DeepSec 2025 Talk: How To Breach: From Unconventional Initial Access Vectors To Modern Lateral Movement – Benjamin Floriani & Patrick Pongratz
The perpetual cat-and-mouse game between attackers and defenders has pushed offensive security o
#Conference #DeepSec2025 #LowprofileAttackingTechniques #RedTeam #SVG #Talk #TTPs
DeepSec 2025 Talk: GitHub Security at Scale: One Opensource Tool to Rule Them All – Sina Yazdanmehr & Hugo Baccino
Managing GitHub security across all organizations and repositories within a company can be challenging. Mis-configured settings, hard-coded secrets, and outdated d
#Conference #DeepSec2025 #GitHub #GitHubSecurity #OpensourceTool #Talk
DeepSec 2025 Talk: Offensive SIEM: When the Blue Team Switches Perspective – Erkan Ekici & Shanti Lindström
Traditional SIEM solutions focus on detecting attacks—but what if we flipped the script? Instead of waiting for adversaries to act, defenders can use SIEM proactively to
#Conference #DeepSec2025 #misconfigurations #PrivilegeEscalation #SIEM #Talk
DeepSec 2025 Talk: Hunting Shadows: Using Threat Intelligence to Outpace Adversaries – Sanjay Kumar
Cybersecurity isn’t just about firewalls and patches — it’s about understanding your adversary. Threat intelligence provides the insights
#Conference #AdversaryEmulation #DeepSec2025 #MITREATTCK #Talk #ThreatIntelligence #ThreatScoring #UnderstandingAdversaries
DeepSec 2025 Talk: Lessons learned from preparedness exercises with 3500 companies – Erlend Andreas Gjære
Preparedness exercises, whether they are traditional tabletop discussions or more interactive gamified experiences, help us become more
#Conference #CrisisPlan #CyberExercises #DeepSec2025 #IncidentResponse #PreparednessExercises #resilience #Talk
DeepSec 2025 Training: Fundamentals of Covert Entry: Intensive Training – Babak Javadi, Jiri Vanek, Chris Cowling
Step into the world of covert entry with **Fundamentals of Covert Entry**, a 2-day hands-on training designed to
#Conference #DeepSec2025 #ElectronicAccessControlSystems #MechanicalAccessControlSystems #PhysicalSecuritySystems #Training
DeepSec 2025 Talk: Ransomware vs. Info Stealers: A Comparative Analysis – Steph Shample
This talk provides a clear and practical comparison between two dominant forms of malware: ransomware and information stealers. While both are used by threat actors to profit from compromised system
#Conference #CyberThreatIntelligence #DeepSec2025 #InformationStealers #Ransomware #Talk
DeepSec 2025 Talk: Hacking Furbo: A Pet Project – Julian B., Calvin S.
Embarking on our first hardware hacking project, we came across the `Furbo` treat dispensing smart-camera for pets. This device had previous security research completed; however, years had passed without further analysis. With a few devices in tow, we pulled them
https://blog.deepsec.net/deepsec-2025-talk-hacking-furbo-a-pet-project-julian-b-calvin-s/
DeepSec 2025 Talk: Quantum Safe Cryptography: The Future of Cyber(un)security – Lukas Mairhofer
There is a cybersecurity threat looming that will change everything. Conveniently enough, it can be ignored until it is way too lat
#Conference #CryptographicallyRelevantQuantumComputers #DeepSec2025 #PostquantumCryptography #QuantumComputers #QuantumKeyDistribution #Talk
DeepSec 2025 Talk: The Anatomy of DragonRank: Understanding and Defending Against SEO-Driven IIS Compromises – Joey Chen
DragonRank, a sophisticated threat actor, primarily targets countries in Asia and a select few in Europe
#Conference #AdvancedAttackTechniques #BadIISMalware #BadIISPlugX #DeepSec2025 #DragonRank #Talk #WindowsIISServers
