2.0 -//Pentabarf//Schedule//EN PUBLISH JCHBUP@@pretalx.com -JCHBUP Browser Exploitation: From N-Days to Real-World Exploit Chains in Google Chrome en en 20250618T140000 20250618T144500 004500

Browser Exploitation: From N-Days to Real-World Exploit Chains in Google Chrome

What does it take to exploit a modern browser in 2025? In this session, we’ll dissect the creation of a real-world exploit chain targeting Google Chrome on Windows, using recently patched (n-day) vulnerabilities. This is a practical, technical session, aimed at showing how modern browser exploitation is still very much alive — and achievable with the right tools and approach. Key topics covered include: - Fundamentals of modern browser security and vulnerability research - Patch diffing to turn Chrome updates and public issues into vulnerabilities - Mitigations and sandboxes bypass - Exploit chain development: from initial bug to payload execution - New methods and tools for Chrome exploit development - Live demo of an exploit chain based upon recent vulnerabilities The session also explores the current state of browser security and its implications for future offensive and defensive research. PUBLIC CONFIRMED Offensive Village talks https://pretalx.com/bsidesluxembourg-2025/talk/JCHBUP/ Main Stage @Petitoto PUBLISH MNXYAU@@pretalx.com -MNXYAU Hacking EV Chargers: Fast Track to Market, Fast Track to Vulnerabilities en en 20250618T144500 20250618T152500 004000

Hacking EV Chargers: Fast Track to Market, Fast Track to Vulnerabilities

We’ll dive deeper into the product, how it works under the hood, how it’s meant to be provisioned, and where things went hilariously wrong, allowing privilege escalation (extended, augmented version). We’ll also step back and look at the bigger picture: why fast go-to-market pressures often lead to critical security oversights, and how these patterns show up across the EV charging ecosystem. Beyond the original device, I’ll share insights from examining other products, where the security posture is sometimes even worse. Expect fun discoveries, and some tales from the fast-moving world of connected devices. PUBLIC CONFIRMED Offensive Village talks https://pretalx.com/bsidesluxembourg-2025/talk/MNXYAU/ Main Stage Simon Petitjean PUBLISH NESLTT@@pretalx.com -NESLTT Targeting pentesters en en 20250618T154500 20250618T162500 004000

Targeting pentesters

Pentesters and red teamers often focus on identifying weaknesses in others’ systems — but what about their own practices? This talk aims to turn the lens inward and critically examine the techniques, tools, and habits commonly used by us, offensive security professionals. We’ll highlight some weaknesses that can make pentesters high-value, vulnerable targets. The goal is to initiate a conversation around operational hygiene, threat modeling, and risk awareness within the offensive security community. By identifying bad habits and systemic gaps, we hope to inspire more resilient and secure practices among those who break things for a living. PUBLIC CONFIRMED Offensive Village talks https://pretalx.com/bsidesluxembourg-2025/talk/NESLTT/ Main Stage Charlie Bromberg Mathieu Calemard du Gardin (Dramelac) PUBLISH HETCHC@@pretalx.com -HETCHC Unpacking Azure Initial Access Attack Techniques en en 20250618T162500 20250618T170500 004000

Unpacking Azure Initial Access Attack Techniques

PUBLIC CONFIRMED Offensive Village talks https://pretalx.com/bsidesluxembourg-2025/talk/HETCHC/ Main Stage Patrick Mkhael François-Jérôme Daniel PUBLISH 3MBNZC@@pretalx.com -3MBNZC Lockpicking village en en 20250618T140000 20250619T170000 030000

Lockpicking village

A lifelong passion for physical intrusion and social engineering fuels this hands-on workshop, where you'll discover both classic techniques like lockpicking, tailgating, and pole-based door opening and unconventional methods inspired by real-world experience. The goal: understand how intrusions really happen, and how to spot and prevent them before they do. (The workshop will primarily be conducted in French, with the possibility to speak a little English to facilitate communication.) PUBLIC CONFIRMED Workshop 4h https://pretalx.com/bsidesluxembourg-2025/talk/3MBNZC/ Atrium (common area) Nicolas Aunay (aka Joker2a) Nicolas B. (aka Warlok) PUBLISH GURPHA@@pretalx.com -GURPHA Cybersecurity in an Age of Uncertainty en en 20250619T090000 20250619T091000 001000

