0.4 wiccon-2025 2025-10-30 2025-10-31 2 00:05 https://program.wiccon.nl Europe/Amsterdam Main Stage Talk 30 minutes 2025-10-30T10:00:00+01:00 10:00 00:15 The opening of WICCON by the amazing Jaimy Thepass! wiccon-2025-172-opening Talks Jaimy Thepass en false https://program.wiccon.nl/wiccon-2025/talk/9HWMXF/ https://program.wiccon.nl/wiccon-2025/talk/9HWMXF/feedback/ Main Stage Talk 45 minutes 2025-10-30T10:15:00+01:00 10:15 00:45 Cybersecurity training often assumes that awareness leads to action. But despite years of phishing simulations and mandatory e-learnings, 95% of cyberincidents can be traced back to human error. Drawing from behavioral science and real-world examples, this talk reveals why knowledge alone rarely changes behavior. We’ll challenge the common assumption that people act rationally when they’re informed and aware, and show the audience how a more realistic model of decision-making opens the door to smarter, more effective interventions. Because in cybersecurity, what people do matters more than what they know. wiccon-2025-159-the-awareness-trap-why-security-awareness-training-often-fails-and-what-to-do-instead Talks Roos van DuijnhovenTünde van Hoek en Cybersecurity professionals have poured lots of time, money, energy (and hopes and dreams) into awareness campaigns. We roll out some phishing simulations, add e-learnings to our colleagues’ to-do lists, and organize the occasional escape room hoping to at least make the mandatory topic of security a bit more fun. And yet, 95% of cyberincidents can be traced back to human error [1]. We still click. We still use weak passwords. We still ignore or delay updates. At the end of the day, it’s still people – like you and me – using those digital systems. Which is exactly why human behavior plays such an important role in cybersecurity. Many security initiatives are built on a faulty assumption: that people behave rationally when informed. Surely, if someone knows that clicking a phishing link can bring the whole organization to its knees, they will make sure to avoid that… right? But research tells us otherwise. Under time pressure and cognitive load, people often rely on quick, intuitive decisions (what psychologists call ‘System 1’ thinking), rather than slow, analytical reasoning (‘System 2’) [2]. It’s quick, but prone to mistakes. That’s why even well-informed employees can make risky choices in a rush to meet all their deadlines. Behavioral science teaches us that knowing ≠ doing. It gives us the tools to take a look inside the real drivers of human behavior in cybersecurity. Hint: it’s not just about awareness. Decades of research from fields like behavioral economics, cognitive psychology, and usability studies have shown that our behavior is far more driven more by our context than by conscious deliberation. External factors, like time constraints, attention overload, social norms, and default settings influence behavior, often without us even realizing it. And when people are juggling tasks, they don’t act not based on what they know, but on what’s easiest, fastest, or helps them get their work done in the moment. [3] That’s why your colleagues reuse the same weak password across accounts. Not because they think it’s safe, but because they’re using 20 different tools, the password manager is confusing and adds extra steps, and they just need to get through their work in time. In that moment, they’re way more likely to pick what’s easiest, even if it’s less secure. So sure, an escape room can be a fun way to raise the topic of awareness. And sure, awareness may be top of mind during it, or shortly thereafter, but it is not a ‘constant’ state of mind. It tends to fade over time, gradually pushed aside by daily routines and competing priorities. When was the last time you fired off some last emails at the end of the day before rushing out to pick up your kids from school? In that split second, awareness isn’t what’s top of mind – convenience is. And that’s when mistakes happen. Many organizations still operate from what behavioral scientists call the ‘rational human model’: the idea that if we explain the risk, people will adjust. But this model just doesn’t match how we humans actually behave. It’s the reason why many traditional security awareness programs fall flat, and why it’s time for a new approach. This talk reframes the human factor in cybersecurity from an awareness challenge, to a behavioral one. Instead of doubling down on training modules and phishing tests, we’ll explore how habits form, how environments shape decisions, and how behaviorally informed design changes can reduce risk more effectively than yet another “death by PowerPoint”. By the end of this session, the audience will walk away with: * An understanding of why awareness alone rarely leads to behavior change; * A more realistic model of human decision-making to design interventions that actually change behavior – and not just tick compliance boxes; * A behavior-first lens to help them rethink their campaigns, metrics, and prevention initiatives – saving time and by avoiding ineffective awareness campaigns. A more realistic model of decision-making opens the door to smarter, more effective interventions that align with how people actually behave. It shifts the focus beyond tracking how many people click on phishing links, toward designing environments that support meaningful and measurable behavior change. Because in cybersecurity, success shouldn’t be measured by how much people know or how aware they are, but by what they do when it matters most. Realism eats rationalism for