πŸ›‘οΈ Now Announcing: A New Cybersecurity Session at BSides Luxembourg

πŸ§ͺπŸ“‚ π—ͺπ—›π—˜π—‘ π—™π—œπ—Ÿπ—˜π—‘π—”π— π—˜π—¦ π—•π—˜π—–π—’π— π—˜ π—”π—§π—§π—”π—–π—ž 𝗦𝗨π—₯π—™π—”π—–π—˜π—¦: π—ͺπ—˜π—”π—£π—’π—‘π—œπ—­π—œπ—‘π—š 𝗑𝗔𝗦𝗔’𝗦 π—–π—™π—œπ—§π—¦π—œπ—’ π—˜π—«π—§π—˜π—‘π——π—˜π—— π—™π—œπ—Ÿπ—˜π—‘π—”π— π—˜ 𝗦𝗬𝗑𝗧𝗔𝗫 – Adrian Denkiewicz ( @Adenkiewicz )

🧨 Turn filenames into attack vectors in this Talk (40 min) by uncovering how hidden parsing features can enable SSRF, file access, and data exposure.

What looks like a simple filename can actually be a powerful mini-language. This talk dives into CFITSIO’s Extended Filename Syntax (EFS), a feature widely embedded in scientific and imaging software, and shows how it silently expands the attack surface through built-in capabilities like virtual file handling, filtering, and network access.

Through original research, discover how these legitimate features can be abused to perform arbitrary file operations, trigger SSRF, and expose sensitive dataβ€”all without exploiting traditional memory corruption bugs. This session highlights how overlooked functionality in widely used libraries can introduce systemic risks across the software supply chain.

Adrian Denkiewicz ( @Adenkiewicz ) is an Offensive Security Expert and security consultant with experience spanning financial, e-commerce, and semiconductor industries. Currently a Staff Application Engineer at Doyensec, he specializes in application security, red teaming, and uncovering complex vulnerabilities in real-world systems.

πŸ“… Conference Dates: 6–8 May 2026 | 09:00–18:00
πŸ“ 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/

πŸ“… Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

πŸ“² View full schedule & build your agenda: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AppSec #SecureDevelopment #SSRF #SoftwareSecurity #CyberSecurity