The Red Team and the Blue Team will be joining forces to improve your organization's cybersecurity capacity. Which team will you play for?

All sessions will be based on actual events and the experiences of our expert teams during real-world incidents.

Select your preferred talks from either of the tracks. There will be enough time to switch rooms between sessions if you want to mix it up a bit.

🇬🇧 All sessions will be presented in English unless otherwise indicated.

Morning Sessions

Welcome to Mälarsalen at Münchenbryggeriet in Stockholm.

You are greeted by a Truesec colleague by the registration desk and will have coffee before we take off. Welcome!

It's time for you to choose which session from the two tracks you would like to attend.

Enjoy a 30-minute break, visit our partners in the exhibit, and grab a cup of coffee.

Cyber Incident Cases - Morning Sessions

Are you ready to battle a severe incident, and collaborate with a dedicated incident response team?

When you are the target of a cyber attack, do you know what to do? How to behave? When to act? Simply put, are you prepared to manage an attack against your organization?

Rasmus will with real cases as examples cover multiple methods of how you can prepare for and manage severe attacks against your organization. The dos and don’ts, as well as how to include, collaborate and work together with a dedicated incident response team.

Speaker: Rasmus Grönlund

In the last few years, many organizations have suffered from ransomware attacks. Recovering from a ransomware attack usually requires backups, but in some cases, there are other ways.

Alexander is a Principal Forensic Consultant in Truesec CSIRT. In this session, he will showcase his team’s latest research in ransomware decryption capabilities. The research breaks an entire family of ransomware variants and allows victims to restore encrypted data without obtaining the private keys.

Speaker: Alexander Andersson

Join us on a winding journey where we investigate what has happened during a cyberattack, and who might be behind it.

Threat actors often try to hide where they come from, and it's our job not to be fooled by false leads.

Speaker: David Lilja and Hasain Alshakarti

Build Secure Infrastructure - Morning Sessions

Network security philosophy and firewalls as the primary enforcer of solid IT security have historically been many organizations' sole and major strategy. As traffic patterns change and threats evolve, this strategy is no longer successful.

In this session, network security Heresh will share insights about common mistakes from a real-life cyber-incident perspective.

Speakers: Heresh Zaremand

How do VMware vSphere platforms get attacked and encrypted?

We will go through real-world examples from attacks and give you recommendations on how you can protect your environment from getting breached by the new wave of ESXi-targeting ransomware.

Speaker: Anders Olsson

Most backup solutions are not designed for today’s real threat, cybercrime.

Join this session to learn how you should architect your existing solution to protect you from cyberattacks, ransomware, and other threats.

Speaker: Mikael Nyström

Closing Lunch Keynote

By combining reverse engineering of the different malware used and studying the actual war, we can see how the code was affected by different requirements.

Gain deep insight into the technical details of three Russian Wiper malware used in cyberattacks against Ukraine during the conflict, how they were employed, how they differ, and how this relates to the physical war in Ukraine. We will show how the Russian Cyberwar in Ukraine was integrated into the kinetic war, where it succeeded, where it failed, and maybe why we haven’t seen more written about it.

Speakers: Mattias Wåhlén and Nicklas Keijser

Enjoy a long lunch in the exhibit area.

Red Team - Afternoon Sessions

Get the highly appreciated talk from Def Con.

CSRF is (really) dead. SameSite killed it. Browsers protect us. Lax by default!

Sounds a bit too good to be true, doesn't it? We live in a world where browsers get constantly updated with brand-new web features and new specifications. The complexity abyss is getting wider and deeper. How do we know web technologies always play perfectly nice with each other? What happens when something slips?

Speaker: Dongsung "Donny" Kim

Modern IT environments offer passwordless authentication to improve security. Certificate and key-based authentication makes the user's life easier and gives the offensive side an excellent opportunity to obtain versatile credentials.

This technical session will provide detailed demos and discussions about the different attacks and using certificate- and key-based authentication in a Windows environment ranging from certificate services misconfigurations and abuse to Windows Hello for Business keys and sessions.

Speakers: Hasain Alshakarti and Carlo Alberto Scola

Join in on this hands-on, step-by-step demo on how to deploy a complete Remote Access Trojan (RAT) with no detection in a fully monitored Microsoft Defender for Endpoint environment.

Speaker: Mikkel Ole Rømer

More info coming soon.

Speaker: TBA

Build Secure Infrastructure - Afternoon Sessions

How do we secure Azure AD administration in a Tiering manner?

Join this session to learn the why, how, and when you should implement this mindset towards the cloud.

Speaker: Viktor Hedberg

Join this session to learn the new cool things about Windows Server 2022 and System Center 2022 features you need to know.

Speakers: Mikael Nyström

Want to know about the features you already have in your Windows Enterprise setup? What can help you prevent ransomware and protect users even without them knowing?

Get to know features like AppLocker, Credential Guard, and Attack Surface Reduction rules. Learn how to use the tools you already have to increase your security posture.

Speakers: Peter Löfgren

Put some clear and concise content in here. Keep your reader in mind. What are they trying to do? What are they hoping to learn? Why are they reading this? Help them out and use the tone and voice of your organization.

Prompt abuse is a real threat. In this session we will cover how to safeguard the MFA registration in Azure AD and stop threat actors from entering their own MFA credentials.

Speakers: Marcus Pettersson and Viktor Hedberg

If your Active Directory gets breached by threat actors, you need to make sure your underlying infrastructure doesn’t also get breached. We will show you how to design and implement segmentation that is both secure and manageable.

Speakers: Jörgen Brandelius and Anders Olsson

Closing Keynote

A problem with "Oceans 11" and other heist movies is that they make it seem like robbing a bank is hard. Human nature does not allow us to be alarmed adequately at threats that seem advanced or extreme. Simply because we like to tell ourselves that would never happen in real life, or they are not worth that kind of effort.

In this closing session, Jayson E Street will execute attacks with minimum effort, technique, or tools. You may not feel the need to worry about a nation-state attacker, but you should be concerned by a random person walking off the street and compromising your systems in less than 30 seconds.

Jayson will take you through a bank robbery in real-time via a hidden camera and show you that people can still be victims of their wrong assumptions even in high-security areas. Most of us have biases, but we may not even be aware of them. Yet, we can still gain skills to spot suspicious behavior. Learn how untrained workers are a severe threat. However, workers educated in Security Awareness can be the biggest asset to a company's security posture.

Speaker: Jayson E. Street

To sum up the day and hang out with attendees, speakers, partners, friends, collegues and exhibitors.