A warm welcome to Community Event, a free event open for anyone, with lots of breaks to mingle and maybe grab a drink.

  /$$$$$$  /$$$$$$$$  /$$$$$$  /$$$$$$$$
 /$$__  $$| $$_____/ /$$__  $$|__  $$__/
| $$  \__/| $$      | $$  \__/   | $$   
|  $$$$$$ | $$$$$   | $$ /$$$$$$ | $$   
 \____  $$| $$__/   | $$|______/ | $$   
 /$$  \ $$| $$      | $$    $$   | $$   
|  $$$$$$/| $$$$$$$$|  $$$$$$/   | $$   
 \______/ |________/ \______/    |__/                 

AI literacy now commands attention across many organisations in the EU. Article 4—AI Literacy—of the EU AI Act, mandates a baseline level of knowledge for all AI users in scope.
This session distils several landmark realisations in LLM security, grounded primarily in Anthropic’s published security research.

We conclude with two case studies: rapid prototypes of novel LLM application architectures, as food for thought. Each prototype is analysed from a security-first perspective, while demonstrating the capabilities - and shortcomings - of today’s strongest agentic software-engineering models.

Antiforensics refers to a set of techniques, tools, or practices used to hinder, mislead, or obstruct digital forensic investigations. This opens opportunities for attackers to intentionally disable or tamper with logs, use short-lived compute resources like AWS Lambda to carry out malicious actions, and store payloads in less-monitored services like object storage or serverless APIs. Effective cloud forensic readiness requires proactive measures such as enabling comprehensive logging (e.g., CloudTrail, VPC Flow Logs), enforcing strict IAM policies, and integrating tamper-evident storage solutions to preserve the integrity of evidence.

In this demo driven technical presentation I’ll begin by introducing the audience on how log collection, security detection and digital forensics is executed in AWS Environments, like what services are needed to ship data to a SIEM, what are the delays we can take advantage of, how Guardduty works and how SOC teams are getting non-cloud-specific logs from servers using SSM. Then I will demonstrate how an attacker can leverage common known blindspots, like the share responsibility model lack of visibility and the internal delays between log generation and log collection, to execute antiforensics techniques with the objective of hindering an investigator’s ability to recover, analyze, or attribute activity related to cloud-based attacks.

As long as we can communicate securely, everything will be fine.

In this talk I will present how one can build an entire decentralised and distributed encrypted network to carry data, voice, text and more - all based on the sanctum project I presented at SEC-t last year.

From peer-to-peer and end-to-end encrypted tunnels between laptops, desktops and phones to full on group voice-calls and chatting between these devices, using only sanctum and its underlying protocol.

I will deep dive into said protocol, how it works, what the tradeoffs are and how to put this up yourself in a safe and secure way.

So put on your hacker hat, and let's hack.

GitHub Actions are the perfect tool for automating all aspects of your software workflows and deployment processes.
As Actions have access to source code, this makes them a prime target for (supply-chain) attacks.
Learn how to exploit and fix old vulnerabilities, what new vulnerabilities to be aware of, and how to reduce the impact should your Actions get exploited.

A warm welcome and introduction talk about SEC-T by the SEC-T organizers.

   _____ ______ _____   _______ 
  / ____|  ____/ ____| |__   __|
 | (___ | |__ | |   ______| |   
  \___ \|  __|| |  |______| |   
  ____) | |___| |____     | |   
 |_____/|______\_____|    |_|                             

Whether it is for applications, operating systems, databases, etc. anything that reads, writes, manipulates data must be using an encoding. On modern days, it will mostly always be UTF-8 by default, sometimes UTF-16, both are Unicode standards. Security auditors and researchers often manipulate data or protocols, but what about manipulating the underlying encoding?

Unicode has become the one encoding to rule them all, replacing hundreds of old standards. At first glance, it could feel like a simplification. It is not. All those old encodings where ultra-basic while Unicode is overwhelmingly complex beyond what you can imagine until reading the specifications.

Over the years, the lack of awareness about Unicode and its complexity have led to a lot of issues and implementation errors. The version 16.0 of the Unicode Standard is 1140 pages long, and there are over 60 UAX (Unicode Standard Annexes), UTS (Unicode Technical Standards), UTR (Unicode Technical Reports), each of which is comparable to an IETF RFC. During the last 3 years, I have analysed about 15 programming languages, none of which is fully implementing 100% of the Unicode standard.

Any piece of software around you is probably using Unicode, but none of them have complete implementation of it and all of them a probably different. What could go wrong?

In the run up to Google’s plans to dump 3rd party cookies, marketing firms (a $1.7 TRILLION dollar industry) were sent into a complete panic. These firms relied heavily on 3rd party cookies in order to better attribute CPM (cost per 1000 clicks) and how many of those clicks turned into sales. So advertisers could better study human behavior and trends in order to more effectively sell products.