Cybersecurity in an Age of Uncertainty

Opening address by Luxembourg’s new Ambassador for Cybersecurity and Digitalisation on security, resilience, and protecting human rights in an age of authoritarian repression and democratic backsliding. PUBLIC CONFIRMED Opening Speech https://pretalx.com/bsidesluxembourg-2025/talk/GURPHA/ Main Stage Luc Dockendorf PUBLISH CZHSL3@@pretalx.com -CZHSL3 Workshop introductions en en 20250619T091000 20250619T092000 001000

Workshop introductions

1 minute per workshop organizer to introduce their workshops. PUBLIC CONFIRMED Workshop intros https://pretalx.com/bsidesluxembourg-2025/talk/CZHSL3/ Main Stage Various speakers with Infosec lightning talks PUBLISH LDCKC8@@pretalx.com -LDCKC8 7 layers for improving your Quality of Life in Cyber Security en en 20250619T092000 20250619T100000 004000

7 layers for improving your Quality of Life in Cyber Security

Same talk as in BsidesMunich Keynotes, but of course with some adjustments to adopt to BSides Luxembourg and I can add the references, that Carson Zimmermann and I use in the FIRST talk at the end. (I mapped out all of the science research to all of the topics). PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/LDCKC8/ Main Stage Desiree Sacher-Boldewin PUBLISH 7VZQY8@@pretalx.com -7VZQY8 Error 404: Experience Not Required (When You Have a Homelab) en en 20250619T103000 20250619T111500 004500

Error 404: Experience Not Required (When You Have a Homelab)

What's the perfect home lab? It's the one that lands you your next job! Forget about turning your spare room into a data center – this talk is about building a smart, strategic homelab that advances your career and gets you noticed. We're flipping the script on traditional homelab discussions. Instead of focusing on fancy hardware specs or power-hungry setups, we'll explore how to: - Build a practical lab environment on a shoestring budget - Transform weekend projects into impressive resume bullets - Master key technologies employers actually care about (think virtualization, containers, security) - Make learning technical skills genuinely fun and engaging Think of this as your career-boosting homelab blueprint. We'll cover exactly how to document your projects, translate them into resume gold, and discuss them confidently in interviews. Plus, you'll learn why dancing flamingos might just be the secret sauce your homelab needs! This isn't about hoarding hardware – it's about strategically building experience that sets you apart from other candidates. Come learn how to make your homelab work smarter, not hotter, for your career growth! Key Takeaways: - A framework for choosing projects that maximize your career impact - Templates for translating technical projects into powerful resume bullets - Strategies for discussing your homelab experience in interviews - Budget-friendly approaches to building meaningful technical skills - The secret to keeping learning fun and sustainable (yes, flamingos involved!) PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/7VZQY8/ Main Stage Kat Fitzgerald PUBLISH JUFKPL@@pretalx.com -JUFKPL From Unrestricted Uploads to Security Nightmares: Preventing and Mitigating File Upload Vulnerabilities en en 20250619T111500 20250619T115500 004000

From Unrestricted Uploads to Security Nightmares: Preventing and Mitigating File Upload Vulnerabilities

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/JUFKPL/ Main Stage Sewar Khalifeh PUBLISH 8A7FZZ@@pretalx.com -8A7FZZ Fresh Secrets From The Docks: Lessons Learnt from Analyzing 15,000,000 Public DockerHub Images en en 20250619T133000 20250619T141500 004500

Fresh Secrets From The Docks: Lessons Learnt from Analyzing 15,000,000 Public DockerHub Images

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/8A7FZZ/ Main Stage Guillaume Valadon PUBLISH JWWFQB@@pretalx.com -JWWFQB SOC Must Die - Engineering our way to Detection and Response Operations en en 20250619T141500 20250619T145500 004000

