Trainings on Monday 26th May 2025
Ransomware Empowerment
Trainer: Gregor Wegberg
Full day training: 09:00 – 17:00
This training is designed to empower the community with the knowledge and skills necessary to prepare for, respond to, and mitigate the impact of ransomware attacks. With a strong focus on real-world application, the session will delve into key aspects of ransomware, proactive defense measures, incident response, and recovery strategies.
Unpacking FrostyGoop: OT Malware Dissection & Detection
Trainer: Claudiu Chelaru
Half day trainings, two deliveries:
- 09:00 - 12:30
- 13:00 - 17:00
When 600 apartment buildings in Ukraine lost heating during a harsh winter, the culprit wasn’t missiles – it was malware. FrostyGoop, a lesser-known but exploited OT threat, was designed to disrupt industrial control systems using ModbusTCP. This malware had one mission: manipulate a specific controller to cause real-world impact. In this session, we’ll unpack how the malware was identified, how its behavior was analyzed, and what we learned from dissecting it. More importantly, we’ll highlight how you can improve detection strategies for these focused, purpose-built threats using anomaly detection, open-source threat intelligence, and behavioral indicators.
In short, we’ll take a deep dive into FrostyGoop OT malware, validating IoCs, examining ModbusTCP functions it supports, analyzing targeted ENCO controllers via OSINT, parsing malware config JSON and examining samples. We’ll explore reverse engineering its core, building enhanced detection strategies, and applying anomaly detection using YARA rules and network traffic analysis.
Cyber crisis – tabletop exercise
Trainers: Maria Edblom Tauson, Anne-Marie Achrenius
Half day training: 13:00 - 17:00
We want to offer a table top exercise including a basic introduction to crisis exercises and crisis management. We are ending the training with a lessons learned session.
Programme on Tuesday 27th May 2025
| Time | Presentation | Presenter | TLP |
|---|---|---|---|
| 9:00 – 12:30 | CLOSED MEETING | ||
| 12:30 – 13:30 | LUNCH | ||
| 13:30 – 14:00 | My CERT PL – free security tools for everyone (in Poland) | Krzysztof Zając | TLP:CLEAR |
| 14:00 – 14:30 | Improving vulnerability management at Masaryk University | Matej Smycka, Adam Ruman and Adam Chovanec | TLP:GREEN |
| 14:30 – 15:00 | COFFEE BREAK | ||
| 15:00- 15:45 | From Home Network To Global Threat: How Consumer Routers Are Targeted By Botnets | Ariela Lopez Rodriguez, Edwin Schaap | TLP:GREEN |
| 15:45 – 16:45 | Lightning Talks | ||
| 19:00 | Self-paid Social Event at Brygg.no |
Programme on Wednesday 28th May 2025
| Time | Presentation | Presenter | TLP |
|---|---|---|---|
| 09:00 – 09:15 | Welcome | ||
| 09:15 – 09:45 | Automatic classification of cyber incidents using privacy-preserving artificial intelligence | Loya Haughton | TLP:AMBER-STRICT |
| 09:45 – 10:30 | Preparing for a Cyber Crisis | Gregor Wegberg | TLP:GREEN |
| 10:30 – 11:00 | COFFEE BREAK | ||
| 11:00 – 11:30 | Resilmesh: Situation Awarness Enabled Cyber Resilience for Dispersed, Heterogenous Cyber Systems | Martin Husák, Brian Lee and Matti Saarelma | TLP:CLEAR |
| 11:30 – 12:15 | TSD – an eInfrastructure for sensitive data | Espen Grøndahl, Leon Charl du Toit and Dagfinn Bergsaker | |
| 12:15 – 12:45 | GenAI – The next arms race? | Thorben Jändling | TLP:AMBER |
| 12:45 – 13:00 |
The Evolution of Gryphon – Crafting the Ultimate IR Solution: Transformation into the most comprehensive incident responder’s toolkit |
Michal Safranko and Jakub Petrik | |
| 13:00 – 14:00 | LUNCH |