2026

BSidesZagreb’26

Technical lectures across two tracks, delivering diverse and practical content with no sales talks.

Sponsored by

Partners


Photos

BSidesZagreb’26

Talks

It’s always DNS, I mean BIND!

DNS is one of those pieces of internet infrastructure that “just works” – until it doesn’t. When it fails, everything above it fails too.

In this talk, I’ll walk through the discovery of a previously unknown remote denial-of-service vulnerability in ISC BIND, the most widely deployed open-source DNS server on the internet. The bug could be triggered by a carefully constructed DNS query, allowing an unauthenticated attacker to reliably crash or stall a DNS server from anywhere on the network.

Remember, it’s always DNS!

About the speaker

Vlatko Kosturjak serves as the VP of Research at Marlink Cyber, boasting over two decades of dedicated experience in the realms of information security and cybersecurity. He have successful M&A experience in different fields of cyber security and different roles.

↑ Back to talks

Providing code execution as a service

We’ve reached a point where it’s increasingly common to let users write code and run it on your infrastructure. It sounds like a security nightmare, but “code execution as a service” also enables legitimate use cases like feature testing, automation, interactive learning, data processing and ad‑hoc computation. This session breaks down ways to run untrusted code, what can go wrong and what you need to do to keep it contained. We’ll cover several implementation approaches, risks, security implications and non-obvious simple details that can easily eliminate most of the risk.

About the speaker

Tomislav Turek works in Infobip’s Application Security team, which analyzes and performs security reviews of application systems, integrations and code. While mostly focused on application security and software engineering, he likes to tinker with all things related to security. He is an active member of the Croatian capture the flag team ‘Phish Paprikaš’, with whom he has achieved significant success in information security competitions.

↑ Back to talks

AI-Powered Darknet Intelligence: Extracting Value from the Noise

Detecting that an organisation is being targeted well before the initial attack requires proactive monitoring and early intelligence collection. One of the most valuable yet challenging sources of such intelligence lies behind the scenes: in the darknet.

The darknet is a rich but chaotic source of threat intelligence. Gaining access is only the first step: the real challenge is processing and interpreting the vast amount of unstructured, ambiguous, and often low-quality data shared by threat actors.

This talk presents an AI-powered approach to transforming this noisy data into actionable intelligence. We will explore common data patterns, normalisation strategies, and message scoring techniques that help distinguish relevant content from background chatter. The session will also cover named entity extraction tailored for the cybersecurity domain and automated threat attribution methods that enable early warning, efficient search and context-aware analysis. In addition, we will discuss how modern AI models operate, how to prepare relevant data for them, and practical approaches to training domain-specific models. Finally, we will demonstrate how to design an AI agent capable of continuously monitoring, reasoning about, and analysing darknet activity in near real time.

Key Topics:

  • Common data patterns and pitfalls in darknet sources
  • Message filtering, normalisation, and prioritisation
  • Named entity extraction for cybersecurity use cases
  • Data labelling and model training
  • Threat attribution and classification
  • Designing an AI agent for darknet analysis

About the speaker

Igor Kaplun is an ML Engineer at Group-IB specialising in AI-powered solutions for Fraud Protection. With a strong mathematical background and more than seven years of modeling experience, he is currently leading the development of an AI agentic system aimed at advancing cyber threat and fraud intelligence automation.

↑ Back to talks

Hijacking AI Agents with Special Token Injection (STI)

This research was presented at: DEF CON 33 – AI Village and AppSec Village, BSides Kraków 2025 and BSides Tirana 2025.

Agents based on Large Language Models (LLMs) are increasingly susceptible to vulnerabilities reminiscent of early-2000s software bugs. One such emerging technique is Special Token Injection (STI), which targets the model’s tokenizer. By injecting sequences of reserved tokens that are interpreted as privileged control-flow instructions rather than normal text, an attacker can hijack the model to perform arbitrary instructions. These manipulations can include the use of unintended special tokens such as role separators, function or tool call, beginning- or end-of-sequence tokens within structured prompts, allowing attackers to hijack the agent’s functionality.

