Thank you for attending the most important event in cyber security this year!

March 11-12, 2020

An event featuring leading cybersecurity experts

Truesec share insights based on real-world experience, knowledge, and passion for IT security.
For those interested in today’s escalating cyber threats, techniques used by criminals, and how to secure your IT environments.


Expert insights

The best cyber security specialists in the industry presenting on stage. Sharing their extensive knowledge from recent IT attacks with you.


Based on real experience

We will reflect on true customer events and cyberattacks, we have worked with over the last year. All knowledge comes from firsthand experience of our expert teams.


Livestream & recorded

Connect to our livestream. Also, all attendees will get access to recordings after the event to watch again and again and again.


The sharpest brains and security experts in the IT industry.


Marcus Murray Speaker Truesec Event

Marcus Murray

Expert in Red Team exercises, Penetration Testing, Detect and Response, Threat Intelligence and Incident Handling. Founder of Truesec.

More info...

Hasain Alshakarti Speaker Truesec Event

Hasain Alshakarti

Acknowledged security expert focusing on cybersecurity and identity. Helping customers understand and implement security measures.

More info...

Fabio Viggiani Speaker Truesec Event

Fabio Viggiani

Technical lead of Truesec Security Team, with extensive experience in Red Team assignments as well as traditional penetration tests.

More info...

Alexander Andersson

Cyber security expert working with red team engagements, penetration tests, and incident response.

More info...

Mats Hultgren Speaker Truesec Event

Mats Hultgren

Mats is the Incident Manager of Truesec Group and a renowned trusted advisor within cybersecurity covering Protect, Detect & Respond.

More info...

David Lilja Truesec Expert Speaker

David Lilja

Cyber Security Consultant and expert in Threat Hunting, Detection and Threat Intelligence.

More info...

Davide Girardi Truesec expert speaker

Davide Girardi

Senior Cyber Security Consultant. He is experienced in attacking and defending complex network systems based on Windows, Linux, mainframes, OS X, and other Unix-based operating systems.

More info...

Björnn Brolin Speaker Truesec Event

Björn Brolin

Björn Brolin VP Detection & Forensics expert. More information is published soon.

More info...

Erik Wilhelmsson Truesec Speaker

Erik Wilhelmsson

Penetration tester with a passion for critical infrastructure, industrial control systems and in general breaking stuff.

More info...

Markus Lassfolk speaker Truesec

Markus Lassfolk

Principal Technical Architect at Truesec. His focus is on building private, hybrid or public clouds in your datacenter, based on Microsoft infrastructure.

More info...

Mikael Nyström Truesec Speaker

Mikael Nyström

Mikael is an industry-leading expert in Microsoft infrastructure and a multiple-award-winning Microsoft MVP since 2005 working at Truesec.

More info...

Dr. Stefan Ivarsson Truesec Speaker

Stefan Ivarsson

Security Developer, working primarily on security health checks, analyzes and assisting customers to improve their IT security.

More info...

Peter Löfgren Truesec Speaker

Peter Löfgren

Peter Löfgren, Senior Technical Architect, share his knowledge on how to help customers build and maintain production solutions for years to come.

More info...

Anders Axhake

A Truesec Senior Consultant working with on-premises and cloud solutions in Microsoft Azure and Office 365, with focus on delivering secure solutions with high value for customers and end-users.

More info...

Sebastian Olsson Truesec Speaker

Sebastian Olsson

Technical Director of Development, spending most of his time at work developing and auditing security critical code.

More info...

Simon Binder Truesec Speaker

Simon Binder

Microsoft Enterprise Mobility MVP and Principal Technical Architect, passionate about creating secure, productive and user centric workplaces based on Microsoft technology.

More info...

Thomas Adolf Truesec Speaker

Thomas Andolf

Coder by day, and coder by night. Cyber Security Consultant at Truesec.

More info...

Rasmus Grönlund Speaker Expert Truesec

Rasmus Grönlund

Security expert with a focus on penetration tests, redteaming, forensics and incident response in Microsoft based environments.

More info...


Jesper Särnholm Addtech Speaker Truesec Event

Jesper Särnholm

Jesper, Head of IT at Addtech, will share his insights and experience from the massive cyberattack against Addtech in the fall of 2019.

More info...


Two days. One company. Several critical scenarios stitched together from a digital world on fire.

As the threat landscape becomes more and more hostile, all aspects of an organization’s cyber resilience become critical. So where do we start? Follow us through a chain of events covering: Attack, Detect, Respond, Recover and Protect. All sessions and demos are based on true customer events and experience from real world cases.

Day 1

🇸🇪 Session in Swedish.