breakfast ;) References [1] IBM Cyber Security Intelligence Index Report (2021) [2] Kahneman, D. (2011). Thinking, Fast and Slow. London: Penguin Books. [3] Bounded Rationality. Simon, H. A. (1955). A behavioral model of rational choice. The Quarterly Journal of Economics, 69(1), 99-118. https://doi.org/10.2307/1884852 false https://program.wiccon.nl/wiccon-2025/talk/WYU8VM/ https://program.wiccon.nl/wiccon-2025/talk/WYU8VM/feedback/ Main Stage Talk 60 minutes 2025-10-30T11:00:00+01:00 11:00 01:00 CI/CD pipelines are the standard way of deploying not just applications but infrastructure as well. To do all that, they usually have some juicy privileges. Privileges that I want. In this talk we're going to have a look at Azure DevOps pipelines, their permission settings, and all the ways in which you think you may have secured your pipeline that actually aren't watertight. With live demos (fingers crossed!) to show every problem and every fix. wiccon-2025-145-azure-devops-privilege-escalation-pipeline-shenanigans Talks Anniek van der Peijl en false https://program.wiccon.nl/wiccon-2025/talk/YQ9KUL/ https://program.wiccon.nl/wiccon-2025/talk/YQ9KUL/feedback/ Main Stage Talk 30 minutes 2025-10-30T12:00:00+01:00 12:00 00:30 What does it really take to enter the cybersecurity field, especially as an outsider? In this talk, I share my journey from Quality Assurance and account management into the world of ethical hacking and beyond. I discovered that getting in isn’t just about skill, but about navigating an ecosystem not designed for newcomers. Along the way, I learned what helped, what didn’t, and how the industry can better support motivated people trying to join. Whether you're hiring, mentoring, or just starting out, this talk offers a real-world look at the gap between open roles and accessible entry points. wiccon-2025-153-breaking-in-a-journey-through-the-cybersecurity-hiring-maze Talks Lianne Klaver en The cybersecurity industry is sounding the alarm about talent shortages, but what is it really like to enter the field from the outside? In this talk, I share my personal journey into cybersecurity, beginning with a background in Quality Assurance and Account Management. Motivated by the parallels I saw between testing, monitoring, risk analysis, and cybersecurity, I decided to pursue a path in ethical hacking. I gained the Certified Ethical Hacker certification and focused my full energy on transitioning into the field. Then I ran into barrier after barrier… This talk gives an unfiltered yet constructive look at the reality many aspiring professionals face when trying to enter cybersecurity. I’ll share real examples of job descriptions, feedback I received, confusing certification expectations, and the impact of both helpful and dismissive responses. Whether you're a company looking for new talent, a mentor, or a fellow newcomer to the world of cybersecurity, there’s something in this story for you. Key Takeaways: - Differentiate between competences and branch specific knowledge, to pinpoint which experience is really needed to be gained within a cybersecurity job - When considering a move into cybersecurity: talk first, certify second - What organisations can do to help newcomers enter their business - Why asking for certifications when needed is fine, but "certification spraying" can be counterproductive false https://program.wiccon.nl/wiccon-2025/talk/RCUA3A/ https://program.wiccon.nl/wiccon-2025/talk/RCUA3A/feedback/ Main Stage Talk 30 minutes 2025-10-30T12:30:00+01:00 12:30 00:30 The rapid adoption of embedded AI in products and infrastructure has created powerful new capabilities—alongside a dramatically expanded attack surface for cyber adversaries. Recent incidents have shown how vulnerabilities such as adversarial inputs, data poisoning, and insecure APIs can be exploited to compromise AI-driven systems. This talk will break down the unique risks introduced by embedded AI, illustrated with real-world breach examples and attacker techniques. Attendees will learn a practical, actionable defense framework, including AI-specific threat modeling, secure development practices, and continuous monitoring. The session will equip security professionals with the insights and strategies needed to proactively defend against the next generation of AI-powered threats. wiccon-2025-135-embedded-ai-evolving-attack-surface-and-ways-to-defend-them Talks Prithvi Bhat en The rapid integration of embedded AI into products and critical infrastructure is transforming digital capabilities—but it is also dramatically expanding the attack surface for adversaries. In 2025, organisations are facing a surge in sophisticated threats that specifically target AI-powered components, from adversarial inputs and data poisoning to prompt injection and insecure APIs. Recent high-profile incidents, such as critical remote code execution vulnerabilities in AI developer tools and authentication bypasses in AI platforms, have demonstrated how attackers can exploit these new vectors to gain unauthorised access, steal data, or deploy botnets at scale. This talk will: • Deconstruct the unique vulnerabilities introduced by embedded AI, including adversarial attacks, data poisoning, model inversion, and exploitation of non-human identities and insecure endpoints. • Analyze recent real-world breaches—such as the exploitation of Anthropic’s MCP Inspector and Langflow AI servers—to illustrate how attackers are leveraging these weaknesses for remote code execution, lateral movement, and DDoS attacks. • Outline a practical defense framework for organizations, covering: • AI-specific threat modeling and red teaming • Secure development and deployment practices • Continuous monitoring for behavioral anomalies and data integrity • Robust authentication and segmentation controls for AI APIs and endpoints • Highlight actionable strategies for defenders, such as adopting behavioral biometrics, implementing anomaly detection for embedded AI, and developing incident response playbooks tailored to AI-driven threats. Key Takeaways: Recognize the evolving risks of embedded AI, understand the latest attacker techniques, explore preventive controls to secure their organizations against this new generation of threats. false https://program.wiccon.nl/wiccon-2025/talk/PF9D8K/ https://program.wiccon.nl/wiccon-2025/talk/PF9D8K/feedback/ Main Stage Talk 30 minutes 2025-10-30T14:00:00+01:00 14:00 00:30 I always tell my students: "Failure is fun! We learn, when things fail!" ... so why do I feel so shitty right now? Tess talks us through channeling moments of failure and "imposter syndrome", into moments of introspection and learning. wiccon-2025-125-hooray-i-failed- Talks Tess Sluijter-Stek en Every one of us will have moments in life where things end up in confusion or frustration. Relationships, family life and a plain fact of daily life: our jobs. A few times in her life, Tess has struggled through the questions "Is this really what I want? Am I really the right person for this job? Am I really not some fraud, fooling everyone?" Each of those times, it took a lot of time and soul searching to find the answers. Figuring things out like: * Why Tess left IT ... and came back. * Why Tess is not fulfilling her long-lived dream of employing juniors. * How she failed OSCP ... and some day she'll be okay with that. * How she might not be doing what she wants to... and how she copes with that. Tess would love to share with you some of the tools and techniques she's applied over the years, to get to some of the hard truths she had to deal with. Mind mapping and associative thinking, the "Mindy"-method and even tarot. No spooky esoterica, just another great way of asking yourself questions. An open and heartfelt talk from someone with 25 years of professional experience, hoping to make life a little easier for her juniors. false https://program.wiccon.nl/wiccon-2025/talk/HTG7HX/ https://program.wiccon.nl/wiccon-2025/talk/HTG7HX/feedback/ Main Stage Talk 30 minutes 2025-10-30T14:30:00+01:00 14:30 00:30 As machine learning becomes a core component in malware detection, new risks emerge from adversarial manipulation. This talk explores how ML-based malware classifiers respond to targeted feature modifications. In order to experimentally assess their robustness, several models were trained to classify malicious and benign files and then tested with adversarially altered samples. The presentation focuses on data preparation, attack simulation, and a comparative analysis of model robustness under adversarial conditions. wiccon-2025-150-adversarial-robustness-of-ml-based-malware-classifiers Talks Deleted User en This talk presents a technical exploration of adversarial robustness in machine learning-based malware detection systems. The research is grounded on the EMBER dataset, one of the largest publicly available datasets for static malware analysis, containing raw features and labels for over 3.2 million malicious and benign samples spanning six file types: Win32, Win64, .NET, APK, ELF, and PDF. The first phase involved analyzing the dataset to identify which features are most relevant for binary classification of malware. After feature selection and preprocessing, multiple machine learning models (e.g., Random Forest, Gradient Boosting, and Neural Networks) were trained on a representative sample subset to distinguish between malicious and benign files. These trained models were saved for further testing. In the second phase, adversarial attacks were simulated by modifying key input features in the test samples — without altering the functional structure of the binaries — to observe how the predictions of each saved model changed. This process helped evaluate the models’ resilience to feature manipulation and adversarial evasion. The presentation will detail the full pipeline: from dataset preparation and feature engineering, through model training, to adversarial evaluation. It concludes with a comparative analysis of each classifier’s robustness under attack, identifying which algorithms offer the highest resistance and reliability in adversarial scenarios. This work contributes to understanding how secure and dependable current ML-based malware detection methods are when faced with intelligent manipulation attempts. true https://program.wiccon.nl/wiccon-2025/talk/XQRSJV/ https://program.wiccon.nl/wiccon-2025/talk/XQRSJV/feedback/ Main Stage Talk 30 minutes 2025-10-30T15:00:00+01:00 15:00 00:30 In this talk, I share my personal journey, starting with studying law and competing in top-level sports, and eventually building a career in cybersecurity. Without a technical background, I’ve carved out a successful path by leaning into my strongest assets: communication, empathy, and adaptability. These soft skills have helped me translate complex policies into clear, human-centered actions, coach stakeholders with patience and clarity, and build trust across all levels of an organization. wiccon-2025-164-the-human-firewall-how-soft-skills-became-my-strongest-tool Talks /media/wiccon-2025/submissions/M8DCYP/Foto_Wiccon_DAwQMOL.jpg Ramiëlla Ramos en Cybersecurity is often seen as a technical domain, but the human factor