When successfully exploited, Special Token Injection can lead to a range of security failures, including:

  • Context poisoning
  • Agent instruction (system prompt) manipulation
  • Function/Tool call misuse and unauthorized invocation
  • Cross-turn state corruption for multi-step agents
  • Multi-agent workflow corruption
  • Unbounded token consumption

In this talk, we’ll demystify STI: what it is, how we found it, where it lurks, and why it matters. We’ll walk through real‑world examples, explore its broader implications in AI security from a pentester’s perspective.

Armend, Robert, and Anit are from the Republic of Kosovo.

About the speakers

Robert Shala is co-founder of Sentry, where he leads 50 security consultants and has delivered 2000-plus red-team and appsec engagements for some of the world largest organizatons. He also contributes as an external AI Red Teamer for OpenAI, probing frontier models for safety and security flaws.

Robert holds an M.S. in Security Studies from Georgetown, a B.S. from RIT, and has a passion for wargaming.

Armend Gashi is Managing Security Consultant at Sentry. With over 5 years in the industry, he specialized in application security and AWS cloud assessments. Armend also performed AI red teaming engagements and developed multi-agent systems to perform security-focused tasks such as code auditing and exploit development.

↑ Back to talks

Panel: Detect, Investigate, Govern: AI in the CTI–IR–CISO Triangle

Artificial intelligence is no longer an experimental add-on for security teams — it has become an operational reality. However, the true value of AI in cybersecurity does not lie in “magical detection,” but in how it connects cyber threat intelligence (CTI), incident response (IR), and strategic decision-making at the CISO level.

This panel brings together perspectives from the operational front line and the executive level: an incident responder from the Microsoft DART team, seasoned CTI experts, and a CISO who must translate AI into measurable business value. The discussion will focus on real-world use cases: how AI helps (and where it hinders) early detection, triage, and incident investigation; how CTI teams use AI to reduce noise, support attribution, and anticipate adversary behavior; and how CISOs balance automation, risk, accountability, and regulatory requirements.

The panel will also openly address uncomfortable topics: over-reliance on AI, false confidence, model bias, accountability for AI-assisted decisions, and the impact of emerging regulations such as NIS2 and the AI Act. The goal is not to promote tools, but to clarify how AI is reshaping relationships, responsibilities, and expectations within the CTI–IR–CISO security triangle — today and in the near future.

About the speakers

Bojan Alikavazovic works as a Principal Cyber Threat Intelligence Specialist at Infigo IS. He participates in delivering services and developing daily operations within the security operations center, which includes intelligence operations, cyber incident support, malware analysis, security breach analytics, and similar activities.

Throughout his years of experience serving clients in Croatia and abroad, he has performed tasks in the areas of reverse engineering, computer network and industrial control system security analysis, penetration testing in banking and other business environments, supporting significant cyber incidents in Croatia, organizing and conducting Cyber Threat Hunting campaigns, and integrating technologies for security breach detection and prevention.

Hrvoje Englman is the Chief Information Security Officer at Span. He has more than 17 years of experience in the IT sector, working with organizations to strengthen their overall security posture.

Throughout his career, he has supported companies during security incidents as both a consultant and an incident manager. His work includes removing attackers from compromised environments, restoring business operations afterwards, and helping organizations build stronger and more resilient security practices. His experience gives him a clear understanding of how attackers operate and what companies can do to reduce risk.

Vladimir Ožura is a Principal Security Researcher at DART, specializing in cybersecurity and digital forensics. He leads global incident response engagements, conducts deep data analysis to uncover attack narratives, and serves as a lead investigator delivering clear findings and recommendations to strengthen security posture.

Vlatko Kosturjak serves as the VP of Research at Marlink Cyber, boasting over two decades of dedicated experience in the realms of information security and cybersecurity. He have successful M&A experience in different fields of cyber security and different roles.

