-
Mattias Wadenstein (NeIC)16/06/2026, 10:00Talks and presentations
Welcome from the organizers and practical matters
Go to contribution page -
Georgia Weidman (Bulb Security)16/06/2026, 13:00Talks and presentations
Mobile devices are everywhere in the enterprise—but they are still frequently out of scope for security testing. That blind spot creates real risk.
Modern mobile platforms introduce a wide range of attack surfaces, from phishing and malicious applications to vulnerabilities that allow silent device compromise. Once compromised, mobile devices can act as pivot points into internal networks...
Go to contribution page -
Nick Dunn16/06/2026, 13:45Talks and presentations
Overview
The concept of “data bouncing” via a third-party web server provides an extremely stealthy method of bypassing traditional network safeguards. By directing web requests to certain domains that process hostnames in headers, you can relay small pieces of data to your DNS listener, allowing you to collect and reconstruct data, be it strings, files, or any other type of...
Go to contribution page -
Hasain Alshakarti (TRUESEC)16/06/2026, 15:00Talks and presentations
In any cyber attack, adversaries must maintain a presence within the target environment to achieve their objectives. Whether aiming to disrupt critical infrastructure, spy on and extract data from industrial or intellectual targets, or execute a ransomware operation, sustained access is crucial.
Persistence provides stable access, enabling adversaries to better explore, move laterally,...
Go to contribution page -
Christian Biehler (Deutsch)16/06/2026, 16:00Talks and presentations
App Control is the latest Microsoft solution to determine what application are allowed to run on Windows 11. To increase the security, it is possible to create signed policies that even should prevent administrators from changing the policies.
Go to contribution page
One day, Microsoft introduced Managed Installer to simplify installation and updating of App Control rules - gues what: It allows to completely bypass... -
Magnus Eklund (Red Hat)17/06/2026, 09:00Talks and presentations
Software supply chain attacks are increasing in frequency and impact—but how concerned should we really be, and what can we do about it?
To deploy software rapidly and safely, organizations must ensure their software is trustworthy, compliant, and secure. In this session, you’ll learn how a shift-left security approach introduces security checks and guardrails at every stage of the software...
Go to contribution page -
Anton Lundin17/06/2026, 09:45Talks and presentations
The decision of which remote computers you can trust and which you can’t is hard. You probably think that you can trust a machine that you’ve just done a fresh install upon, but when that machine leaves your physical control and is shipped off somewhere in the world, has it then left your trust boundary and is completely untrusted? How can you know it’s the same machine, running the same...
Go to contribution page -
Akshansh JaiswalTalks and presentations
The Problem (Why This Talk Exists)
Security teams are under pressure to "add AI", to code review, SCA, incident response,
infrastructure analysis, mobile security. The tooling market has responded with a flood of
products that promise intelligent, automated security coverage. Most of them work beautifully
in demos. Most of them fail quietly in production.The failure isn't a bug....
Go to contribution page -
Omer Farooq (Auxin Security)Talks and presentations
In 2025, attackers used a hitherto unknown vulnerability in the Oracle Cloud authentication infrastructure, stealing millions of identity records and sensitive keys of more than 140,000 tenants the breach highlights the role of vulnerability in security testing and lifecycle practices in causing broad vulnerability.
In this discussion, the authors present a view of how contemporary...
Go to contribution page
Choose timezone
Your profile timezone: