Evgen Blohm, Marius Genheimer - Living on the Edge: Evicting threat actors from perimeter appliances

This presentation will showcase highlights from our past forensic investigations into different compromised edge devices (primarily network equipment), manufactured by Cisco, Fortinet, Citrix and Ivanti. Analyzing these appliances is not as straight forward as on normal endpoints and sometimes requires a bit of creativity. I will include information on the utilized exploits, the targets and motivation of the nation-state or cybercriminal perpetrators and practical tips to investigate and protect these appliances.

https://youtu.be/ZzGCs9H4Khs

Alixia Rutayisire - The Proxy Warfare: Unmasking Russian and Chinese externalized Cyber Capabilities

This presentation examines how Russia and China increasingly outsource their cyber and influence operations to private entities and individuals, uncovering the strategic motivations, doctrinal basis, and the models behind this trend. We explore how both states leverage eCrime groups, contractors, and tech providers to, accelerate capability growth, and achieve operational flexibility. By contrasting the more decentralized environment in Russia with China's tightly integrated military-civil fusion approach, this presentation offers a in depth look at the evolving ecosystem of state-backed cyber actors.

https://youtu.be/TSQ3-aBdNRM

Tomer Nahum, Jonathan Elkabas - Breaking Entra: Real-World Cloud Identity Attacks You Can Recreate

Identity has become the new perimeter — and in Microsoft Entra ID (formerly Azure Active Directory), is also the easiest one to break. Misconfigured apps, over-scoped permissions, and weak conditional access open the door to attackers who know where to look. In this talk, well walk through real-world Entra ID misconfigurations that led to privilege escalation and domain-wide compromise — all of which have been reproduced in EntraGoat, a new open-source lab that simulates these attack paths in a CTF-style environment. Yoll see step-by-step demos of how attackers exploit these flaws, how defenders can detect them, and how you can use the lab to train, teach, or test in your own environment. Whether youre red team, blue team, or just Entra-curious, you`ll walk away with practical techniques and a tool to keep practicing.

https://youtu.be/F3HRnkp0fV4

Subverting the Windows Kernel with exploits and rootkits

Deep dive into the journey of writing rootkits and exploits to subvert the windows kernel. Discover undocumented functions alongside novel and creative ways to find vulnerable drivers and break the barrier between user-mode, kernel-mode.

- Rootkit development and the latest techniques

- Exploits for Kernel and how they work

- Protections overview and what to use/code to bypass EDRs and Patchguard

- Exploitation of drivers write-what-where and more

- Hunting for vulnerable drivers and defeating trusted drivers

https://youtu.be/e_asSUhz0rE

Moritz Thomas & Firat Acar – Behind Closed Doors: Physical Red Team Tactics

This presentation, led by expert Red Team professionals, dives into physical Red Teaming in corporate and critical infrastructure environments, covering stealthy infiltration techniques like 802.1x bypass, rogue device deployment (e.g., Raspberry Pis), social engineering, and ID card cloning, while sharing real-world insights through engaging case studies, such as a speedrun operation in a European underground facility, to highlight high-pressure scenarios, challenges, and prevention strategies, equipping participants with a clear understanding of physical Red Team dynamics and practical network security and ID cloning countermeasures.

https://youtu.be/f9Ld3WH7L7o

How Alex Holden Took Down Killnet: Exposed ties to Russian darknet drug market Solaris, diverted funds to Ukraine charity, eroded trust & backing. Leader KillMilk unmasked. Inside story!

https://youtu.be/iQa9iTU8yWs

For hackers, AI represents a clear metric for success: either you achieve shell access or you don't. Defense, however, is considerably more complex. Sergej Epp from @sysdig explores why verifiers are the true currency of AI in security, how Reinforcement Learning has transformed penetration testing into a Capture-the-Flag environment, and what defensive strategies must be developed to effectively counter these threats.

Watch the video here https://youtu.be/BaSuergb1cY

We are proud to partner with QuoIntelligence as a GOLD sponsor! Additionally, they will be giving a talk! Thank you!

https://quointelligence.eu/