Year 2023 was full of events for HexArcana. Our managing director—Gynvael Coldwind—participated in a series of cybersecurity conferences and educational events. Here is a review of our presence at the most important conferences and university meetings in Poland.

Mega Sekurak Hacking Party, Cracow

On October 19, in ICE Kraków Congress Center, the Mega Sekurak Hacking Party conference took place. During the conference, we presented a lecture “2+2=BUG, the paradox of interconnected systems”, which focuses on the most interesting security bugs in large complex systems. The topic concentrated on unique security challenges which appear when two systems, which are separately secure, are connected together. HexArcana representative—Gynvael Coldwind—indicated, among others, how different implementations of the same protocol can lead to unexpected security gaps. The presentation was a good reminder that problems in implementation leading to security vulnerability are not always concentrated in one part of the code—sometimes the source of the bug is divided into a few small elements “far away” from each other in different code repositories.

The talk was warmly received by the participants who in the feedback underlined, among others, that “one must have broad knowledge to talk about such difficult concepts in a simple way”. The average rating of the talk was 4.97 / 5.00.

During the conference, the book "Wprowadzenie do bezpieczeństwa IT (Tom 1)" (WDBIT) had its premiere. Since Gynvael is the author of the first chapter—"O etyce w hackingu" [On Ethics in Hacking]—conference participants also had a chance to meet him in the Author Zone, where the authors of WDBIT signed many many copies of the book.

mshp_1.jpg Photo: Gynvael in the author's zone signing books. mshp_2.jpg Photo: Gynvael signing the first volume of the Polish version of "Introduction to IT Security". mshp_3.jpg Photo: Gynvael on stage at the ICE Kraków Congress Centre. mshp_4.jpg Photo: Gynvael on stage; in the foreground, a neon sign reads sekurak.pl.

Mega Sekurak Hacking Party conference

The Hack Summit, Warsaw

HexArcana also appeared on October 20 in Warsaw at the National Stadium (PGE Narodowy) at one of the biggest Polish conferences—The Hack Summit. At THS, Gynvael also spoke about the paradox of interconnected systems but the subject is so broad that the talk only partially overlapped with the one at Mega Sekurak Hacking Party. We hope, that after the talk, the participants could take a fresh look at the systems in their companies and address any potential faults overlooked earlier.

Like in Kraków, the talk generated a lot of interest and in the feedback, it received the maximum average rating 5.00 / 5.00.

ths_1.jpg Photo: Gynvael on stage in front of a screen with slides (slide about complex systems). ths_2.jpg Photo: Gynvael still on stage. ths_3.jpg Photo: A hall full of spectators, with the stage and speaker in the distance. ths_4.jpg Photo: A similar shot as the previous one, but from the side of the hall.

In addition to giving presentations, Gynvael, together with Panagiotis Chartas (KDM Poland), chaired the Deep Dive track, which—as the name suggests—focused on lectures diving deeply into the intricacies of the topics discussed.

The Hack Summit conference; photo: Piotr Potapowicz

Advanced Threat Summit, Warsaw

On November 21-24, HexArcana appeared at the Advanced Threat Summit conference, where we gave a talk on “Security and AI”, subtitled “a critical look”. Our talk was an answer to the growing popularity of artificial intelligence in cybersecurity. Gynvael analyzed the real influence of AI on IT, indicating both the potential benefits and threats. He focused on assessing language models and AI to detect threats as well as other uses of artificial intelligence in the industry.

ats_1.jpg ats_2.jpg ats_3.jpg ats_4.jpg

Advanced Threat Summit conference

Oh My H@ck, Warsaw

On December 5, at National Stadium in Warsaw (PGE Narodowy), Oh My H@ck took place, where once more a representative of HexArcana—Gynvael Coldwind—spoke about AI, though this time from the perspective of using language models in security testing. Gynvael considered the possibilities and limitations of LLMs in the context of code analysis and exploitation of found errors, presenting also his own experiments using own agent system based on API LLM ChatGPT 4.0. It was an interesting look at the practical and theoretical aspects of AI use in cybersecurity (and whether they are useful at all).

omh_1.jpg omh_2.jpg omh_3.jpg omh_4.jpg

Oh My H@ck conference, Photo by Manaslu Studio

University meetings

HexArcana also visited meetings organized by student associations. Below is a summary of our presentations.

AKAI Camp

First, we were a special guest at AKAI Camp, where we focused on the realities of hacking. Our lecture “On hacking in 25 minutes” aimed to show how "hacking" actually works. The talk was directed at IT enthusiasts who wanted to know how hackers are capable of breaking into computer systems from the technical side of it. The talk concluded in an almost one-hour-long informal discussion on various topics connected with cybersecurity.

White Hats academic students scientific association, Wrocław University of Science and Technology

On November 23, at the Wrocław University of Science and Technology, we repeated our lecture on the use of AI in IT security, which—we hope—was a valuable input for students interested in the newest trends in cybersecurity. Gynvael Coldwind, on the one hand, warned the students against the “hype of the artificial intelligence” but, on the other hand, also indicated the areas in cybersecurity where the heuristic approach works quite well.

To sum up, the year 2023 was very busy for HexArcana in the context of appearances. Those were warmly received, thank you to all the participants for that :)