00
00
00
00

Zavarujte svoj digitalni zaklad pred kibernetskimi pirati

Okrepite obrambo pred kibernetskimi napadi.

Nadgradite znanje o najnovejših strategijah in tehnologijah za zagotavljanje kibernetske varnosti.

Spoznajte vrhunske varnostne strokovnjake.

21. in 22. marec 2024, online
HackStop

HackStop
Zdaj z brezplačno vstopnico za INFOSEK 2024!

PRIJAVITE SE TUKAJ

Vsa predavanja 1. konferenčnega dne so brezplačna!

Kdo so lovci na pirate?
Spoznajte vrhunske varnostne strokovnjake, ki bodo delili svoje znanje na dogodku HackStop

Amr Thabet

MalTrak

Combating Targeted Ransomware Through Threat Hunting

Amr Thabet is a Cybersecurity Consultant with over 12 years of experience, he worked in some of the Fortune 500 companies including Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference.
He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help professionals all around the world to build their expertise in cybersecurity and make their passion their future 6-figure career.

Amr Thabet

Amr Thabet is a Cybersecurity Consultant with over 12 years of experience, he worked in some of the Fortune 500 companies including Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference.
He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help professionals all around the world to build their expertise in cybersecurity and make their passion their future 6-figure career.

Asis. Prof. Jelena Juvan, PhD

Chair of Defence Studies, Faculty of Social Sciences, University of Ljubljana

Cyberspace As a Battlefield: Use of Cyberthreats as a Military Tool

Asis. Prof. Jelena Juvan, PhD is a higher education lecturer at the Chair of Defence Studies at the Faculty of Social Sciences, University of Ljubljana and a senior research assistant at the Defence Research Centre of the Faculty of Social Sciences. She has been employed at the Faculty of Social Sciences since 2003. In the pedagogical process, she is the holder of the courses in EU Security and Defence Policy and Professional Practice at the 2nd level of the master’s degree in Defence Studies. She is also a co-lecturer in the courses of Security in the Information Society, Defence and Security System at the 1st level and Cyber Security at the 2nd level of study. She is the head of the Chair of Defence Studies and Department of Political Science and a vice-president of the Euro Atlantic Council of Slovenia.

Asis. Prof. Jelena Juvan, PhD

Asis. Prof. Jelena Juvan, PhD is a higher education lecturer at the Chair of Defence Studies at the Faculty of Social Sciences, University of Ljubljana and a senior research assistant at the Defence Research Centre of the Faculty of Social Sciences. She has been employed at the Faculty of Social Sciences since 2003. In the pedagogical process, she is the holder of the courses in EU Security and Defence Policy and Professional Practice at the 2nd level of the master’s degree in Defence Studies. She is also a co-lecturer in the courses of Security in the Information Society, Defence and Security System at the 1st level and Cyber Security at the 2nd level of study. She is the head of the Chair of Defence Studies and Department of Political Science and a vice-president of the Euro Atlantic Council of Slovenia.

Dalibor Vukovič

TELEKOM SLOVENIJE d.d.

OKROGLA MIZA: Security operational center (SOC)

Dalibor Vukovič – Produktni vodja pri Telekomu Slovenije je specialist za kibernetsko varnost z več mednarodno priznanimi certifikati. Ima več kot 20 let delovnih izkušenj v IKT sektorju. Ukvarja se z razvojem in implementacijo novih varnostnih produktov tako v zasebnem kot javnem sektorju vključujoč največje delovne organizacije, kritično infrastrukturo in državne institucije. Je avtor več člankov in prispevkov na strokovnih konferencah in predavatelj s področja kibernetske varnosti. Raziskovalno se ukvarja z OSINT metodologijo in predikcijo kibernetskih napadov.

Dalibor Vukovič

Dalibor Vukovič – Produktni vodja pri Telekomu Slovenije je specialist za kibernetsko varnost z več mednarodno priznanimi certifikati. Ima več kot 20 let delovnih izkušenj v IKT sektorju. Ukvarja se z razvojem in implementacijo novih varnostnih produktov tako v zasebnem kot javnem sektorju vključujoč največje delovne organizacije, kritično infrastrukturo in državne institucije. Je avtor več člankov in prispevkov na strokovnih konferencah in predavatelj s področja kibernetske varnosti. Raziskovalno se ukvarja z OSINT metodologijo in predikcijo kibernetskih napadov.

David Kasabji

NIL d.o.o.

Pomenljivi trendi kibernetskih groženj v 2024

David Kasabji je analitik varnostno-obveščevalnih podatkov v skupini Conscia, kjer je njegova glavna zadolžitev posredovanje relevantnih varnostno-obveščevalnih podatkov v različnih formatih za različna občinstva. Njegovo delo vključuje analizo in inženiring varnostno-obveščevalnih podatkov iz različnih podatkovnih izvorov, vzvratni inženiring škodljive kode, kovanje TTPs (razširitev in prevod akronima) na podlagi pridobljenih podatkov ter objavljanje raznih R&D (research and development – raziskava in razvoj) vsebin s področja kibernetske varnosti.

David Kasabji

David Kasabji je analitik varnostno-obveščevalnih podatkov v skupini Conscia, kjer je njegova glavna zadolžitev posredovanje relevantnih varnostno-obveščevalnih podatkov v različnih formatih za različna občinstva. Njegovo delo vključuje analizo in inženiring varnostno-obveščevalnih podatkov iz različnih podatkovnih izvorov, vzvratni inženiring škodljive kode, kovanje TTPs (razširitev in prevod akronima) na podlagi pridobljenih podatkov ter objavljanje raznih R&D (research and development – raziskava in razvoj) vsebin s področja kibernetske varnosti.

Denis Hlukhau

Visualising CyberSecurity Posture with AWS

Denis started as a Manual QA specialist and then went a long way in IT, trying and looking for what he liked the most. He has been a performance analyst, a vulnerability manager, a pentester and so on.
At the moment it seems that he found what he was looking for playing for Defensive Security. He prefers building to breaking.

Denis Hlukhau

Denis started as a Manual QA specialist and then went a long way in IT, trying and looking for what he liked the most. He has been a performance analyst, a vulnerability manager, a pentester and so on.
At the moment it seems that he found what he was looking for playing for Defensive Security. He prefers building to breaking.

Dorota Kozłowska

How to prepare for the OSCP exam?

Dorota Kozlowska always dreamed of working in IT and studying computer science. As a certified cybersecurity specialist, she shares why she established herself in the cybersecurity industry - for the maximum challenge! She is also eager to empower others to enter the industry and become cybersecurity specialists, which is why she shares her learning journey and tips on how she became a cybersecurity professional to give a point of reference and help others build the courage to follow their dreams.
Year 2023 was important as she has received the Cyber Woman Hope trophy by CEFCYS, was selected as one of the 40 under 40 in Cybersecurity 2023 by the Top Cyber News Magazine, and she has enjoyed sharing knowledge and insights as an international keynote speaker during the Forum in Cyber conference in Montreal.

Dorota Kozłowska

Dorota Kozlowska always dreamed of working in IT and studying computer science. As a certified cybersecurity specialist, she shares why she established herself in the cybersecurity industry - for the maximum challenge! She is also eager to empower others to enter the industry and become cybersecurity specialists, which is why she shares her learning journey and tips on how she became a cybersecurity professional to give a point of reference and help others build the courage to follow their dreams.
Year 2023 was important as she has received the Cyber Woman Hope trophy by CEFCYS, was selected as one of the 40 under 40 in Cybersecurity 2023 by the Top Cyber News Magazine, and she has enjoyed sharing knowledge and insights as an international keynote speaker during the Forum in Cyber conference in Montreal.

Emaad Abbasi

National Cyber Security Auditing and Evaluation Lab (NCSAEL), National University of Sciences and Technology (NUST), Islamabad, Pakistan

OPSEC Uncovered: Navigating the World of Operational Security

Emaad is an Ethical Hacker with a deep interest in Offensive Security. He is currently working as a Research Associate at the National Cyber Security Auditing and Evaluation Lab (NCSAEL), National University of Sciences and Technology (NUST) in Islamabad, Pakistan. NUST is Pakistan's top university, and this cybersecurity lab has been involved in several cutting-edge cybersecurity projects in the past.
At NCSAEL, Emaad leads the Penetration Testing Team and has a proven record in the realm of Penetration Testing and Security Auditing. He has been involved in quite a few national-level penetration testing projects and has succeeded in finding and reporting critical vulnerabilities during these engagements. He is quite enthusiastic about Data Protection and has participated in several initiatives aimed at protecting the personal data of citizens.

Emaad Abbasi

Emaad is an Ethical Hacker with a deep interest in Offensive Security. He is currently working as a Research Associate at the National Cyber Security Auditing and Evaluation Lab (NCSAEL), National University of Sciences and Technology (NUST) in Islamabad, Pakistan. NUST is Pakistan's top university, and this cybersecurity lab has been involved in several cutting-edge cybersecurity projects in the past.
At NCSAEL, Emaad leads the Penetration Testing Team and has a proven record in the realm of Penetration Testing and Security Auditing. He has been involved in quite a few national-level penetration testing projects and has succeeded in finding and reporting critical vulnerabilities during these engagements. He is quite enthusiastic about Data Protection and has participated in several initiatives aimed at protecting the personal data of citizens.

Ismail Ahmed

Yalla-Hack

Defending Cloud Computing from DDoS Attacks: Effective Strategies and Techniques

Ismail Ahmed, the founder of Yalla-Hack Company, is at the forefront of guiding the organization toward its strategic objectives by developing comprehensive plans and ensuring their successful implementation with quantifiable results. His proficiency in risk evaluation and mitigation is paramount as he leads initiatives in cybersecurity strategy for the company's managed security solutions.
Presently involved in advanced research at the University of Science and Technology of China, Ismail's expertise encompasses vulnerability analysis, malware analysis, network forensics, and cloud security. His dedication to mastering the nuances of the ICS domain and addressing critical infrastructure security concerns is evident in his work, which bridges both his personal interests and professional commitments. His noteworthy contributions to the field are highlighted by his active participation in esteemed global forums like the Global Next Generation Software Engineering Conference (GNGSEC) and his engagement with prestigious educational institutions such as the University of the West of England (UWE Bristol) and the Global College of Engineering and Technology (CCET-Oman).

Ismail Ahmed

Ismail Ahmed, the founder of Yalla-Hack Company, is at the forefront of guiding the organization toward its strategic objectives by developing comprehensive plans and ensuring their successful implementation with quantifiable results. His proficiency in risk evaluation and mitigation is paramount as he leads initiatives in cybersecurity strategy for the company's managed security solutions.
Presently involved in advanced research at the University of Science and Technology of China, Ismail's expertise encompasses vulnerability analysis, malware analysis, network forensics, and cloud security. His dedication to mastering the nuances of the ICS domain and addressing critical infrastructure security concerns is evident in his work, which bridges both his personal interests and professional commitments. His noteworthy contributions to the field are highlighted by his active participation in esteemed global forums like the Global Next Generation Software Engineering Conference (GNGSEC) and his engagement with prestigious educational institutions such as the University of the West of England (UWE Bristol) and the Global College of Engineering and Technology (CCET-Oman).

izr. prof. dr. Miha Dvojmoč

Fakulteta z varnostne vede Univerze v Mariboru

Zakaj je pomembna korporativna varnost?

izr. prof. dr. Miha Dvojmoč je strokovnjak z dolgoletnimi izkušnjami na področju prava in varnosti, tako v zasebni kot javni sferi, ki pokriva različna varnostna področja in rešuje varnostne problematike.
Kot docent za področje varnostnih ved, na področju pedagoških dejavnosti sodeluje na Fakulteti za varnostne vede Univerze v Mariboru, kjer je tudi zaposlen, prav tako pa kot zunanji sodelavec sodeluje tudi na Novi Univerzi na Pravni fakulteti v Novi Gorici ter Fakulteti za državne in evropske študije.
Je raziskovalno dejaven predvsem na področju zagotavljanja varnosti, s poudarkom na Integralni korporativni varnosti in korporativni obveščevalni dejavnosti ter področjih zasebnega varovanja, detektivske dejavnosti in nedržavnih javnih nadzorstvenih institucij (npr. občinskega redarstva ter prekrškovnega prava).
Njegova bibliografija obsega izvirne znanstvene članke, pregledne znanstvene članke, strokovne članke ter prispevke na znanstvenih in strokovnih konferencah. Je avtor številnih varnostnih načrtov, elaboratov in študij ter avtor ali soavtor več izvedenskih mnenj, s katerimi še posebej dokazuje močni povezavi med znanstveno in strokovno dejavnostjo.
Je tudi recenzent pri reviji, ki jo na FVV UM označujejo kot pomembno revijo na področju varnostnih ved.
Prav tako je tudi varnostni menedžer in ima veljavno licenco detektiva. Ob tem deluje na področju Varstva osebnih podatkov, kot pooblaščena oseba za varstvo osebnih podatkov v več kot 100 organizacijah, aktiven je na področju zagotavljanja varnosti informacij, varnosti in odgovornosti direktorjev, IT varnosti, zasebne varnosti, detektivske dejavnosti ter rehabilitacije invalidov.

