CI/CD pipelines significantly increase development efficiency but also introduce complex security risks. Vulnerabilities in these systems expose sensitive credentials, enable attackers to manipulate build processes, compromise cloud environments, and escalate privileges. This immersive, hands-on workshop will guide participants through real-world scenarios and hacking challenges to exploit and secure CI/CD pipelines, Kubernetes clusters, and AWS infrastructure.

Learn how to build a universal, AI-assisted security agent using MCP to integrate multiple static analysis tools, generate vulnerability reports, suggest fixes, and produce ready-to-use secure code.

In this workshop, participants engage in a high-stakes cyber battle within a factory's OT systems. Divided into Red and Blue Teams, they alternate between offensive and defensive strategies in an interactive game. The workshop emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.

Join us for an interactive half-day workshop where you'll learn the essential techniques of physical security testing. This session covers key skills such as lock picking, door bypass methods, and cloning insecure access cards.

A workshop on the fundamental building blocks of Linux containers: capabitilies, namespaces and cgroups.

In recent years, SBOM became an emerging topic to address the need to understand and track the software supply chain and gather a better understanding of the software composition that is used in our modern infrastructure.
Often heard promises are to be able to much faster identify and address vulnerabilities in upstream dependencies like Log4j or to mitigate supply-chain attacks like the XZ Utils attack. But what can it look like to work with SBOMs?
This workshop introduces an orientation on the tools and standards at hand and provides practical examples of how and when to generate SBOMs, how to assess their quality, and how to merge and consume them.

Large Language Models (LLMs) are reshaping modern software and system architectures - but with their increasing adoption come new and amplified security concerns. This workshop explores the technical and strategic dimensions of securing LLM-based applications and services.
Participants will learn how components such as RAG pipelines, prompt engineering, and fine-tuning introduce specific risks that go beyond traditional machine learning. Using the OWASP LLM Top 10 (2025) as a framework, we examine how known security principles reappear in new forms - and why many current threats are just the tip of the iceberg.

In addition to architectural deep dives, we introduce foundational approaches like Security by Design, guardrail strategies, and the integration of risk awareness into the LLM development process. We also provide a compact overview of relevant regulatory developments, including the Cyber Resilience Act and EU AI Act - and how they intersect with the practical realities of LLM deployment.
Whether you're building, integrating, or securing LLMs, this session offers a comprehensive view of today's threat landscape and tomorrow’s assurance requirements.

This workshop aims to equip stakeholders with the knowledge and practical approaches needed to implement the security by design principle in line with existing regulations, while addressing the challenges of security–legal interaction that arise in the process.

This 4-hour interactive workshop teaches the fundamentals of threat modeling using the 4-question framework. Participants will gain hands-on experience through practical scenarios, learn key terminology and best practices, and discover how to integrate threat modeling into their development processes. Designed for both technical and non-technical roles involved in software development decision-making, attendees will leave with immediately applicable skills and tools to support threat modeling in their organizations.

Don't miss the glitch!

In the past few years, many new open source tools have arisen that enable reliable fault injection attacks at a reasonable budget. In addition to this, many great performing budget tools are now available that are perfectly suitable for a broad range of fault injection targets. This brings a great opportunity to get started with hardware security and learn about hardware fault injection attacks while experimenting. The part that is a bit more challenging is that most of these tools assume that you are an expert in the field and therefore they are limited to providing an interface with many options and features, some heavily tested examples and target boards that work with these examples and that are specifically designed to give the feeling of success, while not truly diving into the process and decision-making that led to them.

This workshop is intended to fill in that gap and introduce you to the basic steps that need to be taken in order to prepare and profile a generic target and be able to start a Voltage Fault Injection (VFI) or Electromagnetic Fault Injection (EMFI) campaign, all while using budget-friendly equipment and inexpensive open source hardware tools.

Building valuable solutions is a complex endeavor that requires a breadth of knowledge. That not being enough, we’re also getting asked to build secure solutions in a secure way - yet what does that even mean? How do we incorporate such a vast area of expertise into our everyday workflows?

In this hands-on workshop, I will introduce you to core security concepts, like the CIA triad or defense in depth - and how we can apply them in everyday work. Based on a practical example, we will go through the development lifecycle with security in mind. You will learn about threat modeling to uncover risks early on, secure coding principles to bake security in, security testing approaches to make informed decisions depending on your risk appetite, and ways of detecting potentially malicious activity to protect against. Interactive exercises at each step will let you experience how security can neatly fit with what you’re already doing without adding artificial gates.

Whether you want to keep your system secure or get a neglected one back in shape, this session is for you. Join us to gain fundamental security knowledge, hone your security skills, and get tactical advice to secure your development lifecycle. Let’s make things a bit more secure than yesterday every day!