Learn the essential skills and strategies to kickstart your career in cybersecurity. Sigita Andrulionytė will share her insights and practical advice on how to stand out in the competitive job market.

Analyst Workshop is aimed at providing participants with common workflows and analysis that a security analyst would leverage daily.

Module 1: Data Navigation and Visualization
- Discover Data: power of a normalization Schema and free text search
- Lens: Explore security data with Visualization building
- Security Dashboards and Reporting

Module 2: Guided Investigations
- Investigate alerts and events with triage
- Guided threat hunting with data exploration
- Host Analytics
- Network Analytics
- User Analytics

Module 3: Threat Detection and Investigation
- Alert Triage
- Timelining of events and alerts
- Event Analyzer for chronological alert investigations
- Session Viewer
- Case management workflows to collaborate and aggregate investigation findings

Module 4: Dark Radiation Ransomware Investigation
- Day in the life of an Analyst
- Scenario brings together all the concepts learned in modules 1-3

Workshop Takeaways
- Ability to leverage the Elastic Security for Incident Response
- Ability to understand common workflows for cyber security tasks
- Ability to create security focused visualizations
- Ability to take a proactive approach with Elastic Security
- Ability to apply comprehensive incident response with a case management workflow

Who should attend?
- SOC Analysts / Engineers / Administrators
- Incident Responders & Threat Hunters

Attendee Prerequisites
- Eyes on Glass, Analyst Experience with Elastic Security or any other SIEM or Security Analytics Solutions
- An understanding of current security operations procedures
- An understanding of currently available data sources, desired integrations (other SIEM, UEBA, SOAR, etc)

During this interactive CTF you’ll get hands-on with Security experience - competing against fellow security practitioners in the hunt for threats. Within a real attack scenario, participants will hone their security skills, interact with fellow practitioners, and experience threat hunting and SecOps workflows.

What will you learn?

• Learn about SIEM features and capabilities
• Immediately put your new knowledge into practice
• Hunt and investigate within a CTF exercise based on a real attack scenario
• Win some cool prizes 🏆

• A computer with a fast internet connection and a modern browser (e.g., Chrome)
• An understanding of endpoint and network fundamentals is required.
• Experience working in an IT or security operations role such as SOC or incident response analyst is strongly preferred.
• Experience using a SIEM and knowledge of adversary tradecraft are a bonus.

Cybersecurity professionals face relentless pressure, constant alerts, and high expectations. In this talk, we'll explore how cognitive overload affects the brain, why critical threats sometimes get missed, and what leaders and teams can do to stay sharp, supported, and human in a high-stakes environment.

Ona is an accomplished professional whose career journey bridges two seemingly different worlds: high-level leadership and cutting-edge mental health innovation. With over 15 years of experience as a successful IT executive in the financial sector—leading global teams and complex transformations—Ona made a bold pivot toward the mental health field. Today, she is a cognitive behavioural therapy consultant and co-founder/CEO of Neuropulsas, a next-gen mental health clinic focused on non-invasive neuromodulation techniques. Her work combines scientific innovation, psychological insight, and a passion for reshaping how we understand and support emotional well-being. At the heart of her mission is a commitment to humanizing healthcare and offering new hope through evidence-based, yet gentle and personalized approaches.

In this talk, Tomas will take a deep dive into discovering and exploiting a sandbox escape vulnerability CVE-2025-0982 in Google Cloud's Application Integration service, where each step felt like solving a CTF challenge. Starting with restricted file system access, progressing through binary exfiltration, and understanding Java security internals. Eventually, chaining these discoveries led to a complete sandbox escape and arbitrary command execution, which prompted Google to remove the Rhino engine from their product entirely.

Throughout his career, Tomas has specialized in penetration testing, application security assessments, and vulnerability research. His technical expertise spans web application security, infrastructure assessments, and source code auditing. He holds several industry-recognized certifications and has contributed to the security community through published vulnerability discoveries. Currently, Tomas spends his days finding hidden vulnerabilities across the digital landscape and turning his findings into rewards. When not pursuing security flaws in the wild, he focuses on researching emerging attack vectors.

This highly technical talk covers topics typical of a classical IoT hacker:

• Physical access
• Reverse engineering
• Linux kernel development
• Lessons learned

There was a time when threat actors using niche languages like Lithuanian embarrassed themselves with clumsy translations. Those days are over - today, attackers are slipping into inboxes, DMs, and drive-by campaigns with disturbingly fluent Lithuanian. Which malware families have been leveraging the language over the past year? What are they after, and what risks do they pose? Morta will walk us through these localized infection flows and the rise of a threat landscape that’s getting a little too close to home.

