2.0 -//Pentabarf//Schedule//EN

PUBLISH 9HWMXF@@program.wiccon.nl

-9HWMXF

Opening en

20251030T100000 20251030T101500 0.01500

Opening

PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/9HWMXF/ Main Stage Jaimy Thepass PUBLISH WYU8VM@@program.wiccon.nl

-WYU8VM

The Awareness Trap: Why security awareness training often fails – and what to do instead en

20251030T101500 20251030T110000 0.04500

The Awareness Trap: Why security awareness training often fails – and what to do instead

Cybersecurity professionals have poured lots of time, money, energy (and hopes and dreams) into awareness campaigns. We roll out some phishing simulations, add e-learnings to our colleagues’ to-do lists, and organize the occasional escape room hoping to at least make the mandatory topic of security a bit more fun. And yet, 95% of cyberincidents can be traced back to human error [1]. We still click. We still use weak passwords. We still ignore or delay updates. At the end of the day, it’s still people – like you and me – using those digital systems. Which is exactly why human behavior plays such an important role in cybersecurity. Many security initiatives are built on a faulty assumption: that people behave rationally when informed. Surely, if someone knows that clicking a phishing link can bring the whole organization to its knees, they will make sure to avoid that… right? But research tells us otherwise. Under time pressure and cognitive load, people often rely on quick, intuitive decisions (what psychologists call ‘System 1’ thinking), rather than slow, analytical reasoning (‘System 2’) [2]. It’s quick, but prone to mistakes. That’s why even well-informed employees can make risky choices in a rush to meet all their deadlines. Behavioral science teaches us that knowing ≠ doing. It gives us the tools to take a look inside the real drivers of human behavior in cybersecurity. Hint: it’s not just about awareness. Decades of research from fields like behavioral economics, cognitive psychology, and usability studies have shown that our behavior is far more driven more by our context than by conscious deliberation. External factors, like time constraints, attention overload, social norms, and default settings influence behavior, often without us even realizing it. And when people are juggling tasks, they don’t act not based on what they know, but on what’s easiest, fastest, or helps them get their work done in the moment. [3] That’s why your colleagues reuse the same weak password across accounts. Not because they think it’s safe, but because they’re using 20 different tools, the password manager is confusing and adds extra steps, and they just need to get through their work in time. In that moment, they’re way more likely to pick what’s easiest, even if it’s less secure. So sure, an escape room can be a fun way to raise the topic of awareness. And sure, awareness may be top of mind during it, or shortly thereafter, but it is not a ‘constant’ state of mind. It tends to fade over time, gradually pushed aside by daily routines and competing priorities. When was the last time you fired off some last emails at the end of the day before rushing out to pick up your kids from school? In that split second, awareness isn’t what’s top of mind – convenience is. And that’s when mistakes happen. Many organizations still operate from what behavioral scientists call the ‘rational human model’: the idea that if we explain the risk, people will adjust. But this model just doesn’t match how we humans actually behave. It’s the reason why many traditional security awareness programs fall flat, and why it’s time for a new approach. This talk reframes the human factor in cybersecurity from an awareness challenge, to a behavioral one. Instead of doubling down on training modules and phishing tests, we’ll explore how habits form, how environments shape decisions, and how behaviorally informed design changes can reduce risk more effectively than yet another “death by PowerPoint”. By the end of this session, the audience will walk away with: * An understanding of why awareness alone rarely leads to behavior change; * A more realistic model of human decision-making to design interventions that actually change behavior – and not just tick compliance boxes; * A behavior-first lens to help them rethink their campaigns, metrics, and prevention initiatives – saving time and by avoiding ineffective awareness campaigns. A more realistic model of decision-making opens the door to smarter, more effective interventions that align with how people actually behave. It shifts the focus beyond tracking how many people click on phishing links, toward designing environments that support meaningful and measurable behavior change. Because in cybersecurity, success shouldn’t be measured by how much people know or how aware they are, but by what they do when it matters most. Realism eats rationalism for breakfast ;) References [1] IBM Cyber Security Intelligence Index Report (2021) [2] Kahneman, D. (2011). Thinking, Fast and Slow. London: Penguin Books. [3] Bounded Rationality. Simon, H. A. (1955). A behavioral model of rational choice. The Quarterly Journal of Economics, 69(1), 99-118. https://doi.org/10.2307/1884852 PUBLIC CONFIRMED Talk 45 minutes https://program.wiccon.nl/wiccon-2025/talk/WYU8VM/ Main Stage Roos van Duijnhoven Tünde van Hoek PUBLISH YQ9KUL@@program.wiccon.nl

