About Confidence Krakow

Security experts, researchers, developers, and IT specialists - every spring they all come to Kraków to take part in CONFidence, the biggest IT security conference in CEE.

We focus on delivering practical, relevant, and diverse content. This year you can expect a program packed with advanced lectures, real-life examples, and innovative solutions.

Yet CONFidence is much more than just a conference. It's a camp-like event packed with lots of attractions, swag, contests, parties, extra lectures prepared by communities, as well as our new project - CONFidence Class, which supports education of the future IT Sec crowd.

Come and join us. Lots of knowledge and fun guaranteed.

CONFidence Conference Recap 2018

WORKSHOPS

This year we're beginning to introduce workshops to the conference. Workshops are free for attendees. More details soon.

COMMUNITY CORNER

A place for communities and open-source researchers to present themselves. Wanting to show up with your booth?

Contact Tomek at tomek[at]confidence-conference.org to become our Community Partner

COMMUNITY TRACK

An additional track created by communities. The applications are separate from the main CFP.
If you would like to present there please contact Tomek at tomek[at]confidence-conference.org for more info

TREASURE HUNT

Or rather a crazy contest for crazy people, is not stopping this year. Two days and 50 treasures to find and hunt. Hawaiian shirt, a receipt for 13,46 PLN or a turnip.
Bring your creativity on and wait for a list of treasures to find for a conference this year. Fun and prizes guaranteed.

CONFidence Class

A day of free workshops for students from local schools. Let's open new possibilities for kids together. Want to take part in creating this unique project?

Please contact Paulina at paulina@confidence-conference.org

CTF

Is back.
It will be organized by P4 team . You can expect teaser around mid March, but no worries if you miss it - you can join during the conference at any time.

more

Schedule

3rd June
4rd June

Track 1

Track 2

Track 3

The times of lectures in the agenda may be subject to change.

Workshops Agenda

June 4th 2019


9:00-11:30

Attacking AWS

This workshop shows how tiny misconfigurations in AWS can lead to complete takeover of cloud resources. During the workshop the audience will learn how to detect and exploit the misconfigurations as well as how to defend against such attacks. The workshop consists of 2 parts with hands-on, scenario-based labs. The first part will be focused on privilege escalation scenario: from little vulnerability in the web application to administrator in AWS. The second part will be about finding and exploiting issues related with AWS S3 service: how to detect company resources in cloud and how to automatically scan them in search of valuable information.

The workshop is focused on 2 the most common misconfigurations in AWS, which are: improper permissions and data leaks over misconfigured S3 service. During the first part I’ll explain how to escalate the privileges using the AWS exploitation framework - Pacu. By exploiting the SSRF vulnerability in web application the attendees will reach meta data and gain access key and STS token to assigned IAM profile. Then, I’ll show how, using only permissions to EC2 service is possible to laverege permissions to administrator.

During the second part the attendees will learn how to detect various S3 misconfigurations and how to automatically scan the leaked content in search of keys and passwords using the DumpsterDiver tool based on the KrkAnalytica scenario (a CTF which I’ve prepared for CONFidence 2018).

After all I'll go through the same scenarios, but this time from defender perspective, focused on hardening the AWS resources.

All the attendees are required to have a valid AWS account (can be a free tier account) and a computer with Internet access and SSH client. The labs and machines with test tools will be provided via AWS snapshots so the attendees will mount them under their own accounts.


11:45-14:15

Lab Guide – Threat Hunting Workshop

In the heat of a crisis, every keystroke counts and indecision could cost your organization millions of dollars.

Join Cisco's Threat Hunting Workshop to develop your skills and test your abilities. At the end of the workshop you will be armed with knowledge and hands-on experience in hunting down threats and defending networks against advanced adversaries.


14:30-17:00

A quick introduction to radio hacking.

During the workshop we will cover topics such as the basics of radio communication, using Software Defined Radios (SDRs) and analysis of a custom radio protocol. A brief introduction to Bluetooth Low Energy "under the hood" will be covered as well.


Speakers

Registration

Past Speakers

Partners

MUZEUM LOTNICTWA
al. Jana Pawła II 39,
31-864 Kraków