spliter-img

Location

VENUE

On-site: Radisson BLU Latvija, Elizabetes Str.55, Riga, Latvia


October 1 - 3, 2024

The conference time zone is Eastern European Summer Time (UTC/GMT +3)


LIVE STREAMING

Details and the streaming link for October 2-3 will be shared as we get closer to the event date.
Keep an eye on this page for the latest updates.


Note: Certificate only for registered on-site and online attendees!


spliter-img

Registration

spliter-img

Agenda

01 OCT

Workshops and Trainings

Registration for the "CyberChess 2024" conference and the workshops and trainings on October 1 is separate. Please remember that you can register for either one full-day workshop OR one morning and one afternoon workshop. Note that seats are limited! Registration for workshops and training sessions will be open until September 10.

Workshops and training sessions are free of charge, and coffee breaks and lunches are included!


Morning Workshops

08:00 - 08:30 Registration register Room
08:30 - 12:30 Data science for incident responders working with data leaks [ENG], Mr. Éireann Leverett, Mr. Lorenzo Nicolodi GAMMA II
The goal of this workshop is to provide to participants practical experience on how data science can be applied to data leaks and how the gained knowledge can be used to both strengthen the infrastructure and make the incident response phase more efficient and effective.

We will first take a look at how data can be programmatically acquired both on clearnet and on Tor (you can't evaluate data you don't have) and we will then move to some exercises leveraging Python, Jupyter notebooks and Panda library to see how these can be invaluable tools for practicing skills and for uncovering elusive evidence (e.g. attackers' TTPs).

Last but not least, we will see how similar skills can be transfered to a connected but different domain, i.e. the tracking of cryptocurrency addresses used for malicious activities.

Type of the workshop: technical
Level: intermediate

Prior knowledge necessary: The participants are expected to have basic Python and networking knowledge. You may participate regardless, but we may not be able to help you as much as we might like due to time constraints.

Personal equipment necessary: Bring your own laptop with the possibility to install software (like Python and its packages). If you want to avoid doing this on your main machine, using a VM is also fine.

We suggest you to join the workshop with the latest version of Python3 already installed, together with your preferred text editor / Python3 IDE. If you don't have one, we suggest Microsoft Visual Studio Code, together with the Python extension.
08:30 - 12:30 GOing Beyond C: An Introduction to Reverse Engineering Go Malware [ENG], Mr. Max Ufer, Mr. Sebastian Tauchert (Fraunhofer FKIE) KSI
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.

In this workshop, we want to provide an introduction to reverse engineering malware that was written in Go. Initially, we will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.

Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Participants should have a basic understanding of assembly and reverse engineering of x86/x64 binaries.
Personal equipment necessary: Participants should bring a laptop that is capable of running a VirtualBox virtual machine with at least 4GB Ram. VM download: TBA
08:30 - 12:30 Chess training [ENG], Riga Chess Federation LAMBDA
Chess training involves structured learning and practice to improve your skills and understanding of the game. The training involves a combination of studying theory and refining both tactical and strategic skills.

Chess training is an investment in both - intellectual development and personal growth. It sharpens mind, builds critical skills, and provides a deep sense of satisfaction. It’s also a lifelong hobby that can be played and enjoyed at any age, offering continuous opportunities for learning and improvement.
09:00 - 12:30 Nacionālās kiberdrošības likuma prasības – kā sagatavoties? [LV], Mr. Mihails Potapovs (Aizsardzības ministrija) EPSILON
TBC

Registration for morning workshops


Afternoon Workshops

13:00 - 13:30 Registration register Room
13:30 - 17:30 Threathunting with VT [ENG], Jose Luis Sanchez Martinez (VirusTotal) GAMMA II
Threat hunting is one of the most powerful techniques to proactively uncover and neutralize threats. While it has traditionally been a blend of science and intuition, we witnessed a surge of innovative tools and techniques that can significantly enhance its effectiveness. In this hands-on workshop, we will explore how to effectively use new and traditional techniques including: Identify, monitor and get full context of malicious campaigns. Effective semi-automated YARA generation. Netloc hunting. Similarity analysis. Understanding and leveraging AI engines for code analysis. Tackling large datasets.

Throughout the workshop, you will engage in practical exercises and real case studies, equipping both seasoned and new hunters with practical knowledge to find and monitor all kinds of real threats.

Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Basic knowledge about VirusTotal.
Personal equipment necessary: Laptop, VirusTotal account created and confirmed once received confirmation email.
13:30 - 17:30 Cybercrime Investigation Workshop [ENG], Ms. Or Lev, Ms. Irina Nesterovsky (KELA) KSI
In this workshop, participants will use a cybercrime investigations tool to track and investigate cybercriminals and their activities, aliases and TTPs. They will also get the opportunity to inspect how their organizations are already exposed to cybercriminal activities and learn of the ways to prevent further compromise. The workshop is designed to arm investigators with knowledge and insights on recent cybercriminal threats, the tricks to track cybercriminals and to leverage this knowledge to defend and investigate. No technical or CTI skills are required.

Level: beginner
Prior knowledge necessary: Registered participants will receive a link to the workshop materials prior to the workshop.
13:30 - 17:30 Chess tournament [ENG], Riga Chess Federation LAMBDA
A chess tournament - a structured competition where players of various skill levels will compete against each other.

Chess tournaments are a powerful way to sharpen skills, challenge yourself mentally, and connect with the chess community. Whether you’re seeking to improve or simply enjoy the thrill of competition, tournaments offer valuable experiences that can elevate your chess journey.

Registration for afternoon workshops


Full Day Workshops

08:30 - 09:00 Registration register Room
09:00 - 17:00 Practical drone forensics [ENG], Mr. Wayne Burke (Cyber2Labs, US) BETA
The workshop will begin with a detailed technical overview of the Drone / UAV eco system with major components. Then we will proceed with how, what and why for Drone forensics and incident response.

Type of the workshop: technical
Level: beginner
Prior knowledge necessary: Entry level IOT / robotics hardware and software
Personal equipment necessary: Laptop and mobile phone / tablet
09:00 - 17:00 Building OpenShield - personal DNS Threat Intelligence with DNS Firewall [ENG], Armīns Palms (CERT.LV) GAMMA I
Course attendee will gain practical skills on building powerful DNS Threat Intelligence system with active DNS protection using open source solutions. Name of the solution: OpenNameShield To build OpenNameShield, the full day workshop will provide following basic knowledge on following topics: - Docker - OpenNameShield is a docker-ized project. Advantages of using docker will be explained as well as key commands of docker. - BIND9 - DNS server set-up and configuration. It is planned to set up operational DNS server during workshop. - RPZ - aka DNS Firewall. Basics on zone creation to block certain domain will be provided. - ELK - Elasticsearch and Kibana set-up. - mmnormalize – usage of rsyslog Log Message Normalization Module will be explained to ensure parsing of incoming log-file - python3 – development of scripts that will enrich the incoming log-file. How to feed OpenNameShield with suspicious/ harmful domains. - REDIS – this is important to ensure that external system limitations are not exceeded. It will be shown how to decrease outgoing requests using REDIS.

