Blog

In a compelling presentation at CONFidence 2024, Szymon Chadam delved into the security vulnerabilities of mObywatel 2.0, Poland’s innovative electronic identity application. This app, intended to revolutionize identity verification processes, comes with promises of convenience but also faces significant risks if not implemented securely. Below, we summarize key insights into the app’s functionality, vulnerabilities, and…
Read more

Caching is a critical mechanism in web applications, designed to optimize performance and reduce server load. However, as Iwona Polak discussed in her insightful presentation from CONFidence 2024, improper cache configuration can introduce significant security risks. This article explores the types of caching, associated vulnerabilities, and best practices for mitigating risks. Read our summary and…
Read more

In a world where ransomware attacks are growing increasingly sophisticated, Or Yair presented an innovative and concerning method for executing ransomware attacks at CONFidence 2024. Named „DoubleDrive,” this attack exploits the synchronization mechanisms of popular cloud storage services – OneDrive and Google Drive – to bypass traditional security measures. Read our summary and watch the…
Read more

Mateusz Jurczyk’s presentation at CONFidence 2024 delves into the complexities and vulnerabilities of the Windows registry, particularly focusing on symbolic links and predefined keys. His research reveals how seemingly outdated features and insufficient mitigations can still expose modern Windows systems to privilege escalation attacks. This article provides an overview of the registry’s fundamentals, its historical…
Read more

Dominik Czarnota’s presentation from CONFidence 2024 showcased a fascinating Capture The Flag challenge that explored the exploitation of arbitrary Model-Specific Registers (MSRs) in Linux systems. This case study illustrates how a small misconfiguration in the Linux kernel can lead to privilege escalation and provides valuable insights into advanced exploitation techniques. Below, we delve into the…
Read more

The CONFidence 2025 Call For Papers is now open. We’re looking for cybersecurity speakers worldwide who are dedicated to sharing the latest research and innovative, advanced solutions.  If you’d like to speak at the CONFidence conference, submit your lecture or workshop proposal by 7 March 2025 by completing the CFP form. Share your skills and…
Read more

In 2025 we’ll meet for the 25th time, marking 20 years of the CONFidence conference! We want you to celebrate with us, honoring the experiences that formed the event into its current form and continue to shape its future together. Get ready for an excellent conference experience, featuring hottest news, keynote lectures, and productive networking.…
Read more

CONFidence 2024 was a blast: over 1700 cybersecurity enthusiasts gathered in Krakow. We hope they benefited from the conference and met their goals, whether it was upskilling, networking, or keeping up with security news.  Now it’s time for a summary of the 24th edition of CONFidence. This year, we hosted 39 lectures and 8 workshops,…
Read more

This year we will meet in a chillout zone outside for a series of short presentations and discussions with representatives of Polish cybersecurity communities.  Join us there to talk about: vulnerabilities in network devices and live hacking with Michał Sajdak (Sekurak) Flag Hunt rules, requirements, and hints by the organizers – 17 53c team forced…
Read more

Lectures, workshops, and all that knowledge are important, but we all know what matters at CONFidence – contacts! Can you think of a better way to meet new people in the cybersecurity industry than during an evening meeting at a club? We thought so too! This year we’re partying at Forty Kleparz (Kamienna 2) –…
Read more