 

 

izr. prof. dr. Miha Dvojmoč

izr. prof. dr. Miha Dvojmoč je strokovnjak z dolgoletnimi izkušnjami na področju prava in varnosti, tako v zasebni kot javni sferi, ki pokriva različna varnostna področja in rešuje varnostne problematike.
Kot docent za področje varnostnih ved, na področju pedagoških dejavnosti sodeluje na Fakulteti za varnostne vede Univerze v Mariboru, kjer je tudi zaposlen, prav tako pa kot zunanji sodelavec sodeluje tudi na Novi Univerzi na Pravni fakulteti v Novi Gorici ter Fakulteti za državne in evropske študije.
Je raziskovalno dejaven predvsem na področju zagotavljanja varnosti, s poudarkom na Integralni korporativni varnosti in korporativni obveščevalni dejavnosti ter področjih zasebnega varovanja, detektivske dejavnosti in nedržavnih javnih nadzorstvenih institucij (npr. občinskega redarstva ter prekrškovnega prava).
Njegova bibliografija obsega izvirne znanstvene članke, pregledne znanstvene članke, strokovne članke ter prispevke na znanstvenih in strokovnih konferencah. Je avtor številnih varnostnih načrtov, elaboratov in študij ter avtor ali soavtor več izvedenskih mnenj, s katerimi še posebej dokazuje močni povezavi med znanstveno in strokovno dejavnostjo.
Je tudi recenzent pri reviji, ki jo na FVV UM označujejo kot pomembno revijo na področju varnostnih ved.
Prav tako je tudi varnostni menedžer in ima veljavno licenco detektiva. Ob tem deluje na področju Varstva osebnih podatkov, kot pooblaščena oseba za varstvo osebnih podatkov v več kot 100 organizacijah, aktiven je na področju zagotavljanja varnosti informacij, varnosti in odgovornosti direktorjev, IT varnosti, zasebne varnosti, detektivske dejavnosti ter rehabilitacije invalidov.

 

 

Jan Bervar

NIL d.o.o.

OKROGLA MIZA: Security operational center (SOC)

Jan Bervar je arhitekt digitalne varnosti v evropski multinacionalki Conscia, katere del je tudi podjetje NIL. Z več kot 25-letnimi izkušnjami na področju digitalne varnosti Jan svetuje organizacijam vseh velikosti, kako najbolj optimalno investirati v zmanjševanje digitalnega tveganja, pri tem pa še vedno ostati dovolj agilen.

Jan Bervar

Jan Bervar je arhitekt digitalne varnosti v evropski multinacionalki Conscia, katere del je tudi podjetje NIL. Z več kot 25-letnimi izkušnjami na področju digitalne varnosti Jan svetuje organizacijam vseh velikosti, kako najbolj optimalno investirati v zmanjševanje digitalnega tveganja, pri tem pa še vedno ostati dovolj agilen.

Marko Kašič

A1 SLOVENIJA d.d.

Naj napadalci raje tavajo po LABYRINTHU kot po vaših strežnikih!

Marko Kašič je vodilni ICT inženir v podjetju A1 Slovenija. V več letih delovanja znotraj podjetja je pridobil bogate izkušnje s področja svetovanja, implementacije in podpore za varnostne rešitve poslovnim uporabnikom. Specifična strokovna področja zajemajo zaščito delovnih postaj in strežnikov ter omrežna varnost, oboje s posebnim poudarkom na vpeljavi rešitev, ki z uporabo strojnega učenja nagovarjajo ključne težave v svetu kibernetske varnosti.

Marko Kašič

Marko Kašič je vodilni ICT inženir v podjetju A1 Slovenija. V več letih delovanja znotraj podjetja je pridobil bogate izkušnje s področja svetovanja, implementacije in podpore za varnostne rešitve poslovnim uporabnikom. Specifična strokovna področja zajemajo zaščito delovnih postaj in strežnikov ter omrežna varnost, oboje s posebnim poudarkom na vpeljavi rešitev, ki z uporabo strojnega učenja nagovarjajo ključne težave v svetu kibernetske varnosti.

Muhammad Shahmeer

Younite

Bypassing next generation 2FA and MFA

Shahmeer Amir stands as a globally recognized Ethical Hacker, ranking as the third most accomplished bug hunter globally. His expertise has been instrumental in assisting over 400 Fortune companies, such as Facebook, Microsoft, Yahoo, and Twitter, in resolving critical security issues within their systems. Shahmeer's entrepreneurial ventures in the Cyber Security realm have led to the establishment of multiple startups, with his current role involving the leadership of three startups across four countries.
In his capacity as the CEO of Younite, Shahmeer's flagship company is actively engaged in developing next-generation audio-video communication technologies. Additionally, he serves as the CEO of Veiliux, positioned as Asia's inaugural mainstream Cyber Security startup with a presence in the Asia Pacific, UAE, and the UK. Authiun, another startup under Shahmeer's leadership, offers a comprehensive passwordless authentication solution tailored for the 21st century.
Furthermore, Shahmeer serves as the Cyber Security Advisor to the Ministry of Finance in the Government of Pakistan. His involvement spans various projects, including Deep Sea Tracking, Digital Transformation of Legislation, and the Digitization of Pakistani Cultural Content. As a testament to his influence in the tech industry, he holds a position on the Forbes Technology Council.
An engineer and certified Cyber Security professional with credentials from esteemed organizations like EC-Council, Mile2, SANS, among others, Shahmeer is currently exploring Blockchain technology for his doctorate. With three authored books, including "Bug Bounty Hunting Essentials," and numerous research papers, he has solidified his standing as a thought leader in the field.
Shahmeer's prominence extends to the speaking circuit, where he is a highly sought-after keynote speaker on topics such as Cyber Security, Blockchain, and various technologies. Having received invitations to over 80 conferences globally, including prestigious events like Blackhat, GiSec, FIC, AEC Alberta, and Hackfest, he continues to be a beacon of knowledge. Accepted into entrepreneurship programs at esteemed academic institutions, including Stanford, Shahmeer's prowess is further demonstrated by his proficiency in coding in 25 languages and reading code in 35, establishing him as an expert across multiple technologies in his role as CTO of companies.

Muhammad Shahmeer

Shahmeer Amir stands as a globally recognized Ethical Hacker, ranking as the third most accomplished bug hunter globally. His expertise has been instrumental in assisting over 400 Fortune companies, such as Facebook, Microsoft, Yahoo, and Twitter, in resolving critical security issues within their systems. Shahmeer's entrepreneurial ventures in the Cyber Security realm have led to the establishment of multiple startups, with his current role involving the leadership of three startups across four countries.
In his capacity as the CEO of Younite, Shahmeer's flagship company is actively engaged in developing next-generation audio-video communication technologies. Additionally, he serves as the CEO of Veiliux, positioned as Asia's inaugural mainstream Cyber Security startup with a presence in the Asia Pacific, UAE, and the UK. Authiun, another startup under Shahmeer's leadership, offers a comprehensive passwordless authentication solution tailored for the 21st century.
Furthermore, Shahmeer serves as the Cyber Security Advisor to the Ministry of Finance in the Government of Pakistan. His involvement spans various projects, including Deep Sea Tracking, Digital Transformation of Legislation, and the Digitization of Pakistani Cultural Content. As a testament to his influence in the tech industry, he holds a position on the Forbes Technology Council.
An engineer and certified Cyber Security professional with credentials from esteemed organizations like EC-Council, Mile2, SANS, among others, Shahmeer is currently exploring Blockchain technology for his doctorate. With three authored books, including "Bug Bounty Hunting Essentials," and numerous research papers, he has solidified his standing as a thought leader in the field.
Shahmeer's prominence extends to the speaking circuit, where he is a highly sought-after keynote speaker on topics such as Cyber Security, Blockchain, and various technologies. Having received invitations to over 80 conferences globally, including prestigious events like Blackhat, GiSec, FIC, AEC Alberta, and Hackfest, he continues to be a beacon of knowledge. Accepted into entrepreneurship programs at esteemed academic institutions, including Stanford, Shahmeer's prowess is further demonstrated by his proficiency in coding in 25 languages and reading code in 35, establishing him as an expert across multiple technologies in his role as CTO of companies.

