-
Mattias Wadenstein (NeIC)16/06/2026, 10:00Talks and presentations
Welcome from the organizers and practical matters
Go to contribution page -
16/06/2026, 13:00Talks and presentations
Mobile devices are everywhere in the enterprise—but they are still frequently out of scope for security testing. That blind spot creates real risk.
Modern mobile platforms introduce a wide range of attack surfaces, from phishing and malicious applications to vulnerabilities that allow silent device compromise. Once compromised, mobile devices can act as pivot points into internal networks...
Go to contribution page -
16/06/2026, 13:45Talks and presentations
Overview
The concept of “data bouncing” via a third-party web server provides an extremely stealthy method of bypassing traditional network safeguards. By directing web requests to certain domains that process hostnames in headers, you can relay small pieces of data to your DNS listener, allowing you to collect and reconstruct data, be it strings, files, or any other type of...
Go to contribution page -
16/06/2026, 15:00Talks and presentations
In any cyber attack, adversaries must maintain a presence within the target environment to achieve their objectives. Whether aiming to disrupt critical infrastructure, spy on and extract data from industrial or intellectual targets, or execute a ransomware operation, sustained access is crucial.
Persistence provides stable access, enabling adversaries to better explore, move laterally,...
Go to contribution page -
16/06/2026, 16:00Talks and presentations
App Control is the latest Microsoft solution to determine what application are allowed to run on Windows 11. To increase the security, it is possible to create signed policies that even should prevent administrators from changing the policies.
Go to contribution page
One day, Microsoft introduced Managed Installer to simplify installation and updating of App Control rules - gues what: It allows to completely bypass... -
17/06/2026, 09:00Talks and presentations
Software supply chain attacks are increasing in frequency and impact—but how concerned should we really be, and what can we do about it?
To deploy software rapidly and safely, organizations must ensure their software is trustworthy, compliant, and secure. In this session, you’ll learn how a shift-left security approach introduces security checks and guardrails at every stage of the software...
Go to contribution page -
17/06/2026, 09:45Talks and presentations
The decision of which remote computers you can trust and which you can’t is hard. You probably think that you can trust a machine that you’ve just done a fresh install upon, but when that machine leaves your physical control and is shipped off somewhere in the world, has it then left your trust boundary and is completely untrusted? How can you know it’s the same machine, running the same...
Go to contribution page -
17/06/2026, 11:00Talks and presentations
The current landscape of Linux process injection is dominated by aging techniques that are increasingly visible to modern Endpoint Detection and Response (EDR) systems. While tools leveraging LD_PRELOAD or basic shellcode injection remain functional, they often fall victim to heuristic scanners that flag predictable memory allocation patterns and standard C library calls. This presentation...
Go to contribution page
Choose timezone
Your profile timezone: