Curious where are we with CONFidence 2019?

We are working hard to make CONFidence 2019 an unforgettable experience.
Here is some news you might be interested in!

We have 17 lecturers confirmed – wanna know more about them? Click here.

We are launching the CONFidence Class – a series of workshops and lectures for teenagers that will take place before and during CONFidence 2019. For more details click here.

Our WOŚP auction finished at 1425 PLN and all of this money will be used to support children healthcare in specialists hospitals all over the country.

We have announced that CTF competition is back to CONFidence. It will be organized by P4 – 3rd best CTF team IN THE WORLD!

Keep posted as we are just getting started 😉

 

 

Joe Słowik on CONFidence 2019

Joe will talk on: „Meet Me in the Middle: Threat Indications & Warning to enable Operational Threat Intelligence

Discussions on threat intelligence often get bogged down between machine speed ingestion of atomic indicators and in-depth analysis of activity taking weeks (or months) to produce. Left in the cold in such debates is a very important but seldom considered middle ground: time-sensitive and incomplete but enriched threat intelligence. In various military settings, this is referred to as threat indications and warning (I&W) a step beyond a simple observable refined to ensure accuracy and timely receipt. The goal of I&W is to get actionable, important information to those in need of it most as quickly, efficiently, and accurately as possible, even if as a result some context or other insights are lost. As a result of this activity, consumers are better armed and equipped to deal with and counter threats as they emerge, rather than either reacting to items with no context whatsoever or only reading about their challenges weeks after the fact in a complete intelligence report. This discussion will explore the concept of threat I&W within the context of network security generally and threat intelligence specifically to identify this topic as a shamefully ignored middle ground between extremes. The presentation will explore the conceptual background behind this idea, then transition to real-life examples of I&W drawn from the speakers’ past activity in threat intelligence, incident response, and military operations. Attendees will walk away with two key lessons: first, do not let perfect (finished, complete intelligence) be the enemy of the good (actionable, if incomplete, information) when it comes to network defence; second, network defence consists of multiple phases of activity, from tactical to strategic, but ignoring the spaces in between results in fractured and incomplete operations. As a result of this discussion, attendees will be better armed and equipped to ask critical questions of their threat intelligence providers and have an enhanced set of expectations for what threat intelligence can do to support defensive operations.

 

Capture The Flag at CONFidence 2019

We know you’ve missed it so we are coming back to organizing CTF competition at CONFidence. 

 

After a long process of evaluation, we’ve decided to conduct it with a help of P4 – 3rd best CTF team in the world originated in Poland.

 

 

We can’t tell you what tasks to expect but here is what you should know now:

  • Every attendee of the conference can take part in the CTF
  • Your team should consist of 2 to 4 members
  • The competition will last through the whole CONFidence
  • We are planning the teaser (more details soon)

All the other information will be gradually published on our website and in socials!

A while ago we’ve launched an online auction as a part of the 27th finale of WOŚP. 

If you took part in it you know that in this licitation you could win:

  • 2 VIP tickets to CONFidence 2018
  • 2 invitations to dinner with speakers, program committee and organizers before and during CONFidence 2019
  • 2 packages of CONFidence 2019 gadgets

The bidding finished on 16th of January and the winner (going by the enigmatic pseudonym Client:55287580) got the set for 1 425 PLN!

Now this money will help to fund the equipment for specialist children’s hospitals across Poland.

To all who took part in the auction – THANK YOU, YOU ARE AWESOME!

Who can you hear at CONFidence 2019?

Adam Haertle – until recently CSO of a large polish telecommunications company, currently editor in chief of an infosec portal, journalist, researcher, lecturer and trainer. Former ISACA Poland and CSA Poland Board member. A regular speaker at security-oriented conferences, big fan of security and privacy who does not always follow his own advice.


Adam Lange – information security professional with strong experience in malware detection, analysis and prevention. Keeping an eye on clients assets in one of the largest Polish financial institutions, architecting, developing and maintaining security systems and software.


Piotr Konieczny has been helping the biggest Polish and foreign companies to secure networks and web services for 13 years. A graduate of Glasgow Caledonian University. He started working in the IT industry at the British department of Philips Electronics. Founder of Niebezpiecznik.pl, a consultancy company analyzing IT projects in terms of security.