is what truly makes the difference. Drawing from my experience in the GRC domain, I’ll explore how awareness can shift security from being just a policy to becoming part of an organization’s culture. I’ll share how I transitioned from SOC analyst to Security Consultant, and how working with a government agency, where technical knowledge is limited and change is often met with resistance, taught me the importance of making security relatable and actionable. This talk is not a technical deep dive. It’s a story about the power of soft skills and the human side of cyber. When people feel involved and informed, security becomes part of their mindset rather than just a checkbox. Trust, connection, and collaboration are the real drivers of lasting security, and that’s where the true strength of soft skills lies. false https://program.wiccon.nl/wiccon-2025/talk/M8DCYP/ https://program.wiccon.nl/wiccon-2025/talk/M8DCYP/feedback/ Main Stage Talk 30 minutes 2025-10-30T15:30:00+01:00 15:30 00:30 Have you ever encountered some hashes in a pen-test, cracked them only to find the results to be anywhere from “not great” to “downright depressing”? We have, and it encouraged us to implement monthly password cracking cycles. We use the results as a driving force to change behaviour around password usage. This talk will not be a technical deep dive on password cracking; rather, it will focus on how to use the results to get people to change their password behaviour. I will share the approaches we tried at Mediahuis: why quite a few didn’t work, which approaches did work, and some of the obstacles we’ve encountered along the way. wiccon-2025-142-crack-communicate-change-turning-password-failures-into-security-wins Talks Nynke Damstra en In 2018, a pen-test revealed that almost 40% of Mediahuis Nederland hashes were easy to crack. We had previously run several generic awareness campaigns around strong password usage, but these had limited effect. Knowing the results weren’t great and that generic campaigns have limited impact, we wanted to make colleagues aware if they were using a weak password, and that they should change it, while also making it so that the security team don’t see their passwords. We built a program for monthly password cracking (or password strength testing, as it is called within Mediahuis). We obtained buy in from board and workers council and started the testing cycles. I will share some brief information on our testing set-up, this will not be a deep dive since there are already many clear write-ups on how to crack passwords. I will also share how we developed our testing criteria. But testing alone will change nothing. So, we developed a communication strategy to get our colleagues to change their password behaviour. Mediahuis has entities in 5 different countries, and we have needed to adapt our communication strategy to fit local cultures. Along the way we have tried various different approaches, and I will share what, in our experience, are the advantages and disadvantages of the options we’ve tried. We have encountered obstacles and resistance to change during this project, and I will share what we’ve encountered and how we dealt with it. Currently Mediahuis is down to a maximum of 1% of easily crackable passwords across all entities, with most entities being at 0 weak passwords. false https://program.wiccon.nl/wiccon-2025/talk/QBVLC9/ https://program.wiccon.nl/wiccon-2025/talk/QBVLC9/feedback/ Main Stage Talk 45 minutes 2025-10-30T16:30:00+01:00 16:30 00:45 We know the world runs on legacy. We know it’s not supposed to. But when vendors or LinkedInfluencers command us to phase out old systems and protocols, it sometimes seems like their expectation-versus-reality connection is faulty. This talk will walk you through the ~adventure~ of disabling a recently-deprecated Microsoft authentication protocol with numerous security problems: NTLM. Microsoft introduced NT Lan Manager in 1993 as a replacement for LANMAN, born in 1987. Just seven years later, they announced Kerberos as the default replacement for NTLM and instructed companies to stop using it. No one did. Then, in June 2024, Microsoft announced the deprecation of the entire NTLM authentication protocol family, and even removed older versions from newer OS versions. Having completed this project in the IT environment of a mid-sized enterprise, this presentation will discuss resources and lessons learned that could help get the job done elsewhere. It will also illustrate to those outside the field why IT and cybersecurity are critical business functions, not cost centers. For decision-makers, this is an opportunity to better understand the struggles of on-the-ground IT and security teams trying to bring outdated systems in line with industry standards. For IT and information security peers, this presentation will share valuable resources and “lessons learned” for successfully phasing out NTLM (and similar thorns-in-sides) within their own organizations. wiccon-2025-167-nightmare-on-ntlm-street-legacy-s-revenge Talks Marina Bochenkova en false https://program.wiccon.nl/wiccon-2025/talk/SXGLZN/ https://program.wiccon.nl/wiccon-2025/talk/SXGLZN/feedback/ Main Stage Talk 45 minutes 2025-10-30T17:15:00+01:00 17:15 00:45 Let’s face it: cybersecurity is not sexy. Not to boards, anyway. It’s often seen as dull, technical, and best left to IT - until a breach happens. You don't get media coverage for a well-run cyber drill, but you will make headlines when things go wrong. In this talk, Mirjam van Delft - Kaijser reveals how to flip the script, how to grab board-level