confidence-conference.org Open in urlscan Pro
194.150.98.183 Public Scan

Back to summary

Submitted URL:
https://www.salesmanago.pl/smrd.htm?url=https%3A%2F%2Fconfidence-conference.org&smclient=cd93a544-0afb-11ec-b169-2841c6...
Effective URL:
https://confidence-conference.org/
Submission: On May 04 via api (May 4th 2023, 8:23:23 pm UTC) from CH — Scanned from PL

Form analysis
0 forms found in the DOM

Text Content

This site uses cookies - is it ok? How to turn off cookies?
Got It!
Toggle navigation
*
* BUY TICKET
* CFP
* AGENDA
* Conference
* Previous Editions
* Program Committee
* Partners
* Terms
* Privacy Policy
* Rules and regulations
* Template of the statement of rescission of the agreement
* Code Of Conduct
* FAQ
* More
* Organizer
* Contact

ABOUT CONFIDENCE

18 years of experience in creating an extraordinary tech event for the IT
security community. An international cybersecurity conference that combines
deep-dive technical lectures and workshops with networking and open
skill-sharing. This is CONFidence!

We spread awareness about cyber threats among infosec specialists, developers,
managers, bankers and governmental representatives. One of our top priorities
has always been to deliver practical, relevant, and diverse content across the
different fields of IT security.

Thanks to our cooperation with experts representing a great variety of
backgrounds, as well as active, security-focused IT communities, we know what it
takes to offer our attendees both highly technical and state-of-the-art
expertise.

Join us for a physical event in Krakow on 5-6 June 2023. Meet hackers, security
experts, and IT specialists from different regions. During the 22nd edition of
CONFidence you’ll discover:

- practical presentations packed with case studies and hands-on experiences,
- great workshops allowing you to test newly-acquired skills,
- solutions immediately applicable to your professional routine,
- discussions with international experts focused on recent events (covering
burning questions and timely challenges).

Can’t wait to see you there!

JOIN US

CFP

Would you like to participate as a speaker? Apply now and join Confidence 2023!

APPLY NOW

TICKETS

Buy a ticket for the stationary edition of Confidence 2023.
See you in Krakow!

BUY IT

WHAT DO WE OFFER?

TOP SPEAKERS

The best of the best from all over the world come to CONFidence every year to
share their knowledge

HOT TALKS

Get to know new problems and solutions in cybersec.

MEET US FACE TO FACE

Finally you will be able to talk with everyone, discuss new technology and enjoy
time with other participants.

AFTER PARTY

Prepare yourself for a whole night of networking and fun.

HANG OUT WITH SPEAKERS

You will be able to speak with them directly during the conference

CERTIFICATE OF ATTENDANCE

It will allow you to apply for points necessary for an expert certificate in the
field of ICT security.

AGENDA

5th June
6th June

Track 1

Track 2

Track 3

Jun 5thJun 6th
Filter sessions: TRACK 1TRACK 2TRACK 3WORKSHOPS
9:00 am
TRACK 1

LIVE ONLY [PL] WOJSKO POLSKIE W DOMENIE CYBER- ZADANIA, MOŻLIWOŚCI.

Ten wykład nie będzie nagrywany. Wystąpienie będzie miało na celu przedstawienie
możliwości polskiego wojska działającego w domenie Cyber. Pokaże czym zajmuje
się WP, jakie ma zadania (m.in. na przykładzie konfliktu na Urkainie), jakie
rejony działań są jego priorytetem i kim są Cyber żołnierze RP. Pokaże też
struktury WP jeśli chodzi o Cyber i jak wygląda możliwość służby w cyber armii
(w tym zarobki). A także powiem co zrobić by nie rezygnując z etatu w korpo
bronić kraju w domenie Cyber.

* Dominik Rozdziałowski - Dyrektor Departamentu Cyberbezpieczeństwa at MON

TRACK 2

[EN] RASPBERRY ROBIN: THE EVOLUTION OF AN ADVANCED MALWARE DOWNLOADING
FRAMEWORK.

Raspberry Robin is a sophisticated and widely-used malware downloading framework
that has been associated with dangerous threat groups like Lockbit. It allows
attackers to evade detection, move laterally, and utilize trusted cloud
infrastructures like Discord, Azure, and Github for malicious actions. In the
last quarter of 2022, our incident response team successfully detected and
responded to several attacks that utilized this tool. This ever-evolving malware
was drastically improved in the last quarter of 2022, our team was able to
identify several changes in its first stage loader to capture additional
technical details of the infected device, which provides threat actors with
additional metrics and statistics to plan and execute more powerful attacks
against the victims, or to filter the undesired devices. Join this lecture to
learn more about this threat an its continue evolution over time. Level:
Intermediate

* Jan Carlo Moronia - Security Joes

TRACK 3

[EN] AIKIDO: TURNING EDRS TO MALICIOUS WIPERS USING 0-DAY EXPLOITS

Wipers are becoming the go-to tool for nation-state cyber warfare in the last
decade since the Shamoon attack. Wipers have been used by Russia, Iran, North
Korea, and other APTs to support offensive acts. One of the most famous recent
attacks was launched during the Russian invasion of Ukraine. We were curious if
we could build a next-gen wiper. It would run with the permissions of an
unprivileged user yet have the ability to delete any file on the system, even
making the Windows OS unbootable. It would do all this without implementing code
that actually deletes files by itself, making it undetectable. The wiper would
also make sure that the deleted files would be unrestorable. Using the wisdom of
martial arts, we understood the importance of using the power of our opponents
against them in order to defeat them. Thus, we aimed to use the deletion power
of EDRs to our advantage, triggering it by faking a threat. We checked the
leading EDR products and attempted to confuse them between malicious files and
standard files during threat mitigation processes. We managed to discover and
exploit 0-day vulnerabilities in almost 50% of them, leading to the creation of
our Aikido wiper, which could be effective against hundreds of millions of
endpoints all around the world. In this talk we'll start by explaining the
background of wiper usage, and our research goals and assumptions. Then we’ll
explain how different EDR products work when they detect a threat, and how we
exploited their insecure actions in our Aikido wiper. We’ll go on to present
four vulnerabilities we found in Microsoft Defender Antivirus, Microsoft
Defender For Endpoint, SentinelOne’s EDR, Trend Micro Apex One, Avast Antivirus
and AVG Antivirus. Finally - using those vulnerabilities - we’ll demonstrate the
wiping of all user data, and making the operating system unbootable. Level:
Intermediate

* Or Yair - SafeBreach

10:00 am
TRACK 1

TBA

TRACK 2

TBA

TRACK 3

TBA

10:00 am
WORKSHOPS

[EN] SMART CONTRACT BUG HUNTING 101 - ETHEREUM EDITION

Smart contracts are programs that run on blockchain platforms and are at the
core of many Web3 applications. However, like any other code, smart contracts
can have vulnerabilities that can introduce technical challenges and risks. In
this workshop, we will cover the basics of smart contracts and the participants
will learn how to identify and exploit common vulnerabilities in solidity smart
contracts through hands-on exercises. This workshop is suitable for those who
are already in information security and looking to transition to smart
contract/blockchain security, or those who want to add this skillset to their
existing toolkit. Pre-requisites for the attendees: - A laptop with decent RAM
and a virtualization software (Virtualbox/VMware) - Pre-installed Ziion OS
(https://www.ziion.org/download) - Basic understanding of any programming
language - Basic understanding of using Blockchain Wallets Level: Beginner

* Samandeep Singh -

11:00 am
TRACK 1

LIVE ONLY [PL] TROLLING IS A ART - SOME FUN, NO PROFIT

Ten wykład nie będzie nagrywany. Kilka przygód z trolowaniem przestępców, czyli
jak zmarnować dużo swojego czasu, a czasem też trochę cudzego. Mało OPSECu,
trochę OSINTu, pojedyncze memy.

* Adam Haertle - ZaufanaTrzeciaStrona.pl
* Piotr Zarzycki - CERT Orange Polska

TRACK 2

[EN] AWS BACKDOORS

You have found leaked access keys to someone's AWS account. The leak will
probably be fixed soon, and your newly acquired access will be cut off. My
presentation will show you how to keep access to the hacked account a little
longer :) Level: Intermediate

* Michał Brygidyn - Xebia

TRACK 3

[EN] LIGHTBASIN’S LURKING SHADOW: STAYING AHEAD OF TELECOMMUNICATIONS &
FINANCIAL CYBER THREATS

A threat activity cluster (referred to by CrowdStrike as "LightBasin") has
continued to target financial institutions and telecommunications organisations
by pivoting through GPRS roaming infrastructure since an October 2021 report on
a telecommunications-focused campaign. This targeted intrusion actor exhibits
significant operational security to remain undetected and employs highly
advanced techniques to maintain access and syphon data from victims. Since the
initial publication of research regarding the campaign, CrowdStrike continues to
observe the adversary across these verticals, with the adversary developing
their tools and techniques in further attempts to fly under the radar, as well
as avoiding operating on parts of the network with more advanced
detection/prevention capabilities to remain undetected for longer. For those who
join this session, you will learn about the adversary and their operations, how
to identify and investigate activity associated with this advanced Threat Actor
across Linux/Unix-based operating systems through a review of real-world
examples of techniques, as well as key considerations when tackling such an
adversary in these types of environments and how to mitigate the likelihood of
such an actor developing a foothold in their network. Level: Advanced

* Jamie Harries - CrowdStrike

11:55 am

LUNCH BREAK 12:00 - 15:00

12:00 pm
TRACK 1

- TIME FOR LUNCH -

TRACK 2

LIVE ONLY [EN] EVADING MODERN DAY SECURITY DEFENSES IN CORPORATE ENVIRONMENTS.