prof. dr. Igor Bernik

Fakulteta za varnostne vede, Univerza v Mariboru

Razvojna vprašanja kibernetske varnosti

prof. dr. Igor Bernik je redni profesor in dekan Fakultete za varnostne vede Univerze v Mariboru. Doktoriral je iz upravljanja informacijskih sistemov Univerze v Mariboru. Njegova raziskovalna področja so informacijski sistemi, kibernetska varnost in obravnavanje poslovnih zahtev o ozaveščanju procesov zagotavljanja kibernetske varnosti. Je avtor in soavtor številnih znanstvenih člankov, objavljenih v priznanih mednarodnih revijah in konferencah ter avtor knjige Cybercrime and Cyberwarfare, ki jo je leta 2014 objavila založba Wiley.

 

prof. dr. Igor Bernik

prof. dr. Igor Bernik je redni profesor in dekan Fakultete za varnostne vede Univerze v Mariboru. Doktoriral je iz upravljanja informacijskih sistemov Univerze v Mariboru. Njegova raziskovalna področja so informacijski sistemi, kibernetska varnost in obravnavanje poslovnih zahtev o ozaveščanju procesov zagotavljanja kibernetske varnosti. Je avtor in soavtor številnih znanstvenih člankov, objavljenih v priznanih mednarodnih revijah in konferencah ter avtor knjige Cybercrime and Cyberwarfare, ki jo je leta 2014 objavila založba Wiley.

 

Ralph Andalis

OWASP ASVS: Methodical Application Security Testing

Ralph is an independent Security Consultant/Pentester/Security Researcher with 8 years experience in the industry who recently served as a Security Consultant in a global information security assurance firm called NCC Group. His expertise is mainly Web, Mobile, and Network Pentesting, Threat Modeling, Security Architecture Review, and Security Design Reviews. Prior to that, he was a pioneer Application Security Consultant for Fwdsec, a Cyber Threat Management Consultant at Ernst & Young (E&Y) with the experience of being sent abroad for client engagements upon client request. He started his career as a Security Researcher at Hewlett-Packard Fortify with focus on Mobile Application Security particularly with Android and iOS.
He is also a major active contributor and a member of the working group for the OWASP Application Security Verification Standard (ASVS) project, making the standard better for fellow pentesters and developers alike. Whenever he has spare time, he volunteers giving Web, Mobile Application Security and Threat Modeling lectures to university students as part of being a thought leader in the security community and outreach to students. You can also find him as a regular conference volunteer staff for some premium and well-known security conferences, namely: CanSecWest, REcon and Ringzer0 Training.
He earned his Computer Science degree from Ateneo de Naga University - one of the best top tier schools in the Philippines. His bachelor degree thesis was awarded in a National IT Conference last 2015 as one of his top accomplishments during that time aside from being a consistent Dean's List award as well.

Ralph Andalis

Ralph is an independent Security Consultant/Pentester/Security Researcher with 8 years experience in the industry who recently served as a Security Consultant in a global information security assurance firm called NCC Group. His expertise is mainly Web, Mobile, and Network Pentesting, Threat Modeling, Security Architecture Review, and Security Design Reviews. Prior to that, he was a pioneer Application Security Consultant for Fwdsec, a Cyber Threat Management Consultant at Ernst & Young (E&Y) with the experience of being sent abroad for client engagements upon client request. He started his career as a Security Researcher at Hewlett-Packard Fortify with focus on Mobile Application Security particularly with Android and iOS.
He is also a major active contributor and a member of the working group for the OWASP Application Security Verification Standard (ASVS) project, making the standard better for fellow pentesters and developers alike. Whenever he has spare time, he volunteers giving Web, Mobile Application Security and Threat Modeling lectures to university students as part of being a thought leader in the security community and outreach to students. You can also find him as a regular conference volunteer staff for some premium and well-known security conferences, namely: CanSecWest, REcon and Ringzer0 Training.
He earned his Computer Science degree from Ateneo de Naga University - one of the best top tier schools in the Philippines. His bachelor degree thesis was awarded in a National IT Conference last 2015 as one of his top accomplishments during that time aside from being a consistent Dean's List award as well.

Vladimir Ban

A1 SLOVENIJA d.d.

OKROGLA MIZA: Security operational center (SOC)

Vladimir Ban je strokovnjak za varnostne rešitve na A1 Slovenija. Po izobrazbi je diplomiran inženir matematike. V informatiki je aktiven že vse od leta 1997 in praktično od vsega začetka je njegovo glavno področje Varnost informacijskih sistemov. V prvih letih je bil usmerjen predvsem na področje šifrirnih algoritmov ter šifrirnih sistemov, kmalu pa je svoje delovanje razširil na celotno področje varnosti in zlorab Informacijskih sistemov. Na področju varnosti je sodeloval v različnih vlogah – bodisi kot svetovalec na temo varnostnih vprašanj, bodisi kot implementator kompleksnih varnostnih rešitev. V zadnjem obdobju se je usmeril predvsem na področje odkrivanja varnostnih ranljivosti ter na področje zaznavanja varnostnih napadov. Neposredno je sodeloval pri več kot 70 varnostnih pregledih različnih informacijskih sistemov, podjetij in aplikacij. Vladimir tako, na eni strani zelo podrobno pozna in razume konkretne tehnične vidike informacijske varnosti in zlorab, hkrati pa zelo dobro razume in pozna celovit pristop k zagotavljanju varnosti ter pravočasnega zaznavanja zlorab.

Vladimir Ban

Vladimir Ban je strokovnjak za varnostne rešitve na A1 Slovenija. Po izobrazbi je diplomiran inženir matematike. V informatiki je aktiven že vse od leta 1997 in praktično od vsega začetka je njegovo glavno področje Varnost informacijskih sistemov. V prvih letih je bil usmerjen predvsem na področje šifrirnih algoritmov ter šifrirnih sistemov, kmalu pa je svoje delovanje razširil na celotno področje varnosti in zlorab Informacijskih sistemov. Na področju varnosti je sodeloval v različnih vlogah – bodisi kot svetovalec na temo varnostnih vprašanj, bodisi kot implementator kompleksnih varnostnih rešitev. V zadnjem obdobju se je usmeril predvsem na področje odkrivanja varnostnih ranljivosti ter na področje zaznavanja varnostnih napadov. Neposredno je sodeloval pri več kot 70 varnostnih pregledih različnih informacijskih sistemov, podjetij in aplikacij. Vladimir tako, na eni strani zelo podrobno pozna in razume konkretne tehnične vidike informacijske varnosti in zlorab, hkrati pa zelo dobro razume in pozna celovit pristop k zagotavljanju varnosti ter pravočasnega zaznavanja zlorab.