attention and get them to take ownership. Using real-world stories and her RISICO method, she'll show you how to speak their language, frame the urgency, and make cybersecurity impossible to ignore. If you've ever struggled to get buy-in from the top, this is the talk you've been waiting for. wiccon-2025-128-how-to-make-cybersecurity-sexy-get-the-board-on-board Talks Mirjam Kaijser en Boards love visibility, strategy, and results. Cybersecurity often delivers none of that - until there’s a crisis. That's why many executives often see security as a sunk cost. Important, but not urgent, and definitely not something that gets them noticed or praised. After all, no one posts a selfie from a cyber drill. So how do we get boards to pay attention before it’s too late? In this energetic and eye-opening session, Mirjam tackles one of the biggest challenges in cybersecurity: executive engagement. Mirjam unpacks why cybersecurity fails to land in boardrooms and what needs to shift in how we present it. Drawing on behavioral insights, public sector experience, and her own RISICO method, she lays out a practical approach to reframing cybersecurity as a leadership issue - not a technical one. You'll learn: - Why traditional cybersecurity messaging falls flat at the top - How to reframe cybersecurity as a leadership and continuity issue - The RISICO method: a practical and powerful toolset for boards to assess, act, and lead - Communication tactics that resonate with non-technical decision-makers Expect sharp insights, a touch of humor, and real-world examples. This talk is for CISOs, advisors, and IT leaders who want real traction with their board - and who are done begging for attention. false https://program.wiccon.nl/wiccon-2025/talk/YGBUF7/ https://program.wiccon.nl/wiccon-2025/talk/YGBUF7/feedback/ Main Stage Talk 60 minutes 2025-10-30T18:00:00+01:00 18:00 01:00 Last summer the 10th edition of the Dutch Hacker Camp took place in Geestmerambacht. Hackers from all over the world came to this party of innovation and technology abd shared their knowledge. I was part of Team:Projectleiding and would love to share with you how it came to be and what the highlights were! wiccon-2025-127-we-ve-gathered-4000-hackers-on-a-field-and-here-s-what-happened- Talks /media/wiccon-2025/submissions/898HYY/WHY2025_logo_true_black_gioOypS.png Nancy Beers en Dutch Hacker Camps are an important part of Dutch Hacker Culture. Last August, 4000 hackers gathered on a field and had serious hacker fun. Let me give you some insights on what happened.. false https://program.wiccon.nl/wiccon-2025/talk/898HYY/ https://program.wiccon.nl/wiccon-2025/talk/898HYY/feedback/ Workshop Workshop 120 minutes 2025-10-30T10:15:00+01:00 10:15 02:45 October 2025. MyTelco, a global telecom giant, is under siege. Not by a known threat actor, but by something stranger... Calls drop, leaving behind eerie static whispers. Data packets vanish without a trace. Rogue signals disrupt critical systems. In the NOC, screens flicker with unreadable glyphs and error logs defy logic. Officially, it’s a suspected cyberattack. Unofficially? Employees whisper of a digital poltergeist, something haunting the very heart of the network. You are brought in as MyTelco’s last hope. In this session, step into the shoes of a senior security specialist tasked with investigating the unexplainable. You’ll follow the forensic trail through ghost data, spectral code, and manipulated infrastructure. Is it a new breed of cyberweapon? An insider with a vendetta? Or is the network itself turning against its creators? Expect real-world tools, tactics, and a case study unlike any other. Expect the unexpected. The network is alive. And it's angry. And if you exorcise the ghost in the network successfully? You might win a prize... Note: This CTF has limited capacity and is first come, first served. You will need a laptop to participate. Come in early to secure your spot in the ghost hunt. wiccon-2025-170-the-ghost-in-the-machine-capture-the-flag-by-kpn Workshops en false https://program.wiccon.nl/wiccon-2025/talk/DEFACR/ https://program.wiccon.nl/wiccon-2025/talk/DEFACR/feedback/ Workshop Workshop 120 minutes 2025-10-30T14:00:00+01:00 14:00 02:00 In this Halloween-themed dataset, you will investigate a cyber incident inspired by a real world threat actor. Your goal? Finding out what happened and how, building a timeline, and collecting IOCs. All from the comfort of your browser, using Azure Data Explorer (ADX) and the Kusto Query Language (KQL). wiccon-2025-147-ghostbusters-reloaded-catching-a-tech-savvy-ghost-in-the-logs Workshops Kellamity en Curious about the blue side of cybersecurity? Enjoying puzzles and detective games? Or needing some exposure to the Kusto Query Language? Welcome to this workshop that walks you through an incident-response type investigation! Starting off with a nugget of information, we will dive headfirst into the provided dataset on Azure Data Explorer. With carefully (or messily, I'm not one to judge) crafted KQL queries, we will trace the attacker's steps until we get the full picture, from reconnaissance to actions on objectives (yes, that's the Cyber Kill Chain). Don't forget to take notes! At the end of the session, we will draw up a timeline of events and compile some IOCs in a table, two elements that are important in a report. Worried about KQL being a new "language"? I will start off the session with a short intro and will provide you with a "cheatsheet" to help you along the way. false https://program.wiccon.nl/wiccon-2025/talk/JWSFEC/ https://program.wiccon.nl/wiccon-2025/talk/JWSFEC/feedback/ Workshop Workshop 60 minutes 2025-10-30T16:30:00+01:00 16:30 01:00 What technique do cyber criminals use to persuade people to click a link, download malware or bypass procedures? In this workshop we explore Cialdini's seven ways to influence other people’s behavior and decision making, and how cyber criminals use them to their advantage. Participants are divided into two groups, each receiving their own mission. They have 10 minutes to prepare their strategy. Can they social engineer the other person to get to their goal? Computers or other digital tools are not necessary for this workshop! wiccon-2025-160-persuasion-in-practice-social-engineering-workshop Workshops Helma de BoerRosanne Pouw en In this workshop we dive into the seven ways to influence people's behavior, explained with examples from the world of cyber crime. The best way to defend yourself against social engineering attacks it to know the mechanics. In this workshop you'll practice the science of persuasion and get ahead of the game. Participants are divided into two groups, each receiving their own mission. They have 10 minutes to prepare their strategy. Can they social engineer others to get to their goal? Computers or other digital tools are not necessary for this workshop! false https://program.wiccon.nl/wiccon-2025/talk/3MFK7E/ https://program.wiccon.nl/wiccon-2025/talk/3MFK7E/feedback/ Main Stage Talk 30 minutes 2025-10-31T10:00:00+01:00 10:00 00:30 In May of 2024 an announcement was made: The NATO Summit of 2025 would take place at The Hague. Little did we know about what that would mean for our organization and for our city. In this talk, Lilian will talk you through our security preparation and our efforts during those two days of the summit. wiccon-2025-154-how-we-handled-a-major-increase-in-our-threat-landscape Talks Lilian Knippenberg en Ofcourse we can only disclose information labeled TLP:GREEN by our partners, and our own information and experiences on how we handled 1) preparing and 2) the Summit taking place. For part 1 (preparations) I will share how we handled our increased threat landscape (with a threat assessment), how we defined our security measures using a threat assessment and how we prepared our organization with cybercrisis exercises. For part 2 (the Summit itself) I will share our experiences from the eyes of the information coordinator role in the cyber backoffice. I will only share our goal, roles and collaborations. I’ll end with the remaining question: and now what? true https://program.wiccon.nl/wiccon-2025/talk/MWZ9LU/ https://program.wiccon.nl/wiccon-2025/talk/MWZ9LU/feedback/ Main Stage Talk 30 minutes 2025-10-31T10:30:00+01:00 10:30 00:30 This talk explores the growing divide between cybersecurity compliance and actual legal accountability in the EU regulatory landscape. Through the lens of GDPR, NIS2, and DORA, the session examines how emerging frameworks shape legal risk and influence organizational behavior. The session provides a critical look at whether legal accountability improves security—or simply encourages minimal compliance. wiccon-2025-162-beyond-compliance-rethinking-legal-accountability-in-cybersecurity Talks Andreea Focsa en The growing legal and regulatory pressure on cybersecurity practitioners in the European Union, has led many organizations to equate compliance with security. Nevertheless, recent enforcement actions and major security incidents reveal a significant disconnect between formal compliance and substantive accountability. This talk aims at examining how legal responsibility is evolving, especially under instruments such as the General Data Protection Regulation, the NIS2 Directive, and DIGITAL Operational Resilience Act. Key questions addressed include: • To what extent does compliance create a false sense of legal protection? • How are emerging regulatory frameworks shifting the legal risk landscape in the EU? • Can legal accountability support better security outcomes or does it incentivize minimalism and blame-shifting? Audience Takeaways: Understand how legal accountability is distinct from compliance. Learn the practical implications of EU cybersecurity legislation on risk ownership. Identify cultural and structural barriers to shared responsibility. Gain language and frameworks to influence better internal practices. Methodology This talk will be developed through legal and regulatory analysis, with a focus on current and emerging cybersecurity legislation in the EU. Primary sources include GDPR, the NIS2 Directive and DORA. Each of these frameworks will be reviewed to examine how legal responsibility is defined, distributed, and enforced in the context of cybersecurity. The analysis will be also based on published enforcement actions, supervisor guidance, and selected cased studies where formal compliance failed to prevent significant security incidents. By comparing regulatory expectations with known limitations in implementation, one can notice the growing gap between legal reform and security substance. false https://program.wiccon.nl/wiccon-2025/talk/SZQSTK/ https://program.wiccon.nl/wiccon-2025/talk/SZQSTK/feedback/ Main Stage Talk 60 minutes 2025-10-31T11:00:00+01:00 11:00 01:00 In my teenage years, I was regularly slacking homework and studies for flash games! And I was particularly obsessed with a few, until Flash Player expired and I had to manually search for game .exes online and download and run them on my only laptop. And weird things used to happen then : a seemingly innocent Flash gameused to cause repeated crashes on my laptop, it used to get me