This lecture will not be recorded The aim of the talk is to explore various
techniques for bypassing security measures implemented by modern antiviruses
(AV), inbuild Windows exploitation protection modules, EDRs, XDRs and other
security products commonly found in companies that take endpoint security
seriously. The talk will begin with a discussion of the evolution of security
products and how modern day hackers and redteamers encounter such tools. The
talk will then delve into different types of detections, including static,
behavioral, and heuristics-based tools. We will explain various static malware
detection bypass techniques techniques such as payload encryption, headerless
payloads. signature based bypasses as well as dynamic bypass mechanisms used by
malware developers and professional red teamers such as using Direct Syscalls,
AMSI bypass, ETW Bypass and Heap Encryption. The talk will contain real life
PoCs of how common C2 payloads such as meterpreter, cobat beacons, empire,
covenant etc are easily detected by many properiatary malware detection products
such as crowdstrike, Windows Defender and will deep dive stage by stage into the
exact methodology the prodcut used to detect the said signature/behaviour along
with modifications and techniques we used to evade each these detection
mechansims Level: Advanced

* Himanshu Sharma - Bugcrowd
* Rahul Vashista -

TRACK 3

[PL] ZA DARMO TO UCZCIWA CENA - HACKOWANIE BILETÓW KOMUNIKACJI MIEJSKIEJ W
██████████”

Dawno, dawno temu, za górami, za lasami pewien znudzony student rzucił wyzwanie
kontrolerom biletów w ██████████ - nie zapłaci za żaden przejazd komunikacji
miejskiej. Studenta już z nami nie ma, ale jestem ja, który opowie jego
historię. Podczas prezentacji pokażę jak mu się to udało, co Zarząd Transportu w
██████████ zrobił, żeby temu zapobiec oraz kto finalnie zwyciężył w tym starciu.
Będzie z przymrużeniem oka, będzie przystępnie dla osób nietechnicznych i będzie
live demo - czego chcieć więcej? Wszystko zakończymy szukając odpowiedzi na
pytania: co poszło nie tak i jak się bronić przed wścibskimi studentami?
Następny przystanek EXPO Kraków. Proszę przygotować bilety do kontroli. Poziom:
Początkujący

* Szymon Chadam - SecuRing

1:00 pm
TRACK 1

TBA

* Adam Lange - Standard Chartered
* Agata Ślusarek - CSIRT KNF

TRACK 2

- TIME FOR LUNCH -

TRACK 3

- TIME FOR LUNCH -

1:00 pm
WORKSHOPS

[EN] SPEED UP YOUR REVERSE ENGINNERING INVESTIGATIONS IN GHIDRA WITH ASKJOE AND
OPENAI

Reverse engineering is a complex skill that requires specialized knowledge and
experience to master, and beginners may find it overwhelming. However, it has
become increasingly important in the cyber security industry due to the rise of
cyber attacks relying on malware artifacts since 2010. With the advancement of
AI systems, reverse engineering can be aided and improved, allowing for faster
analysis and skill development without sacrificing effectiveness. Join us to
learn how to easily leverage a complete AI-enforced reverse engineering
laboratory using Ghidra and OpenAI, to develop and practice your reverse
engineering skills while you analyze real malicious artifacts. Level: Beginner

* Charles Lomboni - Security Joes

2:00 pm
TRACK 1

[PL] ARTEMIS: JAK CERT POLSKA POPRAWIA BEZPIECZEŃSTWO POLSKIEGO INTERNETU

W trakcie prezentacji opowiemy o projekcie Artemis, którego celem jest badanie
bezpieczeństwa stron i systemów dostępnych w internecie. Od stycznia Artemis
znalazł kilkadziesiąt tysięcy podatności i błędnych konfiguracji - są one
zgłaszane administratorom, aby mogli je usunąć, zanim zostaną wykorzystane przez
przestępców. Opiszemy na jakiej zasadzie działa Artemis, czego szukamy, jak
częste są poszczególne typy podatności i na jakie wyzwania natrafiliśmy budując
skaner. Pokażemy również jak można uruchomić narzędzie wewnątrz swojej
organizacji oraz jak samodzielnie je rozszerzyć o moduły sprawdzające nowe
rodzaje podatności. Poziom: średniozaawansowany

* Krzysztof Zając - CERT Polska
* Adam Kliś - STM Cyber

TRACK 2

[EN] OOPSSEC - THE BAD, THE WORST AND THE UGLY OF APT’S OPERATIONS SECURITY

Advanced Persistent Threat groups invest in developing their arsenal of exploits
and malware to stay below the radar of their victims' security controls and
persist on the target machines for as long as possible. We were curious if the
same efforts are invested in the operation security of these campaigns. We
started a journey researching active campaigns from the Middle East to the Far
East including the Palestinian Authority, Turkey, and Iran, Russia, China, and
North Korea. These campaigns were both state-sponsored, surveillance-targeted
attacks and large-scale financially-motivated attacks. We looked at almost every
technology used and every step taken throughout the attack chain: Windows
(Go-lang/.Net/Delphi) and Android malware; both on Windows and Linux-based C2
servers. We found a multitude of unbelievable critical mistakes which open a
unique window to understand new advanced TTPs used by attackers. In many cases,
we were able to join the attackers’ internal groups and view their chats,
emails, and even bank accounts and crypto wallets. We understood their business
models and were surprised to see the scale of sensitive data sharing, such as
entire citizen databases, passports, SSN, etc. In some cases, we were able to
take down the entire campaign. We will present our latest breakthroughs from our
seven-year mind-game against the sophisticated Infy threat actor who
successfully ran a 15-year active campaign using the most secured opSec attack
chain we've encountered. We will explain how they improved their opSec over the
years and how we recently managed to monitor their activity in real-time and how
we recently even achieved an advanced new version of Infy malware which was not
known until now. We will demonstrate oopSec mistakes done by new threat
attackers that have not been introduced yet in public. In addition, We will
update on all threat actors' reactions to our recent publication including
changing infrastructure, terminating sensitive victims and threat actors which
totally made changes but still continue to be vulnerable. main points -
Attackers are humans, they are not necessarily experts in operations security.
We will go over 8 threat actors case studies and explain the mistakes made and
how valuable it may be for CISO’s and blue/red teams. 2 demo sessions focused on
the ability to take advantage of different oopsSec mistakes Covers new attack
techniques: iCloud 2-factor authentication bypass and NFT/crypto wallet attacks.
This is a comprehensive research, which focuses on the operations security level
of multiple APT actors including both state-sponsored surveillance targeted
attacks and large scale financial motivated attacks. We will present our latest
breakthrough against the Infy threat actor who has been running a 15-year active
campaign using the most secure opSec attack chain we've encountered. The
original talk was presented at Defcon 2022 and got very positive feedbacks (some
even said it was the best talk), the audience was fully involved and I believe
it should be relevant to Confidence audience as well. we updated the case
studies and will demonstrate new oopSec mistakes. We will explain the threat
actors' reactions to our publication including actors that still continue to be
vulnerable. Level: Intermediate

* Tomer Bar - SafeBreach

TRACK 3

[EN] DON'T LEAVE YOUR WEB APPS VULNERABLE: BUILD A FUZZING FRAMEWORK WITH IAST

Typical approaches to finding vulnerabilities in web applications using
automated tools are DAST and SAST. Both approaches have drawbacks. In this talk,
I will introduce the IAST approach - Interactive Application Security Testing -
and the project my team and I have been working on for the past year - Web
Application Fuzzing Framework. The framework takes advantage of IAST to better
understand the attack surface and discover deeper, more difficult
vulnerabilities. This approach can potentially be used in a CI/CD process as a
continuous way to detect vulnerabilities during the SDLC. After the talk, you
will learn how the IAST works under the hood, how to build a similar solution
for your own needs, what the challenges are in building it, and what
vulnerabilities we have already discovered using this approach. Level: Advanced

* Dawid Czarnecki - Zigrin Security

3:00 pm
TRACK 1

[PL] AUTOMATYZACJA AUTOMATYZACJI CZYLI O FUZZINGU W DOBIE GPT-4

Upublicznienie Chat-GPT "przykryło" rozwój automatyzacji wielu obszarów i
rozwiązań - w tym również testowania bezpieczeństwa i poprawności kodu.
Tymczasem fuzzing roku 2023 to zdecydowanie mniej pracy podczas integracji,
ustawiania i wybierania celów do przetestowania a także wydatnie powiększony
scope fuzzingu. W prezentacji zostaną zaprezentowane nowe narzędzia, aktualne
podejście do efektywnego i co najważniejsze łatwego testowania oraz
wykorzystania tych metod w poszukiwaniu błędów we frameworkach głębokiego
uczenia maszynowego. GPT-4 w temacie nie pojawiło się przypadkowo, bo sprawdzimy
również jakie fuzzery jest w stanie wygenerować AI a także przetestujemy kod
przeźeń generowany. Poziom: Średniozaawansowany

* Kamil Frankowicz - ( ͡° ͜ʖ ͡°)

TRACK 2

[EN] MACHINE LEARNING SECURITY.

Machine learning (ML) and other terms related to it became buzzwords. Many
companies would like to introduce machine learning models, even if there are
simpler solutions. In the presentation, we show recent security issues related
to machine learning models. Next, we do an overview of possible security issues
that can happen during building such models. Finally, we demonstrate how to
prevent the most popular security problems related to ML on the examples of
applications in e-commerce, fintech, and other sectors. Level: Advanced

* Karol Przystalski - Codete

TRACK 3

TBA

4:00 pm
TRACK 1

[PL] RED TEAMING MACOSA W 2023 ROKU

Czy Twoja firma ma Maki w swojej infrastrukturze? Założę się, że w większości
przypadków odpowiedź będzie brzmiała "TAK". MacOS przestał być niszowym systemem
operacyjnym używanym tylko w startupach. Obserwuję go również w ogromnych i
starych infrastruktruach banków i innych korporacji. Problem zaczyna się wtedy,
gdy stacje z Windowsem są nieporównywalnie bardziej zabezpieczone niż ich biali
koledzy. Maki nie są kuloodporne, mogą być niebezpiecznie skonfigurowane i ...
nawet Apple przyznało, że na macOS też występuje malware. W tej prezentacji: *
Opowiem o mechanizmach bezpieczeństwa występujących na macOS * Porównam Maki
połączone z Active Directory do tych niepodłączonych * Przeprowadzę krok po
kroku infekcję Maka bazując na mojej podatności (demo) * Przedstawię kilka
technik eskalacyjnych * Podpowiem jak utwardzić środowisko macOS Poziom:
Początkujący

