{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2024.3.1"}, "schedule": {"url": "https://program.wiccon.nl/wiccon-2025/schedule/", "version": "0.4", "base_url": "https://program.wiccon.nl", "conference": {"acronym": "wiccon-2025", "title": "WICCON 2025", "start": "2025-10-30", "end": "2025-10-31", "daysCount": 2, "timeslot_duration": "00:05", "time_zone_name": "Europe/Amsterdam", "colors": {"primary": "#000000"}, "rooms": [{"name": "Main Stage", "guid": "7539b1b7-1ec9-51a4-9e46-6d6301d9ad18", "description": null, "capacity": null}, {"name": "Workshop", "guid": "369a5adc-f7df-59fa-80ee-06a17c690b0a", "description": null, "capacity": 50}], "tracks": [{"name": "Talks", "color": "#4F1473"}, {"name": "Workshops", "color": "#9C0000"}], "days": [{"index": 1, "date": "2025-10-30", "day_start": "2025-10-30T04:00:00+01:00", "day_end": "2025-10-31T03:59:00+01:00", "rooms": {"Main Stage": [{"url": "https://program.wiccon.nl/wiccon-2025/talk/9HWMXF/", "id": 172, "guid": "b365f886-6f68-5a8a-a8ef-259c200df80c", "date": "2025-10-30T10:00:00+01:00", "start": "10:00", "logo": null, "duration": "00:15", "room": "Main Stage", "slug": "wiccon-2025-172-opening", "title": "Opening", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "The opening of WICCON by the amazing Jaimy Thepass!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "3730d826-e8ac-5bf1-9475-604c894a6128", "id": 44, "code": "Z7CCCN", "public_name": "Jaimy Thepass", "avatar": "https://program.wiccon.nl/media/avatars/1718334399376_njszvZz.jpeg", "biography": "Jaimy Thepass is a cybersecurity leader with a background in the Dutch Army and a strong focus on strategy and people development. With over 17 years of experience in leadership, defense, and cyber operations, she has a clear view on where leadership needs to evolve in response to the diversity of people and the complexity of the world we live in. Jaimy combines a practical, no-nonsense mindset with a deep interest in how people grow, both in tech and in life.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/WYU8VM/", "id": 159, "guid": "1f10b6fc-2d5c-529c-92e1-562dbc45bc17", "date": "2025-10-30T10:15:00+01:00", "start": "10:15", "logo": null, "duration": "00:45", "room": "Main Stage", "slug": "wiccon-2025-159-the-awareness-trap-why-security-awareness-training-often-fails-and-what-to-do-instead", "title": "The Awareness Trap: Why security awareness training often fails \u2013 and what to do instead", "subtitle": "", "track": "Talks", "type": "Talk 45 minutes", "language": "en", "abstract": "Cybersecurity training often assumes that awareness leads to action. But despite years of phishing simulations and mandatory e-learnings, 95% of cyberincidents can be traced back to human error. Drawing from behavioral science and real-world examples, this talk reveals why knowledge alone rarely changes behavior. We\u2019ll challenge the common assumption that people act rationally when they\u2019re informed and aware, and show the audience how a more realistic model of decision-making opens the door to smarter, more effective interventions. Because in cybersecurity, what people do matters more than what they know.", "description": "Cybersecurity professionals have poured lots of time, money, energy (and hopes and dreams) into awareness campaigns. We roll out some phishing simulations, add e-learnings to our colleagues\u2019 to-do lists, and organize the occasional escape room hoping to at least make the mandatory topic of security a bit more fun.\r\n\r\nAnd yet, 95% of cyberincidents can be traced back to human error [1]. We still click. We still use weak passwords. We still ignore or delay updates. At the end of the day, it\u2019s still people \u2013 like you and me \u2013 using those digital systems. Which is exactly why human behavior plays such an important role in cybersecurity. \r\n\r\nMany security initiatives are built on a faulty assumption: that people behave rationally when informed. Surely, if someone knows that clicking a phishing link can bring the whole organization to its knees, they will make sure to avoid that\u2026 right? \r\n\r\nBut research tells us otherwise. Under time pressure and cognitive load, people often rely on quick, intuitive decisions (what psychologists call \u2018System 1\u2019 thinking), rather than slow, analytical reasoning (\u2018System 2\u2019) [2]. It\u2019s quick, but prone to mistakes. That\u2019s why even well-informed employees can make risky choices in a rush to meet all their deadlines.\r\n\r\nBehavioral science teaches us that knowing \u2260 doing. It gives us the tools to take a look inside the real drivers of human behavior in cybersecurity. Hint: it\u2019s not just about awareness. Decades of research from fields like behavioral economics, cognitive psychology, and usability studies have shown that our behavior is far more driven more by our context than by conscious deliberation. \r\n\r\nExternal factors, like time constraints, attention overload, social norms, and default settings influence behavior, often without us even realizing it. And when people are juggling tasks, they don\u2019t act not based on what they know, but on what\u2019s easiest, fastest, or helps them get their work done in the moment. [3]\r\n\r\nThat\u2019s why your colleagues reuse the same weak password across accounts. Not because they think it\u2019s safe, but because they\u2019re using 20 different tools, the password manager is confusing and adds extra steps, and they just need to get through their work in time. In that moment, they\u2019re way more likely to pick what\u2019s easiest, even if it\u2019s less secure. \r\n\r\nSo sure, an escape room can be a fun way to raise the topic of awareness. And sure, awareness may be top of mind during it, or shortly thereafter, but it is not a \u2018constant\u2019 state of mind. It tends to fade over time, gradually pushed aside by daily routines and competing priorities. When was the last time you fired off some last emails at the end of the day before rushing out to pick up your kids from school? In that split second, awareness isn\u2019t what\u2019s top of mind \u2013 convenience is. And that\u2019s when mistakes happen.\r\n\r\nMany organizations still operate from what behavioral scientists call the \u2018rational human model\u2019: the idea that if we explain the risk, people will adjust. But this model just doesn\u2019t match how we humans actually behave. It\u2019s the reason why many traditional security awareness programs fall flat, and why it\u2019s time for a new approach.\r\n\r\nThis talk reframes the human factor in cybersecurity from an awareness challenge, to a behavioral one. Instead of doubling down on training modules and phishing tests, we\u2019ll explore how habits form, how environments shape decisions, and how behaviorally informed design changes can reduce risk more effectively than yet another \u201cdeath by PowerPoint\u201d.\r\n\r\nBy the end of this session, the audience will walk away with:\r\n* An understanding of why awareness alone rarely leads to behavior change;\r\n* A more realistic model of human decision-making to design interventions that actually change behavior \u2013 and not just tick compliance boxes;\r\n* A behavior-first lens to help them rethink their campaigns, metrics, and prevention initiatives \u2013 saving time and by avoiding ineffective awareness campaigns.\r\n\r\nA more realistic model of decision-making opens the door to smarter, more effective interventions that align with how people actually behave. It shifts the focus beyond tracking how many people click on phishing links, toward designing environments that support meaningful and measurable behavior change. Because in cybersecurity, success shouldn\u2019t be measured by how much people know or how aware they are, but by what they do when it matters most. \r\n\r\nRealism eats rationalism for breakfast ;)\r\n\r\nReferences\r\n[1] IBM Cyber Security Intelligence Index Report (2021)\r\n[2] Kahneman, D. (2011). Thinking, Fast and Slow. London: Penguin Books.\r\n[3] Bounded Rationality. Simon, H. A. (1955). A behavioral model of rational choice. The Quarterly Journal of Economics, 69(1), 99-118. https://doi.org/10.2307/1884852", "recording_license": "", "do_not_record": false, "persons": [{"guid": "876e282e-52fb-5687-818a-1bde3c277fe0", "id": 156, "code": "E3M8TL", "public_name": "Roos van Duijnhoven", "avatar": "https://program.wiccon.nl/media/avatars/E3M8TL_gxzERqk.jpg", "biography": "With a background in social and neuropsychology, Roos helps organizations work through the complex puzzle of human behavior. She has addressed behavioral challenges in cybercrime, digital safety, and financial decision-making, and previously founded an international collective applying behavioral insights to digital product design.