As part of Niebezpiecznik.pl, Piotr manages a team performing audits and penetration tests of ICT systems and conducts training for administrators and programmers in the field of computer network protection, as well as the creation of secure web applications.


Michal Purzynski leads the Threat Management and Incident Response at Mozilla. His team hunts threat actors and helps to protect hundreds of millions of Firefox users. He designed and created managed security services on a datacenter scale, and moved to Mozilla to continue making bad guys life’s miserable. He built the Network Security program, including the Network Security Monitoring system spanning three continents, eight countries, and a cloud. Michal publishes the code for the Bro IDS, spins Suricata above and beyond 40Gbit/sec and makes sure Mozilla has means to detect attacks and respond to them with a „they didn’t even know what hit them” efficiency. He continued sharing his knowledge at various conferences, such as SuriCon and BroCon. Michal is also a member of the Bro IDS Board of Directors.


Ronnie Tokazowski, aka iHeartMalware, is a Senior Threat Researcher with Agari who specializes in BEC intelligence. Ronnie also has experience reverse engineering APT malware and finds enjoyment by messing with threat actors.


Lukas Stefanko is an experienced malware researcher with a demonstrated history of working in the computer security industry. He is a strong engineering professional skilled in security research, Android and mobile security. Lukas joined ESET in 2011, and in the past couple of years, he has primarily focused on researching Android threats.


Vitali Kremez is a Director of Research at Flashpoint. He oversees analyst collection efforts and leads a technical team that specializes in researching and investigating complex cyber attacks, network intrusions, data breaches, and hacking incidents. Vitali is a strong believer in responsible disclosure and has helped enterprises and government agencies deliver indictments of many high-profile investigations involving data breaches, network intrusions, ransomware, computer hacking, intellectual property theft, credit card fraud, money laundering, and identity theft. Previously, Vitali enjoyed a rewarding career as a Cybercrime Investigative Analyst for the New York County District Attorney’s Office.

He has earned the majority of certifications available in the information technology, information security, digital forensics, and fraud intelligence fields. A renowned expert, speaker, blogger, and columnist, Vitali has contributed articles to Dark Reading, BusinessReview, and Infosecurity Magazine and is a frequent commentator on cybercrime, hacking incidents, policy, and security.


Paweł Opitek – doktor nauk prawnych, prokurator delegowany do Prokuratury Krajowej, ekspert Instytutu Kościuszki ds. Cyberbezpieczeństwa, członek Strumienia Blockchain/DLT i Waluty Cyfrowe przy Ministerstwie Cyfryzacji, Polskiego Towarzystwa Kryminalistycznego oraz Centrum Technologii Blockchain przy Uczelni Łazarskiego. Zajmuje się cyberprzestępczością, m.in. kryptowalutami, dowodami cyfrowymi, hakingiem, tokenizacją praw majątkowych. Prelegent na krajowych i międzynarodowych konferencjach naukowych, autor książek, publikacji i specjalistycznych opracowań z zakresu prawa i kryminalistyki. Wykładowca akademicki (SGH, AGH, KSSiP); realizator szkoleń dla służb ochrony prawa, prokuratorów, sędziów i adwokatów. Ukończył studia dziennikarskie, studium pedagogiki i psychologii, studia podyplomowe Cyberprzestępczość w bankowości elektronicznej; obecnie realizuje studia z zakresu prawa nowych technologii.


Dani Goland is a 24-year-old coding machine. At the age of 20, he founded his own boutique company for innovative software and hardware solutions. While gaining experience in the business field, Dani did not neglect his hands-on capabilities. In just a short while he won two coding competitions, one of which was held by eBay. Dani recently relocated from Israel to the United States to study Data Science at the prestigious UC Berkeley. After serving in the Israeli Defense Forces as a commander of a Field Intelligence unit, Dani went on an 8-month journey across South America. He loves snowboarding, music concerts, and having crazy, breathtaking experiences such as spending 5 days in the Bolivian Jungle with no food or water.


