Midnight Sun Archive
Midnight Sun 2025
2025 Gallery






Talks
Opening Keynote
Carl-Oskar Bohlin has been a member of the Riksdag (Parliament) since 2010 and has served in the Moderate Party cabinet as the Minister of Civil Defence since 2022, making him the first Minister of Civil Defence as Sweden joined NATO.
Shadows and Strategy: Cybersecurity in the Gray Zone
In today's hyper-connected world, cybersecurity isn't just about firewalls and forensics—it's about strategy. Drawing from her experience with U.S. and international defense institutions, Dr. Mary Bell explores how cyber operations increasingly operate in the "gray zone"—the murky space between peace and declared conflict. Through historical parallels, like Stockholm's layered island defenses, and real-world cyber incidents, this talk challenges attendees to rethink cybersecurity through a strategic lens. Mary will introduce emerging models of cyber deterrence, highlight lessons from joint military education programs, and call for coalition-based, resilience-driven approaches to digital defense. Designed to provoke discussion, this session is ideal for policy makers, cyber professionals, industry leaders and educators preparing for the next frontier of conflict: the shadows.
As Dean of The Beacom College of Computer and Cyber Sciences at Dakota State University, Mary leads the strategic development of academic programs ranging from certificates to doctoral degrees in fields such as Artificial Intelligence, Computer Science, Cyber Defense, Cyber Operations, Ethical Hacking, and more. She is actively involved in curriculum development, faculty mentorship, and fostering partnerships that enhance research and experiential learning opportunities for students. Under her leadership, the college has introduced innovative programs, including a Master's in Artificial Intelligence and a Quantum Computing Certificate, reflecting her commitment to preparing students for emerging fields in technology and cybersecurity. Mary also plays a key role in advancing DSU's reputation through collaborations with national and international organizations, ensuring that students and faculty contribute to cutting-edge advancements in cyber sciences.
The First-of-a-Kind Cyber War in Human History
This presentation explores Ukraine's experience as the first nation to endure full-scale cyberwarfare as part of an ongoing military invasion. It will examine how cyber operations have been integrated with kinetic warfare since 2014, culminating in a continuous hybrid campaign after the full-scale Russian invasion in 2022. The talk will provide real-world examples of cyberattacks on national infrastructure, their strategic objectives, and the responses developed by Ukrainian cyber defenders. It will also highlight how Ukraine's experience reshapes the global understanding of war, demonstrating that cyberwar is not a separate phenomenon but a persistent and evolving front of modern conflict.
Ievgen Vladimirov is the Director of the Cybersecurity Center at the National Academy of Security Service of Ukraine. He previously served as Deputy Minister of Energy of Ukraine for Digital Development, Digital Transformations, and Digitalization. His roles have included founding national cybersecurity structures, advising multiple Ukrainian ministries, and contributing to key legislation and concepts such as the "Energy Sectoral Cybersecurity Concept" and the "Critical Infrastructure Law of Ukraine." Ievgen brings over 20 years of experience at the intersection of cybersecurity, energy, and national defense, combining public service and private sector expertise.
Adapt, Evade, Evolve: Russia's Cyber Industry, the Russian War on Ukraine, and Future Risks and Implications for Europe
After Russia's full-scale invasion of Ukraine in February 2022, Western governments imposed waves of sanctions, export controls, and other restrictions on Russia, including to undermine its cyber capabilities and defense technology. But Russia's cyber industry—including companies that support the Russian state's offensive and defensive operations—has proven remarkably resilient in the face of sanctions, other restrictions, and shifts in technological isolation. Some Russian cyber firms made more money in 2024 than in their entire history. This talk will explore the role of private companies in the Russian cyber web, how major Russian cyber firms are adapting to the new geopolitical environment, and what it all means for Sweden and Europe—ranging from benign, cybersecurity-positive activities in Russia to private firms that use their capital, resources, and talent to make the Kremlin's cyber offense stronger.
Justin Sherman is a leading expert on cybersecurity and data privacy, technology and internet policy, and geopolitics. Described by NPR as "the go-to guy on all things cybersecurity, data privacy, AI," he has consulted for and advised CEOs, government officials, investors, attorneys, product managers, communications strategists, and threat intelligence teams, including in volatile, complex, and high-risk scenarios. He has consulted on projects and programs for organizations ranging from HBO to DARPA.
Crafting Data-Driven Narratives from the Cyber Threat landscape
Learn how SEB reinforces a good security culture with the help of Threat Intelligence. How they create a real-life relevant and common thread from Threat Actor TTP all the way to CIS Controls. Making the Threat Landscape tangible and directing decisions on security.