\r\nNow partnering with BehaviorBirds, she strengthens the human side of cybersecurity by designing solutions that work with how people think and act. Known for her drive, charisma, and expertise in behavioral change, she translates complex science into clear, actionable strategies that resonate with any audience.", "answers": []}, {"guid": "252fe3e2-bfef-50cb-af4b-fd3fa9a6e0c5", "id": 159, "code": "CAH97Z", "public_name": "T\u00fcnde van Hoek", "avatar": "https://program.wiccon.nl/media/avatars/CAH97Z_hGSWixb.jpg", "biography": "For nearly a decade, T\u00fcnde has been helping ministries and large organizations tackle their toughest behavioral challenges. From nationwide campaigns to subtle workplace interventions, she knows how to translate behavioral science into practical strategies that change human behavior. In recent years, she has focused her expertise on cybersecurity, founding BehaviorBirds to move the field beyond its obsession with what she calls \u201cthe A-word\u201d (aka, awareness). She combines scientific research with actionable design, starting from a simple truth: you can\u2019t change behavior without first understanding it. Known for her spontaneous, high-energy presence and keen scientific eye, T\u00fcnde brings both insight and enthusiasm to every stage she steps on.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/YQ9KUL/", "id": 145, "guid": "e0a1e8b3-3ee6-5d66-8730-3d9db28eafbe", "date": "2025-10-30T11:00:00+01:00", "start": "11:00", "logo": null, "duration": "01:00", "room": "Main Stage", "slug": "wiccon-2025-145-azure-devops-privilege-escalation-pipeline-shenanigans", "title": "Azure DevOps privilege escalation: Pipeline shenanigans", "subtitle": "", "track": "Talks", "type": "Talk 60 minutes", "language": "en", "abstract": "CI/CD pipelines are the standard way of deploying not just applications but infrastructure as well. To do all that, they usually have some juicy privileges. Privileges that I want. \r\nIn this talk we're going to have a look at Azure DevOps pipelines, their permission settings, and all the ways in which you think you may have secured your pipeline that actually aren't watertight. With live demos (fingers crossed!) to show every problem and every fix.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "681fe17e-32fd-5dea-9734-fd3608a7f5e6", "id": 139, "code": "KZ8MFH", "public_name": "Anniek van der Peijl", "avatar": "https://program.wiccon.nl/media/avatars/KZ8MFH_BBLjrJ7.jpg", "biography": "Anniek is a security tester and general devsecops nerd.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/RCUA3A/", "id": 153, "guid": "4a432463-6c3f-5123-ad20-ae496e90c19e", "date": "2025-10-30T12:00:00+01:00", "start": "12:00", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-153-breaking-in-a-journey-through-the-cybersecurity-hiring-maze", "title": "Breaking in: a journey through the cybersecurity hiring maze", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "What does it really take to enter the cybersecurity field, especially as an outsider? In this talk, I share my journey from Quality Assurance and account management into the world of ethical hacking and beyond. I discovered that getting in isn\u2019t just about skill, but about navigating an ecosystem not designed for newcomers. Along the way, I learned what helped, what didn\u2019t, and how the industry can better support motivated people trying to join. Whether you're hiring, mentoring, or just starting out, this talk offers a real-world look at the gap between open roles and accessible entry points.", "description": "The cybersecurity industry is sounding the alarm about talent shortages, but what is it really like to enter the field from the outside?\r\n\r\nIn this talk, I share my personal journey into cybersecurity, beginning with a background in Quality Assurance and Account Management. Motivated by the parallels I saw between testing, monitoring, risk analysis, and cybersecurity, I decided to pursue a path in ethical hacking. I gained the Certified Ethical Hacker certification and focused my full energy on transitioning into the field.\r\nThen I ran into barrier after barrier\u2026\r\n\r\nThis talk gives an unfiltered yet constructive look at the reality many aspiring professionals face when trying to enter cybersecurity. I\u2019ll share real examples of job descriptions, feedback I received, confusing certification expectations, and the impact of both helpful and dismissive responses.\r\n\r\nWhether you're a company looking for new talent, a mentor, or a fellow newcomer to the world of cybersecurity, there\u2019s something in this story for you.\r\n\r\nKey Takeaways:\r\n- Differentiate between competences and branch specific knowledge, to pinpoint which\r\nexperience is really needed to be gained within a cybersecurity job\r\n- When considering a move into cybersecurity: talk first, certify second\r\n- What organisations can do to help newcomers enter their business\r\n- Why asking for certifications when needed is fine, but \"certification spraying\" can be counterproductive", "recording_license": "", "do_not_record": false, "persons": [{"guid": "88d76e6d-72af-5230-ab11-6d0dd471d485", "id": 148, "code": "MNZVSM", "public_name": "Lianne Klaver", "avatar": "https://program.wiccon.nl/media/avatars/MNZVSM_OKzSEvO.jpg", "biography": "Lianne Klaver is (spoiler alert!) now a Security Engineer at Sogeti. With over nine years in tech as a QA professional and Certified Ethical Hacker, she brings curiosity, a hands-on mindset, and a human touch to cybersecurity.\r\nLianne is passionate about making security engaging and accessible especially when sharing her journey.\r\nShe lives in Utrecht with her family and recharges through trail running, traveling, and connecting at festivals and events.\r\nGet ready for a story that\u2019s as insightful as it is energizing!", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/PF9D8K/", "id": 135, "guid": "510f7c7a-ec07-56e0-a1b0-3fb0f271c73b", "date": "2025-10-30T12:30:00+01:00", "start": "12:30", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-135-embedded-ai-evolving-attack-surface-and-ways-to-defend-them", "title": "Embedded AI - Evolving attack surface and ways to defend them", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "The rapid adoption of embedded AI in products and infrastructure has created powerful new capabilities\u2014alongside a dramatically expanded attack surface for cyber adversaries. Recent incidents have shown how vulnerabilities such as adversarial inputs, data poisoning, and insecure APIs can be exploited to compromise AI-driven systems. \r\nThis talk will break down the unique risks introduced by embedded AI, illustrated with real-world breach examples and attacker techniques. Attendees will learn a practical, actionable defense framework, including AI-specific threat modeling, secure development practices, and continuous monitoring. The session will equip security professionals with the insights and strategies needed to proactively defend against the next generation of AI-powered threats.", "description": "The rapid integration of embedded AI into products and critical infrastructure is transforming digital capabilities\u2014but it is also dramatically expanding the attack surface for adversaries. In 2025, organisations are facing a surge in sophisticated threats that specifically target AI-powered components, from adversarial inputs and data poisoning to prompt injection and insecure APIs. Recent high-profile incidents, such as critical remote code execution vulnerabilities in AI developer tools and authentication bypasses in AI platforms, have demonstrated how attackers can exploit these new vectors to gain unauthorised access, steal data, or deploy botnets at scale.\r\nThis talk will:\r\n\t\u2022\tDeconstruct the unique vulnerabilities introduced by embedded AI, including adversarial attacks, data poisoning, model inversion, and exploitation of non-human identities and insecure endpoints.\r\n\t\u2022\tAnalyze recent real-world breaches\u2014such as the exploitation of Anthropic\u2019s MCP Inspector and Langflow AI servers\u2014to illustrate how attackers are leveraging these weaknesses for remote code execution, lateral movement, and DDoS attacks.\r\n\t\u2022\tOutline a practical defense framework for organizations, covering:\r\n\t\u2022\tAI-specific threat modeling and red teaming\r\n\t\u2022\tSecure development and deployment practices\r\n\t\u2022\tContinuous monitoring for behavioral anomalies and data integrity\r\n\t\u2022\tRobust authentication and segmentation controls for AI APIs and endpoints\r\n\t\u2022\tHighlight actionable strategies for defenders, such as adopting behavioral biometrics, implementing anomaly detection for embedded AI, and developing incident response playbooks tailored to AI-driven threats.\r\nKey Takeaways:\r\nRecognize the evolving risks of embedded AI,\r\nunderstand the latest attacker techniques, \r\nexplore preventive controls to secure their organizations against this new generation of threats.