-YQ9KUL

Azure DevOps privilege escalation: Pipeline shenanigans en

20251030T110000 20251030T120000 1.00000

Azure DevOps privilege escalation: Pipeline shenanigans

PUBLIC CONFIRMED Talk 60 minutes https://program.wiccon.nl/wiccon-2025/talk/YQ9KUL/ Main Stage Anniek van der Peijl PUBLISH RCUA3A@@program.wiccon.nl

-RCUA3A

Breaking in: a journey through the cybersecurity hiring maze en

20251030T120000 20251030T123000 0.03000

Breaking in: a journey through the cybersecurity hiring maze

The cybersecurity industry is sounding the alarm about talent shortages, but what is it really like to enter the field from the outside? In this talk, I share my personal journey into cybersecurity, beginning with a background in Quality Assurance and Account Management. Motivated by the parallels I saw between testing, monitoring, risk analysis, and cybersecurity, I decided to pursue a path in ethical hacking. I gained the Certified Ethical Hacker certification and focused my full energy on transitioning into the field. Then I ran into barrier after barrier… This talk gives an unfiltered yet constructive look at the reality many aspiring professionals face when trying to enter cybersecurity. I’ll share real examples of job descriptions, feedback I received, confusing certification expectations, and the impact of both helpful and dismissive responses. Whether you're a company looking for new talent, a mentor, or a fellow newcomer to the world of cybersecurity, there’s something in this story for you. Key Takeaways: - Differentiate between competences and branch specific knowledge, to pinpoint which experience is really needed to be gained within a cybersecurity job - When considering a move into cybersecurity: talk first, certify second - What organisations can do to help newcomers enter their business - Why asking for certifications when needed is fine, but "certification spraying" can be counterproductive PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/RCUA3A/ Main Stage Lianne Klaver PUBLISH PF9D8K@@program.wiccon.nl

-PF9D8K

Embedded AI - Evolving attack surface and ways to defend them en

20251030T123000 20251030T130000 0.03000

Embedded AI - Evolving attack surface and ways to defend them

The rapid integration of embedded AI into products and critical infrastructure is transforming digital capabilities—but it is also dramatically expanding the attack surface for adversaries. In 2025, organisations are facing a surge in sophisticated threats that specifically target AI-powered components, from adversarial inputs and data poisoning to prompt injection and insecure APIs. Recent high-profile incidents, such as critical remote code execution vulnerabilities in AI developer tools and authentication bypasses in AI platforms, have demonstrated how attackers can exploit these new vectors to gain unauthorised access, steal data, or deploy botnets at scale. This talk will: • Deconstruct the unique vulnerabilities introduced by embedded AI, including adversarial attacks, data poisoning, model inversion, and exploitation of non-human identities and insecure endpoints. • Analyze recent real-world breaches—such as the exploitation of Anthropic’s MCP Inspector and Langflow AI servers—to illustrate how attackers are leveraging these weaknesses for remote code execution, lateral movement, and DDoS attacks. • Outline a practical defense framework for organizations, covering: • AI-specific threat modeling and red teaming • Secure development and deployment practices • Continuous monitoring for behavioral anomalies and data integrity • Robust authentication and segmentation controls for AI APIs and endpoints • Highlight actionable strategies for defenders, such as adopting behavioral biometrics, implementing anomaly detection for embedded AI, and developing incident response playbooks tailored to AI-driven threats. Key Takeaways: Recognize the evolving risks of embedded AI, understand the latest attacker techniques, explore preventive controls to secure their organizations against this new generation of threats. PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/PF9D8K/ Main Stage Prithvi Bhat PUBLISH HTG7HX@@program.wiccon.nl

-HTG7HX

Hooray, I failed! en

20251030T140000 20251030T143000 0.03000

Hooray, I failed!

