence, has 5+ security certifications, and currently serves as a Senior Cloud Security Engineer at Okta. |
| Navigating the Maze: Enhancing User Access Reviews for Comprehensive Security Who has access to what, when, and with what permission levels? Organizations usually have one or more identity and access management (IAM) systems to manage users and their access to different platforms. As security professionals, we often need to understand all the access an identity has – particularly if the user is inactive, or a former employee – to prevent access to systems through local, service, or emergency accounts. In this talk, we will discover the significance of periodic user access reviews and explore automation opportunities to reduce the overall length of this process. In particular, we will focus on empowering compliance teams to directly collect the information they require while following the principle of least privilege. We will cover how performing some easy steps like collecting and centralizing users’ details using a combination of official vendors’ connectors and custom development in AWS can significantly assist compliance teams in streamlining this process. |
Mackenzie Jackson, GitGuardian |
| Mackenzie is a developer advocate and lifelong traveler with a passion for security. As the co-founder and former CTO of Conpago, he learned first-hand how critical it is to build secure applications. Today he continues his passion for security as a developer and security advocate at GitGuardian. Mackenzie is also the host of The Security Repo podcast and a prominent security writer contributing to The Financial Times, Dark Reading, Security Boulevard, and more. He has spoken at conferences in 30 countries around the world, from Kazakhstan to Sydney, and has also been featured in documentaries and made multiple TV appearances. |
| The miscreant’s field manual for exploiting secrets Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. The majority of security breaches leverage secrets at some point during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This manual will include how to: – Abuse GitHub public API – Gain unauthorized access to private git repos – Decompile containers – Decompile mobile applications from the App and Play Stores We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their playbook. Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the public GitHub API to uncover these secrets, even leaking secrets live to show how quickly attackers discover and exploit it. Public source code, however, is only the tip of the iceberg as private code repositories have proven to be much more valuable targets. We will demonstrate how to gain unauthorized access to private git repositories and discover secrets deep in their history. This will include supply chain poisoning, developer phishing, and configuration exploitation among other techniques. Finally, this talk will dive into decompiling containers, packages, and mobile applications to be able to uncover the huge amount of secrets buried within revealing how shockingly common it is to find hard-coded secrets. Knowing how attackers operate is essential in building effective defenses, understanding the attacker’s playbook allows you to understand their next moves. This presentation is perfect for anyone wanting to know how to prevent attackers from getting old of your crown jewels |
Andrew Zigler, Mattermost |
| Andrew Zigler is a developer advocate at Mattermost and public speaker at the intersection of AI and open source technologies. After studying Classics at The University of Texas at Austin and later teaching English in Japan, he continues to champion career and technical education for his audience. |
| Navigating the Complexities of Multi-User AI Environments For over a decade, technologists across the world have been marching to “open source is eating software” but now the drumbeat is changing. AI is eating everything. The rapid integration of AI across our everyday lives is reshaping the digital landscape, promising unparalleled efficiency and innovation. However, this brave new world of AI introduces complex security vectors that demand our immediate attention, particularly in multi-user environments where diverse interactions converge in a shared AI experience. This presentation will navigate the intricate security terrain of multi-user AI environments, focusing on AI-driven ChatOps as a pivotal example. As organizations increasingly rely on these technologies to enhance decision-making and operational efficiency, the imperative to secure these systems against data breaches and misuse becomes paramount. We will dissect the unique security challenges posed by multi-user AI systems, where multiple individuals interact with the same AI context, potentially exposing sensitive information or even socially engineering one another. Participants will gain insights into: – The landscape of multi-user AI and its implications for organizational security. – Potential vulnerabilities introduced by multi-user interactions with AI systems and how to mitigate these risks. – Strategies for maintaining data integrity and privacy in shared AI environments, including encryption, access controls, and anomaly detection mechanisms. – Case studies of successful multi-user AI implementations and lessons learned in securing these systems. |