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "aff5924d-e9c3-5439-bd33-d43c6cb7cbf0", "id": 130, "code": "CHPHFD", "public_name": "Prithvi Bhat", "avatar": "https://program.wiccon.nl/media/avatars/CHPHFD_D2YSCJQ.jpeg", "biography": "Prithvi is a Senior Manager at PwC Netherlands with over 13 years of experience in cybersecurity consulting. She has developed deep, hands-on expertise in cybersecurity services, particularly within security operations centers (SOC). In past few years she has also supported organizations in defining and building broader long-term security strategies and achieving optimization across their environments. Currently, she leads Security Operations (SecOps) for PwC NL, driving innovative solutions and resilient security practices for clients in diverse industries. An avid reader and traveler, she is passionate about public speaking and sharing her knowledge with the cybersecurity community. Outside of work, she is embracing adventures as a new mother.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/HTG7HX/", "id": 125, "guid": "35b1f57f-6f14-59a3-bd82-84516570914a", "date": "2025-10-30T14:00:00+01:00", "start": "14:00", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-125-hooray-i-failed-", "title": "Hooray, I failed!", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "I always tell my students: \"Failure is fun! We learn, when things fail!\" ... so why do I feel so shitty right now?\r\n\r\nTess talks us through channeling moments of failure and \"imposter syndrome\", into moments of introspection and learning.", "description": "Every one of us will have moments in life where things end up in confusion or frustration. Relationships, family life and a plain fact of daily life: our jobs. \r\n\r\nA few times in her life, Tess has struggled through the questions \"Is this really what I want? Am I really the right person for this job? Am I really not some fraud, fooling everyone?\" Each of those times, it took a lot of time and soul searching to find the answers. \r\n\r\nFiguring things out like:\r\n\r\n* Why Tess left IT ... and came back.\r\n* Why Tess is not fulfilling her long-lived dream of employing juniors.\r\n* How she failed OSCP ... and some day she'll be okay with that.\r\n* How she might not be doing what she wants to... and how she copes with that.\r\n\r\nTess would love to share with you some of the tools and techniques she's applied over the years, to get to some of the hard truths she had to deal with. Mind mapping and associative thinking, the \"Mindy\"-method and even tarot. No spooky esoterica, just another great way of asking yourself questions. \r\n\r\nAn open and heartfelt talk from someone with 25 years of professional experience, hoping to make life a little easier for her juniors.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "682da32f-406a-5241-bc94-98afeab0c537", "id": 19, "code": "ZX9NMA", "public_name": "Tess Sluijter-Stek", "avatar": "https://program.wiccon.nl/media/avatars/1588739609601_r1HZJvN.jpeg", "biography": "Tess Sluijter-Stek often describes herself as \"a Jill-of-all-trades, but master of none\", as \"eternal newbie\" and as \"nerd-for-hire\". She contracts as consultant for Unixerius and she teaches Linux and DevSecOps at ITVitae.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/XQRSJV/", "id": 150, "guid": "f6f3d0fe-acbb-5c74-81d2-908ad5e3081d", "date": "2025-10-30T14:30:00+01:00", "start": "14:30", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-150-adversarial-robustness-of-ml-based-malware-classifiers", "title": "Adversarial robustness of ML-based malware classifiers", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "As machine learning becomes a core component in malware detection, new risks emerge from adversarial manipulation. This talk explores how ML-based malware classifiers respond to targeted feature modifications. In order to experimentally assess their robustness, several models were trained to classify malicious and benign files and then tested with adversarially altered samples. The presentation focuses on data preparation, attack simulation, and a comparative analysis of model robustness under adversarial conditions.", "description": "This talk presents a technical exploration of adversarial robustness in machine learning-based malware detection systems. The research is grounded on the EMBER dataset, one of the largest publicly available datasets for static malware analysis, containing raw features and labels for over 3.2 million malicious and benign samples spanning six file types: Win32, Win64, .NET, APK, ELF, and PDF.\r\nThe first phase involved analyzing the dataset to identify which features are most relevant for binary classification of malware. After feature selection and preprocessing, multiple machine learning models (e.g., Random Forest, Gradient Boosting, and Neural Networks) were trained on a representative sample subset to distinguish between malicious and benign files. These trained models were saved for further testing.\r\nIn the second phase, adversarial attacks were simulated by modifying key input features in the test samples \u2014 without altering the functional structure of the binaries \u2014 to observe how the predictions of each saved model changed. This process helped evaluate the models\u2019 resilience to feature manipulation and adversarial evasion.\r\nThe presentation will detail the full pipeline: from dataset preparation and feature engineering, through model training, to adversarial evaluation. It concludes with a comparative analysis of each classifier\u2019s robustness under attack, identifying which algorithms offer the highest resistance and reliability in adversarial scenarios. This work contributes to understanding how secure and dependable current ML-based malware detection methods are when faced with intelligent manipulation attempts.", "recording_license": "", "do_not_record": true, "persons": [{"guid": "41938519-b652-529f-b63b-38fb8a1c70b3", "id": 144, "code": "AY9KBQ", "public_name": "Deleted User", "avatar": null, "biography": "", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/M8DCYP/", "id": 164, "guid": "3b5bbd88-ec31-5e23-bf2b-148cdfda1d59", "date": "2025-10-30T15:00:00+01:00", "start": "15:00", "logo": "https://program.wiccon.nl/media/wiccon-2025/submissions/M8DCYP/Foto_Wiccon_DAwQMOL.jpg", "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-164-the-human-firewall-how-soft-skills-became-my-strongest-tool", "title": "The Human Firewall: How Soft Skills Became My Strongest Tool", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "In this talk, I share my personal journey, starting with studying law and competing in top-level sports, and eventually building a career in cybersecurity. Without a technical background, I\u2019ve carved out a successful path by leaning into my strongest assets: communication, empathy, and adaptability. These soft skills have helped me translate complex policies into clear, human-centered actions, coach stakeholders with patience and clarity, and build trust across all levels of an organization.", "description": "Cybersecurity is often seen as a technical domain, but the human factor is what truly makes the difference. Drawing from my experience in the GRC domain, I\u2019ll explore how awareness can shift security from being just a policy to becoming part of an organization\u2019s culture. I\u2019ll share how I transitioned from SOC analyst to Security Consultant, and how working with a government agency, where technical knowledge is limited and change is often met with resistance, taught me the importance of making security relatable and actionable.\r\n\r\nThis talk is not a technical deep dive. It\u2019s a story about the power of soft skills and the human side of cyber. When people feel involved and informed, security becomes part of their mindset rather than just a checkbox. Trust, connection, and collaboration are the real drivers of lasting security, and that\u2019s where the true strength of soft skills lies.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "483e3e12-65db-53c0-8231-6e9ebc4de6f7", "id": 160, "code": "KZ9ZAK", "public_name": "Rami\u00eblla Ramos", "avatar": "https://program.wiccon.nl/media/avatars/KZ9ZAK_2MihzRn.jpg", "biography": "My name is Rami\u00eblla Ramos, a Security Consultant with a background in law and criminology. After starting my career in the legal field, I transitioned into cybersecurity, where I now specialize in the GRC domain focusing on risk management, security awareness and implementing frameworks such as BIO 2.0 and NIS2 to help clients meet compliance and resilience goals. I\u2019ve worked with both public and private sector clients, including the Ministry of Justice and Security, combining technical expertise with strong communication and advisory skills. My experience as a top-level athlete has shaped me into a resilient, goal-driven team player. I\u2019m passionate about making the field more inclusive and accessible for women and young professionals.