As a result OpenNameShield system will be developed where together with participants:
- The system will be enriched with suspicious/ harmful domains that are to be blocked.
- DNS blocking will be checked in real-life.
- DNS threat-hunting will be performed to identify suspicious domains.
- Identification of infected devices will take place based on the statistics of blocked DNS.

OpenNameShield system development includes usage of vast array of open-source solutions. Participants will attain excellent base level knowledge for own future project development as well as general creation of awareness on how such solutions operate.

Type of the workshop: technical
Level: beginner
Personal equipment necessary: Please install docker on you computer. Be sure that command "docker run hello-world" will work for you. Optional, but strongly advised, install "Visual Studio Code" also.
09:00 - 17:00 Security Analyst Workshop - Navigation to Investigation [ENG], Mr. Marvin Ngoma (Elastic, SE) TAU
[The second half of the workshop will be conducted as a Threat Hunting CTF to enhance the gained knowledge in a competitive manner.]

Join us for an enlightening hands-on workshop which is aimed at providing participants with common workflows and analysis that a security analyst would leverage daily. This workshop is divided into four modules detailing Data Navigation and Visualization, Guided Investigation with Elastic, Threat Detection and Investigation and Dark Radiation Investigation and a roundup sample Ransomware Investigation.

The workshop focuses on "a day in the life of an analyst", Real data, real workflows, and investigating threat actor activity.
Workshop Takeaways:
Ability to leverage the Elastic Security for Incident Response.
Ability to understand common workflows for cyber security tasks.
Ability to create security focused visualizations.
Ability to take a proactive approach with Elastic Security.
Ability to apply comprehensive incident response with a case management workflow.

Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Eyes on Glass, Analyst Experience with Elastic Security or other SIEM Solutions. An understanding of current security operations procedures. An understanding of currently available data sources, desired integrations (other SIEM, SOAR).

Registration for full day workshops


Escape Room

A Security Awareness Adventure - Escape Room "Hack The Hacker" will be available two days - 01 & 02 October. Each session lasts 2h. Registration for the "CyberChess 2024" conference and Escape Room is separate!

01 & 02 OCT Please arrive 10 minutes early register Room
10:30 - 12:30 Hack The Hacker SIGMA
A Security Awareness Adventure: Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 other people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!

Duration of each session is 2h and consists of theoretical and practical part.

Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.

Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
13:30 - 15:30 Hack The Hacker SIGMA
A Security Awareness Adventure: Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!

Duration of each session is 2h and consists of theoretical and practical part.

Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.

Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
16:00 - 18:00 Hack The Hacker SIGMA
A Security Awareness Adventure: Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!

Duration of each session is 2h and consists of theoretical and practical part.

Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.

Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none

Registration for Escape Room activity


02 OCT

The cybersecurity conference CyberChess 2024

The CyberChess conference is a cornerstone of cybersecurity events within the Baltic states. It brings together a diverse array of security stakeholders, experts, ISPs, domain industry representatives, and other interested parties to discuss and examine the latest trends, issues, and innovations in cybersecurity.


More than 50 speakers from nearly 20 countries will share their research and experiences in the following cybersecurity-related areas:

  • protection of critical information and infrastructure;
  • Cyber threat intelligence;
  • Ransomware, its triage, and defense;
  • Medicine, nanotechnology, and bio-hacking;
  • Artificial intelligence and machine learning;
  • Alliances and their importance in strengthening security in the Euro-Atlantic area (from strategic, operational and legal perspectives).

Bringing together over 500 attendees on-site and engaging with over 3000 participants online, the conference serves as a dynamic platform for fostering collaboration, knowledge exchange, and networking among Baltic cybersecurity professionals.


"Throughout the past few years we have seen growth in attacks, their sophistication as well as in the level of political support and importance of cybersecurity. This makes events such as CyberChess an important platform not only for knowledge sharing but also establishing new partnerships."
/B.Kaškina, CERT.LV General manager/

OMEGA HALL
08:00 - 09:00 Registration & Coffee   register coffee (pre-registration 01 OCT 13:30 -17:00)
09:00 - 10:30 OPENING PLENARY :: Moderator: Mr. Oskars Priede
09:10 - 09:20 Keynote, Mr. Andris Sprūds, Minister of Defense (MoD, LV)
09:20 - 09:25 Opening remarks, Ms. Baiba Kaškina (CERT.LV, LV)
09:25 - 09:55 Utilizing botnet tracking for enabling disruptions: The Grandoreiro story, Mr. Robert Lipovsky (ESET, SK)
Replicating specific samples to understand the inner workings and network structure of a botnet has several limitations. A more versatile approach involves developing a platform of parsers that can automate botnet tracking by processing malware samples, extracting relevant information, and directly communicating with its command and control (C&C) servers. While the main downside is having to maintain such parsers, the benefits are invaluable – full control over the execution, extraction of any required data, and the ability to fake requests to C&C servers, to name a few. For large botnets, with thousands of samples, this is an extremely effective approach.

Botnet tracking data has repeatedly proven invaluable to law enforcement. It helps them understand the extent of the botnets they are investigating and maps the botnet’s network infrastructure, which is crucial for taking steps to dismantle the botnet and arrest its operators. We utilized this technique to help successfully take down Trickbot in 2020, Zloader in 2022 and, most recently, Grandoreiro in January 2024. We will demonstrate the full power of botnet tracking and how we utilize it for fully automatic processing of thousands of samples of more than 50 different botnets daily. We will provide specific examples of data our tracking system produces, the large variety of features it offers, and how the system’s outputs can be made actionable.

We will illustrate how we utilized these outputs to help the Federal Police of Brazil disrupt the Grandoreiro banking trojan early this year.
09:55 - 10:25 Practical Active Cyber Defense and Threat Hunting, Mr. Varis Teivāns (CERT.LV, LV)
TBC
10:30 - 11:00 Coffee break  coffee

OMEGA HALL Moderator: Mr. Oskars Priede
11:00 - 11:30 Modern Proactive Threat Hunting in the context of dynamically changing Threat Landscape - the view of the CISO, Mr. Jason Steer (Recorded Future, UK)
TBC
11:30 - 12:00 Open, Composable, Unstoppable: The Next Gen of Threat Hunting, Mr. Matthias Vallentin (Tenzir, DE)
This talk advocates for an open and composable data stack as the foundation for the next generation of security architectures, specifically targeting detection engineering, threat hunting, and incident response. In an industry plagued by fragmented point solutions, there is an urgent need for a more sustainable and flexible approach to system architecture.

The presentation begins by examining the current landscape, highlighting the challenges and limitations of existing methods. It then introduces a modular, open-standards-based framework that fosters interoperability across the security ecosystem.

