1.0.2 dctf25 2025-03-29 2025-03-30 2 00:05 https://cfp.dragonsec.si https://cfp.dragonsec.si/media/dctf25/img/dctf25_hr_qPfbgel.png Europe/Ljubljana P1 Talk 2025-03-29T10:30:00+01:00 10:30 00:30 While human attack vectors are now generally acknowledged to “be a thing” in INFOSEC, there are two immediate points we should make: (a) Human attack vectors have been seen to be important in abstract for at least forty years – with overused phrases of humans being the weakest link of security. However, it is becoming clearer and clearer that understanding human attack vectors concretely is still elusive to the general (managerial) population. (b) There is a substantial amount of gatekeeping in our field, where only spending weeks on obscure code and finding a 0-day or the ability to script Metasploit is considered “true” hacking, while exploiting human inability to premeditate is not. We are expected to bow to the technological supremacy of techno nerds and not point out that the threat model in both cases often remains the same. In the talk, I will explore this curious divide in INFOSEC through examples and we will further look empirically at how lack of familiarity with concepts we pay lip service to, but in some cases do not understand fully, leads to potentially disastrous (or at least tragically amusing) fails in security. dctf25-18-rethinking-human-vulnerabilities-in-cybersecurity /media/dctf25/submissions/CTWTSF/PAtch.19.CRQ.MD.overprint.230x230px72dpi_wpgUyWE.png David Modic en false https://cfp.dragonsec.si/dctf25/talk/CTWTSF/ https://cfp.dragonsec.si/dctf25/talk/CTWTSF/feedback/ P1 Lecture 2025-03-29T11:10:00+01:00 11:10 01:00 Containers have revolutionized software deployment, but with great convenience come new security risks. In this session, we'll explore how containers work under the hood, common security pitfalls, and best practices for building and running secure containerized applications. We'll also demonstrate real-world container breakouts and discuss how attackers can exploit misconfigurations dctf25-11-breaking-the-box-a-practical-guide-to-container-security Aleš Brelih en false https://cfp.dragonsec.si/dctf25/talk/SUXXTA/ https://cfp.dragonsec.si/dctf25/talk/SUXXTA/feedback/ P1 Talk 2025-03-29T12:40:00+01:00 12:40 00:30 A recent rise in fake CAPTCHA scams has led to a spike in user-triggered infostealer infections resulting in significant cryptocurrency losses among Slovenian victims. The HijackLoader malware abuses steganography to hide its encrypted payload within the PE resource, bypasses user-mode hooks, and executes direct syscalls within its shellcode. It combines NTFS transactions and process hollowing to deliver the final crypto-stealing payload. dctf25-15-dissecting-hijackloader-from-fake-captcha-to-ntfs-transacted-hollowing Urban Vidergar en false https://cfp.dragonsec.si/dctf25/talk/NVREUD/ https://cfp.dragonsec.si/dctf25/talk/NVREUD/feedback/ P1 Talk 2025-03-29T13:20:00+01:00 13:20 00:30 What is reproducibility, why it matters and common issues in achieving it accompanied by short demos and discussion about counterpoints against reproducible builds. dctf25-21-reproducible-builds-and-why-they-matter /media/dctf25/submissions/YJHKTC/repro_pCEtCaz.png Foobar en false https://cfp.dragonsec.si/dctf25/talk/YJHKTC/ https://cfp.dragonsec.si/dctf25/talk/YJHKTC/feedback/ P1 Lecture 2025-03-29T14:00:00+01:00 14:00 01:00 Rootkits are malicious software that is designed to gain unauthorized access to a computer system and is able to hide its presence in the system. Rootkits are not only used by cybercriminals, but are also used for espionage and state-organized cyber attacks. In this lecture, we will explore where malware can hide within a computer - even in the motherboard's chipset and deep inside the CPU - and how you can protect against such threats. We will presentseveral real-world examples of rootkits and discuss various research on hiding malware deep down within information systems. dctf25-17-rootkits-how-deep-the-rabbit-hole-is /media/dctf25/submissions/DTSCJJ/rootkits_Wm6zhUa.png Matej Kovačič en false https://cfp.dragonsec.si/dctf25/talk/DTSCJJ/ https://cfp.dragonsec.si/dctf25/talk/DTSCJJ/feedback/ P1 Talk 2025-03-29T17:00:00+01:00 17:00 00:30 Preboot Execution Environment (PXE) is a widely used network boot technology that allows machines to boot over a network without local storage. However, this convenience comes with security risks. In this session, we will explore how PXE works and how attackers can exploit misconfigurations to extract passwords and gain unauthorized access. Through