Ido Naor is a Senior Security Researcher at GReAT, a team of researchers who’ve been tasked by Kaspersky Lab to investigate the most prolific APT incidents, ransomware distribution, banking heists and other types of internet hacking monsters. Ido’s focusing on threats in the middle east and is actively following groups of hackers who aim to demolish the ordinary lives of citizens and public/gov institutes. In the following years, Ido has been reporting incidents such as the Instagram hack, for responsible disclosure, but also worked with the Israeli military on the case where hackers aimed to spy on soldiers. Both have been widely presented in the media. Ido is 31 years old, a martial arts experts and a father of 3, lives in Tel Aviv, Israel. He served at one of the most notorious intelligence special ops military units, as a combatant, commander and later on as a Krav Maga instructor.


Björn Ruytenberg is an MSc student in Computer Science and Engineering,
specializing in Information Security, at Eindhoven University of
Technology. Being a technology enthusiast, he holds a BSc in Electrical
Engineering as well as Computer Science (cum laude). Aside from his work
as a software developer, he actively participates in bug bounty
programs. His vulnerability research mainly focuses on sandboxing
technology in widely deployed enterprise products, including Adobe
Flash, Microsoft Office and Foxit Reader.


Peter Kálnai is a malware researcher at ESET. As a speaker, he has represented ESET at various international conferences including Virus Bulletin, AVAR, OFFZONE and cyberCentral. He hates mostly malware like crypto-ransomware because it displays hardly any inventiveness and has a very destructive impact on the victim. His golden rule for cyberspace is always to prioritise security measures over user comfort. In his free time, he enjoys table football and travelling.


Michal Poslušný is a malware researcher working at ESET, where he is mainly responsible for reverse engineering of complex malware threats. He also works on developing various internal projects and tools and has actively participated in research presented at AVAR, OFFZONE and Virus Bulletin international conferences in the past. In his free time, he likes to play online games, develop fun projects and spend time with his family.

Early bird tickets and new speakers

First Speakers of CONFidence 2019 are here!
And they are awesome!

Adam Haertle
Editor in chief of an infosec portal, journalist, researcher, lecturer, and trainer. Former ISACA Poland and CSA Poland Board member. A regular speaker at security-oriented conferences, big fan of security and privacy who does not always follow his own advice.

 

Adam Lange
Information security professional with strong experience in malware detection, analysis, and prevention. Keeping an eye on clients assets in one of the largest Polish financial institutions, architecting, developing and maintaining security systems and software.

 

Piotr Konieczny
As part of Niebezpiecznik.pl, he manages a team performing audits and penetration tests of ICT systems and conducts trainings for administrators and programmers in the field of computer network protection, as well as the creation of secure web applications.

 

Michał Purzyński
He leads the Threat Management and Incident Response at Mozilla. His team hunts threat actors and helps to protect hundreds of millions of Firefox users. He designed and created managed security services on a data center scale, and moved to Mozilla to continue making bad guys life’s miserable.

 


Early Bird tickets are already running up!

2 for 1 Early Bird tickets are gone!
If you didn’t manage to buy them don’t worry!

We still have 100 Early Bird tickets so NOW is the time to go to our page and get one!
Or a bunch!

The sale ends on January 7th but they might not last that long…

Go to: http://confidence2019.evenea.pl/ and grab a ticket!

Stay tuned, we’re just getting started!

 

 

 

Why would a bank hack itself? IT Security in Finance covered at CONFidence London

London is the capital of finances, an industry most vulnerable to cyber attacks. That’s why the first UK edition of CONFidence conference is taking place here on 4 October 2018. This is a truly unique event on the local market.

First conference of this kind on Fintech and IT security in Finance

Program of the conference in London is addressed to a specialized group of professionals, such as hackers who defend or attack financial institutions on a daily basis, or specialists responsible for security strategies. All presented knowledge origins from case studies, thorough research, and years of experience. Speakers will use real-life examples and present stories of actual attacks.

„The subject of IT security is invariably very important both for traditional market participants (banks, insurance companies) and fintechs (online transfers, micropayments, mutual loans), which have recently been developing very dynamically in the UK” – says Wojciech Dworakowski, Managing Partner at SecuRing.

