Slide background


print page

The day-long event consists of multiple tracks besides the keynotes. Of the four tracks, two will be really technical, and two managerial. Keep an eye on this website for the most up-to-date information. Please note! There is a maximum number of participants per session. We would like to create an informal setting and promote interaction.




The BHS will be hosted by Chris van ‘t Hof, internetsociologist, presentor & author of the book Helpful hackers. Chris van ’t Hof is an independent researcher, writer and presenter in information technology.


We are proud to have Adam Laurie (RFIDIOt, Aperture labs) to give a keynote 'Stop laughing! CYBER Security is cool now!'. Adam Laurie is a security consultant working the in the field of electronic communications, and a Director of Aperture Labs Ltd. who specialise in reverse engineering of secure embedded systems.

Michel van Leeuwen is Head of the Cybersecurity Policy Department (National Coordinator for Security and Counterterrorism), Ministry Security and Justice in the Netherlands. Michel van Leeuwen will give a keynote speech ‘Cybersecurity, Next Steps in Policy in the Netherlands and EU’.

Ralph Moonen, Technical Director at Secura, will present recent research that Secura performed regarding several topics, including the security of SSL certificates in the Netherlands, and the security of 4G voice communication (Voice-over-LTE, or VoLTE). We have discovered weaknesses in certain widely used devices and 4G-networks and will provide you with new insights into the risks.

Side Track (Management)

Security Compliance & Certification

How to measure the security of your software? How to benchmark the security of your organisation? This all depends on clear frameworks, guidelines and standards. In this track, new developments will be discussed such as the Guideline for Cloud Service Providers by the European Banking Authority, the Baseline Security Product Assessment (BSPA) scheme of the AIVD and the Meta-Security Scheme by the European Cyber Security Organisation (ECSO).

Miranda Chilvers (Supervisor Operational Risk at De Nederlandsche Bank) will present the scope of the EBA guideline and the relevance, important for cloud-service providers. Two developers of the BSPA scheme (AIVD) will present the design of the scheme, its first results and experiences. Dirk Jan van den Heuvel (Managing Director at Secura) will present on the Meta-Security Scheme by ECSO: the aim, the status and how Secura contributes. This session will be closed with an interactive panel discussion between all experts and interested parties.

GDPR – Privacy by Design and Accountability

GDPR will be effective in all European countries at the time of the Black Hat Sessions! All privacy policies are up and running. How do we guarantee privacy compliance? Do you have challenges in getting processes work properly and identify privacy security issues, address them and implement the necessary controls in an adequate way?

In this management stream we cover two important aspects that appear to be question marks for organisations which are eager to stay in control: Privacy by design and Accountability. After emphasizing the highlights of the GDPR by Ruud Kerssens (Manager Service Line Advisory & Audit at Secura), Fabian van den Broek (Open University and Radboud University) will speak about Privacy by Design. Wolter Karssenberg (Management Consultant Privacy and Senior Privacy Officer for ABN AMRO) will speak about Accountable Privacy. We will finish the session with an interactive debate between all experts and interested parties.

Side Track (technical)

Red Teaming

This track will focus on Red Teaming. From OSINT to Purple Teams and data exfiltration. We will present our latest insights and share techniques for blue teams also. Instead of just testing your applications, why not test your whole organisation? Neal Conijn (Senior Consultant Red Teaming & Security Intelligence at SoSecure) will speak about predictive threat modelling and the physical side of Red Teaming. In addition to this Roy Duisters (Senior Security Specialist at Secura) will explain in depth the more technical side.

IoT -SCADA embedded

This technical track will cover topics including hardware security and vulnerabilities in SCADA/ICS networks and embedded systems. Elisa Costante (Head of Research at SecurityMatters) will dive into the details of Building Automation security, she will show how attacks can be executed and what the consequence of a cyber attack could be. In addition Nirvana Meratnia (Associate Professor at University of Twente) will provide you with some interesting insights into IoT systems and services. If you are interested in new technologies that are going to impact our lives and want to learn about their vulnerabilities, this is the track to go to.

And the winner is...?

This sixteenth edition of BHS will see an improved program including a Capture the Flag (CTF) competition aimed at student teams from University or Higher Education. The winners of the Secure Grand Slam Student CTF will be accounced at the end of the day. First prize: 2,048 EURO, Second prize: 1,024 EURO and Third prize: 512 EURO.

PGP Key Signing Party

During this year's BHS edition we will organise a PGP Key Signing Party. PGP is a popular method to provide end-to-end encryption for email communication. The PGP public key infrastructure relies on a web-of-trust where users are validated by other users. A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each other's keys, thereby strengthening the web of trust.

This session is intended for experienced PGP users and will not be an introduction on how to use or configure PGP. In fact, computers are not even used during a PGP Key Signing.

To attend to PGP Key Signing Party make sure of the following:
- keys uploaded to the public keyservers
- bring a government issued identity document
- bring several paper copies of your PGP fingerprint (business cards with PGP ID are ideal)