Level: Technical

Abstract:

Kubernetes has a well rounded authentication and RBAC system. By building on top of the Kubernetes API, it is possible to move from a static RBAC configuration to dynamic permission assignments with giving just-in-time access to privileged actions. As part of our identity security strategy we developed such an in-house tool, which we are making open source now. The tool allows companies to adopt a lightweight alternative to PAM without the need for significant investment.

Bio:

Mark Vinkovits – Throughout his career, Mark has been working with developers on ways to integrate privacy and security aspects into existing development processes – without destroying velocity. He is a strong believer of identifying trade-offs and integrating business value and user experience into the equation.

Peter Szekely is currently working as an IT Security engineer at XUND. He’s
interested in networking and security related tech stuff in any shape or
form. Loves breaking things out of curiousity with passion.

Level: Technical

Abstract:

Join us for a whimsical dive into the world of CyberChef, where data manipulation meets culinary arts! In this talk, we’ll whisk together the ingredients of advanced CyberChef usage, sautéing through complex data transformations and cryptographic recipes. Expect a feast of practical tips and tricks, garnished with a dash of humor and a sprinkle of creativity. Whether you’re a seasoned security analyst or a curious newbie, this session will serve up the secret sauce to turn your cyber investigations into gourmet experiences.

Bio:

Just a SOC analyst

Level: Low Tech

Abstract:

In this talk, I will share my experiences of testing and reverse-engineering some of the big names’ MDMs and anciliary security applications (without naming any of them), focusing on some of our most bizarre findings. Some notable examples will feature:

• A malicious WiFi detection measure which will never detect a real attacker, but which happily harassed me about a local café’s WiFi
• Application-name-centric malware detection
• A marketing-first approach to security (“”we’ve documented, advertised and released a feature, now we just need to implement it…””)

The aim of this lighthearted talk is to highlight the overpromising and underdelivering which is prevalent in the mobile security market, and to point out that many of the problems these solutions promise to address have already been tackled by device manufacturers.

The talk will be aimed at a fairly general audience, hoping to sit well with both technical and managerial security folks. Rather than showing snippets of code, I will focus on high-level descriptions of security features that don’t actually do anything useful. I will not be able to name specific vendors, but most of them are guilty of at least one of the sins I hope to highlight :)

Bio:

Miłosz is a mobile security specialist at WithSecure, having previously spent entirely too much time working in academia. His current work revolves around Mobile Device Management solutions, Android device security audits, advisory consultancy, and complaining about password managers. Outside of technical work, his primary interests are in education and the culture of education.

Level: Advanced Subject Matter

Abstract:

Explore the world of Bad USBs in this comprehensive talk. I’ll cover what Bad USBs are, dive into the popular Rubber Ducky, and examine other notable devices. Learn how to transform a Raspberry Pi Pico into a Bad USB, and discover the affordable and versatile PicoUSB. This session is perfect for hackers, pen-testers, and tech enthusiasts looking to enhance their cybersecurity toolkit with practical knowledge and innovative solutions.

Bio:

Tomislav Brlek, an electronics engineer. Has a Master’s degree in Electrical Engineering (specialty in Electronics) from the Faculty of Electrical Engineering and Computer Science at the University of Maribor. He has several years of experience developing electronics in various different fields like LoRa and LoRaWAN, 4G communications, agriculture monitoring, smart city management, low power IoT devices, etc.

Level: Technical

Abstract:

If you’ve ever wanted to enforce that workloads in your clusters are conforming to security best practices, this talk will show you how! Kubernetes Dynamic Admission Control can be used for advanced validation and error correction of workloads. I will show you the stages of admission control of Kubernetes and how to use them. Finally, I will demonstrate how kube-audit-rest uses dynamic admission control to create an audit log!

Bio:

Richard Tweed is a Kubernetes specialist at Tessl. Over the last five years he has been ensuring security, scalability and compliance across all major Kubernetes cloud platforms. He’s also the lead maintainer of kube-audit-rest.