Strong Impulses for Incident Response
A key highlight was the ransomware incident response training, which was very practical. Despite our well-established crisis processes, the importance of these was once again made clear:
"Because sharing is caring" — this principle is reflected in our approach to incident response readiness. We support companies in transitioning from reactive to proactive strategies, drawing on our practical experience and proven methods.
Technical Insights & Learnings
Many presentations focused on proactive response options. Here are some of the highlights:
"Guardians of the Hypervisor" by Truesec highlighted the often underestimated risks associated with hypervisors due to a lack of segmentation.
Swiss Post Cybersecurity's response is using the Velociraptor SSH Accessor to give defenders better visibility and detection capabilities.
In "The Funny Story of Active Directory Backdooring", Sylvain Cortes demonstrated the persistence of threats in AD environments and the inadequacy of traditional recovery methods.
Swiss Post Cybersecurity's approach includes in-depth investigations, structured project planning and environmental clean-up and hardening — for example, through Active Directory tiering — to restore long-term trust.
Another key topic was OT security. The presentation by SektorCERT, Denmark's national CERT for critical infrastructures, was particularly notable. The speaker provided deep insights into real incidents in the OT sector.
In his presentation, "From OSINT to Production Floor", Claudiu Chelaru demonstrated how attackers can exploit publicly available information to infiltrate OT systems undetected.
As a Managed Security Service Provider (MSSP), Swiss Post Cybersecurity relies on preventive vulnerability management and increased network visibility and detection through its CTI platform with IOC matching.
CTF Success
A special highlight at the end was that our team achieved an impressive 12th place out of 84 teams in the Capture the Flag (CTF) competition, despite having only two participants out of a possible four.
Conclusion: Strengthened by New Impulses
As well as focusing on content, the conference provided an ideal opportunity for international networking and returning with fresh perspectives. Copenhagen was a great host.
Swiss Post Cybersecurity is ready with expertise in incident response, compromise assessments and long-term security strategy, whether dealing with acute threats or building a resilient security architecture.