↑ Back to talks

Surviving the Deep Desert

This sandworm didn’t burst out of the sand – it surfaced through “npm install” and a sprinkle of artificial “intelligence”.

Join us to get the full story of the Shai Hulud attack – the first weak signals, “we’re fine” moment that aged badly, “we’re doomed” feeling and other hair-raising things we went through when the worm showed its teeth.

If you think that the best of breed security technologies and multiple guardails will protect you – this is for you.

About the speaker

Luka Milković is a member of Infobip’s Security Operations Center with more than 16 years of information security experience (on both sides of the fence: offensive and defensive).

↑ Back to talks

Threat Hunting at Different Scales: Lessons Learned from Practice

How often do you actually do threat hunting, and how often does it slowly turn into writing a few queries and hoping something interesting will show up? You start with a clear idea, run a couple of searches, and at some point realize you are stuck. The expected “write query > run it >¬ ???? > profit” moment never really arrives.

Threat hunting is one of the more interesting things a cybersecurity analyst can work on, but it also happens to be one of the most misunderstood. In practice, it looks very different depending on where you work. What makes sense for a small team with limited infrastructure often does not scale to larger enterprise environments. Likewise, techniques and workflows found online tend to fall apart once real operational constraints enter the picture.

This talk is based on lessons learned from performing threat hunting in environments of different sizes. It avoids tools, queries, step-by-step techniques with focus on how threat hunting actually feels and functions as an investigative practice. Along the way, it challenges a few common assumptions, such as the idea that every hunt must produce findings, or that having more data automatically leads to better results. As organizations grow, search constraints change, signal types evolve, and priorities shift. Recognizing those changes—and adapting the way threat hunting is approached—is often more important than adding new tools or writing better queries.

About the speaker

Filip Rapaić is a Cybersecurity Analyst with more than seven years of experience working in defensive security roles. He has worked across SOC operations, detection engineering, and incident response, gaining hands-on experience as a threat hunter, incident responder, malware analyst, and detection engineer. This background has allowed him to work on complex investigations in environments with real operational constraints. He performed security analysis in organizations of different sizes, from small teams to large enterprise environments, and is particularly interested in exploring new approaches to threat hunting and making defensive security more practical

↑ Back to talks

Cybersecurity in Satellite Systems

This talk introduces cybersecurity in satellite systems and provides a high-level overview for people who want to learn more about security in the space domain. It is meant as a starting point for further learning and exploration of satellite and space security.

The session begins with an overview of satellite infrastructure and explains the three main parts: the ground segment, the space segment, and the user segment. For each segment, we discuss its role, how it works, and how it connects to the others. Where possible, we compare satellite systems to more traditional IT and network infrastructure to make the concepts easier to understand.

Building on this, the talk looks at common security controls and design choices used in each segment, and how these help protect satellite systems as a whole.

Finally, the talk introduces basic threat modeling for satellite systems. We look at typical threat actors, common attack surfaces, and real-world risks that exist in today’s satellite environment. The focus of the talk is on defensive awareness, helping attendees understand risks, protections, and design decisions from a defender’s point of view.

This session is for anyone interested in security, including professionals, researchers, engineers, and students. No prior knowledge of satellite systems is required, and the goal is to give attendees a clear mental model of how satellite systems work, how they are secured, and where the main security challenges and research opportunities are today.

About the speaker

Ivan Zlatar joined Amphinicy Technologies two years ago as a Security Engineer, working on the security and network architecture of the EU defense projects. He comes from a strong blue team background, which gives him a different perspective on satellite systems compared to more traditional space engineering roles. In his free time he enjoys dancing and playing Dungeons and Dragons.

↑ Back to talks

From Ransom to Lambo: Tracing Cryptocurrency Laundering in Cybercrime

Cryptocurrency is the financial backbone of modern cybercrime. From ransomware crews to fraud rings and access brokers, threat actors rely on crypto to move value quickly, globally, and with minimal friction. While cryptocurrency itself is not the problem, the way criminals abuse it has reshaped how cybercrime is funded and scaled.

