Penetration Testers versus Initial Access Brokers. Helping the good guys win

Place your bets! How we run security for the whole Superbet group and still have time to play Stray ;)

To log, or not to log! That is the question

The Secret Sauce(s) of Cybersecurity Operations

Mario Kart Tour - Owned

Secrets Of Social Media PsyOps

IoT firmware analysis

How we analyzed and built an exploit PoC for CVE-2022-24086, a Magento RCE

When alerts become opportunities - Planning and building an Offensive SOC

Cynergy ISAC - first Romanian ISAC

DNS protocol in hands of attacker

How (in)secure is Windows Defender - Let's Bypass Together

DefCamp 2022 Opening Speech

Internet Balkanization in an era of military conflict

Abusing Azure AD pass-through authentication vulnerabilities

Cloud Configure Review - The new internal pentest

SOC…1,2,3…

MutableSecurity: Life’s too short. Automate everything!

Device Tracking Threats in 5G Network

Mario Kart Tour - Owned

2022 is a tough one. An MSSPs Perspective

The Anatomy of Wiper Malware

Deanonymization of TOR HTTP hidden services

DNS protocol in hands of attacker

Deception Via Perception (From Blue Tractors to A Blue & Black Dress)

The Anatomy of Wiper Malware

The model of post-quantum signature using Verkle Tree

Techniques of a prevalent banker over the years through an offensive perspective

Tell us More: How to Harden Your Sandboxes against malware evasions

WSL 2 and Security: Productivity Booster or Achilles Heel?

Augment cybersecurity through A.I.

Scaling security: creating new products to support the good fight

Tell us More: How to Harden Your Sandboxes against malware evasions

The role of the network in the Zero-Trust world

WSL 2 and Security: Productivity Booster or Achilles Heel?

Personal Medical Data Management Using Virtualized Symmetric 5G Data Channels

What if I told you that Security is here to help? (a.k.a. The 7 habits of highly effective Security leaders)

From lonely wolf to the pack

A cure for Botnets? Fighting Credential Stuffing at Adobe

Personal Security in a Post-Pandemic Age

5G Security - A shared responsibility

Impactful Cyber Army Workflows

Beyond Security Operations

Automatic exploitation of critical CVEs using Sniper: ProxyShell, OMIGOD, Confluence RCE and more

5 years of IoT vulnerability research and countless 0days - A retrospective

MEV explained or How to rescue a 6-figure amount from a compromised wallet

Panel: Cybersecurity - the fine line between technology and the human element

Panel: Cybersecurity - the fine line between technology and the human element

Deceptive Ops & Honeynet Design

Panel: Cybersecurity - the fine line between technology and the human element

Cybersecurity & The Board: Choosing success over the Sarlacc Pit

Organizational Data Asset Lifecycle – Redefining the Cyber-attack surface

Burnout: Destabilizing Goals and Threatening Organizational Security

Revenge is Best Served over IOT

Abusing postMessage API for 6 figures/year

Curse of the Mirage Forest: An Incident Responder's Tale

Responding to the ever evolving threat landscape

Panel: Ladies in Cybersecurity

Training SecOps: Education through Gamification.

Hack the hackers: Leaking data over SSL/TLS

Automotive Cybersecurity – needs, methods, and future challenges

Panel: Ladies in Cybersecurity

Panel: Threats and lessons learned from the pandemic

Recipe for a beginner in bug bounty hunting

Vulnerabilities discovered in Android stalkerware apps

Post-quantum scheme with the novel random number generator with the corresponding certification method.

Panel: Entrepreneurship in cybersecurity - should I go there? Powered by ORANGE Fab

Cyber range in a nutshell

Panel: Cybersecurity - the fine line between technology and the human element

A Deep-Learning Approach to Phishing Detection.