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/QBVLC9/", "id": 142, "guid": "231daaff-1a22-5fc5-b2f5-b17866435a26", "date": "2025-10-30T15:30:00+01:00", "start": "15:30", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-142-crack-communicate-change-turning-password-failures-into-security-wins", "title": "Crack, communicate, change: turning password failures into security wins", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "Have you ever encountered some hashes in a pen-test, cracked them only to find the results to be anywhere from \u201cnot great\u201d to \u201cdownright depressing\u201d? We have, and it encouraged us to implement monthly password cracking cycles. We use the results as a driving force to change behaviour around password usage. This talk will not be a technical deep dive on password cracking; rather, it will focus on how to use the results to get people to change their password behaviour. I will share the approaches we tried at Mediahuis: why quite a few didn\u2019t work, which approaches did work, and some of the obstacles we\u2019ve encountered along the way.", "description": "In 2018, a pen-test revealed that almost 40% of Mediahuis Nederland hashes were easy to crack. We had previously run several generic awareness campaigns around strong password usage, but these had limited effect. Knowing the results weren\u2019t great and that generic campaigns have limited impact, we wanted to make colleagues aware if they were using a weak password, and that they should change it, while also making it so that the security team don\u2019t see their passwords.\r\nWe built a program for monthly password cracking (or password strength testing, as it is called within Mediahuis). We obtained buy in from board and workers council and started the testing cycles. I will share some brief information on our testing set-up, this will not be a deep dive since there are already many clear write-ups on how to crack passwords. I will also share how we developed our testing criteria. \r\n\r\nBut testing alone will change nothing. So, we developed a communication strategy to get our colleagues to change their password behaviour. Mediahuis has entities in 5 different countries, and we have needed to adapt our communication strategy to fit local cultures. Along the way we have tried various different approaches, and I will share what, in our experience, are the advantages and disadvantages of the options we\u2019ve tried. We have encountered obstacles and resistance to change during this project, and I will share what we\u2019ve encountered and how we dealt with it. Currently Mediahuis is down to a maximum of 1% of easily crackable passwords across all entities, with most entities being at 0 weak passwords.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "74631710-eaac-5941-aed8-54639a7ccb3b", "id": 136, "code": "D9SRYY", "public_name": "Nynke Damstra", "avatar": "https://program.wiccon.nl/media/avatars/D9SRYY_DaXpiGs.jpg", "biography": "Nynke is a technical information security officer at Mediahuis with 7 years of experience in information security, including 5 years with Mediahuis. Nynke has been focused on both technical security implementation and security awareness during her time at Mediahuis.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/SXGLZN/", "id": 167, "guid": "90d22584-7339-59f5-92f9-923dc24d182b", "date": "2025-10-30T16:30:00+01:00", "start": "16:30", "logo": null, "duration": "00:45", "room": "Main Stage", "slug": "wiccon-2025-167-nightmare-on-ntlm-street-legacy-s-revenge", "title": "Nightmare on NTLM Street: Legacy's Revenge", "subtitle": "", "track": "Talks", "type": "Talk 45 minutes", "language": "en", "abstract": "We know the world runs on legacy. We know it\u2019s not supposed to. But when vendors or LinkedInfluencers command us to phase out old systems and protocols, it sometimes seems like their expectation-versus-reality connection is faulty. \r\n\r\nThis talk will walk you through the ~adventure~ of disabling a recently-deprecated Microsoft authentication protocol with numerous security problems: NTLM. Microsoft introduced NT Lan Manager in 1993 as a replacement for LANMAN, born in 1987. Just seven years later, they announced Kerberos as the default replacement for NTLM and instructed companies to stop using it. No one did. Then, in June 2024, Microsoft announced the deprecation of the entire NTLM authentication protocol family, and even removed older versions from newer OS versions. \r\n\r\nHaving completed this project in the IT environment of a mid-sized enterprise, this presentation will discuss resources and lessons learned that could help get the job done elsewhere. It will also illustrate to those outside the field why IT and cybersecurity are critical business functions, not cost centers.\r\n\r\nFor decision-makers, this is an opportunity to better understand the struggles of on-the-ground IT and security teams trying to bring outdated systems in line with industry standards. For IT and information security peers, this presentation will share valuable resources and \u201clessons learned\u201d for successfully phasing out NTLM (and similar thorns-in-sides) within their own organizations.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "58b78b18-8013-5863-8dd6-67ec5c741f02", "id": 161, "code": "HWD77Y", "public_name": "Marina Bochenkova", "avatar": "https://program.wiccon.nl/media/avatars/HWD77Y_CuNX1eX.jpg", "biography": "Marina wears many hats as a cybersecurity analyst focusing on digital forensics, incident response, and OT security, while also dabbling in security awareness and culture. She combines a passion for protecting people, a strong belief in digital privacy as a human right, and an overly-enthusiastic approach to problem-solving. When not defending digital spaces, Marina actively nurtures her already-unhealthy obsession with cats and resorts to baking or martial arts when desperate.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/YGBUF7/", "id": 128, "guid": "2cf56313-de58-568b-be25-ebb3baff3745", "date": "2025-10-30T17:15:00+01:00", "start": "17:15", "logo": null, "duration": "00:45", "room": "Main Stage", "slug": "wiccon-2025-128-how-to-make-cybersecurity-sexy-get-the-board-on-board", "title": "How to Make Cybersecurity Sexy - Get the Board on Board", "subtitle": "", "track": "Talks", "type": "Talk 45 minutes", "language": "en", "abstract": "Let\u2019s face it: cybersecurity is not sexy. Not to boards, anyway. It\u2019s often seen as dull, technical, and best left to IT - until a breach happens. You don't get media coverage for a well-run cyber drill, but you will make headlines when things go wrong. In this talk, Mirjam van Delft - Kaijser reveals how to flip the script, how to grab board-level attention and get them to take ownership. Using real-world stories and her RISICO method, she'll show you how to speak their language, frame the urgency, and make cybersecurity impossible to ignore. If you've ever struggled to get buy-in from the top, this is the talk you've been waiting for.", "description": "Boards love visibility, strategy, and results. Cybersecurity often delivers none of that - until there\u2019s a crisis. That's why many executives often see security as a sunk cost. Important, but not urgent, and definitely not something that gets them noticed or praised. After all, no one posts a selfie from a cyber drill. So how do we get boards to pay attention before it\u2019s too late?\r\n\r\nIn this energetic and eye-opening session, Mirjam tackles one of the biggest challenges in cybersecurity: executive engagement. Mirjam unpacks why cybersecurity fails to land in boardrooms and what needs to shift in how we present it. Drawing on behavioral insights, public sector experience, and her own RISICO method, she lays out a practical approach to reframing cybersecurity as a leadership issue - not a technical one.\r\n\r\nYou'll learn:\r\n\r\n- Why traditional cybersecurity messaging falls flat at the top\r\n- How to reframe cybersecurity as a leadership and continuity issue\r\n- The RISICO method: a practical and powerful toolset for boards to assess, act, and lead\r\n- Communication tactics that resonate with non-technical decision-makers\r\n\r\nExpect sharp insights, a touch of humor, and  real-world examples. This talk is for CISOs, advisors, and IT leaders who want real traction with their board - and who are done begging for attention.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "93f6faaa-31c9-50a8-bc7b-7a99b27a9547", "id": 123, "code": "MRPVJL", "public_name": "Mirjam Kaijser", "avatar": "https://program.wiccon.nl/media/avatars/MRPVJL_6TZLpIf.jpg", "biography": "Mirjam Kaijser helps organizations cut through IT complexity and elevate cybersecurity to a leadership priority. With her RISICO method, she equips boards - particularly in the public sector - with practical tools to take ownership of information security. She firmly believes that cybersecurity is not a technical issue, but an organizational one, and communicates in clear, human language to make digital threats relatable and actionable. Known for her sharp insights and no-nonsense tone, Mirjam turns abstract risks into boardroom urgency. Her background as a public sector advisor, along with her active role in the Zeeland CISO network, makes her a trusted voice in strengthening digital resilience.