Justin Varner, RadZen Inc |
| Justin Varner is a seasoned and passionate security professional with over 18 years of experience in the industry across a variety of security domains and disciplines. His career started as a cryptographer at NASA where he spent time redesigning the cryptographic messaging system used to communicate from the mission control center to the International Space Station. During a focused and driven career, he has had the opportunity to work across a multitude of different industries in various roles that have ranged from security architecture to offensive security to DevSecOps and everything in between. His most recent endeavors have been focused on helping others improve their ability to rapidly detect breaches and generally bolster their overall security posture with simple and pragmatic means and methods. Justin embraces any opportunity to teach fundamental security concepts to those who need help but have no idea where to look, and he prides himself on being able to break down and articulate complex topics in a fun, interesting, and engaging manner that appeals to people from all backgrounds. |
| Honeypot Boo Boo: Better Breach Detection with Deception Inception Breaches continue happening at unprecedented levels with huge financial impact to the global economy year after year. Our traditional approach to breach detection that is focused on triaging alerts generated by massive amounts of data from disparate sources is not working. Adversaries know this fact and regularly benefit from it. The average breach goes unnoticed for 212 days. That’s an ample amount of time for anyone to surreptitiously run off with the crown jewels and inflict significant damage with ramifications that include consumer privacy violations, loss of trust, steep financial penalties, and irreversible reputational damage. We need a new approach if we’re ever going to stop the madness. Hackers also deserve a better opponent. This talk discusses a different way of thinking about breach detection that is intended to reduce the number of false positives, improve alert fidelity, reduce time-to-detection, and prevent the massive level of burnout affecting our industry. We will cover the history of breach detection, the current state of affairs, the paradigm shift to new ways of thinking about the problem, practical examples of how to deploy effective breach detection technology, and the results of a red team campaign against a heavily layered network of deception inception. |
Fran, Oracle and Gerardo Ruiz, Zurich Insurance  |
| Fran is passionate about Offensive Security. He firmly believes it is crucial that professionals in the technological field share knowledge and break down barriers, in order to forge a freer, egalitarian and borderless world. Fran has over five years of experience in Pentesting and Red Team Exercises at various tech companies, currently including Oracle as an Offensive Security Engineer. Fran’s expertise is also backed by certifications, such as OSWE, OSEP, CRTO and OSCP. In addition, these past years, Fran has worked on personal projects, including OSINT tools and malware development techniques, as well as researching new vulnerabilities. Gerardo is a cybersecurity lad and in his long career has worked in several areas such as Pentester, Threat Hunter, Malware Developer and Red Team Operator, plus he is co-author of the blog https://medium.com/@Sec0ps. He holds several certifications in cybersecurity such as OSCE3, OSED, OSEP, OSWE, OSWP, RTO I and RTO II, currently working as a Red Team Operator and Malware Developer in the Swiss insurance company, Zurich Insurance. |
| Recycling same topics for 5 years now – Red team stuff This talk will explore various strategies, including the use of packers and loaders, to execute successful bypasses. Using the Offensive Golang repository as a base, participants will gain practical knowledge and examples to enhance their toolkit for operational success. The session will also include live demonstrations of how to bypass Crowdstrike EDR and discuss practical knowledge gained from these encounters. Join us to learn how to leverage Golang to build robust cybersecurity tools from a basic to a slightly more advanced starting point and understand the underlying techniques, such as shellcode execution with fibers, the Ekko sleep approximation and more. |
Matan Mittelman, Cato Networks |
| Matan Mittelman is the team leader of Cato’s Threat Prevention team. He’s responsible for analyzing, researching and developing protections against emerging threats and CVEs. Matan brings more than eight years of experience leading cyber security teams. |
| Start covering your bases & Stop chasing APT headlines Cognitive biases affect us in many ways, even in cyber security: we often focus on the recent technical buzz or address a new sensational hacking campaign that was discovered. But the fact of the matter is that network breaches and ransom attacks that happen every day, are by large executed using well-known techniques, tools and procedures. In this presentation will show a demo of a network breach, from initial access, to discovery, lateral movement and finally exfiltration, demonstrating how attackers execute such attacks, without the need for tailor-made and sophisticated tools or techniques. In addition, we’ll discuss the importance of defense-in-depth and why multiple different tripwires are required to stop network breaches – In particular, the significant role that network controls and detections can play in such cases. |