Sofia Nacke works as a Cyber Threat Intelligence Analyst at SEB. She joined the bank in January 2024 and has experience from working with cyber-related issues in both the public and private sector. Sofia has a B.Sc. in Information Systems.
Kristoffer Sjöström is the Chief Security Officer for the SEB Group and Head of Group Security and Cyber Defence. He joined SEB in October 2021 and previously held numerous senior security positions at Ericsson where he worked for over 17 years. Kristoffer holds a B.Sc in Security and Business Management.
Tobias Calås leads the Threat Intelligence team as part of Group Security & Cyber Defence at SEB. He joined the SEB Group in 2023 from the Swedish Armed Forces where he has served for many years in various positions. Tobias held the rank of Lieutenant colonel, has a M.A in war studies and a B.A in political science.
Co-operation is a key to success in the complex cyber world
The world of cyber is complex - and it will be even more complex in the future. There are no borders and information can be distributed in the flip of the eye to anywhere. In this world, no authority nor company or entity can survive on its own. There is a high need for co-operation in all levels in order to identify the week parts and make them stronger.
Pekka Jokinen works as a deputy director general at National Cyber Security Center Finland. His main responsibility is to lead center's day to day work, lead the preparedness and readiness of the center as well as all cooperation internally in Finland and internationally. Mr Jokinen has 20 years of background from the Finnish Defence Forces. Jokinen is a general staff officer and has served multiple positions in Armoured Brigade, Karelia Brigade and Defence Staff. His last appointment at Defence Staff was to be responsible of the strategic planning at cyber defence.
From concern, to desperation to total worldwide crisis - tons of abbreviations and bad vibes
War in the Smartphone Age: Conflict, Connectivity and the Crises at Our Fingertips
Thanks to smartphones, war is everywhere, all the time. Anyone can view, analyse and comment on photos, videos or other warzone media, far from the frontlines. Where did this technology come from? And what does it mean for the future of war?
Matthew Ford is an academic focusing on war and the data-saturated battlefields of the 21st century ans is currenlt working on his third book, topic of this talk.
Supply chain management during the time of hybrid wa
We are living in a new world. States, organisations and individuals that earlier where friends today are furious enemies, or question each other. The amount of trust that is needed is decreased to a level we have not seen for years. For the cyber arena that is like moving from Fontana di Trevi to the floor of Colosseum in Rome in the days lions where mixed with humans there. Have we been too naive? Can we trust each others? How to we plan for continuity? Mr Fältström will talk from his experience in the intersection between cyber defence and cyber security how to handle relationships between organisation in the new world.
Patrik Fältström is Head of Security at Netnod and holds a Master of Science degree in Mathematics from Stockholm University. He has extensive experience in Internet technologies, having worked with UNIX since 1985, DNS since 1987, and contributing to Internet standardization through the IETF, including editing standards for Internationalized Domain Names and ENUM. Fältström has held key roles in global Internet governance, including chairing the ICANN Security and Stability Committee and advising the Swedish IT Minister. He is a member of The Royal Swedish Academy of Engineering Sciences and a Knight of The Order of the Cross of Terra Mariana.
89 Seconds to Midnight...
In January, the Doomsday Clock moved one second closer to midnight - the closest it has ever been to catastrophe. The world which we believed we understood has changed. We have entered a new era of competition, confrontation and instability. The Rules Based International System is under threat and Europe's security is at stake. Our new reality requires new ways of thinking. What will be the effects on innovation, technical development, and international cooperation? Is there a silver lining?
Judith Gough is Senior Strategic Advisor at Actagon. A career diplomat, she has served as the UK's Ambassador to Sweden, Ukraine and Georgia. Her background is in defence, security and conflict and Europe's relationship with Russia. She is an Associate Fellow at Chatham House and a regular media commentator on Russia's war in Ukraine and the new world order.
EntrySign: The Story of AMD's Microcode Signature Vulnerability
Microcode is a fundamental building block for x86 CPUs – implementing everything from complex x86 instructions, to privilege transitions and virtualization. Beyond ring 0 and SMM lies the microcode privilege level, with maximum control over the x86 core and the internal buffers within. Accessing and tinkering with microcode is a hacker's dream, but cryptographic protections prevent all but Intel and AMD from doing so. Previous work has demonstrated methods to bypass microcode patch authentication on the Intel Atom and reverse engineer the microcode ISA enough to write sophisticated custom microcode patches (Intel Atom Goldmont and AMD K8/10). However, easily accessible arbitrary microcode execution was unavailable on modern high-performance CPUs until now. Get to know the full details about EntrySign, a cryptographic flaw in AMD's microcode patch verification logic, including how we discovered the bug and how you can extend our results. EntrySign lets you execute arbitrary microcode on all AMD CPUs from Zen 1 to Zen 5 and modify the behavior of x86 instructions. The talk contains details about the format of AMD microcode, how their patches are verified, how we were able to reverse engineer this process, and how we were able to access the key information required to defeat it.