This talk breaks down how crypto is actually used in real-world cybercrime operations, following the money from the moment a ransom is paid to the point where it’s converted into something usable, or flashy. We’ll start with a quick, practical overview of why crypto fits criminal tradecraft so well, then dig into the money flow patterns commonly seen across ransomware, extortion and fraud campaigns. From there, we’ll examine the techniques that threat actors use to slow down or defeat investigators. Rather than treating these as black boxes, we’ll focus on the observable behaviors they leave behind on-chain and how those behaviors can be exploited. We’ll also look at how criminals’ cash out, including exchange abuse, OTC brokers, and grey-market services, and where they tend to make mistakes.

The talk wraps up by discussing what actually works in on-chain investigations, where the limits are, how defenders and analysts can identify pressure points to disrupt criminal revenue and hit them where it actually hurts.

About the speaker

Matija Kos is an OSINT researcher of the Croatian Armed Forces by day and a Threat Intelligence enthusiast by night. His work focuses on tracking emerging threats, issuing timely alerts, and translating complex signals into actionable guidance for incident response and mitigation. He has a particular passion for automation, building pipelines that collect, process, and analyze data at scale to produce actionable intelligence. After hours, he enjoys exploring the darker corners of the web, profiling threat actors and hunting for leaked data.

↑ Back to talks

The Daily Grind: Coffee supply problems

The session describes three incident response cases caused by supply chain problems. The described cases start with a single point ransomware deployment, through remote access to the internal network and conclude with an advanced supply chain-attack that we have witnessed in the wild. The audience will be presented with detailed incident analysis coupled with challenges encountered during incident response activities.

The first case describes an intrusion that happened because of a vulnerable publicly exposed SimpleHelp remote support server. The analysis goes through the vulnerability, implementation fallacies and reconstructs the entire attack flow with a short overview of attacker behavior.

The second case covers an intrusion that was enabled by TeamViewer remote support with unattended access. The analysis goes through attacker behavior and demonstrates potential initial access broker activity. The described incident timeline demonstrates attacker behavior in a more complex environment and highlights the need for more sophisticated security solutions.

The third case depicts a security incident inside a complex environment which is compromised by an advanced persistent threat (APT) without triggering alerts in the environment until the last phase of the attack (i.e. ransomware deployment). The presentation concludes with a short CTI analysis coupled with a list of measures to fight supply chain attacks together with an outlook for the future.

About the speaker

Valter Vasić is a security enthusiast currently working as a security analyst in Span on incident response, threat hunting and security hardening engagements. He specializes in anomaly detection, incident timeline reconstruction and developing security tools and processes to facilitate incident triage and response. He has been working in cyber security for the last 9 years in both public and private sectors.

↑ Back to talks

Lying to your fACE: Deploying an ADCS honeypot the easy way

Ever since Will Schroeder and Lee Christensen released their Certified Pre-Owned whitepaper detailing the first eight domain escalation paths by abusing misconfigured certificate templates, Active Directory Certificate Services have been scrutinized by adversaries and defenders alike, bringing several additional ESC-style misconfigurations to light.

To identify vulnerable templates, both parties typically rely on existing offensive-minded tooling which analyses the characteristics of the CA server itself, as well as the published templates, since a multitude of requirements have to be satisfied for a template or CA to be considered vulnerable, a large portion of which are difficult to parse and understand manually.

While previous attempts at deploying ADCS honeypots have been documented, they typically rely on deliberately creating near-vulnerable templates in existing CA deployments and catching the attackers red-handed while they attempt to modify them, or deploying a separate CA server with carefully implemented policy modules, primarily designed to prevent abuse of templates allowing for user-provided subject alternate names (ESC1-style attacks).

