“"Beyond Borders: Analyzing and Simulating DNS Manipulation and Geolocation Spoofing in Modern Telecom Networks"”
vignesh Chandrasekaran, Nagendran GS;
Talk60
In this paper, we investigate the capabilities and limitations of manipulating DNS and spoofing geolocation within telecom networks (2G to 5G). By simulating user behavior in controlled environments using testbeds like Open5GS and srsRAN, we explore how DNS resolution paths, IP allocation, and CGNAT pools influence location-based identity. We also analyze DNS tunnel potential, protocol bypassing, and network-level impersonation challenges. The research provides insights into how telecom networks expose or mask location, and proposes defensive mechanisms for secure DNS handling in mobile ecosystems
“A Modern Assembler for ROM Reversing”
Travis Goodspeed;
Talk60
Assemblers and their distant cousins, disassemblers, are important tools for writing low-level code and exploits, for debugging, and for reverse engineering. These tools have been developed separately, leading to incompatibilities.
This lecture introduces GoodASM, an open source tool that assembles and disassembles a wide variety of CISC and RISC architectures. Additional architectures can be added quickly, while rigorous self-testing prevents common mistakes in these definitions. A single definition provides both an assembler and a disassembler, along with a command-line REPL interpreter and a C++ library.
Practical examples will be presented in mask ROM reverse engineering and microcontroller exploitation.
“Advanced Android Archaeology: Baffled By Bloated Complexity”
Mathias Payer;
Talk60
Android has become an ubiquitous platform for running mobile apps, granting different actors access to vast amounts of private data. The growing complexity of the Android ecosystem introduces significant security challenges. In this talk, we will explore multiple layers of Android security: examining the foundational virtualization layers, stress-testing trusted applications, and assessing the impact of recent user-space mitigations. Through the lens of system security, we uncover vulnerabilities even in the most trusted layers. Trusted applications are susceptible to type confusion, while regular apps may face risks such as heap corruption attacks. Join us on this journey to enhance mobile ecosystem security through fuzzing, improved standards, and safer defaults.
“Adventures of Wallet Hacking: Chapter 2”
Joe Grand;
Talk60
Joe Grand has been hacking cryptocurrency wallets to help people recover funds they thought were lost forever. What started as a one-off project has evolved into a dizzying array of personalities and challenges. Chapter 1 was presented at hardwear.io USA 2022 in Santa Clara, California. For Chapter 2 at BalCCon2k25, Joe will share a new set of stories and technical details of his wallet hacking adventures.
“Agent 47: LLM-Based Adversary Framework for Real-World OffSec Ops”
Ali Abdollahi;
Talk
This talk introduces Agent 47, named after the fictional Hitman character, to reflect its stealth, precision, and effectiveness. Agent 47 is a compact, LLM-powered red teaming agent I developed to automate key offensive phases, recon, exploitation, and persistence on minimal hardware, such as a Raspberry Pi or compromised systems.
“Androids, Dreaming: Future Memories”
Christina;
Talk
Some of you will remember the android Roy Batty's famous monologue at the end of "Bladerunner" (1982):
"I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain."
Seconds before his death, he is asking us to imagine the richness of memories and experiences that will be lost forever after an individual ceases to exist. Facts and events can be recorded for those that come after us (as text, photos, videos and in other media), but only in an incomplete and rudimentary way.
However, it seems that today we are so preoccupied with the preservation of our experiences (e.g. by posting them on social media) that we have less time and attention to actually live these experiences.
Are we at risk of living second-hand and third-hand lives? 20 or 30 years from now, when we look back, will we remember living and experiencing our own lives, or just the time spent scrolling through other people's lives and imaginations?
Drawing on over a decade of professional experience as a medical doctor, as a technology consultant and as a writer, I want to discuss with you the ways in which the digital, virtual, always-online world harms our ability to have real-life experiences. Please contribute your own opinions and experiences and let’s find ways to live digital AND real lives.
