orangecon

The Dutch Cybersecurity Conference

5 September 2025 @ Meervaart Amsterdam

Community Driven Cybersecurity Conference

Experience the Hackers Community in The Netherlands! OrangeCon is a community driven, non-profit Cybersecurity Conference in the heart of The Netherlands. Meet old and new friends, listen to talks of Dutch leading cybersecurity experts, and level up your knowledge in one of our trainings.

Join us in Amsterdam on the 5th of September!

  • Expand your knowledge in one of the trainings
  • Meet old and new friends at our vibrant community villages
  • Experience talks of the leading cybersecurity experts in The Netherlands

cfp
open

OrangeCon 2025 is now open for talk and workshop proposals!

We're looking for cybersecurity folks - researchers, tinkerers, professionals, and passionate amateurs - to share ideas, skills, and stories with our community. Whether it’s blue team, red team, policy, tech, or something unexpected, if it’s security-related, it belongs at OrangeCon.

  • Conference: 5th of September 2025 @ Amsterdam
  • Audience: Casual & tech-savvy
  • Submission deadline: 31 July 2025, 23:59 CEST

Join us in shaping a conference that’s by and for the Dutch community!


Submit now!

Conference

Community Villages

Dive into our community villages at OrangeCon – it's where old and new friends unite for a whirlwind of fun and innovation!

Talks on stage

Listen to our talks: quick, electrifying insights where the brightest minds in cybersecurity spark big ideas in just 30 minutes!

Workshops

Step into our workshops: hands-on, engaging sessions where you'll dive deep into cybersecurity's hottest topics with industry pros leading the way!

Speakers

Ruben Homs

The Fellowship of the Token: One Login to Rule Them All

Welcome to the modern phishing playground - where attackers aren’t spoofing your login page anymore. Oh no. They’re reverse-proxying reality itself, slipping into the digital conversation between you and the real site like some kind of evil middleware wizard, snatching up credentials and laughing at your precious MFA as they walk right in.

And here’s the fun part: most organizations have lovingly wrapped their entire digital existence in a big shiny bow called Single Sign-On (SSO). It’s efficient, it’s convenient, and when a session token gets stolen? It’s game over. One cookie to rule them all, one token to find them, one login to bring them all, and in the breach, bind them.

This talk isn’t just theory - it’s chaos, live and unscripted. I’ll be launching a full reverse proxy phishing campaign on stage, in real time, targeting one of my colleagues (who has maybe definitely agreed to it). We’ll build the infrastructure, craft a custom phish, sidestep spam filters, and - if all goes well - steal their soul via HTTP.

Tijme Gommers

In Memory of In-Memory Detection

Pack, obfuscate, or encrypt your malware as much as you want to prevent detection. This works reasonably well, but ultimately your malware always runs somewhere in the memory of a computer. This is an inherent problem with all of the aforementioned techniques. At some point during execution, the payload that you have tried to hide as much as possible is decrypted to plain text, because only then can it be executed properly.

Learn more about the hurdles of such polymorphic malware and how to detect it; the concept of modern metamorphic malware and how this type of malware circumvents static and in-memory detection; how static in-memory detection is now completely dead, and we can no longer rely on it, especially when practical implementations of metamorphic malware become publicly available.

As the icing on the cake, I publish such a practical implementation: Dittobytes. Dittobytes is a project for true metamorphic cross-compilation of C-code to Truly Position Independent Code (PIC). Malware compiled with Dittobytes runs everywhere natively - in any process, on Windows, Mac, and Linux, and both on X86 and ARM64. The best part? It's different every time you compile it!

Talha Ucar
Juriaan Spierenburg

Inside NCSC’s CTI Team: Tracking Threat Actors Targeting the Netherlands

From covert state-backed espionage to financially motivated cybercrime, from politically charged hacktivism to digital sabotage—threat actors targeting the Netherlands come in many forms, and their tactics are constantly evolving. In this talk, the Cyber Threat Intelligence (CTI) team of the Dutch National Cyber Security Centre (NCSC) shares a behind-the-scenes look at how they track and analyze these threats to protect the Dutch government and critical infrastructure. Real-world case studies illustrate how the team identifies, classifies, and contextualizes threat activity across a broad spectrum of actors.