Žiga Podgoršek

Institut za korporativne varnostne študije

Penetracijska testiranja fizične in tehnične varnosti – primeri iz prakse

Žiga Podgoršek je zaposlen na Institutu za korporativne varnostne študije, ICS-Ljubljana kjer deluje na področju vodenja informacijske varnosti. Njegova glavna prioriteta so izvajanje varnostnih pregledov in penetracijskih testiranj IT okolij, s posebnim poudarkom na organizacije, ki upravljajo s kritično infrastrukturo. V letu 2018 je uspešno opravil izobraževanje in pridobil uradni certifikat etičnega hekerja (CEH). Kasneje je v svoji karieri kot prvi v Sloveniji pridobil certifikat: Certified Penetration Tester (CPENT). Prav tako je pridobil tudi številne druge certifikate s področja kibernetske varnosti kot so: Offensive Security Certified Professional (OSCP), Licensed Penetration Tester Master (LPT Master), CEH Practical, CEH Master, Computer Hacking Forensic Investigator (CHFI), Incident Handler (ECIH), idr. Aktivno prispeva k razvoju kibernetske varnosti na evropski ravni, s sodelovanjem v različnih mednarodnih projektih, ki se osredotočajo na kibernetsko-fizično varnost kritične infrastrukture. Med drugim je kot član projektne skupine ICS-Ljubljana sodeloval pri izdelavi študije z naslovom »Metodologija za ocenjevanje tveganj v organizacijah kritične infrastrukture«, ki jo je naročilo Ministrstvo za obrambo Republike Slovenije. Kot član projektne skupine ICS-Ljubljana je sodeloval tudi pri izdelavi študije z naslovom »Analiza potencialov kibernetske varnosti v Republiki Sloveniji«, ki jo je naročil Urad vlade RS za informacijsko varnost. V okviru Ministrstva za obrambo Republike Slovenije, Joint Special Operation University, USA in Instituta za korporativne varnostne študije je bila izdana knjiga z naslovom »Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection«, kjer je bil eden od strokovnih recenzentov omenjene knjige. Prav tako je član Slovenskega združenja korporativne varnosti ter stalni dopisnik visoko strokovne revije »Korporativna varnost« za področje informacijske in kibernetske varnosti.

Žiga Podgoršek

Žiga Podgoršek je zaposlen na Institutu za korporativne varnostne študije, ICS-Ljubljana kjer deluje na področju vodenja informacijske varnosti. Njegova glavna prioriteta so izvajanje varnostnih pregledov in penetracijskih testiranj IT okolij, s posebnim poudarkom na organizacije, ki upravljajo s kritično infrastrukturo. V letu 2018 je uspešno opravil izobraževanje in pridobil uradni certifikat etičnega hekerja (CEH). Kasneje je v svoji karieri kot prvi v Sloveniji pridobil certifikat: Certified Penetration Tester (CPENT). Prav tako je pridobil tudi številne druge certifikate s področja kibernetske varnosti kot so: Offensive Security Certified Professional (OSCP), Licensed Penetration Tester Master (LPT Master), CEH Practical, CEH Master, Computer Hacking Forensic Investigator (CHFI), Incident Handler (ECIH), idr. Aktivno prispeva k razvoju kibernetske varnosti na evropski ravni, s sodelovanjem v različnih mednarodnih projektih, ki se osredotočajo na kibernetsko-fizično varnost kritične infrastrukture. Med drugim je kot član projektne skupine ICS-Ljubljana sodeloval pri izdelavi študije z naslovom »Metodologija za ocenjevanje tveganj v organizacijah kritične infrastrukture«, ki jo je naročilo Ministrstvo za obrambo Republike Slovenije. Kot član projektne skupine ICS-Ljubljana je sodeloval tudi pri izdelavi študije z naslovom »Analiza potencialov kibernetske varnosti v Republiki Sloveniji«, ki jo je naročil Urad vlade RS za informacijsko varnost. V okviru Ministrstva za obrambo Republike Slovenije, Joint Special Operation University, USA in Instituta za korporativne varnostne študije je bila izdana knjiga z naslovom »Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection«, kjer je bil eden od strokovnih recenzentov omenjene knjige. Prav tako je član Slovenskega združenja korporativne varnosti ter stalni dopisnik visoko strokovne revije »Korporativna varnost« za področje informacijske in kibernetske varnosti.

HackStop

Brezplačno

  • 1. konferenčni dan - 21. 3. 2024

HackStop + INFOSEK 2024

750 €

  • 1. konferenčni dan - 21. 3. 2024
  • 2. konferenčni dan - 22. 3. 2024
  • INFOSEK 2024
    (4. - 6. 9. 2024, Nova Gorica)

INFOSEK 2024

1200 €

  • INFOSEK 2024
    (4. - 6. 9. 2024, Nova Gorica)

*Cene ne vključujejo DDV

Osrednji dogodek za informacijsko varnost v Sloveniji
8000+ udeležencev v dveh desetletjih