“Attacking AWS - From initial access to hardcore persistence”
Santi Abastante;
Workshop
Cloud platforms like Amazon Web Services (AWS) are foundational to many critical infrastructures and enterprise applications, making them prime targets for attackers. In this session, we will not only explore the most relevant attack vectors cybercriminals use to compromise AWS infrastructures but will also simulate these attacks using known threat actor techniques in an adversary emulation context. From initial access to hardcore persistence, this talk will provide a comprehensive look at how attackers operate in AWS environments.
We will take a technical journey through the tactics, techniques, and procedures (TTPs) employed by attackers at every stage of the threat lifecycle, aligned with the MITRE ATT&CK framework. We’ll start by reviewing common methods of initial access, such as exploiting exposed credentials or vulnerabilities in services like IAM, Lambda, and EC2. From there, we’ll detail how attackers escalate privileges, move laterally, and evade detection from tools like CloudTrail.
The session will conclude with an in-depth look at advanced persistence techniques in AWS, including the manipulation of IAM policies, backdooring Lambda functions or Docker containers, and tampering with logs. Along the way, we’ll demonstrate how security teams can implement defensive and detection strategies to mitigate these risks. By leveraging AWS-native services and third-party tools, attendees will learn how to enhance their incident response capabilities.
This hands-on workshop will give attendees practical, technical insights into AWS security, adversary behavior, and how to better defend against sophisticated, persistent attacks. With only two slides and full hands-on experience, this talk ensures deep technical immersion.
“Attacking USB with Raw Gadget”
Andrey Konovalov;
Workshop120
This workshop serves as an introduction to the USB hacking topic in general and to Raw Gadget specifically.
Raw Gadget is a low-level interface for the Linux USB Gadget subsystem. Raw Gadget allows turning any Linux-based board (like a Raspberry Pi) into a USB hacking tool that can emulate and proxy USB devices (similar to the Facedancer boards).
The workshop gives an overview of the USB protocol, the Linux USB Gadget subsystem, and the Raw Gadget interface. The offered hands-on exercises include capturing and analyzing the communication of USB devices, emulating normal and malicious USB devices via Raw Gadget, and proxying USB devices via Raw Gadget and libusb to aid reverse engineering.
Note that you must bring your own hardware to attend the workshop (most notably, a Raspberry Pi 5 and a laptop that can power it directly over USB).
“AuthMap - Authorization Logic Mapper for Web Application Security”
Hasan Ekin, Berat Yıldız;
Talk
Authorization bugs such as IDOR, BOLA, and BFLA remain prevalent in modern web applications despite advancements in detection tools and developer education. A key issue lies in the lack of visibility into how authorization logic is implemented and enforced across large codebases. AuthMap is an open-source static analysis and visualization tool designed to map out the authorization flow of web applications. Unlike traditional IAM auditing tools that rely on runtime policies or databases, AuthMap operates directly on the application’s source code, helping both security engineers and developers understand and fix authorization flaws early in the development lifecycle.
“BalCCon Amateur Lockpicking Competition (BALC) - Day 1 Pin Tumbler Locks”
nm29, Sofija Budimir, v1nd1c7, goodvibes, 3iHP0S;
Workshop
A hands-on physical security workshop focused on lockpicking.
Over two days, participants can try:
-
Basic padlock picking (pin tumbler locks)
-
Door lock picking (real handles and cylinders)
Side challenges: handcuffs and safes
Sessions are organized in small blocks (6–7 people), 10 minutes per participant. Tools and practice locks provided. No prior experience needed.
“BalCCon Amateur Lockpicking Competition (BALC) - Day 2 Door lock picking”
nm29, Sofija Budimir, v1nd1c7, goodvibes, 3iHP0S;
Workshop
A hands-on physical security workshop focused on lockpicking.
Over two days, participants can try:
-
Basic padlock picking (pin tumbler locks)
-
Door lock picking (real handles and cylinders)
Side challenges: handcuffs and safes
Sessions are organized in small blocks (6–7 people), 10 minutes per participant. Tools and practice locks provided. No prior experience needed.
“Beyond Signatures: Training ML Models to Hunt Ransomware”
Dusan;
Talk60
This talk is a result of a free-time project to try to truly understand how malware works and the presentation will show a personal journey into malware analysis, demonstrating how we can move beyond traditional signatures to try to stop modern threats.