As a former Security Engineer at the Largest Independent Digital Marketing firm in the world, I had a unique view into the evils that these companies were developing in order to not only maintain a few into consumer trends but to increase these views, increase the invasiveness of these techniques, and increase the cooperation between all levels of the industry from display point (streaming service), device point (iPhone, TV), location points (via ISP), to sales point.

This talk is a peek under the curtain for the server side data harvesting that agencies have developed, and how they’ve managed to twist this further invasion into so-called consumer protection and increased privacy.

If you’re used to seeing user enumeration marked as informational or excluded from bug bounty program scopes, you’re not alone. User enumeration is one of those findings that’s hard to prove as impactful, but also hard to get rid of.

This talk will dive into user enumeration and demonstrate its real impact, something that might make clients reconsider the severity of this finding.

Just as Vulnerability Research is an important area of focus at Google, so is Vulnerability Response to critical and complex security vulnerabilities.

These responses not only safeguards the security of Google's products and users but also extends its reach to millions of devices connected to the Internet, in certain instances, including the case I'm going to share here in details.

In this talk, I'd like to go through a recent incident at Google, including technical details, in which I was the global lead. The incident involves the discovery by a Google's security researcher of a critical CPU vulnerability (Reptar) and the extensive remediation efforts across all of Google's products and systems.

The incident presented a confluence of intriguing technical challenges and unique operational complexities. I plan to elaborate on the strategies employed by Google to address these challenges effectively, emphasizing the time constraints and pressures under which we operated.

Offensive security involves adopting an attacker’s mindset and techniques to strengthen defenses. The field of offensive security, starting with penetration testing, has evolved to embrace emerging technologies, incorporating more complex tooling, increased automation, and, most recently, techniques leveraging large language models (LLMs). While early AI techniques lacked the rigor needed to meet the demands of security professionals, recent developments have produced autonomous agents now ranking higher than humans in CTF competitions.

In this talk, we explore how recent advancements in AI can be leveraged in the offensive workflow.
We will examine current approaches in different stages of the cyber kill chain and how we can modify guardrailed models for offensive use cases through methods such as adversarial models and abliteration.

To ground these ideas, we present a case study on automating exploit generation for blockchain security practitioners. Smart contracts, which underpin the decentralized finance ecosystem and collectively govern billions of dollars, are particularly vulnerable due to their immutable and on-chain nature. We demonstrate early results showing how autonomous agents can be used to generate exploits, with the goal of strengthening the capabilities and findings of security auditors.

This talk aims to show how you, as a security practitioner, can begin leveraging AI methods to scale your existing workflows while also grounding your understanding of t

The increasing reliance on digital systems in modern rocketry, from design and manufacturing to launch operations and in-flight control, introduces significant cybersecurity vulnerabilities. This presentation, "Ignition Under Fire," explores the diverse attack vectors targeting rocket propulsion systems, examining potential consequences ranging from mission delays and data breaches to catastrophic failures. We will analyze the complex interplay of software, hardware, and network components within propulsion systems, identifying key weaknesses susceptible to exploitation. The presentation will delve into specific attack scenarios, software manipulation, sensor spoofing, and network intrusion, highlighting the potential impact on critical parameters like thrust, fuel flow, and combustion stability. Furthermore, we will discuss the unique challenges in securing these complex systems. We will explore how a Zero Trust architecture can be implemented to enhance security by enforcing strict access control, micro-segmentation, and continuous authentication and authorization throughout the propulsion system.

This talk will be announced at a later date, stay tuned!

 ____       _   _                       _             
|  _ \ __ _| |_(_) ___ _ __   ___ ___  (_)___    __ _ 
| |_) / _` | __| |/ _ \ '_ \ / __/ _ \ | / __|  / _` |
|  __/ (_| | |_| |  __/ | | | (_|  __/ | \__ \ | (_| |
|_|   \__,_|\__|_|\___|_| |_|\___\___| |_|___/  \__,_|
__   _(_)_ __| |_ _   _  ___                          
\ \ / / | '__| __| | | |/ _ \                         
 \ V /| | |  | |_| |_| |  __/                         
  \_/ |_|_|   \__|\__,_|\___|  

Do you travel with expensive stuff? Do you like feeling safe about leaving your expensive stuff in your hotel room? Have you ever had anything stolen out of your room, or discovered someone has gained access to your room while you weren't there? .. what about .. other rooms? Maybe not EXACTLY a hotel room? I've presented on securing hotel rooms in the past, but adding home assistant, zwave devices, co2 sensors and millimeter wave radar it's become a whole new game - a VERY interesting one! With graphs and remote access!

During SEC-T each year we take one hour out of the schedule to allow lightning speakers to do brief presentations on stage.

• Erik: Life as an IPv4 address - Insights from a worldwide honeypot network
• Your talk here?

If you wish to hold a lightning talk (maximum 15 minutes), send us at email at cfp@sec-t.org.

A smaller dinner is served in the form of wraps.

