Speakers
Keynote Speaker - Robert McArdle!
Title: Proactive security through historical knowledge
Abstract: In a world plagued with Ransomware, you would be forgiven for thinking that Cybercriminals just do the same thing over and over again. The reality however is quite different - Cybercrime is anything but static, it's a constant state of slow, and then sudden, evolution. The sophisticated and efficient service industry propping up crime online is the product of generations of cybercrime innovation - and this criminal industry is right in eye of a new AI driven innovation storm. And it it through deep knowledge of the past, that we can proactively predict the future. In this talk, we'll dive into the core innovations that have driven recent Criminal evolutions, and show why this time will be a period where the same technology shifts will give those on the defensive side of CyberSecurity a massive advantage in this never ending conflict.
Bio: Robert is a Director in Trend Micro's Forward Looking Threat Research (FTR) and Adversary Intelligence and Monitoring (AIM) teams, where he is involved in analysing and monitoring the latest Cybercrime threats - specializing in researching the future threat landscape, Cyber Threat Intelligence (CTI) and coordinating investigations with international law enforcement. Robert is a regular presenter for the press and at security conferences. He also has lectured in Malware Analysis and Cybercrime Investigations on MSc modules at Munster Technological University (MTU) and University College Dublin (UCD). He worries that his hobby and job are one and the same, and constantly wonders if "normal" people have that problem.
Presentations
Ben Aveling
Title: The vulnerability in your pocket
Abstract: Your phone is insecure, for reasons that have nothing to do with your phone, and that you can't fix. But there are choices you can make that will make you somewhat safer, and other choices that will leave you more exposed than you need to be. Mobile phone operators communicate with each other using the SS7 and Diameter protocols. Roaming and SMS, as we know them, would not be possible without SS7 and Diameter. However, these protocols are inherently insecure and always have been. Attackers regularly use these protocols to defeat 2FA, perform man in the middle attacks, track people, and more. There are many recommendations for making yourself safer – use an iPhone, use a Pixel, use a dumb-phone, use a landline. Root your phone, don't root your phone. Use Signal, use Telegraph, use WhatsApp, don't use any apps. Use anti-virus, don't use WiFi, do use a VPN. Install all the updates. Does Roaming make a difference? Or does any of it make a difference? Are you just at the mercy of hackers, or perhaps you can count on your service provider to protect you? This talk addresses all these questions and more: how these protocols are abused; why we still use them; what is going to have to happen before we can stop worrying about these vulnerabilities, and why it won't happen any time soon.
Bio: CyberSecurity Architect and Global Champion for Security at Nokia, 10+ years in Cybersecurity, GIAC Advisory Board Member, holder of 3 GIAC Certificates.
Sebastian Gebhard
Title: The current state of ransomware
Abstract: Ransomware is the most present threat in Cyber Security today, making the headlines almost every week. This talk will give an overview of the current ransomware landscape. We will look at the history, recent developments and give an preview of what might come. To round up the talk, I will share some (sad and funny) stories from Incident Response in over 80 Ransomware Cases over nearly 10 years solved by Corporate Trust, as well as practical measures for everyone to take home and secure in your infrastructure(s).
Bio: Sebastian is a principal security consultant at Corporate Trust. In his role he consults and assists companies in incident response when they experience a cyber attack. He has 8 years in experience in IT-Security and 18 years experience in IT with a background in Electrical Engineering.
Nithin Ravi
Title: APIcalypse Now: Hunting APIs to Profit
Abstract: Imperva reported that 71% of the internet traffic in 2023 was API calls and a typical enterprise sees an average of 1.5 billion API calls - which makes it a massive area for cyber criminals to target. APIs control the flow of information between two applications and if APIs are compromised, we would see more data theft, broken access controls and other issues. Hence, to keep the bridge safe, I believe we - the good folks - should actively find vulnerabilities in APIs and safely report them to organizations. By doing so not only making money in the process but also strive hard the digital space safe.
Bio: Ex-Security Solutions Engineer, currently a confident student pursing masters to get back into the industry. SecNerd, dev, content creator and holds eJPT and CRTP.
Dan Hayman
Title: Intelligence Driven Threat Actor Analysis BlackBasta and Affiliates
Abstract: This presentation details the financially motivated threat actor, BlackBasta, and includes an analysis of what Cyber Threat Intelligence can inform security professionals. The data analysis reveals that Cyber Threat Intelligence must be delivered responsively, utilize automation, and be enforced effectively. After all, BlackBasta demonstrates high operational maturity, deploying social engineering and double extortion tactics, so a mature cybersecurity approach is required to prevent BlackBasta and affiliates. The recommendations outlined include the value of utilizing multiple Cyber Threat Intelligence providers to comprehensively analyze cyber threats and produce actionable policies to alert and thwart threat actors like BlackBasta. The presentation will further highlight the value of organizations ensuring they deploy human-led Cyber Threat Intelligence analysis and interpretation to advance upward in the Pyramid of Pain. By leveraging multiple Cyber Threat Intelligence sources in the preliminary analysis presented here, this work-in-progress paper is unique, offering valuable insight into BlackBasta and affiliates not yet seen in the existing literature. The presentation will also include a summary of up to date threat actor tooling.
Bio: Dan Hayman is an Intelligence Operations Analyst for Centripetal and is based in Galway. He undertakes weekly threat hunts of his client environments and generates actionable recommendations and insights to help improve their security program.