Every one of us will have moments in life where things end up in confusion or frustration. Relationships, family life and a plain fact of daily life: our jobs. A few times in her life, Tess has struggled through the questions "Is this really what I want? Am I really the right person for this job? Am I really not some fraud, fooling everyone?" Each of those times, it took a lot of time and soul searching to find the answers. Figuring things out like: * Why Tess left IT ... and came back. * Why Tess is not fulfilling her long-lived dream of employing juniors. * How she failed OSCP ... and some day she'll be okay with that. * How she might not be doing what she wants to... and how she copes with that. Tess would love to share with you some of the tools and techniques she's applied over the years, to get to some of the hard truths she had to deal with. Mind mapping and associative thinking, the "Mindy"-method and even tarot. No spooky esoterica, just another great way of asking yourself questions. An open and heartfelt talk from someone with 25 years of professional experience, hoping to make life a little easier for her juniors. PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/HTG7HX/ Main Stage Tess Sluijter-Stek PUBLISH XQRSJV@@program.wiccon.nl

-XQRSJV

Adversarial robustness of ML-based malware classifiers en

20251030T143000 20251030T150000 0.03000

Adversarial robustness of ML-based malware classifiers

This talk presents a technical exploration of adversarial robustness in machine learning-based malware detection systems. The research is grounded on the EMBER dataset, one of the largest publicly available datasets for static malware analysis, containing raw features and labels for over 3.2 million malicious and benign samples spanning six file types: Win32, Win64, .NET, APK, ELF, and PDF. The first phase involved analyzing the dataset to identify which features are most relevant for binary classification of malware. After feature selection and preprocessing, multiple machine learning models (e.g., Random Forest, Gradient Boosting, and Neural Networks) were trained on a representative sample subset to distinguish between malicious and benign files. These trained models were saved for further testing. In the second phase, adversarial attacks were simulated by modifying key input features in the test samples — without altering the functional structure of the binaries — to observe how the predictions of each saved model changed. This process helped evaluate the models’ resilience to feature manipulation and adversarial evasion. The presentation will detail the full pipeline: from dataset preparation and feature engineering, through model training, to adversarial evaluation. It concludes with a comparative analysis of each classifier’s robustness under attack, identifying which algorithms offer the highest resistance and reliability in adversarial scenarios. This work contributes to understanding how secure and dependable current ML-based malware detection methods are when faced with intelligent manipulation attempts. PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/XQRSJV/ Main Stage Deleted User PUBLISH M8DCYP@@program.wiccon.nl

-M8DCYP

The Human Firewall: How Soft Skills Became My Strongest Tool en

20251030T150000 20251030T153000 0.03000

The Human Firewall: How Soft Skills Became My Strongest Tool

Cybersecurity is often seen as a technical domain, but the human factor is what truly makes the difference. Drawing from my experience in the GRC domain, I’ll explore how awareness can shift security from being just a policy to becoming part of an organization’s culture. I’ll share how I transitioned from SOC analyst to Security Consultant, and how working with a government agency, where technical knowledge is limited and change is often met with resistance, taught me the importance of making security relatable and actionable. This talk is not a technical deep dive. It’s a story about the power of soft skills and the human side of cyber. When people feel involved and informed, security becomes part of their mindset rather than just a checkbox. Trust, connection, and collaboration are the real drivers of lasting security, and that’s where the true strength of soft skills lies. PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/M8DCYP/ Main Stage Ramiëlla Ramos PUBLISH QBVLC9@@program.wiccon.nl

-QBVLC9

Crack, communicate, change: turning password failures into security wins en

20251030T153000 20251030T160000 0.03000

Crack, communicate, change: turning password failures into security wins

In 2018, a pen-test revealed that almost 40% of Mediahuis Nederland hashes were easy to crack. We had previously run several generic awareness campaigns around strong password usage, but these had limited effect. Knowing the results weren’t great and that generic campaigns have limited impact, we wanted to make colleagues aware if they were using a weak password, and that they should change it, while also making it so that the security team don’t see their passwords. We built a program for monthly password cracking (or password strength testing, as it is called within Mediahuis). We obtained buy in from board and workers council and started the testing cycles. I will share some brief information on our testing set-up, this will not be a deep dive since there are already many clear write-ups on how to crack passwords. I will also share how we developed our testing criteria. But testing alone will change nothing. So, we developed a communication strategy to get our colleagues to change their password behaviour. Mediahuis has entities in 5 different countries, and we have needed to adapt our communication strategy to fit local cultures. Along the way we have tried various different approaches, and I will share what, in our experience, are the advantages and disadvantages of the options we’ve tried. We have encountered obstacles and resistance to change during this project, and I will share what we’ve encountered and how we dealt with it. Currently Mediahuis is down to a maximum of 1% of easily crackable passwords across all entities, with most entities being at 0 weak passwords. PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/QBVLC9/ Main Stage Nynke Damstra PUBLISH SXGLZN@@program.wiccon.nl

