The excitement is not over, but the 18th edition of CONFidence is behind us. In 2019 with over 60 speakers, 47 media & communities, once again we created the biggest IT security conference in CEE. 1300 security experts, researchers, developers, and IT specialists from almost 30 countries visited Kraków to take part in this event.
We hope that attendees enjoyed CONFidence, agenda, food, cold beer, partners zone, CTF, treasure hunt, and that you made new friends in InfoSec. Actually, we suppose that participants did enjoy it cause we received 4,21 overall rate out of 5. Thank you!
We’ll take care of guarantying even more knowledge and fun next year. May we meet again!
CONFidence Conference Recap 2019
This year we're beginning to introduce workshops to the conference. Workshops are free for attendees. More details soon.
A place for communities and open-source researchers to present themselves. Wanting to show up with your booth?
Contact Tomek at tomek[at]confidence-conference.org to become our Community Partner
An additional track created by communities. The applications are separate from the main CFP.
If you would like to present there please contact Tomek at tomek[at]confidence-conference.org for more info
Or rather a crazy contest for crazy people, is not stopping this year. Two days and 50 treasures to find and hunt. Hawaiian shirt, a receipt for 13,46 PLN or a turnip.
Bring your creativity on and wait for a list of treasures to find for a conference this year. Fun and prizes guaranteed.
A day of free workshops for students from local schools. Let's open new possibilities for kids together. Want to take part in creating this unique project?
Please contact Paulina at paulina[at]confidence-conference.org
It will be organized by P4 team . You can expect teaser around mid March, but no worries if you miss it - you can join during the conference at any time.
The times of lectures in the agenda may be subject to change.
An additional track prepared by our representatives of our partner communities
This workshop shows how tiny misconfigurations in AWS can lead to complete takeover of cloud resources. During the workshop the audience will learn how to detect and exploit the misconfigurations as well as how to defend against such attacks. The workshop consists of 2 parts with hands-on, scenario-based labs. The first part will be focused on privilege escalation scenario: from little vulnerability in the web application to administrator in AWS. The second part will be about finding and exploiting issues related with AWS S3 service: how to detect company resources in cloud and how to automatically scan them in search of valuable information.
The workshop is focused on 2 the most common misconfigurations in AWS, which are: improper permissions and data leaks over misconfigured S3 service. During the first part I’ll explain how to escalate the privileges using the AWS exploitation framework - Pacu. By exploiting the SSRF vulnerability in web application the attendees will reach meta data and gain access key and STS token to assigned IAM profile. Then, I’ll show how, using only permissions to EC2 service is possible to laverege permissions to administrator.
During the second part the attendees will learn how to detect various S3 misconfigurations and how to automatically scan the leaked content in search of keys and passwords using the DumpsterDiver tool based on the KrkAnalytica scenario (a CTF which I’ve prepared for CONFidence 2018).
After all I'll go through the same scenarios, but this time from defender perspective, focused on hardening the AWS resources.
All the attendees are required to have a valid AWS account (can be a free tier account) and a computer with Internet access and SSH client. The labs and machines with test tools will be provided via AWS snapshots so the attendees will mount them under their own accounts.
Welcome to the Threat Hunting Workshop - Get your hands dirty to keep your organization clean
In order for your businesses to continually innovate and transform, it must remain secure. To do this, you need a comprehensive security strategy that will enable you to gain visibility and control into all endpoint devices.
Join Cisco’s Advanced Threat Solutions Specialists for this hands-on threat hunting workshop to learn:
- How to identify advanced threats that lurk in your environment
- What is your exposure to emerging threats and how should you respond
- How to regain resources and minutes by reducing time to remediate
This workshop complements the Cyber Threat Response Clinic, there is no overlap in the content covered in both.
During the workshop we will cover topics such as the basics of radio communication, using Software Defined Radios (SDRs) and analysis of a custom radio protocol. A brief introduction to Bluetooth Low Energy "under the hood" will be covered as well.
It’s a very good hacker vibe, it’s like Defcon at the early years. (...) And I’m confident this is going to be a successful conference also in the future.
Here at CONFidence we have a large number of security professionals and white hat hackers, who are trying to gain knowledge and work together to help defend the world systems.
"CONFidence is a conference that is somewhere between old BlackHat as it comes to the atmosphere, and DEFCon, but a little less crazy"