During the talk we will give a try to practical methodology for detecting ransomware by applying machine learning and going beyond traditional signature-based detection. Also I'll show how I build a classifier that can distinguish ransomware from other malware families. Idea behind this talk is to give you insights how to perform data-driven feature engineering, extracting critical static indicators from PE headers and dynamic behavioral clues—like MITRE ATT&CK TTPs and registry modifications from analysis logs created in Cuckoo3 sandbox environment. I will walk through the process of training and evaluating couple of powerful models for classifications like Random Forest, XGBoost, CatBoost and LightGBM.
Technical Level: Beginner/Intermediate.
Prerequisites: Familiarity with terms like "sandbox" and "static/dynamic analysis" will be helpful to question my work. No specific preparation is required!
“Bring Your Own Loader”
Adhokshaj Mishra, Siddharth;
Talk60
The talk focuses on how a customer loader can be written, and used in Linux; apart from its various uses in defense evasion and other possible attack vectors. The talk will start from basic ELF loader, how Linux kernel handles loading of different executable files, and how a new loader can be written and configured so that it can be used seamlessly. The consequences of such a loader will also be analyzed, and discussed in context of security monitoring.
“Canon Selphy firmware reverse engineering”
Aleks;
Workshop120
We will be taking a look at a photo printer firmware for no particular purpose other than having fun and learning something. We will start by downloading a firmware update from the manufacturer's website, continue with figuring out firmware update format and start digging into the code. We will be using free and open tools, we will be introducing common reverse engineering principles and learning firmware and microcontroller concepts. We'll go as slow as necessary and will get as far as we can in the time allotted.
“Cash for Bugs, Chaos for All”
Antoine Neuenschwander;
Talk45
By crowdsourcing vulnerability hunting, bug bounty programs add an essential security layer as a last line of defense to catch what slips through conventional controls. Over the past 15 years, platforms like hackerone and bugcrowd have played a major role in legitimizing and popularizing the concept, opening up bug hunting to a broader audience while corporate adoption steadily increased. However, as the ecosystem grew, so did the misalignment between the interests of hackers, companies, and platforms, creating unintended consequences, conflicting incentives, and sometimes working against the very security these programs aim to improve. In this talk, I'll share my observations on these dynamics from running the self-managed bug bounty program at Swisscom for the past 4 years.
“Encoding, how does it even work?”
MacLemon;
Talk60
Communication is hard for people and computers alike. From ASCII to UTF, and (almost) everything in between. From historical facts about the needs for different Encodings to current issues with misinterpretations.
This is a beginner friendly talk. It also provides entertaining and unexpected insights for experts alike.
“Getting to you via CT Images - The DICOM Protocol, its Use in Cancer Treatment, and its Inherent Vulnerabilities”
Jani Kovacs;
Talk
If you have ever had a CT image taken in the last decades, it is most likely that the results are managed in some Hospital IT environment using the DICOM standard. This protocol is used for the communication of medical imaging information – the data that is the basis for diagnosing patients and determining their treatment. This presentation gives an insight into how DICOM images are used in radiotherapy and then highlights and demonstrates some of the inherent vulnerabilities of the standard and their recommended mitigations.
“Ghost in the Machine: Exploiting and Securing AI Agent System”
Marek Zmysłowski, Konrad Jędrzejczyk;
Talk45
Step into the world of AI security at the cutting edge, where the stakes have never been higher. Our presentation dives into the critical measures and innovative strategies essential for protecting AI agents against emerging threats, ensuring resilient and trustworthy AI systems for the future.
“Ghost Math: Syscall‑Only Injection, Deterministic Shellcode & QUIC C2 — A CrowdStrike Falcon Bypass Case Study”
Ananda Krishna;
Talk45
This white‑paper describes a live, 72‑hour red‑team operation against a Fortune 500 finance target protected by CrowdStrike Falcon, Microsoft Defender for Endpoint, and a Zeek/Suricata‑based IDS stack. The campaign combined three research threads—thread‑less syscall injection, deterministic mathematical shellcode, and QUIC/HTTP‑3 command‑and‑control—to evade every user‑mode and kernel alert the blue team had enabled. The entire chain is mapped to MITRE ATT&CK v14, and each evasion step is paired with concrete Sigma, Splunk, and Osquery artefacts so defenders can reproduce (and detect) the tradecraft in their own environments.