Why finance? The answer is simple. “The financial industry is the most vulnerable to cybercriminals’ attacks” – says Adam Haertle, editor in chief of Zaufana Trzecia Strona, one of the most popular IT sec services in Poland. ”As London is the center of global finances, we decided to focus on that sector”.

Technical talks from two perspectives – offensive and defensive

Agenda of CONFidence London is divided into two separate tracks – offensive and defensive. This will allow attendees to see the bigger picture and learn about these issues in a comprehensive way.

Adam Lange, Cyber ​​Threat Intelligence Team Manager in one of the largest Polish financial institutions, describes the program. “Participants will be able to get deep-dive knowledge about attacks (offensive), methods of their detection and counteracting (defensive) and current security trends in the financial sector. It will also be a great opportunity to make new contacts in the IT security industry and exchange experiences”.

Top IT sec experts on stage

Speakers will discuss current topics and present real solutions for people working in the finance industry. Wide range of highly specialized subjects and variety of approaches guarantee a perfect overview of the current situation on the market. On stage: Peter Kruse (CSIS security Group A/S), Aman Sachdev and Himanshu Sharma (BugsBounty), Sang Sik Lee (Financial Security Institute in South Korea) and Pedro Fortuna (Jscrambler), among others.

Hacking voice biometrics and strategies for corporate security officers. Case-studies of phishing of financial institutions and of an authorised attack on VC and its investments. Step-by-step attack evaluations of financial systems and vulnerability analysis methods for pentesters. Web application vulnerabilities on examples from financial sector. Banks’ perspectives on detecting and fighting customer’s device infections. These are only the first few topics that will be discussed during Confidence London.

„If you want to hear how breaking into a bank looks like in 2018 – CONFidence London is for you” – sums up Michał Purzyński, leader of the threat management team at Mozilla.

A new event with unique approach and strong background

CONFidence originated from Poland with previous editions held in Krakow, Warsaw and Prague. Starting from the position of the oldest, one-of-a-kind event for IT security industry, CONFidence developed into a meeting of international specialists.

All those who want to learn why a bank would hack itself are invited to join CONFidence London in autumn. Details can be found at: https://confidence-conference.org/london.html

 

Coming to CONFidence London with a team pays off!

We believe that maintaining security requires strong teamwork and collective up-to-date knowledge.  If you really want to be effective in your daily struggle with security, take your whole team to CONFidence London!

We’ve prepared special benefits for groups – check below what you get when registering 3, 5 or 10 people:

You’ll find the details on our website: https://confidence-conference.org/london.html

Check out the schedule for London!

Peter Kruse (CSIS security Group A/S), Aman Sachdev and Himanshu Sharma (BugsBounty), Sang Sik Lee (Financial Security Institute in South Korea), Pedro Fortuna (Jscrambler) – those and several other IT sec experts will share their knowledge on our stage at CONFidence London! Here are a few topics that we’ll discuss:

  • Hacking voice biometrics and strategies for corporate security officers
  • Case-studies of phishing of financial institutions
  • Authorised attack on VC and its investments
  • Step-by-step attack evaluations of financial systems
  • Vulnerability analysis methods for pentesters
  • Web application vulnerabilities on examples from financial sector
  • Banks’ perspectives on detecting and fighting customer’s device infections
  • …and a lot more. Remember – technical talks only!

You’ll find the program here: https://confidence-conference.org/london.html

Special workshops for students!

CONFidence is all about education – this conference is not only for specialists, juniors are welcome, too! This year we’ve prepared a special program for students (middle school, high school and up). 

Check out the details of the program here: https://confidence-conference.org/warsztaty.html

You can take part in an open panel discussion on starting career in IT security with experts such as Piotr Konieczny (Niebezpiecznik.pl), Michał Purzyński (Mozilla) and Adam Zabrocki (Microsoft) and an open demo lesson with Michał Bentkowski (Sekurak).

This will be followed by interactive workshops for those who want to learn more, with specialists from SekurakMichał Sajdak and Michał Bentkowski. The entry fee is only 40 pln and there are still some spots left!