Vsebina predavanj
Aktualne grožnje na področju kibernetske varnosti

Code Red: Threat-Led Tabletops for Critical Infrastructure Defense
Imagine a ransomware attack crippling your city's power grid. Are you prepared? Recent attacks highlight the vulnerability of critical infrastructure to sophisticated cyber threats. Traditional security measures are no longer enough.
This presentation dives into threat-led tabletop exercises, enhanced with AI-driven attack simulations, as a powerful tool for critical infrastructure defense. By combining real-world scenarios, up-to-date threat intelligence, and cross-sector collaboration, these exercises expose critical vulnerabilities and strengthen organizational resilience.
Participants will learn how to design and implement exercises that test incident response plans under pressure, identify hidden security gaps, and improve communication between IT, OT, and executive teams. We'll explore how these simulations drive strategic security investments and foster a proactive security culture, ensuring readiness for tomorrow's complex cyber threats. Join us to gain actionable strategies for safeguarding your critical infrastructure and minimizing the impact of cyberattacks.

Cybersecurity in the Era of AI and Quantum Computing
Cybersecurity is rapidly evolving, shaped by artificial intelligence (AI) and the emergent potential of Quantum Computing. AI enhances security through automated detection and analysis, swiftly processing vast amounts of data to spot and predict threats, and Quantum Computing holds the promise to revolutionize various industries by offering unparalleled computational speed and efficiency, enabling it to tackle complex problems far beyond the reach of classical computers.
Yet, these benefits also come with risks: AI's capabilities can be exploited for advanced phishing, vulnerability discovery, and creating adaptive malware, complicating the cybersecurity landscape, while Quantum Computing further challenges digital security by threatening to undermine traditional encryption, making existing protections potentially obsolete.
This session will explore the mixed impact of AI and Quantum Computing on Cybersecurity, highlighting both the advancements and vulnerabilities they introduce. We'll discuss current threats like supply chain attacks and ransomware, alongside the integration of Privacy Enhancing Technologies (PETs) with AI and quantum defenses, offering a strategic viewpoint on safeguarding against the future of cyber threats.

Dobre prakse v primeru kibernetskega incidenta
Predavanje »Dobre prakse v primeru kibernetskega incidenta« bo osredotočeno na ključne korake in smernice za učinkovito odzivanje ter zmanjševanje posledic v primeru napada na informacijske sisteme. Udeleženci bodo spoznali, kako prepoznati znake vdora, pravilno dokumentirati in prijaviti incident, varno izolirati prizadete sisteme ter vzpostaviti nujne zaščitne ukrepe. Predstavljeni bodo tudi osnovni principi forenzične analize in pomen vzdrževanja jasnega načrta odzivanja, ki vključuje sodelovanje z ustreznimi strokovnjaki ter redno ozaveščanje in izobraževanje zaposlenih.

Enumerating Kubernetes for exploitation
Imagine you have access to kubectl with a valid kubeconfig, or you exploited a pod inside a Kubernetes cluster. What steps should you take to validate and exploit the node? And what information can and should be retrieved that is valuable? By making use of kubectl, we can identify misimplementations and what the correct security implementations are; this you will learn from this talk.
At last, we share a self-created PowerShell module to assist you in these endeavors in the future by automating the process.

Fraud Galaxy: Exploring the Universe of Cyber Deception
Despite advances in cybersecurity education, even the best-prepared can fall victim to ever-evolving cyber fraud and abuse tactics. Understanding and countering these threats is essential in our ongoing battle to improve security and integrity.
In this presentation, we will explore the "Fraud Galaxy," revealing how cybercriminals exploit vulnerabilities to deceive individuals and infiltrate corporate infrastructures. Guided by real-world examples and first-hand experiences, we will explore a practical framework to combat these threats.
By analyzing actual cases, we will uncover fraudster tactics and offer advice on strengthening defenses.
A significant part of our discussion will focus on methods used to introduce data theft or malware into corporate systems, from phishing emails to compromised infrastructure. Understanding these methods helps organizations better prepare to identify and mitigate threats.
We will look at how AI is making deception and fraud more potent and how we can turn the tables against the bad guys by leveraging AI power to combat fraud.
We will emphasize continuous vigilance and education, sharing visual examples and cautionary tales to illustrate the real-world impact of cyber fraud. This session aims to equip attendees with the knowledge and tools to navigate the complex landscape of cyber fraud, enhance defenses, and reduce the likelihood of falling victim to deception.
Join us for an enlightening session to deepen your understanding of cyber fraud and strengthen your cybersecurity posture.