SOC Must Die - Engineering our way to Detection and Response Operations

What are we even doing with SOC ? We're still mostly dealing with false Positives, running outdated analyst tiers leading to burnouts, and SIEMs are still hard to tame monsters. And yet, we still don't really grasp our detection coverage, or are really efficient at adopting SOARs. But there's a new trend emerging, the Detection and Response Engineer. SOCs worldwide are facing a hard transition - from an analyst organization, responding to events, to an engineering organization, proactively building systems with an emphasis on automation from the start. Detection Engineering is being increasingly adopted, and SOAR practices are being generalized to Response Engineering. We will in this session peer into an engineering future for SOCs, where teams are smaller, more expert, tech-centric, and laser focused on key capabilities with less externalization of human effort. PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/JWWFQB/ Main Stage Amine Besson PUBLISH 9HGXTK@@pretalx.com -9HGXTK Unpacking Packers - So What? Does it ever get easier? No. en en 20250619T151500 20250619T160000 004500

Unpacking Packers - So What? Does it ever get easier? No.

Crypters, also known as loaders or packers, have long been a staple in the malware landscape, continually evolving to keep pace with advancements in cybersecurity defenses. These tools are no longer niche; they have become commodities widely available for purchase or lease on underground markets. As a result, they’ve commercialized sophisticated malware deployment, enabling a wider range of threat actors to access advanced techniques that once required specialized skill. A single loader can deliver varied malicious payloads across different campaigns, underscoring their adaptability and utility in modern cyberattacks. Despite substantial focus on analyzing and documenting payloads, crypters themselves remain an often overlooked aspect of malware distribution. This talk explores the ever-evolving arms race between malware developers and security vendors. The cybersecurity community has developed robust solutions such as signature-based detection, AI-driven threat dissection, code-reuse analysis, and behavioral monitoring, yet crypters have continuously evolved to evade these defenses through sophisticated techniques like in-memory execution and anti-analysis features. We will dissect the latest solutions in this ongoing battle, examine how they’ve been overcome by recent crypter innovations, and discuss what’s next in this relentless cycle of offense and defense. This session promises valuable insights for researchers, security professionals, and anyone interested in understanding and mitigating the threat of crypters in modern cyber warfare. PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/9HGXTK/ Main Stage Nicole Fishbein PUBLISH RPGQ7B@@pretalx.com -RPGQ7B Still living with ADHD in Infosec en en 20250619T160000 20250619T164500 004500

Still living with ADHD in Infosec

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/RPGQ7B/ Main Stage Klaus Agnoletti PUBLISH EHAWQX@@pretalx.com -EHAWQX When Data Talks, We Let AI Listen en en 20250619T170000 20250619T170500 000500

When Data Talks, We Let AI Listen

PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsidesluxembourg-2025/talk/EHAWQX/ Main Stage Léa ULUSAN PUBLISH VNUTCG@@pretalx.com -VNUTCG Kunai vs io_uring en en 20250619T170500 20250619T171000 000500

Kunai vs io_uring

PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsidesluxembourg-2025/talk/VNUTCG/ Main Stage Quentin JEROME PUBLISH MU8WHL@@pretalx.com -MU8WHL Lightning talks - Infosec only en en 20250619T171000 20250619T172500 001500

Lightning talks - Infosec only

PUBLIC CONFIRMED Infosec lightning talks https://pretalx.com/bsidesluxembourg-2025/talk/MU8WHL/ Main Stage Various speakers with Infosec lightning talks PUBLISH 3UD8W3@@pretalx.com -3UD8W3 From Indicators to Insights: The Evolution and Future of Cyber Threat Intelligence en en 20250619T172500 20250619T173000 000500

From Indicators to Insights: The Evolution and Future of Cyber Threat Intelligence

PUBLIC CONFIRMED Lightning Talk https://pretalx.com/bsidesluxembourg-2025/talk/3UD8W3/ Main Stage Nath, Adewole PUBLISH GN9QK3@@pretalx.com -GN9QK3 DRINKS RECEPTION en en 20250619T173000 20250619T200000 023000

DRINKS RECEPTION

PUBLIC CONFIRMED Workshop 2h https://pretalx.com/bsidesluxembourg-2025/talk/GN9QK3/ Main Stage Various speakers with Infosec lightning talks PUBLISH FGFMAR@@pretalx.com -FGFMAR Lightning talks - NO SECURITY TOPICS! en en 20250619T200000 20250619T203000 003000

Lightning talks - NO SECURITY TOPICS!