-SXGLZN

Nightmare on NTLM Street: Legacy's Revenge en

20251030T163000 20251030T171500 0.04500

Nightmare on NTLM Street: Legacy's Revenge

PUBLIC CONFIRMED Talk 45 minutes https://program.wiccon.nl/wiccon-2025/talk/SXGLZN/ Main Stage Marina Bochenkova PUBLISH YGBUF7@@program.wiccon.nl

-YGBUF7

How to Make Cybersecurity Sexy - Get the Board on Board en

20251030T171500 20251030T180000 0.04500

How to Make Cybersecurity Sexy - Get the Board on Board

Boards love visibility, strategy, and results. Cybersecurity often delivers none of that - until there’s a crisis. That's why many executives often see security as a sunk cost. Important, but not urgent, and definitely not something that gets them noticed or praised. After all, no one posts a selfie from a cyber drill. So how do we get boards to pay attention before it’s too late? In this energetic and eye-opening session, Mirjam tackles one of the biggest challenges in cybersecurity: executive engagement. Mirjam unpacks why cybersecurity fails to land in boardrooms and what needs to shift in how we present it. Drawing on behavioral insights, public sector experience, and her own RISICO method, she lays out a practical approach to reframing cybersecurity as a leadership issue - not a technical one. You'll learn: - Why traditional cybersecurity messaging falls flat at the top - How to reframe cybersecurity as a leadership and continuity issue - The RISICO method: a practical and powerful toolset for boards to assess, act, and lead - Communication tactics that resonate with non-technical decision-makers Expect sharp insights, a touch of humor, and real-world examples. This talk is for CISOs, advisors, and IT leaders who want real traction with their board - and who are done begging for attention. PUBLIC CONFIRMED Talk 45 minutes https://program.wiccon.nl/wiccon-2025/talk/YGBUF7/ Main Stage Mirjam Kaijser PUBLISH 898HYY@@program.wiccon.nl

-898HYY

We've gathered 4000 hackers on a field and here's what happened. en

20251030T180000 20251030T190000 1.00000

We've gathered 4000 hackers on a field and here's what happened.

Dutch Hacker Camps are an important part of Dutch Hacker Culture. Last August, 4000 hackers gathered on a field and had serious hacker fun. Let me give you some insights on what happened.. PUBLIC CONFIRMED Talk 60 minutes https://program.wiccon.nl/wiccon-2025/talk/898HYY/ Main Stage Nancy Beers PUBLISH DEFACR@@program.wiccon.nl

-DEFACR

The Ghost in the Machine - Capture the Flag by KPN en

20251030T101500 20251030T130000 2.04500

The Ghost in the Machine - Capture the Flag by KPN

PUBLIC CONFIRMED Workshop 120 minutes https://program.wiccon.nl/wiccon-2025/talk/DEFACR/ Workshop PUBLISH JWSFEC@@program.wiccon.nl

-JWSFEC

Ghostbusters Reloaded: catching a tech-savvy ghost in the logs en

20251030T140000 20251030T160000 2.00000

Ghostbusters Reloaded: catching a tech-savvy ghost in the logs

Curious about the blue side of cybersecurity? Enjoying puzzles and detective games? Or needing some exposure to the Kusto Query Language? Welcome to this workshop that walks you through an incident-response type investigation! Starting off with a nugget of information, we will dive headfirst into the provided dataset on Azure Data Explorer. With carefully (or messily, I'm not one to judge) crafted KQL queries, we will trace the attacker's steps until we get the full picture, from reconnaissance to actions on objectives (yes, that's the Cyber Kill Chain). Don't forget to take notes! At the end of the session, we will draw up a timeline of events and compile some IOCs in a table, two elements that are important in a report. Worried about KQL being a new "language"? I will start off the session with a short intro and will provide you with a "cheatsheet" to help you along the way. PUBLIC CONFIRMED Workshop 120 minutes https://program.wiccon.nl/wiccon-2025/talk/JWSFEC/ Workshop Kellamity PUBLISH 3MFK7E@@program.wiccon.nl

