Congress Center

3 Competitions
From Policy to Cyber-Range

30+ Performers
Skilled professionals

3000+ seating-room
Sign up and be a part of it!


Shortest way to explore what will happen on SecOps Europe 2018.

We would like to invite you to our IT Security professional days.

SecOps Europe 2018’s concept is to develop and enhance cyber security awareness with both offensive and defensive presentations and workshops by sharing stories and experience with real cyber warriors from both sides while following a scenario-driven, strategic decision making simulation and CERT championship.

Visitors can earn CPE points!

Book accomodation here with special discount!



The International Cyber Competition is a scenario-driven, strategic decision making and communication simulation TTX (Tabletop Exercise). During the exercise, the competing teams will encounter a major cyber incident to which they will have to respond on-the-fly and then communicate the incident properly. The cyber incident will escalate a few times during the course of the competition and each escalation will require further action and official communication of steps taken. The student teams of various participating universities will compete in the morning.

The afternoon features a TTX for industry professionals. Teams will be drawn on the spot during lunchtime so that each team will consist of members of different national policy experts and CERT staff members. The jury consists of industry experts and journalists that will assess the professionalism of the actions taken and the proficiency in communicating the mitigation of the ever-escalating incident.

This is an offical European Cyber 9/12 Student Challenge Qualifying Event. The winners will get full financial support and a reserved spot to Cyber 9/12 competition.

Call for participation


The national CERTs from Europe will be given identical environments that operate critical infrastructure. Their role is to defend the infrastructure from the attacking red team.

Visual effects and scoreboards will be placed all around the venue so visitors can keep an eye on the developments of the attacks and the defences while they are visiting the conference.

Blue Teams:

Gate Opening

Karoly Dan


Prof. Dr. Zoltan Rajnai


Rainer Fahs - EICAR

Trustworthiness Strategy for IT Security products

EICAR Trustworthiness Strategy The EICAR Trustworthiness Strategy is to enhance transparency in the contemporary IT Security environment and its ever evolving threats and vulnerabilities scenario and to enable trust into IT Security products that help creating a safer environment. The strategy encompasses first steps to enhance trust and transparency into IT security products by developing minimum standards for the trustworthiness of IT security products, starting by developing minimum standards for Anti Malware-products and the development of minimum requirements for testing organizations. Subsequent steps encompass testing, verification and certification schemes and community building. The minimum standards will be implemented first in a - voluntary self-control - approach that is controlled/approved by EICAR. The "self-declaration" process will later be complemented by a formal EICAR Certification process. The start into the scheme about two years ago was quite promising and EICAR successfully certified AV and other IT security products and, with AV Comparatives in Austria, the first "Trusted Lab" and with Veszprog in Hungary the second one. Part of our strategy is the research initiative together with the Technical University in Mannheim to investigate options for the verifiability of trustworthiness. The status of this initiative will be presented as second part of our briefing. Currently the strategy has been reviewed and we have decided to go one step back, putting the product certification on hold and rather put emphasis on the strategy seeking partners in industry to put the strategy on a broader platform to be able to discuss with partners our next steps towards formal certification and possibly verification of trusted functionality.

Milan Pikula

From zero to working SOC and CERT, the open-source way

András Veres-Szentkirályi

High-performance web application fingerprinting based on SCM repositories

Network security assessments often reveal web servers running variou outdated versions of FLOSS web applications such as RoundCube, phpMyAdmin or SquirrelMail. Narrowing the set of vulnerabilities that could affect such a setup is easier if we know the version installed, however in many cases, obvious clues such as READMEs and changelogs are removed on purpose. When the source code along with its history is available online, it is possible to correlate static file contents with specific commit ranges, and we had done so in the past manually. However, much of this could be automated, so we developed a tool that can identify a Git commit range based on static file contents. It can be used either as a standalone tool or as a Burp Suite plugin. The talk describes and demonstrates our tool from source code to everyday usage, along with an intro to git internals to understand how this can be done fast on repositories with hundreds of thousands of commits. Source code is already up on GitHub, pull requests are welcome:

Lunch break

Giovanni Morreale

Building the Analytics Driven SOC

Timur 'x' Khrotko

Tell me stories about your appsec, let's skip the pentest.

Muhammad Faisel - OWASP


MySec Talk


Incident handling

  • Radim Ostadal - NUKIB - Director of Governtment CERT, National Cyber and Information Security Agency Czech Republic
  • Restislav Janota - NBU SK
Gate Opening

Zuk Avraham

Schrödinger's Crash, Part I

Mukund Hirani

Destructive Malware

This session will provide insight into highly disruptive APT breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. * Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. * Highlights from a couple of Shamoon cases - Overview of TTPs of the important State Sponsored Attacks seen in 2017.

Omer Sen, Federico Vailati

Container Security

Balazs Csendes

Threat Hunting with IBM i2

Zoltan Balazs

How to PWN Windows domain?

Windows domain is used in 99% of the Fortune 500 companies. It is the foundation of all enterprise IT system. The domain is a central database with all the users, workstations and servers in the enterprise. The IT staff uses domain administrator credentials to do the daily admin tasks, like resetting user passwords, troubleshooting issues on the workstations, installing new services on the servers, etc. Whenever an attacker gains domain admin credential, only the imagination is the limit what the attacker can do with this. I will detail the common steps attackers use to gain user credentials on the network and how this user credential can be escalated to local admin credentials. And last but not least, how a local admin user can elevate to domain admin. I will talk about pass the hash, GPP, MS14-068, and other tricks. I will close the presentation with tips and tricks to protect against such attacks.

