Agenda

Talks (May change without notice, stay updated)

All talks and activities will be presented in English

Time
Track 1 - Discovery - Floor 0
Track 2 - Insight - Floor 1
Track 3 - Frontier - Floor 0
08:00 AM - 08:45 AM Check-in (Reception)
Reception of participants
Bring your QR Code ticket on App!
Check-in (Reception)
Reception of participants
Bring your QR Code ticket on App!
Check-in (Reception)
Reception of participants
Bring your QR Code ticket on App!
08:45 AM - 09:00 AM Opening
Cássio Pereira
BSides Kraków 2024 & 2025
- -
09:00 AM - 09:30 AM - - User input, business process and AI - what can go wrong? Real world examples
Paweł Kusiński
Quick intro about vulnerabilities we see in GenAI and then I will move on to the meaty part of the talk - 2 vulnerabilities I found out there in the wild, both rated as critical
09:30 AM - 10:00 AM - - Troll Malware - Some man just want to see it burn!
Cássio Pereira
We will see how easy is to fuck up with systems, just for fun.
09:00 AM - 09:55 AM Offensive Operations Against Foreign Adversaries: Russia
Steve Borosh aka rvrsh3ll
Steve Borosh started hacking the planet with Black Hills Information Security in 2021 and has been instructing offensive courses since 2015. Steve has instructed at conferences such as BlackHat and Wild West Hackin' Fest, for Fortune 500 companies, and for federal law enforcement. He currently annoys system administrators as part of the ANTISOC team at BHIS and enjoys releasing shock-and-awe research blogs and open-source tools to drive change in the industry.
Learning from Open Source: A Developer-First Approach to Security.
Fabian Kammel
Everyone is all too familiar with the stereotypical sticky-note with a password attached to a monitor, but we see equivalent security risks in our jobs, everyday! From sharing production secrets through insecure channels, to disregarding TLS server certificate validation. These are symptoms of a larger issue - 'Security at the expense of usability comes at the expense of security'. In this talk we will delve into the heart of this issue and show why adopting a developer-first approach is paramount when designing a secure system. We will distill design best-practices, from prominent and successful opensource projects such as Let's Encrypt and Sigstore. We contrast these with real-world scenarios, observed during security assessments in the industry, and show how the same best-practices could have lead to a system with higher adoption and therefore better security posture. Participants will be equipped with actionable strategies suited for simple scripts as well as complex CI/CD systems.
-
10:00 AM - 10:30 AM Keynote
If you want to be a CISO, then check this first
Brian Vlootman
If you’re aspiring to be a CISO, do you really know what you are getting into? This talk will cover the reality of being a CISO and an honest reflection of what you need to be a great CISO. There are many ways to grow as a security professional and they most always don’t end with the CISO role. But a better understanding of what that role is about may help you to grow faster.
- -
10:30 AM - 11:00 AM Keynote
A Quick, Efficient Yet Not Entirely Sane Introduction to Deception
John Strand
Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.
- -
10:00 AM - 10:55 AM - The Physical Security Blind Spot
Brian Harris aka CAT
Physical security in the forms of auditing security posture & black team engagements is an all to often overlooked part of security and arguably one of the most important. I have spent around 15 years performing physical security audits and black team engagements for governments, state entities and private corporations all over the world and I want to share some of the stories, concepts and security vulnerabilities involved with black teaming. From bugging corporate board rooms, stealing documents and generally getting into places that are suppose to be secure. No amount of cyber security will save you, if the attackers have physical access to your servers and hardware.
Demystifying Confidential Computing: A Practical Introduction for Cloud Native Engineers
Fabian Kammel
Confidential computing stands at the forefront of modern security paradigms, offering unprecedented levels of data protection in cloud environments. As cloud-native architectures become increasingly prevalent, understanding and leveraging confidential virtual machines (CVMs) is paramount for engineers tasked with safeguarding sensitive data. This talk aims to demystify confidential computing and provide cloud-native engineers with a practical introduction to integrating confidential VMs into their cloud infrastructures.
11:00 AM - 11:55 AM Biometrics RMTC: Reality, Myths, Threats & Countermeasures
Adrian Kapczyński aka Hpar3s
