Lectures

 

Code Red: Threat-Led Tabletops for Critical Infrastructure Defense

Imagine a ransomware attack crippling your city's power grid. Are you prepared? Recent attacks highlight the vulnerability of critical infrastructure to sophisticated cyber threats. Traditional security measures are no longer enough.
This presentation dives into threat-led tabletop exercises, enhanced with AI-driven attack simulations, as a powerful tool for critical infrastructure defense. By combining real-world scenarios, up-to-date threat intelligence, and cross-sector collaboration, these exercises expose critical vulnerabilities and strengthen organizational resilience.
Participants will learn how to design and implement exercises that test incident response plans under pressure, identify hidden security gaps, and improve communication between IT, OT, and executive teams. We'll explore how these simulations drive strategic security investments and foster a proactive security culture, ensuring readiness for tomorrow's complex cyber threats. Join us to gain actionable strategies for safeguarding your critical infrastructure and minimizing the impact of cyberattacks.

Matteo Cuscusa
Cuscusa Web & Security SRL
About Lecturer

Cybersecurity in the Era of AI and Quantum Computing

Cybersecurity is rapidly evolving, shaped by artificial intelligence (AI) and the emergent potential of Quantum Computing. AI enhances security through automated detection and analysis, swiftly processing vast amounts of data to spot and predict threats, and Quantum Computing holds the promise to revolutionize various industries by offering unparalleled computational speed and efficiency, enabling it to tackle complex problems far beyond the reach of classical computers.
Yet, these benefits also come with risks: AI's capabilities can be exploited for advanced phishing, vulnerability discovery, and creating adaptive malware, complicating the cybersecurity landscape, while Quantum Computing further challenges digital security by threatening to undermine traditional encryption, making existing protections potentially obsolete.
This session will explore the mixed impact of AI and Quantum Computing on Cybersecurity, highlighting both the advancements and vulnerabilities they introduce. We'll discuss current threats like supply chain attacks and ransomware, alongside the integration of Privacy Enhancing Technologies (PETs) with AI and quantum defenses, offering a strategic viewpoint on safeguarding against the future of cyber threats.

Tudor Damian
D3 Cyber
About Lecturer

Enumerating Kubernetes for exploitation

Imagine you have access to kubectl with a valid kubeconfig, or you exploited a pod inside a Kubernetes cluster. What steps should you take to validate and exploit the node? And what information can and should be retrieved that is valuable? By making use of kubectl, we can identify misimplementations and what the correct security implementations are; this you will learn from this talk.
At last, we share a self-created PowerShell module to assist you in these endeavors in the future by automating the process.

Bob van der Staak
Grip Op Security
About Lecturer

Fraud Galaxy: Exploring the Universe of Cyber Deception

Despite advances in cybersecurity education, even the best-prepared can fall victim to ever-evolving cyber fraud and abuse tactics. Understanding and countering these threats is essential in our ongoing battle to improve security and integrity.
In this presentation, we will explore the "Fraud Galaxy," revealing how cybercriminals exploit vulnerabilities to deceive individuals and infiltrate corporate infrastructures. Guided by real-world examples and first-hand experiences, we will explore a practical framework to combat these threats.
By analyzing actual cases, we will uncover fraudster tactics and offer advice on strengthening defenses.
A significant part of our discussion will focus on methods used to introduce data theft or malware into corporate systems, from phishing emails to compromised infrastructure. Understanding these methods helps organizations better prepare to identify and mitigate threats.
We will look at how AI is making deception and fraud more potent and how we can turn the tables against the bad guys by leveraging AI power to combat fraud.
We will emphasize continuous vigilance and education, sharing visual examples and cautionary tales to illustrate the real-world impact of cyber fraud. This session aims to equip attendees with the knowledge and tools to navigate the complex landscape of cyber fraud, enhance defenses, and reduce the likelihood of falling victim to deception.
Join us for an enlightening session to deepen your understanding of cyber fraud and strengthen your cybersecurity posture.

 

Alex Holden
Hold Security, LLC
About Lecturer

How to steal 10 million euro using OSINT?

In April 2023, the municipal government of a small town in Spain announced a financial aid program, offering €100 to each registered resident. While researching the voucher-claiming system, I identified a significant design flaw that could be exploited to claim vouchers on behalf of other individuals. This vulnerability, leveraging identity theft via OSINT PII, required only a name and a national ID number—information readily accessible online through official documents despite being considered private. Political interests hindered the ethical disclosure process, leading to premature media exposure before the system could be patched, ultimately resulting in numerous residents losing their vouchers to digital criminals.