22 let

Preveri mnenja udeležencev

Lepo je spremljati vaš stalen razvoj, letos ste marsikje letvice spet postavili višje. Po drugi strani pa osnova – stroka, druženje in srčnost – ostajajo tista stalnica, ki jo mnogi prepoznavajo in zaradi katere se vračajo.
Dean Korošec
Hvala vam za še eno odlično izpeljano konferenco in upam, da se je drugo leto spet udeležim.
Marko Poje, Mestna občina Ljubljana
Čestitke za 21. super organiziran INFOSEK. Zopet ste pokazali, da za vas ni razlik ali pripravljate konferenco za 80 (začetki) ali za 800+ udeležencev - rezultat je vedno enkratna organizacija in spremljevalne dejavnosti.
Janez Berkopec, URSOO
Zahvalil bi se rad celotni ekipi in čestital za odlično izpeljan dogodek, ki bi tudi v malo manj izrednih razmerah bil super. Letos sem se prvič osebno udeležil konference, ki pa jo spremljam če vrsto let, če ne drugače vsaj po programu, ki je vsako leto zanimiv, ne glede na to, v katerih panogi smo. Prav program ter njegova širina je hkrati tudi posebnost konference, ki ji uspe tudi v našem malem podalpskem prostoru pod eno, tokrat žal virtualno-fizično streho združiti vse, ki se kakorkoli ukvarjajo ali srečujejo z varnostjo, poleg njih pa tudi vodje in voditeljice oddelkov IT, ter poslovne sekretarje in sekretarke. Program morda na prvi pogled ne deluje atraktivno za tiste, ki se ukvarjamo/jo z varnostjo vsak dan, a pod površjem ponuja nekaj več, kar postane jasno šele po seštevku vseh dejavnikov. Srečanje z različnimi praksami, pristopi k organizacijski varnosti, posebnosti posameznih panog, ter spoznavanje kotičkov varnosti, ki so sicer večino časa skriti, je nekaj kar se težko najde na strokovnih dogodkih namenjenih strokovni publiki in ravno taki dogodki, kot je Infosek ponudijo vpogled vanje. Kot IT-jevcu, ki že tretje dela na področju OT varnosti v multinacionalki mi je bilo v izredno veselje, da sem spoznal nekaj drugačnih praks k pristopu varovanja teh omrežij, ter tudi poglede ključnih oseb na področje, ki je vedno bolj aktualno zaradi digitalizacije v industriji Veselim se že našega naslednjega snidenja, do takrat pa ostanite zdravi vsi skupaj, pa čim več uspehov!
Matjaž Demšar, Siemens d.o.o.
Konferenca je top s***. Škoda, da ni več takih. Dajte večkrat na leto dogodke organizirat. Vsekakor priporočam obisk, konferenca je vredna vsakega stroška.
Tilen Rep, Ceneje d.o.o.
Vse, kar organizira Palsit, je po mnogoletnih osebnih izkušnjah izredno kvalitetno. Podobno bi lahko pohvalil le še Arnes.
Mojmir Štangelj, Prirodoslovni muzej Slovenije
Z moje strani samo pohvala. Konferenca uspešno raste, program je raznovrsten in kakovosten, dogodek pa prepoznan kot eden vodilnih dogodkov na temo varnosti, vaša ekipa pa že standardno odlična.
Uroš Žust, Mazars IT d.o.o.
This was my first experience at INFOSEK, I found the conference professional, well organized and attended by some of the top experts in Europe. It was a great time.
Nicholas Skelsey, Secure Network
Vse pohvale za letošnjo konferenco, mi je bilo edino žal, da nismo bili vse 3 dni!
Toni Jeršin, Anni d.o.o.
INFOSEK-a sem se letos udeležil drugič. Priporočam ga zlasti zato, ker se v treh dneh konference zvrsti veliko relevantnih predavanj s področja informacijskih rešitev in obvladovanja informacijskih tveganj. Predavanja potekajo kar v šestih dvoranah hkrati, tako da vsak izmed udeležencev lahko najde nekaj sebi primernega. Pred predavalnicami različni ponudniki predstavljajo tudi svoje rešitve, na voljo pa je tudi dovolj časa za povezovanje in izmenjavo informacij z ostalimi udeleženci konference na večernih dogodkih.
Klemen Nučič, Zavarovalnica Triglav d.d.
It was our second time to partner with INFOSEK conference in 2019, and it was a pleasure again to be part of this event. We had valuable discussions with the conference attendees during the breaks and we were happy to see great participation on our lecture too. We would like to thank the hard work for everyone who took part in the organization, it really was a great conference again! We hope to be a partner of INFOSEK 2020 too! Thank you very much once again for inviting me as a speaker and for organizing the conference. It was a great experience, and I am looking forward to meeting you all again next year.
Daniel Pellarini, Računalniško in podjetniško svetovanje, Daniel Pellarini s.p.
Letos smo bili prvič kot eden izmed sponzorjev konference Infosek. Presenečen sem bil nad odlično organizacijo, zanimivo vsebino predavanj in strokovnimi predavatelji. Po mojem mnenju je to največja in najbolje organizirana konferenca s področja informacijske varnosti, katere sem se udeležil v zadnjih letih. Še posebej bi pohvalil ekipo Palsita, ki je s svojo prijaznostjo in domačnostjo poskrbela za odlično počutje vseh nas udeležencev.
David Božič, Our space appliances d.o.o.
Konference Infosek, ki je že vrsto let osrednji dogodek s področja informacijske varnosti, se zaradi aktualne tematike in strokovnih predavateljev vedno rad udeležim. Prav tako je konferenca odlična priložnost za druženje in izmenjavo izkušenj.
Sašo Rakovec, Gorenjska banka d.d., Kranj
Pohvaliti je potrebno, da tako pomembna konferenca, kot je INFOSEK, posveča pozornost tudi varstvu osebnih podatkov. Informatiki, po večini udeleženci te konference, so namreč tisti, ki se morajo prvi zavedati pomena te temeljne človekove pravice in jo predvsem upoštevati že pri idejnih zasnovah informacijskih rešitev. Vgrajena zasebnost (Privacy by Design) naj postane standard, tudi s pomočjo INFOSEK-a.
Nataša Pirc Musar, Predsednica Republike Slovenije

Vas zanima, kako smo se imeli na lanski INFOSEK konferenci?

Podrsajte po galeriji slik ...

HackStop
Zdaj z brezplačno vstopnico za INFOSEK 2024!

PRIJAVITE SE TUKAJ

HackStop

Brezplačno

  • 1. konferenčni dan - 21. 3. 2024

HackStop + INFOSEK 2024

750 €

  • 1. konferenčni dan - 21. 3. 2024
  • 2. konferenčni dan - 22. 3. 2024
  • INFOSEK 2024
    (4. - 6. 9. 2024, Nova Gorica)

INFOSEK 2024

1200 €

  • INFOSEK 2024
    (4. - 6. 9. 2024, Nova Gorica)

*Cene ne vključujejo DDV

Vsebina predavanj

1. konferenčni dan - BREZPLAČNO

Razvojna vprašanja kibernetske varnosti

21.03.2024 ob 12:45 uri
prof. dr. Igor Bernik | Fakulteta za varnostne vede, Univerza v Mariboru

Pomenljivi trendi kibernetskih groženj v 2024

21.03.2024 ob 13:05 uri
David Kasabji | NIL d.o.o.

Sledenje trendom kibernetskih groženj postaja vse bolj podobno sledenju globalnih medijev. Informacij je preveč in prihajajo iz različnih virov z različnimi interpretacijami in z vsebinami, ki so vsebolj prilagojene izključno za promocijo storitev ali produktov. Marsikateri varnostni inženirji (CISO) nimajo časa iskati igel v kopici sena in nenamerno opuščajo sledenje trendom. Resnica pa ostaja: pomenljivi trendi so še zmeraj edini način, kako ostati korak pred kibernetskimi kriminalci, s pametnimi investicijami v kibernetsko obrambo.

Naj napadalci raje tavajo po LABYRINTHU kot po vaših strežnikih!

21.03.2024 ob 13:25 uri
Marko Kašič | A1 SLOVENIJA d.d.

Na predavanju boste spoznali preprosto rešitev, ki z drugačnim pristopom zaznava napadalce v vašem okolju. Postavite jim labirint, po katerem se bodo izgubili, vaše okolje pa bodo pustili pri miru.

Penetracijska testiranja fizične in tehnične varnosti – primeri iz prakse

21.03.2024 ob 13:35 uri
Žiga Podgoršek | Institut za korporativne varnostne študije

V predavanju bo predstavljeno, kako izvajamo penetracijska testiranja fizične in tehnične varnosti v praksi, kakšne izzive imamo ter kako se jih lotevamo. Predstavljene bodo tehnike fizičnega vdora povezane s socialnim inženiringom (nepooblaščeni vstopi v podjetja), kot tudi npr. hekerski vdor s pomočjo drona, testiranje kontrole pristopa, protipožarne centrale, idr.