In order to demystify the field of biometrics, this presentation, 'Biometrics RMTC: Reality, Myths, Threats & Countermeasures', will explore its reality, dispel common misunderstandings, look at potential risks, and talk about practical countermeasures. Participants will acquire a thorough grasp of the operation of biometric systems, as well as the advantages, disadvantages, and security issues they raise.
CyberRisks in DevOps- staying ahead for cyber resilience & compliance
Grzegorz Zagraba
Losing IP and configurations stored in DevOps tools such as GitHub, GitLab, Bitbucket or Jira can paralyze the operation of the entire company. Get to know the biggest threats and learn how to eliminate them so as not to lose even a single line of your code and ensure resiliency and business continuity.
We will discuss:
  • Alarming Threat landscape statistics every CISO and DevOps should know
  • True stories of the most severe GitHub, GitLab, and Atlassian 'fackups' (including ultimate review of most severe threats)
  • Data Protection, Backup, Disaster Recovery and Security best practices
Social engineering and elicitation techniques of hacking a human being.
Dorota Kozlowska
Presentation of Social engineering theory, and techniques, going in-depth to learn about elicitation and building rapport with your potential victim. Examples of real-life attacks, and final thoughts on who could be a social engineer and how to defend yourself against one. The person listening to my talk will end it with tangible knowledge on social engineering and places to go if they want to learn more.
Agenda:
  • 1. What is social engineering? Examples.
  • 2. Becoming Anyone you want to be - Pretexting.
  • 3. Four Phases of Social Engineering (Reconnaissance, Engagement, Exploitation, Closure);
  • 4. Building your artwork: What is elicitation? Elicitation Techniques.
  • 5. I know how to make you like me: Building Rapport.
  • 6. Examples of Real Social Engineering Attacks.
  • 7. Now What? Skills you need to become a social engineer, and how to defend yourself.
  • 8. Conclusion, final thoughts
12:00 AM - 13:00 PM Lunch break - PIZZA Included Lunch break - PIZZA Included Lunch break - PIZZA Included
13:00 PM - 13:55 PM Leveraging Features for Privilege Escalation in Ubuntu 24.04BD
Elliot Ward
In this session, we explore a unique approach to privilege escalation in Ubuntu 24.04 by leveraging system features rather than relying solely on traditional vulnerabilities. Our research began with an investigation into Ubuntu’s privilege boundaries, focusing on DBus and its interaction with the cups printing system. Through a series of methodical steps, we uncovered a way to escalate privileges from a standard user to root by chaining together minor bugs and existing features. Our journey highlights the importance of understanding system components and their interactions. By exploiting the configurations within the cups service and bypassing AppArmor restrictions, we achieved arbitrary command execution, ultimately gaining root access through the wpa_supplicant service. This talk emphasizes the significance of a holistic approach to security research, demonstrating how combining knowledge of system features can lead to successful exploitation. Attendees will gain insights into advanced privilege escalation techniques and the critical role of comprehensive system analysis in identifying security risks.
The not-ultimately-boring introduction to HIPAA compliance in web applications
Pawel OlbrychtA real life approach to HIPAA compliance - explanation of what to do, what is not required and why compliance (in general) is so important
How to Break into Organizations with Style: Hacking Access Control Systems
Julia Zduńczyk
Have you ever wondered how Red Teamers manage to get access to high-security areas in buildings? This talk is your chance to learn about the tools, tactics, and techniques we use to break access control systems. The presentation is based on the experience and examples collected during the Red Team assessments and gathers in one place the knowledge needed to gain access to places protected by access cards.
14:00 PM - 14:55 PM Get high as a Threat Actor - Rootkits and Kernel security
Marcelo Toran
Join us for an in-depth exploration into the clandestine tactics employed by Threat Actors to infiltrate systems at a Kernel level. In this session, we will examine various Kernel security features in Windows environments and show potential attack paths to bypass some of those. Beginning with a brief overview of the different Kernel security mechanisms, we'll dive into the intricacies of each feature and explore potential bypass techniques utilized by adversaries. Once the theoretical groundwork is established, we will introduce a streamlined methodology for identifying the right vulnerable drivers so you can easily replicate the same attack vectors during your Red Teams. In the culmination of our session, we will demonstrate the full chain of exploitation in a real environment, showcasing some of the powerful actions Threat Actors could perform when they are so high. We will finalize with some security recommendations to enhance your defenses against evolving cyber threats.