Leveraging threat intelligence in the selection and prioritization of detection sources

What it takes to be good at bug bounty hunting

Adversary Emulation on Windows

Pentesting on Steroids (live demo) - How to perform faster and better pentest engagements

Emulating Packed Linux Malware Using the Unicorn Emulator Framework

Next-Gen IoT Botnets #3 - Moar ownage

The Advanced Threats Evolution: Researchers Arm Race

Fuzzing the Stack for Fun and Profit

Lions at the watering hole – one year after

Live smart, live longer. On modern intelligent cyberweapon

Hacking ICS devices for Fun

Penetration Testing of Vehicle Components (ECU and FMS)

The U.S. Election System, Can we fix it? YES WE CAN!

In the Midst of Fire – Lessons Learned from Serious Incidents

The Road to Hell is Paved with Bad Passwords

Hacking The Hacker: The Story

Can Your Cloud Keep a Secret?

Raise Ya False Flags: A history about pirates and APTs

How come we have not solved security by now?

Connected Vehicle Security

#Spouseware and #Stalkerware: Where Do We Go from Here?

Intelligent Threat Intel - 'LEAD' Framework

Rotten to the core: Android worms in the wild

CAN Bit-Stomping attack Prevention

Cybergames with AMPIRE. NextGen Cyber Warfare and Operations Awareness & Training Polygon

Under Pressure: Real world damage with TPMS spoofing

Simjacker – billion dollar mobile security vs. one tiny piece of plastic

Threat Intelligence - Common Mistakes & Stories Form The Field

I PWN thee, I PWN thee not!

More Tales from the Crypt...Analyst

Privacy in the healthcare: The good, the bad and the ugly

Secure them all—From Silicon to the Cloud

Machine Learning and Advanced Analytics in Today’s Cyber Security

Red Team Engagements and The Forgotten Risk of Mobile Devices

Story of the new Android banking Trojan – Cerberus

Post quantum digital signature with OQRNG (optical quantum random number generator)

Project SCOUT. Deep Learning for malicious code detection

Why usual pentests suck?

Security meets the world of gaming

CAN Bit-Stomping attack Prevention

How to implement a quantum key distribution protocol on IBM's quantum computer (a practical example of quantum programming)

HID (Human Interface Danger)

Consensual Surveillance

Windows Based Exploit Chains and Their Detection Mechanism

Securing DevOps: Common misconceptions

How to exploit Cloud adoption for making your IT more secure and convenient for end users

Investigating Windows Graphics Vulnerabilities: A Reverse Engineering and Fuzzing Story

Can Your Cloud Keep a Secret?

Messaging Layer Security: Towards a New Era of Secure Group Messaging

Under Pressure: Real world damage with TPMS spoofing

A Secure Distributed e-Health System for the Management of Personal Health Metrics Data

The Decalogue(ish) of Contractual Security Sins

Cybergames with AMPIRE. NextGen Cyber Warfare and Operations Awareness & Training Polygon

Implementing Continuous Offense, to Measure and Monitor Cybersecurity Defenses

Project SCOUT. Deep Learning for malicious code detection

Security & Compliance in the Cloud

Challenges in creating challenges

Breaking Smart. Hacking health, wearable and smart apps to prevent leaking

Stealing Traffic: Analyzing a Mobile Fraud

Intro to Reversing Malware

Let's Make Pentesting Fun Again! Report writing in 5 minutes.

Applying Fuzzy Hashing to Phishing Page Identification (Lightning Talk)

From Mirai to Monero – One Year’s Worth of Honeypot Data

Catch Me If You Can - Finding APTs in your network

Privacy: Between Hype and Need

Web Isolation 101: Securing Web Apps against data exfiltration and shielding corporate endpoints from web-borne threats

IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies

Backdooring DVR/NVR devices

The lions and the watering hole

Back to the future: how to respond to threats against ICS environments.

Burp-ing through your cryptography shield

Weaponizing Neural Networks. In your browser!

Opening Speech

The Hitchhiker's Guide to Disinformation, Public Opinion Swinging and False Flags

One year after a major attack

What happened behind the closed doors at MS

We will charge you. How to [b]reach vendor’s network using EV charging station.