* Wojciech Reguła - SecuRing

TRACK 2

[EN] QUICK LOOK ON MODERN FUZZING

Fuzzing, also known as fuzz testing, is a software testing technique that
involves providing random and invalid input data to a software application in an
effort to uncover security vulnerabilities and other bugs. The process of
fuzzing is automated and can uncover security weaknesses in a relatively short
amount of time compared to manual testing methods. Fuzzing has become a crucial
component of software security testing and is widely used by security
researchers, software developers, and organizations to identify potential
security risks in their applications before they can be exploited by attackers.
This is especially important in today's digital landscape, where new security
threats are emerging on a daily basis and the impact of a successful attack can
be devastating. In recent years, the field of fuzzing has experienced rapid
growth and expansion in a number of directions. With the introduction of
innovative techniques and tools, the process of fuzzing has become more
accessible and effective in finding bugs in a wider range of targets. Some of
the most popular fuzzing tools available today include libAFL, AFL++, and
centipede, each of which boasts its own unique features and capabilities. In
this presentation, our aim is to provide an overview of the most interesting and
innovative tools and techniques used in fuzzing today. We will delve into the
various forms of fuzzing, such as snapshot fuzzing, distributed fuzzing, and
emulation fuzzing, and examine the strengths and weaknesses of each approach.
Furthermore, we will highlight the current trends and developments in the field
of fuzzing, and explore the most exciting topics and challenges that are driving
innovation in this field. Level: Intermediate

* Marek Zmysłowski - Microsoft
* Arash Ale Ebrahim - CISPA

TRACK 3

[EN] HACKING WITH POLYGLOTS: LEVERAGING XSS PAYLOADS AND FILE FORMATS

A polyglot is a program or code that can be interpreted or compiled by multiple
programming languages, often without requiring modifications to the code itself.
It refers to the ability of a piece of software or code to "speak" multiple
languages. For example, a PNG file of a cat that can also be run as PHP code, or
a piece of code can be executed by three different languages, such as C, PHP,
and Bash, or how a particularly crafted XSS payload can exploit vulnerabilities
in multiple web languages simultaneously. In this lecture, we will present what
a polyglot is, how to craft such code or file, how to use them, and how
dangerous they can be with some hands-on examples. Level: Intermediate

* Dawid Mazurek - Akamai Technologies
* Szymon Pach - Akamai Technologies

5:00 pm
TRACK 1

LIVE ONLY [PL] HISTORIA THREAT AKTORA: MOBILNY MALWARE NA PĘCZKI

Ten wykład nie będzie nagrywany. W ciągu ostatnich lat ilość zagrożeń w sieci
wzrasta i niestety nie omija to urządzeń mobilnych. Chciałbym przedstawić
historię Threat Actora, który odpowiada za kilka rodzin złośliwego
oprogramowania. Pokażę kalejdoskop wydarzeń zaczynając od jego pierwszych kroków
w przestępczym świecie, przez wytwarzania coraz bardziej zaawansowanych rodzin
malware, dramy w Darknecie, aż do zaskakującej końcówki. Będzie reverse
engineering, live malware&c2, osint, darknet. Zapraszam. Poziom:
średniozaawansowany

* Łukasz Cepok - CSIRT KNF

TRACK 2

[EN] CONTAINER ESCAPE: ALL YOU NEED IS CAP (CAPABILITIES)

In the last few years, containers have become a significant part of the cyber
attack surface. Containers are now used by virtually all enterprises for
day-to-day operations, making them a prime target for attackers. As a result,
the number of cyberattacks involving containers has significantly increased.
Consequently, security researchers and blue teams have to be familiar with this
whole new world. In our talk, we will be focused on Container escapes. Container
escape is considered the ‘Holy Grail’ of the container security attack world. To
truly understand the concept of containers and the specific attack vectors we
need to dive into important principles in container internals focused on
container capabilities. We'll describe how it actually works, how we can use
specific container capabilities to pull off container escapes, and how to
minimize the danger of this kind of attack. Level: Intermediate

* Eran Ayalon - Cybereason
* Ilan Sokolovsky - Cybereason

TRACK 3

[EN] MODERN ACTIVE DIRECTORY ATTACKS

Active Directory has always been considered a critical asset for all
organizations. A compromise of its privileged users may lead to further
compromise of other critical infrastructures. In this talk, we would be looking
at a relatively new class of abuse primitives in the very large and complex
Active Directory environment. We will be introducing components of Microsoft's
PKI Infrastructure i.e Active Directory Certificate Services. We will look
further at how misconfigurations in Certificate Services could lead to full
domain compromise. This talk will dive deep into the enumeration, hunting, and
exploiting of Certificate Services and Templates with examples and demos.
Towards the end, this talk will focus on remediation and detection strategies
for organizations in order to harden the attack surface via Active Directory
Certificate Services. Level: Intermediate

* Suraj Khetani - Emirates NBD

6:15 pm

AFTERPARTY

Jun 5thJun 6th
Filter sessions: TRACK 1TRACK 2TRACK 3WORKSHOPS
9:00 am
TRACK 1

[EN] SOFTWARE SUPPLY CHAIN SECURITY - GOOGLE CLOUD PERSPECTIVE ON CURRENT STATE
OF THE FIELD

Since the SolarWinds, CodeCove and other well known security incidents targeting
software development, the topic of Secure Software Supply Chain was gaining
importance and popularity. 2022 Google’s DORA report showed that adoption of
software supply chain security practices has started and standards around the
field are slowly establishing, including Supply-chain Levels for Secure
Artifacts (SLSA) framework, and the NIST’s Secure Software Development Framework
(SSDF). Also the importance of CI/CD pipelines as a key point of security tools
integration is growing. Another aspect of this topic is deep dependency of
modern software development on open source libraries and what is especially
critical from the perspective of security, also transitive dependencies forming
large dependency graphs, difficult to track and control from both security and
licensing perspective. As Google Cloud has been incorporating security practices
into software development for years and based on our internal experiences we
created an approach called Software Delivery Shield covering the full software
development lifecycle with proper tooling focusing on security and especially on
compliance with SLSA levels. During our session we will discuss the current
state of the field, review SLSA and SSDF and their consequences, review
available DORA findings and finally demo of SLSA Level 3 compliant supply chain
with SBOM analysis, vulnerability scanning on various stages, solid provenance
of artifacts and binary authorization of deployed software. Vulnerability
scanning is also a critical part of software supply chain security. Because
attacks are more complex and very often involve 3rd party software and network
infrastructure, a holistic approach is urgently needed. Mandiant as a part of
Google Cloud is providing a unique approach on how to proactively avoid
compromise risk in different security areas. During the session we will show how
such an Intelligence driven scan on Internet level can show not only CVE
vulnerabilities but also misconfiguration, data leakage, insecure cookies,
expired or almost expired certificates, exposed panel login & services and
finally service & technology discovery. Level: Intermediate

* Artur Kuliński - Google Cloud
* Omar Saenz - Security Specialist, Cybernetics Futurist at Google Cloud
* Damian Hoffman - Mandiant

TRACK 2

[EN] A SECURITY ANALYSIS OF COMPUTER NUMERICAL CONTROL MACHINES IN INDUSTRY 4.0

Computer numerical control (CNC) machines are largely used in production plants
and constitute a critical asset for organizations globally. The main benefit of
CNC machines such as automated drills, lathes, and mills is that they are
programmed to execute repetitive tasks with the goal of improving the production
while reducing the costs. The strong push dictated by Industry 4.0 led to the
introduction of technologies for the wide connectivity of industrial equipment.
As a result, modern CNCs resemble more full-fledged systems than mechanical
machines, offering numerous networking services for smart connectivity. This
research explored the risks associated with the strong technological development
observed in the domain of CNC machines. We performed an empirical evaluation of
four representative controller manufacturers, by analyzing the technologies
introduced to satisfy the needs of Industry 4.0, and by conducting a series of
practical attacks against real-world CNC installations. Our findings revealed
that malicious users could abuse of such technologies to conduct attacks like
denial-of-service, damage, hijacking or theft of intellectual property. We
demonstrated all these attacks in practice. For example, we simulated an attack
in which a malicious user targets a production line to steal intellectual
property (in the form of production code) or sabotages the production. In
another scenario, a cybercriminal takes control of the manufacturing process to
introduce microdefects that pass the QA process, eventually resulting in
economical or reputational loss for the manufacturer. Given the importance of
our findings, we took appropriate precautions before publishing our research.
Specifically, we closely worked with the vendors to raise our concerns and
suggest measures for mitigation. This talk wants to be an opportunity to raise
awareness in a domain in which, unfortunately, security is not yet a primary
driver. Level: Intermediate

* Marco Balduzzi - Trend Micro

TRACK 3

[LIVE ONLY] [EN] EVERYTHING YOU DIDN'T KNOW ABOUT RANSOMWARE

The lecture will not be recorded. When we talk about ransomware, we usually talk
about the functionalities that are primary to such malicious code - encryption,
encryption speed, level of cryptographic algorithms, and thinks like that. But
in order for ransomware to be effective and truly destructive, the code uses
various tricks before encrypting files. These are tiny little functionalities
that make this type of malware a good monetizing platform. In the last few
years, Croatia has been hit by numerous serious and destructive cyber incidents
in which attackers used various patterns. From my own perspective (as an
incident response member), I will talk about the techniques and tricks that
attackers use, which are embedded in the ransomware code in order to be as
efficient as possible. The most important, detection opportunities will be
discussed for defenders in SOC also. Level: Intermediate

* Bojan Alikavazovic - Diverto d.o.o.

10:00 am
TRACK 1

TBA

TRACK 2

TBA

TRACK 3

TBA

10:00 am
WORKSHOPS

[EN] ONE SMALI STEP FOR MAN, ONE GIANT STEP FOR RESEARCHERS

With more and more people using their phones as the primary device, mobile
malware's prevalence skyrocketed. People nowadays store their money, memories
and digital identities in their pockets, making their phones a ripe avenue for
attackers. From the high level threat landscape, down to the nitty gritty of
every specific actor, understanding the basics of Android reverse engineering
can give an analyst the necessary cutting edge. This is what this workshop wants
to deliver: taking people from zero to hero in order to give them a more
thorough understanding of the Android malware landscape. Level: Beginner

* Gabriel Cirlig - HUMAN Security

11:00 am
TRACK 1

[PL] RANSOMWARE - UPRAWA I PIELĘGNACJA. PORADNIK HODOWCY RANSOMWARE

Media w każdym tygodniu donoszą o kolejnych firmach zainfekowanych ransomware, a
u Ciebie ciągle nic? Konkurencja miała już kilka incydentów a u Ciebie dalej
posucha? Co zrobić, żeby ransomware czuło się w Twojej sieci komfortowo? Jakie
warunki należy stworzyć, żeby infekcja ransomware była szybka i skuteczna, a
efekty długotrwałe i medialne? Najlepiej skorzystać z poradników doświadczonych
hodowców, którzy nie raz udowodnili, że ransomware czuje się w ich sieci jak w
domu. Chcesz wiedzieć jak poprawnie wdrożyć Ransomware Deployment Protocol i nie
tylko? Zapraszam na prezentację.

