Detailed Programme: Monday 25th May 2025
| Time | Title | Speaker | Description |
| FULL DAY TRAINING 9:00 – 17:00 | Ransomware Empowerment | Gregor Wegberg | Abstract This training is designed to empower the community with the knowledge and skills necessary to prepare for, respond to, and mitigate the impact of ransomware attacks. With a strong focus on real-world application, the session will delve into key aspects of ransomware, proactive defense measures, incident response, and recovery strategies. |
| HALF DAY TRAINING: 9:00-12:30 / 13:00-17:00 | Unpacking FrostyGoop: OT Malware Dissection & Detection | Claudiu Chelaru | When 600 apartment buildings in Ukraine lost heating during a harsh winter, the culprit wasn’t missiles – it was malware. FrostyGoop, a lesser-known but exploited OT threat, was designed to disrupt industrial control systems using ModbusTCP. This malware had one mission: manipulate a specific controller to cause real-world impact. In this session, we’ll unpack how the malware was identified, how its behavior was analyzed, and what we learned from dissecting it. More importantly, we’ll highlight how you can improve detection strategies for these focused, purpose-built threats using anomaly detection, open-source threat intelligence, and behavioral indicators.
In short, we’ll take a deep dive into FrostyGoop OT malware, validating IoCs, examining ModbusTCP functions it supports, analyzing targeted ENCO controllers via OSINT, parsing malware config JSON and examining samples. We’ll explore reverse engineering its core, building enhanced detection strategies, and applying anomaly detection using YARA rules and network traffic analysis. |
| HALF DAY TRAINING: 13:00-17:00 | Cyber crisis – tabletop exercise | Maria Edblom Tauson, Anne-Marie Achrenius | We want to offer a table top exercise including a basic introduction to crisis exercises and crisis management. We are ending the day with a lessons learned session. |
Detailed Programme: Tuesday 26th May 2025
| Time | Presentation | Presenter | TLP |
| 9:00 – 12:30 | CLOSED MEETING | ||
| 12:30 – 13:30 | LUNCH | ||
| 13:30 – 14:00 | My CERT PL – free security tools for everyone (in Poland) | Krzysztof Zając | TLP:CLEAR |
| 14:00 – 14:30 | Improving vulnerability management at Masaryk University | Matej Smycka, Adam Ruman and Adam Chovanec | TLP:GREEN |
| 14:30 – 15:00 | COFFEE BREAK | ||
| 15:00- 15:45 | From Home Network To Global Threat: How Consumer Routers Are Targeted By Botnets | Ariela Lopez Rodriguez, Edwin Schaap | TLP:GREEN |
| 15:45 – 16:45 | Lightning Talks |
Detailed Programme: Wednesday 27th May 2025
| Time | Presentation | Presenter | TLP |
| 09:00 – 09:15 | Welcome | ||
| 09:15 – 09:45 | Automatic classification of cyber incidents using privacy-preserving artificial intelligence | Loya Haughton | |
| 09:45 – 10:30 | Preparing for a Cyber Crisis | Gregor Wegberg | TLP:GREEN |
| 10:30 – 11:00 | COFFEE BREAK | ||
| 11:00 – 11:30 | Resilmesh: Situation Awarness Enabled Cyber Resilience for Dispersed, Heterogenous Cyber Systems | Martin Husák, Brian Lee and Matti Saarelma | TLP:CLEAR |
| 11:30 – 12:15 | TSD – an eInfrastructure for sensitive data | Espen Grøndahl, Leon Charl du Toit and Dagfinn Bergsaker | |
| 12:15 – 12:45 | GenAI – The next arms race? | Thorben Jändling | TLP:AMBER |
| 12:45 – 13:00 | The Evolution of Gryphon – Crafting the Ultimate IR Solution: Transformation into the most comprehensive incident responder’s toolkit |
Michal Safranko and Jakub Petrik | |
| 13:00 – 14:00 | LUNCH |