{"id":1503,"date":"2025-08-27T06:43:21","date_gmt":"2025-08-27T12:43:21","guid":{"rendered":"https:\/\/raffy.ch\/blog\/?p=1503"},"modified":"2025-08-27T06:43:23","modified_gmt":"2025-08-27T12:43:23","slug":"security-chat-6-0-a-night-of-ideas-innovation-and-community-in-zurich","status":"publish","type":"post","link":"https:\/\/raffy.ch\/blog\/2025\/08\/27\/security-chat-6-0-a-night-of-ideas-innovation-and-community-in-zurich\/","title":{"rendered":"Security Chat 6.0: A Night of Ideas, Innovation, and Community in Zurich"},"content":{"rendered":"\n
\"\"<\/a><\/figure>\n\n\n\n

Yesterday, we brought Security Chat back to Zurich for its sixth edition and it was everything I had hoped for: brilliant talks, a packed room, and the joy of reconnecting with friends old and new. What started back in 2012 as an informal gathering of security enthusiasts has grown into a tradition where community and ideas come together.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

This year we had five lightning talks. Each one very different in style, but all equally thought-provoking:<\/p>\n\n\n\n

\n\n\n\n

Candid W\u00fcest \u2013 Why AI-Powered Malware Won\u2019t Kill You (Yet)<\/em><\/strong><\/h3>\n\n\n\n

Candid cut through the hype around \u201cAI-driven malware.\u201d He explained the difference between AI-generated malware (just code produced by LLMs) and AI-powered malware (where AI runs inside the malicious code). While there are proof-of-concepts in the wild, protection stacks still hold up. Behavior-based detection and layered defenses remain effective. His takeaway: AI will eventually give attackers new tools, but defenders are not out of the game.<\/p>\n\n\n\n

\n\n\n\n

Joshua Rawles \u2013 The Global Impact of a Modern Phishing-as-a-Service Operation<\/em><\/strong><\/h3>\n\n\n\n

Josh gave us an inside look at the booming phishing-as-a-service industry. For as little as $50 a month, criminals can buy turnkey kits that bypass MFA, come with 24\/7 \u201csupport,\u201d and scale to tens of thousands of victims. His case study on Storm-1167 (\u201cFluorStorm\u201d) showed just how industrialized this has become, with thousands of domains, Telegram bots for real-time stolen credentials, and devastating impact on nonprofits. His message: MFA is necessary but not sufficient; phishing-resistant authentication and faster takedowns are critical.<\/p>\n\n\n\n

\n\n\n\n

Barbara Dravec \u2013 Drawn to Encrypt: A Visual Trail from OTP to RSA<\/em><\/strong><\/h3>\n\n\n\n

Barbara brought cryptography to life with a visual storytelling approach. Mapping concepts like one-time pads, pseudo-random generators, and RSA to vivid imagery from the natural world (snakes, owls, octopuses, and more). It was a refreshing, creative reminder that explaining security to non-experts requires more than equations. It sometimes requires narratives that people can connect to.<\/p>\n\n\n\n

\n\n\n\n

Advije Rizvani \u2013 AI on Wall Street: Smart, Fast\u2026 and Surprisingly Fragile<\/em><\/strong><\/h3>\n\n\n\n

Advije, a PhD student in Liechtenstein, showed how machine learning systems that drive algorithmic trading can be tricked with subtle, temporary data manipulations. A single manipulated data point can cause wrong trades, eroding portfolio performance over time. Her research raises a sobering question: in high-stakes financial markets, how do we know whether losses are due to bad luck, bad models\u2026 or deliberate attacks?<\/p>\n\n\n\n

\n\n\n\n

Elliott \u2013 When Cookies Collide: The Overlooked Attack Vector<\/em><\/strong><\/h3>\n\n\n\n

Elliott closed the night with a deep dive into cookie tossing<\/em>, a little-known but powerful web attack. By controlling a subdomain, an attacker can \u201ctoss\u201d malicious cookies that hijack authentication flows or manipulate transactions on the parent domain. He walked us through real-world cases and defenses and highlighting how a small misconfiguration can open the door to session hijacking and data theft.<\/p>\n\n\n\n

\n\n\n\n

More Than Talks\u2014It\u2019s About Community<\/h2>\n\n\n\n

What I loved most about Security Chat 6.0 wasn\u2019t just the talks, but the variety of voices and the energy in the room. We had people flying in from London, driving hours through traffic, and carving out time to share ideas. We had job seekers and companies hiring. We had old friends, new connections, and plenty of wine and bagel bites to keep conversations flowing.<\/p>\n\n\n\n

A big thank you to our sponsor 1Password<\/strong> for supporting the evening, to the speakers for sharing their insights, and to everyone who showed up to make this community vibrant.<\/p>\n\n\n\n

As I said on stage: cybersecurity has given me so much over the years. Events like this are my way of giving back by fostering connection, sparking ideas, and reminding us all that innovation doesn\u2019t happen in isolation.<\/p>\n\n\n\n

See you at the next Security Chat – whenever and wherever it may be.<\/p>\n","protected":false},"excerpt":{"rendered":"

Yesterday, we brought Security Chat back to Zurich for its sixth edition and it was everything I had hoped for: brilliant talks, a packed room, and the joy of reconnecting with friends old and new. What started back in 2012 as an informal gathering of security enthusiasts has grown into a tradition where community and […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62],"tags":[60,58,61],"class_list":["post-1503","post","type-post","status-publish","format-standard","hentry","category-community","tag-community","tag-event","tag-zurich"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/1503","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/comments?post=1503"}],"version-history":[{"count":5,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/1503\/revisions"}],"predecessor-version":[{"id":1510,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/1503\/revisions\/1510"}],"wp:attachment":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/media?parent=1503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/categories?post=1503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/tags?post=1503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}