APWG.eu

As part of the LAZARUS_EU project, APWG.eu is contributing to the advancement of open-source #DevSecOps tools that serve the cybersecurity needs of developers and SMEs across Europe. We are building a growing network of stakeholders who are helping shape the future of secure software development through participation, feedback, and shared knowledge. If you are interested in joining this effort, we invite you to become a LAZARUS stakeholder. As a token of appreciation, new stakeholders will also receive access to our latest #DevSecOpsSummerNewsletter, which includes research highlights, project updates, and outcomes from the recent #CyberFusion event in Athens. Join the stakeholder community here: https://lazarus-he.eu

The No Hat 2025 CFP is still open! If you have groundbreaking research, a clever hack, or lessons worth sharing with the infosec community, now’s the time. 📍 Bergamo, Italy 🗓 October 18, 2025 Whether you're an experienced speaker or sharing your insights for the first time, No Hat is the place to connect, inspire, and be inspired. Submit your proposal by July 15, 2025: https://www.nohat.it/cfp Join our friends in Bergamo this October! #nohat #security #infosec #hacking #conference #CFP #community #research #cybersecurity #callforpapers #bergamo

🚀 Wrapping up at Security BSides Athens 2025 with a standout final talk: “OpenCRE.org V3 — The Security Universal Translator, Now with AI!” by our good friend Spyros Gasteratos. Spyros showed how OpenCRE’s massive security-standards knowledge graph now leverages AI to map controls across SSDF, CSA-CCM, DSOMM, and more—plus a chatbot that already beats LLMs at standards mapping. A perfect close-out to a day focused on practical innovation like Smithy 👏 Fun connection: Spyros joined us at the LAZARUS_EU dissemination event yesterday, proving once again how collaborative this community really is. Thank you, Spyros, for ending the program on a high note—and thanks to everyone who stayed to the very last session! #BSidesAthens2025 #APWG #OpenCRE #AI #SecurityStandards #KnowledgeGraph #LAZARUS_EU #CybersecurityCommunity

🌟 Just wrapped at Security BSides Athens 2025 “The Security Godfather: Empowering Champions to Guard the Family” by Martin Bijl. Drawing on a “family” analogy straight from classic cinema, Martin laid out a blueprint for turning everyday developers and IT staff into trusted Security Champions (your capos!). His key points: Security is everyone’s business—build loyalty and trust across teams. Champions amplify security culture far beyond a central SOC. Give your “family” clear authority, practical playbooks, and continuous training to keep the territory safe. A fresh, energetic reminder that people—not tools—form the core of resilient security programs. #BSidesAthens2025 #APWG #SecurityChampions #AppSec #Culture #CybersecurityLeadership

🔓 LIVE at Security BSides Athens 2025 “From Code to Cloud: What We Accidentally Share on GitHub” with Guy Binyamin (Security Specialist, Varonis Forensics Team). Guy is showing how publicly posted code can leak cloud-tenant IDs, API keys, and credentials—then demonstrating a tool that pivots from an Azure tenant ID to harvest every related secret via the GitHub API. Offense or defense, the message is clear: secrets scanning and developer education are no longer optional. Essential insights for any organisation relying on GitHub and CI/CD pipelines. #BSidesAthens2025 #APWG #GitHubSecurity #SecretsManagement #Varonis #ThreatIntelligence #DevSecOps

LIVE at Security BSides Athens 2025 “Reverse Engineering a Rumour – Story behind weaponising the Intune Conditional Access Bypass” presented by Sunny Chau, Red Teamer at JUMPSEC. Chau is recounting how a whispered OAuth2 client-ID “trick” was traced, reversed, and ultimately weaponised to bypass Microsoft Entra ID Conditional Access without a managed device. The session highlights: Methodical reverse-engineering under time pressure Crafting PoC tooling that went viral over the holidays Lessons for defenders on hardening Conditional Access and monitoring rogue OAuth flows A compelling reminder that security rumours often hold grains of truth—and attackers are listening. #BSidesAthens2025 #APWG #RedTeam #ConditionalAccess #EntraID #OAuth2 #ReverseEngineering #CloudSecurity

⚔️ LIVE at Security BSides Athens 2025 “Cyberwarfare in Recent Armed Conflicts” with Konstantinos Fouzas (Senior Security Engineer, Performance Technologies S.A.). Konstantinos is dissecting how modern military campaigns integrate coordinated cyber-operations alongside land, sea, air, and space domains. From critical-infrastructure takedowns to information-ops, he’s mapping attacker objectives, toolsets, and defender playbooks across today’s major conflicts—and exploring the ethical questions that follow. Essential viewing for anyone tracking nation-state TTPs and preparing resilience strategies. #BSidesAthens2025 #APWG #Cyberwarfare #CriticalInfrastructure #ThreatIntelligence #NationalSecurity #BlueTeam

Happening now at Security BSides Athens 2025 “PERSEPTOR: Automating Detection Rule Generation with AI-Driven Threat Intelligence” by Aytek Aytemur, Blue-Team Engineer at Picus Security. Aytek is showcasing how PERSEPTOR harnesses LLMs and the LangChain framework to: Autonomously summarise threat reports Extract TTPs + IoCs Generate Sigma and YARA rules on the fly Suggest product-specific queries that drop straight into your SIEM/SOAR A clear glimpse of what AI-assisted detection engineering looks like for SOC analysts, incident responders, and threat hunters everywhere. #BSidesAthens2025 #APWG #ThreatIntelligence #AI #DetectionEngineering #Sigma #YARA #PicusSecurity #BlueTeam

🔧 LIVE at Security BSides Athens 2025 “Weaponized Open-Source Applications: Real-Life Cyberattack Scenarios” presented by ⚠️ Juho Jauhiainen (RITA Lead, Accenture EMEA). Juho is dissecting a December 2024 malvertising campaign that delivered a trojanised KeePass.exe. The talk traces the full kill-chain: malicious ads ➜ modified KeePass stealing passwords ➜ custom loader ShInstUtil.exe ➜ Cobalt Strike BEACON ➜ follow-on credential abuse to promote a fake NFT site. This deep-dive shows how small tweaks to trusted open-source tools can spawn multi-stage intrusions with real financial impact, underscoring the need for continuous code provenance checks and user education. #BSidesAthens2025 #APWG #DFIR #OpenSourceSecurity #Accenture #ThreatIntelligence #Malvertising #Cybercrime

🌐 Happening now at Security BSides Athens 2025 “Why I Go to the Dark Web Every Day” with renowned threat-intel expert Alex Holden (Founder & CISO, Hold Security, LLC). Alex is walking the audience through the real-time dynamics of dark-web marketplaces, profiling key threat-actor archetypes, and—most importantly—showing how defenders can safely collect intel without blowing their cover. Practical, candid, and a must-see for anyone tracking criminal infrastructures. #BSidesAthens2025 #APWG #DarkWeb #ThreatIntelligence #Cybercrime #HoldSecurity #DefenderMindset