Xavier Marrugat Plaza, i2CAT |
| I’m a cybersecurity professional based in Barcelona, passionate about sharing knowledge and learning from the community. My journey began in offensive security, and in recent years, I’ve focused on developing cutting-edge preventive and detection tools based on User and Entity Behavior Analytics (UEBA) at i2Cat. For my master’s thesis, I delved into the world of OSINT, which I found particularly fascinating. This led me to develop InfoHound, a project that I’m deeply invested in. |
| InfoHound: a passive OSINT gathering tool for domain profiling In cybersecurity, during the reconnaissance phase, an attacker searches for information about their target to create a profile aiding the identification of possible vulnerabilities or misconfigurations. Passive analysis methods, such as OSINT, extract a wealth of data: organization addresses, IPs, open ports on systems, exposed sensitive files or directories, and subdomains. How aware are we of this data, its impact, and the publicly available information about us? Currently, specific Open Source OSINT tools exist for monitoring different types of data. However, this necessitates running these programs separately and consolidating results. Despite tools combining functionalities, no Open Source tool aggregates a diverse set of passive techniques. The i2Cat research and innovation center addresses this gap with InfoHound, an Open Source tool aiming to collect a large amount of data from publicly accessible sources given an Internet domain name. As a result, users gain access to a comprehensive list of interconnected assets that can assist cybersecurity analysts. During its development, i2Cat has collaborated with Maltego, one of the most widely used OSINT tools, to ensure compatibility between Maltego and InfoHound. |
Nuri Yavuz & Yunus Aydın, Trendyol Group  |
| During his professional career, Nuri Yavuz has provided services to numerous companies in penetration testing and security consultancy. He has conducted penetration tests in various areas such as web applications, mobile applications, network and systems, and wireless networks. Additionally, he has been involved in incident response, DDoS testing, and source code analysis projects. Currently, Nuri Yavuz serves as an Application Security Engineer at Trendyol, Turkey’s largest e-commerce company. Yunus Aydın is an Application Security Engineer at Trendyol, with over three years of experience in cybersecurity. He has achieved recognition in the industry by earning a place in the Hall of Fame for more than 20 bug bounty programs, including those of Deutsche Telekom, HubSpot, Siemens, Harvard, and T-Mobile. Yunus is committed to staying ahead of the evolving threat landscape in application security, aiming to make the digital world a safer place for everyone. |
| How to Deal With Millions of Vulnerabilities? In today’s dynamic digital landscape, organizations grapple with the monumental task of addressing millions of application vulnerabilities that pose significant risks to their cybersecurity posture. This presentation delves into comprehensive strategies and best practices to empower businesses in dealing with this expansive and challenging terrain. The session begins by highlighting the importance of proactive vulnerability assessment as a foundational step in understanding the threat landscape. By leveraging advanced scanning tools and methodologies, organizations can systematically identify vulnerabilities across their applications, providing a baseline for subsequent risk mitigation efforts. Prioritization is a critical aspect of vulnerability management, and the presentation explores cutting-edge techniques for prioritizing vulnerabilities based on risk analysis. By categorizing vulnerabilities according to potential impact and likelihood of exploitation, security teams can streamline their efforts and focus on addressing the most critical issues first. Automation plays a pivotal role in dealing with the sheer volume of vulnerabilities. The presentation covers the implementation of automated tools and processes for rapid detection, response, and remediation. By integrating automation into the workflow, organizations can significantly reduce response times, enhancing their ability to stay ahead of potential threats. Furthermore, the session emphasizes the need for a holistic and collaborative approach to cybersecurity. |
Fabian Olender, Salesforce |
| I am a passionate Cybersecurity professional with 10+ years of experience, working as an Incident Responder in Salesforce. I currently hold a Masters degree in Cybersecurity, more than 10 Certifications and 2 cats. I also love Futbol! |
| The pursuit of exfiltration: Lessons learned from a Threat Hunt During this talk I will be making an intro to Threat Hunting and describing a 1-month long hunt for exfiltration with its complexities and lessons learned. The talk will focus on helping fellow hunters into avoiding certain pitfalls and encourage new people to jump into the threat hunting field. |