At a technical level, the talk explores opportunities for standardization across various abstraction layers, including data storage, log/event encoding, schema normalization, and the representation of detections, threat intelligence, and analytics. The goal is to demonstrate how a modular, interoperable stack can effectively support and enhance critical operational security functions.
12:00 - 12:30 CTI from the Underground: harness cybercrime intelligence to defend your organization and investigate threat actors, Ms. Or Lev, Ms. Irina Nesterovsky (KELA)
Join us for a comprehensive session on the importance of incorporating cybercrime intelligence into your CTI or threat hunting toolset. Learn about the latest cyber threats emerging from the cybercrime underground and how to effectively gather and translate this intelligence into actionable insights. This presentation will cover the key areas where cybercriminals operate, the methods they use, and how to hunt them. Gain the knowledge and tools necessary to investigate and mitigate these threats, ensuring your organization's defense against evolving cyber risks.
12:30 - 13:30 Lunch lunch
13:30 - 15:00 NATO - from Information Sharing to integrated Cyber Defence

Moderator: Mr. Rolands Heniņš (NCSC, LV)

Panelists: TBC

TBC
15:00 - 15:30 Coffee break  coffee
15:30 - 16:00 Protecting the Blueprint of Life: The Importance of Information Security at the Sub-Molecular Level, Dr. Gregory Carpenter (Knowledge Bridge International, US)
TBC
16:00 - 16:30 Human augmentation for offensive cyber operations, Mr. Len Noe (CyberArk, US)
Transhumans, individuals enhanced with technological augmentations, are now a reality. Historically, these enhancements were viewed either medically, aiding those with disabilities, or as cyborgs in speculative fiction. However, advancements in Brain-Computer Interfaces (BCI), SMART technologies, and consumer products have blurred the lines between the physical and biological, transforming human capabilities and interactions.

Today, transhumans are not just concepts from science fiction but present significant cyber threats to modern security controls. These augmented humans can execute sophisticated cyber attacks, such as URL redirections, phishing, smishing, and man-in-the-middle (MiTM) attacks, using technology embedded within their bodies. Traditional security measures are inadequate against such advanced threats, necessitating a rethinking of our defensive strategies.

The presence of transhumans requires a paradigm shift in cybersecurity, demanding new strategies and technologies to defend against their unique and evolving threats. This presentation will demonstrate various cyber attacks initiated by implants, including MiTM attacks, phishing, smishing, and automated Linux attacks, highlighting the urgent need for layered security solutions. Recognizing and addressing the cybersecurity implications of transhumans is crucial for safeguarding our society in this new era of human evolution.
16:30 - 17:00 Cybersecurity in Health: Threats, challenges and ENISA’s contribution, Ms. Maria Papaphilippou (ENISA, GR)
1. Policy framework for cybersecurity in health
2. Cybersecurity threat landscape for the health sector
3. ENISA’s contribution in the health sector
ALFA HALL Moderator: Dr. Bernhards 'BB' Blumbergs
11:00 - 11:45 GOing Beyond C: An Introduction to Reverse Engineering Go Malware, Mr. Max Ufer (Fraunhofer FKIE, DE)
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.

In this talk, we want to provide an introduction to reverse engineering malware that was written in Go. We will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.
11:45 - 12:30 IoC asessment and analysis, Mr. Richard Weiss (Mandiant / Google, DE)
In a world of rising atomic indicators, we have to research and implement scalable, repeatable, and fast methods of handling indicators: it is essential to understand the actual and future situation in the cybersecurity field to derive actionable knowledge. The process starts with selection, preprocessing, and selection of the data. Often these fields are handled quickly, but we will take time to discuss and demonstrate the advantages of those steps accordingly to have a good understanding of advantages and resource savings. The usage of tagging, clustering, and adding additional meta information to the indicators and creating compound structures will help cybersecurity professionals to re-use those in different focus fields of cybersecurity.
12:30 - 13:30 Lunch lunch
13:30 - 14:15 (NO LIVE STREAM) Lucky Leaks: 400 million file paths are worth a thousand words, Mr. Lorenzo Nicolodi (Microlab.red, IT)
We spent the last two years collecting and studying the content provided by ransomware gangs on their DLS (Data Leak Site), more often than not hidden by the Tor network. We discovered that the list of the files inside the leaks can provide plenty of information about the gang's TTP, the impact for the victim and the most effective countermeasures. The victim's privacy is preserved, because we don't look at the content of the leak itself, except in specific circumstances we have a chance of getting the TTPs.
14:15 - 15:00 From AI to Emulation: Innovations and Applications, Mr. Jose Luis Sanchez Martinez (VirusTotal, ES)
During the session we will see how, through the use of AI and behaviors extracted from sandboxing and intelligence services such as VirusTotal, emulations can be created that help different teams such as blue teams, detection engineering teams and purple teams to improve the gaps in detection.

We will take several examples to see the different results we have obtained, the pros and cons and how this approach can be improved in the future.

We will share the results obtained and also the tools and techniques that we have used to carry out this research.
15:00 - 15:30 Coffee break  coffee
15:30 - 16:15 Advanced Threat Hunting: Leveraging AI and ML for Large-Scale Log Analysis, Mr. Marvin Ngoma (Elastic, SE)
In today's cybersecurity landscape, the ability to efficiently parse and analyze large volumes of log data is crucial for effective threat hunting and incident response. This in-depth tech talk will explore the cutting-edge mechanics and practical approaches employed by Elastic to facilitate advanced threat detection and mitigation. We'll delve into how Elastic's solutions leverage machine learning (ML) and artificial intelligence (AI) to automate the analysis of log files, enabling real-time insights and proactive security measures.

The session will cover key aspects such as the architecture and scalability of Elastic's platform, best practices for integrating ML models into your threat hunting workflows, and practical case studies demonstrating the effectiveness of these techniques in real-world scenarios. Attendees will gain a deeper understanding of how to utilize Elastic's powerful tools for large-scale data ingestion, correlation, and anomaly detection, ultimately enhancing their organization's cybersecurity posture. Whether you're a security analyst, data scientist, or IT professional, this talk will provide valuable insights into harnessing the full potential of Elastic for comprehensive threat hunting operations.
16:15 - 17:00 The Role of AI in Enhancing SOC Capabilities, Mr. Artur Bicki (Energy Logserver, PL)
TBC
BETA HALL Moderator: Ms. Dana Ludviga (CERT.LV, LV)
11:00 - 11:30 The power of persuasion: advocacy that transforms cybersecurity practices, Ms. Cornelia Puhze (Switch, CH)
This presentation explores how cybersecurity professionals can become effective advocates for security within their organisations. It emphasises the importance of non-technical skills, particularly the ability to translate complex cybersecurity concepts into language and context that resonate with the specific stakeholders addressed. Through storytelling and targeted communication, these advocates can illustrate the critical role of cybersecurity in managing enterprise risks and supporting business objectives.

Attendees will learn actionable strategies to enhance their advocacy efforts, ensuring that cybersecurity is recognised as a fundamental component of organisational strategy and risk management. The session will also discuss recruitment and training strategies to build a robust cybersecurity workforce, emphasising advocacy skills that enable professionals to effectively lobby for the integration of cybersecurity into organisational strategy and risk management.
11:30 - 12:30 Encouraging Transparency and Stopping the Blame Game, Ms. Merike Kaeo (Double Shot Security, EE)
Reporting security incidents and breaches has historically been a matter of reporting as little as possible due to concerns about regulatory ramifications and negative media hype. Internal to an organization, leaders often question the resources spent on cybersecurity controls when breaches still exist. This session will utilize stories to showcase examples where transparency has been a priority when reporting cybersecurity incidents to regulators, organizational leaders and customers. Strategies are illustrated for working with organizational leaders to make effective risk management decisions where cybersecurity controls are shown to be a business enabler with associated risks that depend on the organization’s risk tolerance levels and eliminate the surprise of breaches.

