Level: Advance Subject Matter

Abstract:
In this workshop we will walk through the analysis of an APT28 attack chain together. It will feature a then-0-day Microsoft Office exploit and a few other file formats as well as a look at the infrastructure behind the attack.

Requirements::
Please bring laptop with a charged battery. You will be handling real-world malware (you act at your own risk; No backup, no pity). I recommend to use a virtual machine (e.g. FLARE-VM, Remnux). No special tooling is required, make sure to have the basics (Text and Hex Editor, Browser, ZIP utility) installed. No photos during the workshop please, you will receive a copy of the slides.

Bio:
Marius Genheimer aka f0wL specializes in digital forensics, incident response and malware analysis. He is responsible for threat research on the SECUINFRA Falcon team.

Level: Tehnical

Abstract:
Want to build secure applications without co-sponsoring a Formula 1 team?

Open source tools have become essential in today’s cybersecurity landscape, offering comprehensive, low cost solutions for securing modern applications.

In this workshop, we’ll explore the full spectrum of how open source tools can be leveraged to secure your applications from development to deployment, covering both the code and cloud layers. We’ll walk through specific tools like:

• ZAP for web application scanning
• Trivy for container security
• Checkov for threat detection in cloud assets
• Opengrep for SAST and IaC

All these tools will feed into DefectDojo, an open source vulnerability management platform that acts as a single dashboard to aggregate, visualize, and manage all your security findings. Through live demonstrations, you’ll see (and use) these tools in action and understand how to integrate this ecosystem into your development pipeline to enforce security at every stage.

We’ll also dive into real-world examples where open source tools excel and where they may not always be the best fit and how you can use AI to bridge the gap between commercial tools and open-source scanners.

By the end of this session, you’ll walk away with practical strategies to secure your application’s entire stack with open source tools, as well as an understanding of the limitations to be mindful of. This workshop is ideal for security engineers, developers, and DevOps teams looking to improve their security posture using open source solutions

Bio:
Mackenzie Jackson aka Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations.
Today as the Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.

Level: Tehnical

Abstract:

The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of modern threats.
Although macOS devices still represent a smaller share of enterprise environments compared to Windows, they are increasingly targeted by threat actors. As a result, macOS security and forensic analysis remain less mature and underrepresented in many organizations’ defensive strategies. Recent industry reports — including findings from Red Canary showing a 400% increase in macOS-related threats between 2023 and 2024 — highlight the urgent need for improved visibility and expertise in this area.

This workshop will guide participants through the fundamental steps of conducting macOS forensic investigations, including:

• Creating logical and triage images of macOS devices
• Identifying and interpreting key system artifacts
• Investigating artifacts for evidence of threat actor activity
• Utilizing common forensic tools to support analysis
• Understanding the evolving macOS threat landscape

By the end of this workshop, participants will be able to independently conduct forensic investigations on macOS systems and will receive additional resources to support continued learning and future casework.

Requirements:

Since the core of this workshop involves hands-on forensic analysis of a compromised macOS system, each participant is required to bring a laptop. As the provided forensic images are designed for macOS, participants are expected to use a MacBook for the exercises.

For those who do not have access to a MacBook, a cloud-based virtual machine will be made available, accessible from any operating system.

Participants should have a basic understanding of cybersecurity concepts, though prior experience with macOS internals or forensic analysis is **not** required. The workshop is designed to build these skills through guided, practical exercises.

Bio:

Evgen Blohm is an experienced DFIR expert who has been involved in responding to a large number of cyber incidents. He is based in Hamburg, Germany and is currently working for InfoGuard AG, where he is also supporting customers with compromise assessments and dark web monitoring.