-3MFK7E

Persuasion in Practice: Social Engineering Workshop en

20251030T163000 20251030T173000 1.00000

Persuasion in Practice: Social Engineering Workshop

In this workshop we dive into the seven ways to influence people's behavior, explained with examples from the world of cyber crime. The best way to defend yourself against social engineering attacks it to know the mechanics. In this workshop you'll practice the science of persuasion and get ahead of the game. Participants are divided into two groups, each receiving their own mission. They have 10 minutes to prepare their strategy. Can they social engineer others to get to their goal? Computers or other digital tools are not necessary for this workshop! PUBLIC CONFIRMED Workshop 60 minutes https://program.wiccon.nl/wiccon-2025/talk/3MFK7E/ Workshop Helma de Boer Rosanne Pouw PUBLISH MWZ9LU@@program.wiccon.nl

-MWZ9LU

How we handled a major increase in our threat landscape en

20251031T100000 20251031T103000 0.03000

How we handled a major increase in our threat landscape

Ofcourse we can only disclose information labeled TLP:GREEN by our partners, and our own information and experiences on how we handled 1) preparing and 2) the Summit taking place. For part 1 (preparations) I will share how we handled our increased threat landscape (with a threat assessment), how we defined our security measures using a threat assessment and how we prepared our organization with cybercrisis exercises. For part 2 (the Summit itself) I will share our experiences from the eyes of the information coordinator role in the cyber backoffice. I will only share our goal, roles and collaborations. I’ll end with the remaining question: and now what? PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/MWZ9LU/ Main Stage Lilian Knippenberg PUBLISH SZQSTK@@program.wiccon.nl

-SZQSTK

Beyond Compliance: Rethinking Legal Accountability in Cybersecurity en

20251031T103000 20251031T110000 0.03000

Beyond Compliance: Rethinking Legal Accountability in Cybersecurity

The growing legal and regulatory pressure on cybersecurity practitioners in the European Union, has led many organizations to equate compliance with security. Nevertheless, recent enforcement actions and major security incidents reveal a significant disconnect between formal compliance and substantive accountability. This talk aims at examining how legal responsibility is evolving, especially under instruments such as the General Data Protection Regulation, the NIS2 Directive, and DIGITAL Operational Resilience Act. Key questions addressed include: • To what extent does compliance create a false sense of legal protection? • How are emerging regulatory frameworks shifting the legal risk landscape in the EU? • Can legal accountability support better security outcomes or does it incentivize minimalism and blame-shifting? Audience Takeaways: Understand how legal accountability is distinct from compliance. Learn the practical implications of EU cybersecurity legislation on risk ownership. Identify cultural and structural barriers to shared responsibility. Gain language and frameworks to influence better internal practices. Methodology This talk will be developed through legal and regulatory analysis, with a focus on current and emerging cybersecurity legislation in the EU. Primary sources include GDPR, the NIS2 Directive and DORA. Each of these frameworks will be reviewed to examine how legal responsibility is defined, distributed, and enforced in the context of cybersecurity. The analysis will be also based on published enforcement actions, supervisor guidance, and selected cased studies where formal compliance failed to prevent significant security incidents. By comparing regulatory expectations with known limitations in implementation, one can notice the growing gap between legal reform and security substance. PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/SZQSTK/ Main Stage Andreea Focsa PUBLISH GSLDPP@@program.wiccon.nl