Keynote: Current Cyber Threats and Truesec Insights.

More information in published soon.

Speaker: Marcus Murray

🇺🇸 🇸🇪 Session in English & Swedish.

Session 1: In the attacker’s head – A journey into Red Team operations

An attacker with enough time and resources will never fail. That’s a statement that most people agree with. But how does it really look in practice?

Organizations are more aware of cyber threats, and protection/detection technologies and tools are a must-have. From the perspective of the attacker, this must be taken in consideration. Can we defeat the protections? Can we operate undetected?

Join us in this exciting journey guiding you through a Red Team performed by Truesec hackers. You will hear war stories, understand the thinking process of the attacker, and see live demonstrations of techniques and methodologies.

Speakers: Marcus Murray and Fabio Viggiani

Coffee and a 15 min break.

🇺🇸 Session in English.

Let us explore some of the other systems that you might find in a common infrastructure.

What about the Secure Shell port that seems to be open on many network devices?

It seems to want us to give it some password…

Dr. Stefan and Carlo will exploit these devices with some cool demos!

Speakers: Dr. Stefan Ivarsson and Carlo Alberto Scola

Coffee and a 15 min break.

🇸🇪 Session in Swedish.

Container technologies are becoming increasingly popular and have changed how new applications are developed and deployed.

This session presented by cyber security experts Alexander Andersson and Rasmus Grönlund is a deep dive in the security of modern web applications.

The session will feature post-exploitation, container escapes, and exploitation of common vulnerabilities in modern web applications.

Speakers: Alexander Andersson & Rasmus Grönlund

🇺🇸 🇸🇪 Session in English & Swedish.

Moving to Office 365 and Azure Active Directory extends your security boundary to the cloud. Exposing traditionally on-prem services to the entire Internet has several benefits, but also increases the attack surface. A single compromised account gives attackers access to a multitude of services and applications such as Outlook, Sharepoint, Teams, as well as Azure Active directory itself and all federated applications.

In this demo-based session, Hasain Alshakarti and Fabio Viggiani will show you different ways of abusing Microsoft services to conduct attacks such as enumeration, MFA bypass, malicious applications, advanced phishing, malicious device registration, and other modern attack techniques observed in the wild.

Speakers: Hasain Alshakarti and Fabio Viggiani

Coffee and a 15 min break.

A 15 min break.

🇸🇪 Session in Swedish.

Most incidents, where data is leaked, are due to a breach performed by an external party.

  • How do you detect and disarm an on-going breach?
  • How can you stop it before it becomes a huge incident?

Björn and David will guide you on an adventure in game of whack-an-exploit.

Speakers: Björn Brolin and David Lilja

🇸🇪 Session in Swedish.

In 2020, everyone is investing heavily in EDR software, next-gen firewalls, and pentesting applications. But credit card transactions, flight bookings, private cloud, blockchain infrastructure, and other cool stuff is running behind the humming of giant liquid-cooled computational monsters – mainframes.

So we think it’s time to raise the question – what is going on in the mainframe world?

The mainframe infrastructure seems forgotten, but it is there running and constantly getting software updates and new features. Truesec is in a unique position to share information about mainframes, as Davide is one of very few in the world doing research on this subject.

Join him and Erik for a live demonstration of a mainframe takeover.

Speakers: Davide Girardi and Erik Wilhelmsson

Coffee and a 15 min break.

🇸🇪 Session in Swedish.

How to offensively and defensively use Cyber Threat Intelligence

Cyber Threat Intelligence is useful when performing both offensive and defensive work.

How do you successfully, and ethically, use Cyber Threat Intelligence to perform a TIBER (Red Team) engagement.

And what does everyone else know about you? Do your adversaries know more about your weakness than you?

Join Alexander and David for a journey through the world of CTI – both Red and Blue.

Speakers: Alexander Andersson & David Lilja

Day 2

All experts will gather on stage after two days of intense sessions.

A great time to ask questions to Truesec experts.

🇸🇪 Session in Swedish.

In this session, Truesec experts Simon Binder and Peter Lofgren will give you the tools and techniques required to find your weak points. Our world-class experts will teach you to remediate these critical vulnerabilities, allowing you to defend your endpoints better.

Peter and Simon will cover various methods of configuration management using on-premise tools, cloud solutions, and attack surface reduction tactics. At the end of the session, our experts will showcase reporting methods you can use to ensure compliance in your organization.

Speakers: Peter Löfgren & Simon Binder

🇸🇪 Session in Swedish.

Keynote: Truesec Insights – lessons from a busy 2019

Mats and Markus share their experience and their conclusions in regard to a busy year in incident response for Truesec Group.

