Have you ever wondered how an attacker analyzes your favorite Android app? In this workshop, we will adopt a perspective of a reverse engineer to learn how to approach Android applications.
We will explore popular reverse engineering tools and techniques used in Android security analysis. Through hands-on practice, you'll learn to identify common security weaknesses and understand how attackers exploit them.
Android applications are often targeted by attackers due to openness of the platform and numerous omissions in the app development process. Plenty of security methods were created to harden Android apps against reverse engineering and tampering, which seems widely used by major app developers and way less by smaller ones.
We'll analyze a few real-world applications to examine current protection mechanisms and their limitations. We'll explore the common security measures deployed by Google Play Store and app developers, and discuss whether they are as effective as they claim to be.
By the end of the workshop, participants will have hands-on experience with several popular tools used for Android application analysis. If you are an Android developer, please feel free to bring and explore your own Android app with us.
Workshop description
What happens in memory, stays in memory! In this beginner workshop, we’ll take our first steps into the fascinating world of Linux Memory Forensics 😊.
This session will introduce the fundamentals of volatile memory, Linux memory management, with a touch on memory acquisition. We will then discover how to investigate memory artefacts and uncover traces of malicious behaviour through a simulated ransomware attack, from identifying suspicious processes and carving out binaries to recovering encryption keys from memory.
We will mostly use the Volatility framework, but this workshop will go beyond a simple command-line tutorial to explore the underlying principles: what are Volatility profiles and why do we need them, what are some interesting artefacts to look for, what to do when there is no command for what we are looking for, where do we even start looking, etc.
Who should attend?
Anyone who wants to discover digital forensics! This workshop won’t require extensive hacking knowledge, however knowing a bit about Linux will help.
Requirements
A laptop capable of running a virtual machine (or a native Linux environment), and a few gigabytes of free disk space (a memory dump can be quite heavy!). We might do a little bit of Python too! The VM will contain all the tools needed for the workshop. If you choose to use your own Linux environment instead, a setup guide will be provided.
Incident response isn't just about knowing your tools - it's about coordinating under pressure, communicating when things go sideways, and making calls with incomplete information. Traditional training focuses on isolated techniques, missing the collaborative reality of actual incidents. And most tabletop exercises? Painfully dull. Participants zone out, give checkbox answers, and leave having learned little.
This workshop introduces Malware & Monsters (https://malwareandmonsters.com), a framework that turns IR training into something people actually enjoy. Think tabletop role-playing meets creature-collection mechanics, where teams "hunt and contain" digital threats through story-driven gameplay.
Game-based learning works - research shows it beats traditional instruction for skill building and retention. M&M makes participants actively discover concepts instead of sitting through lectures. Scenarios include organizational pressures, evolving threats, and stakeholder drama, turning abstract security concepts into tangible problems.
You'll experience the full methodology: learn the mechanics, build custom scenarios based on real malware families (mapped to MITRE ATT&CK), and run live simulations. Participants take specialized roles - Hunter, Analyst, Forensicator, Communicator, Coordinator, or Researcher - experiencing how security functions actually collaborate during incidents.
The framework includes legacy malmons from malware history—because history always repeats itself, and understanding past threats reveals patterns in current attacks. The "type effectiveness" system teaches strategic thinking about matching defenses to threats. Evolution mechanics show how attacks escalate when containment fails.
Participants walk away with ready-to-use materials and facilitation techniques for training that actually works.
Best of all? M&M is free to play in most cases.
Whether you are a Red Team or Blue Team specialist, learning the techniques and tricks of malware development gives you the most complete picture of advanced attacks. Also, due to the fact that most (classic) malwares are written under Windows, as a rule, this gives you tangible knowledge of developing under Windows.
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.
The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)
- Malware Development for Android and Linux (bonus)
Most of the example in this course require a deep understanding of the Python, Kotlin
and C/C++ programming languages.
Knowledge of assembly language basics is not required but will be an advantage
Bash isn’t just an interface to your daily laptop - it’s a weapon. In this hands-on workshop, we’ll push bash beyond its typical use, leveraging it for hacking, data processing, automation, and real-world security applications. Whether you’re crafting exploits, analyzing massive datasets, or automating reconnaissance, this session will equip you with the skills to turn bash into your ultimate hacking tool.
To take part in the workshop, please bring your own laptop.
What can we learn from ordinary packets on the wire, using a disconcerting connected toy as a demo device? How can you tell when something is phoning home? In this workshop, we’ll use Wireshark to observe what devices send and receive during regular operation
This threat modelling training is geared towards beginner to intermediate audiences with software engineering and security engineer/pentester backgrounds who have never done any sort of threat modelling work but are trying to get into it. Practically, anyone can join this class even if they do not have those backgrounds, but at least some basic idea of how programs work on a code level, basic cyber security issues and threats and anybody interested in learning them.
The main goal of this training is to equip participants with understanding the importance of threat modelling in dealing and understanding cyber threats to their applications and networks. The trainer's goal is to prevent more software security bugs from inception by teaching students whether they build more secure software or find underlying security flaws and bugs and minimizing the risks and impact of the engineered software. Participants will be immersed with the popular STRIDE and DREAD methodologies for threat modelling, increasing growing popular PASTA methodology, and they will create their own threat models during the training.
At the end of the training, students shall expect themselves to be able to do a quick threat model of any function/method that they wish to implement in their software, realize the threats that they could introduce or deal with, and finally be able to write a full and complete threat model on their own from start to finish including recommendations, threat scenarios and related risk ratings.
This session provides cybersecurity professionals with practical machine learning skills, from ML basics up to deep learning with TensorFlow. Participants will set up a complete development environment and learn foundational ML concepts through hands-on implementation rather than mathematical theory. The curriculum covers core ML principles through deep learning, with emphasis on security-relevant applications. No advanced mathematics or prior AI experience required.
We break the myth. You don't need a PhD to do AI here.
An online capture the flag event hosted by BSides in collaboration with LetzPwn and CYBEREDU4TEENS.
https://bsides.capturetheflag.lu.
Experiencing issues? Please find a volunteer wearing a LetzPwn badge or CTF sticker.
Building valuable solutions is a complex endeavor that requires a breadth of knowledge. That not being enough, we’re also getting asked to build secure solutions in a secure way - yet what does that even mean? How do we incorporate such a vast area of expertise into our everyday workflows?
In this hands-on workshop, I will introduce you to core security concepts, like the CIA triad or defense in depth - and how we can apply them in everyday work. Based on a practical example, we will go through the development lifecycle with security in mind. You will learn about threat modeling to uncover risks early on, secure coding principles to bake security in, security testing approaches to make informed decisions depending on your risk appetite, and ways of detecting potentially malicious activity to protect against. Interactive exercises at each step will let you experience how security can neatly fit with what you’re already doing without adding artificial gates.
Whether you want to keep your system secure or get a neglected one back in shape, this session is for you. Join us to gain fundamental security knowledge, hone your security skills, and get tactical advice to secure your development lifecycle. Let’s make things a bit more secure than yesterday every day!
In this beginner-friendly workshop we will walk through the analysis of a recent Fancy Bear (APT28) attack chain together. It will feature targeted phishing email, a then-0-day Microsoft Office exploit and multiple follow-up stages to showcase file formats and analysis methods. Additionally, we will take a look at the infrastructure behind the attack.
Cloud & AI Security - Capture the flag hands-on workshop
Breach at Neuralworks: A Wiz Magic Labs Experience
Neuralworks is dealing with an active breach, and traditional defenses aren’t cutting it. In this hands-on workshop, you’ll jump into a real-world scenario to hunt threats across a complex cloud environment.
Using Wiz, you’ll trace the attacker’s path in real-time and see how AI Agents handle the heavy lifting:
Blue Agent: Your lead investigator. It automates the correlation of runtime signals to find the root cause fast.
Green Agent: Your remediation specialist. It provides environment-specific guidance to close security gaps instantly.
This is the best way to see Cloud Detection and Response (CDR) in action and bridge the gap between detection and remediation. Put your skills to the test, neutralize the threat, and join the ranks of the WizGuards.
What can we learn from ordinary packets on the wire, using a disconcerting connected toy as a demo device? How can you tell when something is phoning home? In this workshop, we’ll use Wireshark to observe what devices send and receive during regular operation
Workshop description
What happens in memory, stays in memory! In this beginner workshop, we’ll take our first steps into the fascinating world of Linux Memory Forensics 😊.
This session will introduce the fundamentals of volatile memory, Linux memory management, with a touch on memory acquisition. We will then discover how to investigate memory artefacts and uncover traces of malicious behaviour through a simulated ransomware attack, from identifying suspicious processes and carving out binaries to recovering encryption keys from memory.
We will mostly use the Volatility framework, but this workshop will go beyond a simple command-line tutorial to explore the underlying principles: what are Volatility profiles and why do we need them, what are some interesting artefacts to look for, what to do when there is no command for what we are looking for, where do we even start looking, etc.
Who should attend?
Anyone who wants to discover digital forensics! This workshop won’t require extensive hacking knowledge, however knowing a bit about Linux will help.
Requirements
A laptop capable of running a virtual machine (or a native Linux environment), and a few gigabytes of free disk space (a memory dump can be quite heavy!). We might do a little bit of Python too! The VM will contain all the tools needed for the workshop. If you choose to use your own Linux environment instead, a setup guide will be provided.
Visual Studio Code has become the de-facto IDE for millions of developers, and its extension marketplace is now a first-class target for supply-chain compromise. In this talk we move beyond yesterday’s JavaScript-only “theme” backdoors and show how to fuse high-level TypeScript with low-level Rust to create extensions that are indistinguishable from legitimate Microsoft-signed add-ons—yet silently execute native x86_64 shellcode inside the IDE process.
We begin with a data-driven tour of recent in-the-wild incidents: we begin by examining an array of malicious solidity extensions which targeted blockchain developers with a special emphasis on the “Solidity” extension that stole $500 k in crypto from a Russian blockchain developer. We follow that up with an analysis of the Malicious Corgi malware, and the new self propagating GlassWorm extension - including the later samples seen in the wild which used more advanced techniques. The rise of AI-centric forks (Cursor, Windsurf, etc.) has also given a rise to new extension marketplaces where malicious extension can use inflated download counts to serve as perfect camouflage. Next we deep-dive into the malicious extension toolchain: a Rust FFI bridge that compiles to a library, exposes a single innocent-looking TypeScript API, and preserves the marketplace’s blue “verified” tick. We demonstrate live how to backdoor legit extensions - including cases where the source code is available and when it is not.