Zakaj je pomembna korporativna varnost?

21.03.2024 ob 14:10 uri
izr. prof. dr. Miha Dvojmoč | Fakulteta z varnostne vede Univerze v Mariboru

OKROGLA MIZA: Security operational center (SOC)

21.03.2024 ob 14:30 uri
Jan Bervar | NIL d.o.o.
MODERATORKA: Saša Javorič
  • Kakšne funkcije mora opravljati varnostno operativni center?
  • Kdaj se odločimo za lasten varnostno operativni center in v katerih primerih storitve SOC najamemo?
  • Kaj je potrebno za uspešno delo SOC (npr. tehnološke rešitve, kader, ...)?
  • Analiza podatkov igra ključno vlogo pri odkrivanju in preprečevanju kibernetskih napadov. Kako si lahko pri tem pomagamo z novimi tehnologijami (npr. umetno inteligenco)?
  • Kako se bodo SOC-i prilagajali, da bodo kos kibernetskim grožnjam prihodnosti?

2. konferenčni dan

Cyberspace As a Battlefield: Use of Cyberthreats as a Military Tool

22.03.2024 ob 09:00 uri
Asis. Prof. Jelena Juvan, PhD | Chair of Defence Studies, Faculty of Social Sciences, University of Ljubljana

The emergence of cyberspace as a potential battlefield has transformed the landscape of armed conflicts. Traditional battles fought on physical terrains now extend to the invisible realm of cyberspace. Cyber battlefields have become the fifth dimension of warfare. Not only the strongest military powers of the world, such as the United States of America, China, and Russia but also NATO has recognized the cyber dimension as the new regular battlefield. Cyber threats as part of military operations encompass a wider range of malicious activities, including hacking, data breaches, and disruptive attacks, with the potential to cause significant damage to military infrastructures, national security, and civilian systems.
Not only cyber warfare but even more hybrid warfare is what characterizes the international community today. Cyberoperations as a part of hybrid warfare play a critical role in disrupting, deceiving, and disabling an adversary’s military capabilities and infrastructure. By targeting key systems, such as communication networks, command and control systems, and logistical infrastructure, cyber-attacks can significantly hamper an opponent’s ability to conduct military operations.
The lecture will focus on the use of cyber threats and cyber attacks in the current armed conflicts, with examples from War in Ukraine and the Middle East.

Defending Cloud Computing from DDoS Attacks: Effective Strategies and Techniques

22.03.2024 ob 09:30 uri
Ismail Ahmed | Yalla-Hack

Cloud computing has revolutionized the way businesses operate by providing scalable and cost-effective solutions. However, with the increasing reliance on cloud services, the risk of Distributed Denial of Service (DDoS) attacks has also grown. These attacks can disrupt the availability of cloud resources, leading to significant financial and reputational damage for organizations.

A DDoS attack occurs when multiple compromised systems flood a target system or network with a massive amount of traffic, overwhelming its capacity to handle legitimate requests. This flood of traffic can cause service disruptions, slow down network performance, and even render the targeted system completely inaccessible.

There are several types of DDoS attacks, including:

  • Volumetric Attacks: These attacks aim to consume the target's bandwidth by flooding it with a high volume of traffic.
  • Protocol Attacks: These attacks exploit vulnerabilities in network protocols, such as TCP/IP, to exhaust system resources.
  • Application Layer Attacks: These attacks target specific applications or services, overwhelming them with malicious requests.

Proactive mitigation strategies focus on preventing DDoS attacks before they can cause any damage.
Let's explore some effective proactive approaches:

  • Network-Level Defenses
    Network-level defenses involve implementing measures at the network infrastructure level to detect and mitigate DDoS attacks. These defenses include:
    - Firewalls: Firewalls act as a barrier between the internal network and external threats. They can be configured to block suspicious traffic and prevent DDoS attacks.
    - Intrusion Detection and Prevention Systems (IDPS): IDPS solutions monitor network traffic for potential DDoS attack patterns and take immediate action to mitigate the threat.
    - Rate Limiting: Rate limiting restricts the amount of incoming traffic from specific sources, preventing the network from becoming overwhelmed.
  • Traffic Filtering:
    Traffic filtering involves analyzing network traffic and filtering out malicious requests. This can be done using various techniques:
    - IP Whitelisting: Whitelisting allows only trusted IP addresses to access the network, blocking traffic from potential attackers.
    - Blacklisting: Blacklisting blocks traffic from known malicious IP addresses or ranges.
    - Deep Packet Inspection (DPI): DPI examines the contents of network packets to identify and block malicious traffic.

  • Reactive Mitigation Strategies:
    Reactive mitigation strategies focus on responding to DDoS attacks as they occur. While they may not prevent the attack entirely, they aim to minimize the impact and ensure service availability:

  • Cloud-Based DDoS Protection Services
    Cloud-based DDoS protection services provide an additional layer of defense by diverting traffic through their infrastructure. These services have the capacity to absorb and filter out malicious traffic, allowing legitimate traffic to reach the target system.

  • Resource Scaling
    Resource scaling involves dynamically adjusting the resources allocated to a system based on the current demand. In the case of a DDoS attack, scaling up resources can help absorb the excess traffic and maintain service availability.
  • Incident Response Planning
    Having a well-defined incident response plan is crucial for effectively mitigating DDoS attacks. This plan should outline the steps to be taken during an attack, including communication channels, roles and responsibilities, and coordination with third-party security providers.

DDoS attacks pose a significant threat to cloud computing environments. By implementing a combination of proactive and reactive mitigation strategies, organizations can strengthen their defenses and minimize the impact of such attacks. Network-level defenses, traffic filtering, cloud-based protection services, resource scaling, and incident response planning all play crucial roles in safeguarding cloud resources and ensuring uninterrupted service availability.
Remember, staying updated with the latest security practices and collaborating with experienced security professionals can further enhance your organization's ability to defend against evolving DDoS threats in the cloud computing landscape.

OPSEC Uncovered: Navigating the World of Operational Security

22.03.2024 ob 10:00 uri
Emaad Abbasi | National Cyber Security Auditing and Evaluation Lab (NCSAEL), National University of Sciences and Technology (NUST), Islamabad, Pakistan

Originally developed for military organizations, OPSEC is a proactive approach to cybersecurity that helps identify and fix risks and vulnerabilities before they can be exploited by malicious actors. It helps protect sensitive information from falling into the wrong hands, thereby preventing data breaches and cyber-attacks.
In this talk, we will explore how different organizations implement OPSEC to secure their human and technical assets, using a gripping real-world scenario that underscores the severe consequences of poor OPSEC. We'll also delve into the various best practices of OPSEC and equip you with knowledge on how to implement these practices personally. Engage with us in this informative and enlightening journey.