“Green WiFi - case study in standardisation and regulation”
Amelia Andersdotter;
Talk60
This talk is a modified version of a talk originally given at the ULB Summer School of Technology in Brussels. It will cover the route from environmental regulations at the EU level into technical standards at IEEE 802.11. Leveraging fascinating anecdotes from the regulatory and corporate worlds it will make the case that well-regulated markets are still our best hope for solving pressing society problems.
“Hacker Jeopardy”
Hetti, cluosh;
Talk60
Clue: This glorious competition pits the sharpest minds and greatest nerds of this illustrous community (or, whoever want's to participate really...) against each other in a battle of wits. Contestants show their prowess and speed in hitting buzzers as well as their knowledge about modern, ancient and archaic topics ranging from security to pop culture, while the audience revels in the geeky glory.
Answer: What is Hacker Jeopardy?
“Improving Ghidra Decompilation with Custom Rules”
cluosh;
Workshop120
Ghidra has a well defined extension API, allowing automation of some reverse engineering tasks. Scripts making use of this API can indirectly influence the decompiled code by changing symbol and type information. But if we want to change the structure of the decompiled code itself, we need to get our hands dirty and change the C++ code of the decompiler itself. In this workshop, we cover the basic internals of the Ghidra decompiler and write our own rules to improve decompilation in example programs. Note that we will not cover basic Ghidra usage, so you should already have some sort of Ghidra experience.
“Karaoke - A Night to remember”
MacLemon;
Talk60
By popular demand: Karaoke, as diverse, and supportive as the BalCCon crowd!
Your first time at Karaoke? Sing together with other people!
Questions? Approach MacLemon during the event!
“Killing with Keyboards - How Your Digital Footprint Can Be Weaponizefd”
Noah Jelich;
Talk
In an era where information is power, the wrong keystroke can mean the difference between security and catastrophe. Killing with Keyboards explores real-world scenarios where digital traces—social media posts, blockchain transactions, leaked metadata—become vulnerabilities exploited by hackers, corporations, and state actors.
“Learn to hack AI by hacking AI”
Satu Korhonen;
Workshop120
Join us for a workshop going over the basics of hacking AI, what kind of threats are currently most pressing for AI solutions and hacks we've seen in the wild. I'll also bring by hackable AI bots for you to test your skills with, You'll need your own device, but even a mobile device with access to the internet will do. You'll only need to use language, and through this workshop, you'll learn to see how hacking AI is largely just social engineering.
“Lightning Talks”
Jelena;
Talk60
TBD
“LiteX framework for FPGA+Embedded codesign through hands-on examples”
Tarik Hamedovic;
Talk
This talk presents the integration of custom Verilog hardware IP blocks—including CORDIC, DAC, ADC, upsampler, and downsampler filters—within the LiteX SoC environment. It explains the complete hardware-software loop for controlling these blocks using LiteX-generated CSR registers accessible from a RISC-V CPU. We discuss how to create a LiteX target and platform file from scratch for a new FPGA board, bind CPU-accessible registers to Verilog module parameters, and automate the build and deployment process. Attendees will gain insights into debugging their designs with LiteScope, including practical challenges encountered when capturing signal waveforms over UART and Ethernet. The talk is geared toward FPGA engineers and embedded developers familiar with Verilog and SoC design who wish to expand their workflow to include automated integration and software-hardware co-design using LiteX.
Key Words ---- FPGA, LiteX, SoC, CPU, RISC-V, CSR
“Lockpicking Corner”
Kamee Kaze, Wolfy;
Workshop120
Come spend time between talks picking all kinds of locks! We’ve got challenges for everyone. Tools, guidance, and fun included.