Frontier AI: A New Paradigm for Cybersecurity
Foundation models aren't just another software tool—they're poised to become the universal runtime for almost every digital interaction. Soon, most software won't be built; it will be prompted. Yet the cybersecurity playbook still targets traditional code, blind to AI-native threats like prompt injection, stealthy data poisoning, and autonomous agent hijacks. This talk highlights mechanistic interpretability (reverse-engineering neural circuitry) and adversarial robustness (withstanding targeted attacks) as essential, emerging frontiers in AI security, revealing why defending foundation models demands radically new thinking. Ignoring AI security won't stop LLMs from running your bank, doctor, and car—better catch up quick!
Juan Rocamonde holds a BS in Theoretical Physics from University College London and MS in Mathematics (Part III) from Cambridge University. Juan has conducted research in fundamental AI research (NYU CILVR), AI for scientific discovery (CERN, AstraZeneca), and AI safety and security (Stanford University, FAR AI).
Operational Realities in Securing space systems
Our modern society benefits a lot from space systems like GPS, communications, weather or remote monitoring satellites. The satellite systems are very far away and hard to patch and update while at the same time being accessible from anyone on earth with the right equipment and competence. The satellites tend to have a lifespan of 3-10 years in low earth orbit (LEO) or even more than 15 years in geostationary orbit (GEO) so there are likely vulnerable systems on board. This talk highlights some aspects of attacking space systems, looking at known attacks on space, ground and customer assets and how we can defend space systems in orbit around earth and all the way to Mars where a Public Key Infrastructure has some limitations!
Mattias has a Master of Science in Mechanical Engineering and 20 years of experience working with IT, information security and threats to critical infrastructure. Mattias is currently the CISO at the Swedish Space Corporation a global Space Service Provider with 10 satellite ground stations on 5 continents and a new launch center in northern Sweden that will launch satellites into orbit in 2025. Mattias has worked with cyber security both as a consultant to private business and within the Military Intelligence and Security Directorate in the Swedish Armed Forces.
You're fuzzing it wrong – Common Mistakes and Tips for Fuzzing in Software Development
Despite the growing popularity of fuzzing in vulnerability research and software development, many attempts remain ineffective, often due to fundamental implementation errors that frequently go unnoticed. This talk aims to demystify the "art of fuzzing" and provide participants — hackers, researchers and developers — with practical insights into correctly implementing and evaluating fuzzing. I will address common misconceptions, present best practices, and demonstrate through examples how effective fuzzing can significantly enhance software security - or just find a lot of bugs. Prerequisites: Participants should have at least basic familiarity with fuzzing. Those already practicing fuzzing will benefit the most from this talk.
Marc Heuse is an old-school hacker and security researcher with 30 years of experience in IT security. He founded the hacker research group "The Hacker's Choice" (www.thc.org), the AFLplusplus organization for more efficient fuzzing, and is the lead developer of AFL++, currently the best fuzzer available. At SRLabs, an Allurity daughter company, he leads the software security assessment team.
Building the Cyber-Talent Pipeline with CTFs
I didn't plan on building a top-3 global CTF team, I just thought "TheHackersCrew" sounded cool for a YouTube channel. One accidental click on CTFtime later, I never saw a normal weekend again. This talk is a player's-eye view of how CTFs shape people: how they teach you to think, fail, collaborate, lead, and obsess over the weirdest technical problems. We'll explore how CTFs surface raw skill, persistence, and collaboration under pressure and how companies can use them to build high-trust, high-performance security teams.
Rudraksh Saini currently works as a consultant at undisclosed. He is also the founder and captain of 'TheHackersCrew,' one of the top-ranked Capture the Flag (CTF) teams.
Jonathan Ho is a leader of TheHackersCrew. He joined the team in 2021, specializing in the following CTF categories: reverse engineering, hardware, programming, and miscellaneous (networking, cloud, AI, etc.). He was the captain of Santa Clara University's cybersecurity competition team (BroncoSec) from 2021-2022 and member of the United States Cyber Team from 2022 - 2024.