Nothing about security. PUBLIC CONFIRMED Lightning talks NO SECURITY TOPICS https://pretalx.com/bsidesluxembourg-2025/talk/FGFMAR/ Main Stage Various speakers with Infosec lightning talks PUBLISH 7FDANC@@pretalx.com -7FDANC Securing AI Assistants: Strategies and Practices for Protecting Data en en 20250619T103000 20250619T111500 004500

Securing AI Assistants: Strategies and Practices for Protecting Data

In this technical session, we delve into the unique security challenges faced by AI copilots/chatbots/agents—AI systems designed to assist with various tasks—focusing specifically on data as their most critical asset. The talk will cover AI-specific threats such as data poisoning, prompt injection attacks/hallucinations, and data extraction risks, exploring how these vulnerabilities differ from traditional security concerns. We will discuss various AI deployment architectures and their impact on data security. Practical strategies will be provided to secure AI data, including hands-on techniques like automating data cleaning pipelines and configuring secure inference pipelines. The session will also introduce AI-specific threat modelling and explore real-world examples, demonstrating how to integrate security measures into AI development workflows. By the end, attendees will be equipped with actionable insights and tools to align their AI strategy with robust security practices, ensuring the safe and effective deployment of AI chatbots. PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/7FDANC/ Secondary stage Andra Lezza PUBLISH 3FK3MV@@pretalx.com -3FK3MV Unifying Security Tools with OCSF and 60 lines of code en en 20250619T111500 20250619T115500 004000

Unifying Security Tools with OCSF and 60 lines of code

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/3FK3MV/ Secondary stage spyros gasteratos PUBLISH DW3QWB@@pretalx.com -DW3QWB The Firewall Project: Open Source, Shift-Left, Security Platform en en 20250619T133000 20250619T141500 004500

The Firewall Project: Open Source, Shift-Left, Security Platform

The Current State of Cybersecurity > Increasing frequency and severity of security breaches. > Businesses struggle to keep up with evolving threats. > Many organizations can't afford advanced security solutions. > Security becoming a luxury rather than a necessity. Security in the Age of AI: When Code Moves Faster Than Controls > While developers can now write code 10x faster using AI coding assistants like GitHub Copilot, security teams are struggling to keep pace. > Security teams are losing visibility into what's actually going into production, with each development decision potentially introducing unknown vulnerabilities or compliance risks. Challenges in Remediation > Who is the owner of this asset in my organization’s SDLC? > Which teams should be involved? What are the best ways to collaborate with them? > Can I detect and remediate new issues across SDLC? > How do I manage the backlog of issues in my organization’s SDLC? Introducing “The Firewall Project’s Appsec Platform” > Unconditional Visibility - Gain full visibility without bothering anyone > Risk Based Prioritisation - Use context to help devs understand the impact > Democratization for Developers/PMs - Empower devs to be proactive and take the ownership of their applications > Simplifying Remediation Process Demo > Deployment - Docker Compose, CFT, Cloud Marketplaces > Configuration - VCs(Github/Bitbucket/Gitlab), Cloud(AWS/Azure/GCP) & Alerts(Slack/Jira), RBAC > Asset Inventory - Repos, Web Application, Secrets, Vulnerabilities > Runtime Scans - PR and post-commit scans via webhooks Incident Management Live Dashboards Automated Remediation Workflows > One-click allowlisting for false positive management. > Grouping of assets to establish ownership. > SLA and business context powered dynamic scoring for risk based prioritisation. Real-World Use Cases > Git PAT Token Exposure: Imagine a scenario where a GitHub Personal Access Token (PAT) is accidentally stored in a private repository for a React.js project. Due to a misconfiguration, this token becomes accessible to the public via the client-side browser. With The Firewall Secrets, this kind of exposure can be detected early in the Software Development Life Cycle (SDLC), preventing potentially catastrophic breaches. > Vendor Compromise: Consider a case where a vendor, who has access to one of your private repositories, gets compromised. This breach could lead to the leaking of secrets and sensitive data. In such situations, a fast and efficient patch management system is crucial to identifying other services impacted by the breach. The Firewall Platform's incident tracker ensures that you're able to respond quickly and effectively to such incidents. > Insider Threats: In a recent incident at a prominent organization, the IT team discovered through logs that an employee, before leaving the company, downloaded a repository containing sensitive secrets. The immediate priority was to identify the compromised services and initiate a rapid incident response. With The Firewall Secrets and The Firewall Platform, you can identify exposure across your organization and take swift action to mitigate the risks. Roadmap > Addition of AI powered DAST Capabilities > AI assistant > Container Images Scanning Capabilities Contributors Conclusion > Shifting left to prevent security issues early in development. > Operationalising security using risk based prioritization and comprehensive owner-to-asset mapping can significantly improve the efficiency of security teams > We envision a world where every business, regardless of size or budget, has access to state-of-the-art cybersecurity. Where security isn't a luxury, but a fundamental right. Where we stand united against cyber threats, leaving no one behind. Presentation for the talk: > https://docs.google.com/presentation/d/11nTQ9g1Xgm700dxAYqJEa6A8DsanA-qYScwc-aGDd_0/edit?usp=sharing Important Links: > Website: https://thefirewall.org > Blogs: https://blogs.thefirewall.org > Github: https://github.com/TheFirewall-code/TheFirewall-Secrets-SCA > Documentation: https://docs.thefirewall.org > Youtube: https://www.youtube.com/@TheFirewallAppsecPlatform PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/DW3QWB/ Secondary stage Sparsh K Lavlesh Joshi PUBLISH 3TUS97@@pretalx.com -3TUS97 DDoS Protection of the Europa websites en en 20250619T141500 20250619T145500 004000

