Onyx Archieven - ONE Conference

A tale: 3 Spammy boxes – technical deep dive

This session is a technical deepdive of the talk ”Set-top boxes: your personal unwanted proxy”. This talk will dive into our analysis methodology and technical findings from our extensive investigation into shady Android devices flooding the market. In this technical deep dive, we’ll walk you through the entire infection chain of x96mini Android TV boxes […]

Set-top boxes: your personal unwanted proxy

Residential proxies are increasingly used not only for legitimate purposes—such as AI training and secure browsing—but also by cybercriminals and state actors to obscure indicators of compromise and launch large-scale DDoS attacks. The NCSC-NL has observed a sharp rise in such abuse, making attacks harder to detect and mitigate. This presentation first explores NCSC’s research […]

How to build a world-class Cyber Defense Center

This talk explains how DICTU built a Cyber Defense Center (CDC), basically a next-generation SOC, combining proactive, threat intel-driven defense and offensive capabilities. We will explain this using a medievil theme, so that you can follow along regardless of your background and technical level of expertise. It covers the motivation for building a CDC, its […]

Be a better ally.

This talk will provide practical ways on how to become a better ally to underrepresented groups in the field of Cybersecurity. Recent HCSS research shows that a significant share of women in the Netherlands experience frequent feelings of insecurity in public and online spaces, leading to structural behavioral adaptations such as avoidance strategies and continuous […]

Flatline vs. Recovery: Responding to Ransomware Attacks on Healthcare

Few word combinations are more dreadful than “ransomware” and “healthcare.” Despite countless hours and substantial investment, we see it more and more — not less. News outlets and cybersecurity blogs offer tips to “prevent,” “detect,” and “recover”; warn that “it’s not a matter of if, but when”; yet many still struggle to turn that guidance […]

0 incidents, 0 sensors: governing the risks no one owns

Zero incidents. Zero sensors. That’s the official record on GPS disruption in Dutch waters – not because it doesn’t happen, but because no one measures. Zero isn’t safety; zero is blindness dressed as reassurance. This is a systemic risk: too broad for any single organisation, too operational for government, too cross-cutting for existing frameworks. Ship […]

Secure Apps in Mythos Era: Find Gaps Before Attackers Do

Frontier AI models are increasingly capable of discovering and exploiting software weaknesses, prompting calls for more defensive preparedness and responsible release strategies. In this session, we translate that urgency into a practical, security-first approach to LLM penetration testing for real enterprise deployments.You will learn how to scope an LLM pentest beyond the model itself, covering […]

We did everything right and still got owned by an APT

In the first half of 2026, the SOC of one of our customers discovered odd user behaviour on a sensitive server and started to investigate. That investigation lead to investigation of a authentication bypass and eventually a sophisticated and persistent attack of an edge device (F5) and the services offered though it. In this session […]

When Governance Fails: The Wirecard Case

Wirecard exposed how governance failure can create systemic risk with consequences far beyond a single organisation. Critical warnings were raised, routed through formal channels, and still resulted in inaction. Drawing on firsthand experience from inside one of the largest corporate frauds in European history, this session examines how serious concerns are acknowledged, documented, and escalated, […]