Attendees will learn how to foster industry change to encourage cybersecurity incident transparency and break down the barriers that still exist in policy and regulatory frameworks to incentivize more timely reporting. The session will also detail strategies to meet cybersecurity reporting requirements stipulated in varying global laws and regulations, such as the NIS2.
12:30 - 13:30 Lunch  lunch
13:30 - 14:00 The path from initial access to ransomeware attack - connecting the dots between accesses being sold in the underground communities to ransomeware attacks., Ms. Or Lev (KELA)
In recent years, there has been a significant increase in cybersecurity incidents initiated through valid credentials of victim company assets. Ransomware attacks, in particular, have caused severe financial and operational damage, and in some cases, even the loss of human lives. This session will explore the "reaction chain" leading to such attacks, tracing it from account credentials sold on underground platforms, to advertisements by Initial Access Brokers, and ultimately to ransomware deployment. We will present real-life examples and discuss effective strategies to prevent these attacks.
14:00 - 14:40 Negotiation beats manipulation, Mr. Matthias Herter (MSH Advice & Training, CH)
Modern cyber extortion follows a pattern that seeks a transactional solution to the caused crisis in the shortest possible time and without unnecessary communication. The obvious solution is payment in electronic currency for the criminals and the decryption of data or termination of criminal activities for the victims. The victims rarely have the resources and skills to do anything about these crimes other than either give in to the demands or suffer major damage. One of the offenders' most effective weapons is the fear and shame of the victims, the conveyed feeling of powerlessness and the domination of communication. In this respect, little has changed historically in the general dynamics of blackmail. However, despite this demonstrated power imbalance, communication with the perpetrators is one of the keys to counteracting modern cyber extortion. The presentation shows which negotiation methods private individuals, security service providers and law enforcement agencies can use to counter the strategies of criminals and provides recommendations that will serve as a decisive contribution to the prevention of cyber extortion. The title "Negotiation beats manipulation" stands for the approach that utilises the potential of communication to develop alternative solutions.
14:40 - 15:00 Our journey in navigating Obstacles and Evaluating the Worth of Cybersecurity Insurance, Mr. Roberts Pumpurs (ALTUM, LV)
TBC
15:00 - 15:30 Coffee break  coffee
15:30 - 16:00 Analysis and forecasting of exploits with AI, Mr. Roman Graf (Deloitte, AT)
In this talk we address questions, such as: Why is Cyber Security important? What is the current cyber threat landscape? How have particular attack vectors evolved in the past? Which cyber threats are most important at the moment? Which cyber threats could be important in the future? How to protect against it?

Protection organizations against increasing number of cyber-attacks has become as crucial as it is complicated. To be effective in identifying and defeating such attacks, cyber analysts require novel threat modelling methodologies based on information security and AI techniques that can automatically recommend protection measures. We propose custom simple explainable on-site approach to recommend most significant threats. Our goal is to provide solution that could extract attack vector features, find related correlations with aggregated knowledge base in a fast and scalable way, and to automate recommendation of additional attack vectors and protection measures.

Our effective and fast threat analysis method is based on artificial intelligence and can support security experts in threat modelling, security budget planning, and allow them to quickly adopt suitable protection measures for current and future periods. In this talk, we evaluate AI similarity search and recommendation technologies as a system for threat modelling facilitation and assess its accuracy and performance. This approach should reduce the number of manual research activities and increase organization’s security. We demonstrate how the presented techniques can be applied to support security experts to plan an organization’s protection strategy.
16:00 - 16:30 How to Create a Cyberspace Operations Artificial Intelligence Avatar, Mr. Michael Price (ZeroFox, US)
It is now possible to create a cyberspace operations artificial intelligence avatar. The avatar can be created by combining numerous AI-based capabilities, including: Speech-To-Text (STT), Large Language Models (LLM), Text-To-Speech (TTS), multi-modal LLMs for image generation, generative AI models for lip syncing and so on. These AI-based capabilities can be combined with traditional cyberspace operations capabilities to create the desired avatar. In effect, the human operator can speak to an avatar conversationally, issuing voice commands and receiving voice responses spoken by a human-like avatar presented to the user within a software application.

A software controller can be implemented that leverages LLMs to interpret commands and to generate and execute plans. Output can then be relayed back to the user. This can be used, for example, to support Offensive Cyber Operations (OCOs), whereby the human user instructs the avatar to attempt to exploit a vulnerable host within a victim’s cyber attack surface. There are many other possibilities as relates to both offense and defense as well.
16:30 - 17:00 (NO LIVE STREAM) The process of blocking malicious SMS and other forms of phishing, Mr. Szymon Sidoruk (CERT.PL, PL)
Last year Polish parliament has passed the Act of Combating Abuse in Electronic Communications, which includes attempt to fight with malicious SMS. I'll show how we do it and how it fits into our existing anti-phishing workflow.

17:00 - 20:30 Social event, Main Lobby

03 OCT

OMEGA HALL
08:00 - 09:00 Registration & Coffee   register   coffee
09:00 - 10:30 OPENING PLENARY :: Moderator: Mr. Oskars Priede
09:00 - 9:25 Keynote, MGen. Dave R. Yarker (Canadian Cyber Forces, CA)
TBC
09:25 - 9:55 (TBC) Collective cyber defense, Mr. Luc Dandurant (NCIA and NATO DCO, BE)
TBC
09:55 - 10:25 Supply chain and cyber physical system protection, Mr. Egons Bušs (LMT, LV)
TBC
10:30 - 11:00 Coffee break  coffee

OMEGA HALL Moderator: Mr. Oskars Priede
11:00 - 11:30 (NO LIVE STREAM) russian cyber focus on destroying Ukrainian energy sector, Mr. Serhii Barabash (UA)
This presentation is intelligence view on russian attacks against energy sector of Ukraine.
11:30 - 12:00 Reaping process improvements from network leaks - boost your OT security controls, Mr. Mikko Kenttälä (SensorFu, FI) and Mr. Robert Valkama (Fortum, FI)
We will walk you through how focused testing of network segregation, a fundamental security control, can reap unexpected benefits on improving the overall OT security posture on other fronts as well.
12:00 - 12:30 Guardians of the Network: Key Security Events and Insights from the Mobile Frontier, Mr. Mārtiņš Kaļķis (LMT, LV)
The presentation will explore notable security events observed by LMT across three critical domains: physical security, mobile security, and cybersecurity. We will discuss the mitigation efforts implemented to address these security challenges, sharing valuable insights and lessons learned from our experiences. This presentation aims to equip attendees with a deeper understanding of the multifaceted security landscape and the proactive comprehensive measures necessary to safeguard against potential threats.
12:30 - 13:30 Lunch lunch
13:30 - 14:30 Strengthening the European cybersecurity ecosystem

