“Hunting malware in documents (lang: EN)” Ali Abdollahi · Workshop (3 hours)

Most of cyber attacks and Advanced persistent threats (APT) set users as target and exploit documents to compromise victim machines. This workshop will give you a deep knowledge about these kind of attacks and you will be able to hunting threat actors used malicious documents.

“Захист вiд ботiв без шкоди для бiзнесу. Теорiя та приклади впровадження рiзноманiтних механiзмiв” Igor Bondarenko · Talk (40 minutes)

Захист від ботів без шкоди бізнесу

“A DECEPTICON and AUTOBOT walk into a bar: Python for enhanced OPSEC” Joe Gray · Talk (40 minutes)

When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. As someone who unapologetically loses their mind at vendor FUD and buzzword bingo, I was reluctant to use those terms in a s…

“Demystifying the Server Side (lang: EN)” Rajanish Pathak, Harsh Jaiswal, Rahul Maini · Workshop (3 hours)

This class will focus on specific areas of application security and on advanced vulnerability identification and exploitation techniques of the most complex of the server side bug classes. The class will completely be hands-on where the attendees can learn to identify and exploit typical scenarios …

“Post-quantum security: should you care?” Jean-Philippe Aumasson · Talk (40 minutes)

You might have read that quantum computers will break all cryptography and that you should seriously worry about it—and fix your worries by buying the product of company XYZ. But seriously, is this just FUD, real science, or both? What's exactly a quantum computer? When IBM and Google claim to have…

“Paste Wars: fighting for copypaste freedom” Ignat Korchagin · Talk (40 minutes)

No one knows where it came from, but it is spreading like a disease: blocking paste functionality on online password forms. There is no explanation, no research, just a typical “this is for your security…”. And yet, all this is in the age of almost defeating the threat of weak and reused passwords …

“The country of unlearned lessons” Kostiantyn Korsun · Talk (40 minutes)

The active phase of the Ukrainian-Russian cyberwar in 2014-2017 has created several new pages in the cybersecurity textbooks. The whole world was closely watching the dynamics of the most massive attacks. After similar events in the offline world, the Ukrainian army has become one of the most capab…

“Using cloud implementations to hack IoT. A practical guide working on multiple vendors” Alex "Jay" Balan · Talk (40 minutes)

Using cloud implementations to hack IoTs. A practical guide that works on multiple vendors
Abstract (short): With all IoT vendors moving to cloud management, we felt it necessary to have a look at some of those implementations. In this talk, we'll showcase our latest findings on 4 popular vendors a…

“How 2 remove a viru$” Oksana Safronova · Talk (40 minutes)

The research about interesting cases of what type of software the regular user may quickly find in web, searching for solution for malicious items removal.

“PEASS - Privilege Escalation Awesome Scripts Suite” Carlos Polop · Talk (40 minutes)

Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries.

Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain.
Several tools have been created to find possi…

“Local Privilege Escalation Workshop (Linux & Windows) (lang: EN)” Carlos Polop · Workshop (3 hours)

Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries.

Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain.
Several tools have been created to find possi…

“Wifi hacking workshop (lang: EN)” Philippe Delteil · Workshop (3 hours)

Wireless Networks are the most used type of network, most people don’t know really how vulnerable they are. In this workshop we will cover most encryptions used today, how they work and step by step hacking exercises. You will be able to apply this knowledge on real-life-scenario wifis

“Cyber Attacks Against Georgia (October 2019 ) and Georgian Internet Security Landscape” Mikheil Basilaia · Talk (40 minutes)

Cyber attacks against Georgia in October, 2019 drew international attention. Georgian hosting provider was attacked and hundreds of websites (hosted there) defaced.

In February, 2020 US State Department along with UK, NATO, Ukraine, Estonia, Poland, etc. condemnds these attacks and declared that it…

“Help, my browser is leaking! Exploring XSLeaks attacks and defenses” Tom Van Goethem · Talk (40 minutes)

For many years, injection-based vulnerabilities such as XSS and SQL-injection have dominated the web security landscape. However, as browsers and applications are becoming increasingly complex, new vulnerability classes surface. One of these new-kids-on-the-block is XSLeaks, a vulnerability class t…

“Special exclusive interview with Bruce Schneier” Bruce Schneier, Ruslan Kiyanchuk · Discussion (60 minutes)

Special exclusive interview with Bruce Schneier.
Interviewer: Ruslan Kiyanchuk.

“SANDWORM: Lessons from the Ukrainian Cyberwar and Beyond” Andy Greenberg · Discussion (60 minutes)

From Wired senior writer Andy Greenberg comes the true story of the most devastating cyberattack in history and the desperate hunt to identify and track the elite Russian agents behind it.

“Web application security assessment with source code analysis (lang: UA)” Serhii Korolenko · Workshop (3 hours)

Доступ до вихіднонго коду веб ресурсу повинен економити дорогоцінний час пентестерів під час проекту та допомагати знайти більше вразливостей. Під час воркшопу я продемонструю, як я використовую вихідний код під час тестування додатків (може стати у пригоді іншим пентестерам), а також на які місця …

“Tactical Offensive Reporting (lang: UA)” Vlad Styran · Workshop (3 hours)

Цей практичний семінар про те, як створити та викристалізувати хороший, чистий, читабельний звіт. Багато людей, яких я знаю, успішно знаходять вразливості, але лише кілька з них вміють описати свої знахідки у зрозумілій для розробників і менеджерів формі. Під час цього воркшопу я поділюся своїм бач…

“Professional Debate” Several speakers · Discussion (60 minutes)

Hot discussions about current state of cybersecurity in Ukraine and world. Language: UKR.

“Hacker Quiz” All attendees! · Discussion (60 minutes)

We are going to have the traditional Hacker Quiz on the first day after the ending keynote talk. You can register a team by this link:

All instructions will be sent to the captain’s email. The Quiz language is Ukrainian.