DeepSec 2025 Talk: Déjà Vu with Scattered Spider: Are Your SaaS Doors Still Unlocked? – Andi Ahmeti & Abian Morina
LUCR-3 better known as Scattered Spider has surged back in 2025, pivoting its social-engineering playbook from last year’s casino breaches to fresh wave
#Conference #DeepSec2025 #LUCR3 #ScatteredSpider #SocialengineeringAttacks #Talk
DeepSec 2025 Talk: Fake News, Fake Pics: Securing Image Provenance in a Post-Quantum World – Maksim Iavich
With quantum computers on the horizon, today’s cryptographic defenses are running out of time. Fake
#Conference #AdvancedCryptographicTechniques #AIContent #Deepfakes #DeepSec2025 #FakeNews #ImageProvenance #PostQuantumVerITAS #QuantumAttacks #Talk
DeepSec 2025 Talk: Securing the Death Star: Threat modeling in a galaxy far, far away…. – Coen Goedegebure
The Galactic Empire is on the verge of releasing its biggest, most valuable and most important asset: the Death Star. You, the newly appointed Chief Imperial Security Officer, a
#Conference #CyberSecurity #DeepSec2025 #StarWars #Talk #ThreatModeling
DeepSec 2025 Talk: Catching WordPress 0-Days on the Fly – Ananda Dhakal
WordPress powers over 40% of the web, making its plugin ecosystem a prime target for attackers. While security researchers manually audit plugins for vulnerabilities, the ever-growing number of third-party extensions makes this approach
https://blog.deepsec.net/deepsec-2025-talk-catching-wordpress-0-days-on-the-fly-ananda-dhakal/
#Conference #0dayVulnerabilities #DeepSec2025 #Talk #WordPressPlugins #WordPress
DeepSec 2025 Talk: From Firewalls to Fragmentation: Identifying Adversarial Traffic in a Politically Divided Internet – Vladimer Svanadze
This talk presents a multidimensional analysis of Internet fragmentation, examining how political, technical, ec
#Conference #AdversarialTraffic #DeepSec2025 #InternetFragmentation #Talk
DeepSec 2025 Talk: Predicting IOCs with Historical Analysis – Josh Pyorre
What does looking at the history of malware, threat actors, and related network infrastructure tell us about the future? Are there unexpected connections to be found to help us not only find attribution, but potentially
https://blog.deepsec.net/deepsec-2025-talk-predicting-iocs-with-historical-analysis-josh-pyorre/
#Conference #DeepSec2025 #HistoricalAnalysis #MaliciousIOCInfrastructureReuse #Malware #Talk
DeepSec 2025 Talk: Man-In-The-Service: Truly OpSec Safe Relay Techniques – Tobia Righi
Recently, due to EDRs, it has become harder and harder to abuse credential access by dumping LSASS after compromising a Windows server and gaining local administrator on it. So, many red-teamers, pentesters
#Conference #CredentialAbuse #DeepSec2025 #ManInTheServiceAttack #RelayBox #Talk
DeepSec 2025 Talk: ∞ Day at Scale: Hijacking Registrars, Defeating 2FA and Spoofing 17,000+ Domains Even with DMARC – Alessandro Bertoldi
What happens when a registrar is the weakest link in your security chain? Thi
#Conference #2FA #DeepSec2025 #DMARC #RegistrarHijacking #SocialEngineering #Talk #dayVulnerabilities
DeepSec 2025 Talk: Machine Learning Poisoning: How Attackers Can Manipulate AI Models for Malicious Purposes – Shahmeer Amir
The use of machine learning and artificial intelligence has been on the rise in various industr
#Conference #AdversarialTrainingTechniques #AIModels #AISecurity #DeepSec2025 #MachineLearningPoisoningAttacks #Talk
DeepSec 2025 Talk: Breaking Into OT Environments: Exploiting Vulnerabilities to Compromise Critical Infrastructure – Avanish Pathak
In this session, we’ll delve into how attackers systematically exploit weaknesses in Operational Technology (OT) s
#Conference #CriticalInfrastructure #DeepSec2025 #OTSystems #RealworldAttacks #Talk
