WICCON 2025

The opening of WICCON by the amazing Jaimy Thepass!

Cybersecurity training often assumes that awareness leads to action. But despite years of phishing simulations and mandatory e-learnings, 95% of cyberincidents can be traced back to human error. Drawing from behavioral science and real-world examples, this talk reveals why knowledge alone rarely changes behavior. We’ll challenge the common assumption that people act rationally when they’re informed and aware, and show the audience how a more realistic model of decision-making opens the door to smarter, more effective interventions. Because in cybersecurity, what people do matters more than what they know.

October 2025. MyTelco, a global telecom giant, is under siege. Not by a known threat actor, but by something stranger...

Calls drop, leaving behind eerie static whispers. Data packets vanish without a trace. Rogue signals disrupt critical systems. In the NOC, screens flicker with unreadable glyphs and error logs defy logic. Officially, it’s a suspected cyberattack. Unofficially? Employees whisper of a digital poltergeist, something haunting the very heart of the network.

You are brought in as MyTelco’s last hope.

In this session, step into the shoes of a senior security specialist tasked with investigating the unexplainable. You’ll follow the forensic trail through ghost data, spectral code, and manipulated infrastructure. Is it a new breed of cyberweapon? An insider with a vendetta? Or is the network itself turning against its creators?

Expect real-world tools, tactics, and a case study unlike any other.
Expect the unexpected.
The network is alive. And it's angry.

And if you exorcise the ghost in the network successfully? You might win a prize...

Note: This CTF has limited capacity and is first come, first served. You will need a laptop to participate. Come in early to secure your spot in the ghost hunt.

CI/CD pipelines are the standard way of deploying not just applications but infrastructure as well. To do all that, they usually have some juicy privileges. Privileges that I want.
In this talk we're going to have a look at Azure DevOps pipelines, their permission settings, and all the ways in which you think you may have secured your pipeline that actually aren't watertight. With live demos (fingers crossed!) to show every problem and every fix.

What does it really take to enter the cybersecurity field, especially as an outsider? In this talk, I share my journey from Quality Assurance and account management into the world of ethical hacking and beyond. I discovered that getting in isn’t just about skill, but about navigating an ecosystem not designed for newcomers. Along the way, I learned what helped, what didn’t, and how the industry can better support motivated people trying to join. Whether you're hiring, mentoring, or just starting out, this talk offers a real-world look at the gap between open roles and accessible entry points.

The rapid adoption of embedded AI in products and infrastructure has created powerful new capabilities—alongside a dramatically expanded attack surface for cyber adversaries. Recent incidents have shown how vulnerabilities such as adversarial inputs, data poisoning, and insecure APIs can be exploited to compromise AI-driven systems.
This talk will break down the unique risks introduced by embedded AI, illustrated with real-world breach examples and attacker techniques. Attendees will learn a practical, actionable defense framework, including AI-specific threat modeling, secure development practices, and continuous monitoring. The session will equip security professionals with the insights and strategies needed to proactively defend against the next generation of AI-powered threats.

In this Halloween-themed dataset, you will investigate a cyber incident inspired by a real world threat actor. Your goal? Finding out what happened and how, building a timeline, and collecting IOCs. All from the comfort of your browser, using Azure Data Explorer (ADX) and the Kusto Query Language (KQL).

I always tell my students: "Failure is fun! We learn, when things fail!" ... so why do I feel so shitty right now?

Tess talks us through channeling moments of failure and "imposter syndrome", into moments of introspection and learning.

As machine learning becomes a core component in malware detection, new risks emerge from adversarial manipulation. This talk explores how ML-based malware classifiers respond to targeted feature modifications. In order to experimentally assess their robustness, several models were trained to classify malicious and benign files and then tested with adversarially altered samples. The presentation focuses on data preparation, attack simulation, and a comparative analysis of model robustness under adversarial conditions.

In this talk, I share my personal journey, starting with studying law and competing in top-level sports, and eventually building a career in cybersecurity. Without a technical background, I’ve carved out a successful path by leaning into my strongest assets: communication, empathy, and adaptability. These soft skills have helped me translate complex policies into clear, human-centered actions, coach stakeholders with patience and clarity, and build trust across all levels of an organization.