“Making new toolchain for GateMate FPGA”
Miodrag Milanovic;
Talk45
Nextpnr is an open-source FPGA place-and-route tool designed to support multiple architectures. It is a key part of the open-source FPGA development ecosystem and it is a tool for converting synthesized netlists into physical configurations for FPGAs. Using internal frameworks it is possible to target any FPGA architecture. Cologne Chip is European company making GateMate series of FPGAs with quite interesting internal architecture. In this talk I would demonstrate how process of development of nextpnr support for such a FPGA do looks like.
“Mastering Bash for Hackers: Extreme Command-Line Power”
Kirils Solovjovs;
Workshop120
Bash isn’t just an interface to your daily laptop - it’s a weapon. In this hands-on workshop, we’ll push bash beyond its typical use, leveraging it for hacking, data processing, automation, and real-world security applications. Whether you’re crafting exploits, analyzing massive datasets, or automating reconnaissance, this session will equip you with the skills to turn bash into your ultimate hacking tool.
“Miniac: a RISC-V CPU Based Diagnostics Tool”
NIkola Sokolović, Minela Sultanović;
Talk
Join us as we explore Analog-to-Digital (ADC) and Digital-to-Analog (DAC) functionalities on the miniac FPGA platform. We'll detail the integration of these converters, adapting the Control and Status Registers (CSR) to support these new features and tuning the system for accurate signal reconstruction. A critical step involved achieving system-wide clock synchronization by operating the entire system at 65 [MHz] and implementing specific clock synchronization modules to eliminate signal jitter and stabilize high-speed data paths.
We will showcase two distinct data acquisition methods. First, the direct snooping approach, which involves reading individual ADC samples via UART. We'll discuss its inherent performance limitations due to PC-side latency. Second, we'll present our solution using RISC-V assisted snooping. This method leverages the on-FPGA RISC-V CPU to efficiently buffer samples in internal memory. By periodically reading these data blocks via UART, rather than individual samples, we significantly reduce transaction overhead, resulting in a much cleaner signal spectrum and demonstrating improved performance for real-time applications.
This presentation is ideal for hardware enthusiasts, embedded developers, and anyone interested in practical FPGA design and high-speed data acquisition. Basic knowledge of digital electronics, digital signal processing (DSP), and a curiosity about data acquisition systems will be beneficial. Attendees will gain insights into practical FPGA design challenges, performance optimization techniques, and the importance of hardware-software co-design.
“Noisy arts”
Miaou;
Lightning talk
Live demo of generative arts all week-end!
A real time exploration of shaders and simplex noises.
“ORC - a truly adventerous license story”
katzazi;
Talk
Most of us are probably aware about the importance of licenses in the context of software. But there are other areas where they are relevant as well. One scene that most of us usually don't consider in the context of licenses is pen and paper roll playing games like Dungeons and Dragons (D&D). However there is a story to be told about open licenses, that is actually about as old, as the ones that are much more relevant for us.
“Offline Secret Management For The Truly Paranoid”
Anton Livaja;
Talk45
Managing high-value cryptographic keys presents a critical challenge: reliance on a single individual or machine introduces single points of failure and extreme risk—physical coercion, insider compromise, supply chain attacks, compiler attacks, or catastrophic loss.
To eliminate single points of failure in an adequate manner it must be done on all system levels, across hardware, firmware, software, operational etc. For such a system a wide array of methods has to be combined into a cohesive unit, ranging across full-source bootstrapping, reproducible builds, tamper proofing, custom operating systems, custom cryptography tools, physical controls, side channel attack mitigation, use of hardware security modules and more.
Trove, an open‑source project, is an attempt to create a quorum‑based entropy management system which is reasonably secure. The talk walks the listeners through different mitigating controls leveraged by the system to minimize attack surface area in a non-compromising manner.
“OpenChain: Towards a More Secure and Compliant Software Supply Chain”
Vladimir Slavov;
Talk
Across industries, more than half of the software used is now open source (OSS). This includes both OSS in a company's own developed products, and OSS in components provided by suppliers. The shift towards OSS has led to an ever increasing demand for license compliance, security assurance, and software bills of material (SBOMs). To deal with this challenge, organizations can adopt the ISO standards developed within the OpenChain community, namely 5230:2020 for license compliance and 18974:2023 for security assurance. This talk will highlight where to start and how you can get involved in the OpenChain community.