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/898HYY/", "id": 127, "guid": "06b29a2c-0cc9-5fd5-b898-8374bee24fdc", "date": "2025-10-30T18:00:00+01:00", "start": "18:00", "logo": "https://program.wiccon.nl/media/wiccon-2025/submissions/898HYY/WHY2025_logo_true_black_gioOypS.png", "duration": "01:00", "room": "Main Stage", "slug": "wiccon-2025-127-we-ve-gathered-4000-hackers-on-a-field-and-here-s-what-happened-", "title": "We've gathered 4000 hackers on a field and here's what happened.", "subtitle": "", "track": "Talks", "type": "Talk 60 minutes", "language": "en", "abstract": "Last summer the 10th edition of the Dutch Hacker Camp took place in Geestmerambacht.\r\nHackers from all over the world came to this party of innovation and technology abd shared their knowledge.\r\nI was part of Team:Projectleiding and would love to share with you how it came to be and what the highlights were!", "description": "Dutch Hacker Camps are an important part of Dutch Hacker Culture. \r\nLast August, 4000 hackers gathered on a field and had serious hacker fun.\r\nLet me give you some insights on what happened..", "recording_license": "", "do_not_record": false, "persons": [{"guid": "763759cd-4796-52e9-9725-132740033531", "id": 109, "code": "B8L9XU", "public_name": "Nancy Beers", "avatar": "https://program.wiccon.nl/media/avatars/Nancy-Beers-qp7n7vv0a7oxsvjyqyeisljqjgfzmge5thyynsgazk_MYkZgpR.jpg", "biography": "Nancy Beers is a seasoned gamification expert, and the owner of Happy Game Changers. With over 25 years of experience in ICT, Nancy brings a wealth of knowledge and expertise to the table. As the co-chair of Stichting IFCAT, hacker and a passionate advocate for digital rights and freedoms, she is helping out in shaping the Dutch hacker community. Nancy is not only an international speaker but also an avid participant in various ICT events worldwide. She is known for her engaging talks on topics ranging from female leadership, Women in Tech, cybersecurity to gamification, captivating audiences with her insights and expertise. In addition to her speaking engagements, Nancy is deeply involved in the organization of WHY2025, the next big Dutch Hacker Camp. Her dedication to fostering collaboration, innovation, and exploration within the hacker community is evident in her role as a co organizer of this event. Beyond her professional endeavors, Nancy is an amateur social engineer, open source hippie and constantly seeking new ways to leverage technology for positive change. With her unique blend of technical skills and social insight, she continues to push the boundaries of what is possible in the world of hacking and beyond.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop": [{"url": "https://program.wiccon.nl/wiccon-2025/talk/DEFACR/", "id": 170, "guid": "dbd0ffea-5e63-5e72-a341-3c955dff3f28", "date": "2025-10-30T10:15:00+01:00", "start": "10:15", "logo": null, "duration": "02:45", "room": "Workshop", "slug": "wiccon-2025-170-the-ghost-in-the-machine-capture-the-flag-by-kpn", "title": "The Ghost in the Machine - Capture the Flag by KPN", "subtitle": "", "track": "Workshops", "type": "Workshop 120 minutes", "language": "en", "abstract": "October 2025. MyTelco, a global telecom giant, is under siege. Not by a known threat actor, but by something stranger...\r\n\r\nCalls drop, leaving behind eerie static whispers. Data packets vanish without a trace. Rogue signals disrupt critical systems. In the NOC, screens flicker with unreadable glyphs and error logs defy logic. Officially, it\u2019s a suspected cyberattack. Unofficially? Employees whisper of a digital poltergeist, something haunting the very heart of the network.\r\n\r\nYou are brought in as MyTelco\u2019s last hope.\r\n\r\nIn this session, step into the shoes of a senior security specialist tasked with investigating the unexplainable. You\u2019ll follow the forensic trail through ghost data, spectral code, and manipulated infrastructure. Is it a new breed of cyberweapon? An insider with a vendetta? Or is the network itself turning against its creators?\r\n\r\nExpect real-world tools, tactics, and a case study unlike any other.\r\nExpect the unexpected.\r\nThe network is alive. And it's angry.\r\n\r\nAnd if you exorcise the ghost in the network successfully? You might win a prize...\r\n\r\nNote: This CTF has limited capacity and is first come, first served. You will need a laptop to participate. Come in early to secure your spot in the ghost hunt.", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/JWSFEC/", "id": 147, "guid": "47b5e521-054a-52c0-823c-59f6e55bf6af", "date": "2025-10-30T14:00:00+01:00", "start": "14:00", "logo": null, "duration": "02:00", "room": "Workshop", "slug": "wiccon-2025-147-ghostbusters-reloaded-catching-a-tech-savvy-ghost-in-the-logs", "title": "Ghostbusters Reloaded: catching a tech-savvy ghost in the logs", "subtitle": "", "track": "Workshops", "type": "Workshop 120 minutes", "language": "en", "abstract": "In this Halloween-themed dataset, you will investigate a cyber incident inspired by a real world threat actor. Your goal? Finding out what happened and how, building a timeline, and collecting IOCs. All from the comfort of your browser, using Azure Data Explorer (ADX) and the Kusto Query Language (KQL).", "description": "Curious about the blue side of cybersecurity? Enjoying puzzles and detective games? Or needing some exposure to the Kusto Query Language?\r\n\r\nWelcome to this workshop that walks you through an incident-response type investigation!\r\n\r\nStarting off with a nugget of information, we will dive headfirst into the provided dataset on Azure Data Explorer. With carefully (or messily, I'm not one to judge) crafted KQL queries, we will trace the attacker's steps until we get the full picture, from reconnaissance to actions on objectives (yes, that's the Cyber Kill Chain).\r\n\r\nDon't forget to take notes! At the end of the session, we will draw up a timeline of events and compile some IOCs in a table, two elements that are important in a report. \r\n\r\nWorried about KQL being a new \"language\"? I will start off the session with a short intro and will provide you with a \"cheatsheet\" to help you along the way.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "a2eff3ef-8db8-5ffe-968e-c850051b2736", "id": 141, "code": "8LUQ7K", "public_name": "Kellamity", "avatar": "https://program.wiccon.nl/media/avatars/8LUQ7K_CqkgMIh.jpg", "biography": "Kellamity is a volunteer Threat Intel Content Lead at KC7. This free platform teaches concepts of incident response and threat hunting in a gamified way to everyone, from school students to career changers.\r\n\r\nFrom a literature and languages background, they started playing --quite obsessively-- on KC7 at the beginning of 2024, and after making it quickly to the top of the leaderboard and helping others over on Discord, they were offered to join the team. Which they quickly accepted, because giving back to the community is great, and creating new scenarios is fun!", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/3MFK7E/", "id": 160, "guid": "f0d90edb-75ec-53bb-8498-afd03881cbe3", "date": "2025-10-30T16:30:00+01:00", "start": "16:30", "logo": null, "duration": "01:00", "room": "Workshop", "slug": "wiccon-2025-160-persuasion-in-practice-social-engineering-workshop", "title": "Persuasion in Practice: Social Engineering Workshop", "subtitle": "", "track": "Workshops", "type": "Workshop 60 minutes", "language": "en", "abstract": "What technique do cyber criminals use to persuade people to click a link, download malware or bypass procedures? In this workshop we explore Cialdini's seven ways to influence other people\u2019s behavior and decision making, and how cyber criminals use them to their advantage.