DDoS Protection of the Europa websites

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/3TUS97/ Secondary stage Andrei Petrovici Florin Bota PUBLISH BEZMZH@@pretalx.com -BEZMZH Navigating the EU Cyber Resilience Act: Scope, Obligations, and Strategic Compliance for Digital Product Providers en en 20250619T151500 20250619T160000 004500

Navigating the EU Cyber Resilience Act: Scope, Obligations, and Strategic Compliance for Digital Product Providers

This presentation will provide a comprehensive overview of the CRA’s scope, key obligations, and implications for companies across the digital product supply chain. Participants will gain practical insights into how to prepare for CRA compliance, including a five-step roadmap: from applicability assessment and product classification to gap analysis, action planning, and implementation. With significant penalties and market access restrictions for non-compliance, early preparation is essential. This session aims to equip stakeholders with the knowledge and strategies needed to ensure readiness and resilience in the face of evolving EU cybersecurity regulations. PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/BEZMZH/ Secondary stage BERDAI Sadia PUBLISH N8GXFJ@@pretalx.com -N8GXFJ Coping with Reality: Chaos Engineering through Gamedays en en 20250619T160000 20250619T164500 004500

Coping with Reality: Chaos Engineering through Gamedays

What if the best way to build resilient systems is to break them, intentionally? This 40-minute talk will challenge our conventional thinking about resilience by diving into the hands-on execution of Chaos Engineering through Gamedays, which are structured, high-impact events where teams deliberately inject failure to uncover weaknesses before they manifest in production and impact customers. Despite its playful name, a Gameday is anything but a game; it’s a methodical, collaborative, and sometimes nerve-wrecking exercise designed to stretch the limits of our systems and validate our assumptions. We’ll explore what it takes to run an effective Gameday: from selecting the right applications and environments to defining steady states and executing controlled, high-value chaos experiments. Attendees will gain insight into how Datadog orchestrates Gamedays, curating participants based on system architecture, aligning on steady-state definitions, and incrementally scaling failure scenarios from isolated latency injections to full-scale zonal disruptions. Gamedays are a shift in mindset, from preventing failure to preparing for it. We’ll also discuss a crucial evolution: transitioning from manual, ad-hoc failure injection to a scalable, automated platform that enables safe, rapid, and transparent execution. The ultimate goal? To shift the mindset from fearing failure to leveraging it as a catalyst for resilience. By embracing Chaos Engineering through Gamedays, teams don’t just prevent outages - they gain deep, actionable insights, foster cross-team collaboration, and build a culture where failure isn’t a setback, but a stepping stone to resilience. PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/N8GXFJ/ Secondary stage Tai Huynh PUBLISH VHZNXC@@pretalx.com -VHZNXC Let's play HackBack, a fun and engaging IR role playing game designed for learning en en 20250619T100000 20250619T120000 020000

Let's play HackBack, a fun and engaging IR role playing game designed for learning

PUBLIC CONFIRMED Workshop 2h https://pretalx.com/bsidesluxembourg-2025/talk/VHZNXC/ Classroom 1 workshops Klaus Agnoletti PUBLISH VS8LNA@@pretalx.com -VS8LNA Automate Your Hacking: Writing New Tools & Extending Existing Ones en en 20250619T130000 20250619T170000 040000

Automate Your Hacking: Writing New Tools & Extending Existing Ones

## Training Outline ### Tool & Techniques for Security Automation * Network Security * Web Security Automation * Malware Analysis Automation * Automating Cloud Security Tasks * Automating Security Tasks using Cloud * Analyzing Custom Protocols & Services * Leveraging LLM and GenAI for Exploring the Unknown ### Writing Your Own Tools * Developing the Automation Mindset * Basics of Security Automation * Mind Map for Writing Your Own Tools * Writing Tools for Threat Intelligence ### Extending Existing Tools * Writing Nmap NSE Scripts * Writing Nuclei Templates * Extending Burp/mitmproxy PUBLIC CONFIRMED Workshop 4h https://pretalx.com/bsidesluxembourg-2025/talk/VS8LNA/ Classroom 1 workshops Rahul Binjve PUBLISH EHSQ88@@pretalx.com -EHSQ88 Mapping Your Information System with Mercator: A Hands-On Workshop en en 20250619T100000 20250619T120000 020000

Mapping Your Information System with Mercator: A Hands-On Workshop

Discover how [Mercator](https://github.com/dbarzin/mercator), the award-winning open source tool for information system mapping, can transform your approach to managing infrastructures and data. In this 2-hour workshop, you will learn to use Mercator to model, visualize, and analyze your IT ecosystem efficiently. Whether you are a CISO, system administrator, or security consultant, this hands-on session will guide you through Mercator’s key features—from creating your first map to integrating advanced data. Join us for an interactive session combining theory and practice. You’ll have the opportunity to explore real-world use cases, work directly with the tool, and leave with skills you can apply immediately to your professional projects. No prior knowledge of Mercator is required, but please bring your laptop to make the most of this experience! PUBLIC CONFIRMED Workshop 2h https://pretalx.com/bsidesluxembourg-2025/talk/EHSQ88/ Classroom 2 workshops Didier Barzin PUBLISH TAXNZH@@pretalx.com -TAXNZH API Underworld: Red Team Hacking Secrets en en 20250619T130000 20250619T170000 040000

API Underworld: Red Team Hacking Secrets

PUBLIC CONFIRMED Workshop 4h https://pretalx.com/bsidesluxembourg-2025/talk/TAXNZH/ Classroom 2 workshops Parth Shukla PUBLISH HVC8NP@@pretalx.com -HVC8NP Fortifying Cyber Defenses: A hands-on workshop with IDPS-ESCAPE and SATRAP en en 20250619T100000 20250619T120000 020000

Fortifying Cyber Defenses: A hands-on workshop with IDPS-ESCAPE and SATRAP

**Duration**: 2 hours **Level**: Intermediate (familiarity with concepts in basic machine learning, SIEM/IDPS and CTI recommended) ## Workshop outline ### I. Introduction to IDPS-ESCAPE - Presentation of the IDPS-ESCAPE architecture and its building blocks: open-source SOAR, ADBox, Wazuh-Suricata integration, and anomaly detection training and prediction pipelines - Use cases: user and entity behavior analytics (UEBA), automated response/prevention based on detected anomalies - **Demonstration: Deploying ADBox for Multivariate Anomaly Detection** 1. Configure ADBox to ingest Wazuh alerts and resource metrics 2. Train a custom MTAD-GAT model and monitor to detect suspicious behavior (UEBA) 3. Visualize anomalies in Wazuh Dashboards 4. Overview of IDPS-ESCAPE integrations: Wazuh, Suricata, MISP, OpenCTI, OpenBAS 5. Overview of implemented UEBA and AD scenarios, along with implemented active responses ### II. Introduction to SATRAP - Overview of SATRAP and its application in cyber threat intelligence, plus an explanation of logic-based automated reasoning and its benefits - **Hands-On Lab: CTI analysis with SATRAP** 1. Setting up SATRAP in a controlled environment 2. Creating and populating a CTI knowledge base 3. Developing a playbook in the form of a Jupyter Notebook to demonstrate how we can benefit from the automated reasoning functions of the SATRAP Python CTI Analysis Toolbox in a step-by-step CTI investigation ### III. Integration and best practices - Strategies for integrating IDPS-ESCAPE and SATRAP with existing security systems - Best practices for maintaining and updating these tools - Q&A session to address participant queries and challenges ### **Target Audience** - SOC analysts and CTI teams seeking to enhance detection, investigation and mitigation capabilities - Security engineers interested in SOAR systems and open-source tools - Researchers exploring practical applications of anomaly detection and automated reasoning - Curious learners ### **Requirements** - A basic understanding of cybersecurity concepts and familiarity with security tools - Laptop with Docker and preferably VS Code installed - Basic Python and GNU/Linux experience (no advanced ML expertise required) PUBLIC CONFIRMED Workshop 2h https://pretalx.com/bsidesluxembourg-2025/talk/HVC8NP/ Classroom 3 workshops Arash Atashpendar Itzel Vazquez Sandoval PUBLISH ZS73U7@@pretalx.com -ZS73U7 Becoming the Godfather of Threat Modeling en en 20250619T130000 20250619T150000 020000

Becoming the Godfather of Threat Modeling

PUBLIC CONFIRMED Workshop 2h https://pretalx.com/bsidesluxembourg-2025/talk/ZS73U7/ Classroom 3 workshops Mike van der Bijl PUBLISH RK8JDA@@pretalx.com -RK8JDA Practical intro to deep learning: chihuahuas vs muffins en en 20250619T151000 20250619T170000 015000

Practical intro to deep learning: chihuahuas vs muffins

Agenda: • Short introduction to deep learning • Setting up the environment • Hands-on session: we’ll experiment with image classification • Hands-on session: we build a web app with Gradio We’ll also be discussing applications to cybersecurity you can prototype, deep learning and training methods, cool the hype and discuss realistic LLM capacities. PUBLIC CONFIRMED Workshop 2h https://pretalx.com/bsidesluxembourg-2025/talk/RK8JDA/ Classroom 3 workshops Pauline Bourmeau (Cookie) William Robinet PUBLISH KHJVRN@@pretalx.com -KHJVRN Opening of CLUSIL track en en 20250619T103000 20250619T104500 001500

Opening of CLUSIL track

PUBLIC CONFIRMED Opening Speech https://pretalx.com/bsidesluxembourg-2025/talk/KHJVRN/ Classroom 4 - CLUSIL track Luc Dockendorf Cedric MAUNY PUBLISH FVYWMW@@pretalx.com -FVYWMW The Psychology of Deception: How Today's World Leaves Us Exposed to Social Engineering en en 20250619T104500 20250619T112000 003500

The Psychology of Deception: How Today's World Leaves Us Exposed to Social Engineering

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/FVYWMW/ Classroom 4 - CLUSIL track Eloïse ZEHNDER PUBLISH Y3L9MQ@@pretalx.com -Y3L9MQ Maximizing AI Innovation While Staying Compliant: A Pragmatic Approach en en 20250619T112000 20250619T120000 004000

Maximizing AI Innovation While Staying Compliant: A Pragmatic Approach

In this talk, we will explore key elements for successfully and securely integrating AI in businesses: Understanding the AI Act and its implications for organizations The intersection of AI and data protection (GDPR, DPIA, etc.) Implementing an effective AI governance strategy Case studies and common pitfalls to avoid Real-world strategies that actually work This session is designed for decision-makers, DPOs, CISOs, and digital transformation leaders looking to leverage AI without exposing their organizations to legal risks or compliance failures. PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/Y3L9MQ/ Classroom 4 - CLUSIL track Julien Winkin PUBLISH VYZDUA@@pretalx.com -VYZDUA Beyond the Buzzwords: Threat Exposure and Attack Surface Management in 2025 en en 20250619T133000 20250619T141500 004500