AutoHotKey Malware – The New AutoIT

Applying Honey to the Pot - The Saga of Port 5555 (Lightning Talk)

One year after a major attack

Tailored, Machine Learning-driven Password Guessing Attacks and Mitigation

Needles, Haystacks and Algorithms: Using Machine Learning to detect complex threats

In search of unique behaviour

Back to the future: how to respond to threats against ICS environments.

Tor .onions: The Good, The Rotten and The Misconfigured

Timing attacks against web applications: Are they still practical?

OSSTMM: The “Measure, Don’t Guess” Security Testing Methodology

Open Directories: Sensitive data (not) hiding in plain sight

You're right, this talk isn't really about you!

The challenge of building a secure and safe digital environment in healthcare

Security pitfalls in script-able infrastructure pipelines.

Well, that escalated quickly! - a penetration tester's approach to privilege escalation

Mobile signaling threats and vulnerabilities - real cases and statistics from our experience

WiFi practical hacking "Show me the passwords!"

Catch Me If You Can - Finding APTs in your network

Lattice based Merkle for post-quantum epoch

CPU vulnerabilities - where are we now?

How to Fuzz like a Hacker

In search of unique behaviour

From Mirai to Monero – One Year’s Worth of Honeypot Data

Year of the #WiFiCactus

Trust, but verify – Bypassing MFA

Implementation of information security techniques on modern android based Kiosk ATM/remittance machines

Building application security with 0 money down

Threat Hunting: From Platitudes to Practical Application

Hacking at the ECSC

Drupalgeddon 2 – Yet Another Weapon for the Attacker

Economical Denial of Sustainability in the Cloud (EDOS)

Secure and privacy-preserving data transmission and processing using homomorphic encryption

Bridging the gap between CyberSecurity R&D and UX

Trust, but verify – Bypassing MFA

Internet Balkanization: Why Are We Raising Borders Online?

The Charter of Trust

Remote Yacht Hacking

Weaponizing Neural Networks. In your browser!

Mobile, IoT, Clouds… It’s time to hire your own risk manager!

Pentest-Tools.com - The first online penetration testing framework

Eternal Blues with EternalBlue

BlackBox Debugging of Embedded Systems

Sharper than a Phisher's Hook - The Story of an Email Autopsy

Incident Busters. A 2017 retrospective

Evolution of threats to Electric Power Grid Operations

ATM: every day trouble

Fileless malware - beyond a cursory glance

Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software

ICS Humla

Are we alone in our infrastructure? A look into the dark corners of endpoints with Hubble.

Attacking Mongoose OS on Xtensa platforms

Incident Busters. A 2017 retrospective

Weaponized RaspberryPi in Red Team Engagements

Back to the IoT Future: Where Marty controls all your routers

Splunking the Clouds: finding the needle in AWS & Azure.

Minute-hacks against Robi the Robot

SHA-3 vs the world

Road to ECSC 2017

Keeping customer data safe in EC2 – a deep dive

Drive safely on the internet lane: how smart cars can leak your data

In Soviet Russia, Vulnerability Finds You

Sharper than a Phisher's Hook - The Story of an Email Autopsy

Efficient Defenses Against Adversarial Examples for Deep Neural Networks

Securing without Slowing

Unexpected Shells with "covertutils"

Turning IDS signatures against an IDS itself: a new evasion technique

Are you keeping up with the Commodore, 'cause the Commodore is keeping up with you!

Fileless malware - beyond a cursory glance

IoT botnets? How do they work?

What the WiFiCactus?!?!?!

Active Defense Untangled

Road to ECSC 2017

ATM: every day trouble

Twisting Layer 2 Protocols

Attacking Mongoose OS on Xtensa platforms

Smart Cities under Attack: Cybercrime and Technology Response

Hijacking the Boot Process - Ransomware Style

Fuzzing closed source applications

Remote Attacks against IoT

ICS Humla

Minute-hacks against Robi the Robot

Drive safely on the internet lane: how smart cars can leak your data

The Business of Cybersecurity: Life-Lessons Learned

GDPR - T minus 6 months. Are you ready?