Lunch break

Michael T. Rowland, IAEA

Computer Security for I&C Systems At Nuclear Facilities

Anthony Arrott

DVA - Distributed Vulnerability Assessment - a tool for helping SecOps focus on avoiding bad consequences

Distributed vulnerability assessment (DVA) provides a LAN-by-LAN measurement of cyber-attack vulnerability. The vulnerability of both the specific LAN users and LAN IT infrastructure are assessed for individual known threats and aggregated across the current threat landscape relevant to the particular LAN. The integrated cyber-attack vulnerability of a particular LAN is evaluated based on the prevalence and effectiveness of current known threats; the current susceptibility of LAN users; and the current penetrability of LAN IT infrastructure. Using evidence theory techniques, the integrated vulnerability is decomposed and distributed to the contributing elements of individual user susceptibility, individual IT infrastructure elements, and the individual protecting cybersecurity services and applications. >From the DVA results, vulnerability is quantitatively attributed to the various internal contributing components (e.g., user identities, ports, protocols, protection layers). This allows different contributing components to be assessed using comparable metrics (e.g., user security awareness vs. infrastructure patch condition vs. efficacy of anti-malware). DVA allows information security managers to pose and compare the results of "what if" queries to see the vulnerability reduction of various available options that might not otherwise be quantitatively comparable (e.g., investment in employee security awareness programs vs. hardening IT infrastructure vs. adding additional cybersecurity applications and services.

Daniel Eszteri, PhD

GDPR and the incident reporting system

Awards ceremony

The main prize is an Apple TV.

In the prize draws, every registered and checked-in participants are involved.

Jakub Orkiszewsi

Data Centric Auditing and Protection ֠security and compliance challenges of today

Bartusz Krynski

Privileged accounts - wide and easy path to the heart of the Enterprise

Ian Wills

Use cases covered by PKI and Auth solution relative to the Government organizations.

Ian has been with Entrust for over 20 years covering the technical and the sales roles at the organization. He is highly knowledgeable on the Entrust solutions, in particularly PKI, and overall IT security market trends.

Hans Freitag

Filetransfer with Connect:Direct

Connect:Direct ist a plattform independed filetransfer application manufactured by IBM. It is mainly used by Banks and mobile phone providers, but there are other companys using it, too, because a customer requires Connect:Direct. There are millions of cash transfered via Connect:Direct on a daily basis. But the awareness about Connect:Direct security is dangerously rare, even amongst IBM consultants. In my speech I will explain to you a few of the very dangerous default settings and misses that I discovered through my work with Connect:Direct systems of a few customers. On most Setups, an attacker don't even have to write an exploid for Connect:Direct to execute code on a Victims System, he can just upload and start a job.

Gabor Sagi

Incident management in terms of a governmental infocommunication service provider

The recent attacks on governmental infocommunication systems have clearly revealed that an increasing number of cyber attacks target them. The attackers are typically hackers with serious professional skills, in many cases allegedly with state support. What can be done in this situation? What are the basics of effective incident management?

Lunch break

Laszlo Hargitai

Cyber security of critical infrastructure operators - From challenges to actions in cyberspace

Peter Ronaszeki

Resilience in the Cyber era



Lock picking is the art of unlocking a lock by manipulating the components of the lock device without the original key.


Well known professionals will give a panoramic view to the audience about the latest developments, products, solutions and technologies in the field of IT security

Zoltan Rajnai

Professor Zoltan Rajnai PhDCybercoordinator of Hungary

Zuk Avraham

Zuk AvrahamFounder, CEO at ZecOps
Founder, Chairman at Zimperium

Karoly Dan

Karoly DanAmbassador at Permanent Mission of Hungary to the OSCE, the UN and Other International Organisations in Vienna

Timur Khrotko

Timur 'x' KhrotkoOWASP

Mukund Hirani

Mukund HiraniIncident Response Function Lead in Mandiant

Balazs Csendes

Balazs CsendesSecurity Operations & Response Leader at IBM CEE

Michal Ciemiega

Michal CiemiegaCyberArk

Gergo Gyebnar

Gergo GyebnarCEO at Black Cell Ltd.

Andras Veres-Szetntkiralyi

András Veres-SzentkirályiSilent Signal

Milan Pikula

Milan PikulaNational Security Authority SK

Laszlo Hargitai

Laszlo HargitaiKPMG

Keleti Arthur

Arthur KeletiCyber-Secret Futurist, Book Author - Speaker

Laszlo Kovacs

Professor Laszlo Kovacs PhDNational University of Public Service Faculty of Military Science and Officer Training Department of Electronic Warfare

Rainer Fahs

Rainer FahsEICAR - Chairman of the Board

Krasznay Csaba

Csaba KrasznaySecurity Evangelist at Balabit

Zoltan Balazs

Zoltan BalazsChief Technology Officer at MRG Effitas

Ian Wills

Ian WillsEntrust Datacard Sales Director, Europe


Anthony ArrottDirector of Security Analytics at CheckVir


Jakub OrkiszewskiAccount Executive Eastern Europe at Imperva

Daniel Eszteri

Daniel Eszteri, PhDHungarian National Authority for Data Protection and Freedom of Information


Giovanni MorrealeEMEA Technical Distribution Manager Splunk, Inc.

Toth Szilvia

Szilvia TothCoordinator for Cyber Issues at Ministry of Foreign Affairs



Media Partners



There are two paying parking lots right on Jagelló út in front of the Conference Center, with an hourly fee of 400 huf, and a daily fee of 4000 huf. There is a smaller parking lot in front of the Novotel City, for 400 huf / hour. Entrance is from the Alkotás utca 63-67.

MOM Park: the big shopping center half a block away has a large underground parking lot, accessible from both Csörsz utca and Alkotás utca. The fee is 150 huf for every half-an hour.

We recommend using public transport.