* Maciej Jan Broniarz - DeCode9

TRACK 2

[EN] ROYAL RANSOMWARE

Royal Rumble: Analysis of Royal Ransomware: In today’s landscape, the race
between detection engineers and malware authors keeps evolving. The ransomware
scene is no different. In our talk, we will demonstrate how the Royal ransomware
authors took multiple approaches to win this race, and how we as security
researchers must adapt to detect it. We will start by walking through the threat
intel aspect of the group, explaining how the ransomware itself is being
deployed, which actors are associated with the royal group, and which malware is
taking part of the full circle of the Royal ransomware operation. Next, we will
dig deep into the ransomware binary itself and display the full reverse
engineering of the Royal ransomware payload. We will show how the ransomware
operates from a code perspective, from the beginning until the encryption
finally occurs. In our talk, we will emphasize the new trend of “partial
encryption” and how it took over as the main method of evasion in the ransomware
landscape. We will show how Royal ransomware took this approach to the next
level by allowing the ransomware operator to choose the encryption percentage of
the targeted files. We will talk about the challenges of anti-ransomware
products in dealing with the concept of partial encryption and specifically the
Royal ransomware approach, and also elaborate on the approach and mindset needed
to overcome this challenge. We hope our talk will raise awareness of the risk of
being unprepared when this new wave of next generation ransomware arrives, and
hopefully how we as the security community can deal with this challenge. Level:
Intermediate

* Alon Laufer - Cybereason
* Eli Salem - Cybereason

TRACK 3

[EN] SAP (ANTI-)FORENSICS: DETECTING WHITE-COLLAR CYBER-CRIME

The SAP system is more and more in the spotlight, attackers start to understand
the value of these kinds of systems, and we already see that "SAP " is a part of
the attacker arsenal. Almost inevitably this leads to being mandated to perform
forensic investigation over the SAP system... and what most people can imagine,
it is a challenging activity! With more than 19 different data sources, located
in different places (database, OS) with different formats (table, text file,
proprietary format file) you must be prepared to. This is why we decided to
write and give a documentation about it, as exhaustively as possible, including
explanation of all data sources, specificity, what to look for, limitations but
also possible anti-forensic techniques that investigators must be informed
about. This talk focuses on the most important part of the whitepaper, try to
provide an easy as possible introduction to SAP forensic as well as demonstrate
few anti-forensic techniques and protection about them. Level: Beginner

* Yvan Genuer - Onapsis

11:55 am

LUNCH BREAK 12:00 -15:00

12:00 pm
TRACK 1

- TIME FOR LUNCH -

TRACK 2

[PL] POWERSHELL: LEVEL HARD

PowerShell na stałe już się wpisał jako wygodna powłoka systemowa służąca do
realizacji codziennych zadań. Próg wejścia jest dość niski, jednak to w rękach
kreatywnych, zaawansowanych użytkowników może dopiero pokazać co potrafi. I w
takim obliczu właśnie PowerShell podczas prelekcji Pawła zostanie
zaprezentowany, zarówno sauté jak i w towarzystwie zewnętrznych aplikacji.
Całość, zwyczajowo już, zostanie zapakowana w intrygującą historię, tym razem w
wizji postapokaliptycznego świata oczami pewnego hakera o pseudonimie.. Dark
Seeker.

* Paweł Maziarz - Alphasec

TRACK 3

[EN] ATTACKING DEVELOPER ENVIRONMENT THROUGH DRIVE-BY LOCALHOST

There is a widespread belief that services that are only bound to localhost are
not accessible from the outside world this is unfortunately not always the case.
Developers for convenience sake will run services they are developing configured
in a less secure way compared to how they would (hopefully!) do in higher
environments. By compromising websites developers use, just injecting JS into
adverts served on those sites or just a phishing attack that gets the developer
to open a web browser on a compromised page, it is possible to reach out via non
Pre-Flighted HTTP requests to those services bound to localhost, by exploiting
common misconfigurations in Spring, or known vulnerabilities found by myself,
including the recently disclosed Critical Vulnerability in Quarkus (
https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security
). I'll demonstrate during the talk, it is possible to generate a RCE on the
developer's machine or on other services on their private network. How this
class of attack works and what can be done to defend against it. As developers
have write access to codebases, AWS keys, server creds etc., access to the
developer's machine gives an attacker a great deal of scope to pivot to other
resources on the network, modify or just steal the codebase. Level: Advanced

* Joseph Beeton - Contrast Security

1:00 pm
TRACK 1

[PL] WIPERY, SANDWORMY, DDOSAAS, HAKTYWIŚCI I APT, CZYLI CYBERZAGROŻENIA PISANE
CYRYLICĄ.

Wybuch wojny w 2022 roku nie tylko zmienił obraz współczesnego świata, ale i
przemodelował działania w cyberprzestrzeni. Do tej pory mieliśmy do czynienia z
wieloma operacjami zorganizowanych grup APT lub przestępczych. Czas wojny to
czas intensywniejszej pracy w obszarze wykrywania zagrożeń oraz reagowania na
incydenty. Operacje cybernetyczne wymierzone w organizacje i kraje stały się
elementem wojny a nie tylko techniką rozpoznania lub osłabienia przeciwnika (jak
dotychczas). Bardzo często są to działania innowacyjne i wcześniej
nieobserwowane, które wymagają ciągłej adaptacji oraz reagowania na działania
przeciwnika. W tym czasie można było zaobserwować wzrost roli działań w obszarze
Cyber Threat Intelligence. Pierwsze dni wojny przyniosły wiele niewiadomych, co
do potencjalnych wektorów ataku i siły destrukcyjnej przeciwnika, ale z biegiem
dni zbudowany został profil adwersarza. To właśnie wykrywanie zagrożeń oraz
szybka wymiana informacji o nich wsparła budowę cyberbezpieczeństwa w obszarze
operacyjnym. Prezentacja zostanie oparta na analizie wybranych rzeczywistych
cyberataków, jakie miały miejsce. W szczególności wskaże jak cenna jest
informacja pozyskiwana "bezpośrednio na cyberfroncie". Autor pokaże jak w
obliczu wojny wykorzystano informacje w bieżącej pracy operacyjnej, gdzie
pozyskana wiedza o zagrożeniach stała się kluczowa dla skuteczności działań
zespołów bezpieczeństwa. Pokazany zostanie przeciwnik, jego potencjał ofensywny,
sposób działania oraz w jaki sposób go poznawaliśmy. Bogata w przykłady i
osobiste doświadczenia autora prezentacja, wskaże w sposób subiektywny, jak
pozyskiwać informacje, jak je analizować i budować wiedzę, a co najważniejsze
jak dynamicznie zarządzać swoimi działaniami obserwując codzienne kampanie
przeciwnika. Obecnie, są to zagadnienia szczególnie ważne, ponieważ mierzymy się
z nowymi zagrożeniami. Poziom: Zaawansowany

* Ireneusz Tarnowski - BlueCyberspace

TRACK 2

- TIME FOR LUNCH -

TRACK 3

- TIME FOR LUNCH -

1:00 pm
WORKSHOPS

[EN] TALKING TO WINDOWS DRIVERS

After you realize you cannot run your code in the kernel mode, you usually think
about talking to the code already running there. In most cases it is about
sending IOCTLs and FSCTLs to the proper device or filesystem. The workshop
explains how to do it, how reality differs from the documentation, what you can
win, and what can go wrong. You can expect a lot of C, and low-level digging,
but in real world someone needs to do it. Level: Intermediate

* Grzegorz Tworek - Standard Chartered

2:00 pm
TRACK 1

[EN] NORTH KOREAN CASE STUDY HOW TO STEAL 951 000 000 $ WITH A PRINTER.

This presentation is an overview of attacks by North Korean APT groups. Covers
the entire history of Korean APT groups and motivation. "Known" attacks from an
unknown view, as well as those that were silent in the industry mainstream. Why
is it such an important source of income for the Kim Jong-Un regime? How much
does he actually earn from it and how does he recruit and train people? All this
will be included in the slides of this presentation. Level: Beginner

* Mateusz Ossowski - Niebezpiecznik

TRACK 2

[PL] SZTUKA ANALIZY - INŻYNIERIA WSTECZNA Z WIEDZĄ ZEROWĄ

Badasz interesujące Cię urządzenie... tak jest! Na płytce drukowanej widzisz
znajomy Tobie układ pamięci, którego zawartość zapisujesz do późniejszej
analizy. Otwierasz plik i widzisz ciąg tysięcy bajtów. Jakie jest jego
przeznaczenie? Czy to kod programu, a może dane? Co dalej? Gdzie zacząć szukać
odpowiedzi? Wykład jest przeglądem technik inżynierii wstecznej, które można
zastosować z zerową wiedzą o przedmiocie analizy, wraz z praktycznymi
przykładami - tak aby móc rozwiązywać te bądź inne zagadki, które są chlebem
powszednim "reverserów". Prezentacja wspomni o standardowych metodach ślepej
analizy danych używanych w inżynierii wstecznej - badanie entropii, histogramy,
testy losowości, standardowe i rozmyte wyszukiwanie wzorców. Pokazane zostaną
sposoby wykorzystania tych technik do rozwiązywania realnych problemów w
inżynierii wstecznej, podając przykłady zastosowania wspomnianych metod przy
analizie współczesnego sprzętu i oprogramowania. Poziom: Średniozaawansowany

* Jaromir Górski - EY - Advanced Security Center

TRACK 3

[EN] HACKING ADS AND COMMERCIALS

First online ad was posted on the internet in 1994. Three years later in 1997
pop-up ads were invented and became the bane of internet users around the world.
Google AdWords was born on October 23, 2000 and the first ad-exchange was
founded in 2003. Twenty years later Google’s ad revenue constitutes more than
75% of the company’s total revenue and equals 225 billion $. Advertising spaces
are being sold on both news sites and blogs. Company’s bid among themself to
have a chance to promote their product to a well profiled internet user. The
Internet in 2023 is all about ads, products and money. During the talk we will
take the audience on a journey through a fantastic world of Internet
advertising. We will take a look at the evolution of internet ads, focus on the
methods and tactics that threat actors used to exploit the internet ad business
for malicious purposes and finally discuss various mechanisms which were
implemented to try to stop them. Level: Beginner

* Wiktor Szymanski -
* Krzysztof Czerkas -

3:00 pm
TRACK 1

[EN] WHAT RECENT SECURITY INCIDENTS CAN TEACH US IN 2023?