Speakers: Markus Lassfolk & Mats Hultgren

Session 1: We are hit, who are we going to call?

All companies are in jeopardy when it comes to cyber-attacks. Back in the days we talked about different threat actors, from scriptkiddies to nation state aggressors. These days all threat actors have access to nation state cyberweapons. Companies get hit in broad campaigns and the aftermath is devastating.

At Truesec we help companies that are under attack with our experts in incident response. Listen and learn from them so that you are ready when the threat actor comes to your environment. Learn how to prepare for an attack, what to do during an attack and how to recover from an attack.

Speakers: Mats Hultgren & Markus Lassfolk

🇸🇪 Session in Swedish.

The tech trade group Addtech suffered a massive cyberattack in the fall of 2019. Almost 80 of the company group’s 130 businesses and 1,700 employees were affected. When employees tried to log in to their computers, they were met by the name of a malicious code, and then – black screens…

Truesec was soon called upon as Incident Responders. A fight against time and a foreign threat actor took off.

“In these extreme situations, organizations and staff are subjected to an enormous pressure. What just happened? How should we act? What can we tell our customers? How do we build trust with our staff?“ states Jesper Särnholm, Head of IT at Addtech.

“Besides the technical, there are other aspects that needs to be put on the agenda in these critical situations. Now, we want to take our responsibility and share our experience with other Swedish companies and the society. We want to inform other organizations what pitfalls to avoid and how to get the organization to jointly and effectively strive to overcome and survive a cyberattack.”

Listen to Jesper sharing Addtechs’ own inside story of the attack. He will talk about what happens in an organization when IT suddenly stops working and the business is standing still. How they decided to not pay ransom, how their strong company culture helped them to keep business up during the attack, and how they got back on their feet after the crisis.

This is a unique opportunity you just can’t afford to miss out on!

Speakers: Jesper Särnholm, Head of IT Addtech, & Mats Hultgren

🇸🇪 Session in Swedish.

What does developing software, handling sensitive physical assets or just putting up a statue of a controversial football figure all have in common?

They are all susceptible to attacks!

If we want to try to stay one step ahead of our attackers we can use a process called “Threat modeling”. This can be done in many ways, but in this session we focus on introducing the concept to help you locate and resolve potential security risks before it’s too late.

You will learn to think about and evaluate threats already in the planning phase and avoid implementing the vulnerabilities. As a side effect you might understand your systems better and gain insight into threat prioritization.

Speakers: Sebastian Olsson and Thomas Andolf

🇸🇪 Session in Swedish.

Companies worldwide are challenged by the increasing volume of evolving security threats. In fact, an average organization gets thousands of security alerts each week, resulting in an average of months to discover breaches. That contrasts with the 48 hours or less it takes for attacks to grow from one compromised system into significantly broader breach.

You can strengthen your security posture by using the built-in security controls and services in Azure to help quickly configure security across the full-stack with unique intelligence at cloud scale to safeguard data and respond to threats in real-time.

Azure provides security services to manage identity and access, monitor suspicious user behavior, block and terminate reuse of leaked credentials. Additionally, customers can enable a set of security management component, such as Defender ATP, cloud app security, threat an vulnerability management, modern authentication, password-less logon, security baselines and compliance checking, to help prevent and detect threats.

Anders Axhake and Hasain Alshakarti will guide you through the different features and discuss possible and suitable use cases and configurations based on real-life experience.

Speakers: Anders Axhake and Hasain Alshakarti

🇸🇪 Session in Swedish.

Recent breaches both globally and locally demonstrates that attackers can consistently bypass security controls and remain hidden from view while they access and exfiltrate corporate assets.

We need to treat cyber attack as any other “natural disaster” when designing our datacenters to be able to handle these events properly. This is achieved by using a layered model of operational practices including secure deployment, restricted just-in-time administrative access, secure admin workstations as well as fast and expert response to threats and incidents.

This session will focus on the importance of correctly layered protection and isolation when building and operating your data center as well as the criticalness of secure and restricted access to management interfaces and data. Separate management domains, guardian host services, VM isolation, automated management, secure remote access, dedicated secure admin workstation, off-domain/offline backups, just-in-time access and more features and concepts will be discussed and demoed by Mikael Nyström and Hasain Alshakarti.

Speakers: Hasain Alshakarti and Mikael Nyström

Coffee and a 15 min break.

Coffee and a 15 min break.

Coffee and a 15 min break.

Coffee, something sweet and a 15 min break.

Essential Information


Date 12-13 March 2020


Live streaming


Ticket Type Price Add to cart


Attendee reviews