Splunking the Clouds: finding the needle in AWS & Azure.

Supporting innovation in cybersecurity through acceleration program – Orange Fab

Bug bounty conspiracy and 50 shades of gray hat. Who owns the vulnerability?

Lockpicking and IT Security

You Fail in SE If You Make Those Mistakes

The rise of security assistants over security audit services

From Threat Intelligence to Rapsheets in just a few steps

InterPlanetary File System (IPFS)

How I hacked my city

DVB-T Hacking

Detecting Drive-By Attacks by Analyzing Malicious Javascript in Big Data Environments

Infecting Internet of Things

Threat Intelligence! DIY!

Online Alter Ego - A Simple Button for Military Security

Knock knock.." "Who's there?" .."The Law! Open up!

Security through open innovation and data sharing

Security of Mobile Cryptocoin Wallets

Social Engineering - Security through education

Threat Intelligence! DIY!

Split Personalities: The Psychology of Social Engineering

Real-world Lessons about Spies Every Security Researcher Should Know

From Threat Intelligence to Rapsheets in just a few steps

Testers vs Writers: pentests quality in assurance projects

Do Tinder Bots Dream of Electric Toys?

Windows shellcodes: To be continued

…And bad mistakes…I've made a few…

Moving forward with cybersecurity

Web Application Firewall Bypassing

Bad software is eating the world! Let's fix it!

Follow the Money.

Browser instrumentation for exploit analysis

Crafting the Unavoidable

Online Alter Ego - A Simple Button for Military Security

Reversing a Polymorphic File-Infecting Ransomware

Making hacking and social engineering harder with typing biometrics.

Real-world Lessons about Spies Every Security Researcher Should Know

Functionality, Security, Usability: Choose any two. Or GNOME.

Securing the Openness. The operator challenge.

SE Exploit by improvisación

Riskware Betrayer. Who is the biggest one?

A new Hope - CTF stories & IoT Hacking

IoT Village Awards

Game of Hacks: Play, Hack & Track

(In)Security of Embedded Devices' Firmware – Fast and Furious at Large Scale

Hacking and Securing Network Monitoring Systems: End-to-end walkthrough example on Ganglia

IoT Security

IoT Security

From Hype Hangover to Happy Hacking: Shaping the World through Shaping Actions

A new Hope - CTF stories & IoT Hacking

What's in a name? DNS use for exfiltration, and monitoring for detection

Finding media bugs in Android using file format fuzzing

White hat hacker bounty program to improve online environment security

Orange about Bug Bounty and Innovation Labs 2016

ELK stack for Hackers

When Steganography Stops Being Cool

Integrating Mobile Devices into Your Penetration Testing Program

Toward large-scale vulnerability discovery using Machine Learning

Breaking in Bad (I'm the one who doesn't knock)

Modern approaches to Wi-Fi attacks

Building a Weaponized Honeybot (part I) || Building a Weaponized Honeybot (part II)

Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts

Defending the Enterprise Against Network Infrastructure Threats

Challenges on Reversing Layered Malware

How to mess with Android Intents

Cryptography – our weapon in the 21st century

Luke 8:17 – Misleading implementations that compromise the privacy and information security || Abstract Apoc@lypse Technique

Building a Cyber Security Operations Center

Pentesting Android Applications - Workshop

What's in a name? DNS use for exfiltration, and monitoring for detection

IDS Evasion Techniques

Untrusted Mobile Applications. State of Art of Security App-Apocalypse

PuttyRider - Pivoting from Windows to Linux in a penetration test

Owning the girl next door

All your bitcoins belong to us!