 

Martín Pérez Rodríguez
Xebia
About Lecturer

Insider Threats

These threats are particularly insidious as they bypass traditional security measures with legitimate access.
An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems. This person does not necessarily need to be an employee—third-party vendors, contractors, and partners could also pose a threat. Insider threats can be unintentional or malicious, depending on the threat’s intent.

Ranjeet Ambarte
About Lecturer

Password management in operating systems

We all use credentials to access operating systems.
But how are the passwords associated with the accounts managed and stored?
What hashing algorithms are used?
In this lecture we will look at various types of passwords used and their role in maintaining security, ensuring correct authentication and managing user access in operating systems.

Riccardo Cervelli
ITIS "G. Marconi" - Pontedera (PI) - Italy
About Lecturer

Traverse the Path

In this presentation, Jan Harrie will discuss his research into vulnerabilities in Golang implementations of archive extraction libraries. He will present several bugs that he discovered, which have been assigned CVEs and remediated by the respective projects. Additionally, Jan will share his experience in developing a secure archive extraction library in Golang, highlighting best practices and lessons learned from analyzing existing implementations.

Jan Harrie
HarshiCorp
About Lecturer

Undersea cables, the issues, the challenges and potential solutions

This presentation explores the protection of critical infrastructure, specifically undersea cables, against potential threats posed by ships. We examine various realistic methods of safeguarding these assets, ranging from addressing potential issues with AIS (Automatic Identification System) to deploying onboard sensors, satellite monitoring, and surveillance supported by AI and drones.
Additionally, we provide a political perspective on the broader implications for affected communities, considering the feasibility of these solutions and their potential impact.

Holger Spohn
NATO
About Lecturer

Undersea Infrastructures - The New Cyber Frontier

The 4th Industrial Revolution has shaped an increasingly interconnected world, with several critical infrastructures now supporting our economic, societal, and personal lives. However, this interconnectedness also makes these infrastructures vulnerable to cyber threats. It's crucial that we understand the almost exclusive focus on critical infrastructure as a decisive factor for social cohesion, and the significant risks this entails. Protecting critical infrastructure is vital for maintaining the social fabric and cohesion. While the focus remains in cyberspace, we must also be alert to the potential threats that might come from the physical world, and be cautious in our approach to addressing these risks. This paper explores the risks posed by cyber and physical threats to critical infrastructure in an era of increased technological reliance. It highlights the inevitability of a "digital Pearl Harbor" and discusses specific threats, such as unmanned underwater vehicles (e.g., Project 10831 "Losharik") that could target undersea communication cables or energy pipelines. These vulnerabilities underscore the urgent need for robust measures to protect critical systems.

Sozon Leventopoulos
Zonos Systems Consulting Single Member PC
About Lecturer

Vulnerability Management in 2024: The Good, the Bad and the Ugly

Vulnerability Management holds many challenges for IT environments. This presentation will highlight several of those such as incomplete CVE data, the sheer number of vulnerabilities to manage, and the inconsistent results of vulnerability scanners. However, several approaches to manage this Sisyphean tasks will also be covered - from available tools over technology stacks to operational patterns.

Matthias Luft
Averlon
About Lecturer

Zero Trust in Action: Securing Your Microsoft 365 Environment

In today’s evolving threat landscape, relying on traditional security models is no longer enough. This session will introduce the Zero Trust security model and demonstrate how to apply it effectively within Microsoft 365. You’ll learn key security principles, explore identity protection, data security, and threat defense strategies, and see a live demo of Conditional Access, Microsoft Defender, and Data Loss Prevention (DLP) policies in action. Walk away with practical steps to strengthen your organization’s security posture.

Božidar Radosavljević
PowerBML
About Lecturer
12.-13.2.2025
Ljubljana & online
HEK.SI
300€
Cena za HEK.SI + INFOSEK
750€

Prices do not include VAT

REGISTER NOW
Price for HEK.SI

Basic
(12. - 13. 2. 2025)

300€

Prices do not include 22% VAT

Price for HEK.SI

When registering for the HEK.SI 2025, you get TICKET for the INFOSEK 2025!

750€

Prices do not include 22% VAT

Media sponsors

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.