From Zero to Hero with Microsoft Defender for Identity (MDI)
Demonstrated practical experience in deploying, implementing, and managing Microsoft Defender for Identity (MDI) solution, covering various deployment and post - deployment scenarios and use cases.
Key features:
Identity Protection: It helps secure user identities and reduce the attack surface by providing insights on identity configurations Domain Controlers, ADFS and ADCS and security best practices.
Threat Detection: It uses real-time analytics and data intelligence to detect suspicious activities and advanced threats across your identity environment.
Incident Investigation: It offers clear, actionable incident information to help investigate alerts and user activities.
Automated Response: It can automatically respond to compromised identities to prevent further attacks

Grožnje kibernetski varnosti v verigi blokov: Lekcije iz resničnih napadov
S hitro rastjo Web3 ekosistema se povečujejo tudi kibernetske grožnje, ki ogrožajo aplikacije tehnologije veriženja blokov (ang. blockchain), pametne pogodbe, Web3 platforme in digitalne denarnice. Na predavanju bomo analizirali ključne varnostne izzive in ranljivosti v Web3, vključno z napadi na pametne pogodbe (DAO Hack), eksploatacijo mostov in orakljev (Ronin Bridge Exploit), ter krajo zasebnih ključev in napade ribarjenja. Predstavili bomo tudi nove tipe napadov, specifične za Web3, kot so reentrancy, rug pull, flash loan exploit itn. Predavanje bo zaključeno s pregledom prihodnjih varnostnih rešitev, kot so ničelno-spoznavni dokazi (ZKP) in formalna verifikacija pametnih pogodb, ki obetajo večjo odpornost proti napadom.

How to steal 10 million euro using OSINT?
In April 2023, the municipal government of a small town in Spain announced a financial aid program, offering €100 to each registered resident. While researching the voucher-claiming system, I identified a significant design flaw that could be exploited to claim vouchers on behalf of other individuals. This vulnerability, leveraging identity theft via OSINT PII, required only a name and a national ID number—information readily accessible online through official documents despite being considered private. Political interests hindered the ethical disclosure process, leading to premature media exposure before the system could be patched, ultimately resulting in numerous residents losing their vouchers to digital criminals.

Ignition Under Fire: Exploring Cybersecurity Attack Vectors in Rocket Propulsion
The increasing reliance on digital systems in modern rocketry, from design and manufacturing to launch operations and in-flight control, introduces significant cybersecurity vulnerabilities. This presentation, "Ignition Under Fire," explores the diverse attack vectors targeting rocket propulsion systems, examining potential consequences ranging from mission delays and data breaches to catastrophic failures. We will analyze the complex interplay of software, hardware, and network components within propulsion systems, identifying key weaknesses susceptible to exploitation. The presentation will delve into specific attack scenarios, software manipulation, sensor spoofing, and network intrusion, highlighting the potential impact on critical parameters like thrust, fuel flow, and combustion stability. Furthermore, we will discuss the unique challenges in securing these complex systems. We will explore how a Zero Trust architecture can be implemented to enhance security by enforcing strict access control, micro-segmentation, and continuous authentication and authorization throughout the propulsion system.

Insider Threats
These threats are particularly insidious as they bypass traditional security measures with legitimate access.
An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems. This person does not necessarily need to be an employee—third-party vendors, contractors, and partners could also pose a threat. Insider threats can be unintentional or malicious, depending on the threat’s intent.

Izsiljevalski napad na Univerzo v Mariboru: -1+ kg/teden
Predstavljene bodo okoliščine, odziv in postopki uspešno izvedene ponovne vzpostavitve sistemov in storitev (99+%). Osredotočili se bomo na naučene lekcije ter pokazali primere, kjer smo krizno situacijo pretvorili v priložnost za izvedbo nekaterih sprememb, ki jih prej nikakor ni bilo možno izvesti. Kako je krizna situacija vplivala na razmere in dinamiko sodelovanja znotraj IT oddelka, ki ga že tako pesti kadrovska stiska? Vprašali se bomo kaj - če sploh kaj - je možno storiti, ko mediji vzporedno lansirajo svojo zgodbo iz »zanesljivih virov«. Razlaga naslova ne bo umanjkala.

Kibernetske grožnje v finančnem sektorju: Preprečevanje napadov na finančne sisteme
V svetu, kjer so finančni sistemi stalna tarča naprednih kibernetskih groženj, je ključnega pomena učinkovita zaščita pred digitalnimi napadi. Predavanje bo predstavilo sodobne kibernetske grožnje, s katerimi se sooča finančni sektor, ter praktične pristope za preprečevanje in obvladovanje teh tveganj. Spoznali boste ključne strategije za krepitev kibernetske varnosti ter najboljše prakse za zaščito občutljivih finančnih podatkov in sistemov.

Korenski kompleti - kako globoko v računalnik se lahko skrije zlonamerna programska oprema
Korenski kompleti (Rootkiti) so zlonamerna programska oprema (malware), ki omogoča nepooblaščen dostop do računalniškega sistema, hkrati pa se skriva pred uporabnikom in varnostnimi programi. Rootkiti pogosto omogočajo napadalcem, da pridobijo skrbniške pravice (administrator/root dostop) na okuženem sistemu.
V predavanju bo na primerih iz realnega življenja predstavljeno, kam vse se lahko korenski kompleti skrijejo ter kako se zaščititi.

Password management in operating systems
We all use credentials to access operating systems.
But how are the passwords associated with the accounts managed and stored?
What hashing algorithms are used?
In this lecture we will look at various types of passwords used and their role in maintaining security, ensuring correct authentication and managing user access in operating systems.

Prihodnost digitalne varnosti: Prehod na post-kvantno kriptografijo
Osredotočili se bomo na določene vidike prihajajočega kriptografskega prehoda in na osnutek navodil ameriškega NISTa, naj se do konca leta 2035 v celoti odpravijo RSA in ECC. V prihajajočem desetletju bomo priča prehodu s klasičnih kriptografskih algoritmov, kot sta RSA in ECC, na post-kvantno kriptografijo (PQC), ki je pripravljena zavarovati našo digitalno infrastrukturo pred kvantnimi napadi. Pojav kvantnega računalništva namreč predstavlja velik izziv za kriptografske temelje, na katerih temelji digitalna varnost.
Red teaming v akciji: Kako kibernetska vaja krepi kibernetsko odpornost podjetja
Kibernetska odpornost je ključnega pomena za zagotavljanje stabilnosti, varnosti in dolgoročnega uspeha podjetja v digitalno povezanem svetu. Pri tem gre za sposobnost podjetja, da se učinkovito pripravi na kibernetske napade, se primerno odzove in hitro okreva po morebitnih incidentih. Ključna pri tem je zaščita občutljivih podatkov, zagotavljanje neprekinjenega poslovanja, zaščita pred finančnimi izgubami, izpolnjevanje regulatornih zahtev ter ohranjanje zaupanja strank. S kibernetsko vajo preverimo učinkovitost obrambe, zaznavanja in odzivanja na incidente. S tem pridobimo realno oceno izpostavljenosti kibernetskim grožnjam, oceno zrelosti organizacije pri obvladovanju le-teh ter identificiramo področja, ki jih je potrebno izboljšati.

Secrets handling in cloud environments
In this opinionated talk, we will embark on a journey of handling secrets in cloud environments. We'll begin with storing secrets in plain text and sharing them with all developers, and progress towards no-touch deployments using temporary access credentials with the least necessary privileges. Although the presentation will focus on the AWS environment, the principles discussed can be easily applied to any infrastructure.

Traverse the Path
In this presentation, Jan Harrie will discuss his research into vulnerabilities in Golang implementations of archive extraction libraries. He will present several bugs that he discovered, which have been assigned CVEs and remediated by the respective projects. Additionally, Jan will share his experience in developing a secure archive extraction library in Golang, highlighting best practices and lessons learned from analyzing existing implementations.

Undersea cables, the issues, the challenges and potential solutions
This presentation explores the protection of critical infrastructure, specifically undersea cables, against potential threats posed by ships. We examine various realistic methods of safeguarding these assets, ranging from addressing potential issues with AIS (Automatic Identification System) to deploying onboard sensors, satellite monitoring, and surveillance supported by AI and drones.
Additionally, we provide a political perspective on the broader implications for affected communities, considering the feasibility of these solutions and their potential impact.

Undersea Infrastructures - The New Cyber Frontier
The 4th Industrial Revolution has shaped an increasingly interconnected world, with several critical infrastructures now supporting our economic, societal, and personal lives. However, this interconnectedness also makes these infrastructures vulnerable to cyber threats. It's crucial that we understand the almost exclusive focus on critical infrastructure as a decisive factor for social cohesion, and the significant risks this entails. Protecting critical infrastructure is vital for maintaining the social fabric and cohesion. While the focus remains in cyberspace, we must also be alert to the potential threats that might come from the physical world, and be cautious in our approach to addressing these risks. This paper explores the risks posed by cyber and physical threats to critical infrastructure in an era of increased technological reliance. It highlights the inevitability of a "digital Pearl Harbor" and discusses specific threats, such as unmanned underwater vehicles (e.g., Project 10831 "Losharik") that could target undersea communication cables or energy pipelines. These vulnerabilities underscore the urgent need for robust measures to protect critical systems.

Uvodni nagovor: Kibernetska varnost in varstvo osebnih podatkov - člana iste ekipe

Vdori v IoT
Predavanje se osredotoča na ranljivosti in varnostna tveganja, ki so povezana z napravami in omrežji interneta stvari.
Zaradi vse večjega vključevanja interneta stvari v naše vsakdanje življenje - kot so pametni domovi, nosljive naprave in industrijski sistemi, je nujnega pomena razumevanje morebitnih varnostnih pomanjkljivosti za preprečevanje zlonamernih izkoriščanj, katere so v porastu.

Vloga in izzivi CISO v bankah
Predavanje bo govorilo o vlogi in izzivih CISO v bankah - od zagotavljanja kibernetske varnosti in skladnosti z regulativami do usklajevanja varnostnih strategij s poslovnimi cilji. Predstavljeni bodo tudi praktični primeri, kako se to lahko povezuje s prakso varovanja pred konkretnimi napadi.

Vulnerability Management in 2024: The Good, the Bad and the Ugly
Vulnerability Management holds many challenges for IT environments. This presentation will highlight several of those such as incomplete CVE data, the sheer number of vulnerabilities to manage, and the inconsistent results of vulnerability scanners. However, several approaches to manage this Sisyphean tasks will also be covered - from available tools over technology stacks to operational patterns.

Zero Trust in Action: Securing Your Microsoft 365 Environment
In today’s evolving threat landscape, relying on traditional security models is no longer enough. This session will introduce the Zero Trust security model and demonstrate how to apply it effectively within Microsoft 365. You’ll learn key security principles, explore identity protection, data security, and threat defense strategies, and see a live demo of Conditional Access, Microsoft Defender, and Data Loss Prevention (DLP) policies in action. Walk away with practical steps to strengthen your organization’s security posture.