Moderator: TBC

Panelists: TBC

TBC
14:30 - 15:00 TBC

Panelists: TBC

TBC
ALFA HALL Moderator: Dr.Bernhards 'BB' Blumbergs
11:00 - 11:45 Drone Tactical Forensics and Incident Response, Mr. Wayne Burke (Cyber2Labs, US)
During this high energy presentation we will cover fundamental Drone Forensics and the importance for law enforcement, emergency / security personnel and all professionals responsible for managing various aspects of Drone operations. Coupled with effective techniques for data extraction methods: onboard storage, data acquisition. Analyzing flight logs and telemetry data with a tear-down to identify all core drone components.
11:45 - 12:30 TA577 Walked just past You: Indirect Syscalls in Pikabot , Mr. Patrick Staubmann (VMRay, AT)
In late 2023, the notorious Pikabot loader reappeared after a break of several months. Its reappearance, coupled with striking similarities in its delivery chain with QBot suggests its role as a replacement family used by threat group TA577. Pikabot's reputation for being evasive precedes it, but its latest variant introduces a new level of sophistication, with techniques attempting to bypass AV, EDR, and even sandboxes. The integration of indirect syscalls has left security products grappling with detection challenges, as hooks, commonly used in EDRs and sandboxes, won't be enough to inspect the inner workings of such samples during execution.

Our talk aims to delve deep into the world of Pikabot, sharing insights, pitfalls, and thoughts gathered from analysis and tracking. We'll provide an exhaustive analysis of Pikabot's loader module, dissecting its obfuscation and evasion techniques in detail. With a special focus on the intricacies of indirect syscalls, we'll explore how this technique successfully circumvented many sandboxes and how our proof-of-concept reimplementation demonstrates how many more enhanced indirect syscall techniques malware developers could already have in their arsenal.

Furthermore, as Pikabot's operation have been shutdown via Operation Endgame, we'll speculate on future developments and trends in evasion techniques, offering practical recommendations for effectively detecting and mitigating such and similar threats.
12:30 - 13:30 Lunch lunch
13:30 - 14:15 The future of vulnerability management is predictive, Mr. Éireann Leverett (Concinnity-risks, UK)
Vulnerability management and patching prioritization are undergoing a revolution. Prediction and forecasting have become rich research arenas, and we'll present an assortment of those advances, some of which are ours. We are moving to a world where vulnerabilities can be foreseen, and exploits anticipated. Even exploitation events in specific networks aren't immune to quantification, and we expect this to advance quickly. Why wait for zero days when the future of vulnerability management is getting away from reaction and moving towards predictive risk. I share my experience writing the vulnerability forecasts for FIRST.org, and running the Vuln4Cast conference.
14:15 - 15:00 Federated Learning Approaches to Bolstering Cyber-Physical Systems Resilience, Dr. Delwar Hossain (NAIST, JP)
The lecture covers security issues in modern automobiles and Industrial Control Systems and proposes Deep Learning, Federated Learning-based solutions to address them. The CAN bus system used in modern cars lacks basic security features, making it susceptible to attacks such as DoS, Fuzzing, and Spoofing. Similarly, the Modbus RS-485 protocol used in smart meters lacks authentication and encryption mechanisms, making it vulnerable to attacks. As a countermeasure, an intrusion detection system (IDS) using the Federated Learning (FL) approach can effectively detect malicious activities and ensure data protection from intruders. The structured presentation covers topics ranging from the security challenges of automotive and ICS systems to the development of AI-based IDS, autonomous driving model resiliency, using Federated Learning.
The lecture is structured as follows:
- Security issues of modern automotive and ICS systems
- Proposed defense verification platform for the CAN bus system
- Development of a deep learning, Federated Learning-based IDS
- Development of automotive and Modbus attack datasets and AI-based IDS
- Attacker Localization with Machine Learning in RS-485 Industrial Control Networks.
BETA HALL Moderator: Ms. Dana Ludviga (CERT.LV, LV)
11:00 - 12:30 DNS on steroids

Moderator: Ms. Dana Ludviga (CERT.LV, LV)

Panelists: Ms. Katrīna Sataki (NIC.LV, LV), Mr. Kirils Solovjovs (Possible Security, LV), Iveta Skujiņa (NIC.LV, LV), Mr. Kristians Meliņš (NIC.LV, LV), Mr. Helmuts Meskonis (Domain Summit Ltd, UK)

In this engagement session, we will delve into the dynamic world of the Domain Name System /DNS/ and its evolving landscape. We will cover traditional DNS, the introduction of new generic Top-Level Domains /gTLDs/, and their impact on the domain name market. We'll discuss the benefits and challenges these changes bring for businesses and consumers, as well as the potential for innovation in areas like decentralized internet addressing.

Panelists and the audience will also explore critical cyber security and legal issues that average internet users should be aware of.
12:30 - 13:30 Lunch  lunch
13:30 - 14:00 TBC, Ms. Merle Maigre (eGA, EE)
TBC
14:00 - 14:30 TBC, Mr. Maxim Matskul (CloudFlare)
TBC
14:30 - 15:00 Game of Drone! Field insights from the war in Ukraine, Ms. Gabrielle Joni Verreault (Universite de Montreal, CA)
As technology continues redefining modern warfare's landscape, its impact extends beyond the battlefield to involve civilians in unprecedented ways. This presentation, "Game of Drone! Field Insights from the War in Ukraine," offers a unique perspective grounded in firsthand experiences from the front lines of the conflict. It explores the critical intersection of technology, ethics, and civilian involvement, drawing from the presenter's extensive fieldwork in Ukraine. The session will explore the challenges and legal ambiguities that arise when civilians, driven by a desire to support Ukraine, engage in activities ranging from ethical hacking to drone operations. Key areas of focus will include the blurred lines between civilian and combatant roles in cyber operations, the ethical dilemmas inherent in these initiatives, and the broader implications of these efforts within the framework of International Humanitarian Law.

Beyond the technical and legal analysis, the presentation will offer insights into the presenter's unique stance on security, informed by a background in public health and a deep commitment to human well-being. This perspective is rooted in a care-oriented and reduction-of-harm approach, emphasizing the importance of ethical considerations and the responsible use of technology in conflict zones.

Attendees will gain a nuanced understanding of the ethical and legal considerations essential for aligning technological skills with the needs on the ground in a responsible and impactful manner. This discussion is particularly relevant for ethical hackers, technologists, and those interested in the practical and ethical dimensions of civilian participation in modern conflicts.

15:00 - 15:30 Coffee break  coffee
15:30 - 17:00 CLOSING SESSION :: Moderator: Mr. Oskars Priede
15:30 - 16:00 Countering generative AI disinformation: a Ukraine experience, Mr. Dmytro Plieshakov (Osavul, UA)
The presentation will cover the most recent AI-powered techniques used by hostile actors to plan, create and disseminate disinformation campaigns. It will also focus on how AI and Large Language Models can used by the defenders community to protect the information environment from hostile activities.
16:00 - 16:20 Tailoring security systems for the AI era, Mr. Dmitrijs Ņikitins (Tet, LV)
This presentation will explore the significant transitions within the IT industry over the past decades, focusing on the integration of advanced AI technologies that have transformed traditional security measures.

