During the 25th edition of CONFidence, we’re upgrading the conference experience and expanding our scope with the Exec Track. This invite-only track is designed exclusively for senior executives from directors up to C-Level, providing deep insights into modern cyber threats and defense strategies. In a rapidly evolving digital world, executives must stay ahead of emerging…
Read more
In a compelling presentation at CONFidence 2024, Szymon Chadam delved into the security vulnerabilities of mObywatel 2.0, Poland’s innovative electronic identity application. This app, intended to revolutionize identity verification processes, comes with promises of convenience but also faces significant risks if not implemented securely. Below, we summarize key insights into the app’s functionality, vulnerabilities, and…
Read more
Caching is a critical mechanism in web applications, designed to optimize performance and reduce server load. However, as Iwona Polak discussed in her insightful presentation from CONFidence 2024, improper cache configuration can introduce significant security risks. This article explores the types of caching, associated vulnerabilities, and best practices for mitigating risks. Read our summary and…
Read more
In a world where ransomware attacks are growing increasingly sophisticated, Or Yair presented an innovative and concerning method for executing ransomware attacks at CONFidence 2024. Named “DoubleDrive,” this attack exploits the synchronization mechanisms of popular cloud storage services – OneDrive and Google Drive – to bypass traditional security measures. Read our summary and watch the…
Read more
Mateusz Jurczyk’s presentation at CONFidence 2024 delves into the complexities and vulnerabilities of the Windows registry, particularly focusing on symbolic links and predefined keys. His research reveals how seemingly outdated features and insufficient mitigations can still expose modern Windows systems to privilege escalation attacks. This article provides an overview of the registry’s fundamentals, its historical…
Read more
Dominik Czarnota’s presentation from CONFidence 2024 showcased a fascinating Capture The Flag challenge that explored the exploitation of arbitrary Model-Specific Registers (MSRs) in Linux systems. This case study illustrates how a small misconfiguration in the Linux kernel can lead to privilege escalation and provides valuable insights into advanced exploitation techniques. Below, we delve into the…
Read more
The CONFidence 2025 Call For Papers is now open. We’re looking for cybersecurity speakers worldwide who are dedicated to sharing the latest research and innovative, advanced solutions. If you’d like to speak at the CONFidence conference, submit your lecture or workshop proposal by 7 March 2025 by completing the CFP form. Share your skills and…
Read more
In 2025 we’ll meet for the 25th time, marking 20 years of the CONFidence conference! We want you to celebrate with us, honoring the experiences that formed the event into its current form and continue to shape its future together. Get ready for an excellent conference experience, featuring hottest news, keynote lectures, and productive networking.…
Read more
CONFidence 2024 was a blast: over 1700 cybersecurity enthusiasts gathered in Krakow. We hope they benefited from the conference and met their goals, whether it was upskilling, networking, or keeping up with security news. Now it’s time for a summary of the 24th edition of CONFidence. This year, we hosted 39 lectures and 8 workshops,…
Read more
This year we will meet in a chillout zone outside for a series of short presentations and discussions with representatives of Polish cybersecurity communities. Join us there to talk about: vulnerabilities in network devices and live hacking with Michał Sajdak (Sekurak) Flag Hunt rules, requirements, and hints by the organizers – 17 53c team forced…
Read more
