Bucket Leaks: From Exposure to Cloud Takeover
With the growing reliance on cloud services for storage and deployment, securing cloud environments has become critically important. Cloud storage solutions like AWS S3, Google Cloud Storage, and Azure Blob Storage are widely used to store vast amounts of data, including sensitive configuration files used in software development. These files often contain secrets such as […]
Vulnerability Disclosure in the Energy Sector
The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy […]
Turning Malware Against Itself for Proactive Defense
What if the key to stopping malware was hidden inside the malware itself? In this talk, we will explore the concept of malware vaccines—leveraging the techniques malware uses for self-preservation to turn the tables on attackers. By analyzing how malware checks its execution environment—whether through sandbox evasion, mutex creation, process enumeration, or infection markers—we can […]
Tracking the North Korean B-Team Persistent Threat (BPT)
Since early 2025, Fox-IT has been tracking a cluster of activity linked to the Contagious Interview campaign, involving the malware families known as BeaverTail, InvisibleFerret, and OtterCookie. This talk provides a behind-the-scenes look at our threat intelligence methodology for tracking this campaign and actor. We’ll demonstrate our investigation approach, showing how we first manually investigate […]
Threat From The Inside: eBPF Used by Malware
eBPF (extended Berkeley Packet Filter) is a powerful and mysterious technology in the Linux kernel. As its name suggests, it was originally created for network packet filtering. However, it evolved into a more general-purpose mechanism to observe and manipulate kernel behavior. What could go wrong? We will not pick on eBPF because it is not […]
The ever changing AI powered NextGen security industry
Back in 2022, in an unexpected turn of events, the security industry was confronted with its future self. What followed was an intense discussion with heated back and forths that culminated in an industry that – granted, reluctantly – took a look in the mirror. Better times were promised – rational minds prevailed. But now, […]
OT Cybersecurity for Offshore Wind
DNV and Siemens Energy in 2024 invited stakeholders across the offshore wind industry to a Joint Industry Project to identify common practices for how to implement OT Cyber Security for Offshore Wind. By guiding all stakeholders with a common interpretation of standards and best practices, this broad partnership will ensure wind power remains a growing […]
The Digital Edge in Modern Battlefield Conflict
This presentation explores the evolving role of cyber operations in modern conflict. It discusses cyber’s influence as the “5th domain,” leveraged by Russian aligned actors during the invasion of Ukraine. It delves into the nature of cyber operations, in alignment with kinetic actions. Additionally, highlighting their use in disrupting command and control, targeting critical infrastructure […]
Scanning the Dutch Healthcare’s External Attack Surface
What are the riskiest technologies used in the Dutch healthcare sector? Do people still expose RDP? Is Dutch healthcare data processed inside the European Union? Z-CERT regularly scans many IPs and domains in use by the Dutch Healthcare sector. In this talk, we will share insights from performing External Attack Surface Management (EASM) on hundreds […]
SaaSified Crime: From AiTM to Banking Fraud
Adversary-in-the-Middle (AiTM) phishing attacks have evolved from niche exploits to scalable, SaaS-based crime tools. By bypassing MFA, these services enable attackers to gain access with minimal effort. Now, Dutch cybercriminals are mimicking this model: packaging banking fraud kits as subscription-based services. This talk highlights how the professionalization of phishing is lowering the barrier to entry […]