AI is a double-edged sword in the realm of cybersecurity. On one hand, it represents a potent threat vector, with AI-driven attacks becoming increasingly sophisticated. On the other hand, AI is indispensable for developing proactive defenses, capable of predicting and neutralizing threats before they manifest.

This presentation will explore the significant transitions within the IT industry over the past decades, focusing on the integration of advanced AI technologies that have transformed traditional security measures. And highlight how cybersecurity must evolve, incorporating AI not only as a tool but also as an integral part of the strategic framework.

Looking ahead, we will explore predictions for the next decade, emphasizing how advancements like quantum computing might influence cybersecurity. This presentation is designed to equip audience with the knowledge and tools necessary to adapt your security strategies effectively in anticipation of these developments.
16:20 - 16:40 Helping defend the UA powergrid, Mr. Patrick C. Miller (Ampere Industrial Security, US)
TBC
16:40 - 17:00 Conference end ceremony
spliter-img

Speakers

Mr. Andris Sprūds - The Republic of Latvia, Minister of Defense;
Mr. Armīns Palms - CERT.LV;
Armīns is one of the authors of the “National DNS Firewall” project. DNS Firewall is actively used in Latvia. Armīns joined the CERT.LV team in 2016, he is currently leading the incident response team at CERT.LV. His contribution to the DNS Firewall project has lasted for 5 years and he is eager to share his knowledge and experience with cybersecurity community and professionals.
Mr. Artur Bicki - Energy Logserver;
TBC
Ms. Baiba Kaškina - CERT.LV, General Manager;
Baiba Kaškina is the General manager of CERT.LV - Latvian National and Governmental CSIRT (since 2011) leading the dynamic work of the team and liaising with the constituencies. She has started the first CERT team in Latvia in 2006 and since then has been involved in shaping the cyber security ecosystem of Latvia as well as internationally. Baiba has been the chair of European CSIRTs collaboration forum TF-CSIRT from 2014-2019. She has received the Order of Three stars from the Republic of Latvia in recognition of her contribution to establish and lead the Latvian cyber security environment.
Ms. Cornelia Puhze - Switch, Security Awareness & Communications Expert;
Cornelia Puhze is an information security awareness & communications expert at Switch. As part of the multi-sector Switch-CERT, she supports various communities in managing the human risk in information security. Cornelia is educated to postgraduate level in multilingual, corporate and political communications and has a background in language teaching. She co-chairs the FIRST Human Factors in Security SIG https://www.first.org/global/sigs/hfs/.
Ms. Dana Ludviga - CERT.LV, Information systems security analyst;
Dana Ludviga holds a MSc in Computer Science from the University of Latvia and works as the cybersecurity incident analyst at CERT.LV - Latvian national and govermental CSIRT. Dana is coordinating engagement with different stakeholders as well as representing CERT.LV at national and international events.

Before her current role, Dana was a project manager at the .LV registry NIC.LV where she contributed to the development of the domain industry with a keen eye on domain name security. As a computer science researcher at the University of Latvia her work extended to diverse IT research and network development projects funded under the 7th framework of the European Union.
MGen. Dave R. Yarker - Canadian Cyber Forces, Commander;
MGen Yarker is an Army Signals Officer in the Canadian Armed Forces (CAF). He has worked within the Cyber domain for the past 15 years and is currently in the role of CAF Cyber Forces Commander. He looks forward to returning to Cyber Chess 2024.
Dr. Delwar Hossain - NAIST, Assistant Professor;
Md Delwar Hossain received the M.Sc. in Engineering in Information Systems Security degree from the Bangladesh University of Professionals and a Ph.D. degree in information science and engineering from the Nara Institute of Science and Technology (NAIST), Japan. He is currently an Assistant Professor with the Laboratory for Cyber Resilience at NAIST. He is a member of IEEE Communication Society. His research interests include cybersecurity, artificial intelligence, automotive security, smart grid security, industrial control systems security.
Mr. Dmitrijs Ņikitins - Tet, CTO;
Dmitrijs Ņikitins is a distinguished member of Tet’s board and Chief Technology Officer, who boasts over 15 years of expertise in IT. With a strong foundation in research, development, and technology implementation, he has been instrumental in enterprise digital transformation and agile strategy. Dmitrijs’ multifaceted skill set spans DevOps, software development, network management, and cybersecurity, consistently driving innovation and business elevation.
Mr. Dmytro Plieshakov - Osavul, CEO and co-founder;
Dmytro Plieshakov is a Ukrainian tech entrepreneur with a rich background in AI. He is currently a CEO and co-founder of Osavul, a startup focused on countering disinformation and FIMI. Since 2022, he has been collaborating closely with the Ukrainian government, aiding in the advancement of information security and resilience by implementing cutting-edge technologies for threat detection and data analysis. The technology of Osavul is in active use by the National Security and Defense Council of Ukraine and other big government agencies. Apart from his entrepreneurial journey, Dmytro has a passion for AGI and the philosophy of mind. He is also active as an angel investor, supporting early-stage startups in deep tech.
Mr. Egons Bušs - LMT, Director of Security;
Egons Bušs has more than 30 years of experience in the fields of information security, cyber security and information technology. Since 2016 Egons has been Security Director at LMT, where his responsibilities include mastering information security, cybersecurity and physical security. One of his ongoing professional challenges is driving the digital transformation of physical security. Egons started his career back in the 1980s on mainframe computers. His subsequent work experience continued at the Bank of Latvia where he started out as a network and systems administrator and rose to become Deputy Head of the Information Systems Department. He was also assigned as Project Manager for security projects at the European Central Bank. From 2008 to 2016, Egons worked as IT Director at ELKO Group, which is one of the largest IT distributors in the region. Egons holds an IT Bachelor's degree from the University of Latvia and an Executive MBA degree from the Stockholm School of Economics. Egons serves on the ISACA Latvia Chapter Board and is certified in the Governance of Enterprise IT (CGEIT).
Mr. Éireann Leverett - Concinnity-risks;
Eireann Leverett is a lifelong counter-hacker with an appreciation DFIR, risk, and quantification. He has written books, academic papers, released open source code, and built a small cyber risk consultancy. He is the CTO of a cyber insurance company, and runs the vuln4cast conference.
Ms. Gabrielle Joni Verreault - Universite de Montreal, PhD Candidate - Bioethics;
TBC
Dr. Gregory Carpenter - Knowledge Bridge International, Chief Security Officer;
TBC
Mr. Helmuts Meskonis - Domain Summit Ltd, Founder;
Web Pioneer Since 1999: I began my digital journey by building my first website in 1999. Since 2007, I've immersed myself in online ventures, solving problems for clients who value trust and a personalized approach.

Domain Summit Visionary: As the organizer of the annual independent European B2B convention for the domain name industry, Domain Summit, I am excited to announce our expansion to Nairobi, Kenya, in 2025, in collaboration with KeNic.