Have you ever encountered some hashes in a pen-test, cracked them only to find the results to be anywhere from “not great” to “downright depressing”? We have, and it encouraged us to implement monthly password cracking cycles. We use the results as a driving force to change behaviour around password usage. This talk will not be a technical deep dive on password cracking; rather, it will focus on how to use the results to get people to change their password behaviour. I will share the approaches we tried at Mediahuis: why quite a few didn’t work, which approaches did work, and some of the obstacles we’ve encountered along the way.

We know the world runs on legacy. We know it’s not supposed to. But when vendors or LinkedInfluencers command us to phase out old systems and protocols, it sometimes seems like their expectation-versus-reality connection is faulty.

This talk will walk you through the ~adventure~ of disabling a recently-deprecated Microsoft authentication protocol with numerous security problems: NTLM. Microsoft introduced NT Lan Manager in 1993 as a replacement for LANMAN, born in 1987. Just seven years later, they announced Kerberos as the default replacement for NTLM and instructed companies to stop using it. No one did. Then, in June 2024, Microsoft announced the deprecation of the entire NTLM authentication protocol family, and even removed older versions from newer OS versions.

Having completed this project in the IT environment of a mid-sized enterprise, this presentation will discuss resources and lessons learned that could help get the job done elsewhere. It will also illustrate to those outside the field why IT and cybersecurity are critical business functions, not cost centers.

For decision-makers, this is an opportunity to better understand the struggles of on-the-ground IT and security teams trying to bring outdated systems in line with industry standards. For IT and information security peers, this presentation will share valuable resources and “lessons learned” for successfully phasing out NTLM (and similar thorns-in-sides) within their own organizations.

What technique do cyber criminals use to persuade people to click a link, download malware or bypass procedures? In this workshop we explore Cialdini's seven ways to influence other people’s behavior and decision making, and how cyber criminals use them to their advantage.

Participants are divided into two groups, each receiving their own mission. They have 10 minutes to prepare their strategy. Can they social engineer the other person to get to their goal?

Computers or other digital tools are not necessary for this workshop!

Let’s face it: cybersecurity is not sexy. Not to boards, anyway. It’s often seen as dull, technical, and best left to IT - until a breach happens. You don't get media coverage for a well-run cyber drill, but you will make headlines when things go wrong. In this talk, Mirjam van Delft - Kaijser reveals how to flip the script, how to grab board-level attention and get them to take ownership. Using real-world stories and her RISICO method, she'll show you how to speak their language, frame the urgency, and make cybersecurity impossible to ignore. If you've ever struggled to get buy-in from the top, this is the talk you've been waiting for.

Last summer the 10th edition of the Dutch Hacker Camp took place in Geestmerambacht.
Hackers from all over the world came to this party of innovation and technology abd shared their knowledge.
I was part of Team:Projectleiding and would love to share with you how it came to be and what the highlights were!

In May of 2024 an announcement was made: The NATO Summit of 2025 would take place at The Hague. Little did we know about what that would mean for our organization and for our city. In this talk, Lilian will talk you through our security preparation and our efforts during those two days of the summit.

October 2025. MyTelco, a global telecom giant, is under siege. Not by a known threat actor, but by something stranger...

Calls drop, leaving behind eerie static whispers. Data packets vanish without a trace. Rogue signals disrupt critical systems. In the NOC, screens flicker with unreadable glyphs and error logs defy logic. Officially, it’s a suspected cyberattack. Unofficially? Employees whisper of a digital poltergeist, something haunting the very heart of the network.

You are brought in as MyTelco’s last hope.

In this session, step into the shoes of a senior security specialist tasked with investigating the unexplainable. You’ll follow the forensic trail through ghost data, spectral code, and manipulated infrastructure. Is it a new breed of cyberweapon? An insider with a vendetta? Or is the network itself turning against its creators?

Expect real-world tools, tactics, and a case study unlike any other.
Expect the unexpected.
The network is alive. And it's angry.

And if you exorcise the ghost in the network successfully? You might win a prize...

Note: This CTF has limited capacity and is first come, first served. You will need a laptop to participate. Come in early to secure your spot in the ghost hunt.

This talk explores the growing divide between cybersecurity compliance and actual legal accountability in the EU regulatory landscape. Through the lens of GDPR, NIS2, and DORA, the session examines how emerging frameworks shape legal risk and influence organizational behavior. The session provides a critical look at whether legal accountability improves security—or simply encourages minimal compliance.