Recently there were a lot of security breaches. You should be familiar with most
of the companies that were breached: Auth0, Circle CI, GitHub, Heroku, LastPass,
Okta, Slack, Travis CI, Twilio, Uber. Take a moment and consider if you are
using products built by those companies in your daily job. Based on available
details I will show what we can learn from those incidents and apply it in your
company to make a possible breach harder: some statistics, repeating patterns
and most important - recommendations. I will focus on the defensive side and the
best practices to adopt in areas like: * Detection: Canary tokens, anomalies,
2fa notifications etc. * Threat modeling: using third party software, having
customer support, using private devices etc. * Prevention: u2f, PAM, etc. You
will learn what a typical breach looked like, what worked, what failed and best
practices to implement in your own company to make it more resilient. I'm open
to discuss those incidents and lessons learned with the audience, so bring
mikes! Level: Beginner

* Mateusz Olejarka - SecuRing

TRACK 2

[PL] CHATGPT - WRÓG CZY PRZYJACIEL.

ChatGPT to narzędzie, o którym usłyszał cały świat. Liczba tutoriali opisujących
jego zastosowanie w różnych aspektach tworzenia oprogramowania rośnie w
lawinowym tempie. To pokazuje jak bardzo cenimy sobie wygodę i prostotę tego
typu rozwiązań. Czy jednak takie rozleniwienie i brak skupienia nie spowoduje
przeoczenia zagrożeń, jakie użycie tego typu narzędzi za sobą niesie? Czy uda
nam się wychwycić złośliwy kod zaszyty w wygenerowanej przez algorytm odpowiedzi
na zadany problem? Czy podczas poprawiania rozwiązania, zgodnie ze wskazówkami
pomocnika, zauważymy, że jego intencją jest nie tylko rzetelna pomoc, ale także
ułatwienie złamania naszych zabezpieczeń? To tylko kilka przykładów, nowych
zagrożeń, które pojawią się wraz z masowym wykorzystaniem narzędzi podobnych do
ChatGPT. Myślę, że wpływ programowania wspomaganego poprzez AI na jakże ważny
aspekt, jakim jest bezpieczeństwo oprogramowania, jest nadal pomijany i dlatego
celem tej dyskusji jest rozpoczęcie debaty na temat bezpieczeństwa w nowej
rzeczywistoci, w którą wkraczamy. Poziom: Początkujący

* Michał Sarnowski - Intel

TRACK 3

TBA

4:00 pm
TRACK 1

[PL] RED TEAMS IN THE MODERN ORGANIZATION - 2 TIPS & SOME TRICKS

Pokażę całą masę trików wykorzystywanych w czasie operacji Red Team. Będą też -
aż ;) - dwie porady, oczywiście techniczne! Prezentacja będzie oparta na demach
- mało slajdów, dużo kodu i przykładów, które i Wy możecie wypróbować! Poziom:
Średniozaawansowany

* Jakub Plusczok - 1753c - Stowarzyszenie na rzecz cyberbezpieczeństwa

TRACK 2

[EN] HOW THE FBI TRACES "ANONYMOUS" CRYPTOCURRENCIES

Cryptocurrencies are often touted as a way to move money anonymously, without
any supervision of the government, and free from the pesky controls and
standards of financial institutions. While it's true that most cryptocurrencies
including BitCoin are pseudonymous, government institutions can often easily
connect names to supposedly anonymous wallets and ordinary people can learn a
lot about blockchain transactions by using OSINT. Despite BitCoin's reputation
for privacy it has already helped bust many criminals thanks to the emerging
field of cryptocurrency tracing. I'd like to speak about how criminals use
cryptocurrencies to hide their transactions and how the police and OSINTers are
catching up with them. How do you connect a name to a wallet? How do criminals
launder crypto and how can we prevent it? Can you hack a cryptocurrency? Level:
Beginner

* Jan Iłowski - Student - Akademia Leona Koźmińskiego

TRACK 3

[EN] HOW TO BREAK INTO ORGANIZATIONS WITH STYLE: HACKING ACCESS CONTROL SYSTEMS

Have you ever wondered how Red Teamers manage to get access to high-security
areas in buildings? This talk is your chance to learn about the tools, tactics,
and techniques they use to break access control systems. The presentation is
based on the experience and examples collected during the Red Team assessments
and gathers in one place the knowledge needed to gain access to places protected
by access cards. During the talk, I’m going to show you how I was able to break
into organizations using simple card cloning: We'll discover the basics of RFID
technology and learn how to use Proxmark3 for access card scanning and cloning
with the demo of the device operation. We'll explore some of the most effective
attacks on access cards and how to run them. We’ll delve into the technical and
social engineering aspects of access card scanning during a Red Team Assessment
with some real life examples. And last but not least - we'll talk about how to
protect your organization from these types of attacks. Let’s discover how to
break into organizations with style. Level: Beginner

* Julia Zduńczyk - SecuRing

5:00 pm
TRACK 1

[EN] THE HACKER'S GUIDE TO KUBERNETES

Kubernetes is the most popular container orchestration platform for automated
deployment, scaling, and management of containerized applications. With more and
more applications running in Kubernetes, it is crucial to understand Kubernetes
security risks. This talk guides you through various security risk of
Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you will
find out how to exploit a range of vulnerabilities or misconfigurations in your
k8s clusters, attacking containers, pods, network, or k8s components, leading to
an ultimate compromise of user accounts in an exemplary web application. You
will learn about common mistakes and vulnerabilities along with the best
practices for hardening of your Kubernetes systems. Level: Beginner

* Patrycja Wegrzynowicz - Form3

TRACK 2

TBA

TRACK 3

LIVE OLNY [EN] PERSISTENCE PAYS OFF - TWISTED PATH FROM A SIMPLE BUG TO CODE
EXECUTION IN GOVERNMENT SYSTEM.

This lecture will not be recorded. Nontrivial and interesting story showing the
full proces of successful attack on a big government system. I will show how
I've found and chained together several vulnerabilities to achieve code
execution. Especially interesting is the multidimentional aspect of the whole
story, where we go through several different topics and technologies: http/web,
golang, libreoffice, chrome and even Linux kernel code. Level: Intermediate

* Błażej Adamczyk - Efigo Sp. z o.o.

The times of lectures in the agenda may be subject to change.

LIVE ONLY - THE LECTURE WILL NOT BE RECORDED

--------------------------------------------------------------------------------

WORKSHOPS*

*Available only to conference attendees - advance registration required, number
of seats is limited.

05.06.2023

10:00 - 12:00

[EN] SMART CONTRACT BUG HUNTING 101 - ETHEREUM EDITION

* Samandeep Singh

[EN] SPEED UP YOUR REVERSE ENGINNERING INVESTIGATIONS IN GHIDRA WITH ASKJOE AND
OPENAI

* Charles Lomboni

06.06.2023

10:00 - 12:00

[EN] ONE SMALI STEP FOR MAN, ONE GIANT STEP FOR RESEARCHERS

* Gabriel Cirlig

[EN] TALKING TO WINDOWS DRIVERS

* Grzegorz Tworek

SPEAKERS

* Błażej Adamczyk Efigo Sp. z o.o.

Bug hunter and responsible disclosure follower. Linux and open-source
fanatic. Professional pentester, system architect and lecturer. Specializes
in virtualization, networking and operating systems. Leader and member of
secfault security research team established at Silesian University of
Technology.

* Bojan Alikavazovic Diverto d.o.o.

Bojan works as a security analyst at Diverto d.o.o. in Croatia. He is a
member of the Security Operation Center (SOC), which monitors, processes and
manages security incidents in various business environments including
critical infrastructure. He has experience in threat research, reverse
engineering of malicious code, penetration testing, security hardening,
detection engineering, and integration of various solutions for the detection
and prevention of cyber attacks.

* Eran Ayalon Cybereason

Eran Ayalon, Security Research Team Leader at the Cybereason Security
Research Team specializes in detecting different attack frameworks on
multiple OS. Eran started his career six years ago as a security researcher
in the Israeli Air Force, where he specialized in malware analysis,
forensics, and incident response. Eran's previous employment was in the
banking sector, where he led the threat hunting and incident response in
corporate environments.

* Marco Balduzzi Trend Micro

Dr. Marco Balduzzi is a team leader & principal researcher in computer &
network security. Marco holds a PhD in applied security from Télécom
ParisTech and an M.Sc. in computer engineering from the University of
Bergamo. His interests concern all aspects of computer security, with
particular emphasis on real problems that affect systems and networks. Marco
has been involved in IT security since 2002 with international experience in
both industry and academia. With previous experience as a security consultant
and engineer, he is now a technical research lead at Trend Micro. With over
50 talks in major security events, he is considered a veteran speaker. His
work has been published in the proceedings of top peer-reviewed conferences
like NDSS, RAID and ACSAC, and featured by distinguished media like Forbes,
The Register, Slashdot, InfoWorld, DarkReading, BBC and CNN. He now sits on
the review board of conferences, including HITB, OWASP, eCrime, DIMVA and
IEEE journals.

* Tomer Bar SafeBreach

Tomer Bar is a hands-on security researcher with 20 years of unique
experience in leading cyber security research groups. In the past, he ran
research groups for the Israeli government and then led the endpoint malware
research for Palo Alto Networks. Currently, he leads SafeBreach Labs as the
director of security research. His main interests are Windows vulnerability
research, reverse engineering, and APT research. Among his discoveries are
the PrintDemon vulnerabilities in the Windows Spooler mechanism which were a
candidate for the best privilege escalation of 2021 Pwnie awards and several
research studies on Iranian APT campaigns. He is a contributor to the MITRE
ATT&CK® framework. He presented his research at BlackHat 2020, Defcon 2020,
2021, 2022, Sector, Recon, and Hackcon conferences.