 ____  _____ ____    _____ 
/ ___|| ____/ ___|  |_   _|
\___ \|  _|| |   _____| |  
 ___) | |__| |__|_____| |  
|____/|_____\____|    |_|  

This is the official party for SEC-T.

Club SEC-T is -free- to attend for anyone 18 years or older, whether you're a conference guest or just want a ridiculously geeky Thursday night and don't even know what SEC-T is!
This also means, as a conference guest, you're free to invite your non-ticket-holding friends.

Official Facebook event: https://www.facebook.com/events/2110818196113594

Armed conflict accelerates technological development while exposing our blind spots in threat awareness. Even seemingly harmless diagnostic data from drones can be weaponized—with potentially deadly consequences.

This talk will include a live demonstration of advanced techniques used to intercept and locate drone operators in real-world war zones. Using the example of a three-day military operation in Ukraine, we’ll walk through how RF weaknesses can be exploited to detect and counter drone threats, and how custom tools can be built to track operators in the field.

In this talk, we peel back the curtain on the Secure Software Development Lifecycle (SSDLC) and explore some real war stories. Rather than focusing on idealized process models or textbook solutions, this session highlights some messy, funny, and sometimes frustrating real-world scenarios AppSec professionals face every day. Each phase of the OWASP SAMM framework becomes a round of mistake bingo, revealing lessons learned along the way. You’ll laugh, you’ll cringe, and you’ll likely recognize more than a few of these examples from your own experience.

Breaking into supermarket systems, ticketing platforms, and more. I’ll share some of my latest hacking stories, showing how I found the vulnerabilities, reported them, and collaborated with the companies. We’ll dive into tools, the challenges of disclosure, the importance of being “ethical”, lessons learned and how these experiences help improve security and build trust between hackers and organizations.

In June 2025 XBOW became the first AI Agent to reach #1 on Hacker1 USA ranking. But how does a hacking agent work? Can you build your own? Can it collect bug bounties while you drink Martinis on the beach?

Hacking is about curiosity, building and breaking things. In this session we explore how we can integrate Large Langue Models (LLMs) with Model Context Protocols (MCPs) to automate & orchestrate complex attacks

Then we look into how secure are AI agents and how can they be hacked

Identity has become the new perimeter and in Microsoft Entra ID (formerly Azure Active Directory), it’s also the easiest one to break. Misconfigured apps, over-scoped permissions, and weak conditional access open the door to attackers who know where to look.

In this talk, we’ll walk through real-world Entra ID misconfigurations that led to privilege escalation and domain-wide compromise all of which have been reproduced in EntraGoat, a new open-source lab that simulates these attack paths in a CTF-style environment.

You’ll see step-by-step demos of how attackers exploit these flaws, how defenders can detect them, and how you can use the lab to train, teach, or test in your own environment. Whether you’re red team, blue team, or just Entra-curious, you’ll walk away with practical techniques and a tool to keep practicing.

Traditional SIEM solutions focus on detecting attacks—but what if we flipped the script? Instead of waiting for adversaries to act, defenders can use SIEM proactively to identify local privilege escalation risks before they’re exploited. By analyzing Sysmon and Windows event logs, blue teams can uncover hidden misconfigurations in services, scheduled tasks, DLL loads, and centralized application deployments that could allow an attacker to escalate privileges to SYSTEM. In some cases, this approach might even reveal new CVEs lurking in your environment. This talk will showcase practical techniques for leveraging SIEM as an offensive discovery tool, helping defenders think like attackers to strengthen security from within.

Bluetooth vulnerability assessment is still in the dark ages. We still don't have a good handle on all the devices that are affected by the exploitable-over-the-air vulnerabilities that we disclosed in Texas Instruments and Silicon Labs firmware back in 2020. But we've been chipping away at the problem!

We released "Blue2thprinting" in 2023 as our starting point towards something akin to nmap OS fingerprinting, but with a focus on learning what we could about the specific Bluetooth chip or firmware versions, to identify known-vulnerable versions. We delved into the thousands of pages of Bluetooth specs to extract bits and pieces, packets and profiles, that had interesting information to share about what a device is.

But even as we continue to add new types of data to enrich our understanding of what devices are, and whether they're vulnerable to known CVEs, there's just so much that's still unknown! In this talk we'll discuss the updates to Blue2thprinting to allow for P2P researcher data sharing and crowdsourcing, and how that can help broaden the global knowledge of Bluetooth vulnerability applicability. And we'll also highlight the ridiculous number of tantalizing known unknowns; and encourage you to join the BlueCrew on our Journey Into Mystery!

Ever wondered how to start your first red teaming engagement? This session will teach real-world methodologies for collecting, analyzing, and applying threat intelligence in offensive security engagements. Participants will gain hands-on experience in extracting TTPs from threat reports, building adversary emulation plans, and using tools like the MITRE ATT&CK Navigator to plan intelligence-driven red team operations. Attendees will also receive custom worksheets and templates to support their future assessments.