-GSLDPP

When Nostalgia Hacks Back: A Forensic Autopsy of a Trojanized Flash Game en

20251031T110000 20251031T120000 1.00000

When Nostalgia Hacks Back: A Forensic Autopsy of a Trojanized Flash Game

This talk explores a personal, technical investigation into a trojanized Flash game from the early 2000s — a game I had downloaded in my teens, only to experience repeated system failures I couldn't explain at the time. Years later, with experience in digital forensics and malware reverse engineering, I returned to that same game with the intent to uncover the truth — and what I found was far from harmless. The talk is split into four parts. First, I’ll introduce the backstory — how nostalgia led me to revisit the game and why this experience stuck with me for over a decade. Then, we’ll jump into the forensics phase: I’ll walk through the behavior observed during sandbox execution, showing how I used Regshot, Procmon, Wireshark, Volatility, and Autopsy to identify registry tampering, dropped payloads, memory injection, and suspicious network traffic. From there, we’ll move to reverse engineering — using Ghidra and x64dbg to analyze the packed executable, identify obfuscation techniques, unpack hidden strings and routines, and reveal its encrypted communication patterns. This part will highlight how the malware was designed to blend in as a benign game while silently executing background tasks. The final part of the session distills the key takeaways: how malware can be distributed through seemingly harmless, nostalgic software; how emotional trust becomes a vector; and how forensic techniques and reverse engineering can uncover buried threats. This session is designed to be technical but approachable, with a strong narrative arc and practical demonstrations. It’s a reminder that sometimes, the most dangerous files are the ones we wanted to trust the most. PUBLIC CONFIRMED Talk 60 minutes https://program.wiccon.nl/wiccon-2025/talk/GSLDPP/ Main Stage Ankshita Maunthrooa PUBLISH GWF8XX@@program.wiccon.nl

-GWF8XX

When the Hackers are inside the building en

20251031T120000 20251031T123000 0.03000

When the Hackers are inside the building

PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/GWF8XX/ Main Stage Julia Freeman PUBLISH BYCDFQ@@program.wiccon.nl

-BYCDFQ

Inside the CRA Standardisation Trenches: Our Real‑World Struggle to Harmonise en

20251031T123000 20251031T130000 0.03000

Inside the CRA Standardisation Trenches: Our Real‑World Struggle to Harmonise

PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/BYCDFQ/ Main Stage Raluca Viziteu Wendy Tonks PUBLISH KREPAB@@program.wiccon.nl

-KREPAB

The Time Machine of Security: Stopping Vulnerabilities Before They're Born en

20251031T140000 20251031T150000 1.00000

The Time Machine of Security: Stopping Vulnerabilities Before They're Born

PUBLIC CONFIRMED Talk 60 minutes https://program.wiccon.nl/wiccon-2025/talk/KREPAB/ Main Stage Akansha Shukla PUBLISH EG3M8R@@program.wiccon.nl

-EG3M8R

What Your Exposed APIs Are Leaking en

20251031T150000 20251031T153000 0.03000

What Your Exposed APIs Are Leaking

PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/EG3M8R/ Main Stage Alexandra Charikova PUBLISH S8UKKU@@program.wiccon.nl

-S8UKKU

Unsafe Code Lab: How Modern Web Frameworks Fail (and How to Fix Them) en

20251031T153000 20251031T160000 0.03000

Unsafe Code Lab: How Modern Web Frameworks Fail (and How to Fix Them)

PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/S8UKKU/ Main Stage Irina Iarlykanova PUBLISH CED8HS@@program.wiccon.nl

-CED8HS

Closing en

20251031T160000 20251031T163000 0.03000

Closing

PUBLIC CONFIRMED Talk 30 minutes https://program.wiccon.nl/wiccon-2025/talk/CED8HS/ Main Stage PUBLISH EG33XG@@program.wiccon.nl

-EG33XG

The Ghost in the Machine - Capture the Flag by KPN en

20251031T100000 20251031T130000 3.00000

The Ghost in the Machine - Capture the Flag by KPN

PUBLIC CONFIRMED Workshop 120 minutes https://program.wiccon.nl/wiccon-2025/talk/EG33XG/ Workshop PUBLISH 7PUHHJ@@program.wiccon.nl

-7PUHHJ

Hardware Hacking with Artificial Intelligence en

20251031T140000 20251031T160000 2.00000

Hardware Hacking with Artificial Intelligence

In everyday life, embedded devices are integrated everywhere: from your washing machine to your smartcard. The information processed by these devices are secured through encryption algorithms. However, devices can leak information about critical parts of the algorithm through physical phenomenon, such as power consumption, execution time or radiation. In side-channel analysis, this information can be analyzed using statistics or deep learning to obtain encryption keys. In this workshop, we will focus on breaking a small embedded device - the ARM Cortex M4 - by retrieving the key of AES through deep-learning based side-channel analysis. For this workshop, you'll need to bring a laptop with Git, Git-LFS, Python 3.12 and VSCode installed. Use git to clone this repo and follow the installation instructions in the Readme: https://github.com/BruteforceMisa/wiccon-workshop PUBLIC CONFIRMED Workshop 120 minutes https://program.wiccon.nl/wiccon-2025/talk/7PUHHJ/ Workshop Azade Rezaeezade Lizzy Grootjen