* Joseph Beeton Contrast Security

I'm a recovering Java Developer. I started my career as a Java developer
writing Archive/Backup software before moving to a large financial company
working on webapps and the backend APIs. However, after a while writing yet
another microservice isn't that much fun anymore, but breaking them was. So I
moved to Application Security and from there to Research. Now I work as
Security Researcher for Contrast Security.

* Maciej Jan Broniarz DeCode9

Prelegent z wieloletnim doświadczeniem, ceniony wykładowca akademicki,
konsultant ds. bezpieczeństwa IT.Od 2010 roku wykładowca Informatyki
Kryminalistycznej w Centrum Nauk Sądowych Uniwersytetu Warszawskiego.
Prowadził liczne wykłady i szkolenia z cyberbezpieczeństwa m.in. dla Komisji
Nadzoru Finansowego, Politechniki Warszawskiej, Wydziale Matematyki,
Mechaniki i Informatyki Uniwersytetu Warszawskiego, NASK i Warszawskiej Rady
Adwokackiej. Ceniony za obszerną wiedzę, bogate doświadczenie praktyczne i
umiejętność łatwego przekazywania wiedzy oraz przystępnego wyjaśniania nawet
najbardziej złożonych treści.W czasie kariery zawodowej kierował m.in.
Działem Sieci Komputerowych Uniwersytetu Warszawskiego oraz zespołem CERT
PLIX. Ekspert ds. cyberbezpieczeństwa i informatyki śledczej, współpracujący
m.in. z kancelarią Leśniodorski, Ślusarek i wspólnicy oraz Pietrzak-Sidor.
Współpracuje z Fundacją im. Bronisława Geremka i Helsińską Fundacją Praw
Człowieka w projektach R&D dotyczących zwalczania przestępczości w
internecie. Członek Polskiego Towarzystwa Kryminalistycznego.

* Michał Brygidyn Xebia

Michal is an experienced ethical security researcher, cloud solutions
architect, AWS Ambassador, conference speaker, and a lecturer at a
university. Michal is passionate about finding sources of leaking data,
chaining small misconfigurations, and getting admin access to your
environment to help you become more secure.

* Łukasz Cepok CSIRT KNF

Analityk @CSIRT KNF. Znudziło mnie analizowanie mobilnego malware, ja chce
wiedzieć kto to tworzy.

* Szymon Chadam SecuRing

Specjalista do spraw bezpieczeństwa IT w SecuRing. Na co dzień psuje
aplikacje - zarówno te webowe jak i mobilne. Absolwent Cyberbezpieczeństwa na
Akademii Górniczo-Hutniczej, więc dobrze wie jak wykorzystać nieograniczoną
studencką wyobraźnię w cyberprzestrzeni. Aktywny członek koła naukowego
ZeroDay AGH, głównie zainteresowany bezpieczeństwem aplikacji mobilnych na
platformie Android.

* Gabriel Cirlig HUMAN Security

With 15 years of industry experience, Gabriel launched his career as a
software developer turned rogue, focused on developing apps for small
businesses to 2M+ DAU Facebook games, while keeping an eye for everything
shiny and new. More recently, he has shifted gears to living life in the
fast-moving cyber lane as a security researcher for HUMAN, all the while
sharing his expertise speaking at various conferences such as PHDays, SAS,
NullCon and AVAR. With a background in electronics engineering and various
programming languages, he applies his passion by dismantling and reassembling
whatever he can get his hands on, and showcasing his repertoire of hacker
tactics.

* Dawid Czarnecki Zigrin Security

Dawid Czarnecki has over 11 years of experience in identifying security
weaknesses and vulnerabilities in small and medium sized companies as well as
large international organizations. He is a former Senior Penetration Tester
at the NATO Cyber Security Centre, where he was responsible for penetration
testing applications, systems and network infrastructure in NATO member
states. Member of the GIAC Advisory Board. He is the founder of Zigrin
Security, a company that helps secure international organizations.

* Krzysztof Czerkas

Krzysztof is a Product Security Engineer working for a mass media company.

* Arash Ale Ebrahim CISPA

A Ph.D. student of SysSec group at CISPA – Helmholtz Center for Information
Security with a focus on innovative approaches for discovering security
vulnerabilities through fuzzing. Previous to joining CISPA, he was working as
vulnerability researcher at Singapore.

* Kamil Frankowicz ( ͡° ͜ʖ ͡°)

Fan fuzzingu oraz nowych metod powodowania awarii programów. Odkrywca ponad
130 podatności bezpieczeństwa i 500+ błędów w oprogramowaniu. Na co dzień
przeprowadza ofensywne testy bezpieczeństwa. Do jego specjalności należy
psucie – często nieintencjonalne. W czasie wolnym lata dronem, fotografuje i
nieregularnie opisuje swoje znaleziska na blogu związanym z bughuntingiem.

* Yvan Genuer Onapsis

Yvan Genuer is a Sr. Security Researcher at Onapsis. He has over 18 years of
SAP experience. He has been delivering consultancy services around SAP
Security as well as researching for vulnerabilities into SAP products,
resulting in SAP AG official acknowledgements he has received, for 100+
vulnerabilities he originally reported. Furthermore, he has also conducted
both trainings and talks about this topic in conferences.

* Jaromir Górski EY - Advanced Security Center

Pentester and security analyst at EY, member of the Advanced Security Center
team. Throughout his career, Jaromir performed multiple tests of web and
mobile applications for international clients, mostly in the banking sector,
as well as several source code reviews and infrastructure security
assessments. Jaromir also has a background in low-level programming, reverse
engineering and exploitation. He contributed to security of several open
source projects and participated in bug bounty programs in the past.

* Adam Haertle ZaufanaTrzeciaStrona.pl

Security expert with 20 years of experience as well as speaker, trainer and
lecturer. Every year he conducts over 150 lectures for open and closed groups
in Poland and abroad on issues of online security, threats related to
e-banking, privacy and company information protection. He has successfully
trained both the management boards of the largest Polish enterprises and the
employees of hundreds of companies and institutions. In his presentations he
uses simple, accessible language and real-life examples to describe real
threats to companies and users.He is also the creator and editor-in-chief of
ZaufanaTrzeciaStrona.pl, one of the most popular Polish websites devoted to
information security. Prior to founding his own company, he worked as a
security consultant at Deloitte and then as a CISO at UPC (part of Liberty
Global), where for 12 years he was responsible for information security in
the CEE region. Since 2004, he has been a regular speaker at all major
security conferences in Poland, where he gets top marks in participant
surveys. Lecturer of postgraduate studies in the field of security management
at the Warsaw School of Economics and Kozminski University. Organizer of one
of the largest Polish conferences on security - Oh My H@ck (omhconf.pl).

* Jamie Harries CrowdStrike

Jamie Harries is a cyber security professional with over 10 years of
experience in the industry. As a Technical Lead within CrowdStrike for the
EMEA region, Jamie leads some of the most complex incident response
investigations that CrowdStrike deals with, such as widespread
telecommunications network breaches, banking and payment infrastructure
compromises, cloud-based incidents, as well as largescale enterprise
ransomware attacks. Prior to joining CrowdStrike, Jamie worked as an Incident
Response Consultant at MWR InfoSecurity, as well as a Security Analyst at BAE
Systems Applied Intelligence within their Security Operations Centre (SOC).
Throughout his career, he has worked on numerous projects spanning across
areas such as incident response, threat hunting, SOC development and support,
threat intelligence, malware analysis, and reverse engineering.

* Damian Hoffman Mandiant

Damian Hoffman has +12 years of experience in the security market. As a
security architect and system engineer, he has implemented security systems
for a dozen companies from Central and Eastern Europe. He has a lot of
experience in designing corporate architecture for security solutions (XDR,
EDR, IAM, DLP, mobile protection, malware protection and security awareness
programs).

* Jan Iłowski Student - Akademia Leona Koźmińskiego

I'm Jan Iłowski. I've been interested in computer science, film, and finance
for as long as I can remember. I am constantly working on something, I
regularly contribute to free and open source programs and promote software
freedom, responsible use of technology, and digital privacy on my YouTube
channel and website wolneprogramy.pl I regularly give talks on a variety of
issues, so far about 6000 people have attended in person, and an audience of
40 thousand gave me a listen online. I study at Koźmiński University. I'm
writing a blog about technology and finance at janilowski.pl I am a polish
native speaker, however, I do possess a Cambridge Business English Higher
certificate at C2 level.

* Suraj Khetani Emirates NBD

Currently working as a Red Teamer with 9+ years experience in infosec.
Proficient in Adversary Simulations and Assumed Breach/Purple team
assessments. A previous speaker at Hack In The Box. Advisories Published:
CVE-2019- 6288, CVE-2016-5532, CVE-2016-5575, CVE-2016-5583, CVE-2016-5585,
CVE-2016-5586, CVE-2016-5587, CVE-2016-5589, CVE-2016-5591, CVE-2016-5592,
CVE-2016-5593, CVE-2016-5595, CVE-2016-5596. Netgear - PSV-2017-0526

* Adam Kliś STM Cyber

Programmer, security researcher and malware analyst. Used to work at CERT.PL
where he extended DRAKVUF and developed DRAKVUF Sandbox. Currently working at
STM Cyber as part of the R&D team. Playing CTFs with p4 team where he mostly
solves re/web/misc challenges. In his spare time loves playing with hardware
(FPGA, custom PCBs), RF and ducks.

* Artur Kuliński Google Cloud

Artur Kuliński is a member of the Security Specialists EMEA team in Google
Cloud. He has been professionally involved in the IT industry for over 20
years, during which he worked as a programmer, architect and manager of
development teams. For over 10 years he has been working for the financial
industry, both on the client and vendor side. Fascinated by cloud solutions,
which he treats as the next, natural step in the evolution of IT. Since
joining Google Cloud in 2020, Artur has been working in the area of cloud
security.Artur graduated from the Faculty of Electronics and Information
Technology of the Warsaw University of Technology and obtained an MBA from
the Warsaw University of Technology Business School.