Leveraging Certificate Transparency Logs to Disrupt Scammers
Kamil Nowak
In our ongoing battle against cybercrime, a valuable ally has emerged: Certificate Transparency (CT) logs. These publicly accessible logs play a crucial role in combating phishing and fraud. This talk will delve into how we can actively leverage CT logs to identify and disrupt scammer operations. I will introduce my open-source tool designed for hunting down scammers and share how my colleagues and I managed to frustrate one particular scammer group for more than six months.
Improving security with Kubernetes
Pedro Dallegrave
Let's review the challenges of vulnerability management and security hardening for cloud environments that leverage instance-based deployments, such as AWS EC2, that host stateless services and are constantly being scaled in and out. And how leveraging orchestration platforms for containerized workloads like Kubernetes can help with increasing the security posture and bring other benefits to product engineering teams
15:00 PM - 15:55 PM AI: The Good, The Bad, and The Certainly Unregulated -s
Manfred Bjørlin
AI's prevalence raises security concerns. Many can't explain AI models, making understanding their strengths, weaknesses, and biases crucial. Tools like ChatGPT transform work but pose risks. Cloud-based AI can breach data confidentiality. Monitoring is essential. ModelOps ensures compliance and ethics. Continuous testing prevents harmful attacks. Regulations like the EU AI Act will demand risk assessments. China has advanced AI regulations since 2017. AI TRiSM ensures reliability, security, and privacy, driving adoption and outcomes. Effective governance is key to managing threats.**What Will I Learn?**
  • 1. Understand AI models' strengths, weaknesses, and biases.
  • 2. Grasp risks of gen-AI tools and mitigation.
  • 3. Recognize ModelOps' ethical role.
  • 4. Learn continuous testing's protection role.
  • 5. Prepare for AI regulations.
  • 6. Explore AI monitoring examples.
Secure AI's future with AI TRiSM.
When your infrastructure becomes your enemy - an introduction to network overtake attacks
Tomas Kirnak
Pretty much all modern systems have one thing in common - they need to talk to each other, and utilize an underlying network to talk and move data around. If the network is compromised, this opens an enormous space of lateral movement, attack vectors, and data exfiltration paths. This presentation will serve as an overview of available attack vectors on the network infrastructure, covering a large set of network protocols used by all of us every day and explaining how they can be abused or overtaken by attackers. We will also look at examples of real attacks that used these techniques, and how to protect against them.
Expanding Security Horizons: SIMD-Based Threats
Andrii Mytroshyn
The main goal of the talk is to give its participants a basic idea of attacks using GPU/SIMD, and provide an understanding why it is possible and why almost any system could be affected by such threads.
16:00 PM - 16:55 PM Malware and Hunting for Persistence: how adversaries hacking your Windows?
Zhassulan Zhussupov aka cocomelonc
The story of how I discovered several non-standard and unusual methods for malware persistence using the registry modifications and DLL hijacking vulnerability: Windows Internet Explorer, Win32API Cryptography features, Windows Troubleshooting Feature and Process Hacker 2. Research in the field of hunting new persistence techniques for malware. Also a comparison of these methods with classical tricks and techniques that are used by various APT groups and Ransomware's authors.
AI in Action: Enhancing Security with LLMs Agents.
Aliaksandr Rahavy & Mikayel Minasyan
In this presentation, we will discuss an overview of LLM agents' capabilities for handling routine and diverse tasks in cybersecurity. We will also explore the challenges involved in the development of LLM agents, review the achieved results, and consider the future of LLM agents in the field of cybersecurity.
From Text to Flaws: vulnerabilities in applications with Generative AI and LLMs
Paul Molin
With the advent of ChatGPT and LLMs, a new world of possibilities has opened up in tech. The first use cases were quick to follow: new applications based on generative AI are being deployed in production every day. In this brand-new field, the race has begun between developers and security experts on the one hand, and attackers on the other. What are the risks of applications using LLMs? What practical means do developers have to protect themselves? This is what I'm going to talk about in this talk, explaining:
- how LLMs and the applications that leverage them work
- typical vulnerabilities in applications using generative AI (with juicy stories to back it up)
- countermeasures developers can take to protect their applications






