To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:30
09:30
30min
Check-in
P1
10:00
10:00
30min
Opening ceremony
P1
10:30
10:30
30min
Rethinking Human Vulnerabilities in Cybersecurity
David Modic

While human attack vectors are now generally acknowledged to “be a thing” in INFOSEC, there are two immediate points we should make:

(a) Human attack vectors have been seen to be important in abstract for at least forty years – with overused phrases of humans being the weakest link of security. However, it is becoming clearer and clearer that understanding human attack vectors concretely is still elusive to the general (managerial) population.

(b) There is a substantial amount of gatekeeping in our field, where only spending weeks on obscure code and finding a 0-day or the ability to script Metasploit is considered “true” hacking, while exploiting human inability to premeditate is not. We are expected to bow to the technological supremacy of techno nerds and not point out that the threat model in both cases often remains the same.

In the talk, I will explore this curious divide in INFOSEC through examples and we will further look empirically at how lack of familiarity with concepts we pay lip service to, but in some cases do not understand fully, leads to potentially disastrous (or at least tragically amusing) fails in security.

P1
11:00
11:00
10min
Break
P1
11:10
11:10
60min
Breaking the Box: A Practical Guide to Container Security
Aleš Brelih

Containers have revolutionized software deployment, but with great convenience come new security risks.
In this session, we'll explore how containers work under the hood, common security pitfalls, and best practices for building and running secure containerized applications. We'll also demonstrate real-world container breakouts and discuss how attackers can exploit misconfigurations

P1
12:10
12:10
30min
Coffee Break
P1
12:40
12:40
30min
Dissecting HijackLoader: From Fake CAPTCHA to NTFS Transacted Hollowing
Urban Vidergar

A recent rise in fake CAPTCHA scams has led to a spike in user-triggered infostealer infections resulting in significant cryptocurrency losses among Slovenian victims. The HijackLoader malware abuses steganography to hide its encrypted payload within the PE resource, bypasses user-mode hooks, and executes direct syscalls within its shellcode. It combines NTFS transactions and process hollowing to deliver the final crypto-stealing payload.

P1
13:10
13:10
10min
Break
P1
13:20
13:20
30min
Reproducible builds and why they matter
Foobar

What is reproducibility, why it matters and common issues in achieving it accompanied by short demos
and discussion about counterpoints against reproducible builds.

P1
13:50
13:50
10min
Break
P1
14:00
14:00
60min
Rootkits - how deep the rabbit hole is
Matej Kovačič

Rootkits are malicious software that is designed to gain unauthorized access to a computer system and is able to hide its presence in the system. Rootkits are not only used by cybercriminals, but are also used for espionage and state-organized cyber attacks.

In this lecture, we will explore where malware can hide within a computer - even in the motherboard's chipset and deep inside the CPU - and how you can protect against such threats. We will presentseveral real-world examples of rootkits and discuss various research on hiding malware deep down within information systems.

P1
15:00
15:00
120min
Lunch
P1
17:00
17:00
30min
PXE Hacking 101: From Network Boot to Credential Extraction
Žan Urbančič, Danijela Šantak

Preboot Execution Environment (PXE) is a widely used network boot technology that allows machines to boot over a network without local storage. However, this convenience comes with security risks. In this session, we will explore how PXE works and how attackers can exploit misconfigurations to extract passwords and gain unauthorized access. Through practical demonstrations, we will analyze real-world attack scenarios, discuss potential countermeasures, and provide security best practices to defend against PXE-based attacks.

P1
17:30
17:30
10min
Break
P1
17:40
17:40
60min
Recon OSINT
Marko Ličina

Lecture: Introduction to OSINT and Passive Reconnaissance Techniques

P1
18:40
18:40
30min
Coffee Break
P1
19:10
19:10
30min
How to (mostly) fail at making money with security
Neyts Zupan

Back in 2007 I was enthusiastically entering the security startup World. Almost two decades later, I still (mostly) fail at making money with security. Learn from my mistakes!

P1
19:40
19:40
10min
Break
P1
19:50
19:50
30min
Automating HTTPS for Tor Onion Sites
Q Misell

Historically, managing TLS certificates was a pain, and letting a certificate expire on your website due to forgetting to renew it wasn't uncommon. Then, Let's Encrypt came along and made this much easier with everyone's favourite tool: automation!

Unfortunately, Let's Encrypt's automation doesn't work for everything. One of these cases is getting a TLS certificate for Tor Onion Services (those with a .onion domain). This talk covers the technical work required to get ACME (the protocol used by Let's Encrypt) to work for this scenario, and the political work to get it through the IETF as a formal standard.

P1
20:20
20:20
10min
Break
P1
20:30
20:30
30min
Intro to CTF

A short introduction to Capture the Flag competitions.

P1
21:00
21:00
780min
CTF
P1
11:00
11:00
60min
Awards Ceremony
P1