* Adam Lange Standard Chartered

Adam is a Head of Cyber Threat Hunting Team in Global Cyber Defense Centre
for one of the largest global financial institution. In spare time he hunts
threat actors, doing malware analysis and coding security tools and systems.
Adam has a over two decades of IT and IT Security experience at offensive
(red) and defensive (blue) side. Frequent speaker at security related
conferences such as Confidence, SECURE, Security bSides Warsaw and What The
H@ck. Retro gaming and Demoscene fan.

* Alon Laufer Cybereason

I'm a Senior Security Analyst with the Cybereason Global SOC team. Alon has
an interest in threat hunting, reverse engineering, incident response, and
malware analysis. I started my career as a Security Researcher in the Israeli
Air Force where I was responsible for protecting critical infrastructure.

* Charles Lomboni Security Joes

Charles Lomboni is an experienced Threat Researcher with expertise in reverse
engineering, malware analysis, threat intelligence, and programming. With 5
years of experience in the field, he has a deep understanding of the
complexities involved in analyzing and interpreting software. As an avid fan
of low-level programming and problem-solving, Charles Lomboni is always keen
to explore the intricacies of software systems and hardware devices, and how
they interconnect.

* Paweł Maziarz Alphasec

Paweł jako ekspert i architekt systemów bezpieczeństwa zdobywał doświadczenie
przez przeszło 20 ostatnich lat, początkowo jako administrator sieci i
systemów Unix/Linux, następnie jako programista, a później pentester i
architekt bezpieczeństwa systemów IT. W trakcie kilku ostatnich lat
przeprowadzał zaawansowane symulacje ataków klasy Advanced Persistent Threat
(APT), tworzył publicznie niedostępne oprogramowanie symulujące złożony
malware, pomagając tym samym podnieść poziom cyberbezpieczeństwa firm na
całym świecie (w tym Polska, Szwajcaria, Irlandia, Azerbejdżan, Chorwacja,
Łotwa, Rumunia). Specjalizuje się również w atakach socjotechnicznych oraz
bezpieczeństwie fizycznym (karty zbliżeniowe, systemy kontroli dostępu etc).
Najwyżej oceniany prelegent na istotnych konferencjach branżowych
(Confidence, What The H@ck, Techrisk) oraz w czołówce wielu innych (m.in.
Semafor, PLNOG, BSides Warsaw). Prowadził zajęcia na Politechnice
Wrocławskiej na kursie ,,System security’', obecnie można go spotkać na
zajęciach reazlizowanych na Akademii Leona Koźmińskiego. Był jedną z
kluczowych postaci rozwijających dział red-team w jednej z firm wielkiej
czwórki i jednym ze współzałożycieli firmy Immunity Systems. Aktualnie jest
założycielem spółki Alphasec i twórcą autorskich szkoleń znanych pod marką
APT Masterclass.

* Dawid Mazurek Akamai Technologies

Dawid is a Security Engineer at Akamai Technologies. He graduated from the
Wroclaw University of Science and Technology with specialization in Cyber
Security. He fascinated in hacking during his studies and then his hacking
story begins. He is still developing his hacking skills and looking for more
opportunities.

* Jan Carlo Moronia Security Joes

Born in Philippines, Jan Carlo Moroni currently works as Senior Threat
Researcher in Security Joes. With almost 10 years of experience in malware
analysis and network security. He is excited to share his findings, thoughts
and experiences with the audience, and to connect with like-minded
individuals who share his passion for generating intelligence through
in-depth analysis and problem-solving.

* Mateusz Olejarka SecuRing

His key responsibilities are web application penetration testing, threat
modeling and source code review. Moreover he works as a consultant, helping
software development teams cope with application security related topics. He
performed more than 70 application security trainings dedicated to software
developers. Previously working as a software developer, building software for
financial sector. He was a speaker both at international and Polish
conferences and meetings dedicated to software development and IT security.
Casual bug bounty hunter, listed in Hall of Fame companies like: Adobe,
Algolia, GM, Jet, Netflix, Tesla, Twitter, Uber, Yahoo.

* Mateusz Ossowski Niebezpiecznik

In tech industry since 2012 where he gained experience in marketing and sales
across SaaS vendors. Being close with end users helped him to understand
their needs better and switch from security enthusiast into security trainer.
It was right after he has stolen business card from Kevin Mitnick. He always
enjoyed sharing knowledge so much that by mistake he was an academic
lecturer. He is responsible for CEE channel sales in Barracuda. In
Niebezpiecznik train non-technical users (over 200 trainings and lectures),
perform phishing attacks and breaks into customers buildings (yes, they want
that). Loves people who read bio to the last dot.

* Szymon Pach Akamai Technologies

I am a Security Engineer at Akamai, specializing in penetration testing. I
have been passionate about hacking since my high school years. I started
programming a few years before that, with Pascal as my first language. When
I'm not working, I enjoy engaging in DIY projects such as building radio
antennas and bad USBs.

* Jakub Plusczok 1753c - Stowarzyszenie na rzecz cyberbezpieczeństwa

Jeden z założycieli stowarzyszenia i fundacji 17 53c. Swoją przygodę z
informatyką rozpoczął grając w Sapera na Windows 3.1. Absolwent Politechniki
Śląskiej. Początkowo związany z branżą pogrzebową, następnie browarnictwem i
poligrafią. Obecnie pentester i red team operator w ING Hubs. W wolnym czasie
uczy dzieci i młodzież jak odnaleźć się po ofensywnej stronie
cyberbezpieczeństwa. Prelegent na licznych konferencjach - zaczynał na
Microsoft Technology Summit (chyba w 2008 roku - kto to jeszcze pamięta... a
mówił o chmurach). W dalszym ciągu gra w Sapera.

* Karol Przystalski Codete

Obtained a Ph.D. degree in Computer Science in 2015 at the Jagiellonian
University in Cracow. CTO and founder of Codete. Leading and mentoring teams
at Codete. Working with Fortune 500 companies on data science projects. Built
a research lab for machine learning methods and big data solutions at Codete.
Gives speeches and trainings in data science with a focus on applied machine
learning in German, Polish, and English. Used to be an O’Reilly trainer.

* Wojciech Reguła SecuRing

Principal Security Consultant | Head of Mobile Security @SecuRing
https://www.linkedin.com/in/wojciech-regula/ https://twitter.com/_r3ggi
Specjalizuje się w bezpieczeństwie aplikacji w środowisku Appla. Stworzył
otwartoźródłową bibliotekę iOS Security Suite, pozwalającą na sprawdzenie
bezpieczeństwa urządzenia iOS z perspektywy aplikacji. Jest MVP Bugcrowda,
znajdował błędy w Apple, Facebook, Malwarebytes, Slack, Atlassian i innych. W
wolnym czasie prowadzi infosec bloga https://wojciechregula.blog. Swoje
badania prezentował na m.in. Black Hat (Las Vegas, USA), Objective by The Sea
(Hawaje, USA), AppSec Global (Tel Aviv, Izrael), AppSec EU (Londyn, Wielka
Brytania), CONFidence (Kraków), BSides (Warszawa).

* Dominik Rozdziałowski MON Dyrektor Departamentu Cyberbezpieczeństwa

Dyrektor Departamentu Cyberbezpieczeństwa Ministerstwa Obrony Narodowej.
Twórca Biura do Walki z Cyberprzestępczością Komendy Głównej Policji i jego
Dyrektor. Wieloletni Naczelnik Wydziału do walki z Cyberprzestępczością KWP
Kielce a także Z-ca Naczelnika Wydziału Wywiadu Kryminalnego. Absolwent
Wyższej Szkoły Ekonomii i Prawa na kierunku Informatyka w ekonomii oraz
Wyższej Szkoły Handlowej w Kielcach na kierunku elektronika i
telekomunikacja. Specjalizuje się w teleinformatyce. Biegły Sądowy z pięciu
dziedzin przy Sądzie Okręgowym w Kielcach. Długoletni funkcjonariusz pionu do
walki z przestępczością gospodarczą.

* Omar Saenz Google Cloud Security Specialist, Cybernetics Futurist

Omar is a cybernetics engineer and cloud security specialist who has more
than 20 years experience helping organisations design and build secure
solutions and more recently, transition securely to the cloud. He loves
talking about Google’s security culture, security automation and
democratising security.He has worked as an technology risk and cyber security
consultant specialising in multiple security domains and roles including
security research and pen testing, security operations, security architect
and in security leadership roles in organisations such as Deloitte,
KPMG,HSBC, OneWeb and GFT. He founded and was the Membership Chair for the
ISC(2) London Chapter and has participated as speaker in several technology
and computer security events including the ISF Annual World Congress in 2017,
The ISC2 Americas Secure Summit 2019 and other securityevents. He has a
degree in Cybernetics Engineering and Computer Systems from La Salle
University and participated in the first cohort of the computer security
programme at UNAM Mexico. He has a Master's degree in Business Innovation
with Innovation Management and Entrepreneurship from Birkbeck University of
London and participated in the AI and Business Innovation programmes from
Saïd Business School from Oxford University.

* Eli Salem Cybereason

Eli is a lead threat hunter and malware reverse engineer at Cybereason. He
has worked in the private sector of the cybersecurity industry since 2017. In
his free time, he publishes articles about malware research and threat
hunting.

* Michał Sarnowski Intel

Ekspert w dziedzinie programowania systemów wbudowanych, rozwijający
oprogramowanie dla wielu pionierskich projektów. Miłośnik nowych technologi
odważnie rozpoczynający swoją podróż w świat security.

* Himanshu Sharma Bugcrowd

Himanshu Sharma, has been in the field of bug bounty since 2009 and has been
listed in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and
many more with hall of fame listings as proofs. He has helped celebrities
such as Harbhajan Singh in recovering their hacked accounts, and also
assisted an international singer in tracking down his hacked account and
recovering it. He was a speaker Botconf '13, held in Nantes, France, RSA 2018
held in Singapore. He also spoke at the IEEE Conference in California and
Malaysia as well as for TedX. Currently, he is the co-founder of BugsBounty,
a crowdsourced security platform for ethical hackers and companies interested
in cyber services. He also authored two books titled "Kali Linux - An Ethical
Hacker's Cookbook ", " Hands-On Red Team Tactics "

* Samandeep Singh

Samandeep Singh is an Information Security professional with 10+ years of
experience working in various Information security roles.His areas of
interests include application security and low-level security research
(fuzzing, RE etc.). He started with Smart Contractsecurity in 2021 and since
then he has spent a lot of his time exploring various bug classes in smart
contracts as well as huntingfor these bugs. In addition to the technical
research, he spends time developing content for security learning. He has
delivered workshopsin conferences like Disobey 2023 (Smart Contract Bug
hunting), Standcon 2022 (x86_64Reverse Engineering) andDevSecCon Singapore
2019(BurpSuite Plugin development). He is also one of the co-organizers for
BSides Singapore.

