Talks

The Future of Cybersecurity Talent in Slovenia: Insights from the CyberHubs Project

The presentation will focus on the current cybersecurity workforce situation in Slovenia, with particular attention to the skills and competencies most sought after in young professionals. It will also present the forecasting model developed within the CyberHubs project, which is designed to predict future demand for cybersecurity experts. Based on a scientific research approach, the model combines quantitative data analysis with expert insights to identify the roles, profiles, and competencies that are expected to be most needed in the labour market in the years ahead.

Presented by: Urša Mlekuš

Cyber House: A Cyber-Physical Testbed for Smart Building Security

Smart buildings integrate physical devices, embedded controllers, network communication, and software logic, making them an attractive yet challenging target for security research. In this paper, we present Cyber House, a physically built demonstration testbed designed for experimenting with attacks and defense mechanisms in a smart building environment. The testbed includes real components such as sensors, actuators, control modules, and communication interfaces, enabling the realistic execution of cyber-physical scenarios. The purpose of the project is not merely simulation, but the establishment of a safe environment for the practical exploration of vulnerabilities, the testing of security measures, and the development of future educational and competition-oriented content. The paper presents the system architecture, key design decisions behind building a safe-to-hack environment, and initial attack and defense scenarios related to device control, communication flows, and event logging. Particular attention is given to how weaknesses in the integration of hardware and software can lead to abuse, and how system resilience can be improved through basic security mechanisms such as segmentation, authentication, access control, and activity logging. The contribution is intended for researchers, security professionals, students, and anyone interested in the Internet of Things, embedded systems, cybersecurity, and practical approaches to learning and demonstrating attacks and defenses in smart building environments.

Presented by: Jani Dugonik, Stanislav Moraus

No Passwords, No Problem: Understanding FIDO2 and Passkeys

This presentation introduces the fundamental principles of FIDO2 and its role in modern authentication. It focuses on passkeys as a secure and user-friendly alternative to traditional username-password systems, as well as their integration within multi-factor authentication (MFA). The talk explores how passkeys eliminate common security risks such as phishing and credential reuse, while improving usability through cryptographic authentication. Special attention is given to practical implementation, highlighting how hardware security keys—specifically YubiKeys—support passkeys in both resident (discoverable) and non-resident credential modes. Attendees will gain a clear understanding of how FIDO2 works at a conceptual level, how passkeys are created and used in real-world systems, and why they are becoming a critical component of modern identity and access management strategies.

Presented by: Martin Ferenec

<Something great is still cooking!>

Presented by: RAIN Smart Living d.o.o.

Advanced approaches to detecting complex cyber threats using machine learning

Detecting advanced cyber threats is increasingly difficult due to their dynamic and stealthy nature, which limits the effectiveness of traditional rule-based intrusion detection systems. Modern threats, such as reconnaissance and advanced persistent threats (APTs), use multi-stage attacks, long-term system presence, and covert communication. Machine learning (ML) enables improved detection by analyzing large datasets and uncovering hidden patterns in network traffic, allowing earlier identification of anomalies and unknown attacks.
This presentation compared several ML models—Random Forest, XGBoost, LightGBM, Decision Trees, and Naive Bayes—both individually and in an ensemble. Performance was evaluated using accuracy, precision, recall, and F1 score. Results showed that the ensemble model consistently outperformed individual models, achieving up to 15% higher accuracy and recall and a 17% higher F1 score. Random Forest was the strongest individual model. Data preprocessing significantly improved all metrics, confirming its critical role.

Presented by: Maja Rotovnik

Your AI Is Leaking Secrets: Hacking Microsoft Copilot with EchoLeak

Large language models are quickly becoming part of everyday enterprise tools, but they also introduce a new kind of security risk that many teams are not fully prepared for. One of the most serious is prompt injection—where an attacker can manipulate an AI system into doing something it was never supposed to do.
In this talk, I walk through EchoLeak (CVE-2025-32711), the first real-world example of a zero-click prompt injection attack against Microsoft 365 Copilot, which showed that sensitive data could be exfiltrated without any user interaction .
Rather than staying theoretical, I’ll demonstrate a working Copilot-like application that is intentionally vulnerable, and show how this type of attack actually works in practice. We’ll go step by step—from how malicious input gets into the system, to how it bypasses safeguards, and finally how data gets leaked.
After breaking the system, we’ll focus on how to fix it. I’ll cover practical defenses like separating trusted and untrusted data, controlling what the model is allowed to output, and limiting how it interacts with external systems.
The goal of this talk is simple: to give developers and security engineers a clear understanding of how prompt injection really works, why it’s dangerous, and what they can do today to build safer AI-powered applications.

Presented by: Adnan Bratanović

Exploit Arena: A Gamified Red vs. Blue Team Platform for Cyber Threat Simulation

This paper presents Exploit Arena, an open-source, gamified research platform that pits large language models against machine learning classifiers in a continuous red vs. blue team battle over a simulated organisational network. The red team uses a large language model to mutate threat samples from user-supplied datasets through a progression of strategies, from basic rephrasing and keyword substitution to contextual manipulation and cross-lingual transformation, with the goal of evading detection. The blue team deploys two parallel defenders, a classical machine learning classifier and a large language model, whose performance is measured independently and compared across rounds. The platform introduces game mechanics including experience points, level progression, and unlockable mechanisms on both sides. Every round is saved to a database and exportable for offline analysis, allowing systematic measurement of how classifier accuracy degrades as attack sophistication increases, which mutation strategies are most effective at evasion, and whether the two defensive approaches agree or diverge in their verdicts. The platform is designed to be modular and extensible, supporting both local and cloud deployment.

Presented by: Jani Dugonik, Damijan Novak

Securing your Software Supply Chain

This talk walks through enforcing trust and transparency across your software supply chain end to end. We’ll demonstrate signing OCI images with Cosign inside GitHub Actions workflows, producing verifiable attestations as part of CI/CD. On the cluster side, Kyverno policies validate signatures at admission, ensuring only trusted, signed images from approved registries ever run. We’ll also cover continuous monitoring, surfacing what’s allowed, what’s blocked, and why, through policy reports and native Kubernetes events.

Presented by: Matic Rupnik

What Your iPhone Knows About You: An Introduction to iOS Forensics

The talk introduces the fundamentals of iOS forensics, focusing on how data is generated, stored, and accessed on Apple devices.
The presentation will cover:
– An overview of how iOS stores and organizes data
– Common sources of forensic data (e.g., device backups and system diagnostics)
– Types of artifacts that can be extracted from iOS devices
– How these artifacts can be interpreted to understand device activity
– Practical insights into what information can and cannot be obtained
Attendees will learn:
– Where relevant forensic data resides on iOS
– How to approach analyzing iOS data sources
– The strengths and limitations of iOS forensic techniques

Presented by: Martina Tivadar

Automated information security threat modeling

The growing complexity of distributed information systems requires advanced approaches to security risk assessment. Methods for modeling information security threats based on manual review of diagrams are often time-consuming and subjective. In this paper, we present STRIDEX, an open-source tool for automated and deterministic modeling of software threats. The system supports various descriptions of information system architectures and normalizes them into a unified formal model. On this basis, combinatorial algorithms generate probability-weighted attack scenarios from a catalogue of threats classified according to the STRIDE methodology, enriched with links to a knowledge base of attack vectors. STRIDEX is a fully deterministic algorithmic abstraction for combinatorial threat analysis that does not require external artificial intelligence or cloud services. Using the tool reduces the impact of subjectivity, increases the repeatability of the analysis, and enables visualization of the attack surface in the form of interactive graphs.

Presented by: Nika Jeršič