We close with defensive takeaways: IoCs and TTPs to look for, defensive rules which can prevent such attacks and possible detection vectors. Attendees leave with a fully annotated GitHub repo that walks them through the process of developing such malware - starting with a "hello-world" C++ addon and building a rust based shellcode loader backdoored into a popular extensions.
Get hands-on with Kunai in this practical workshop! You'll learn to deploy and configure this Linux monitoring tool, then dive into advanced threat detection techniques. We'll start with the basics - installation, configuration, and core functionality - before moving to advanced topics like custom rule creation, IoC integration, and MISP connectivity. Whether you're securing production systems or just exploring Linux security monitoring, this workshop will give you practical skills to detect and investigate threats.
DevOps processes transfer security responsibility to development teams. But how can developers handle that additional task?
Threat Modeling is a structured approach to identifying security problems early, spreading security knowledge across teams, and communicating risks in a way that is accessible to management. In this workshop, we explore lightweight Threat Modeling approaches tailored to DevOps workflows. We also show how gamification can lower the barrier to entry for teams without a strong security background.
We will look at:
* What is Threat Modeling?
* Basic Threat Modeling with STRIDE
* Gamification
* Hands-on Threat Modeling with OWASP Cumulus for a cloud-native scenario
* What's next? Risk, processes, and beyond
Attendees will leave with practical tools and techniques they can immediately apply in their own teams.
Dismantle the bomb by performng different taks
You've identified the vulnerability, tested the exploit, and written the report. But they just don’t see the urgency. Now what? This 4-hour, hands-on workshop bridges the gap between technical mastery and boardroom influence. We'll move beyond simply reporting risks to crafting compelling narratives, quantifying value, and building the relationships necessary to drive meaningful security improvements.
This isn't your typical "compliance" training. We'll delve into the psychology of decision-making, explore adversarial communication tactics (used against you), and arm you with practical strategies to become a trusted advisor who can effectively advocate for security and get things done.
The industry needs more security code reviewers. Vulnerabilities are getting deeper, not simpler, and modern applications fail in subtle ways that scanners, and even AI, routinely miss. Meanwhile, developers are writing less code and reviewing more of it than ever (hopefully).
This workshop is a fast, hands-on introduction to reading code with a security mindset. Through real CVE-inspired examples, you’ll see how tiny inconsistencies, misplaced assumptions, and misunderstood framework behaviour turn into real, exploitable flaws.
You’ll learn how to detect red flags quickly, identify dangerous patterns in small snippets, and build intuition for where vulnerabilities hide. Whether you’re a developer, pentester, or security engineer, you’ll walk away with a foundational methodology for performing clear, consistent, and reliable code reviews.
What does the "perfect" CI/CD pipeline look like, especially one built with security at its core? This hands-on workshop explores that ideal using readily available open-source tools. We'll dissect the essential stages of a modern pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).
Through practical, step-by-step guidance, we'll implement key security checks like Static Application Security Testing (SAST), Software Composition Analysis (SCA), infrastructure vulnerability scanning, and secrets detection using popular OSS tools within a functional pipeline. While we'll showcase specific tools and configurations, the goal is not just replication, but understanding how and why these security controls work.
Discover the underlying principles of secure pipeline design and leave with actionable techniques to start building your own hardened, practical CI/CD pipeline.
This workshop offers an in-depth exploration of advanced methodologies for identifying and analyzing cyber threats emanating from North Korea (DPRK). Participants will learn practical techniques for uncovering malicious activities through Fake GitHub Repositories, Hunting DPRK-based clusters, and exploring comprehensive ByBit Heist that hacked $1.5 Billion. The session will also cover critical threat hunting strategies such as Hostname Analysis, Command and Control (C2) infrastructure identification, Fake Domain Spotting and much more. Attendees will gain valuable insights into the operational tactics of DPRK threat actors and practical skills to enhance their defensive postures against these sophisticated cyber campaigns. Please join this session to deepen your understanding of nation-state cyber operations and strengthen your threat detection capabilities.
Dismantle the bomb by performng different taks
Modern cars are no longer mechanical devices. They're complex, interconnected computer networks. And like any networked system, they can be hacked. This workshop introduces participants to the fundamentals of automotive cybersecurity through real-world, hands-on exploration of in-vehicle communication and attack techniques.
As AV/EDR systems evolve to detect behavioral anomalies, offensive tradecraft must adapt beyond static obfuscation. This talk explores the convergence of Artificial Intelligence and advanced Cryptography in the development of next-generation evasive malware. We will move past traditional packing techniques to examine how lighweight LLMs and cryptographic primitives can be integrated directly into the malware lifecycle.
You will gain insight into:
- AI-Driven Polymorphism: Utilizing embedded or cloud-based AI agents to dynamically rewrite logic and variable structures at runtime, rendering signature-based detection obsolete.
- Cryptographic Context-Awareness: Implementing environmental keying and mathematical "logic locking," where payloads remain cryptographically sealed until specific environmental conditions (verified by AI logic) are met.
- Entropy Reduction: Techniques to make encrypted payloads statistically indistinguishable from benign data or natural language using AI-generated steganography.
This talk bridges the gap between theoretical mathematics and practical weaponization, demonstrating how free, open-source AI models can be weaponized for stealth, and conversely, how defenders can prepare for the age of "thinking" malware.
The Car Hacking Village offers attendees a hands-on, immersive environment to explore the security of modern vehicles. As cars continue to evolve into complex, connected computer systems, the need to understand their attack surfaces and defensive challenges grows. This village provides a safe and controlled space where participants can learn, experiment, and collaborate on real automotive cybersecurity techniques.
LuCy is the 3-year odyssey to bring a new security solution closer to the R&E community in Luxembourg. The open-source project is integrated into an existing IT infrastructure - but wait, why not open it to our Luxembourgish R&E community and that at a low cost! After some reflection it became clear that with a bit of effort the security tools can also be used by the community!
This presentation will be the conclusion on the LuCySe4RE project, presenting the overall highs and lows of the project from a technical, awareness as well as from the human perspective.
As a conclusion, focus will be put on new challenges that emerged after the move from prototype to a fully fully-fledged service, as well as explain new risks that we did not identify before.
In this presentation we will share our lessons-learned from our journey from a prototype to a tool in production and hopefully reach others to start their journey with implementing and promoting open-source projects in their community in future!
Learn or practice your lockpicking skills in the lockpicking village.
Experts say that this has real-life impact, not only to red teamers!
There are over 100 concurrent armed conflicts in the world (+130 according to the ICRC) and all of them have a technological dimension. The planet is rapidly heating. Poverty and economic inequality are rampant. While the international legal order and multilateral institutions are under unprecedented strain, "emerging and disruptive technologies" like generative AI are hyped as miracle cures. How can diplomacy and cybersecurity professionals work together to push back against rising authoritarianism?
In the original Matrix movie, Neo learned Kung Fu through an upload. Imagine if your ML could learn the same way. That's what a pickle file does for ML - "I KNOW KUNG FU" or whatever was in the file that was supposed to be "learned" by your ML model.
What if there was a plot twist where Agent Smith tampered with the Kung Fu module so that it included a fun "bonus" lesson that "taught" Neo to call Agent Smith every time he was trying to find an exit?
That's what's happening in Pickle Files, and that's the setup for ML and AI.
This talk will step through the threat, some examples, and emerging detection capabilities. You will KNOW Kung Fu when it's over.
There are some aspects to identity and access management that have never worked very well, such as delegation. Unfortunately, the stakes just got higher and wider with the explosion of identities that aren't humans, but aren't traditional system and application accounts either.
Even if you're not using them yourselves, it's time to make some decisions on how to deal with agents in your ecosystem.
Learn how to automate incident response triage using open-source tools. This talk shows how to go from forensic collection to collaborative analysis in minutes, with real-world workflows and cloud-based automation.
An online capture the flag event hosted by BSides in collaboration with LetzPwn and CYBEREDU4TEENS.
https://bsides.capturetheflag.lu.
Experiencing issues? Please find a volunteer wearing a LetzPwn badge or CTF sticker.
Dismantle the bomb by performng different taks
As cybersecurity defenders, our job is to prevent breaches. However, threat actors continue to succeed because they constantly evolve their techniques. In this session, I will show you some of the innovative attack vectors that malicious hackers use to target our infrastructure. You’ll learn how these techniques work and more importantly, how to leverage them for your own threat hunting.
What does the "perfect" CI/CD pipeline look like, especially one built with security at its core? In this talk, we'll explore that ideal using readily available open-source tools. We'll walk through the essential stages of a modern secure pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).
We'll cover seven key security stages: pipeline security scanning, code security analysis (SAST and SCA), secrets detection, container scanning, Infrastructure as Code scanning and runtime infrastructure scanning. You'll learn not just which tools to use, but why these security controls matter and how they work together.
Leave with a clear understanding of secure pipeline design principles and actionable techniques to start building your own hardened CI/CD pipeline.
Nowadays, the detection of generic mass-scale phishing attacks is quite
effective. Techniques that leverage indicators of compromise (IOCs) collection
and sharing tools, such as MISP (the Open Source Threat Intelligence Sharing
Platform), are well established and give good results in the field. However,
detection of targeted attack attempts aka spear-phishing, is much more
challenging because the attackers exploit contextual information about the
targets they aim for.
By using up-to-date, relevant and precise information about the inner
operations of the targeted company, attackers can make their deception far more
effective.
SPOT makes use of state-of-the-art natural language
processing (NLP) techniques based on machine learning (ML) and large language
models (LLMs) in particular to try to detect and prevent spear-phishing
attack attempts.
This opensource project was co-financed by the LU-CID initiative by the Ministry
of Economy Luxembourg.
A real-world ransomware attack on a non-IT company where cybersecurity wasn’t a priority. Learn how incident management and business continuity collapsed under pressure, what really happens during an attack, and the lessons leaders must learn shared from real cases presented at Bsides
AI rarely creates entirely new classes of risk. More often, it amplifies weaknesses that already exist in complex systems where architecture, data, and business decisions are tightly coupled. What changes is not the threat itself, but its reach, speed, and impact.
This session shows how threat modeling can be used as a leverage point in two parallel dimensions, in a way that remains accessible to newcomers while still grounded in real-world practice. On the technical side, threat modeling is presented as a concrete decision tool: identifying realistic attack paths, clarifying what actually needs to be tested, and guiding focused actions such as pentest scoping and security control prioritization. The emphasis is not on exhaustive models, but on developing the right security reflexes early, understanding where small inputs can create large business consequences.