irritated, burn my savings on recovery of my OS and system and I never really even understood why — but only years later, armed with digital forensics and reverse engineering skills, did I revisit it to uncover what really happened. This talk walks through the forensic investigation and malware analysis of a nostalgic childhood game that turned out to be trojanized. Using tools like Autopsy, Volatility, Regshot, Ghidra, and x64dbg, we’ll trace its behavior from system tampering to process injection and obfuscated payloads. This session blends technical depth with personal narrative to highlight how curiosity, nostalgia, and trust can be weaponized. Attendees will learn practical techniques for uncovering post-execution artifacts, unpacking malware, and extracting IOCs — and gain a new appreciation for the risks hidden in seemingly harmless digital memories. wiccon-2025-156-when-nostalgia-hacks-back-a-forensic-autopsy-of-a-trojanized-flash-game Talks Ankshita Maunthrooa en This talk explores a personal, technical investigation into a trojanized Flash game from the early 2000s — a game I had downloaded in my teens, only to experience repeated system failures I couldn't explain at the time. Years later, with experience in digital forensics and malware reverse engineering, I returned to that same game with the intent to uncover the truth — and what I found was far from harmless. The talk is split into four parts. First, I’ll introduce the backstory — how nostalgia led me to revisit the game and why this experience stuck with me for over a decade. Then, we’ll jump into the forensics phase: I’ll walk through the behavior observed during sandbox execution, showing how I used Regshot, Procmon, Wireshark, Volatility, and Autopsy to identify registry tampering, dropped payloads, memory injection, and suspicious network traffic. From there, we’ll move to reverse engineering — using Ghidra and x64dbg to analyze the packed executable, identify obfuscation techniques, unpack hidden strings and routines, and reveal its encrypted communication patterns. This part will highlight how the malware was designed to blend in as a benign game while silently executing background tasks. The final part of the session distills the key takeaways: how malware can be distributed through seemingly harmless, nostalgic software; how emotional trust becomes a vector; and how forensic techniques and reverse engineering can uncover buried threats. This session is designed to be technical but approachable, with a strong narrative arc and practical demonstrations. It’s a reminder that sometimes, the most dangerous files are the ones we wanted to trust the most. false https://program.wiccon.nl/wiccon-2025/talk/GSLDPP/ https://program.wiccon.nl/wiccon-2025/talk/GSLDPP/feedback/ Main Stage Talk 30 minutes 2025-10-31T12:00:00+01:00 12:00 00:30 Most admins spend their working life trying to keep malware, hackers, and their tools outside of their network. However, for the last four and a bit years, I've been working with the opposite problem. Running a network for a penetration testing company. Where the pentesters are using all the tools we'd normally like to keep a long way away from our network. From threatmodelling, to implementation, in this talk I'll go through some of the unusual design and operational aspects of this unique usecase, as well as some of the examples we as an organisation have been able to learn from those we pentest. wiccon-2025-163-when-the-hackers-are-inside-the-building Talks Julia Freeman en false https://program.wiccon.nl/wiccon-2025/talk/GWF8XX/ https://program.wiccon.nl/wiccon-2025/talk/GWF8XX/feedback/ Main Stage Talk 30 minutes 2025-10-31T12:30:00+01:00 12:30 00:30 This session offers an insider’s view of the EU’s Cyber Resilience Act (CRA) standardisation process from two active participants in one of the CEN‑CENELEC working groups. We’ll share what it’s really like to draft the horizontal harmonised standards, from defining scope to debating technical terminology. The talk highlights challenges in building consensus between manufacturers, regulators, SMEs, and open‑source communities, often with competing priorities. Expect candid stories about moments of friction, surprising compromises, and lessons we’ve learned navigating the process. Attendees will walk away understanding not only the standards’ timelines and structure but also how to engage effectively in shaping them. wiccon-2025-152-inside-the-cra-standardisation-trenches-our-real-world-struggle-to-harmonise Talks Raluca ViziteuWendy Tonks en false https://program.wiccon.nl/wiccon-2025/talk/BYCDFQ/ https://program.wiccon.nl/wiccon-2025/talk/BYCDFQ/feedback/ Main Stage Talk 60 minutes 2025-10-31T14:00:00+01:00 14:00 01:00 What if you could travel back in time to prevent a security breach before a single line of vulnerable code was written? While we don't have a physical time machine, the "Shift-Left" methodology offers the next best thing. This session reimagines the DevOps lifecycle as a "Time Machine," demonstrating how to proactively eliminate vulnerabilities at their genesis. We will journey through each stage, from Plan to Monitor, showcasing how integrating security capabilities like threat modeling, automated code analysis (SAST/SCA), and continuous testing can catch issues when they are exponentially cheaper and easier to fix. Join us to learn how to move beyond the reactive security nightmare, build a culture of prevention, and architect a more secure and resilient future for your applications wiccon-2025-138-the-time-machine-of-security-stopping-vulnerabilities-before-they-re-born