Cyberhagen 2025 Presentations

Non-technical

In an era defined by accelerating threats and relentless data growth, the modern SOC must evolve from reactive alert-chasing to proactive, intelligence-driven decision making. In this keynote, we will explore the emerging role of human-machine collaboration in security operations—how strategic AI augmentation can elevate analyst expertise, how adaptive processes foster resilience, and why a culture of continuous learning is the ultimate force multiplier. Attendees will gain a forward-looking framework for anticipating tomorrow’s adversaries, aligning security strategy with business imperatives, and inspiring their teams to lead with curiosity, creativity, and confidence.

Non-technical

I have a strong passion for improving cyber & information security capabilities at senior management level. Most leaders and specialists struggle to find a meaningful and value-adding role for and communication with senior management. I believe that we can learn a lot from comparable disciplines in more mature industries. An example could be safety in the oil & gas sector. The technology and area of expertise for safety is very different from cyber & information security. But not for senior management. Firstly, one needs to understand and identify the level of maturity and the value of combining different kinds of intelligence and experience. Secondly one must ensure a constructive company culture to facilitate continuous improvement of organizational intelligence.

Technical level: Medium

Recent leaks of internal communications from ransomware groups like Black Basta, Conti, and Lockbit offer a rare glimpse into how attackers plan, coordinate, and execute cyberattacks. This presentation explores how these insights can be turned into practical improvements in detection strategies, protective controls, and incident response action cards – helping organizations better anticipate, disrupt, and mitigate modern ransomware threats.

Non-technical

In today’s interconnected world, managing supply chain risk has become more critical than ever, especially under the stringent requirements of NIS2 and DORA. As leading experts in the field, we will delve into the complexities of these regulations, highlighting their impact on cybersecurity and operational resilience. We will explore practical strategies for compliance, risk mitigation, and the legal implications for businesses in the ever developing legal landscape.

Technical level: Medium-High

In our experience, sophisticated attackers who breach a network stand a good chance of achieving their objectives, leaving a grim outlook for defense teams. While it is undisputed that effective monitoring and alerting are required to catch hackers in your network, we all know how complex and weird real-world networks can be. Finding attackers in your network is like finding the needle in the haystack.

Therefore, we want to highlight an underutilized defense mechanism that significantly challenges our work as red teamers: Internal Honeypots (aka. Deception or Canaries) are proactively placed traps that function as a high-fidelity intelligence source.

This presentation shows how to build effective deception setups to intercept threats that bypass initial defences. It will include:
– Strategy for effective honeypots, maximizing detection capabilities while minimizing rollout complexity
– Our favourite AD honeypots
– Certiception: our self-developed ADCS (Active Directory Certificate Services) deception tool

Technical Level: Medium

Based on first-hand experience, this talk will look at how to leverage frontline threat intelligence to disrupt or completely block both Criminal and Nation State actors.

We will look at a few current examples of where this strategy has helped organizations.

Non-technical

As cyber and operational risks continue to evolve in industrial enterprises, security leaders must move beyond detection and embrace AI-driven risk management to safeguard their OT, IoT, and cyber-physical systems (CPS). Join Nozomi Networks to discover how AI-powered technology can shift industrial enterprises from reactive defense to proactive risk management—enabling the identification, scoring, mitigation, and monitoring of OT/IoT risks before they impact safety, compliance, or business continuity.

Key Takeaways:

• Understanding OT/IoT risks and the fundamentals of risk management
• Overcoming the challenges of managing risks in OT/IoT environments
• Leveraging AI-powered technology to effectively manage OT/IoT risks at every stage of the risk management process

Technical level: Low

Behavioral intelligence is shaping the future of threat intelligence.  Case studies on the use of behavioral anomalies to detect state-linked malware, pre-CVE exploits and APT activity show how the modern SOC harnesses AI to understand the threat landscape.

Join Nicole Wong, Principal Cyber Analyst at Darktrace, as she explores how AI transforms unstructured data into cyber threat intelligence. This session covers the spectrum of AI techniques and their use cases, ranging from the ability to track a nation state to accelerating decision-making and response.  This session also highlights the unique advantages of behavioral AI in OT and manufacturing settings to detect pre-existing, insider threats.

Attendees will gain insight into how AI-driven behavioral intelligence helps security teams move from detection to response faster, with greater confidence.

Non-technical

Intelligence from private industry is not only valuable to law enforcement – it is vital. We depend on not only the eyes and ears of skilled professionals and researchers travelling through cyberspace, but also the analytical tradecraft and technical skillset that separates background noise from significant intelligence.

The presentation will include a description of the way the Special Crime Unit in Danish police use intelligence from different sources – including private sector – to develop an understanding of the cybercriminal ecosystem. This understanding enables us to target the most dangerous and facilitating parts of the crime landscape with proactive investigations and disruptive measures.

The presentation will include real-world examples, where intelligence from private partners enabled law enforcement actions. We will touch upon technical subjects, but it will not be deeply technical.

Technical level: Medium

An engaging and eye-opening presentation on the investigation of BumbleBee Malware from Lloyds Banking Group’s perspective. Discover the immense value of Cyber Threat Intelligence (CTI) and collaboration, with insights on support from CSIS. Learn about the importance of sharing intelligence and the unique advantage of creating your own intelligence to outsmart the Adversaries and sometime beat the vendors to the post. Don’t miss this opportunity to gain valuable knowledge and see how innovative approaches can make a difference in the world of cyber security!