In parallel, the same threat model is used as a framework validation layer. Instead of treating compliance as a documentation exercise, threat modeling helps explain how and why controls are applied where risk actually exists. Using approachable examples aligned with ISO 27001, the AI Act, and NIS2 expectations, the session demonstrates how threat modeling supports compliance efforts by making security decisions explicit, traceable, and defensible.
The session is designed for beginners and practitioners in application security, threat modeling, or software engineering, and assumes familiarity with AppSec and SDLC concepts. The focus is not on theory or abstract AI threats, but on real systems, plausible attackers, and practical threat models that help bridge technical security decisions and regulatory expectations from the start.
LLMs are just one piece of the risk, and one piece of the attack surface of an agent. This talk will focus on identifying attack surface components, considering them as a whole, and discussing both defending and attacking agents.
Threat intelligence is often reduced to reactive IOC lists or superficial color-coded reports. This talk dismantles that paradigm. We will explore the application of Cyber Threat (Counter) Intelligence - CT(C)I - in a geopolitical context, demonstrating how to engineer detections that actively hunt sophisticated adversaries operating both outside and inside your perimeter. Moving beyond standard threats, we dissect the rising trend of APT-backed "remote workers" infiltrating organizations using deepfakes and fabricated histories. We will show you how to weaponize cyber counterintelligence and deploy deceptive defenses to expose the threat, transforming your internal environment into your primary intelligence sensor - detection. Finally, we will outline a modern, graph-based "Detection-as-Code" methodology that replaces static documentation with visual, automated defense logic.
Modern infrastructures are increasingly complex, distributed, and opaque — making it difficult for security teams to answer a simple question: what exactly are we protecting?
System cartography provides an essential foundation for cybersecurity governance. It allows organizations to understand their architecture, dependencies, and data flows — the key to effective risk management, incident response, and compliance.
What if I told you the security tool you trust the most (your XDR) is also an attacker's favorite weapon? You spent time, money, and effort deploying it, testing it, fine tuning it, believing it had your back. But what if, instead of stopping threats, it was helping them?
Your XDR isn't broken, in fact, it's doing exactly what it's designed to do and what you set it up to do. The problem? Attackers have figured out how to make it work for them instead of against them.
In this session, we'll discuss how the bad guys manipulate XDR implementations, abuse detection logic, weaponize built-in components, and turn trusted security controls into defensive tools. From abusing existing workflows to full exploitation, you'll see why your XDR might not be protecting you the way you think it is.
The technical track of the AI security village
The Car Hacking Village offers attendees a hands-on, immersive environment to explore the security of modern vehicles. As cars continue to evolve into complex, connected computer systems, the need to understand their attack surfaces and defensive challenges grows. This village provides a safe and controlled space where participants can learn, experiment, and collaborate on real automotive cybersecurity techniques.
Cloud misconfigurations still cause saying-it-out-loud 99% of cloud security failures, but in 2026 the mistakes have mutated. Today’s breaches are less “oops, public bucket” and more over-privileged identities, sketchy SaaS integrations, forgotten test environments, and dangerously helpful defaults in AI and Kubernetes.
This talk introduces a modern hierarchy of cloud misconfigurations based on late-2025 and early-2026 breach data, then flips the script from post-incident cleanup to pre-deployment prevention using Policy as Code (PaC). Instead of finding problems after attackers do, we stop insecure resources from ever being created. We’ll wrap with the Toxic Trilogy, a practical model for spotting cloud assets that are statistically doomed, and show how PaC quietly dismantles all three conditions before anyone has to open a ticket.
Dismantle the bomb by performng different taks
Learn or practice your lockpicking skills in the lockpicking village.
Experts say that this has real-life impact, not only to red teamers!
Threat intelligence has matured significantly in the domain of indicators of compromise (IOCs), with standardised formats and automated sharing infrastructure. Yet when it comes to adversary behaviors - tactics, techniques, and procedures (TTPs), intelligence is still largely delivered through unstructured reports, PDFs, and blog posts. This creates a persistent gap: while defenders receive rich insights, they lack a systematic way to translate those insights into actionable detection engineering outcomes. Measuring detection coverage remains difficult, often reduced to basic ATT&CK matrix mappings that fail to capture the relational and technical nature of adversary behaviors. Meanwhile, intelligence evolves faster than most teams can analyse, leaving detection engineers overwhelmed and without a standardised workflow to prioritise or model new threats.
OpenTide (Open Threat Informed Detection Engineering, an open source framework developed at the European Commission CSOC) addresses this challenge by introducing a structured, top‑down intelligence‑to‑detection flow. At its core are Threat Vectors - an open construct for modeling TTPs at any level of granularity. Threat Vectors can be interrelated to form attack graphs, enabling defenders to build a dynamic and continuous coverage picture as new intelligence emerges.
Within OpenTide, detection objectives and supporting rules are explicitly linked to Threat Vectors, creating a direct mapping from intelligence to detection logic. A normalised schema ensures that unstructured intelligence can be ingested, transformed, and operationalised consistently. Furthermore, experimental integrations with large language models (GenTide R&D Project) accelerate the creation of these objects, demonstrating how automation can reduce the time from intelligence inputs to detection deployment.
By reframing how we model and consume TTP‑focused intelligence, OpenTide provides a scalable path to actionable detection engineering. It enables defenders to move beyond static mappings, measure coverage in context, and continuously align detection priorities with the evolving threat landscape.
OpenTide : https://github.com/OpenTideHQ
AI agents are no longer simple chatbots—they're autonomous systems equipped with powerful tools including shell access, file operations, and database queries. But what happens when an attacker asks nicely?
In this talk, we present a real-world vulnerability discovered in a production AI platform where we achieved full system command execution through natural language conversation. Starting with simple reconnaissance. When the AI initially denied access, we researched and deployed a jailbreak technique that bypassed safety guardrails—all through conversation.
The result? Reading /etc/passwd, enumerating system information, and letting the AI run reconnaissance commands for us. No credentials. No exploits. Just conversation.
Attendees will learn:
- How AI agent architectures create new attack surfaces
- Practical jailbreak techniques for tool-enabled LLMs
- The "Confused Deputy" problem in AI systems
- Defense strategies for securing AI agents
Trust and Traceability: Developer Observability in the AI-Powered SDLC
Safeguarding the enterprise with superior AI risk governance
It has been over three years since AI coding tools first landed, and in 2026, more than three-quarters of developers are using them in their workflows... with or without the knowledge and blessing of the AppSec team. Rumors of developers being replaced entirely have been exaggerated, but crucially, the use of AI in enterprise environments has further uncovered the significant security skills gap that exists among them as they struggle to identify and mitigate vulnerable, AI-generated code.
Security programs must evolve rapidly to reduce this emerging threat vector, but many CISOs lack the necessary data and insights to effectively empower their development cohorts. With AI coding tools touted as both a blessing and a curse for development and software security, there is no better time to ensure the enterprise security program is not just updated to accommodate the increased attack surface, but also actively optimized for SDLC efficiency and cyber defense.
World-class security leaders must rise to the occasion and lead proactive security programs that utilize the right tech stack and strategy to manage developer risk through high observability of their security skills, as well as the security efficacy of their AI technology stack. Developers have immense potential to be central to a defensive security strategy, and they can be empowered with the right knowledge to transform their approach to coding and adopt a security-first mindset. This revolution is vital as the use of AI coding tools grows, and critical thinking from the developer is a must to deploy them safely in their workflow.
Based on AI experiments and key research with CISOs, the presentation reveals the critical pathways security leaders can take to execute incredible developer-focused training programs that reduce risk, shift negative security sentiment in the development cohort, and safely adapt AI technology with precision governance, including:
Understanding comparisons between AI and human coding, what works, and what can affect enterprise security maturity.
Navigating AI data quality issues and establishing safe pair programming with unprecedented developer observability.
Developer upskilling, including benchmarking and growing key security skills with knowledge and governance that leads to better risk mitigation.
How to establish a skills baseline among developers, and grow relevant competency quickly.
The pitfalls of AI vulnerability detection, and the skillset your developers must master to overcome hallucination, insecure code generation and misconfiguration.
Communication on the dark web incorporates specialized coded language, referred to as "dark jargon", which serves to obscure illicit activities and hinder automated interpretation. These illicit activities often have severe real-world consequences, including drug and human trafficking, data leaks
and financial theft through fraud, and the facilitation of child abuse, which emphasizes the need for dark jargon detection and decoding methods. In this lightning talk we aim to explain the basic concepts of dark jargon, its NLP-based detection and interpretation methods as well as the difficulties that impede these.
Stalkerware -software for stalking- is a class of malware aimed at targeted surveillance of individuals.
On contemporary mobile platforms, such monitoring is often enabled not through remote exploitation, but through authenticated access, coercion, and reconfiguration of devices. This creates a gray zone in which surveillance can be implemented via purpose-built stalkerware, but also by weaponizing dual-use applications or native OS-features.
To better understand this class of threats, we've studied definitions, classification, behavior and detection performance through literature in order to address some of the current research gaps. Based on our research, we propose an attack-centric perspective that grounds definitions and analysis in attacker access, persistence, and coercive objectives rather than application identity alone. We consolidate an end-to-end stalkerware attack lifecycle, with particular relevance to real-world Intimate Partner Violence (IPV) scenarios.
Something we hear constantly as defenders is that attacks scale, implying that defences do not. While it is undeniable an attacker can take a 0-day and exploit thousands or millions of hosts, we can also turn the tables as defenders and scale our efforts. In this talk I will show you how you can take a phishing attempt and turn it into a major pain in the ass for an attacker.
Hearing the first time about cybersecurity is exciting! You will learn how to hack things and learn how to defend against hackers. Red team, blue team and even purple team, but no one has told me that I will become more aware of security, or rather, become more aware of the lack of security in my surroundings. This awareness can grow into something much more than just being aware – “being paranoid”.
File identification has been a long-standing problem in software development, traditionally relying on legacy C code embedded within memory-safe applications. Magic-rs is a Rust ecosystem providing near-full compatibility with libmagic's file type detection while eliminating unsafe code. The ecosystem includes Python bindings and a CLI utility called wiza that we will demonstrate. We'll explore key advantages, architecture, and how you can use it in your projects or contribute to improving libmagic compatibility.