Champion of Professional Forums: My passion for domain name investing and business forums drives me to maintain high standards. I own DNForum.com (est. 2001), AcornDomains.co.uk (est. 2004), and more.

Blockchain Enthusiast: Since 2017, I've been an advocate for cryptocurrencies within the global Latvian community, including gifting $Lats to Latvians.

Latvian by Heart: At 6.3ft, blessed with 4 daughters, I've traveled extensively and lived in South Korea. Since 2009, I've called the UK my home.
Ms. Irina Nesterovsky - KELA, Chief Research Officer;
TBC
Ms. Iveta Skujiņa - Head of NIC.LV policy development and compliance group and Senior Lawyer at CERT.LV;
Iveta works at the Institute of Mathematics and Computer Science of the University of Latvia as a Head of NIC.LV policy development and compliance group and is engaged in cybersecurity field as a Senior Lawyer at CERT.LV. Her knowledge of information technology law and policy development expertise has been instrumental in many successful projects as well as liaising with national institutions and other organisations with emphasis on technology and regulation interrelations. Iveta holds an LL.M. from the University of Latvia, where she specialised in Public International Law with a focus on Internet governance.
Mr. Jarkko Vesiluoma - Elisa;
TBC
Mr. Jason Steer - Recorded Future, CISO;
A 20-year cybersecurity veteran, Jason Steer is CISO at Recorded Future, where he maintains global responsibility for ensuring the protection of all customer-facing services, internal operational systems, and related information assets.
Mr. Jose Luis Sanchez Martinez - VirusTotal, Security Engineer;
Joseliyo Sanchez is a security engineer at VirusTotal - Google. Member of the ENISA Working Group on Cyber Threat Landscapes. Previously worked at McAfee and BlackBerry as a threat researcher. His main objectives are threat hunting that leads to detection engineering and analysis of APTs and Crime groups.
Ms. Katrīna Sataki - .LV registry (NIC.LV), Chief Executive Officer;
Katrina Sataki currently serves as the Chief Executive Officer of NIC.LV, the country code Top-Level domain of Latvia managed by the Network Solutions Department of the Institute of Mathematics and Computer Science, University of Latvia. Katrina has been involved with .LV since 1997 when she helped to develop the website and on-line registration form of the registry operator. She also has participated in many meetings organised by European registry operators and has been an active participant of the Country Code Names Supporting Organization (ccNSO) community and served as the ccNSO Council chair from 2016-2021. Katrina holds a professional degree in Mathematics, a Master’s degree in Computer Science and a Master’s degree in Law from the University of Latvia. She has participated in several research projects, lectured law students on IT Law and IT students on law and internet governance related issues.
Mr. Kirils Solovjovs - Possible Security;
TBC
Mr. Kristians Meliņš - .LV registry (NIC.LV), System Analyst;
TBC
Mr. Len Noe - CyberArk, Technical Evangelist / Whitehat / Transhuman;
Len Noe, a Technical Evangelist, White Hat Hacker, and Transhuman at CyberArk Software, is a highly influential speaker in international security. He has delivered impactful presentations in over 50 countries, including at the prestigious World Conference in The Hague and C.E.R.T. EU, and has spoken to multiple governments. Co-host of the Cyber Cognition Podcast and a thought leader in Transhumanism, Len's upcoming book highlights his personal evolution in this transformative movement. Known for his futurist insights, he uses microchip implants to advance cybersecurity and enhance the human experience. His groundbreaking research has been featured in global news outlets, and he regularly appears on top-tier security podcasts. With over 30 years of experience, including a history as a Black/Grey Hat Hacker, Len has expertise in web development, system engineering, architecture, and coding, focusing on information security from an attacker's perspective.
Mr. Lorenzo Nicolodi - Microlab.red, Security researcher;
Lorenzo loves complex technical challenges and creative solutions, expecially when cybersecurity is involved. He likes to code, reverse engineer, investigate and everything in between.
Mr. Luc Dandurant - NCIA, NATO DCO;
TBC
Ms. Maria Papaphilippou - ENISA, Cybersecurity Officer;
Maria Papaphilippou is a Cybersecurity Officer at ENISA, the EU Agency for Cybersecurity. Within ENISA’s policy development and implementation unit, she is leading the activities relating to the health sector. In the past, she held positions within the big 4 and the financial sector, which included advisory and consulting, information security and information systems audit.
Mr. Mārtiņš Kaļķis - LMT, Head of LMT Cybersecurity Division, LMT Security Department;
Mārtiņš Kaļķis has worked in different roles at LMT Security Department while focusing on technology, security and resilience and currently is leading cybersecurity. He is an active member of cybersecurity community locally and globally, member of several NGOs, provides his expertise in cybersecurity governance legislation development.
Mr. Marvin Ngoma - Elastic, Principal Security Architect;
Marvin is a seasoned consultant and security architect. He has a strong passion for helping organizations succeed in their cybersecurity programs. He has led many projects in both the private and public sector, architecting and building Security Operations and Intelligence capability; unifying tools, processes and people. He is currently based in the nordics and uses his expertise to help organizations throughout EMEA, on how best they can create security value in their organizations.
Mr. Maryna Vorotyntseva - NATO StartCom;
TBC
Mr. Matthias Herter - MSH Advice & Training, Crisis and Hostage Negotiator, owner of "MSH Advice @ Training";
Matthias Herter is the former Head of the Crisis Management and Negotiation Units of the Swiss Federal Police and the Berne Cantonal Police and was President of the European Network of Advisory Teams for Kidnapping, Hostage Taking and Extortion. From 2001 to 2022, he was involved in negotiations to resolve crisis and kidnapping in Switzerland and on five continents. In 2023 he started the company "MSH Advice & Training". Since then he has been consulting and training clients and law enforcement agencies in negotiation, teamwork and crisis management. He is a regular speaker and executive coach at the High Performance Leadership course at IMD in Lausanne.
Mr. Matthias Vallentin - Tenzir, Founder & CEO;
After completing his PhD at UC Berkeley, Matthias founded Tenzir to build a product out of his dissertation work on network forensics. Prior to that, he spent over a decade working on network monitoring, detection engineering, and threat hunting as part of the Zeek core team. As a computer scientist, Matthias has extensive experience in building high-performance systems, which he now applies to develop a data pipeline engine for security teams.
Mr. Max Ufer - Fraunhofer FKIE, Security Researcher & Malware Analyst;
Max Ufer is a security researcher and reverse engineer at Fraunhofer FKIE. He is part of the Botnet Intelligence and Mitigation team where his daily work consists of malware analysis, botnet investigation and supporting law enforcement agencies. He also lectures on binary analysis at the University of Bonn.
Mr. Maxim Matskul - CloudFlare;
TBD
Ms. Merike Kaeo - Double Shot Security, Founder and vCISO;
Merike Kaeo is the founder and vCISO at Double Shot Security, which provides corporate governance and executive strategies to secure global organizations. In prior roles, Merike held positions as Chief Information Security Officer (CISO) at Uniphore, Chief Technology Officer of Farsight Security, and CISO for Internet Identity (IID). Her foray into security started when she instigated and led the first security initiative for Cisco Systems in the mid 1990s and authored the first Cisco book on security, /Designing Network Security/, which was translated into multiple languages and leveraged for prominent security accreditation programs such as Certified Information Systems Security Professional (CISSP). She is a passionate advocate for practical security measures and driving industry change to create a culture of integrity, responsibility, and accountability.
Ms. Merle Maigre - eGA, Programme Director of Cybersecurity;
Merle Maigre is the Senior Cyber Security Expert at Estonia’s e-Governance Academy since 2020. Previously she was Executive Vice President for Government Relations at CybExer Technologies, an Estonian firm that provides cyber training. In 2017 to 2018, she served as the Director of the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) in Tallinn. During 2012 to 2017, Merle Maigre worked as the Security Policy Adviser to Estonian Presidents Kersti Kaljulaid and Toomas Hendrik Ilves.
Mr. Michael Price - ZeroFox, Chief Technology Officer;
Mike serves as Chief Technology Officer at ZeroFox. In this role, he creates value through efforts involving: artificial intelligence, engineering, intelligence (digital/cyber/physical), research and security. In previous roles, he has focused on entrepreneurship in the area of information security as well as technical efforts in the areas of vulnerability management and mobile security. He also serves in support of US state and federal government information security efforts.
Mr. Mihails Potapovs - Ministry of Defence of the Republic of Latvia;
TBC
Mr. Mikko Kenttälä - SensorFu, CEO;
Since Mikko can remember, he has hacked, built, and broken stuff, which led him to a career in cybersecurity over 15 years ago. He has conducted technical security audits, hunted bug bounties, and now also builds security products as the CEO of SensorFu. Hacking still makes Mikko happy, he enjoys blue and red teaming in exercises and is interested in defending electronic freedoms and privacy in our digital society.
Ms. Or Lev - KELA, VP Sales Engineering;
TBC
Mr. Patrick C. Miller - Ampere Industrial Security;
TBC
Mr. Patrick Staubmann - VMRay, Team Lead Threat Analysis;
Patrick Staubmann joined VMRay as a threat researcher in 2019. As part of the Threat Analysis team, he continuously researches the threat landscape and conducts analyses of malware samples in depth. To further improve the company's product, he also extends its detection capabilities in the form of behaviour-based rules, YARA rules, and configuration extractors. He is especially interested in reverse engineering, low-level system security and exploitation.
Mr. Richard Weiss - Mandiant / Google, Reverse Engineer;
Richard is a reverse engineer in Mandiant’s FLARE team where he focuses on analyzing malicious binaries, researching and implementing modern methods of malware analysis, which he additionally teaches to future malware analysts. He also supports Malpedia (Fraunhofer FKIE) with its mission ‘to provide a resource for rapid identification and actionable context when investigating malware’ and a student association at the Technical University Ingolstadt of Applied Sciences as a voluntary lecturer for reverse engineering. Richard also instructs and supports ‘Team Europe’ for the ‘International Cybersecurity Challenge’.
Mr. Robert Lipovsky - ESET, Principal Threat Intelligence Researcher;
Robert Lipovsky is a Principal Threat Intelligence Researcher for ESET, with over 15 years' experience in cybersecurity and a broad spectrum of expertise covering both targeted APTs and crimeware. He is responsible for threat intelligence and malware analysis and leads the Malware Research Team at ESET headquarters in Bratislava. He is a regular speaker at security conferences, including Black Hat USA, RSA Conference, Virus Bulletin, BlueHat, MITRE ATT&CKcon, Gartner Security & Risk Management Summit, and various NATO-organized conferences. He also teaches reverse engineering at the Slovak University of Technology – his alma mater – and at Comenius University. When not bound to a keyboard, he enjoys traveling, playing guitar and flying single-engine airplanes.
Mr. Roberts Pumpurs - ALTUM;
TBC
Mr. Robert Valkama - Fortum, Senior Manager, OT Cyber Security;
Started out in the nuclear sector as a system engineer and transferred towards OT Cyber Security. Have 10+ years of experience in the domain and have worked with OT Cyber Security at various organizations including critical infrastructure operators, government agencies and as a consultant within the domain. I have had the opportunity to work with many different sectors during my career including, to name a few, Energy production and transmission, Marine, Manufacturing and Oil and Gas.
Mr. Rolands Heniņš - NCSC, Director General;
TBC
Mr. Roman Graf - Deloitte, Manager;
Roman is a Manager in Deloitte’s Consulting group in Austria and a Teamlead of the Pentesting- and Red-Teaming group. He joined Deloitte’s Cyber service line in Vienna in 2021 with a focus on Cyber Security. He has more than 15 years of experience in the IT Security industry. Roman has a strong penetration testing and cyber security background and experience with artificial intelligence.

