Slide background


print page

On 14 June 2018, Secura organised this unique security event for the sixteenth time. The day-long event consisted of multiple tracks (managerial and technical) besides the keynotes. Additionally, there was an opportunity to experience the Student Capture the Flag.

Please find the presention slides below. We are glad to inform you that all available presentation recordings are online now. You can watch the videos via the Playlist Black Hat Sessions Part XVI on our YouTube channel and read the brief reports.



The BHS will be hosted by Chris van ‘t Hof, internetsociologist, presentor & author of the book Helpful hackers. Chris van ’t Hof is an independent researcher, writer and presenter in information technology.


We are proud to have Adam Laurie (RFIDIOt, Aperture labs) to give a keynote 'Stop laughing! CYBER Security is cool now!'. For decades we've been relegated to the kitchen at parties, our black t-shirts have excluded us from the best restaurants, and our children described us as "sad geeks" to their friends... But not any more! At last, CYBER is the new COOL! We are finally getting the attention we deserve and the issues we are trumpeting are no longer considered "Science Fiction". But is it enough or we just entering a new phase in the sausage machine of IT Security? After twenty years in the business, Adam Laurie takes a walk down memory lane and looks at issues we were dealing with when he first started and issues we're dealing with now. Oh wait! That's the same thing!!!

Download slides of the keynote by Adam Laurie

Michel van Leeuwen is Head of the Cybersecurity Policy Department (National Coordinator for Security and Counterterrorism), Ministry Security and Justice in the Netherlands. Michel van Leeuwen will give a keynote speech ‘Cybersecurity, Next Steps in Policy in the Netherlands and EU’.

Download slides of the keynote by Michel van Leeuwen

Ralph Moonen, Technical Director at Secura, will present recent research that Secura performed regarding several topics, including the security of SSL certificates in the Netherlands, and the security of 4G voice communication (Voice-over-LTE, or VoLTE). We have discovered weaknesses in certain widely used devices and 4G-networks and will provide you with new insights into the risks.

Download slides of the keynote by Ralph Moonen

Side Track (Management)

Security Compliance & Certification

Download slides of the presentation about EBA and ECSO by Miranda Chilvers and Dirk Jan van den Heuvel and slides about BSPA by Petr.

How to measure the security of your software? How to benchmark the security of your organisation? This all depends on clear frameworks, guidelines and standards. In this track, new developments will be discussed such as the Guideline for Cloud Service Providers by the European Banking Authority, the Baseline Security Product Assessment (BSPA) scheme of the AIVD and the Meta-Security Scheme by the European Cyber Security Organisation (ECSO).

Miranda Chilvers (Supervisor Operational Risk at De Nederlandsche Bank) will present the scope of the EBA guideline and the relevance, important for cloud-service providers. Petr (IT security specialist from MinBZK - NLNCSA) has experience with Common Criteria and Baseline security evaluations. Petr will be providing us with a quick overview of the Baseline Security Product Assessment (BSPA) scheme, its first results and share some experiences. He will also present the design of the scheme and give an overview on evaluation assurance levels as well as providing a forecast. Dirk Jan van den Heuvel (Managing Director at Secura) will present on the Meta-Security Scheme by ECSO: the aim, the status and how Secura contributes. This session will be closed with a discussion between all experts and interested parties.

GDPR – Privacy by Design and Accountability

Download slides of the privacy stream by Wolter Karssenberg, Ruud Kerssens and Fabian van den Broek

The GDPR (AVG) is effective! After two years of preparation the test case is now: How do we stay in control and balance our investments in terms of costs and effectiveness? Wolter Karssenberg (Management Consultant Privacy and Senior Privacy Officer for ABN AMRO) will guide you through the process and implementation of Privacy Governance. As Privacy by design is an important principle in the GDPR, and a challenge to implement, Ruud Kerssens (Manager Service Line Advisory & Audit at Secura) will inform you about the Data Protection Impact Assessments (DPIA), the starting point for defining privacy by design. Fabian van den Broek (Open University and Radboud University) will discuss the essentials of privacy by design in greater detail as well as describing a more practical approach. We will finish this session with an interactive debate.

Side Track (technical)

Red Teaming

Download slides of the presentation by Neal Conijn

Download slides of the presentation by Roy Duisters

This track will focus on Red Teaming. From OSINT to Purple Teams and data exfiltration. We will present our latest insights and share techniques for blue teams also. Instead of just testing your applications, why not test your whole organisation? Neal Conijn (Senior Consultant Red Teaming & Security Intelligence at SoSecure) will speak about predictive threat modelling and the physical side of Red Teaming. In addition to this Roy Duisters (Senior Security Specialist at Secura) will explain in depth the more technical side.

IoT Security

Download slides of the presentation by Elisa Costante

If you are interested in new technologies that are going to impact our lives and want to learn about their vulnerabilities, this is the track to go to. Elisa Costante (Head of Research at SecurityMatters) will dive into the details of Building Automation security, she will show how attacks can be executed and what the consequence of a cyber attack could be. In addition Nirvana Meratnia (Associate Professor at University of Twente) (no slides available) will provide you with some interesting insights into IoT platforms and services and their associated privacy supports and vulnerability.

And the winner is...?

The day-long event consisted of multiple tracks (managerial and technical) besides the keynotes. Additionally, there was an opportunity to experience the Student Capture the Flag.

1st prize EUR 2048 won by team THS University of Twente 2nd prize EUR 1024 won by team HackerCat Delft University 3th prize EUR 512 won by team Delft University