*all of the presentations will be available in the upcoming days. Please note that some of the speakers did not give their consent to share the slides or the videos

About Confidence Krakow

The excitement is not over, but the 18th edition of CONFidence is behind us. In 2019 with over 60 speakers, 47 media & communities, once again we created the biggest IT security conference in CEE. 1300 security experts, researchers, developers, and IT specialists from almost 30 countries visited Kraków to take part in this event.

We hope that attendees enjoyed CONFidence, agenda, food, cold beer, partners zone, CTF, treasure hunt, and that you made new friends in InfoSec. Actually, we suppose that participants did enjoy it cause we received 4,21 overall rate out of 5. Thank you!

We’ll take care of guarantying even more knowledge and fun next year. May we meet again!

CONFidence Conference Recap 2019


This year we're beginning to introduce workshops to the conference. Workshops are free for attendees. More details soon.


A place for communities and open-source researchers to present themselves. Wanting to show up with your booth?

Contact Tomek at tomek[at]confidence-conference.org to become our Community Partner


An additional track created by communities. The applications are separate from the main CFP.
If you would like to present there please contact Tomek at tomek[at]confidence-conference.org for more info


Or rather a crazy contest for crazy people, is not stopping this year. Two days and 50 treasures to find and hunt. Hawaiian shirt, a receipt for 13,46 PLN or a turnip.
Bring your creativity on and wait for a list of treasures to find for a conference this year. Fun and prizes guaranteed.

CONFidence Class

A day of free workshops for students from local schools. Let's open new possibilities for kids together. Want to take part in creating this unique project?
Please contact Paulina at paulina[at]confidence-conference.org



Is back.
It will be organized by P4 team . You can expect teaser around mid March, but no worries if you miss it - you can join during the conference at any time.



3rd June
4th June

Track 1

Track 2

Track 3

The times of lectures in the agenda may be subject to change.

Community Track

An additional track prepared by our representatives of our partner communities

JUNE 3rd

11:00 - 11:30
  • Krzysztof '_0kami' Marciniak - Poznań Security Meetup
11:45 - 12:15
  • Monika Sadlok - xcaliber
12:30 - 12:45

Two boys, one router (no CVE yet)

  • Adam Haertle & Adam Lange - Zaufana 3 strona
13:00 - 13:30

Podatność SSRF - warta czapki gruszek czy miliona dolarów?

  • Michał Sajdak - Sekurak
13:45 - 14:15

Podmiana treści wcześniej wysłanych SMSów i zabawy z WAP

  • Artur Czyż - Sekurak
14:30 - 15:00
  • Michał Bentkowski - Sekurak
15:15 - 15:25

Live demo kabla USB, który nagle staje się klawiaturą i przejmuje komputer

  • Marek Rzepecki - Sekurak
15:40 - 16:10
  • Marcin Hoppe - Sekurak

available on May 15th, 9:30 am


Workshops Agenda

June 4th 2019


Attacking AWS

This workshop shows how tiny misconfigurations in AWS can lead to complete takeover of cloud resources. During the workshop the audience will learn how to detect and exploit the misconfigurations as well as how to defend against such attacks. The workshop consists of 2 parts with hands-on, scenario-based labs. The first part will be focused on privilege escalation scenario: from little vulnerability in the web application to administrator in AWS. The second part will be about finding and exploiting issues related with AWS S3 service: how to detect company resources in cloud and how to automatically scan them in search of valuable information.

The workshop is focused on 2 the most common misconfigurations in AWS, which are: improper permissions and data leaks over misconfigured S3 service. During the first part I’ll explain how to escalate the privileges using the AWS exploitation framework - Pacu. By exploiting the SSRF vulnerability in web application the attendees will reach meta data and gain access key and STS token to assigned IAM profile. Then, I’ll show how, using only permissions to EC2 service is possible to laverege permissions to administrator.

During the second part the attendees will learn how to detect various S3 misconfigurations and how to automatically scan the leaked content in search of keys and passwords using the DumpsterDiver tool based on the KrkAnalytica scenario (a CTF which I’ve prepared for CONFidence 2018).

After all I'll go through the same scenarios, but this time from defender perspective, focused on hardening the AWS resources.

All the attendees are required to have a valid AWS account (can be a free tier account) and a computer with Internet access and SSH client. The labs and machines with test tools will be provided via AWS snapshots so the attendees will mount them under their own accounts.


Lab Guide – Threat Hunting Workshop

Welcome to the Threat Hunting Workshop - Get your hands dirty to keep your organization clean In order for your businesses to continually innovate and transform, it must remain secure. To do this, you need a comprehensive security strategy that will enable you to gain visibility and control into all endpoint devices. Join Cisco’s Advanced Threat Solutions Specialists for this hands-on threat hunting workshop to learn:
- How to identify advanced threats that lurk in your environment
- What is your exposure to emerging threats and how should you respond
- How to regain resources and minutes by reducing time to remediate
This workshop complements the Cyber Threat Response Clinic, there is no overlap in the content covered in both.


A quick introduction to radio hacking.

During the workshop we will cover topics such as the basics of radio communication, using Software Defined Radios (SDRs) and analysis of a custom radio protocol. A brief introduction to Bluetooth Low Energy "under the hood" will be covered as well.




  • Start: Sat, 16 March 2019, 11:00 UTC
  • End: Sun, 17 March 2019, 11:00 UTC
  • Duration: 24h
  • Format: offline, jeopardy, team-based, 2-4 person teams, finals
  • Categories: web, re, crypto, misc, pwn, forensics
  • Contact (IRC): #p4team @ irc.freenode.org
  • Contact (e-mail): team@p4.team

Top1 - Top3:

  • 4 conference passes for CONFidence


  • Start:3 June 2019
  • End: 4 June 2019
  • Where: at the CONFidence conference - Cracow, Poland
  • Format: offline, jeopardy, team-based, 2-4 person teams, finals
  • Categories: web, re, crypto, misc, pwn, forensics
  • Contact (IRC): #p4team @ irc.freenode.org
  • Contact (e-mail): team@p4.team


  • Top1: 5000 PLN
  • Top2: 3000 PLN
  • Top3: 1000 PLN



- create own agenda
- rate lectures
- connect with others
- receive all the newest notifications


Past Speakers


al. Jana Pawła II 39,
31-864 Kraków