\r\n\r\nParticipants are divided into two groups, each receiving their own mission. They have 10 minutes to prepare their strategy. Can they social engineer the other person to get to their goal? \r\n\r\nComputers or other digital tools are not necessary for this workshop!", "description": "In this workshop we dive into the seven ways to influence people's behavior, explained with examples from the world of cyber crime. The best way to defend yourself against social engineering attacks it to know the mechanics. In this workshop you'll practice the science of persuasion and get ahead of the game. \r\n\r\nParticipants are divided into two groups, each receiving their own mission. They have 10 minutes to prepare their strategy. Can they social engineer others to get to their goal? \r\n\r\nComputers or other digital tools are not necessary for this workshop!", "recording_license": "", "do_not_record": false, "persons": [{"guid": "8a5d01ce-0789-5881-ade3-7eb421f58823", "id": 62, "code": "8TPDRT", "public_name": "Helma de Boer", "avatar": "https://program.wiccon.nl/media/avatars/8TPDRT_8Xl4tMW.jpg", "biography": "Helma is a privacy and security professional, currently working as Lead Privacy Expertise Center with SURF, the ICT cooperation for education and research. Before this role she was Information Security Officer at SURF. Early in her career, she worked as a legal assistant. She taught herself programming in the 1990s and built many websites and databases for SMEs. She is certified DPO, Information Privacy Technologist (CIPT) and CISM and she has a bachelor in education.", "answers": []}, {"guid": "c3fb149e-73e5-5a90-81ac-10802158c9ba", "id": 157, "code": "BAHYEN", "public_name": "Rosanne Pouw", "avatar": "https://program.wiccon.nl/media/avatars/BAHYEN_lxMIfpE.jpg", "biography": "Rosanne started her career in cyber security as an Information Security Officer and Privacy Officer. Since 2022 she found her calling as a cyber security awareness professional. Blending her knowledge of human behavior with the increasing need to address awareness and training in organizations. She supports research and education institutions with an awareness toolkit and community for awareness professionals. She has a MSc in Social Psychology and is CISSP certified.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}, {"index": 2, "date": "2025-10-31", "day_start": "2025-10-31T04:00:00+01:00", "day_end": "2025-11-01T03:59:00+01:00", "rooms": {"Main Stage": [{"url": "https://program.wiccon.nl/wiccon-2025/talk/MWZ9LU/", "id": 154, "guid": "f9a6a057-07b2-522e-9ea3-55a18b01905d", "date": "2025-10-31T10:00:00+01:00", "start": "10:00", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-154-how-we-handled-a-major-increase-in-our-threat-landscape", "title": "How we handled a major increase in our threat landscape", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "In May of 2024 an announcement was made: The NATO Summit of 2025 would take place at The Hague. Little did we know about what that would mean for our organization and for our city. In this talk, Lilian will talk you through our security preparation and our efforts during those two days of the summit.", "description": "Ofcourse we can only disclose information labeled TLP:GREEN by our partners, and our own information and experiences on how we handled 1) preparing and 2) the Summit taking place. For part 1 (preparations) I will share how we handled our increased threat landscape (with a threat assessment), how we defined our security measures using a threat assessment and how we prepared our organization with cybercrisis exercises. For part 2 (the Summit itself) I will share our experiences from the eyes of the information coordinator role in the cyber backoffice. I will only share our goal, roles and collaborations. \r\nI\u2019ll end with the remaining question: and now what?", "recording_license": "", "do_not_record": true, "persons": [{"guid": "ac0b7334-0915-5180-a391-a6fad0f5f1d4", "id": 149, "code": "E8LDVJ", "public_name": "Lilian Knippenberg", "avatar": "https://program.wiccon.nl/media/avatars/E8LDVJ_rb3NFDd.jpg", "biography": "Lilian Knippenberg works as the CISO for the municipality of The Hague. Being the third biggest city in the Netherlands, The Hague is known as the city of Peace & Justice. Lilian is an experienced information security advisor, dedicated to enhancing digital security (and compliance). With a strong background in advising on security policies and best practices, Lilian collaborates closely with colleagues and leadership to ensure effective communication and implementation of security measures.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/SZQSTK/", "id": 162, "guid": "452728b4-76b4-5707-9fc5-11a005f87d8c", "date": "2025-10-31T10:30:00+01:00", "start": "10:30", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-162-beyond-compliance-rethinking-legal-accountability-in-cybersecurity", "title": "Beyond Compliance: Rethinking Legal Accountability in Cybersecurity", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "This talk explores the growing divide between cybersecurity compliance and actual legal accountability in the EU regulatory landscape. Through the lens of GDPR, NIS2, and DORA, the session examines how emerging frameworks shape legal risk and influence organizational behavior. The session provides a critical look at whether legal accountability improves security\u2014or simply encourages minimal compliance.", "description": "The growing legal and regulatory pressure on cybersecurity practitioners in the European Union, has led many organizations to equate compliance with security. Nevertheless, recent enforcement actions and major security incidents reveal a significant disconnect between formal compliance and substantive accountability. \r\nThis talk aims at examining how legal responsibility is evolving, especially under instruments such as the General Data Protection Regulation, the NIS2 Directive, and DIGITAL Operational Resilience Act. \r\nKey questions addressed include: \r\n\u2022\tTo what extent does compliance create a false sense of legal protection? \r\n\u2022\tHow are emerging regulatory frameworks shifting the legal risk landscape in the EU? \r\n\u2022\tCan legal accountability support better security outcomes or does it incentivize minimalism and blame-shifting? \r\nAudience Takeaways: \r\nUnderstand how legal accountability is distinct from compliance. \r\nLearn the practical implications of EU cybersecurity legislation on risk ownership. \r\nIdentify cultural and structural barriers to shared responsibility. \r\nGain language and frameworks to influence better internal practices. \r\nMethodology \r\nThis talk will be developed through legal and regulatory analysis, with a focus on current and emerging cybersecurity legislation in the EU. Primary sources include GDPR, the NIS2 Directive and DORA. Each of these frameworks will be reviewed to examine how legal responsibility is defined, distributed, and enforced in the context of cybersecurity. \r\nThe analysis will be also based on published enforcement actions, supervisor guidance, and selected cased studies where formal compliance failed to prevent significant security incidents. By comparing regulatory expectations with known limitations in implementation, one can notice the growing gap between legal reform and security substance.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "3ca506f6-7fbd-5475-8750-ac8d7937e327", "id": 158, "code": "ERANTL", "public_name": "Andreea Focsa", "avatar": "https://program.wiccon.nl/media/avatars/ERANTL_GsFybMj.jpeg", "biography": "Andreea Focsa is a Security Consultant specializing in governance, risk, and compliance, with a focus on ISO frameworks, GDPR, and data management. She works on improving privacy practices, conducting impact assessments, and strengthening internal governance to help organizations meet regulatory requirements while managing cybersecurity risks.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/GSLDPP/", "id": 156, "guid": "309ad1a0-7661-5272-954d-e3231ead7c39", "date": "2025-10-31T11:00:00+01:00", "start": "11:00", "logo": null, "duration": "01:00", "room": "Main Stage", "slug": "wiccon-2025-156-when-nostalgia-hacks-back-a-forensic-autopsy-of-a-trojanized-flash-game", "title": "When Nostalgia Hacks Back: A Forensic Autopsy of a Trojanized Flash Game", "subtitle": "", "track": "Talks", "type": "Talk 60 minutes", "language": "en", "abstract": "In my teenage years, I was regularly slacking homework and studies for flash games! And I was particularly obsessed with a few, until Flash Player expired and I had to manually search for game .exes online and download and run them on my only laptop. And weird things used to happen then : a seemingly innocent Flash gameused to cause repeated crashes on my laptop, it used to get me irritated, burn my savings on recovery of my OS and system and I never really even understood why \u2014 but only years later, armed with digital forensics and reverse engineering skills, did I revisit it to uncover what really happened. \r\n\r\nThis talk walks through the forensic investigation and malware analysis of a nostalgic childhood game that turned out to be trojanized. Using tools like Autopsy, Volatility, Regshot, Ghidra, and x64dbg, we\u2019ll trace its behavior from system tampering to process injection and obfuscated payloads.\r\n\r\nThis session blends technical depth with personal narrative to highlight how curiosity, nostalgia, and trust can be weaponized. Attendees will learn practical techniques for uncovering post-execution artifacts, unpacking malware, and extracting IOCs \u2014 and gain a new appreciation for the risks hidden in seemingly harmless digital memories.", "description": "This talk explores a personal, technical investigation into a trojanized Flash game from the early 2000s \u2014 a game I had downloaded in my teens, only to experience repeated system failures I couldn't explain at the time. Years later, with experience in digital forensics and malware reverse engineering, I returned to that same game with the intent to uncover the truth \u2014 and what I found was far from harmless.