Technical level: Low

We will look at the history of Chinese geopolitics and use that to understand cyber activity, AI and other topics. Finally we will step into the future and try and understand what comes next and what skills you may need in the future!

We are in a new dynamic geopolitical situation. I will explore the following topics to give insights from intelligence we have processed:

• China’s Cyber landscape, cutural context, state actors PLA, counter intelligence and economic espionage
• Emerging threats, SPACE and digital ledgers 
• A summary of potential recommendations which you can consider for your organization.

Technical level: Low-Medium

The digital realm presents an ever evolving threat environment for journalists and activists who are critical to democratic discourse. This presentation delves into two interconnected challenges: the increased proliferation of sophisticated exploits through Exploit Brokers and Commercial Surveillance Vendors (CSVs), and the pervasive censorship tactics employed by states to target civil society.

Google’s Threat Analysis Group (TAG) is a world leader in uncovering in-the-wild 0days, investigating exploits, and sharing actionable insights with the global security community and policymakers. This talk will cover our latest view into the lucrative industry of commercial surveillance, the tools it creates and propagates, and the increased usage against those who hold power to account. This presentation will draw upon firsthand experience assisting individuals and organizations in navigating restrictive digital environments.

Understanding and combating the negative effects of this industry relies heavily on comprehensive threat intelligence. Together, security professionals and lawmakers can develop more effective strategies for protecting high-risk users and preserving the fundamental principles of free expression.

Technical level: Low

At Spamhaus andabuse.ch we have long realized the power of sharing data. Whether it’s opening up our IP, domain and malware data to the internet at large or enabling individual contributors to amplify their signals through our established platforms, getting data in the right hands is central to what we do.

In this presentation, we will:

• Demonstrate through detailed real-world use cases how data sharing drives progress and impact.
• Highlight the importance of a trusted third party in facilitating data exchange.
• Explain how our platforms streamline the logistics of sharing data.
• Explore the advantages for those who choose to share their data.

Sharing data doesn’t require extensive development work, and doesn’t risk exposing any secret sauce. What it does do is help others, including people you may not know, gain a better understanding of the threats they face, ultimately making everyone more secure.

Technical level: Medium

Building on last year’s investigation into a massive Chinese package redelivery smishing syndicate, this presentation delves deeper into one of the key actors briefly touched on in the previous research.

PepsiDog is a threat actor that exemplifies a new level of professionalism, operating as a “developer-first” entity in the phishing ecosystem. By selling advanced phishing kits and offering phishing-as-a-service (PhaaS), they provide tools that enable global targeting of individuals and institutions, often through package redelivery scams.

This research highlights how this actor differs from others in scale, sophistication, and operational structure, demonstrating the ongoing evolution of threat actor capabilities. A day in the life of a threat researcher investigating this group will offer attendees a behind-the-scenes look at the challenges of unraveling their operations.

Additionally, we’ll explore their technical innovation, the expanded adoption of new cash-out mechanisms, and how their kits are being sold and deployed globally.

Key findings and updates for attendees include:

• Insights into how this actor designs and markets phishkits to other criminal groups, enabling widespread and efficient phishing campaigns.
• A peek inside the panel demonstrating of the actor’s sophisticated phishing kit, including their modular and customizable features designed for global targeting.
• Analysis of the steadily increasing number of compromised credentials and financial data linked to this actor’s operations over the past year.
• Examination of the actor’s growing influence and their collaboration with other Chinese groups exhibiting similar tactics, techniques, and procedures (TTPs).

This session, tailored for both technical and non-technical audiences, will provide actionable insights into the professionalization of cybercrime and offer strategies for detecting and defending against such advanced threats.

Non-technical

This session explores key insights from Coveware’s ransomware adversary Insights, drawing on real-world case data, forensic trends, and threat actor behaviors observed across hundreds of ransomware events. Attendees will learn how actionable intelligence, from encryption reliability to exfiltration tactics, informs decision-making, shapes negotiation strategy, and improves recovery forecasting. This session will demonstrate how aligning threat intel with technical indicators helps de-risk even the most chaotic stages of a ransomware attack.

Non-technical

• Key trends in cyber security: share overview of key cybersecurity trends addressing emerging threats and vulnerabilities and how it impacts Nordics companies
• Deep dive in Artificial Intelligence and potential opportunities for Nordics companies in cyber
• Overview of key opportunities in the Nordics and implications

Non-technical

Dive into a complex ecosystem representing a massive threat in the fraud space. Gain a deeper understanding of the components, services, actors, and trends of the growing Chinese criminal underground. Supported by and built on top of nearly 2 years of research into the Chinese smishing syndicates who pioneered the use of Digital Wallets to enable fraud, we’ll focus on the entire ecosystem’s evolution and supporting pillars. This presentation will cover major actors, services on offer, trends in targeting, monetization, money laundering, and more.

AUDIENCE: Intended for both technical and non-technical audiences.

TAKEAWAYS

1. Full understanding of how Digital Wallets are being abused to perpetrate and enable significant losses.
2. Deeper insight into the Chinese fraud ecosystem, including selected actors.
3. Knowledge of novel fraud-enablement services.
4. Quantitative and qualitative information related to the size, scale, and nature of fraud being enabled by these actors.
5. Mitigation recommendations to help defend your organization.