03-21, 11:30–11:55 (Europe/Ljubljana), PA
This session addresses the gap between theoretical knowledge and practical offensive security skills by presenting a hands-on training methodology based on realistic lab environments. It focuses on core techniques such as enumeration, exploitation, and post-exploitation, emphasizing the ability to chain vulnerabilities into complete attack paths. Drawing from recent penetration testing experience, it highlights how legacy systems and misconfigurations continue to expose modern infrastructures to compromise.
Transitioning from theoretical knowledge to practical offensive security skills remains a significant challenge for many learners. While concepts are widely documented, the ability to apply them in realistic environments is often missing.
This session presents a methodology for developing hands-on skills through controlled lab environments that simulate real-world infrastructures. The focus is on core offensive techniques, including enumeration, vulnerability identification, exploitation, and post-exploitation, with an emphasis on chaining weaknesses into meaningful attack paths.
Drawing from recent penetration testing experience, including the discovery of vulnerabilities, the session highlights how legacy systems and misconfigurations continue to introduce exploitable conditions in modern networks.
Žan Urbančič is the Co-Founder and Technical Director of CYBER-SEC d.o.o., a Slovenian cybersecurity company specializing in penetration testing, red teaming, and advanced security solutions. In his role, he leads the development and implementation of cutting-edge cybersecurity strategies, ensuring high standards of protection for digital infrastructures.
Žan is an experienced ethical hacker and cybersecurity specialist with a strong focus on offensive security, vulnerability assessment, and real-world attack simulations. Over the course of his career, he has conducted more than 100 penetration tests across various industries, including finance, healthcare, and critical infrastructure.
He holds multiple industry-recognized certifications and has hands-on experience with advanced security technologies, SIEM systems, and XDR solutions. Žan has also participated in international cybersecurity exercises such as NATO’s Locked Shields and Crossed Swords, gaining practical experience in large-scale cyber defense and attack scenarios.
In addition to his technical work, Žan is an active speaker and educator, sharing his expertise at conferences and professional events. His work focuses on identifying vulnerabilities, strengthening security postures, and helping organizations defend against modern cyber threats.
With extensive experience in technology, business, and cybersecurity, I currently serve as Business Director at CYBER-SEC, where I leverage my expertise in artificial intelligence, internet security, and teamwork to drive impactful solutions. My work focuses on fostering collaboration, building strong partnerships, and developing strategies that align with long-term organizational goals.
Certified in ethical hacking and penetration testing, I combine technical acumen with a strategic mindset to bridge the gap between complex cybersecurity challenges and actionable outcomes. Passionate about empowering teams and creating meaningful solutions, my mission is to advance innovation and growth in a rapidly evolving digital security landscape.