The presentation also introduces Pharos, a powerful in-house tool developed by the NCSC to proactively detect malicious infrastructure online. By tapping into external sources like Censys, Shodan, and VirusTotal, Pharos uses custom queries to flag suspicious IPs, domains, and certificates—often before they’re weaponized. Join us for a deep dive into the operational world of national CTI: where strategic intelligence meets technical investigation, and where safeguarding the digital security of the Netherlands is a daily mission.

Nikos Mantas

Workshop: AWS Enumeration for Purple Teams

Designed for both Blue and Red teams, this hands-on workshop is designed to equip participants with a deep dive into AWS enumeration techniques and detection opportunities. Through guided labs, attendees will learn how attackers can use policy misconfigurations to identify paths to their objectives. For defenders, we will discuss real-world detection opportunities, log sources, and effective monitoring strategies to identify suspicious enumeration activity before it escalates into full-blown compromise.

Along the way we introduce dAWShund, a new tool designed to map and visualize AWS resource relationships, helping Red Teams identify attack paths and Blue Teams strengthen defenses to help put a leash on naughty permissions. This is an interactive workshop, fostering and encouraging discussions among participants.

Didier Stevens

Workshop: Analyzing Cobalt Strike Beacons, Servers and Traffic

In this workshop, we will use tools developed by Didier Stevens to deal (analysis & traffic decryption) with malicious Cobalt Strike beacons.

There used to be a time, that a blue teamer could say: "this sample I just analyzed is a Cobalt Strike beacon: I'm sure this is a pentest". That is no longer the case: Cobalt Strike has become very popular with common criminals, and even some APT crews. Nowadays, if you encounter a Cobalt Strike sample, your organization is more likely to be under real attack than under simulated attack.

Venue

Welcome to Meervaart Theatre, the heart of the vibrant Nieuw-West district! We're thrilled to host OrangeCon in such a dynamic and welcoming space. At Meervaart, the performing arts are a cornerstone of community life, bringing people together and fostering a sense of shared experience and understanding. By embracing cultural participation and education, Meervaart plays a vital role in enhancing the cultural life of the community in Amsterdam Nieuw-West.

Address:

Meer en Vaart 300, 1068 LE Amsterdam

Trainings

Whether you're looking to level up your red teaming skills, dive into the depths of AI security, or get hands-on with hardware hacking, we've got something for you. Our training program brings together top-notch instructors, each one an expert in their field, to deliver deeply practical, high-impact courses across a wide range of security domains.

From one-day crash courses to immersive three-day deep dives, our lineup covers topics like social engineering, mobile app hacking, Linux DFIR, physical entry techniques, and much more. All trainings are scheduled during the first week of September 2025, Monday 1st thruogh Thursday 4th, before the conference on the 5th.

Check out the training lineup!

Interested in sponsoring OrangeCon?

OrangeCon is a non-profit conference that brings the Dutch cybersecurity community together. It’s all about education, connection, and sharing knowledge in an open, welcoming environment. By sponsoring, you’re helping us keep this event accessible and making a real difference in supporting a growing community of professionals, students, and enthusiasts.

This isn’t just about putting your logo on a banner — it’s about being part of something that matters. By supporting OrangeCon, you can help build a stronger, smarter, and more connected cybersecurity community in the Netherlands.

Interested? Get in touch with us by sending an email to [email protected]!


Silver Sponsors

Friends of OrangeCon

Contact Us

If you have questions or comments, please don't hesitate to get in touch by using the email address below. Our team is not just here to help; we genuinely care about your ideas, concerns, or experiences. Send us a note, and we will reply shortly!

Sign up for our newsletter

Want to always be in the know of the latest news about OrangeCon? Join our newsletter! We only send out a few a year, so don't worry about filling up your inbox.

* indicates required

Intuit Mailchimp