“OpenHarmony OS: A Unified Distributed Operating System”
Lazar Stričević;
Talk45
OpenHarmony OS is an open-source, distributed operating system built to run on a wide range of devices, from tiny IoT gadgets to phones and laptops. In this talk, we’ll dive into where OpenHarmony came from, how its modular design works, and how developers can use it to build cross-device applications. We’ll also introduce the Oniro Project, a European spin on OpenHarmony that focuses on open governance, standard compliance, and keeping things vendor-neutral. Also, we’ll look into the technical foundations of OpenHarmony, its developer tools, and its strategic role in shaping the next generation of IoT and embedded systems.
“Opening”
BalCCon;
Talk
Opening sesssion
“Payment Village”
Timur Yunusov;
Workshop
Payment technologies power the modern world, yet understanding their security risks
remains a challenge. Payment Village was founded by cybersecurity professionals to
educate, train, and build awareness around the security of payment systems, PoS
terminals, chip cards, and digital transactions.
“Practical AWS Antiforensics”
Santi Abastante;
Talk
Antiforensics refers to a set of techniques, tools, or practices used to hinder, mislead, or obstruct digital forensic investigations. This opens opportunities for attackers to intentionally disable or tamper with logs, use short-lived compute resources like AWS Lambda to carry out malicious actions, and store payloads in less-monitored services like object storage or serverless APIs. Effective cloud forensic readiness requires proactive measures such as enabling comprehensive logging (e.g., CloudTrail, VPC Flow Logs), enforcing strict IAM policies, and integrating tamper-evident storage solutions to preserve the integrity of evidence.
In this demo driven technical presentation I’ll begin by introducing the audience on how log collection, security detection and digital forensics is executed in AWS Environments, like what services are needed to ship data to a SIEM, what are the delays we can take advantage of, how Guardduty works and how SOC teams are getting non-cloud-specific logs from servers using SSM. Then I will demonstrate how an attacker can leverage common known blindspots, like the share responsibility model lack of visibility and the internal delays between log generation and log collection, to execute antiforensics techniques with the objective of hindering an investigator’s ability to recover, analyze, or attribute activity related to cloud-based attacks.
“Practical NLP Lab: Influence on Social Networks”
Pauline Bourmeau (Cookie);
Workshop120
This hands-on workshop provides a practical introduction to identifying deceptive and malicious content in social networks using natural language processing techniques.
Participants will explore the linguistic mechanics of text-based deception, online social engineering tactics, and the exploitation of social media platforms.
Program:
- Essential concepts: Understanding how text conveys influence, learning to identify text with malicious intent using NLP techniques.
- Setting up a lab to practice on a real dataset quickly.
- Applying NLP techniques to text analysis for text classification, relevant to the CTI domain.
Participants will be provided with a comprehensive code environment and real-world dataset. Together, we will work through the process of selecting and training basic models to get started with text mining. By the end, participants will have access to resources that enable them to learn advanced NLP techniques and build upon their experience as security analysts to develop prototype classification/detection systems.
“Prison Break - Kiosk Mode Environments”
IKARUS;
Talk60
You probably have been into this situation. You stand in front of a terminal to get a ticket for public transport. Or it might have been to order food in a modern restaurant. Maybe you just have used the info terminal in tourist information or museum. Or you are a doctor configuring a medical device.
Systems running a tailored user experience in a kiosk mode environment can be found pretty much everywhere. But what if you do not paly by the rules? Did you ever wonder what would happen if you press all the buttons? Plug in an unauthorized device? Can you get access to the underlying operating system? Can you compromise the device?
This talk tries to be a collection of tips & tricks on how to break out of a kiosk mode. I'm sure a lot of people have stories to share on how they bypassed a kiosk mode environment and I want to share mine. There will be knowledge, anecdotes, demos and hopefully some time to hear from your ideas on how to break out!
“RF 101 - from Hz, to GHz in 1h”
nemanjan00;
Talk60
This talk is going to give you a superpower, to troll those who do not understand RF and are afraid it will give them STD or something like that...
And on less important note, it will also let you understand a bit about RF so we can maybe start to secure RF around us?