\r\n\r\nThe talk is split into four parts. First, I\u2019ll introduce the backstory \u2014 how nostalgia led me to revisit the game and why this experience stuck with me for over a decade. Then, we\u2019ll jump into the forensics phase: I\u2019ll walk through the behavior observed during sandbox execution, showing how I used Regshot, Procmon, Wireshark, Volatility, and Autopsy to identify registry tampering, dropped payloads, memory injection, and suspicious network traffic.\r\n\r\nFrom there, we\u2019ll move to reverse engineering \u2014 using Ghidra and x64dbg to analyze the packed executable, identify obfuscation techniques, unpack hidden strings and routines, and reveal its encrypted communication patterns. This part will highlight how the malware was designed to blend in as a benign game while silently executing background tasks.\r\n\r\nThe final part of the session distills the key takeaways: how malware can be distributed through seemingly harmless, nostalgic software; how emotional trust becomes a vector; and how forensic techniques and reverse engineering can uncover buried threats.\r\n\r\nThis session is designed to be technical but approachable, with a strong narrative arc and practical demonstrations. \r\n\r\nIt\u2019s a reminder that sometimes, the most dangerous files are the ones we wanted to trust the most.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e0ad8d3d-2b02-5c20-9640-3f09b5eab561", "id": 152, "code": "X3X3Q3", "public_name": "Ankshita Maunthrooa", "avatar": "https://program.wiccon.nl/media/avatars/X3X3Q3_lZ2U47K.jpg", "biography": "Ankshita is a cybersecurity consultant with a sharp focus on malware analysis, offensive tactics, and real-world threat detection. Her background spans the finance sector, tech industry, and incident response, where she has worked as a SOC analyst, security engineer, and consultant across corporate and critical infrastructure environments. She holds the ISTQB Certified Security Tester credential, is KLCP certified, and is currently researching advanced malware evasion techniques and system exploitation pathways.\r\n\r\nShe has presented her work at Hack.lu (Luxembourg), Apr\u00e8s Cyber Slopes Summit (Utah), DevFest Africa, and The Developers Conference (Mauritius). Her technical approach blends dynamic analysis, code unpacking, and attacker tradecraft \u2014 often with a focus on web-based attack surfaces. Ankshita has also been recognized by Huawei Mauritius in 2024 for her innovation in engineering", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/GWF8XX/", "id": 163, "guid": "c2c65809-a8aa-55eb-a720-9d55e58d8c12", "date": "2025-10-31T12:00:00+01:00", "start": "12:00", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-163-when-the-hackers-are-inside-the-building", "title": "When the Hackers are inside the building", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "Most admins spend their working life trying to keep malware, hackers, and their tools outside of their network. However, for the last four and a bit years, I've been working with the opposite problem. Running a network for a penetration testing company. Where the pentesters are using all the tools we'd normally like to keep a long way away from our network.\r\n\r\nFrom threatmodelling, to implementation, in this talk I'll go through some of the unusual design and operational aspects of this unique usecase, as well as some of the examples we as an organisation have been able to learn from those we pentest.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "35917638-4556-5d7f-9269-8e039ee5cd65", "id": 87, "code": "ZNQZUX", "public_name": "Julia Freeman", "avatar": "https://program.wiccon.nl/media/avatars/ZNQZUX_iLOKTor.jpg", "biography": "Julia has worked in the IT industry for over a quarter of a century. For the past five years she's been running the systems for a pentesting company in Amsterdam.\r\n\r\nPhoto by: Dennis van Zuijlekom", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/BYCDFQ/", "id": 152, "guid": "0462d6fc-dc6b-55b4-b056-1040f3d54e96", "date": "2025-10-31T12:30:00+01:00", "start": "12:30", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-152-inside-the-cra-standardisation-trenches-our-real-world-struggle-to-harmonise", "title": "Inside the CRA Standardisation Trenches: Our Real\u2011World Struggle to Harmonise", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "This session offers an insider\u2019s view of the EU\u2019s Cyber Resilience Act (CRA) standardisation process from two active participants in one of the CEN\u2011CENELEC working groups. We\u2019ll share what it\u2019s really like to draft the horizontal harmonised standards, from defining scope to debating technical terminology. The talk highlights challenges in building consensus between manufacturers, regulators, SMEs, and open\u2011source communities, often with competing priorities. Expect candid stories about moments of friction, surprising compromises, and lessons we\u2019ve learned navigating the process. Attendees will walk away understanding not only the standards\u2019 timelines and structure but also how to engage effectively in shaping them.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "3fb60f6d-56b4-5ed5-aece-7c4501a06b00", "id": 50, "code": "U3VBLT", "public_name": "Raluca Viziteu", "avatar": "https://program.wiccon.nl/media/avatars/U3VBLT_zsIzcqm.jpeg", "biography": "Raluca\u202fViziteu is a security consultant at Bureau\u202fVeritas Cybersecurity (former Secura), based in the Netherlands, where she brings a strong foundation in certification and compliance across regulations such as IEC\u202f62443 and the RED Delegated Act, etc. Over the past two years her primary focus has been the Cyber Resilience Act (CRA), from monitoring its legislative development to helping clients prepare for its upcoming compliance deadlines.", "answers": []}, {"guid": "c4f947c5-e585-53e3-b3ce-ff1349c9a0af", "id": 145, "code": "LW7CZL", "public_name": "Wendy Tonks", "avatar": "https://program.wiccon.nl/media/avatars/LW7CZL_FHLEuk0.png", "biography": "R&D engineer for OMRON in the Netherlands. 27 years of experience in the system testing of software and industrial control system software and products. Currently focussed on the Cybersecurity aspects of products, development processes, and the management of security related issues in industrial environments.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/KREPAB/", "id": 138, "guid": "36fcd063-d728-5be6-b9c1-67880802ebe5", "date": "2025-10-31T14:00:00+01:00", "start": "14:00", "logo": null, "duration": "01:00", "room": "Main Stage", "slug": "wiccon-2025-138-the-time-machine-of-security-stopping-vulnerabilities-before-they-re-born", "title": "The Time Machine of Security: Stopping Vulnerabilities Before They're Born", "subtitle": "", "track": "Talks", "type": "Talk 60 minutes", "language": "en", "abstract": "What if you could travel back in time to prevent a security breach before a single line of vulnerable code was written? While we don't have a physical time machine, the \"Shift-Left\" methodology offers the next best thing. This session reimagines the DevOps lifecycle as a \"Time Machine,\" demonstrating how to proactively eliminate vulnerabilities at their genesis. We will journey through each stage, from Plan to Monitor, showcasing how integrating security capabilities like threat modeling, automated code analysis (SAST/SCA), and continuous testing can catch issues when they are exponentially cheaper and easier to fix. Join us to learn how to move beyond the reactive security nightmare, build a culture of prevention, and architect a more secure and resilient future for your applications", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9594d89c-d2a3-5358-959a-aeda8a2d70b1", "id": 132, "code": "FQFGRN", "public_name": "Akansha Shukla", "avatar": "https://program.wiccon.nl/media/avatars/FQFGRN_DJXr58F.jpg", "biography": "An information security professional with 10 years of experience in Application Security, DevSecOps, API security, security architecture, secure design principles, threat modelling, and risk assessment. Bring project management experience and creative problem-solving abilities. Possess a diverse background in building and maintaining positive relationships with a wide range of stakeholders, providing end-to-end support for Security Operations, and protecting companies against internal and external threats. Consistently recognised for outstanding contributions and a solid reputation for resolving complex issues.