A Pyrotechnic Composition: Fireworks, Embedded Wireless and Insecurity-by-Design

SSH Tunneling - a gate to freedom and a threat

Leading and Developing the Cyber Workforce

Cognitive Bias and Critical Thinking in Open Source Intelligence (OSINT)

A look into Bullet Proof Hosting

SCADA Software or Swiss Cheese Software?

A Practical Study of Security Problems on One of the Most Efficient Web Application Firewall

Managing Risk Effectively

Securing Networks using SDN and Machine Learning

Vulnerability Assessments on SCADA Networks: Outsmarting the Smart Grid.

Memory Forensics & Security Analytics: Detecting Unknown Malware

Security Nightmares for Journalists, why we must all be SysAdmins

Finding a European way for a safer cyberworld integrating our continent's millenary humanistic values, pluralist educational and philosophical systems, and overpassing its actual political weaknesses

Penetration Testing – 7 Deadly Sins

What happens in Windows 8 stays in Windows 8

CubeSats – A fairy tale; How academia got the chance to implement satellite (in-)security and how I tried to fix it

Cyber Necromancy: Reverse Engineering Dead Protocols

I can track you! They can track you! Everybody can track you!

Crypto as a global business

What happens in Windows 8 stays in Windows 8

Cyber Ranges

Android(in)Security

Democracy and massive-control in the post-Snowden age

The 80% Solution at 20% of the Cost'. The Utilization of 'Cyber Hygiene' to Mitigate SCADA System Vulnerabilities

A look into Bullet Proof Hosting

Social Engineering, or "hacking people"

Privacy in Mobile Apps. Enterprise Opportunities

Scanning Romania with Nessus

DRM to p0wn NSA in a few easy steps

Android hacking techniques

Exploring Bucharest for Free with RATB/Metrorex – RFID Mifare Classic attacks, frauds and countermeasures

0class2DOS

A few cybercrime cases that could make us think…

An overview of in vehicle CAN network security

The limit between law and surveillance

10 Years Later: Are We There Yet?

Does it pay to be a black-hat hacker?

SSL Ripper - All your encrypted traffic belongs to us

Into The Worm Hole: Metasploit for Web PenTesting

Android hacking techniques

AAA – Analyzing Android APKs (our way)

HTTP Header Analysis

Peering in the soul of Hackers: HPP (the United Nations Hacker’s Profiling Project by UNICRI) v2.0 reloaded

The NSA activities are a violation of the human rights and it is time to take action

Cops hacking into computers to investigate crimes. What could go wrong?

Digipass Instrumentation for Fun and Profit

Human brain, friend or foe?

Hunting and Exploiting Bugs in Kernel Drivers

DefCamp 2012 Opening Speech

Mobile networks: exploiting HTTP headers and data traffic

Web Applications - Security and Scalability Checklist

Detecting and Defending against Advanced Persistent Threats

Social Engineering

Blended Threat Concept in Web Applications

NVidia CUDA for Bruteforce Attacks

SMART Project

Attacks Against Captcha Systems

How does a 0day work?

OWASP Overview of Projects You Can Use Today

Social Enterprise Rises! …and so are the Risks

Hacking beyond hacking - Forgotten Chapters

Critical vulnerabilities in the online services of a romanian telephony company

The importance of logs

CensorMeOrNot - P2P System of DNS Caches

Zombie browsers spiced with rootkit extensions

Evolution & Analysis of Web Vulnerabilities

SYDO - Secure Your Data by Obscurity

SmartFender

DefCamp 2011 - Call 2 action

Chess Club - Ground Zero Security

Forms Injections

Advanced data mining in my sql injections using subqueries and custom variables

PE Format

Security in 21st century

Cross Site Request Forgery Attacks

DefCamp 2011 Opening Speech

High Security Web Server

Virtual Anonimity – What? Why? When? How?

Mobile Security - SMS Attacks

Attacking SIM Toolkit

0-day vulnerabilities in main stream software

Corporate Network Security 101

Information means power.

How to generate persistent errors in BIOS