This lightning talk will present positive and negative examples related to workplace well-being. It will emphasise the importance of mental health for operational teams such as SOCs and CSIRTs, and explore the pressures CISOs face today. The talk will explore the importance of creating a safe and open environment for cybersecurity professionals. It will also explain how to build a safe harbor for cybersecurity professionals. Furthermore, it will explain how this approach will be reciprocated by these individuals and contribute to a positive workplace culture.
Our journey in Adversary Simulation and Red Team engagements frequently relies on attack scenarios that require physical access, or at least close proximity, to obtain an initial foothold.
To support these missions, we weaponized Raspberry Pi devices and transformed them into modular network implants tailored to our most common operational use cases.
We will look at uncommon situations where attackers have time on their side—waiting for victim devices to quietly whisper their secrets, or using physical proximity in ways that traditional controls, including MFA, were never designed to handle.
This talk presents the internal RioT project, which has been actively used by the DEEP Red Team for more than five years. We will cover its design philosophy, implemented tooling, and a survey of attack scenarios and techniques that enabled successful outcomes during real-world engagements.
Generative AI may not yet be stealing everyones jobs, but it is already impacting the way that we interact with computers, with important implications for cybersecurity. Difficult tasks like network analysis, social engineering defense, and writing safe software will require humans and AI to form teams while relying on mutual trust, and an understanding of the threats posed by the misuse of AI by bad actors. This talk explores research in Human-Computer Interaction applied onto understanding teaming, trust, and threats of Generative AI in cybersecurity.
As organizations migrate to the cloud, threat actors' exfiltration tactics and techniques evolved and targeted the architectural boundaries of cloud service models (SaaS, PaaS, IaaS). Each service model presents different exfiltration options as the responsibility shifts between cloud providers and customers, creating distinct attack surfaces that threat actors use for exfiltration.
Drawing on hundreds of real-world cases from CrowdStrike incident response and threat hunting, this talk moves past the theory to showcase exfiltration techniques that catch even seasoned defenders off guard. We'll dive into:
- SaaS Stealth: Abusing Microsoft 365 via third-party apps and silently exfiltrating DocuSign documents using sync functionality.
- The PaaS Pivot: How ETL platforms could be misused for exfiltration.
- IaaS Tactics: Infrastructure tampering and cross-cloud data transfers.
This session is designed for the defender who has the cloud basics covered but wants to know what they might be missing. Attendees will leave with a clear understanding of these evolved exfiltration paths and most importantly required telemetry and detection ideas.
Open source software is the ultimate neighborhood party—doors open, music playing, people bringing their best dishes (or code). Projects grow fast, the energy is contagious, and everyone benefits from the collective creativity. But in every good party, there’s risk: the friend-of-a-friend-of-a-friend who slips in unnoticed, doesn’t follow the house rules, and eventually leaves you with a hole in the drywall.
In the open source world, that’s dependency hell. It starts with a package you trust—but that package has its own dependencies, which have their own dependencies, and somewhere deep in that chain lurks outdated, vulnerable, or even malicious code. You didn’t invite it, you don’t know it’s there, but it’s living in your codebase rent-free. And attackers love this—because if they compromise just one small link in that long chain, they can crash your entire project.
In this session, we’ll dig into the messy reality of dependency hell and its role in software supply chain security incidents. We’ll examine real-world examples where hidden or neglected dependencies became the entry point for compromise, from typosquatting attacks to maintainer account takeovers. We’ll explore why it’s not just about malicious intent—sometimes the “bad guest” is simply an abandoned project with known CVEs that no one bothered to patch.
Every week, hundreds of threat intelligence reports are published in prose — rich in context, but locked in a format that no SIEM, TIP, or AI agent can consume. Without structure, CTI stays trapped in PDFs and blog posts, disconnected from the defensive stack that needs it most.
This talk presents a practitioner and research-driven approach to closing that gap. Drawing from independent research on the TI Mindmap HUB project and an academic study currently under peer review, benchmarking five LLM families against government-grade STIX 2.1 ground truth, the speaker demonstrates how a hybrid architecture — combining deterministic extraction with LLM-based semantic inference — can transform unstructured reports into machine-readable STIX 2.1 bundles.
Beyond generation, the talk explores how STIX bundles become the foundation for LLM-powered knowledge graphs and how the Model Context Protocol (MCP) exposes structured CTI as tool calls for AI agents — making intelligence not just structured, but conversationally actionable for both human analysts and autonomous copilots.
This is independent research, not a product pitch. The speaker invites collaboration from the CTI community.
Disclaimer: TI Mindmap HUB is a personal, independent research project. It is not affiliated with, endorsed by, or representative of any employer, organization, or commercial entity.
With the use of AI agents catching wind across the offensive security space, from phishing, to fuzzing and penetration testing, it was inevitable that malware would follow suit. While most discussions focus on using AI to generate malicious payloads at the malware’s runtime, or "vibe coding" it, we went a step further: we built a system where AI is the sole participant in the malware creation process itself.
We will begin by talking about how we got to this point, what sparked the idea, and jump into comparing different models - showing which gave the best code, which was most evasive, which prompts worked the best, and what we used in the agent.
We will then dig into the generation process itself – we will show the challenges with earlier implementations, and how we solve them, how to build the workflow to maximize the malware’s capability and randomization, and even how it managed to break signatures.
We will finish by showing how the resulting malware is performing, comparing different samples, and showing how each sample defeated several static malware analyzers, as well as talk about what's next for this agent, and what's next in the domain of AI-generated malware.
This session dives into real-world vulnerabilities by dissecting CVEs directly in the code where they occurred. Each example showcases not just what went wrong, but why, with a focus on the subtle coding patterns, missed assumptions, and language misunderstandings that led to the bugs.
For every vulnerability, we will extract a few key lessons: principles or warnings that developers and reviewers can apply to prevent similar issues.
Linux packers and loaders represent a blind spot in modern cybersecurity defenses. By compressing, encrypting, and obfuscating executable code, these tools enable fileless, in-memory execution that bypasses traditional detection mechanisms entirely.
This presentation dissects the hARMless ARM64 ELF packer/loader to reveal sophisticated evasion techniques: multi-layer page encryption, CRC32 integrity verification, and direct ARM64 syscall invocation. We expose critical security gaps where EDR solutions lack Linux visibility, static analysis fails against packed payloads, and memory-resident execution defeats forensic recovery. The bad news? Traditional EDR solutions are practically blind on Linux, static analysis can't keep up with modern packers, and memory-only execution makes forensics a nightmare. The good news? Well...let's see it together
CFITSIO is a NASA-maintained library widely used for reading and writing FITS (Flexible Image Transport System) data across astronomy, astrophotography, and scientific software. The raw data behind the stunning images from Hubble and Webb telescopes — and even from casual backyard observatories — is stored in FITS format. CFITSIO is often embedded deep inside larger applications and services. One of its core features, Extended Filename Syntax (EFS), turns what appears to be a simple filename into a powerful mini-language supporting virtual files, filtering, filesystem interaction, and network access.
This talk presents original security research into CFITSIO’s Extended Filename Syntax and shows how it quietly expands the attack surface of applications that rely on default CFITSIO APIs. I will demonstrate how EFS can be abused to enable multiple high-impact security primitives, including arbitrary file operations, server-side request forgery, protocol-level manipulation, and unintended data exposure.
These issues are not classic memory corruption bugs, but abuses of legitimate, documented features that are enabled by default and inherited by third-party software without explicit awareness or threat modeling. This research builds on earlier CFITSIO vulnerabilities I previously reported and highlights how feature-rich parsing logic can turn filenames into a supply-chain attack surface.
Presentation on why cloud sovereignty has become a board-level strategic issue, touching on foreign interference, platform lock-in, tech dependency, and the critical insight that not all cloud models are equal.
• Why sovereignty, autonomy, and resilience are executive-level concerns (regulatory mandates, legal exposure, operational continuity)
• The triple threat landscape (foreign interference via US CLOUD Act, platform lock-in costs, tech dependency risks)
• How the guide helps governments and critical organizations with risk mitigation frameworks and compliance mapping
• Two sovereign cloud operating models (Full EU Isolation vs. Guardrail Sovereign)
• Strategic alignment matrix showing how different cloud models match organizational needs
• EU regulatory context (DORA, NIS2, EU Data Act, upcoming Cloud & AI Act)
• Technical controls and implementation priorities
Tired of security training that puts your team to sleep? What if I told you the most powerful training tool in cybersecurity has been sitting in your game room all along? Welcome to the world of game-based learning, where the proven power of play transforms how professionals master complex skills.
Research shows that humans learn best when working together, yet traditional training methods keep pushing isolated, theoretical learning. Game-based learning flips this approach on its head, creating environments where people forget about office politics and actually engage with the material. Through structured play and collaborative storytelling, participants don't just memorize concepts—they live them, breaking down professional barriers and building genuine understanding through experience.
I'll show you the compelling evidence behind why using roleplaying games work, and demonstrate how to transform resistant learners into engaged participants. Using compelling examples, you'll discover how tabletop role-playing mechanics can turn your most challenging training scenarios—from incident response to zero trust architecture—into adventures your team actually looks forward to.
Join me to learn why adding roleplaying games to your professional development isn't just about making training fun—it's about making it work.
Security teams no longer need to manually configure and perform purple team exercises. It is possible to automate and orchestrate all this flow with a combination of automation and artificial intelligence.
Powered by n8n, Elastic, Caldera, TheHive, and LLMs, this orchestration requires zero manual effort after launch. It continuously fetches and updates APT profiles, executes attack techniques, and analyzes detection logs in the alerting system. If a technique is not detected the system checks SIEM logs, if the activity is logged, it suggests a Sigma use case. If both detection and logging are absent, the system recommends configuration adjustments to ensure future visibility.
In addition, security teams no longer need to manually perform Threat profiling to select the correct adversary TTPs. The system analyzes the target organization’s landscape and intelligently suggests the most relevant APT attack scenarios, or allows users to select one.
The final output is a comprehensive report detailing the detection rate, logging rate, technique descriptions, and recommendations to enhance visibility by suggesting new Sigma rules and refining logging configurations.
This is not just another attack simulation tool, it’s a scalable and flexible AI-driven automation workflow that can be adapted depending on the technologies in your environment while continuously optimizing detection, helping defenders stay ahead of evolving threats.
