Level: Advance Subject Matter

Abstract:
Today’s mobile banking landscape is a paradox: customers expect instant, frictionless access to their finances, yet the systems behind that convenience must withstand increasingly sophisticated threats. In this presentation, we explore how secure mobile banking development has evolved under the pressure of regulatory requirements, adversarial creativity, and rapid technological change.

To ground the discussion, we begin with a deceptively simple example: a mobile banking application protected by a four digit PIN. On the surface, this seems like a standard, even familiar, security measure. But as we will see, the PIN – encrypted but ultimately cracked – reveals how legacy authentication mechanisms can become liabilities when attackers exploit predictable patterns, weak cryptographic implementations, or insufficient threat modelling. This case study is not just a cautionary tale; it is a lens through which we can examine the broader ecosystem of mobile banking security.

Regulators worldwide have raised the bar for financial institutions, demanding stronger authentication, robust encryption, continuous monitoring, and demonstrable risk based security design. At the same time, new technologies, such as hardware backed key storage, behavioural biometrics, secure enclaves, and AI driven anomaly detection, offer powerful tools to mitigate the weaknesses exposed by our cracked PIN example.

Our goal today is to connect these threads:

• How regulatory frameworks shape secure development practices;
• What threat modelling teaches us about real world attack paths;
• How emerging technologies can transform a vulnerable four digit PIN into a multi layered, resilient defence strategy.

By the end of the session, you’ll see how modern mobile banking security is not about replacing one mechanism with another, but about building a holistic, adaptive architecture, capable of protecting users even when a single layer, like a simple PIN, fails.

Bio:
Grega Prešeren has been the CTO and lead ethical hacker at the co-founded company Carbonsec d.o.o. since 2017. He is one of the pioneers of security testing in Slovenia and has been involved in this field since the very beginning of his career. He kicked off his pentester’s career in 2010 and has been leading and performing security audits of networks, IT services, web, mobile, and other applications, as well as industrial or SCADA systems, for various organizations in Slovenia and abroad ever since. He holds several professional certificates in information and application security, as well as in information networks. He is also an active lecturer and trainer in the field of application security. His technical knowledge is underpinned by a strong understanding of regulations and standards, making him a sought-after advisor for developing cybersecurity strategies.

Level: Low tech

Abstract:
How to go about implementing an Incident response and recording system in smaller organizations. Focus will be on creating a system that can handle large number of incidents without the need to hire a separate team and minimize impact on current internal experts.
What will be covered:

• How to define goals of a Incident response system
• What should be included in a incident “event” ticket
• How to integrate incident response into existing internal expert teams
• How to learn from your incidents
• What NIS2/ZInfV1 require (or how to report the really bad cybersecurity incidents)

Bio:
Dino Memović – DevOps, sysadmin nowadays mostly in charge of cybersecurity and ISO 27001 implementation. Talk is mostly based on multi-year handling of incident response.

Level: Tehnical

Abstract:
How do threat actors build sophisticated, anonymous attack infrastructure for less than $10? This presentation demonstrates the complete attack chain using only legitimate services—Namecheap, Cloudflare Zero Trust, and Crypto—to create credible phishing campaigns with persistent remote access.
The Attack Chain ($6.98 + fees):
Modern attackers don’t need expensive infrastructure. By leveraging “Living off the Land” techniques with trusted cloud services, they can:

• Purchase legitimate domains anonymously via Bitcoin
• Create professional email infrastructure that bypasses spam filters
• Establish encrypted tunnels through Cloudflare’s CDN (evading firewall detection)
• Maintain persistent SSH access through trusted network traffic
• Launch convincing spear-phishing campaigns

Technical Deep Dive:
This talk walks through each phase with live demonstrations and code examples:

• Domain Acquisition: Namecheap registration with Bitcoin, DNS configuration (SPF/DKIM/DMARC)
• Cloudflare Zero Trust Exploitation: Importing domains, creating tunnels, establishing encrypted C2 channels
• Persistent Access: Configuring cloudflared daemon, SSH key deployment, automatic reconnection
• Phishing Delivery: Social engineering tactics, bash script delivery, full kill chain demonstration

Why This Matters:
These techniques evade traditional security controls because they:

• Use trusted services (Cloudflare, legitimate domains) that bypass most detection
• Require minimal technical skill and investment (<$10)
• Scale easily across multiple campaigns
• Provide reliable, long-lasting access channels
• Offer strong anonymity through crypto and legitimate infrastructure

Defensive Focus:
While demonstrating offensive techniques, this talk emphasizes practical defense strategies:

• Detection methods for malicious use of legitimate services
• Monitoring unusual Cloudflare tunnel activity
• Email security best practices for sophisticated phishing
• Network segmentation to limit compromise impact
• User awareness training based on real social engineering tactics

Target Audience:

• SOC analysts
• Threat intelligence researchers
• Penetration testers
• Incident responders, and anyone interested in understanding modern, low-cost attack techniques and how to defend against them.

Educational Purpose:
All demonstrations are conducted in isolated lab environments. This presentation aims to raise awareness and improve defensive capabilities, not to encourage malicious activity.

Bio:
Sérgio Costa is a Cyber Threat Intelligence Researcher at Axur. He is a veteran of the Brazilian Marine Corps, he holds EC-COUNCIL CTIAv2 certification and graduated in Cyber Defense from FIAP. His research focuses on threat actor methodologies, counterintelligence, and offensive security techniques that help defenders understand and mitigate modern attacks.

Level: Tehnical

Abstract:
There are a number of well known classes of vulnerabilities that an enterprising hacker or penetration tester wants to uncover in an application. Some of those issues are harder to detect or exploit because of well implemented browser security mechanisms or because of various improvements in web application frameworks that hide the potentially dangerous methods from the developers. In addition to the points outlined above, the collective awareness about common security issues, vulnerabilities and potential weaknesses has been raised, making discovery of potential issues more difficult, especially in hard, well audited targets.

In such cases, instead of subverting the code flow, an attacker might try to subvert the applications logic or even better manipulate the business process that the application supports. This class of vulnerabilities is commonly referred to as business logic vulnerabilities, and when discovered in the wild and reported, all specific and different nuanced cases of vulnerabilities are usually thrown into the bucket labeled “business logic” vulnerabilities. But when we review such issues, we can see that each case is unique.

This talk will present the result of a research study where the author manually reviewed about 300 publicly disclosed vulnerability reports and tried to classify and cluster discovered vulnerabilities into a few categories that can be used to detect business logic issues in applications. So let’s take a ride through some real life cases and examples on how to manipulate calculation, assumptions, processes, branching, logical and time based TOCTOU and other fun cases on how to break an application.

Bio:
Tonimir Kisasondi is a co-founder at Apatura, a boutique security consultancy from Varazdin, Croatia. His professional and research area of interest is application security, cryptography and embedded security.

Level: Tehnical

Abstract:
In this talk, we will explore a bug in Windows 11 which can be abused for phishing purposes. We will talk about our process in finding and analyzing the vulnerability, as well as show you how Microsoft fixed it, while further exploring the viability of the technique in present days.

Bio:

• Len Sadowski – Student | IT Security Researcher (seeking for a job)
• Oğuz Bektaş – (Freelance) IT Security Researcher / Red Teamer – Interested in exploits, malware, all that good stuff.