Beyond the Buzzwords: Threat Exposure and Attack Surface Management in 2025

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/VYZDUA/ Classroom 4 - CLUSIL track Peder Grundvold PUBLISH NFHVDZ@@pretalx.com -NFHVDZ From Legalese to Human-Ease: Transforming Security Policies with AI en en 20250619T141500 20250619T145500 004000

From Legalese to Human-Ease: Transforming Security Policies with AI

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/NFHVDZ/ Classroom 4 - CLUSIL track Klaus Agnoletti PUBLISH VGMSMG@@pretalx.com -VGMSMG From Buzzword to Battlefield: The Cybersecurity Challenges of Smart Cities en en 20250619T151500 20250619T160000 004500

From Buzzword to Battlefield: The Cybersecurity Challenges of Smart Cities

PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/VGMSMG/ Classroom 4 - CLUSIL track Marina Bochenkova PUBLISH UNYABC@@pretalx.com -UNYABC Remove Barriers To Data Sharing To Boost Collaboration Against Cybercrime en en 20250619T160000 20250619T162500 002500

Remove Barriers To Data Sharing To Boost Collaboration Against Cybercrime

Data sharing is notably the most efficient manner to fight cybercrime as it enhances the capabilities of collaborating by sharing Tactics, Techniques, and Procedure used by attackers. However, good practices are often challenging to implement due to hurdles like 1) compliance and regulatory constraints, 2) time constraints for sharing and processing shared information, and 3) perceived lack of value in the information. These barriers hinder the dissemination of crucial information that could improve attack detection and response. This session will address each of these obstacles by identifying strategies for mutualizing data without revealing the data itself. To do this, I will explain how to remove barriers limiting information sharing by leveraging the data mesh—where the interpretation, rather than the raw data, is shared—and by using advanced technical solutions such as Federated Learning— where only the AI model's parameters are shared instead of the training data—and Fully Homomorphic Encryption—which allows operations on encrypted data without revealing the data itself—. These technologies used within a specific ecosystem will both help bypass regulatory hurdles while strongly elevating the value of data and the competitive advantage against cybercrime by dismantling existing barriers that prevent sharing. Attendees will be informed how this approach contributes to the compliance with regulatory frameworks like NIS2 and DORA applicable to any corporation doing business with European customers also to gain insights from the success of Luxembourg's first ISAC for the manufacturing industries. The session will also review Luxembourg's National Cybersecurity Strategy, which aims to enhance cybersecurity capabilities by implementing a national network of probes and by introducing sectoral Security Operations Centers. The latter to fortify national defenses against organized attacks targeting economic sectors, critical infrastructures and the society at large. Attendees will leave this session with a comprehensive understanding of how some advanced technologies can remove barriers to increase the volume and type of shared information while ensuring compliance with regulatory standards that leads to a more secure global community. My goal is to sensitize the audience on how to reduce the usual reluctance when it comes to information sharing by demonstrating how to use processes and technologies at community scale to protect the society at large. PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/UNYABC/ Classroom 4 - CLUSIL track Cedric MAUNY PUBLISH J7Q87U@@pretalx.com -J7Q87U AI in cybercrime: A threat or an opportunity? en en 20250619T162500 20250619T165500 003000

AI in cybercrime: A threat or an opportunity?

The rise of generative AI, based primarily on neural networks, has completely boosted the hype surrounding AI, which has become indispensable in today's digital landscape. In the field of cybersecurity, it is possible to ask how AI can be used by hackers but also serve as a defence mechanism. This is a game that hackers currently tend to win because they have a head start, but in the future, will we see AI challenged by other AI in terms of attacks and countermeasures? This raises many questions, both in terms of ethics or the lack thereof within AI, as well as the limits of circumventing the ethical filter applied to AI, but also the ability of hackers to use specialised and proprietary AI. There will also remain the question of the energy required to power these AI systems. Will it be accessible to all, including hackers? PUBLIC CONFIRMED Talk https://pretalx.com/bsidesluxembourg-2025/talk/J7Q87U/ Classroom 4 - CLUSIL track David Hagen