About Our Speakers

We are delighted to welcome Mr Righard Zwienenberg (ESET), who began his work with computer viruses in 1988 after encountering his first virus issues at the Technical University of Delft. In over nearly four decades, he has worked for various companies, including CSE Ltd., ThunderBYTE, Norman, and ESET. Righard has also held or continues to hold positions in several industry organizations, such as AMTSO, AVAR, the WildList, IEEE ICSG, and serves on the Advisory Board for Europol’s European Cyber Crime Center (EC3) and Virus Bulletin. Righard will present and elaborate on State-Actor Empowered Threat Intelligence ... A Good or a Bad thing?

Then we will listen to Mr Xavier Mertens, freelance security consultant (Xameco consulting, BE) with 20+ years of experience in information security and who's daily job focuses on protecting his customers' assets by providing services like incident handling, malware analysis, forensic investigations, log management, security visualization, and OSINT). Besides his freelance job, Xavier is also a Senior Handler at the SANS Internet Storm Center, Certified SANS Instructor (FOR610, FOR71), security blogger and co-organizer of the BruCON security conference. Xavier will elaborate on biases that can occur during investigations leading to missed information, on how to sharpen observational skills to avoid pitfalls, on common mistakes in malware analysis and provide real world examples.

We will also delve into findings of the Shadowserver Foundation which has responded to many recent high-profile critical vulnerabilities such as Citrix NetScaler (CVE-2023-3519 etc), Cisco IOS XE device implants (CVE-2023-20198), Fortinet Fortigate (CVE-2024-23113), Palo Alto PanOS (CVE-2024-0012) etc, and others affecting tens of thousands of organizations globally. This includes how the foundation worked on new vulnerability scans on an Internet scale to be able to quickly detect exposed, vulnerable or compromised instances and understand the scale of each incident. Their ongoing collaboration with partners will be explained as well as their own data collection mechanisms to maximize remediation effects, the lessons learned and expectations for the future.

After that Mr Piotr Białczak, researcher at CERT.PL and Mr Paweł Pawliński, principal specialist at CERT.PL will share their experiences and elaborate and on detecting and mitigating phishing on a country scale as a part of CERT.PL operations. They will provide insights in the application of machine learning to identify suspicious sites using the .pl registry data and DNS traffic observed at the resolver level. Furthermore, different approaches to proactive detection of phishing domains will be looked at, their own work benchmarked against alternative solutions. Some of the lessons learned and presented will be useful for operators of DNS infrastructure and anyone interested in translating large volumes of data into indicators.

With Mr Fyodor Yarochkin, Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University, we will dive into business of residential proxies and explore how the residential proxies are sourced, how do residential proxy sellers build their infrastructure. Together with Fyodor we will look behind the veil of a few prominent sellers and examine the ecosystem behind. Discuss use cases of use and abuse of residential proxies of residential proxies by criminals including campaigns of information scrapping, credit card and crypto fraud, credentials harvesting and account bruteforce and finally, examine the difficulties of dealing with residential proxies from the defender role and discuss the possibilities of detecting residential proxy traffic as well as strategies for risk mitigation.

Furthermore, the Ljubljana 2025 FIRST TC will welcome subject matter experts participating in the EU funded Cyber Balkans project that is aiming at enhancing the cyber resilience of the Western Balkans in compliance with EU acquis and best practices by improving cybersecurity prevention, preparedness and response of relevant public and private stakeholders in the Western Balkans. The Cyber Balkan partners are: Albania, Bosnia and Herzegovina, Kosovo, Montenegro, North Macedonia, and Serbia and the project is implemented by the e-Governance Academy (eGA).