Speakers

Quantum Security: Preparing for a Post-Quantum World

Quantum technology is rapidly advancing and poses a significant challenge to the cryptographic controls we rely on today. If you’ve ever found quantum to be an abstract or intimidating concept, this session is perfect for you! I’ll help you navigate the most important ideas using real-world scenarios and fun analogies to break down technical jargon into easy-to-grasp terms. You will learn how to prepare for a post-quantum world, with practical insights in applications and technologies, such as Azure Quantum or IBM.

The Security Godfather: Empowering Champions to Guard the Family

Today marks the moment you stop seeing security as just a job and start seeing it as family business. A strong Security Champion Program isn’t just about protecting systems; it’s about building trust, loyalty, and leadership from within.

Think of your champions as your capos, trusted allies who guard your territory and keep the family strong. Together, we’ll explore how to build an unstoppable network of insiders who turn your organization into a fortress.

Cybersecurity and Europe: Friend or Foe? (DUTCH)

Europe is threatened on all sides: not only is there a war going on on our direct eastern border, our relationship with China has also cooled. Finally, there is now an American president who puts his own country first with America first. This means that it is important that we can defend ourselves digitally. However, are we sufficiently successful? Aren’t we dependent on (tech) companies outside Europe? In this keynote, Liesbeth Holterman, strategic advisor of the industry association Cyberveilig Nederland, will elaborate on this. Innovation, state actors, vital infrastructure, digital autonomy and legislation and regulations are discussed in conjunction.

A dive into Microsoft Remote Procedure Call (MS-RPC) vulnerabilities and how to find them yourself

In the past few years, several high and critical severity vulnerabilities have been discovered in MS-RPC (Microsoft Remote Procedure Call). RPC calls are often being executed by a high privileged identity like SYSTEM. One functionality is that RPC allows clients to call functions on remote hosts. This opens the doors to potential vulnerabilities that could be exploited remotely. For these reasons, RPC is an interesting area of research.

Join me on a dive into MS-RPC vulnerabilities that have been discovered in the past and how they are still being abused today. Learning from these past vulnerabilities, we will continue by taking a look at how we can discover interesting Windows built-in RPC services, using an automated approach.

Automated REST API vulnerability detection with WuppieFuzz

Today’s world depends on many digital services and the communication between them. To facilitate this communication between applications, standardised and well-specified application programming interfaces (APIs) are often used. In particular, the use of well-defined representational state transfer (REST) architectural constraints for APIs is popular. As an entry point to many applications, these APIs provide an interesting attack surface for malicious actors. Furthermore, since APIs often control access to business logic, a security lapse can have high-impact undesirable consequences. Thorough testing of these APIs is therefore essential to ensure business continuity. Manual testing cannot keep up, so automated solutions are needed. In this talk, we introduce and demonstrate WuppieFuzz, an open-source, automated testing tool that makes use of fuzzing techniques and code coverage measurements to find bugs, errors and/or vulnerabilities in REST APIs.

Attacking LLM Detectors with Homoglyph-Based Attacks

This session explores an attack vector, homoglyph-based attacks, that effectively bypasses state-of-the-art LLM detectors.

We’ll begin by explaining the idea behind homoglyphs, characters that look similar but are encoded differently. You’ll learn how these can be used to manipulate tokenization and evade detection systems. We’ll cover the mechanisms of how homoglyphs alter text representation, discuss their impact on existing LLM detectors, present a comprehensive evaluation of their effectiveness against various detection methods, and see how we can protect detectors against these attacks.

Cybersecurity and the importance of knowledge

To understand what a pencil and a cassette tape have to do with each other, knowledge is needed. Not only knowledge about the separate objects, but especially about the coherence. This same principle also applies to cybersecurity. During this presentation it will become clear how and why this is so important. And what you can do with your own knowledge.