Thrilled to announce @SI_FalconTeam as our new SILVER Sponsor!
Expert incident response, digital forensics & threat hunting specialists.
Welcome to the team, @SI_FalconTeam ! 🔥
Evgen Blohm, Marius Genheimer - Living on the Edge: Evicting threat actors from perimeter appliances
This presentation will showcase highlights from our past forensic investigations into different compromised edge devices (primarily network equipment), manufactured by Cisco, Fortinet, Citrix and Ivanti. Analyzing these appliances is not as straight forward as on normal endpoints and sometimes requires a bit of creativity. I will include information on the utilized exploits, the targets and motivation of the nation-state or cybercriminal perpetrators and practical tips to investigate and protect these appliances.
Alixia Rutayisire - The Proxy Warfare: Unmasking Russian and Chinese externalized Cyber Capabilities
This presentation examines how Russia and China increasingly outsource their cyber and influence operations to private entities and individuals, uncovering the strategic motivations, doctrinal basis, and the models behind this trend. We explore how both states leverage eCrime groups, contractors, and tech providers to, accelerate capability growth, and achieve operational flexibility. By contrasting the more decentralized environment in Russia with China's tightly integrated military-civil fusion approach, this presentation offers a in depth look at the evolving ecosystem of state-backed cyber actors.
Tomer Nahum, Jonathan Elkabas - Breaking Entra: Real-World Cloud Identity Attacks You Can Recreate
Identity has become the new perimeter — and in Microsoft Entra ID (formerly Azure Active Directory), is also the easiest one to break. Misconfigured apps, over-scoped permissions, and weak conditional access open the door to attackers who know where to look. In this talk, well walk through real-world Entra ID misconfigurations that led to privilege escalation and domain-wide compromise — all of which have been reproduced in EntraGoat, a new open-source lab that simulates these attack paths in a CTF-style environment. Yoll see step-by-step demos of how attackers exploit these flaws, how defenders can detect them, and how you can use the lab to train, teach, or test in your own environment. Whether youre red team, blue team, or just Entra-curious, you`ll walk away with practical techniques and a tool to keep practicing.
Subverting the Windows Kernel with exploits and rootkits
Deep dive into the journey of writing rootkits and exploits to subvert the windows kernel. Discover undocumented functions alongside novel and creative ways to find vulnerable drivers and break the barrier between user-mode, kernel-mode.
- Rootkit development and the latest techniques
- Exploits for Kernel and how they work
- Protections overview and what to use/code to bypass EDRs and Patchguard
- Exploitation of drivers write-what-where and more
- Hunting for vulnerable drivers and defeating trusted drivers
Moritz Thomas & Firat Acar – Behind Closed Doors: Physical Red Team Tactics
This presentation, led by expert Red Team professionals, dives into physical Red Teaming in corporate and critical infrastructure environments, covering stealthy infiltration techniques like 802.1x bypass, rogue device deployment (e.g., Raspberry Pis), social engineering, and ID card cloning, while sharing real-world insights through engaging case studies, such as a speedrun operation in a European underground facility, to highlight high-pressure scenarios, challenges, and prevention strategies, equipping participants with a clear understanding of physical Red Team dynamics and practical network security and ID cloning countermeasures.
