BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.dragonsec.si//
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-dctf25-CTWTSF@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T103000
DTEND;TZID=CET:20250329T110000
DESCRIPTION:While human attack vectors are now generally acknowledged to 
 “be a thing” in INFOSEC\, there are two immediate points we should mak
 e:\n\n(a) Human attack vectors have been seen to be important in abstract 
 for at least forty years – with overused phrases of humans being the wea
 kest link of security. However\, it is becoming clearer and clearer that u
 nderstanding human attack vectors concretely is still elusive to the gener
 al (managerial) population.\n\n(b) There is a substantial amount of gateke
 eping in our field\, where only spending weeks on obscure code and finding
  a 0-day or the ability to script Metasploit is considered “true” hack
 ing\, while exploiting human inability to premeditate is not. We are expec
 ted to bow to the technological supremacy of techno nerds and not point ou
 t that the threat model in both cases often remains the same.\n\nIn the ta
 lk\, I will explore this curious divide in INFOSEC through examples and we
  will further look empirically at how lack of familiarity with concepts we
  pay lip service to\, but in some cases do not understand fully\, leads to
  potentially disastrous (or at least tragically amusing) fails in security
 .
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Rethinking Human Vulnerabilities in Cybersecurity - David  Modic
URL:https://cfp.dragonsec.si/dctf25/talk/CTWTSF/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-SUXXTA@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T111000
DTEND;TZID=CET:20250329T121000
DESCRIPTION:Containers have revolutionized software deployment\, but with g
 reat convenience come new security risks. \nIn this session\, we'll explor
 e how containers work under the hood\, common security pitfalls\, and best
  practices for building and running secure containerized applications. We'
 ll also demonstrate real-world container breakouts and discuss how attacke
 rs can exploit misconfigurations
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Breaking the Box: A Practical Guide to Container Security - Aleš B
 relih
URL:https://cfp.dragonsec.si/dctf25/talk/SUXXTA/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-NVREUD@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T124000
DTEND;TZID=CET:20250329T131000
DESCRIPTION:A recent rise in fake CAPTCHA scams has led to a spike in user-
 triggered infostealer infections resulting in significant cryptocurrency l
 osses among Slovenian victims. The HijackLoader malware abuses steganograp
 hy to hide its encrypted payload within the PE resource\, bypasses user-mo
 de hooks\, and executes direct syscalls within its shellcode. It combines 
 NTFS transactions and process hollowing to deliver the final crypto-steali
 ng payload.
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Dissecting HijackLoader: From Fake CAPTCHA to NTFS Transacted Hollo
 wing - Urban Vidergar
URL:https://cfp.dragonsec.si/dctf25/talk/NVREUD/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-YJHKTC@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T132000
DTEND;TZID=CET:20250329T135000
DESCRIPTION:What is reproducibility\, why it matters and common issues in a
 chieving it accompanied by short demos\nand discussion about counterpoints
  against reproducible builds.
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Reproducible builds and why they matter - Foobar
URL:https://cfp.dragonsec.si/dctf25/talk/YJHKTC/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-DTSCJJ@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T140000
DTEND;TZID=CET:20250329T150000
DESCRIPTION:Rootkits are malicious software that is designed to gain unauth
 orized access to a computer system and is able to hide its presence in the
  system. Rootkits are not only used by cybercriminals\, but are also used 
 for espionage and state-organized cyber attacks.\n\nIn this lecture\, we w
 ill explore where malware can hide within a computer - even in the motherb
 oard's chipset and deep inside the CPU - and how you can protect against s
 uch threats. We will presentseveral  real-world examples of rootkits and d
 iscuss various research on hiding malware deep down within information sys
 tems.
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Rootkits - how deep the rabbit hole is - Matej Kovačič
URL:https://cfp.dragonsec.si/dctf25/talk/DTSCJJ/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-FLCGTB@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T170000
DTEND;TZID=CET:20250329T173000
DESCRIPTION:Preboot Execution Environment (PXE) is a widely used network bo
 ot technology that allows machines to boot over a network without local st
 orage. However\, this convenience comes with security risks. In this sessi
 on\, we will explore how PXE works and how attackers can exploit misconfig
 urations to extract passwords and gain unauthorized access. Through practi
 cal demonstrations\, we will analyze real-world attack scenarios\, discuss
  potential countermeasures\, and provide security best practices to defend
  against PXE-based attacks.
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:PXE Hacking 101: From Network Boot to Credential Extraction - Žan 
 Urbančič\, Danijela Šantak
URL:https://cfp.dragonsec.si/dctf25/talk/FLCGTB/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-EKBRRD@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T174000
DTEND;TZID=CET:20250329T184000
DESCRIPTION:Lecture: Introduction to OSINT and Passive Reconnaissance Techn
 iques
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Recon OSINT - Marko Ličina
URL:https://cfp.dragonsec.si/dctf25/talk/EKBRRD/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-UATVVB@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T191000
DTEND;TZID=CET:20250329T194000
DESCRIPTION:Back in 2007 I was enthusiastically entering the security start
 up World. Almost two decades later\, I still (mostly) fail at making money
  with security. Learn from my mistakes!
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:How to (mostly) fail at making money with security - Neyts Zupan
URL:https://cfp.dragonsec.si/dctf25/talk/UATVVB/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-3J33ZA@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T195000
DTEND;TZID=CET:20250329T202000
DESCRIPTION:Historically\, managing TLS certificates was a pain\, and letti
 ng a certificate expire on your website due to forgetting to renew it wasn
 't uncommon. Then\, Let's Encrypt came along and made this much easier wit
 h everyone's favourite tool: automation! \n\nUnfortunately\, Let's Encrypt
 's automation doesn't work for everything. One of these cases is getting a
  TLS certificate for Tor Onion Services (those with a .onion domain). This
  talk covers the technical work required to get ACME (the protocol used by
  Let's Encrypt) to work for this scenario\, and the political work to get 
 it through the IETF as a formal standard.
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Automating HTTPS for Tor Onion Sites - Q Misell
URL:https://cfp.dragonsec.si/dctf25/talk/3J33ZA/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-dctf25-CT88QF@cfp.dragonsec.si
DTSTART;TZID=CET:20250329T203000
DTEND;TZID=CET:20250329T210000
DESCRIPTION:A short introduction to Capture the Flag competitions.
DTSTAMP:20260618T115813Z
LOCATION:P1
SUMMARY:Intro to CTF - 
URL:https://cfp.dragonsec.si/dctf25/talk/CT88QF/
END:VEVENT
END:VCALENDAR