In my teenage years, I was regularly slacking homework and studies for flash games! And I was particularly obsessed with a few, until Flash Player expired and I had to manually search for game .exes online and download and run them on my only laptop. And weird things used to happen then : a seemingly innocent Flash gameused to cause repeated crashes on my laptop, it used to get me irritated, burn my savings on recovery of my OS and system and I never really even understood why — but only years later, armed with digital forensics and reverse engineering skills, did I revisit it to uncover what really happened.

This talk walks through the forensic investigation and malware analysis of a nostalgic childhood game that turned out to be trojanized. Using tools like Autopsy, Volatility, Regshot, Ghidra, and x64dbg, we’ll trace its behavior from system tampering to process injection and obfuscated payloads.

This session blends technical depth with personal narrative to highlight how curiosity, nostalgia, and trust can be weaponized. Attendees will learn practical techniques for uncovering post-execution artifacts, unpacking malware, and extracting IOCs — and gain a new appreciation for the risks hidden in seemingly harmless digital memories.

Most admins spend their working life trying to keep malware, hackers, and their tools outside of their network. However, for the last four and a bit years, I've been working with the opposite problem. Running a network for a penetration testing company. Where the pentesters are using all the tools we'd normally like to keep a long way away from our network.

From threatmodelling, to implementation, in this talk I'll go through some of the unusual design and operational aspects of this unique usecase, as well as some of the examples we as an organisation have been able to learn from those we pentest.

This session offers an insider’s view of the EU’s Cyber Resilience Act (CRA) standardisation process from two active participants in one of the CEN‑CENELEC working groups. We’ll share what it’s really like to draft the horizontal harmonised standards, from defining scope to debating technical terminology. The talk highlights challenges in building consensus between manufacturers, regulators, SMEs, and open‑source communities, often with competing priorities. Expect candid stories about moments of friction, surprising compromises, and lessons we’ve learned navigating the process. Attendees will walk away understanding not only the standards’ timelines and structure but also how to engage effectively in shaping them.

Obtaining passwords through the power consumption of a chip: Myth or Real? In this hardware hacking workshop, you'll get hands-on experience in extracting secret information using artificial intelligence. The workshop consists of a short theoretical introduction to side-channel analysis, followed by a real-world attack using popular deep-learning techniques.

What if you could travel back in time to prevent a security breach before a single line of vulnerable code was written? While we don't have a physical time machine, the "Shift-Left" methodology offers the next best thing. This session reimagines the DevOps lifecycle as a "Time Machine," demonstrating how to proactively eliminate vulnerabilities at their genesis. We will journey through each stage, from Plan to Monitor, showcasing how integrating security capabilities like threat modeling, automated code analysis (SAST/SCA), and continuous testing can catch issues when they are exponentially cheaper and easier to fix. Join us to learn how to move beyond the reactive security nightmare, build a culture of prevention, and architect a more secure and resilient future for your applications

Many large organizations unknowingly expose vulnerable staging and development APIs, creating opportunities for hackers to access sensitive data. To uncover the scope of this issue, we analyzed 1,000 domains, identifying shadow APIs, leaked API secrets, and critical vulnerabilities like misconfigured GraphQL APIs and exposed Spring Boot Actuator schemas.

In this session, we’ll show key findings, share how we scaled API discovery using subdomain enumeration and schema reconstruction, and provide actionable strategies to mitigate risks, such as continuous API inventory and schema validation. Attendees will also gain hands-on knowledge of open-source tools like GraphQL Armor and Goctopus to enhance API security.

Unsafe Code Lab is an open-source collection of vulnerable backend applications built with modern web frameworks: Next.js, Koa, Django REST Framework, FastAPI and others. It's a streamlined way to learn how modern web frameworks work, what makes them tick, how they break and how to fix them. Built for security engineers and researchers.

Use it to get up to speed quickly on unfamiliar frameworks, run targeted secure code reviews and see how framework API design can either create security traps or completely prevent mistakes that are common elsewhere. The runnable, annotated scenarios also work as a research harness for vulnerability research and exploit development.

At WICCON we'll demo our first public release: ten modern frameworks across Python and JavaScript. We'll share what we learned, show fresh vulnerabilities we uncovered and outline our roadmap for expanding into more languages.

more info here