Talha Ucar

Talha is a Cyber Threat Intelligence Specialist at the National Cyber Security Centre Netherlands (NCSC-NL), where he plays a role in safeguarding the nation's critical and vital infrastructure. Prior to his current position, Talha gained extensive experience at Fox-IT, a leading cybersecurity firm known for its advanced threat detection and response capabilities. At NCSC-NL, he focuses on detecting and mitigating risks posed by nation-state actors, leveraging his experience in threat analysis and strategic defense. Furthermore, he works closely with the National Detection Network to enhance the resilience of the Dutch government against cyber threats.


Session

09-05
13:05
30min
Inside NCSC’s CTI Team: Tracking Threat Actors Targeting the Netherlands
Talha Ucar, Juriaan Spierenburg

From covert state-backed espionage to financially motivated cybercrime, from politically charged hacktivism to digital sabotage—threat actors targeting the Netherlands come in many forms, and their tactics are constantly evolving.

In this talk, the Cyber Threat Intelligence (CTI) team of the Dutch National Cyber Security Centre (NCSC) offers a rare behind-the-scenes look at how they investigate and analyze these threats in support of the Dutch government and critical infrastructure sectors.

Through real-world case studies, we’ll demonstrate how our team monitors, classifies, and contextualizes activity from a wide range of threat actors—including nation-states, cybercriminal groups, hacktivists, and actors with sabotage-related intents. You’ll see how this intelligence fuels key NCSC products like the CTI-Report and the quarterly Threat Landscape Analysis, which provide essential context and action-oriented insights to our partners.

We’ll also present Pharos for the first time: a powerful, in-house developed tool that continuously scans the internet for signs of malicious infrastructure. By leveraging sources like Censys, Shodan, and VirusTotal through custom queries, Pharos helps us identify suspicious IPs, domains, certificates, and more—before they’re used in active campaigns. We will explain how we leverage this type of intelligence, not only for ourselves but within a broader cybersecurity ecosystem.

Join us for a deep dive into the operational world of national CTI: where strategic intelligence meets technical investigation, and where safeguarding the digital security of the Netherlands is a daily mission.

Main track
Main track