Morta is your fellow malware analyst @ Fox-IT / NCC Group. Interests include: making CTI more actionable and cybersecurity less (snake) oily. Other interests include: sports (read it in the voice of “Viagra Boys”), bass guitar, memelogy.

Criminal groups rely on phishing web panels to manage their campaigns and interactions against ordinary people. Due to its nature, information showing the details and complexity of these platforms is not widely available. In this presentation, we will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by phishing groups to manage their campaigns against ordinary people. We will demonstrate how to leverage these vulnerabilities to gain unauthorised access to their phishing infrastructure. This can be used to gather intelligence to help identify the threat actors operating these panels, disrupt their operations, and minimise the damage caused to their victims. Through this session, we aim to provide valuable insights and encourage proactive, ethical approaches to combating cyber threats.

Felipe is a senior (???) penetration tester and self-proclaimed security researcher. Most of the time, he’s mashing the wrong buttons, hoping for the worst but expecting the best, or just yoloing like there’s no tomorrow. Occasionally, he wonders if life is just a CTF.

Andrii and his team at Maverits have prepared a comprehensive special report on APT28, a Russian state-sponsored cyber espionage group linked to the GRU Military Unit 26165. Known for their advanced operations targeting individuals and organizations of strategic interest to the Russian government, APT28 has played a critical role in shaping Russia’s cyber warfare strategy. This report delves into APT28’s activities since the start of the Russian war in Ukraine in 2022, analyzing their major campaigns, shifting tactics, and evolving objectives. By examining APT28, they aim to shed light on Russia’s broader geopolitical and military goals, as reflected in the group’s operations.

Andrii Mankish is now running a threat intelligence company Maverits. Previously worked as cyber threat intelligence coordinator at the National Security and Defense Council of Ukraine. Ex Recorded Future, CERT-UA. Attended as a speaker many different cybersecurity conferences including: Kyiv International Cyber Resilience Forum, Internet Governance Forum, all-Ukrainian webinars organized by USAID.

In her talk, Agnė will explore the hidden world of the dark web and its role in automotive cybersecurity. She will dive into how cybercriminals are using the dark web to exploit vulnerabilities in connected vehicles - from stolen vehicle data like VINs and GPS locations to sophisticated hacking tools targeting car systems. She will uncover the types of vehicle-related information for sale, discuss the risks to manufacturers and owners, and share strategies to protect against these emerging threats.

With two years of experience in automotive cybersecurity, Agnė currently works at Block Harbor Cybersecurity and the Digital Defense Competence Center at VILNIUS TECH. Alongside her professional work, she is pursuing a bachelor's degree and serves as the ASRG-LTU chapter lead. She's also the host of the "Kibernetinis Labirintas" podcast, where she discusses cybersecurity topics. She went from being passionate about cars in her free time to spending 24/7 with them - just with a bit more code and a lot less fuel.

This talk reveals new research on attacking DNNs in black-box environments. It covers two bypass techniques and Model Enumeration to uncover architectures and extract information. Through demos, attendees will see how white box attacks can be adapted to attack black-box models.

Chen Shiri is a cyber security researcher, hacker, known for his research on low-level security and isolation, working with leading security firms, government organizations and Fortune 500 companies. His research has revealed significant flaws within widely-used services and prominent vendors. In addition to its research on Accenture, he published research with early examples of weaknesses in microservices and container-based web apps. Additionally, Chen specializes in deep learning, with a focus on computer vision, and conducts research on the utilization of AI for cyber, including attacking models and penetration testing for AI models.

In this talk we will dive into Capture The Flag competitions from the view of Kalmarunionen. Kalmarunionen is a Nordic team playing CTF’s on the highest international level – ending up on a solid first place in the 2024 global leaderboard. We will dive into how we play CTF’s, different CTF formats, real world stories from our participation and finally we will take a deep dive into what it takes to compete in the prestigious DEF CON tournament based on our own participation.

Morten Eskildsen is an active player and a co-founder of the CTF team Kalmarunionen. He has been an active part of the cybersecurity community since 2017 when he emerged as captain of the Danish Cybersecurity National Team.

Don't miss the grand finale! CTF winners will be awarded by none other than Morten of Kalmarunionen.

The afterparty will take place at the same venue. Bar opens at 18:30.