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/EG3M8R/", "id": 132, "guid": "b5d8ac32-2496-50c7-b539-5923418bc553", "date": "2025-10-31T15:00:00+01:00", "start": "15:00", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-132-what-your-exposed-apis-are-leaking", "title": "What Your Exposed APIs Are Leaking", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "Many large organizations unknowingly expose vulnerable staging and development APIs, creating opportunities for hackers to access sensitive data. To uncover the scope of this issue, we analyzed 1,000 domains, identifying shadow APIs, leaked API secrets, and critical vulnerabilities like misconfigured GraphQL APIs and exposed Spring Boot Actuator schemas.\r\n\r\nIn this session, we\u2019ll show key findings, share how we scaled API discovery using subdomain enumeration and schema reconstruction, and provide actionable strategies to mitigate risks, such as continuous API inventory and schema validation. Attendees will also gain hands-on knowledge of open-source tools like GraphQL Armor and Goctopus to enhance API security.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "82e9b915-0260-5386-9530-5a9ba975fe25", "id": 127, "code": "LL3RS3", "public_name": "Alexandra Charikova", "avatar": "https://program.wiccon.nl/media/avatars/LL3RS3_w4UoxF4.png", "biography": "Passionate about advancing knowledge in application security and challenging industry leaders, Alexandra is a cybersecurity content creator and community manager at Escape and hosts the podcast \"The Elephant in AppSec.\" This podcast brings together cybersecurity professionals and industry leaders to discuss and tackle challenging topics in application security.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/S8UKKU/", "id": 161, "guid": "c1dacfd3-bb7a-5705-ba63-ec38301bf35a", "date": "2025-10-31T15:30:00+01:00", "start": "15:30", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-161-unsafe-code-lab-how-modern-web-frameworks-fail-and-how-to-fix-them-", "title": "Unsafe Code Lab: How Modern Web Frameworks Fail (and How to Fix Them)", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "Unsafe Code Lab is an open-source collection of vulnerable backend applications built with modern web frameworks: Next.js, Koa, Django REST Framework, FastAPI and others. It's a streamlined way to learn how modern web frameworks work, what makes them tick, how they break and how to fix them. Built for security engineers and researchers.\r\n\r\nUse it to get up to speed quickly on unfamiliar frameworks, run targeted secure code reviews and see how framework API design can either create security traps or completely prevent mistakes that are common elsewhere. The runnable, annotated scenarios also work as a research harness for vulnerability research and exploit development.\r\n\r\nAt WICCON we'll demo our first public release: ten modern frameworks across Python and JavaScript. We'll share what we learned, show fresh vulnerabilities we uncovered and outline our roadmap for expanding into more languages.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "639cd3a0-cbb1-5462-9209-6607e54ceb75", "id": 153, "code": "87CZS9", "public_name": "Irina Iarlykanova", "avatar": "https://program.wiccon.nl/media/avatars/87CZS9_wnRgFSZ.jpeg", "biography": "Irina Iarlykanova is a co-founder of the first ACM Student Chapter in the Maastricht University where she studies Computer Science. She is also an active CTF player, specializing in web application security. Irina has professional experience as a software engineer at a security consulting firm and she currently writes her thesis on web framework security.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/CED8HS/", "id": 173, "guid": "da1818ed-c84a-53ef-a94b-fd749b78d2a0", "date": "2025-10-31T16:00:00+01:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Main Stage", "slug": "wiccon-2025-173-closing", "title": "Closing", "subtitle": "", "track": "Talks", "type": "Talk 30 minutes", "language": "en", "abstract": "more info here", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Workshop": [{"url": "https://program.wiccon.nl/wiccon-2025/talk/EG33XG/", "id": 171, "guid": "e367657d-48ef-5a99-a265-f638dc2b536d", "date": "2025-10-31T10:00:00+01:00", "start": "10:00", "logo": null, "duration": "03:00", "room": "Workshop", "slug": "wiccon-2025-171-the-ghost-in-the-machine-capture-the-flag-by-kpn", "title": "The Ghost in the Machine - Capture the Flag by KPN", "subtitle": "", "track": "Workshops", "type": "Workshop 120 minutes", "language": "en", "abstract": "October 2025. MyTelco, a global telecom giant, is under siege. Not by a known threat actor, but by something stranger...\r\n\r\nCalls drop, leaving behind eerie static whispers. Data packets vanish without a trace. Rogue signals disrupt critical systems. In the NOC, screens flicker with unreadable glyphs and error logs defy logic. Officially, it\u2019s a suspected cyberattack. Unofficially? Employees whisper of a digital poltergeist, something haunting the very heart of the network.\r\n\r\nYou are brought in as MyTelco\u2019s last hope.\r\n\r\nIn this session, step into the shoes of a senior security specialist tasked with investigating the unexplainable. You\u2019ll follow the forensic trail through ghost data, spectral code, and manipulated infrastructure. Is it a new breed of cyberweapon? An insider with a vendetta? Or is the network itself turning against its creators?\r\n\r\nExpect real-world tools, tactics, and a case study unlike any other.\r\nExpect the unexpected.\r\nThe network is alive. And it's angry.\r\n\r\nAnd if you exorcise the ghost in the network successfully? You might win a prize...\r\n\r\nNote: This CTF has limited capacity and is first come, first served. You will need a laptop to participate. Come in early to secure your spot in the ghost hunt.", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://program.wiccon.nl/wiccon-2025/talk/7PUHHJ/", "id": 140, "guid": "4c44037e-4eee-5847-b8bd-9d7535cf5e38", "date": "2025-10-31T14:00:00+01:00", "start": "14:00", "logo": "https://program.wiccon.nl/media/wiccon-2025/submissions/7PUHHJ/sca_4ppCufQ.jpg", "duration": "02:00", "room": "Workshop", "slug": "wiccon-2025-140-hardware-hacking-with-artificial-intelligence", "title": "Hardware Hacking with Artificial Intelligence", "subtitle": "", "track": "Workshops", "type": "Workshop 120 minutes", "language": "en", "abstract": "Obtaining passwords through the power consumption of a chip: Myth or Real? In this hardware hacking workshop, you'll get hands-on experience in extracting secret information using artificial intelligence. The workshop consists of a short theoretical introduction to side-channel analysis, followed by a real-world attack using popular deep-learning techniques.", "description": "In everyday life, embedded devices are integrated everywhere: from your washing machine to your smartcard. The information processed by these devices are secured through encryption algorithms. However, devices can leak information about critical parts of the algorithm through physical phenomenon, such as power consumption, execution time or radiation.\r\n\r\nIn side-channel analysis, this information can be analyzed using statistics or deep learning to obtain encryption keys. In this workshop, we will focus on breaking a small embedded device - the ARM Cortex M4 - by retrieving the key of AES through deep-learning based side-channel analysis. \r\n\r\nFor this workshop, you'll need to bring a laptop with Git, Git-LFS, Python 3.12 and VSCode installed. Use git to clone this repo and follow the installation instructions in the Readme: https://github.com/BruteforceMisa/wiccon-workshop", "recording_license": "", "do_not_record": true, "persons": [{"guid": "fa6c6135-f409-5fe4-97db-b9f81bbdf925", "id": 134, "code": "PZX3LK", "public_name": "Azade Rezaeezade", "avatar": "https://program.wiccon.nl/media/avatars/PZX3LK_TaBVCJb.jpg", "biography": "I'm a researcher at Radboud University, where I work on deep learning-based side-channel analysis. I started in this field during my Ph.D. at TU Delft. My research interests include the security of small hardware, side-channel analysis of post-quantum cryptography, and exploring how deep learning techniques can advance this area. Of all the side activities related to working in academia, I enjoy meeting new people and discovering new places the most, which means I'm looking forward to all the interesting discussions we can have during the WICCON workshop.", "answers": []}, {"guid": "f9aca0f1-e5cd-597b-b16a-6a463ff59908", "id": 135, "code": "3GWFFP", "public_name": "Lizzy Grootjen", "avatar": "https://program.wiccon.nl/media/avatars/3GWFFP_O7YMEui.jpg", "biography": "Lizzy is currently a PhD candidate at the Institute for Computing and Information Sciences (iCIS) at the Radboud University. With a background in both Cyber Security and Artificial Intelligence, she is currently doing research in AI-assisted physical attacks on cryptographic implementations. Next to doing research, Lizzy likes to teach classes and supervise students.\r\nWhen not working, she is playing with her two cats, reading books, doing sports or making music.\r\n\r\nLinktree: https://bruteforcemisa.github.io", "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}