No super advanced math required (or allowed) during this talk
RF is not magic and I am going to prove this to you.
We are going to skip the boring stuff and to go straight for how you can create, shape and transmit and receive RF.
This will also let you understand some quite interesting RF attacks.
“Reverse Engineering the Nullsoft Scriptable Install System”
Malware Utkonos;
Talk60
The Nullsoft Scriptable Install System (NSIS) is an open source, widely used software packaging system used to distribute loads of software from tools to games. It is also abused in a variety of ways by adversaries to deliver malware. This talk will cover the various ways that malicious actors abuse NSIS in the wild. This includes the basic techniques to advanced abuse by malware families such as GuLoader. Also covered is a pair of Python tools I wrote for decompressing and extracting NSIS bytecode scripts along with a review of many tools available for decompiling and analyzing the NSIS bytecode.
“Security Impress Karaoke”
Kirils Solovjovs;
Lightning talk
Think you can bluff your way through a security talk with zero prep? Now is your chance! At Security Impress Karaoke¹, you'll be handed a totally random, security-themed slide deck you’ve never seen before - and have just 3 minutes to present it like a pro.
No experience? No problem. This is all about having fun, thinking fast, and impressing the crowd with your creativity (or chaos). Whether you're a seasoned hacker or just security-curious, come take the podium and let’s see what you’ve got!
Sign up or just show up!
¹ This year with all new slides and a touch of GenAI LLM Blockchain Web3.0
“Syd: An Advanced Introduction to Secure Application Sandboxing”
Ali Polatel;
Talk45
In this advanced session, we explore Syd's Rust-based application kernel
as a true security boundary: its multithreaded seccomp-notify engine
intercepts and emulates syscalls on behalf of sandboxed processes to
eliminate TOCTTOU races; syd-mdwe(1) applies Memory-Deny-Write-Execute
protections via PR_SET_MDWE and seccomp filters; syd-lock(1) drives
Landlock confinement for paths and ports; and Force sandboxing enforces
cryptographic integrity checks. Through a live demonstration, you'll
learn to craft fine-grained Syd profiles for a production NGINX
server locking down document roots, configs, logs, and runtime
directories; restricting network bind/connect to HTTP(S) ports; enabling
SegvGuard crash throttling; integrating with systemd; auditing
violations via syslog; and iteratively refining policies for real-world
deployments.
“The Geopolitics of Technology and Its Impact on National Security and Statecraft”
Flo;
Talk45
The contemporary geopolitical landscape is profoundly shaped by the rapid evolution and weaponization of technology, fundamentally altering national security strategies and statecraft. Key technological domains like microchip manufacturing, data science, or quantum computing - to name a few - are no longer merely enablers but instruments of power projection, economic leverage, and military advantage. This shift has led to a "race for tech supremacy" among major powers, creating both unprecedented opportunities for cooperation and significant risks of conflict and instability. The pervasive digitalization of the economy, governments and society exposes nations to new vulnerabilities, compelling states to invest heavily in both offensive and defensive technological capabilities while at the same time trying to deny access to advanced technology, innovation and manufacturing methods for adversaries. Interestingly, the policy tool of choice so far has been predominantly regulation. Unfortunately, regulation applied without an in-depth understanding of supply chains and its economics can easily do more harm than good.
“Web3 meets Regulation: Securing the Future of Blockchain Innovation”
Thomas Zraunig;
Talk
The financial sector has been one of the earliest adopters of Web3 technologies, integrating decentralized finance (DeFi), tokenized assets, and blockchain-based infrastructures. While this sector has been navigating security challenges, regulatory frameworks, and operational risks for some time, the lessons learned and best practices developed have profound implications for other industries leveraging Web3 technologies. This session provides a deep dive into security risks and regulatory developments, drawing insights from the financial industry that can be applied across healthcare, supply chain, government, and enterprise blockchain use cases.
Web3 introduces unparalleled opportunities for innovation, efficiency, and decentralization. However, it also exposes significant security risks, including smart contract vulnerabilities, cross-chain bridge exploits, and custodial weaknesses. This presentation will explore how organizations—from financial institutions to enterprises adopting blockchain—can learn from mature financial market security practices and adapt them to their own needs.