The AppSec & DevSecOps Village - By Nova8 & Checkmarx

Time
Activity - Floor 0
09:00 AM - 09:55 AM Integrating Secure SDLC into an Ongoing Project: Elevating Security from the Ground Up
Mykola Kolomiiets
Solution Architect at NIX
10:00 AM - 10:55 AM AWS and SBOM - Better Together
Pawel Piwosz
SBOMs becomes not only more and more popular, but also more and more expected. We already have many tools and ways to generate these reports, but are the cloud providers think about is seriously? In this talk we dog deeper into AWS and check it out. We all already know what SBOM is, right?, So that is why this is mostly hands-on session and we will explore multiple serwices and multiple workloads to find out if AWS gives us the right tools.
11:00 AM - 11:55 AM 1. The magic of ASPM - How to really take care of your Software.
2. Explained, Application Security and Iron Man AppSec get your free books.
3. Explained, Application Security register for a huge discount on the official training.
Cássio Pereira
Application Security Expert at Backbase
12:00 AM - 13:00 PM Lunch break - PIZZA Included
13:00 AM - 14:55 PM Workshop - Secure coding training - Stop creating shit code
Cássio Pereira, Marcos Santos and Rafaela Durlo
Application Security Experts at Backbase, Greenbones & Epam
15:00 AM - 15:55 PM Don’t Make This Mistake: Painful Learnings of Applying AI in Security
Kirill Efimov
Head of Research at Mobb
16:00 AM - 16:55 PM XZ Backdoor: Navigating the Complexities of Supply Chain Attacks Detected by Accident
Yoad Fekete
CEO & Co-Founder at Myrror Security



The Cyber Games Village by Black Hills InfoSec

Join us at BSides Krakow for some Cyber Games!

The Cyber Games Village will host multiple table-top RPG style security games, a Capture the Flag tournament, and Hacker Trivia!

Time
Activity - Floor 0
Table-Tops - 09:00 AM - 17:00 PM Play table-top exercises with groups of fellow security enthusiasts with Black Hills InfoSec to level up with real-world scenarios of security breaches and incidents. We will be providing D20 dice to enhance your experience. Free Backdoor & Breaches decks will also be provided! Games will be played at various intervals during the day.
CTF - 10:00 AM - 16:55 PM CTF: Battle it out against your fellow conference members by completing hacking challenges in the Capture the Flag tournament. The CTF is hosted by Black Hills InfoSec and MetaCTF. You can play solo, or as a team. The CTF will start promptly at 10:00 CET, and will wrap up at 17:00. Prizes will be awarded for the top individual players and the top teams!
13:00 PM - 13:30 PM Dungeons & Dragons: The security powertool you didn’t know you needed
Klaus Agnoletti
Storytelling Cyber Security Advisor
14:00 PM - 14:55 PM In the afternoon, stop by the game room for Hacker Trivia. It is a 60 minute session, full of great hacker topics and history. You'll need a smart phone to participate in this game, as you submit your answers through the phone. Let's see if you know your history!
17:00 PM CTF Prizes - Awarded for the top individual players and the top teams!



The after party + Underground Meetup - With support from DevSecCon

Time
Activity
19:00 PM - 01:00 AM Drinks & Food free for all participants! Your badge is your ticket, no badge, no party for you!
PROMINENT The Original Lounge Bar - Hala sportowo-widowiskowa Politechniki Krakowskiej, Kamienna 17, 31-403 Kraków

Take the time to do networking, business and hiring. But not forget to enjoy the amazing attractions prepared for you:
  • Dance floor with DJ
  • Play bowling
  • Pool
  • Darts
20:00 PM - 20:30 PM I’m ok, you’re ok, we’re ok: Living with AD(H)D in Infosec
Klaus Agnoletti
Join me for an insightful talk on living with AD(H)D, where I’ll share my personal journey of being diagnosed at 40. I’ll discuss how this diagnosis helped me finally understand why I struggled with focus, motivation, and other challenges for so long. You’ll also learn about ADHD in general, why there is a high representation of neurodiverse individuals in infosec, and why that’s a strength! My aim is to break down taboos, normalize conversations about mental health challenges, and stress the importance of transparency—especially with employers—before it’s too late and you’re let go (again). If any of this resonates with you, trust me, you’re not alone. At my talk, you’ll be among others who may be facing similar challenges. My hope is that by sharing my story and experiences, you’ll find something that helps you on your own journey.
20:30 PM - 21:30 PM The Questionable State of ML(Ops) Security
Mikołaj Kowalczyk
In this session I will cover the state of MLOps security, I will demonstrate a few interesting ways of stealing OpenAI API keys and getting access to the self-deployed ML models owned by other people. I will also discuss OWASP Top10 for Machine Learning - a standard to which I contribute.
21:30 PM - 22:00 PM 3 LIGHTNING TALKS - 10m each
No need to submit your talk, just come to the stage and, talk!

No vendor / commercial talks allowed.