The talk will cover common techniques to upload client-side logs to AWS S3 buckets, integrations with third-party database services like Supabase, and server technologies commonly used for financial data processing, all of which result in leaked API keys when misconfigured. Three distinct vulnerabilities will be demonstrated, each showcasing different variations of the core anti-patterns in multiple contexts. Attendees can expect to receive a structured framework for understanding how these flaws manifest across different technologies. The session will conclude with a comprehensive discussion of targeted fixes that address the root causes of the anti-pattern. It will move beyond surface-level patches to implement architectural solutions that prevent entire classes of similar vulnerabilities. These remediation strategies will include both immediate tactical fixes and longer-term architectural improvements that strengthen overall system security posture.
“We requested a review from security a month ago and there’s no feedback.” Does this sound familiar to you? Maybe you’ve heard that your security team is occupied with other tasks that are “higher priority” and your product is just not. “Nothing we can do, security is an expert’s job.” Or maybe you simply don’t have any dedicated security team in your company. So, your hands are bound and you can’t do anything anyways, right?
What if you could, though? What if you could do a lot more than you might think to make your software more secure? What if you could save time and effort by taking security into your own hands?
In this talk, we’ll go through several activities that you might already do right now, and demonstrate how you can shape these to improve your product’s security posture. Let’s take a few examples: when you’re analyzing the next product changes, you can use threat modeling to also consider potential security issues and hence plan their implementation with security in mind. Collaborating across roles on developing the changes can help you detect security flaws before they make it to production. Investing in maintenance and reducing technical debt will at the same time make your product a less attractive target. When observing production, you can spot malicious actors probing your system enabling you to respond before harm is done.
If you apply good software development practices, they help you make your product more secure, and good security practices help you make software that provides more value and less harm. With and without an expert at hand.
Key learnings:
- Stop waiting for dedicated security experts and start acting yourself
- Understand how good software development practices support security practices and vice versa
- Gain insights on what an engineering team can do themselves to build secure enough products
- Learn how to use this newly found leverage of benefits on all sides when prioritizing which changes and activities to invest in
LLMs are often presented as a shortcut from “hundreds of findings” to “actionable summary.” In reality, getting useful and trustworthy output is less about a single prompt and more about understanding the knobs you can turn - and what typically happens when you turn them.
This talk uses vulnerability assessment results analysis as a concrete example task, but the goal is broader: a research-style exploration of the design space for LLM-assisted summarization. We’ll map the main control surfaces - goal definition, output constraints, input shaping, model selection, evaluation methods, and cost/latency budgets - and show how changing each one affects faithfulness, specificity, consistency, and failure modes.
The session offers a practical framework for experimenting safely: define measurable requirements, run iterative comparisons, and use structured judging to learn which combinations of knobs move you toward “useful” versus “confidently wrong.” Attendees leave with a repeatable way to reason about tradeoffs and a set of patterns they can apply to other security summarization problems.
Dismantle the bomb by performng different taks
Many SOCs invest into powerful Risk&AI-based tools to generate and classify their alerts to "clear-out the noise" and pin-point actual "value" out of the massive amount of data they collect. It is not a secret that nowadays we're collecting on SIEM more data than we'd ever thought possible decades ago, most of which are of no real operational relevance. Some even say "SOC is dead" as this model isn't humanly bearable. Some also offer flashy magic wands that may solve all these issues in a painless plug&play way, while at the same time magically reducing cost (or not).
What's the solution, then? Agentic-AI? Data Lakes? Cloud-first? All valuable solutions, but there's something we can also do upstream: On top of trying to clean a dirty river, decrease its source pollution.
This approach allows also to mitigate a lesser known risk, yet very serious: unknown unknowns in data collection. In the same way alert-fatigue is correlated with False Positives figures/ratio, most CyberSecurity departments focus on the unsustainability of telemetry volumes and forget about False Negatives, hence the useful logs you should be collecting but don't know you don't have. Caring for your car's longevity / performances means also not assuming any fuel would do and hope for the best.
Our solution: Governance and Data Quality. It's not a coincidence that NIST recently added this as a new pillar into its CSF. With the "Identify" pillar you get "informed" decision, yet it's "Governance" that gives the "deliberate" element on what to collect, why, and if it's enough. Having no Logging Data-Compliance framework, or having one that doesn't take into account business values (e.g. BIA, crown-jewels, investments) ultimately results in building Security Monitoring on sand, or focusing in scopes that are so narrow that only security may benefit from it, fueling the "working in silos" approach and goes against the "holistic observability" and "management buy-in" elements.
A network telescope, also called a black‑hole or network sinkhole, is a passive monitoring system that observes traffic sent to large blocks of unused IP address space. Because these IP ranges are never assigned to active hosts and do not generate legitimate responses, any traffic received is by definition unsolicited. This makes network telescopes powerful tools for studying global Internet behavior. They capture background noise, scanning activity, botnet noise, malicious probes, and even misconfigurations that would otherwise remain invisible. At CIRCL we operate a /18 Network Telescope since a long time, and in the context of this presentation, we will explain the potential of such dead network and our use case.
Infostealers silently harvest credentials, cookies, and sensitive data. This session demonstrates how to emulate infostealer behavior browser data theft, keylogging, clipboard monitoring, credential dumping to validate whether your endpoint controls, DLP, and network monitoring would detect the theft and exfiltration. Learn to test your defenses against one of the most prevalent and damaging threat categories.
Every LLM has flaws. It’s been proven that the guardrails on every LLM can be bypassed. When you’re thinking about which ones to build your applications on, what are the key risks you need to be aware of?
In this talk, we will dive into our testing methodology for scanning the most popular LLMs for vulnerabilities where we generated hundreds of thousands of prompts across categories including prompt injection, malware, offensive language, and much more.
We’ll share our LLM risk matrix, and explain the best practices around minimizing the risk of hallucinations, malicious content, indirect prompt injection, and more as you build your LLM-powered applications.
This talk explores a DNS-based OSINT technique that uncovers hidden services and technology dependencies through large-scale TXT record analysis. Attendees will learn how these overlooked records can reveal valuable insights for both offensive and defensive security, and how to integrate this methodology into existing reconnaissance workflows using tools like Nuclei and OWASP Amass.
Everyone agrees leaked secrets are dangerous, yet most organizations still struggle to detect, triage, and fix them effectively. Scanners generate noise, developers ignore alerts, and real secrets slip through unnoticed.
This talk shares the real-world story of building a turnkey secrets scanning and triage platform from scratch, using and extending open-source tools. Designed for scale, the system focuses on reducing false positives, automating validation, and integrating seamlessly into CI/CD pipelines.
Through live demos and practical examples, attendees will see how to turn secrets detection from a checkbox into an actionable security program. The session focuses on real engineering decisions, lessons learned, and how the community can reuse these ideas to solve a problem many know exists, but few truly address.
When we are performing investigations (threat intel, hunting, forensics, malware analysis or anything else), our path is full of pitfalls or more commonly called, “biases”. We do you day to day job, we have our tools, processes and follow playbooks but are we certain that we are not missing crucial informations? In the first half of the talk, I'll explain how we can improve and use our senses in a better way: observe instead of see, listen instead of hear, etc. In the second part, I'll review some common issues that people do when performing malware analysis with real examples that I observed here and there. Even if the abstract mentions “malware analysis”, this is not a very technical talk but it will be helpful for all infosec practitioners.
In this session we are going to walk through how did one "harmless" search spiral into a multi-organization data breach and how did weaponized AI supercharge it into an even bigger leak of sensitive data.
In this session, we’ll unpack the whole story.
Security teams don't miss alerts because they don't care, they miss them because their SIEM never shuts up. Alerts fire constantly, at the wrong time, for expected behavior, until everything starts to sound the same. At some point, it's no longer an alarm. It's just noise.
This talk starts with a simple idea: when an alert fires matters just as much as what it detects. Like a whistle blaring at 2 a.m., many detections technically work, but fail operationally because they lack timing, throttling, or basic context. Alerts trigger during business hours, outside meaningful windows, or so often that everyone learns to ignore them.
Using practical examples, we'll look at common alerting mistakes, why "more alerts" doesn't mean better security, and how small changes, such as throttling, prioritization, and temporal context, can dramatically reduce noise.
From there, we'll walk through what alerts actually matter across application, network, Active Directory, and DNS telemetry, and how to design them so they fire when someone should actually care. The goal isn't silence, it's a SIEM that acts like an alarm clock, not a whistle that goes “woo woo” all night.
The as-a-service model has become ubiquitous across the cybercrime ecosystem. Previously dominated by tight-knit, exclusive groups, cybercrime is now a distributed international marketplace of service providers and consumers. As a result, it is more resilient than ever, with the gaps left by law enforcement takedowns quickly filled by the next opportunistic teenager. However, to operate effectively in this anonymous distributed economy threat actors need to build a reputation to gain trust. Does this give us an opportunity?
In this presentation I will discuss the importance of trust in the cybercrime ecosystem and walk through a real-world investigation involving a prominent phishing-as-a-service (PhaaS) provider. The case study illustrates that trust and OpSec do not mix, exposing threat actors to identification. Attendees will leave with additional insight into the cybercrime ecosystem, hacker culture, and some nifty OSINT tricks.
Phishing is still the dominant attack vector, but detecting malicious sites at scale is difficult. This talk shows how open-source automation can make phishing detection fast and proactive. Using real examples from 200+ Nuclei templates, attendees will learn detection methods, template creation, and practical threat intelligence and OSINT use cases.
Think you can bluff your way through a security talk with zero prep? Now is your chance! At Security Impress Karaoke¹, you'll be handed a totally random, security-themed slide deck you’ve never seen before - and have just 3 minutes to present it like a pro.
The technical track of the AI security village
The Car Hacking Village offers attendees a hands-on, immersive environment to explore the security of modern vehicles. As cars continue to evolve into complex, connected computer systems, the need to understand their attack surfaces and defensive challenges grows. This village provides a safe and controlled space where participants can learn, experiment, and collaborate on real automotive cybersecurity techniques.
Killnet built its reputation as a decentralized Russian hacktivist force - loud, chaotic, and conveniently aligned with Kremlin objectives. But under the surface, it was something else entirely: a centralized operation controlled by a small group, using noise and hate as cover.
This is the inside story of how a team of just nine people delivered a kill shot to destroy this illusion.
Through targeted investigation and direct engagement, we exposed Killnet’s critical weakness: a financial link to Solaris, at that time, one of Russia’s largest dark web drug markets. By publicly tying their operations to organized cybercrime - we disrupted their narrative, broke internal trust, and triggered full collapse. The result? Loss of state support, severed financial channels, and a rapid implosion of the group’s infrastructure.