From 2020 till 2021, prior to joining Deloitte, Roman worked as a consultant, pentester and DevSecOps engineer for a big consulting company.From 2009 till 2020 he was working as a pentester and researcher for one of the leading European Research Institutes, where he was responsible for penetration testing, threat modelling and AI application for security domain. He was also tasked with the planning, preparation and presentation of individual workshops for different target groups.
Mr. Sebastian Tauchert - Fraunhofer FKIE, Security Engineer;
Sebastian Tauchert is a security engineer at Fraunhofer FKIE. He is part of the Botnet Intelligence and Mitigation team where his daily work consists of developing solutions to mitigate the threads post by botnets.
Mr. Serhii Barabash - representative from Ukraine;
Serhii has more then 5 years experience in cybersecurity and for now he runs team of experts who counteract APT groups.
Mr. Szymon Sidoruk - CERT.PL, Experienced Threat Analyst;
Szymon is thread analyst at CERT Polska. He consulted Polish Act of Combating Abuse in Electronic Communications. Started as SOC Analyst, now he has grown to bigger challenges.
Mr. Varis Teivāns - CERT.LV, Deputy manager, Technical team leader;
Varis Teivāns is a Cyber security expert with 17 years of experience and a strong technical background. He has played a major role in development of the national Cyber security infrastructure, world class incident response capability and full range of Security Operations Center (SOC) services provided by CERT.LV to the Latvian government and critical infrastructure holders. Varis has participated in planning, technical setup, and scenario development of multiple hackfests, large scale Cyber defense exercises and workshops on IT security issues at the CERT.LV organized events. Currently Varis is leading CERT.LV's technical team.
Mr. Wayne Burke - Cyber2Labs, VP;
Wayne Burke is internationally recognized for his commitment and work experience, achievements and contributions to the IT and Cyber Security Industry.

Currently specializing in many offensive and defensive AI technologies, such as Drones, building and managing new high-tech security tools, custom hardware solutions for Bio-Medical products, Digital Forensics, Penetration Testing, Mobile Security and radio frequency signals using specialized SDR's.
spliter-img

CTF

CTF status Stay Tuned!
CTF style TBC
CTF start 30SEPT
CTF end 01OCT
Accepted team count TBC
Maximum members per team TBC
Awards Top three teams based on the points scored
CTF provided by TBC
Awards provided by by CERT.LV

Organisers & Partners