practical demonstrations, we will analyze real-world attack scenarios, discuss potential countermeasures, and provide security best practices to defend against PXE-based attacks. dctf25-9-pxe-hacking-101-from-network-boot-to-credential-extraction Žan UrbančičDanijela Šantak en PXE booting is a powerful tool used in enterprise environments for system deployment and recovery, but it is often overlooked as a security risk. In this 30-minute seminar, we will cover: - Understanding PXE: How network booting works and why it is commonly used. - How PXE Can Be Exploited: Common vulnerabilities, including unauthenticated booting and insecure TFTP transfers. - Extracting Passwords: Demonstrating how attackers can intercept PXE boot files, retrieve hashed passwords, and escalate privileges. - Live Demo: A step-by-step exploitation of a misconfigured PXE server. - Mitigation Strategies: How to secure PXE environments against unauthorized access. true https://cfp.dragonsec.si/dctf25/talk/FLCGTB/ https://cfp.dragonsec.si/dctf25/talk/FLCGTB/feedback/ P1 Lecture 2025-03-29T17:40:00+01:00 17:40 01:00 Lecture: Introduction to OSINT and Passive Reconnaissance Techniques dctf25-16-recon-osint Marko Ličina en Lecture Content: ✅ What is OSINT and OPSEC? – Introduction to OSINT methodology and the importance of Operational Security (OPSEC) for Protecting the Investigator in OSINT Research. ✅ Fundamentals: Where and How to Start? – First steps in OSINT, covering both technical and procedural aspects (NDA, scope definition, legal considerations, double checking information). ✅ Passive vs. Active OSINT – Understanding the differences and when to apply each approach. Key OSINT Research Areas: ✅ Business & Technical OSINT – Passive analysis of publicly available business data:     - Investigation of IP addresses, domains, and company infrastructure.     - Searching for email addresses, job postings, and business intelligence. ✅ Human OSINT (HUMINT) & Social Media OSINT (SOCMINT) – Gathering information on individuals:    - Analyzing publicly available social media profiles and user activity. ✅ Geo OSINT (GEOINT) – Geolocation data analysis and its applications in investigations. OSINT Tools Covered (depends on time): ✅ OSINT Framework, DNSDumpster, Shodan, Censys, Domain Dossier, Hunter.io, Dehashed, Wappalyzer, BuiltWith, Google Dorking, Google Maps, Google Reverse Image Search, Yandex Images, PimEyes, Maltego, theHarvester,. Practical Demonstration: - Geo OSINT – How to determine the geolocation of a picture using Image OSINT with help of google maps. - Social Media OSINT – Basic search methods for gathering publicly available information. Who Should Attend? The lecture is suitable for anyone interested in this field, as well as those who want to improve the protection of their publicly accessible data. Time Considerations: Given that the lecture is limited to one hour, the focus will be on key concepts, practical examples, and essential tools, providing a solid foundation for further exploration. true https://cfp.dragonsec.si/dctf25/talk/EKBRRD/ https://cfp.dragonsec.si/dctf25/talk/EKBRRD/feedback/ P1 Talk 2025-03-29T19:10:00+01:00 19:10 00:30 Back in 2007 I was enthusiastically entering the security startup World. Almost two decades later, I still (mostly) fail at making money with security. Learn from my mistakes! dctf25-13-how-to-mostly-fail-at-making-money-with-security Neyts Zupan en false https://cfp.dragonsec.si/dctf25/talk/UATVVB/ https://cfp.dragonsec.si/dctf25/talk/UATVVB/feedback/ P1 Talk 2025-03-29T19:50:00+01:00 19:50 00:30 Historically, managing TLS certificates was a pain, and letting a certificate expire on your website due to forgetting to renew it wasn't uncommon. Then, Let's Encrypt came along and made this much easier with everyone's favourite tool: automation! Unfortunately, Let's Encrypt's automation doesn't work for everything. One of these cases is getting a TLS certificate for Tor Onion Services (those with a .onion domain). This talk covers the technical work required to get ACME (the protocol used by Let's Encrypt) to work for this scenario, and the political work to get it through the IETF as a formal standard. dctf25-14-automating-https-for-tor-onion-sites Q Misell en false https://cfp.dragonsec.si/dctf25/talk/3J33ZA/ https://cfp.dragonsec.si/dctf25/talk/3J33ZA/feedback/ P1 Talk 2025-03-29T20:30:00+01:00 20:30 00:30 A short introduction to Capture the Flag competitions. dctf25-20-intro-to-ctf en false https://cfp.dragonsec.si/dctf25/talk/CT88QF/ https://cfp.dragonsec.si/dctf25/talk/CT88QF/feedback/