Find us on stage

So Long, and Thanks for All the Phish

Harrison Edward Sand & Erlend Leiknes

A rare look behind the scenes of a global phishing-as-a-service operation. We tell the story of how we infiltrated a phishing group, cracked their software, exploited a hidden backdoor, and followed an OSINT rabbit hole to uncover the identity of the primary software developer.

Tuesday 15:00 - 15:30 | Kulturhuset, Festsalen

Skille trusselaktører fra hverandre: Nyttig innsikt eller analytisk blindvei?

Kristoffer Svensen Solberg

Attribusjon og sammenlignende analyse av Advanced Persistent Threats (APT-er) er komplekst og omdiskutert. Man kan fokuserer på aktørnivå, der man forsøker å skille mellom de forskjellige nasjonalstatlige gruppene, eller man kan gå for bredere tilnærming der modus operandi vektlegges – altså taktikker, teknikker og prosedyrer (TTP-er) fremfor attribusjon.

Denne presentasjonen tar for seg noen av utfordringene med å sammenligne APT-er på aktørnivå, basert på en analyse av seks kinesiske og russiske trusselaktører. Vi diskuterer begrensningene ved attribusjon, den dynamiske naturen til statsstøttede cyberoperasjoner, samt de strategiske fordelene ved ulike sammenligningsmetoder. Hvem har egentlig nytte av aktørnivå-analyser, og når er det mer hensiktsmessig å fokusere på modus operandi?

Tuesday 15:45 - 16:15 | Hammer, Moen nede

Tracking the Adversaries in the Middle

Magnus Walmsnæss Refsnes

Adversary in The Middle (AiTM) attacks and token theft has grown steadily as MFA becomes more widely adopted. From our managed SOC we have observed how the right phishing email, at the right time, from a compromised sender makes it extremely difficult for the end user to discern good from evil. Often these attacks arrive from the compromised emails of a trusted partner, supplier, or co-worker. Sometimes just mere moments after a conversation has taken place between the two victims. Phishing awareness and training can only help so much.

In this talk, I will present how we have tackled the rise in AiTM from the Threat Intelligence perspective. It goes into the details of how we started and eventually systemized our collection of AiTM kits and from this collection created intelligence products for both our internal detection engineers and the security analysts within the SOC. Lastly, I will discuss some recommendations for hardening environments against these attacks.

Tuesday 15:00 - 15:30 | Hammer, Moen nede

Podcast: State of the Union: Agentic LLMs

Robby Peralta

Everyone’s talking about “Agentic AI,” but beyond the buzz, what’s actually happening on the ground? In this episode we cut through the noise and look at real-world implementations of agent-based systems, with a spotlight on what’s been done here in Norway. Are we ahead, behind, or just cautious?

We’ll discuss lessons learned from local projects, the current state of the global ecosystem, and what it really takes to make Agentic AI useful, diving into integration concepts like MCP and RAG, and how they’re being applied in practice.

And because no good AI discussion is complete without a few war stories, we’ll explore some of the more notable incidents in the space and what they reveal about the risks, gaps, and growing pains of this rapidly evolving technology.

Tuesday 13:15 - 14:45 | Microbryggeriet

Commercially sourced intelligence: Friend or foe?

Tor Erling Bjørstad & Vivi Rignes Berrefjord

Today, commercial datasets provide surveillance and tracing abilities at unprecedented levels and private vendors hold data collection and analysis capabilities to rival nation state actors. Low cost, adaptability, richness and velocity offer an attractive patch for information-hungry intelligence organizations.

The rise of commercially sourced intelligence (CSINT) has significant implications for both privacy and cybersecurity. As a small and highly digitalized country in an increasingly volatile world, Norway must both harness the benefits of CSINT, and defend against its misuse. To do so, we must build a bridge between the technological trends that drive these developments, and the impacts of CSINT on democratic legitimacy and accountability.

For Sikkerhetsfestivalen we will also discuss new (unpublished) research on how commercial sources may be tampered with or sabotaged

Tuesday 11:30 - 12:00 | Kulturhuset, Holbøsalen

DevSecOps: Easier Said than Done

Nora Bodin & Anna Hovd Beruldsen

Development happens fast, sometimes at the expense of security. DevSecOps is without a doubt a good idea, but what should you watch out for to actually succeed with the automated tools you introduce into your development process? We’ll share our experiences from real-world cases and offer practical advice for reducing both technical and human risk in an automated development workflow. Is it possible to find something that makes both development and security happy?

Wednesday 09:00 - 09:30 | Frimurerlosjen, Rom 1