James McQuiggan
Title: Deepfakes & Dark Side AI Attacks
Abstract: As cybersecurity professionals, we joke that not everything is real or accurate. Now, almost seeing is no longer believing. Synthetic media and deepfakes represent a significant shift in the cybersecurity threat landscape. Cybercriminals are weaponizing these technologies to create deepfakes or synthetic media capable of bypassing human defenses, manipulating trust, and executing sophisticated social engineering attacks. It is an evolving intersection between artificial intelligence and malicious intent. Through cutting-edge research and real-world case studies, it's important to understand how AI-driven deepfakes, ranging from fabricated videos and audio to synthetic identities, transform cybercriminals' and scammers' tactics. From the misuse of Generative Adversarial Networks (GANs) to real-time examples of synthetic fraud, attendees will learn how synthetic media enables phishing, financial fraud, and data breaches with alarming precision. Gain insights into the Dark Web AI Ecosystem and look into the tools, platforms, and marketplaces that make deepfake creation accessible to malicious actors. This presentation doesn't stop at highlighting the dangers; it equips one with the tools and strategies to fight back. Attendees will gain actionable insights into detection tools and frameworks to uncover even the most convincing synthetic media. Learn about proven methodologies for training employees to recognize and counter deepfake-enabled social engineering and gain practical steps to bolster organizational defenses and mitigate emerging risks from AI-enabled cybercrime. It's a wake-up call for cybersecurity leaders, IT professionals, and decision-makers. The stakes are real, the risks are immediate, and the attackers are evolving faster than ever.
Bio: James McQuiggan has over 20 years of experience in cybersecurity and is currently Security Awareness Advocate for KnowBe4. Prior to joining KnowBe4, McQuiggan worked at Siemens in the Energy and Wind Divisions. Over the years he has held various cybersecurity roles, including consulting on cybersecurity standards, information security awareness, incident response and securing industrial control system networks. McQuiggan is a part-time faculty professor at Full Sail University, teaching Cyber Threat Intelligence. He also volunteers with ISC2, including president of the ISC2 Central Florida Chapter, and a member of the North American Region Advisory Council.
Bogdan Tiron
Title: Examining Access Control Vulnerabilities in GraphQL - A Feeld Case Study
Abstract: This talk explores the importance of implementing robust access controls in GraphQL and REST APIs and the severe consequences when these controls are not properly enforced. GraphQL, a flexible data query language, allows clients to request exactly the data they need, but without proper access control mechanisms, sensitive data can be easily exposed. Using the Feeld dating app as a case study, we will dive into a critical security review of how the lack of access controls in GraphQL and REST endpoints led to the exposure of users' personal data, including sensitive photos, videos and private messages. This session will highlight common access control vulnerabilities in GraphQL and REST implementations , real-world examples of security lapses, their impact and remediation.
Bio: Bogdan Tiron is a seasoned security consultant with over 10 years of experience specializing in application security. He has a proven track record of enhancing security measures for leading organizations, including bet365, JPMorgan Bank, GFK, HSBC, Lloyds Bank, and WorldRemit. Throughout his career, Bogdan has held various roles, including application security consultant, pentester, security architect, and DevSecOps specialist. Four years ago, recognizing a gap in quality within the pentesting industry, he co-founded FORTBRIDGE, a cybersecurity consulting company that offers pentesting, phishing, and red-teaming services to clients seeking to enhance their security posture. Passionate about staying ahead of emerging threats, Bogdan is dedicated to fostering a culture of security within organizations and empowering teams to integrate security practices seamlessly into their workflows.
Roman Zhukov
Title: Building world class Security-First engineering culture
Abstract: How many times application developers are annoyed and hear: "no, this new fancy package is dangerous and not allowed" or "why don't you use the latest version of this kernel-level dep"? What if I tell you your company can avoid these debates, focusing on the business deliverables? Often the terms like "security champion" or "security culture" are perceived as a specific (and full time) job and just yet another buzzword which doesn't make sense. However, the primary purpose of a Security Champion is to help incorporate good security practices and to spread security-first mindset and culture into teams' daily routine. Let's talk about how to work on both team business KPIs and security tasks at the same time. I will share my industry leading experience about why the Security First mindset can successfully grow only by developing from within, yet not from "under the stick" of a centralized security team.
Bio: Practicing cybersecurity expert, engineer and manager (15+ years), (ISC)2 CC (Certified in Cybersecurity). Currently - Principal Security & Community Architect at Red Hat. Ex. - Head of Product Security & Privacy for Data Center & AI SW at Intel. Roman has broad experience from security architecture & threat modelling to secure development & tooling to vulnerability management & incident response to security education programs for engineers & senior managers. Currently Roman leads industry engagement and several Open-Source security initiatives: Security Champion for Linux Foundation projects, contributor to several working groups under OpenSSF, Eclipse, and other foundations. Lecturer at Universities and commercial educational centers. Security Advisor and Evangelist. Mentor and consultant for startups. Recognized as the best speaker and mentor several times.
Gerry Carroll
Title:Measuring and Managing Cyber Risk – A Quantitative Approach using the FAIR Methodology
Abstract: Cyber risk quantification provides a detailed analysis of the impact and likelihood of risk scenarios expressed in financial and probabilistic terms. This helps business leaders and decision-makers to strategically prioritize security investments, enhance cybersecurity resilience, and meet compliance standards more effectively. Our presentation will provide an overview of the FAIR framework, illustrating its ability to decompose risk into defensible, quantifiable metrics. We will explore how cyber risk quantification is applied to risk scenarios by demonstrating some practical examples. We will briefly discuss applying a quantitative approach to cyber risk to other use cases such as cyber insurance, regulatory compliance, board level governance and supporting CISO investment prioritization.
Bio: Gerry Carroll is Delivery Manager at C-Risk, the European specialists in the quanatification of cyber and technology risk. He has certifications for CISSP, FAIR, ITIL, and Project Management. He is a seasoned Cyber Risk Consultant with 10+ years of IT and Information Security experience in the manufacturing, financial, insurance, and cybersecurity industries.