Talks Akansha Shukla en false https://program.wiccon.nl/wiccon-2025/talk/KREPAB/ https://program.wiccon.nl/wiccon-2025/talk/KREPAB/feedback/ Main Stage Talk 30 minutes 2025-10-31T15:00:00+01:00 15:00 00:30 Many large organizations unknowingly expose vulnerable staging and development APIs, creating opportunities for hackers to access sensitive data. To uncover the scope of this issue, we analyzed 1,000 domains, identifying shadow APIs, leaked API secrets, and critical vulnerabilities like misconfigured GraphQL APIs and exposed Spring Boot Actuator schemas. In this session, we’ll show key findings, share how we scaled API discovery using subdomain enumeration and schema reconstruction, and provide actionable strategies to mitigate risks, such as continuous API inventory and schema validation. Attendees will also gain hands-on knowledge of open-source tools like GraphQL Armor and Goctopus to enhance API security. wiccon-2025-132-what-your-exposed-apis-are-leaking Talks Alexandra Charikova en false https://program.wiccon.nl/wiccon-2025/talk/EG3M8R/ https://program.wiccon.nl/wiccon-2025/talk/EG3M8R/feedback/ Main Stage Talk 30 minutes 2025-10-31T15:30:00+01:00 15:30 00:30 Unsafe Code Lab is an open-source collection of vulnerable backend applications built with modern web frameworks: Next.js, Koa, Django REST Framework, FastAPI and others. It's a streamlined way to learn how modern web frameworks work, what makes them tick, how they break and how to fix them. Built for security engineers and researchers. Use it to get up to speed quickly on unfamiliar frameworks, run targeted secure code reviews and see how framework API design can either create security traps or completely prevent mistakes that are common elsewhere. The runnable, annotated scenarios also work as a research harness for vulnerability research and exploit development. At WICCON we'll demo our first public release: ten modern frameworks across Python and JavaScript. We'll share what we learned, show fresh vulnerabilities we uncovered and outline our roadmap for expanding into more languages. wiccon-2025-161-unsafe-code-lab-how-modern-web-frameworks-fail-and-how-to-fix-them- Talks Irina Iarlykanova en false https://program.wiccon.nl/wiccon-2025/talk/S8UKKU/ https://program.wiccon.nl/wiccon-2025/talk/S8UKKU/feedback/ Main Stage Talk 30 minutes 2025-10-31T16:00:00+01:00 16:00 00:30 more info here wiccon-2025-173-closing Talks en false https://program.wiccon.nl/wiccon-2025/talk/CED8HS/ https://program.wiccon.nl/wiccon-2025/talk/CED8HS/feedback/ Workshop Workshop 120 minutes 2025-10-31T10:00:00+01:00 10:00 03:00 October 2025. MyTelco, a global telecom giant, is under siege. Not by a known threat actor, but by something stranger... Calls drop, leaving behind eerie static whispers. Data packets vanish without a trace. Rogue signals disrupt critical systems. In the NOC, screens flicker with unreadable glyphs and error logs defy logic. Officially, it’s a suspected cyberattack. Unofficially? Employees whisper of a digital poltergeist, something haunting the very heart of the network. You are brought in as MyTelco’s last hope. In this session, step into the shoes of a senior security specialist tasked with investigating the unexplainable. You’ll follow the forensic trail through ghost data, spectral code, and manipulated infrastructure. Is it a new breed of cyberweapon? An insider with a vendetta? Or is the network itself turning against its creators? Expect real-world tools, tactics, and a case study unlike any other. Expect the unexpected. The network is alive. And it's angry. And if you exorcise the ghost in the network successfully? You might win a prize... Note: This CTF has limited capacity and is first come, first served. You will need a laptop to participate. Come in early to secure your spot in the ghost hunt. wiccon-2025-171-the-ghost-in-the-machine-capture-the-flag-by-kpn Workshops en false https://program.wiccon.nl/wiccon-2025/talk/EG33XG/ https://program.wiccon.nl/wiccon-2025/talk/EG33XG/feedback/ Workshop Workshop 120 minutes 2025-10-31T14:00:00+01:00 14:00 02:00 Obtaining passwords through the power consumption of a chip: Myth or Real? In this hardware hacking workshop, you'll get hands-on experience in extracting secret information using artificial intelligence. The workshop consists of a short theoretical introduction to side-channel analysis, followed by a real-world attack using popular deep-learning techniques. wiccon-2025-140-hardware-hacking-with-artificial-intelligence Workshops /media/wiccon-2025/submissions/7PUHHJ/sca_4ppCufQ.jpg Azade RezaeezadeLizzy Grootjen en In everyday life, embedded devices are integrated everywhere: from your washing machine to your smartcard. The information processed by these devices are secured through encryption algorithms. However, devices can leak information about critical parts of the algorithm through physical phenomenon, such as power consumption, execution time or radiation. In side-channel analysis, this information can be analyzed using statistics or deep learning to obtain encryption keys. In this workshop, we will focus on breaking a small embedded device - the ARM Cortex M4 - by retrieving the key of AES through deep-learning based side-channel analysis. For this workshop, you'll need to bring a laptop with Git, Git-LFS, Python 3.12 and VSCode installed. Use git to clone this repo and follow the installation instructions in the Readme: https://github.com/BruteforceMisa/wiccon-workshop true https://program.wiccon.nl/wiccon-2025/talk/7PUHHJ/ https://program.wiccon.nl/wiccon-2025/talk/7PUHHJ/feedback/