>>>Join the conference chat and discussions over the Discord channel:


14:00 - 14:05 -> Opening remarks, Bernhards Blumbergs (CERT.LV);

14:05 - 14:55 -> Using Honeypots in ICS training environments, Mikael Vingaard (DK),

A technical presentation on high interaction honeypots in an Red/Blue training environment. The presentation will describe ICS honeypots, the benefits and real life practical use, both in real industrial environments and in learning networks;

15:05 - 15:55 -> Data mining TLS network traffic, Markus Kont (EE),

Finding malware callback beacons to C2 servers in modern network traffic has many challenges. Most traffic is encrypted and traditional IoC signatures can only find known threats. This talk presents how simple data mining and statistics can be applied on Suricata TLS and Flow events to reveal infrequent TLS servers, connections with periodic patterns, and how TLS JA3S enables it all;

16:05 - 16:55 -> Get started with OT Network Security Monitoring, Martin Scheu (CH),

A walk through of how to monitor OT networks with the open source software ntopng, covering OT protocol nuances and what to look for in your network in a hands-on manner;

17:05 - 17:55 -> Cloud Security and IAM for Developers and DevOps - How can IAM be exploited and how you can minimize the risks, David Hendri (IL),

How often do you define permissions for new cloud-native applications and do you use the pre-defined vendor suggestion for them or use wildcards? IAM (Identity and Access Management) is an important factor in determining how secured your product will be. Doing it right requires an understanding of how it works and why it is important, which is the purpose of this session. We will talk about what is IAM, how do you use it, what are the risks of an overly permissive configuration - and show a demo of ways to exploit it and how you can minimize the exposure;

17:55 - 18:00 -> Closure of day one, (CERT.LV).



14:00 - 14:05 -> Opening remarks, Bernhards Blumbergs (CERT.LV);

14:05 - 14:55 -> Ransomware: Tales from the Deep Web, Jose Miguel Esparza (ES) && Artūrs Filatovs (LV);

Cybercriminals are dynamic by nature and they are always trying to find easy money. Once a threat actor finds an easy way to make money, this spreads from forum to forum, from chat to chat, gaining more and more “followers” of the technique. This happened with the targeted ransomware attacks and they are here to stay. In this talk we will show examples about how tracking the Deep Web can gather valuable insights about those ransomware groups and their activities, in order to be up-to-date with their latest movements. Knowing the enemies is key to defend against this threat. The talk will start with a short intro in the dark web analytics services, OSINT and use of such services in daily security risk management.

15:05 - 15:55 -> fu*gewithmeyouknowigotit, Mohammed Makhlouf (AE);

The in-depth tech demo will focus on a swiss-army knife for fabricating and generating events in the form of logs, metrics, traces, and transactions to stress test the performance and correctness of your XDR/SIEM solution @ scale.

16:05 - 16:55 -> TBA;

17:05 - 17:55 -> Threat modelling-based software development, Avi Douglen (IL);

17:55 - 18:00 -> Closure of day two and CTF winner announcement, (CERT.LV && CyberCircle).



Mikael Vingaard == {IT & OT industrial specialist, DK;

Mikael Vingaard have been working within the IT/OT security for 20+ years. He runs one of the largest global deployed OT/ICS centric honeypot network and have been credited for many vulnerabilities found in products used within critical infrastructure.}

Markus Kont == {Threat researcher, Stamus Networks, EE;

Markus is a threat researcher and software engineer at Stamus Networks. In this role, he is focused on threat intelligence, data science and engineering, and backend research and development. Before joining Stamus Networks, Markus spent over 5 years as a technology researcher in the NATO Cooperative Cyber Defense Center of Excellence, where he specialized in monitoring and intrusion detection, and conducted classroom trainings for Suricata and Moloch. Markus holds a Master of Science degree in Cyber Security and has published several academic papers while pursuing a PhD.}

Martin Scheu == {OT security engineer, SWITCH CERT, CH;

Martin is a ICS security engineer at SWITCH CERT. His primary role is supporting organizations running ICS/OT equipment. Recent work has been focused on ramping up network security monitoring of industrial networks.}

David 'dudi' Hendri == {CTO, Solvo, IL;

David has over 15 years of experience in delivering enterprise software and leading development teams, with a heavy focus on cloud security and infrastructure in the past 6 years. Prior to co-founding Solvo in 2020, David was one of the first R&D employees at Dome9 Security (acq. by CheckPoint in 2018), leading the development of key features and helping users uphold compliance in the cloud. David is a graduate of "MAMRAM", the elite military programming training .}

Jose Miguel Espariza == {Head of threat intelligence, Blueliv, ES;

His work is focused on researching and providing threat intelligence around botnets, malware and threat actors. He is a security researcher who has been working analyzing Internet threats since 2007 and has taken part as speaker/trainer in several local and international conferences like RootedCon, INCIBE Cybersecurity Summer BootCamp, Source, Black Hat, Troopers and Botconf, among others.}

Artūrs Filatovs == {Head of B2B cybersecurity services, Tet Group, LV;

Arturs is an experienced and passionate cybersecurity solutions professional, working more than 12 years in the field of business cybersecurity and innovations, analysing cybersecurity risk causes and consequences. During last 4 four years Arturs focuses on Security operations center as a service and cybersecurity crisis management.}

Mohammed 'Mak' Makhlouf == {Cofounder & CTO, Ronin Technologies, AE;

Mak identifies himself as a reverse time travelling systems and security engineer. He has a strong practical background in distributed systems, software and security engineering, threat intelligence, and machine learning.}


Conference registration



[+] CTF status:: Deployment in process...

[+] Registration portal:: TBA

[+] CTF style:: Jeopardy && infrastructure takeover

[+] Registration start:: 27SEP, 09:00 (UTC+3)

[+] Registration end:: 04OCT, 09:00 (UTC+3)

[+] Registration confirmations:: 05OCT, 12:00 (UTC+3)

[+] CTF start:: 06OCT 09:00 (UTC+3)

[+] CTF end:: 07OCT 17:30 (UTC+3)

[+] Maximum team count:: 20

[+] Maximum members per team:: 5

[+] Team formation and coordination::

[+] Awards:: Top three teams based on the points scored

[+] CTF provided by:: CybExer Technologies && CTF Tech (EE)

[+] Infrastructure provided by:: TET Group (LV)

[+] Awards provided by:: Cyber Circle (LV)