Conference Schedule

Please be advised that the schedule is subject to slight changes without prior notification. Therefore, we kindly request that you regularly check the designated page for any updates.


Registration & Coffee

9:30 - 10:00

Scan your code and grab a coffee!


Real world detection engineering in a multi-cloud environment

10:00 - 11:00 , Presenter: Aaron Jewitt

This talk focuses on Elastic's experience as a cloud-first company with a remote workforce, showcasing their Infosec Threat, Detections, and Response team that monitors and protects their global remote workers and cloud environment. The speaker provides an overview of their SIEM architecture, including the use of Cross Cluster Search to create a central cluster for observability and SIEM, and discusses real-world attack scenarios, custom detections, and the automation they rely on for efficient alert enrichment, investigation, and response.


Zero-Touch-Pwn: Abusing Zoom's Zero Touch Provisioning for remote attacks on desk phones

11:00 - 12:00 , Presenter: Moritz Abrell

Cloud communication platforms like Zoom are widely used in daily work, but traditional endpoints like desk phones or analog gateways are still necessary in certain scenarios. This session discusses the security analysis of Zoom's "Zero Touch Provisioning" method in conjunction with certified hardware, revealing vulnerabilities that can allow attackers to compromise devices and potentially eavesdrop on conversations, remotely control devices, or launch attacks on corporate networks.


Lunch break


Detecting the Human: An Introduction to User-Interaction Detection in Malware

13:30 - 14:00 , Presenter: Kyle Cucci (@d4rksystem)

This talk provides an introduction to user-interaction detection in malware, explaining how modern malware employs various techniques to identify automated analysis sandboxes and virtual machines in order to avoid being analyzed and reverse-engineered. The speaker explores the intriguing and occasionally amusing aspects of this field.


"All your files are belong to us!" - Investigating BianLian Extortion-Group Intrusion

14:00 - 14:30 Presenter: Evgen Blohm & Marius Genheimer

Earlier this year we responded to an Intrusion attributed to the BianLian Data Exfiltration & Extortion Group. We will give a rundown of our findings and BianLian TTPs. It will also contain highlights from our Threat Intelligence investigation, e.g. the TA’s switch from Ransomware to Exfiltration-only and their infrastructure.


Setting up an OT SOC

14:30 - 14:45 Presenter: Michael Thibodeaux

Missing description


Coffee & Snack break!


Introducing CS2BR - Teaching Badgers new Tricks

15:30 - 16:30 , Presenter: Moritz Thomas & Patrick Eisenschmidt

This talk focuses on the importance of staying undetected during Red Teaming assessments and introduces a technique called beacon object files (BOFs). The speaker explains that while BOFs have been around for a few years and have become a standard in many C2 frameworks, there are situations where a C2 framework may not support them. The speaker shares their experience working with Brute Ratel C4, which lacks support for Cobalt Strike's de-facto BOF standard API, and discusses how they established full compatibility between the two. They also mention the release of a tool and a blog post series that automate this task.


Living with ADHD in InfoSec

16:30 - 17:00 Presenter: Klaus Agnoletti

Missing description


Farewell to the Security Sandwich

17:00 - 17:30 Presenter: Felix Hammerl

Missing description



17:30 - 18:00