We’ll walk through how we tracked Killnet’s leadership, exposed its frontman “KillMilk,” and uncovered the criminal network behind the public facade. Along the way, you’ll get a firsthand look at the real tactics - OSINT, infiltration, pressure points - that brought down one of the most visible cyber collectives.
This isn’t just a postmortem. It’s a case study in strategic disruption, showing how small teams can go head-to-head with well-funded adversaries - and win.
Learn or practice your lockpicking skills in the lockpicking village.
Experts say that this has real-life impact, not only to red teamers!
Imagine transforming chaotic incident response into a clear, visual story—no more spreadsheets, just streamlined collaboration and powerful timelines. Kanvas turns IR chaos into actionable insights, letting us map, share, and conquer incidents like never before. And the best thing, it’s Open-Source.
Every day, millions of data points about YOU, whether public, leaked, scraped, or sold, quietly feed into a largely legal ecosystem of personal information. For modern threat actors, Artificial Intelligence (AI) is no longer just a buzzword; it is a tool used to weaponize this data at scale against both individuals and their organisations. What once required a non-trivial skillset in OSINT and social engineering can now be executed by anyone with a prompt and a scraped data set (or worse, an autonomous team of AI agents).
This talk explores the intersection of privacy and offensive security, demonstrating how exposed personal information is harvested and amplified by AI to create highly convincing phishing, deepfake scams, and automated fraud. We will break down how your digital footprint becomes an attack surface and build a defensive strategy to counter it.
We will focus on helping individuals and security leaders identify the human exposure, human attack surface, and cyber risk. We will tie this into Cyber Threat Intelligence (CTI), with actionable techniques for the individual and the SOC alike. We’ll discuss practical tips to deal with exposure, limit data leakage, spot AI-driven targeting and explore actionable privacy practices, such as email masking, and ways to operationalize techniques and services to exercise your GDPR right to be forgotten. Attendees will leave with a clear understanding of the emerging threat landscape and the defensive techniques to remove or reduce the "fuel" attackers use in order for individuals and organizations to protect themselves.
The briefing introduces a framework for organizational response organized across three time horizons, structured around five critical risks, seven high risks, and one medium risk. The framework defines 11 priority actions: Immediate (this week), Near-term (30-90 days), Strategic (6-12 months)
Being "Mythos-ready" does not mean reacting to one model or one announcement. It means permanently closing the gap between how fast vulnerabilities are found and how fast an organization can respond. The same AI capabilities that create this risk also create defensive opportunity: organizations can now find their own weaknesses before attackers do, review code at machine speed, and respond to incidents faster than any human team.
The industry has navigated systemic, hard-deadline threats before. Y2K required coordinated, disciplined effort — and the industry met it. The tools available to defenders today are substantially more powerful. Every action in this framework can begin this week.
Every day, millions of people rely on their web browsers, not only for work but also for study and daily life. Some of us also install browser extensions to utilize useful features. But what happens when those extensions are not as harmless as they seem?
In recent years, there has been a growing number of malicious browser extensions, particularly on platforms like the Chrome Web Store (CWS), affecting millions of users worldwide. Detecting these threats is not straightforward. Malicious extensions behave in many different and sometimes unpredictable ways. Another challenge is the limited availability of corresponding known malware samples, which restricts our ability to investigate these threats in depth.
In this talk, I will share insights from my study that takes a closer look at this problem. I compiled a curated dataset of 460 malicious browser extensions removed from the CWS and analyzed how they behave. By integrating both static and dynamic analysis techniques, I identified a wide range of activities that raise privacy and security concerns, classified as tracking, redirecting, ad injecting, stealing, and unwanted actions. Leveraging static analysis using CodeQL and Python, the study could detect extensions setting cookies for external domains automatically.
Imagine curating an art gallery—you wouldn’t hang just any painting on the wall. Each piece is carefully selected, verified for authenticity, and preserved to ensure a valuable experience for visitors. The same meticulous approach applies to software development.
Secure curation of open source isn’t about stifling creativity; it’s about ensuring that the dependencies we bring into our applications are secure, well-maintained, and reliable. As an art curator protects against forgeries and deterioration, developers must assess third-party components for malware, tampering, vulnerabilities, licensing risks, and long-term sustainability.
This talk will explore why curation is the foundation of secure software supply chains. We’ll discuss practical strategies for evaluating dependencies, maintaining a trusted repository, and leveraging free tools to automate the process. By adopting a safe curation mindset, developers can sleep better at night, knowing their applications rest on a foundation of safe, high-quality components.
Does end-users spontaneously connect USB sticks fiund in public places to their personal or professional computers ?
To this end, a controlled experiment was carried out in Luxembourg, where 250 USB sticks were voluntarily “lost”. The results revealed a high success rate, estimated around 20%, with the first connection recorded in just a few minutes. We believe that these users are acting out of curiosity or altruistic intent, seeking to identify or restore the owner of the key.
However, they do not perceive the risks associated with their gesture. The study highlights the persistence of USB key attacks as an effective intrusion vector, and underscores the need to make users more aware of the dangers they represent.
AI-as-a-Service adoption is surging, yet 90% of it is unmanaged 'Shadow AI,' leaving organizations exposed to novel threats like the OWASP LLM Top 10. This session dives into the critical gap in current AI logging platforms and APIs, detailing why traditional security controls fail and offering a path to centralized visibility for effective detection and response.
An online capture the flag event hosted by BSides in collaboration with LetzPwn and CYBEREDU4TEENS.
https://bsides.capturetheflag.lu.
Experiencing issues? Please find a volunteer wearing a LetzPwn badge or CTF sticker.
Dismantle the bomb by performng different taks
This Birds of a Feather session will focus on how AI tools are being used to secure environments, the training necessary for teams to identify security issues and the impact of AI on job security for security jobs. Participants will discuss and share experiences on:
- AI Tools in Cybersecurity: Explore how AI tools are currently enhancing security and the most effective tools available today.
- Training and Skill Development: Discuss recommended training programs and certifications that help teams leverage AI in cybersecurity.
- Job Security and AI: Debate whether AI will replace certain roles or create new opportunities, and how professionals can stay relevant.
At the end of this session, participants will leave with ideas on using AI tools, available training for their teams, and strategies to remain irreplaceable in an AI-driven world.
This open discussion invites all cybersecurity professionals regardless of the experience level.
With a 308% increase in AI-generated fake content between 2024 and 2025, the justice system faces an authenticity crisis. This talk explores real-world cases: from voice cloning for scams in Brazil to lack of a convergent pattern in spoofing crime investigations in Portugal, how can we empower professionals to identify synthetic evidence and understand the limits of the admissibility of expert evidence in the age of Artificial Intelligence?
This talk explores Kunai, an open-source security monitoring tool that brings threat-detection capabilities to Linux systems using eBPF technology. We begin with an overview of Kunai's purpose, architecture, and core monitoring capabilities. The session then dives into recent advancements, highlighting key features and improvements. Finally, we examine practical use cases in threat detection, incident response, and digital forensic analysis, demonstrating how Kunai enhances cyber incident investigations.
Commercial spyware like Pegasus can compromise mobile devices without any user interaction (zero-click attacks) that bypass traditional security.
With thousands of confirmed infections and 50,000 suspected targets since 2016, this threat extends beyond journalists and activists to strategic sectors: energy, transport, telecommunications, and defence.
Learn how nation-state spyware works, see real evidence of infections, and discover how forensic-grade detection tools can protect executive teams and board members in high-value organisations.
The Dark Web is a scary place. In order to deter the cybercrime, I feel confident exploring its dangerous grounds and know well how to use the Dark Web to defend the victims. I want to invite you on this journey of venturing far beyond your defense perimeter, where cyber criminals are just planning their attacks, and teach you how you can use this knowledge as defensive skills to prevent attacks from happening in the first place.
Our CSIRT found that in 4 out of 5 security incidents, there were pre-existing alerts.
Most organizations don't get breached because they lack tools. They get breached because of predictable, repeatable mistakes. The kind our SOC and CSIRT teams at ACEN see across 500+ incidents in European organizations.
This session breaks down the patterns and numbers that matter: where attackers consistently get in, what organizations consistently miss, how many hours go into responding to an incident, and what separates the ones that contain a breach from the ones that don't.
Embark on a whirlwind tour of global cyber deception with a seasoned(?) security engineer who's been running honeypots in some of the world's most intriguing locales, including the bustling digital battleground of Ukraine. This talk will blend humor and hard-won wisdom to reveal the lessons learned from deploying, customizing, and maintaining honeypots across diverse environments. Participants will enjoy a lively narrative filled with tales of cyber trickery, cultural quirks, and the occasional mishap, all while gaining actionable insights into enhancing their own security strategies.
Early in my career, while working as a junior engineer at an emerging AI startup in Seattle, Washington, USA, during the first wave of commercial AI adoption, our company suddenly became the target of an extreme and highly disruptive phishing campaign. Shortly after we received public attention as a “hot startup,” phishing volume surged to the point that it flooded employee mailboxes and interfered with normal operations. The messages were convincing enough that at one point an employee ran through the office claiming that our CEO was stranded at an airport and urgently needed financial help.
What initially felt like an uncontrollable background problem became a significant security and operational risk. Rather than accepting it as inevitable, we began analyzing the phishing emails in detail— treating them as data rather than noise. By correlating sender IP addresses and examining publicly available IP allocation and routing information, we discovered that although the emails appeared to originate from many different sources, the traffic consistently traced back to a small number of allocated IP blocks.
We mitigated the immediate risk by blocking those ranges at the email gateway, which dramatically reduced the volume of phishing. Digging further into the upstream infrastructure revealed that the IP space was associated with a data center in Luxembourg, operating email security and anti-spam systems. At the time, I was in the process of reclaiming my Luxembourg citizenship through ancestry on my mother's side, and the situation prompted a different line of thinking: if similar infrastructure under my supervision was being abused, I would want to know about it.
Instead of assuming malicious intent, we reached out directly to the infrastructure operator, shared sanitized examples of the phishing messages, and coordinated a responsible disclosure. Despite internal skepticism that this amounted to “talking to the attackers,” the response was professional, the issue was investigated, and the phishing activity largely stopped. We also filed a report with the regional internet registry.
