Level: Low tech

Abstract:
It may not be the fanciest or prettiest subject as there are probably no hooded h4ckers and h4ckz0rs in this, nothing to brag on forums but the social engineering attacks in their various forms compromise bulk of current threats on cyber horizon and present daily “bread and butter” for many cybersecurity companies and organizations in their struggle to prevent them. Not to mention huge financial impact and consequences of such an acts which already surpass so-called “ordinary crime”.

At SI-CERT, Slovenian national computer security incident response team, due to our vast but also very diverse constituency and also because of the successful (cyber) awareness campaign, we receive high numbers of incident reports and cases of various types of social engineering scams and attacks – ranging from “Nigerian classics”, romance scams, international crypto investment schemes and operations, fake shops, extortions, BEC, imaginative use of AI and deepfake technology up to sophisticated two-stage (spear) phishing campaigns. This gives us pretty good understanding, broader picture of threat landscape and especially intimate knowledge of “what is really going on out there”. In the presentation I will show what are the current trends, threats and how do we, as a SI-CERT, “fight” against such events. But most of all there will be showcase of real-life reported cases which may leave you dazzled, confused and in utter disbelief. You may be surprised, but cliché Arabian prince with cash surplus that just landed into your inbox or “money for nothing click here” does actually still exist. For those who believe, at least. ;)

Bio:
Miloš Gajić, SI-CERT inc. handler/sec. analyst, lecturer, author; ex NREN helpdesk, sysadmin guy. Likes to dwell into a good online scam. Otherwise grumpy but avid skier, hiker, lover of old school dystopian sci-fi and just plain dad.

Level: Tehnical

Abstract:
We spent two years worrying about LLMs hallucinating. Now we have to worry about them having “hands.”

Coding agents are evolving from passive autocomplete into autonomous engineers that run commands and commit code. This changes the threat model. The attack surface has expanded from a chat window to your local machine, credentials, and production servers.

This talk covers how the autonomy that makes agents useful also makes them vulnerable. I will walk through the progression from early IDE bugs to attacks that use an agent’s helpfulness against it. Traditional security boundaries fail when an attacker can manipulate your trusted tools.

If AI can act, it can be weaponized.

Bio:
Aleš Brelih – Security engineer @ 3fs – Personal website: https://alesbrelih.dev/about/

Level: Low tech

Abstract:
This talk presents today’s AI security defense landscape and what’s coming next. It examines risks posed by autonomous agents, why existing controls are insufficient, and the emerging practices such as governance, monitoring, secure access, and intent based detection needed to safely scale agent driven systems.

Bio:
Raz Tel-Vered is a technological leader specializing in research and development of production grade solutions at the intersection of AI and cybersecurity. He has developed innovative solutions for addressing advanced security challenges and leveraging AI to detect and mitigate sophisticated threats.

Raz currently works at Zenity, where he focuses on defining and advancing the emerging field of AI Agents security. With extensive hands on experience in modern cybersecurity techniques and real world threat detection, he brings a unique blend of technical depth, innovation, and practical impact to securing AI driven environments.

Level: Tehnical

Abstract:
Password cracking is a well-established technique used to recover plaintext passwords from hashed or encrypted data. While extensive tutorials, tools, and methodologies exist, most approaches are optimized for English and other morphologically simpler languages. There is surprisingly little guidance on adapting these techniques for morphologically rich languages such as Slovenian, Turkish, Slavic languages and others where inflection, declension, and word variation significantly expand the password search space (like German).

This talk explores practical methods for optimizing password-cracking workflows for such languages. I will cover best practices, linguistic considerations, and tooling strategies, introduce a recently released toolkit designed specifically for this challenge, and demonstrate how these approaches improve real-world cracking effectiveness.

The session focuses on actionable techniques that have produced measurable improvements in realistic assessment scenarios, offering attendees both conceptual understanding and immediately applicable methods.

If you already know how to crack passwords, this session will show you how to crack them better when English assumptions stop working.

Bio:
Vlatko Kosturjak serves as the VP of Research at Marlink Cyber, boasting over two decades of dedicated experience in the realms of information security and cybersecurity. He have successful M&A experience in different fields of cyber security and in different roles.

Level: Tehnical

Abstract:
The focus of this presentation is the not so distant future. We are about to witness the death and rebirth of penetration testing, where the typical pentester shifts from a manual worker to a tool user, and finally to an “operator mode.” We saw pentesting emerge as a mostly manual discipline, then tools took over, and now we are entering a new era.
In this talk, I will demonstrate a “light” version of an AI agent. It doesn’t have every complex component of a full agent, but it has enough logic to do real pentesting jobs. I will show this software performing fully automated Linux privilege escalation. Then, we will use the same concept to automate OSINT tasks.
This might not sound like a huge innovation, since automation tools have existed for years. However, when you apply this concept to new problems and introduce an orchestrator, you get “hacking at scale.” This sounds optimistic, but it is already reality. The recent paper from Anthropic about “AI-orchestrated cyber espionage campaigns” shows that threat actors are already using this at scale. The bad guys are shifting to “Pentest Operator” mode. In this presentation, I will explain why this transition is inevitable and show you how it works in practice.

Technical Breakdown & Demos:
Agent Architecture: A look at the “light” agent logic and how it parses command output to make autonomous decisions without human input.
Auto-Privesc (Demo): The agent is dropped into a low-privilege Linux environment. We will watch it enumerate SUID binaries, kernel versions, and misconfigurations, select an exploit, and execute it to gain root.
Cognitive OSINT (Demo): Moving beyond scraping, the agent analyzes data and provides a nice report.
The Orchestrator: How these individual agents can be managed in a swarm to cover massive infrastructure simultaneously.

Bio:
Danijel Grah has over ten years of experience in cybersecurity. He began his career as a consultant before transitioning into research and later joined NIL (part of Conscia Group) as a Cyber Security Analyst in the Security Operations Center (SOC)/MDR. He eventually returned to Offensive Security and now serves as a Technical Lead. Danijel brings extensive expertise in penetration testing, security hardening, programming, consulting, and the development of cyber defense systems. He has published and presented research at various international information security conferences and has confirmed his knowledge and experience with industry certificates, such as GRID, GCFR and CRTO.