Bypassing next generation 2FA and MFA

22.03.2024 ob 10:30 uri
Muhammad Shahmeer | Younite

How to prepare for the OSCP exam?

22.03.2024 ob 11:30 uri
Dorota Kozłowska |

Presenting her experiences from the Pen-200 course, and how to prepare for taking it - not only technically.

The industry-leading Penetration Testing with Kali Linux (PWK/PEN-200) course introduces penetration testing methodologies, tools, and techniques in a hands-on, self-paced environment. The PEN-200 course and online lab prepare you for the OSCP penetration testing certification that is highly sought after by the recruitment staff looking for Penetration Testers.

Who is this course for:
- Infosec professionals transitioning into penetration testing
- Pentesters seeking one of the best pentesting certifications
- Those interested in pursuing a penetration tester career path
- Security professionals
- Network administrators
- Other technology professionals

This and more information on the course can be found on the OffSec Page here: https://www.offsec.com/courses/pen-200/

In this presentation, Dorota wants to highlight ways to prepare yourself for taking the course, because it's not beginner-level, and it's intense. She will mention some technical preparation sources, but her emphasis is mostly on how to put yourself in the right mind space to learn more. Why is she talking about that? Because the PEN-200 course and preparation for the OSCP exam were the things she was living in during the year 2023, she did not know about a lot of things that piled on and resulted in an unsuccessful first exam. So, What Mistakes Not to Make during Your OSCP Exam Preparation is the working title of Dorota's presentation. :) 

Visualising CyberSecurity Posture with AWS

22.03.2024 ob 12:00 uri
Denis Hlukhau |

A big problem in the IT security domain is internal security posture reporting, especially when the target audience is people with little technical knowledge, e.g., risk managers. Many security service tools & providers use proprietary visualization. Often, it's just JSON, XML, or plain text. Another big piece is managing access to such information.
In order to unify reporting, you can use the following approach: Take the output data of these applications as input for your data pipelines, run your data through the pipes, and visualize it in alignment with the internal visualization standards.
Denis Hlukhau will present the implementation of this approach in the AWS Cloud infrastructure using such services as S3, Glue, QuickSight, etc.

Combating Targeted Ransomware Through Threat Hunting

22.03.2024 ob 12:30 uri
Amr Thabet | MalTrak

This presentation will focus on understanding APT attacks & targeted ransomware attacks, why your security is failing you and lastly, the step-by-step guide to implement continous threat hunting in your organizations to combat these attacks.

OWASP ASVS: Methodical Application Security Testing

22.03.2024 ob 13:00 uri
Ralph Andalis |

OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure applications. It has been gaining popularity over the recent years to even getting itself as part of the "must know" knowledge for some AppSec job postings, yet a lot of people are confused with its usage and how to really use it. This talk will discuss some of the nuances and approaches to a more methodical and practical web app pentest and how can someone use it efficiently whether they are a builder (developer), planner (architect) or breaker (pentester).
This talk will go through the overview of ASVS, its main purpose and usage, categories and subsections, practical examples of several requirements that could be easily tested (pentester's view), practical examples as well of some requirements that people have difficulty to interpret and test (developer and pentester's view), also demystify some of the confusing requirements and a bit of sneak peek for the upcoming version 5.0 (fixes and work in progress).

Prijavi se na HackStop

HackStop (21. - 22.3.2024) + INFOSEK 2024 (4. - 6.9.2024) - 750 € + DDV
* Z vplačilom kotizacije za HackStop (750 € + DDV) prejmete VIP (brezplačno) vstopnico za konferenco INFOSEK 2024!
HackStop 1. dan (21.3.2024) - Brezplačno

INFOSEK

1. KONFERENČNI DAN (4.9.2024)
2. KONFERENČNI DAN (5.9.2024)
3. KONFERENČNI DAN (6.9.2024)

CIO FORUM

1. KONFERENČNI DAN (4.9.2024)
2. KONFERENČNI DAN (5.9.2024)
3. KONFERENČNI DAN (6.9.2024)

On-Line

Konferenco želim spremljati preko spleta (velja za INFOSEK)

GDPR KONFERENCA

1. KONFERENČNI DAN (4.9.2024)
2. KONFERENČNI DAN (5.9.2024)
3. KONFERENČNI DAN (6.9.2024)

MASTERMIND KONFERENCA

1. KONFERENČNI DAN (4.9.2024)
2. KONFERENČNI DAN (5.9.2024)
3. KONFERENČNI DAN (6.9.2024)

DELAVNICE

DELAVNICA:
DELAVNICA:
Da Ne
Želim prijaviti dodatne udeležence

Dodatni udeležženci

Vsa polja označena z * so zahtevana!

Vse informacije o plačilu boste dobili po elektronski poššti.

Strinjam se s splošnimi pogoji poslovanja podjetja Palsit d.o.o. *
*Organizator konference (Palsit d.o.o., Mednarodni prehod 2A, Vrtojba, 5290 Šempeter pri Gorici, davčna številka: SI 92141927) zahtevane podatke potrebuje za namen organizacije in izvedbe konference in jih kot upravljavec osebnih podatkov obdeluje na temelju 6/I člena GDPR - točka b (pogodba o udeležbi na konferenci).
*Organizator bo na podlagi 158/II člena ZEKom-1 e-naslove uporabljal tudi za namen pošiljanja sporočil z oglasno vsebino. Seznanjen sem, da se od prejemanja oglasnih e-sporočil lahko kadarkoli odjavim, in sicer tako, da v poslanem elektronskem sporočilu kliknem na označeno povezavo.
Želim prejemati SMS obvestila o dogodkih podjetja Palsit d.o.o.
*Od prejemanja SMS sporočil se lahko kadarkoli odjavite.
Želim brezplačno prejeti prezentacije predavanj (pdf oz. ppt),
zato se strinjam s posredovanjem mojih podatkov (ime, priimek, naziv podjetja, e-mail) sponzorjem INFOSEK konference, ki so objavljeni na spletni strani.
*Po dogodku vam bomo posredovali zbrane prezentacije, za katere imamo soglasje predavateljev.

Politika zasebnosti je dostopna na povezavi: https://palsit.com/politika-zasebnosti


Stranka se zavezuje k poravnavi celotnega zneska v roku 7 delovnih dni od izvedene prijave. Brez v celoti poravnane kotizacije vstop v dvorano, kjer se izobraževanje odvija, ni mogoč. Skrajni rok za odjavo od izobraževanja, delavnice, dogodka ali seminarja je 10 delovnih dni pred pričetkom posameznega izobraževanja. Odjava od posameznega izobraževanja mora biti vedno v pisni obliki na [email protected] ali po pošti, na naslov Palsit d.o.o., Mednarodni prehod 2a, Vrtojba, 5290 Šempeter pri Gorici. V primeru odjave po tem datumu, organizator zaračuna znesek, ki je sorazmeren s storitvami, opravljenimi od trenutka odjave, za administrativne in druge stroške povezane z odjavo. V primeru neudeležbe brez odjave pa organizator zaračuna celotno kotizacijo izobraževanja.

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.