Looking back, this incident shaped how I think about security problems that seem impossible or overwhelming. Not every issue is solved with more tooling or escalation. Sometimes, careful deduction paired with human communication and empathy can break deadlocks that technology alone cannot.
AI agents are different from regular LLM apps — they plan steps, call tools, and chase goals across multiple interactions. This added complexity introduces new kinds of security risks that aren’t widely understood yet.
In this talk, I’ll walk through demos of vulnerabilities from the OWASP Agentic AI Threats. These include goal hijacking, alignment faking, orchestration misuse, and time-based attacks that exploit how agents behave over multiple steps or sessions. I’ll show how attackers can trick agents into following the wrong goals, leaking data, or using tools in unsafe ways — all through practical examples.
We will discuss practical use of open source tools for detection engineering built by SOC Prime team, including DetectFlow, Uncoder and how it combines with open source data pipeline stack like Kafka, Flink and Flink agent. The goal of DetectFlow is to elevate role of Detection Engineers above SIEM stack, and gives us all signals, context, threat intelligence and building blocks to fully design and operate Detection and Response workflows. The architecture of Detection Pipelines furthermore makes work of Security Analysts curious and enjoyable again, as it eliminates large part of the routine work they did, and focuses on the main thing human does better than AI = understanding connections, specific to the cyber domain and specific to your organization. Our approach equips people to address tremendous complexity of the cyber domain, which now simply exceeds possible knowledge that any human can physically fit.
Event Strategy & Structure
Core Mission: A 2-day, open-floor "village" dedicated to exploring real-world security risks in Agentic AI, Model Context Protocol (MCP) architectures, and LLM workflows.
Alignment: All content and threat models are strictly aligned with OWASP guidance (LLM Top 10 & AI Security Exchange).
Dynamic Flow: Unlike traditional linear training, this is an exploratory space. The schedule is fluid; organizers will pivot topics, attack scenarios, and deep dives in real-time based on what attendees find most interesting.
Village Logistics
Open Access: The village runs continuously for two days with no fixed start/stop times.
Drop-in Format: Attendees are free to enter, observe, leave, and return at will. This supports the casual, "hallway con" culture of BSides events.
Parallel Tracks: Multiple activities (demos, labs, discussions) happen simultaneously, allowing for natural scaling of depth from beginner to advanced levels.
Organizer Responsibilities (The Blue Team/Red Team)
Live Operations: Organizers act as facilitators, maintaining intentionally vulnerable infrastructure (LLMs, RAG pipelines, Autonomous Agents, MCP Servers).
Interactive Walkthroughs: Instead of formal talks, organizers provide short, continuous breakdowns of attacks, explaining why a specific trust boundary failed or how a design choice created a vulnerability.
Adaptive Defense: Based on audience feedback, organizers will live-patch systems or remove mitigations to demonstrate how security controls impact attack feasibility.
Attendee Experience (The Red Team)
Hands-on Exploitation: Attendees can directly interact with deployed systems to attempt prompt injection, logic-based attacks, and tool abuse.
Feedback Loop: Attendees actively shape the curriculum by voting on which systems to attack next or requesting deeper focus on specific failure modes.
Collaborative Defense: A key component is discussing defenses; attendees can propose architecture changes or guardrails, which organizers can discuss or implement live.
Hands-on Labs & Infrastructure
Self-Paced Playgrounds: Dedicated stations will run continuously for independent learning.
Dreadnode Crucible: Focuses on practical exploitation of LLMs and agents.
Lakera Gandalf / Agent Breaker: Gamified challenges covering prompt injection, goal hijacking, and instruction drift.
Purpose: These labs ensure that even if the live demo is advanced, beginners have a place to start learning fundamentals.
Agenda:
Breaking LLM Systems
Theme: Fundamentals of LLM vulnerabilities and the OWASP LLM Top 10.
Live Targets: Minimalist LLM deployments and chat interfaces.
Deep Dives:
Guardrails: Examining internal mechanics and demonstrating how to bypass practical limitations.
RAG Security: attacking Vector Databases and poisoning retrieval contexts (RAG-specific threats).
Agenda: Agentic AI & MCP Security
Theme: The core focus of the village—Autonomous Agents and the Model Context Protocol (MCP).
Complex Workflows: Demos will feature multi-step agents that can plan, execute, and interact with external tools.
Key Attack Vectors:
Instruction Hijacking: Forcing an agent to deviate from its original goal.
Tool Abuse: Exploiting over-privileged MCP capabilities (e.g., an agent with unrestricted file access).
Trust Boundaries: Analyzing failures in the handshake between Agents and MCP servers.
As AI agents evolve from simple chatbots into autonomous systems capable of executing code and making API calls, traditional security boundaries are failing. We can no longer rely on brittle regex filters or the "black box" safety rails of LLM providers. In this session, I will unveil the architecture behind the SovereignShield ecosystem a multi-layered, deterministic defense framework for modern AI applications. We will break down the engineering mechanics of our three core products: IntentShield (outbound action auditing), LogicShield (semantic enforcement), and the unified SovereignShield firewall.
Most organizations run Software Composition Analysis, yet very few actually use the results effectively. Alerts pile up, developers ignore findings, and security teams drown in noise.
This talk tells the story of building an in-house SCA platform from scratch using open-source tooling, designed to scale across large organizations while focusing on what actually matters. We’ll explore how to normalize results, prioritize vulnerabilities based on real risk, and integrate SCA into CI/CD in a way developers don’t hate.
Backed by real production usage and a live demo, this session focuses on practical techniques, not theory, to turn SCA from a checkbox into something teams can act on. Attendees will leave with ideas, patterns, and open-source approaches they can apply immediately.
The Car Hacking Village offers attendees a hands-on, immersive environment to explore the security of modern vehicles. As cars continue to evolve into complex, connected computer systems, the need to understand their attack surfaces and defensive challenges grows. This village provides a safe and controlled space where participants can learn, experiment, and collaborate on real automotive cybersecurity techniques.
Dismantle the bomb by performng different taks
Learn or practice your lockpicking skills in the lockpicking village.
Experts say that this has real-life impact, not only to red teamers!
The purpose of this panel is discuss where the participants see the still-young, still-emergent discipline of Detection Engineering going.
The tools and know-how presented over the last 2 days in the village will be pitted against ideas from Diana (moderator) and the audience.
The panelists will try to explore together how the detection engineering landscape might evolve over the next few years,
The ransomware ecosystem thrives in the shadows of fragmented intelligence and siloed expertise. Defenders do the hard work — forensic timelining of incidents, tracing cryptocurrency flows, reverse engineering payloads, negotiating with threat actors — yet that knowledge rarely travels far beyond the individual or organization that earned it. Ransom-ISAC's L.O.C.K. S.T.A.R. (Level of Critical Knowledge in Specialized Techniques on Advancements and Research) initiative was built to change that. This talk introduces L.O.C.K. S.T.A.R. as a community-driven recognition framework designed to surface, validate, and amplify the work of ransomware researchers and practitioners across eight critical domains — and explores how structured knowledge sharing can become one of our most powerful weapons against ransomware.
Identifying and managing the third party risk while continuing to comply with business needs and regulatory requirements.
Large Language Models are increasingly used to assist developers in writing code, but how secure is the code they generate? This lightning talk explores the security risks introduced by LLM-generated code, from common vulnerability patterns to the challenges of evaluating and improving model outputs. Drawing from ongoing PhD research at TruX, SnT (University of Luxembourg), this talk offers a concise overview of the current landscape and open research questions in LLM-assisted secure software development.
Built for the frontlines of cyber defense, our next-generation MISP Workbench empowers edge deployments and threat hunters with fast, lightweight, and actionable intelligence, anytime, anywhere.
Conferences can make good things happen
At OpenSourceLux 2025, we introduced url-checker-tools, a Python CLI toolkit for URL threat assessment through multi-source intelligence gathering, optional YARA-based local inspection, and configurable security scoring.
At BSides Luxembourg 2026, we present the next step: url-checker, a Python Flask web platform exposing a REST API that allows external services to submit URLs for automated verification before publication: initially built to prevent malicious URLs from reaching Fondation Restena's edu.lu shortener users. The platform orchestrates synchronous validation checks alongside asynchronous security assessments delegated to url-checker-tools via job queues, persists results in MariaDB, and includes a MISP integration proof-of-concept for community threat intelligence sharing.
We share our approach for the general Restena Use Case, overall design, production hardening lessons, and our roadmap toward an open, composable, self-hosted URL security infrastructure for the CSIRT community the NetCarapace concept (https://github.com/organizations/NetCarapace).
The BSides CTF Walkthrough Session is a live, introductory tour of some of the selected challenges of this yearly BSides Luxembourg Capture-the-Flag competition. During this interactive activity, we will not walk through every challenge step by step, instead we will very specifically discuss the tasks that the participants found most interesting and frustrating, this could be a web exploit, LPE, OSINT or crypto puzzle, so that by the end of the session both those with little experience and those with more experience have a more overall idea of how to think during a CTF.
What would you change if you could go back and rebuild your company’s security foundations from day one?
In 2020, I had the chance to build a security program from the ground up for a brand new company in the banking/fintech space.
Some of the decisions we made aged well, and would still be relevant in 2026.
Other decisions, or the lack of them, have not, or simply could not be made back then due to a different technological environment.
In this talk, we'll look at what worked great, what didn't, and what we'd have to do differently if we tried again today.
SOC cutting edge!
The afternoon of May 8th will feature a 'village fair' where the rooms will be split into demo 'Islands'.
The audience is invited to go see demos of the talks, tools, how-tos etc. presented over the last 1.5 days of the village!
Go check out the tools and talks that you really liked, see how modern SOCs are run today.
Two blokes. One strategy. Train to Win or don’t bother playing
There is little excuse for organisational failure when executing incident response as nearly every possible cyber security scenario has not only been documented but could be "role played" by your team well in advance of an actual incident.
Join Klaus Agnoletti & Ian Thornton-Trump for a talk focused on creating role playing experiences for your organization - based on the latest adversary threat intel.
Specific Take Aways include:
- Listening at the Door
- Is there a sleeping Panda, Kitten, Bear or Spider lurking in the network?
- Checking for Traps
- Can IR activities be carried out without alerting the threat actor?
- Containment
- Can the threat actor be contained, or will they run and bring in reinforcements?
- Clearing the Room
- The threat actor may put up a fight, do you need to bring in additional help?
- Looting the Room
- The treasure is the experience, the coin is your pay check
A hilarious RPG focused talk combining the best elements of scenario driven IR training with a creative spin.