* Agata Ślusarek CSIRT KNF

Analityk bezpieczeństwa, której nikt nie powiedział, że niektórych informacji
nie da się zdobyć. Odbywa długie podróże do świata alternatywnego - magi i
przestępców. Analizuje zagrożenia, rozwiązuje incydenty i wierzy, że dobrym
OSINtem można wszystko. Nadal mieszka na Telegramie.

* Ilan Sokolovsky Cybereason

Ilan Sokol is a Tech Lead in the Cybereason Security Research Team,
specializing in Linux research. Prior to Cybereason, his work focused on
research in the offensive security field. Ilan has a deep understanding of
the malicious operations prevalent in the current threat landscape. Ilan
loves digital forensics and incident response but is also interested in
offensive aspects such as vulnerability research.

* Wiktor Szymanski

IT Security manager at an ecommerce company. Immersed in Infosecurity for
over ten years. He is fond of designing and implementing security mechanisms
and resolving complex security problems and dilemmas. A graduate of the
Warsaw University of Technology and Technische Universität Berlin. Co-founder
of the website bezpieczny.blog, board game geek, LEGO enthusiast, and a true
fan of sharing knowledge.

* Ireneusz Tarnowski BlueCyberspace

Analityk cyberzagrożeń z długim stażem i ogromną wyobraźnią. Incident
Commander, który dba by wyjaśnianie incydentów były prowadzone zgodnie z
najwyższymi standardami. Zawodowo i hobbystycznie prowadzi analizę zagrożeń,
analizuje cyberataki oraz opracowuje metody ich wykrywania. Łączy kropki w
duże obrazy i rozwija działania Cyber Threat Intelligence, pokazując jak
dzielić się pozyskaną wiedzą. Miłośnik defensywnego podejścia do
cyberbezpieczeństwa oraz uczestnik “bleuteam” w grach treningowych zespołów
reagowania na incydenty.

* Grzegorz Tworek Standard Chartered

Second Generation IT Professional. Since nineties, actively writing,
blogging, and speaking about security, especially when it comes to Microsoft
solutions. Speaker at top conferences around the world. During his career,
built and managed different Security Teams, wrote dozens of tools, put some
hackers to jail and got some others out of jail. Sixteen times awarded with
Microsoft Most Valuable Professional award.

* Rahul Vashista

Rahul is a security researcher with over 4+ years of experience in the
information security ecosystem. He's a full-time Red Teamer working with a
sophisticated cyber security provider with clients all across the globe in
numerous industries such as telecom, banking, pharmaceuticals etc. With his
vast programming experience, his day job includes developing industry-grade
toolkits for his red team and he has a knack for finding effective ways to
bypass the majority of the corporate AV/EDR solutions used globally. Rahul
has his bachelors in Computer Science and also holds CRTO(Certified Red Team
Operator) certification.

* Patrycja Wegrzynowicz Form3

Patrycja is a lead engineer at Form3, Financial Cloud, working on reliability
and performance of UK payments. She is also the founder of Yon Labs, a
startup focusing on automated tools for detection and refactoring of security
vulnerabilities, performance anti-patterns, or cloud issues and providing
consultancy in Java and cloud technologies. She is a regular speaker at
software conferences, including CodeOne, JavaOne, Devoxx, JFokus, and others.
She was awarded an Oracle Groundbreaker Ambassador title in 2020 and 2021.
She was also named as one of Top 10 Women in Tech in Poland in 2016. Her
interests focus on automated software engineering, mainly static and dynamic
analysis techniques to support software verification, optimization, and
deployment.

* Or Yair SafeBreach

Or Yair (@oryair1999) is a security researcher with over 5 years of
experience in cyber security. Currently a researcher in SafeBreach Labs, he
started his professional career in the IDF. Most of his work focused on
Platform Research, including Linux kernel components and some Android as
well. For the last two years, Or has been drawn into the Windows world and
currently focuses on innovative vulnerability research of the operating
system's components. Or has already impacted threat mitigation by widely
sharing his discoveries internationally at conferences he spoke at such as
Black Hat Europe 2022, RSAC 2023, Security Fest 2023 and HackCon 2023.

* Krzysztof Zając CERT Polska

Starszy specjalista ds. analizy zagrożeń w CERT Polska, wcześniej programista
z dziesięcioletnim stażem. Członek zespołu CTF P4, uczy atakowania aplikacji
WWW na Uniwersytecie Warszawskim. Lubi koty i suche żarty.

* Piotr Zarzycki CERT Orange Polska

Od ponad dekady związany z branżą bezpieczeństwa IT. Początkowo doświadczenie
zdobywał jako programista i administrator. Następnie jako członek zespołu
bezpieczeństwa mBanku zajmował się ochroną banku i jego klientów przed
zagrożeniami ze strony cyberprzestępców. Obecnie pracuje w CERT Orange
Polska, gdzie dba o bezpieczeństwo użytkowników polskiego internetu.Od czasu
do czasu występuje na konferencjach branżowych gdzie slajdy z memami
przeplata wynikami swoich badań.

* Julia Zduńczyk SecuRing

Julia performs penetration tests for a wide range of IT Projects as a Junior
IT Security Specialist at Securing. Her main area of interest revolves around
Red Teaming, specifically access control systems testing, RFID hacking,
social engineering and other related topics. As a Cybersecurity student at
AGH, she had the opportunity to learn a wide range of IT security aspects
from the beginning of her academic education. In her free time, she enjoys
playing CTFs and researching attacks on access control systems.

* Marek Zmysłowski Microsoft

Marek Zmysłowski Senior Security Engineer for Azure DevOps @ Microsoft. In
the security industry for more than 14 years. Experience in the area of
penetration testing, reverse engineering or vulnerability finding. Multiple
conferences speaker in Poland (Confidence, WTH) and abroad (HiTB, PacSec,
DefCamp, H2HC, BlueHat).

see more speakers

CONFIDENCE 2022 IN NUMBERS

1,200

Attendees

Tracks

Lectures

Partners

NEWS

28.04

2023

WORKSHOPS AT CONFIDENCE 2023

We’re all about hands-on experience, sharing tips and tools, and pragmatic
knowledge. That’s why this year you will also have a chance to participate in
practical workshops organized by our expert trainers.

19.04

2023

THE PROGRAM OF CONFIDENCE 2023

Trolling cybercriminals, hacking public transport tickets, macOS red teaming,
and everything you need to know about ransomware. This year’s program of
CONFidence conference is really diverse and filled with lots of interesting
topics from different areas of cybersecurity.

04.04

2023

VOLUNTEER AT CONFIDENCE

Are you interested in cybersecurity? Maybe you’re a student looking for some new
experiences and contacts in the community?

Join the CONFidence team as a volunteer - help us during the conference and
attend for free!

PARTNERS

MAIN PARTNER

* ING Hubs Poland https://inghubspoland.com/

STRATEGIC PARTNER

* ISS World https://www.pl.issworld.com/

TECHNOLOGY PARTNER

* Standard Chartered https://www.sc.com/pl/

PLATINUM PARTNER

* BGK https://www.bgk.pl

GOLD PARTNERS

* BNP Paribas Bank Polska
https://www.bnpparibas.pl/kariera/pl/obszary-zatrudnienia/praca-w-it
* euroclear https://www.euroclear.com/en.html
* GSK https://pl.gsk.com/pl-pl/strona-glowna/

PARTNER

* SecuRing https://www.securing.pl/

SPONSOR

* CERT Orange Polska https://cert.orange.pl/

MEDIA PARTNERS

* Bulldogjob https://bulldogjob.pl
* Cyberwiedza https://cyberwiedza.pl
* Magazyn Programista https://programistamag.pl
* Mobile Trends https://mobiletrends.pl
* Niebezpiecznik http://niebezpiecznik.pl
* OSnews http://osnews.pl
* Security Magazine https://www.politykabezpieczenstwa.pl/pl/security-magazine
* Siła Nauki https://silanauki.pl
* SOLID.Jobs https://solid.jobs/offers/it
* Zaufana Trzecia Strona https://zaufanatrzeciastrona.pl

COMMUNITY PARTNERS

* 17 53c https://1753c.io
* Fundacja Bezpieczna Cyberprzestrzeń https://www.cybsecurity.org/pl/
* ISACA Katowice Chapter https://engage.isaca.org/katowicechapter/home
* ISACA Warsaw Chapter https://engage.isaca.org/warsawchapter/home
* ISC2 Poland Chapter https://isc2chapter-poland.com
* SecOps Polska https://secopspolska.pl
* SysOps/DevOps Polska https://www.sysopspolska.pl/
* Warden Owls https://wardenowls.carrd.co
* Wyższa Szkoła Ekonomii i Informatyki w Krakowie https://wsei.edu.pl

*
*
*
*
*
*
*
*
*
*
*
*
*
*

THIS IS HOW
WE DO IT.

Want to see more pictures? Go to gallery
CONTACT

* Monika Barnaś
* Conference Manager
* tel. +48 605 177 768
* monika.barnas@proidea.org.pl

* Adrian Legutko
* Partners
* tel. +48 506 804 442
* adrian.legutko@proidea.pl

* Aleksandra Michalska
* Media & Community
* tel. +48 797 004 933
* aleksandra.michalska@proidea.org.pl

* Paulina Szarzyńska
* Group Tickets
* tel. +48 506 689 579
* paulina.szarzynska@proidea.pl

* ORGANIZER

* Proidea Sp. z o.o.
* ul. Zakopiańska 9
* 30-418 Kraków
* biuro@proidea.org.pl
* www.proidea.pl

* Follow us
facebook
twitter
google+
github

confidence-conference.org Open in urlscan Pro 194.150.98.183 Public Scan

Form analysis 0 forms found in the DOM

Text Content

confidence-conference.org Open in urlscan Pro
194.150.98.183 Public Scan

Form analysis
0 forms found in the DOM