This talk presents an ADCS honeypot implementation which focuses on creating secure templates for more than just ESC1-style misconfigurations which cannot be abused by attackers, but are identified as vulnerable by offensive toolkits such as Certipy and Certify thanks to careful modifications of the template’s access control entries. The talk also introduces a Powershell deployment script to set up honeypot templates for ESC1, ESC2, ESC4, ESC9, and ESC15 paths.

About the speakers

Zdravko Petričušić is a Security Researcher at Span where he works on developing new and improving existing defensive and offensive tradecraft. With previous experience as an incident responder, he specializes in malware analysis and detection engineering.

Outside of working hours he likes to tinker with the Azure cloud and Active Directory, reverse engineer various binaries, as well as participate in CTF competitions, aiming to both improve his skills, but also mentor friends interested in the field of cyber security.

Josip Pavičić is currently part of INFIGO’s Red Team, specializing in Active Directory exploitation. Before that, he worked in the military as an Intelligence Officer, where he started dabbling in the dark arts of Active Directory exploitation as a main administrator (just like Voldemort, after learning three forbidden spells, he too was expelled from the military after Kerberoasting the entire domain).

He enjoys tearing down enterprise networks and getting those Domain Admin rights before lunch since he is always hungry. In his free time, he is collecting Red Teaming certifications, just like Ash is collecting Pokémon.

↑ Back to talks

Inside the RaaS Machine: Trust, Power and Collapse in Ransomware Ecosystems

This talk examines Modern Ransomware-as-a-Service (RaaS) ecosystems, focusing on affiliate recruitment, trust, and internal power struggles. By analyzing underground chatter, reputation signals, and social dynamics, we show how conflicts between developers and affiliates drive fragmentation, rebrands, and operational collapse.

Attendees will learn how CTI practitioners extract actionable intelligence from these dynamics while maintaining operational security, highlighting how ransomware groups are often more vulnerable to their own internal conflicts than to external forces.

About the speaker

Filip Divald is a Cyber Threat Intelligence Analyst at Infigo IS, specializing in malware analysis and adversary research. He began his career reversing anti-piracy and anti-cheat software, later expanding into offensive development and vulnerability research across multiple bug bounty programs.

Today, Filip applies an “Intelligence-as-Code” philosophy to automate the CTI lifecycle — from large-scale web scraping and protocol/header analysis to proactive tracking of deep and dark web forum activity.

Having identified multiple malicious campaigns and developed detection modules that significantly reduced mean time to detection , he brings a tactical mindset that blends Red Team experience with high-fidelity defensive automation.

↑ Back to talks

Inside a Ransomware Operation

In early 2025, someone leaked more than 200,000 chat messages from the Black Basta ransomware group. I stumbled across the dump while following chatter on a Telegram channel and what I found was surprising. This talk takes a closer look at how the group operated between 2023 and 2024: which vulnerabilities they prioritized, how they picked targets, and how they used tools like ZoomInfo or even ChatGPT to plan attacks.

I’ll also walk through a few specific Proof-of-Concept exploits they referenced some of which haven’t been analyzed publicly yet and show how attackers adapted them for real-world use. Expect a mix of technical breakdown, live demos (safe ones!), and insights into the everyday workflow of a ransomware crew.

This research shows practically how not only Black Basta but also other ransomware groups function and how they carry out numerous attacks that led to the bankruptcy of a large number of companies as well as shaking up the world trade and geopolitical scene.

About the speaker

Mil Rajic security sector professional with 15 years of experience in intelligence work. For the past eight years, he has served as Head of Intelligence at the UK-based company DynaRisk, where he supports organizations in strengthening their cybersecurity posture and reducing cyber insurance risk through proactive threat analysis and tailored defense strategies.

He is an ethical hacker and cyber threat intelligence analyst with a strong focus on the intersection of geopolitics and cyber operations. Mil is a Liaison Member of FIRST and an active participant in several TLP:RED threat intelligence groups focused on ransomware, state-sponsored activity, and hacktivist campaigns. His research and insights have been featured in major international media, including Financial Times and Forbes.

↑ Back to talks