2.0 -//Pentabarf//Schedule//EN PUBLISH CTWTSF@@cfp.dragonsec.si -CTWTSF Rethinking Human Vulnerabilities in Cybersecurity en en 20250329T103000 20250329T110000 0.03000

Rethinking Human Vulnerabilities in Cybersecurity

PUBLIC CONFIRMED Talk https://cfp.dragonsec.si/dctf25/talk/CTWTSF/ P1 David Modic PUBLISH SUXXTA@@cfp.dragonsec.si -SUXXTA Breaking the Box: A Practical Guide to Container Security en en 20250329T111000 20250329T121000 1.00000

Breaking the Box: A Practical Guide to Container Security

PUBLIC CONFIRMED Lecture https://cfp.dragonsec.si/dctf25/talk/SUXXTA/ P1 Aleš Brelih PUBLISH NVREUD@@cfp.dragonsec.si -NVREUD Dissecting HijackLoader: From Fake CAPTCHA to NTFS Transacted Hollowing en en 20250329T124000 20250329T131000 0.03000

Dissecting HijackLoader: From Fake CAPTCHA to NTFS Transacted Hollowing

PUBLIC CONFIRMED Talk https://cfp.dragonsec.si/dctf25/talk/NVREUD/ P1 Urban Vidergar PUBLISH YJHKTC@@cfp.dragonsec.si -YJHKTC Reproducible builds and why they matter en en 20250329T132000 20250329T135000 0.03000

Reproducible builds and why they matter

PUBLIC CONFIRMED Talk https://cfp.dragonsec.si/dctf25/talk/YJHKTC/ P1 Foobar PUBLISH DTSCJJ@@cfp.dragonsec.si -DTSCJJ Rootkits - how deep the rabbit hole is en en 20250329T140000 20250329T150000 1.00000

Rootkits - how deep the rabbit hole is

PUBLIC CONFIRMED Lecture https://cfp.dragonsec.si/dctf25/talk/DTSCJJ/ P1 Matej Kovačič PUBLISH FLCGTB@@cfp.dragonsec.si -FLCGTB PXE Hacking 101: From Network Boot to Credential Extraction en en 20250329T170000 20250329T173000 0.03000

PXE Hacking 101: From Network Boot to Credential Extraction

PXE booting is a powerful tool used in enterprise environments for system deployment and recovery, but it is often overlooked as a security risk. In this 30-minute seminar, we will cover: - Understanding PXE: How network booting works and why it is commonly used. - How PXE Can Be Exploited: Common vulnerabilities, including unauthenticated booting and insecure TFTP transfers. - Extracting Passwords: Demonstrating how attackers can intercept PXE boot files, retrieve hashed passwords, and escalate privileges. - Live Demo: A step-by-step exploitation of a misconfigured PXE server. - Mitigation Strategies: How to secure PXE environments against unauthorized access. PUBLIC CONFIRMED Talk https://cfp.dragonsec.si/dctf25/talk/FLCGTB/ P1 Žan Urbančič Danijela Šantak PUBLISH EKBRRD@@cfp.dragonsec.si -EKBRRD Recon OSINT en en 20250329T174000 20250329T184000 1.00000

Recon OSINT

Lecture Content: ✅ What is OSINT and OPSEC? – Introduction to OSINT methodology and the importance of Operational Security (OPSEC) for Protecting the Investigator in OSINT Research. ✅ Fundamentals: Where and How to Start? – First steps in OSINT, covering both technical and procedural aspects (NDA, scope definition, legal considerations, double checking information). ✅ Passive vs. Active OSINT – Understanding the differences and when to apply each approach. Key OSINT Research Areas: ✅ Business & Technical OSINT – Passive analysis of publicly available business data:     - Investigation of IP addresses, domains, and company infrastructure.     - Searching for email addresses, job postings, and business intelligence. ✅ Human OSINT (HUMINT) & Social Media OSINT (SOCMINT) – Gathering information on individuals:    - Analyzing publicly available social media profiles and user activity. ✅ Geo OSINT (GEOINT) – Geolocation data analysis and its applications in investigations. OSINT Tools Covered (depends on time): ✅ OSINT Framework, DNSDumpster, Shodan, Censys, Domain Dossier, Hunter.io, Dehashed, Wappalyzer, BuiltWith, Google Dorking, Google Maps, Google Reverse Image Search, Yandex Images, PimEyes, Maltego, theHarvester,. Practical Demonstration: - Geo OSINT – How to determine the geolocation of a picture using Image OSINT with help of google maps. - Social Media OSINT – Basic search methods for gathering publicly available information. Who Should Attend? The lecture is suitable for anyone interested in this field, as well as those who want to improve the protection of their publicly accessible data. Time Considerations: Given that the lecture is limited to one hour, the focus will be on key concepts, practical examples, and essential tools, providing a solid foundation for further exploration. PUBLIC CONFIRMED Lecture https://cfp.dragonsec.si/dctf25/talk/EKBRRD/ P1 Marko Ličina PUBLISH UATVVB@@cfp.dragonsec.si -UATVVB How to (mostly) fail at making money with security en en 20250329T191000 20250329T194000 0.03000

How to (mostly) fail at making money with security

PUBLIC CONFIRMED Talk https://cfp.dragonsec.si/dctf25/talk/UATVVB/ P1 Neyts Zupan PUBLISH 3J33ZA@@cfp.dragonsec.si -3J33ZA Automating HTTPS for Tor Onion Sites en en 20250329T195000 20250329T202000 0.03000

Automating HTTPS for Tor Onion Sites

PUBLIC CONFIRMED Talk https://cfp.dragonsec.si/dctf25/talk/3J33ZA/ P1 Q Misell PUBLISH CT88QF@@cfp.dragonsec.si -CT88QF Intro to CTF en en 20250329T203000 20250329T210000 0.03000

Intro to CTF

PUBLIC CONFIRMED Talk https://cfp.dragonsec.si/dctf25/talk/CT88QF/ P1