One of the top concerns in the age of AI is cyber attacks, and one of the weak links in defense is AI itself. From prompt injections to agents -self organizing into botnets or far worse, we need some basic level of security for any AI workloads. And while we have seen a cohort of startups being acquired in the space through 2025, is the issue really solved? Does security for AI has to be yet another budget spend, or can we do better with open source and open standards? We will discuss an open source project, AIDR bastion, which was made inside our own SOC and released to the world, things which work and shortcomings. Goal of the talk is to discuss issues and possibilities.
GenAI applications have moved from being single prompt wrappers to long chains of LLM calls, tools, and agentic workflows. In these systems, guardrails cannot live on a single isolated prompt. They need to be designed based on how data flows through the application, how permissions are enforced, and which risks are relevant for the use case.
This talk shares practical experience from helping teams design and test guardrails for LLM applications. Prompt-based guardrails tend to fail under determined attackers, so they must be combined with application-level controls and feedback mechanisms that allow the system to detect and respond to prompt attacks.
Rather than evaluating models in isolation, the focus is on testing the application itself. This includes testing how inputs and outputs propagate through LLM chains, how intermediate results are reused, and how guardrails interact across different stages of a workflow. The talk shows how this can be tested in practice using spikee (https://spikee.ai), an open source tool built to test LLM applications for prompt-based attacks.
This report presents the first documented analysis of Cross-Chain TxDataHiding (XCTDH), a novel command-and-control technique employed by DPRK-linked threat actors in cryptocurrency theft operations. The attack leverages multiple blockchain networks—TRON and Aptos as decentralized pointer systems, and Binance Smart Chain (BSC) for encrypted payload storage—to create virtually untraceable, takedown-proof malware infrastructure.Discovered during investigation of a malicious GitHub repository used in fake job recruitment campaigns, this technique represents a significant evolution from previously documented blockchain-based C2 methods. Unlike Etherhiding (which stores payloads in smart contract storage), XCTDH embeds malicious code within blockchain transaction input data across multiple chains, retrieved via standard RPC calls that are indistinguishable from legitimate cryptocurrency traffic.The attack chain begins with social engineering through fraudulent job postings, progresses through weaponized repositories containing heavily obfuscated JavaScript, and culminates in multi-stage payload delivery that evades modern EDR solutions. At an operational cost of approximately $1 USD, attackers establish resilient infrastructure that can dynamically update payloads, automatically failover between blockchain networks, and resist traditional takedown efforts—all while appearing as legitimate crypto wallet activity.This analysis details the technical mechanisms, attribution indicators linking the campaign to DPRK operations, economic asymmetries favoring attackers, and the strategic implications of blockchain-based C2 for the future threat landscape.
SQL injection and broken authentication remain persistent threats in modern web applications, yet many developers continue to assume that new technologies are immune to classic attacks. This presentation examines a real-world penetration test where we discovered critical SQL injection and authentication bypass vulnerabilities in a production GraphQL API backed by PostgreSQL—proving that architectural shifts don't eliminate fundamental security flaws.
Dismantle the bomb by performng different taks
As AI systems evolve, integrating security from the design phase is crucial, following the "shift left" approach to prevent vulnerabilities. This session offers an overview of threat modeling for AI systems, including organizing engaging sessions, using appropriate tools, and applying methodologies such as STRIDE. Participants will learn to proactively address security concerns and in turn ensure robust protection by identifying and mitigating potential threats specific to AI technologies - with reference to OWASP research. The session will also provide tips on making threat modeling sessions interesting and interactive in order to ensure active participation and effective outcomes. The goal is to make security a foundational element in AI system development rather than an afterthought.
Digital and cyber risks do not always fit into standard risk assessment paradigms; they might use different language or touch upon complex causal or interdependence relationships. This non-technical talk will guide listeners on digital security training and storytelling techniques that will leave their audience feeling more empowered and better able to assess and mitigate digital risks. It will look at how to position digital risks next to other risks and look at how smart and empathetic threat modelling can combat nihilistic feelings of universal surveillance.
This is a hands-on presentation that will guide you through the world of PDF exploitation, showcasing how this ubiquitous document format can serve as a vessel for malicious JavaScript malware. Dive into real-world vulnerabilities that have been leveraged to execute harmful code directly through PDF files posing major threats in today's cybersecurity landscape.
Key exploit techniques explored will include:
Data Exfiltration Tactics: Discover methods for covertly extracting sensitive data, such as email addresses and system information, from unsuspecting users.
Embedding Malware in PDFs: Learn how adversaries embed malicious scripts within PDF files, tricking users into triggering exploits in Adobe Reader through typical file interactions.
We'll dissect techniques including shellcode injection, buffer overflow attacks, Adobe Reader exploitation, and memory manipulation each engineered to deliver and execute malware efficiently.
This session is ideal for offensive security professionals, penetration testers, and threat emulation experts seeking to elevate their understanding of PDF-based threats and enhance their testing skills. Uncover how these sophisticated attacks work and walk away with actionable strategies to counter them.
More information about the presentation can be found in this article: https://labs.segura.blog/unmasking-the-threat-a-deep-dive-into-the-pdf-malicious-2/
What do Niccolò Machiavelli and Grover's Algorithm have in common? More than you think. While one mastered the art of political manipulation in the 1500s, the other promises a quadratic speedup for quantum key search. But when these two worlds collide, something unexpected happens: The quantum oracle misfires.
In this talk, we build Grover search oracles directly from Renaissance Italian texts —
Il Principe, Orlando Furioso, Il Cortegiano, I Ricordi — and measure exactly how much
linguistic redundancy contracts the cipher key space. We then simulate those oracles on a real quantum statevector and watch the standard iteration formula get it catastrophically wrong.
We will dive into:
- The Corpus-Driven Oracle: How character-level n-gram redundancy defines the fraction of "good" keys p_good — the sole parameter governing both classical exhaustive search and Grover oracle call count.
- The Discrete Resonance Failure: At one statistical threshold, the textbook formula predicts 2 optimal iterations. The real quantum simulation needs 24 — making quantum search four times slower than classical at that point. We dissect why.
- The L=600 Transition Zone: An empirical anomaly where stylistic variance in 16th-century prose (Latin citations, proper-noun lists) creates a chaotic instability band that separates statistical noise from structural reality.
- QUBO vs. Grover: Why compressing a 23-letter alphabet to 7 letters breaks the annealer but leaves the quantum oracle unaffected — and what that tells us about attack-surface geometry.
Join us for a journey where orthography meets qubits, proving that whether you hold a quill or a
quantum processor, redundancy is the enemy of secrecy — but discrete arithmetic is the enemy
of quantum speedup.
Building on three years of agentic AI and automation knoweldge, this session will take the Always-On Purple Team to its boldest step yet: Include AI-powered red team agents performing OSINT, EASM, and payload delivery to gain initial access before handing off to a continuous purple teaming pipeline. Expect (b/d)ad jokes, live demos, lessons learned, and proven practices.
This talk explores building an always-on AI-powered purple team that integrates red and blue team operations. It focuses on automating offensive tactics starting from initial breach, using agentic AI frameworks and industry protocols to enhance reconnaissance, attack planning, and execution while ensuring human oversight and security governance.
Event Strategy & Structure
Core Mission: A 2-day, open-floor "village" dedicated to exploring real-world security risks in Agentic AI, Model Context Protocol (MCP) architectures, and LLM workflows.
Alignment: All content and threat models are strictly aligned with OWASP guidance (LLM Top 10 & AI Security Exchange).
Dynamic Flow: Unlike traditional linear training, this is an exploratory space. The schedule is fluid; organizers will pivot topics, attack scenarios, and deep dives in real-time based on what attendees find most interesting.
Village Logistics
Open Access: The village runs continuously for two days with no fixed start/stop times.
Drop-in Format: Attendees are free to enter, observe, leave, and return at will. This supports the casual, "hallway con" culture of BSides events.
Parallel Tracks: Multiple activities (demos, labs, discussions) happen simultaneously, allowing for natural scaling of depth from beginner to advanced levels.
Organizer Responsibilities (The Blue Team/Red Team)
Live Operations: Organizers act as facilitators, maintaining intentionally vulnerable infrastructure (LLMs, RAG pipelines, Autonomous Agents, MCP Servers).
Interactive Walkthroughs: Instead of formal talks, organizers provide short, continuous breakdowns of attacks, explaining why a specific trust boundary failed or how a design choice created a vulnerability.
Adaptive Defense: Based on audience feedback, organizers will live-patch systems or remove mitigations to demonstrate how security controls impact attack feasibility.
Attendee Experience (The Red Team)
Hands-on Exploitation: Attendees can directly interact with deployed systems to attempt prompt injection, logic-based attacks, and tool abuse.
Feedback Loop: Attendees actively shape the curriculum by voting on which systems to attack next or requesting deeper focus on specific failure modes.
Collaborative Defense: A key component is discussing defenses; attendees can propose architecture changes or guardrails, which organizers can discuss or implement live.
Hands-on Labs & Infrastructure
Self-Paced Playgrounds: Dedicated stations will run continuously for independent learning.
Dreadnode Crucible: Focuses on practical exploitation of LLMs and agents.
Lakera Gandalf / Agent Breaker: Gamified challenges covering prompt injection, goal hijacking, and instruction drift.
Purpose: These labs ensure that even if the live demo is advanced, beginners have a place to start learning fundamentals.
Agenda:
Breaking LLM Systems
Theme: Fundamentals of LLM vulnerabilities and the OWASP LLM Top 10.
Live Targets: Minimalist LLM deployments and chat interfaces.
Deep Dives:
Guardrails: Examining internal mechanics and demonstrating how to bypass practical limitations.
RAG Security: attacking Vector Databases and poisoning retrieval contexts (RAG-specific threats).
Agenda: Agentic AI & MCP Security
Theme: The core focus of the village—Autonomous Agents and the Model Context Protocol (MCP).
Complex Workflows: Demos will feature multi-step agents that can plan, execute, and interact with external tools.
Key Attack Vectors:
Instruction Hijacking: Forcing an agent to deviate from its original goal.
Tool Abuse: Exploiting over-privileged MCP capabilities (e.g., an agent with unrestricted file access).
Trust Boundaries: Analyzing failures in the handshake between Agents and MCP servers.
This is where we hand out the awesome CTF prizes from SecuInfra and Defensive Security
the prizes: Secret until the CTF is published!