The discussion will be grounded in real-world case studies and attacks that compromised the Web3 security governance, key management, and operational oversight, reinforcing the need for structured risk mitigation strategies that other industries can implement proactively.
While the unique architecture of decentralized systems challenges traditional cybersecurity models, many core security principles remain applicable. However, new frameworks must be developed to adapt to blockchain’s immutable, transparent, and pseudonymous nature. We will explore how security leaders across industries can bridge the gap between traditional cybersecurity and blockchain security, leveraging financial sector best practices to ensure secure adoption of decentralized technologies in different sectors.
The regulatory landscape in the European Union (EU) has taken significant steps toward addressing these concerns.
By analyzing the EU’s regulatory frameworks, we will demonstrate how they impact the security posture of organizations beyond financial services and what steps blockchain-based enterprises, governments, and technology providers must take to comply and secure their infrastructures.
This session will provide practical security recommendations, including
• Smart contract audits to enhance security before deployment.
• On-chain monitoring and real-time threat detection to proactively identify fraudulent transactions.
• The role of Zero-Knowledge Proofs (ZKPs) in privacy-compliant security for blockchain applications.
• Best practices for secure custody and self-custody across different blockchain implementations.
• How organizations beyond finance can adopt proven security models to improve blockchain security maturity.
By the end of this session, participants will gain a comprehensive understanding of Web3 security risks, regulatory developments, and proactive mitigation strategies that have been refined in the financial industry and are ready to be applied in other sectors leveraging blockchain technology.
Target Audience
• CISOs, security professionals, and risk managers across industries leveraging blockchain technology.
• Regulators and policymakers shaping compliance frameworks beyond finance.
• Blockchain developers and security architects in various enterprise and government sectors.
• Institutional investors, fintech leaders, and enterprise blockchain strategists exploring Web3 adoption.
Key Takeaways
1. Understanding Web3 security risks: Gain insights into smart contract threats, cross-chain vulnerabilities, and custodial challenges, applicable beyond financial services.
2. Lessons from real-world breaches: Case studies, like the Bybit hack, illustrating how security failures occur and what can be learned from them.
3. How EU regulations have positive impact on Web3 security – key takeaways for compliance and industry adoption.
4. Best practices for Web3 security across sectors: Smart contract audits, security monitoring, governance models, and regulatory alignment tailored for enterprises and public institutions.
5. The future of secure blockchain adoption: Exploring how security-first Web3 frameworks can drive adoption beyond finance while ensuring compliance and operational resilience.
“Why hackers shouldn't get into amateur radio – and why I did it anyway”
Petrus;
Talk60
Take an exam, apply for a license, basically give up your opsec for a call sign uniquely assigned by the government and also pay for it? Learn morse code and buy outrageously expensive equipment just to be able to communicate with a few boomers and even older guys? Leave your cozy apartment and go outside in all weathers just to set up an antenna and play radio on shortwave and bounce signals off the ionosphere? Build a massive tower with a gigantic beam in your backyard, which will drive all the Karens and tinfoil hats in your neighborhood crazier than they already are?
If that doesn't sound like fun, I don't know what does! And yet there are quite a few people here at BalCCon who love this kind of odd hobby.
I warn you: Leave it alone, amateur radio is just not interesting for hackers! But how many of you just let a random speaker tell you what to do?
“Workshop: MCU Reverse Sprint”
Zen;
Workshop120
If you’ve ever wanted to dive into microcontroller reverse engineering, now’s your chance. During this workshop you’ll work through three key stages of the process:
- Passive disassembly of a dumped firmware image
- Active disassembly with a live debugger attached
- Development of your own exploit
Join us to turn theory into hands-on practice.
“openCologne and birth of new ULX (ULX5M)”
Goran;
Talk
Talk about collaborative project that had a goal of creating series of extension boards for Olimex FPGA board, porting ULX3S examples to GateMate FPGA, creating ULX5M that will host GateMate FPGA chip, and helping with HW and samples in birth of fully open source tool chain for Cologne GateMate FPGA chips.