Technical Session Day 1 (TBA)
More information about this session will follow soon
From DDosia with love
Discover the intricate workings of the DDosia Project, a prominent example of decentralized cyber-attacks originating from a Russian hacker community. Since the beginning of 2023, DDoS attacks by this hacktivist initiative have been in the news frequently. Dutch commercial and governmental organizations have been targeted several times, including the NCSC itself. Learn about the project’s […]
The tower of Babel: the many languages of risk management and how to navigate them
Digital risk management is a fragmented field of expertise. In Europe alone, many national cybersecurity centers have developed their own methodologies in order to empower organizations to increase their digital resiliency via the adoption of their framework. In parallel, many private sector organizations have taken similar actions. Although risk management has been foundational to cybersecurity […]
Phishing for Tenants: From Simulation to Tenant Takeover
The rise in popularity of phishing simulations has led to rushed implementations driven by commercial interests. This rush has resulted in the acquisition of platforms and the introduction of some immature and unfinished products aimed at tapping into this rapidly expanding market. In this talk, I will highlight glaring issues with Microsoft’s phishing simulation framework […]
Vulnerabilities: How to Patch When There is No Patch?
In an turbulent era where the digital infrastructure is integral to organizational operations and the resilience of countries, the concept and impact of vulnerabilities has vastly evolved. This presentation will take attendees on a journey through the vulnerability space and its impact. how did we get where we are today? We will walk through the […]
Turning backups into gold: Backup Alchemy for OT
This talk is a collaboration between Fox-IT and Airbus. Airbus has recently released The BackupAlchemy Tool (T-BAT), their open-source tool for turning backups into a gold mine of information. With T-BAT, Airbus has been able to provide insight into their Operational Technology (OT) environments in ways that were previously not possible, solving not just cybersecurity […]
Attacking OT Without Specialized Knowledge: a New Threat
Due to the unique characteristics of Operational Technology (OT), i.e., technology centered around cyber-physical activities, performing OT-related cyber-attacks is traditionally thought to require both specialized- and generic IT-related knowledge. However, in recent years, the need for specialized knowledge decreased, and OT-related cyber-attacks became increasingly easier to perform. During this presentation, I profile a new threat […]
The truth lies in the packet – OT Network Monitoring
Systems for attack detection are mandatory in Germany with no distinction between IT and OT. We evaluated more than 20 industrial networks with the open source framework malcolm. This talk will show you good practices and what we learned during our site visits.
Diving Into The Attack Surface of the Netherlands
The non-profit Shadowserver Foundation (https://shadowserver.org) has been active for over 15 years, delivering free daily cyber threat intelligence feeds to National CSIRTs (over 201 National CSIRTs covering 175 countries and territories) and many other organizations that have an Internet presence (over 8000 organizations worldwide, including Sectoral CSIRTs, ISP/CSPs, hosting providers, enterprises, banks, academia, hospitals, SMEs, […]
Unraveling the Mind behind the APT
Interested in buying a new car or attending a free wine tasting event? Well, there’s at least one Advanced Persistent Threat (APT) group that hopes you are! This talk delves into the phishing campaigns sent by the world’s most sophisticated APTs. It examines an extensive collection of thousands of APT phishing emails, sometimes associated with […]