DevSecOps play a growing importance in software engineering. Due to that implementing compliance with security regulations and standards is an essential, but challenging task. In this guest lecture, Fabiola Moyon will explain practical approaches to address this challenge through the improvement of DevOps practices (including modeling and specifying compliance artifacts) relevant both for external compliance checks and internal audits of security compliance in DevOps.

Fabiola is a team member of PROMIS and a Senior Key Expert for secure agile development and DevOps in Siemens Cybersecurity & Trust.

For those working in information or cyber security, certification is an excellent way to verify the knowledge and prove obtained skills. Top-rated credentials are also conducive to job mobility and maintaining organization’s reputation and the level of the professional service. Earning a reputable cybersecurity certification requires an investment and during our PROMIS breakfast seminar we will discuss what kind of certifications are the most recognized, which certifications should professionals select and how to maintain the certification. We will touch the most well-known and recognized cybersecurity vendor-related and vendor-neutral certifications including ICS2, ISACA, EC-Council, Offensive Security, SANS, Microsoft, etc.

Oleksii Baranovskyi, Ph.D., CISSP, CISM, CEH, SSCP, etc. is a Senior Lecturer at the Blekinge Institute of Technology and team member of PROMIS. 

Software supply chain threats have become one of the most alarming types of attacks existing so far. Regulators paid special attention to software supply chain security in some of the recent regulations (such as the Cyber Resilience Act and Executive Order 14028). In this seminar, we provided an overview of some of the software supply chain security regulations and considered an example of one of the attacks that such regulations could address. In addition, we considered the software bill of materials (SBOM) as one of the cybersecurity risk mitigation measures required by recent regulations for achieving software supply chain security. Also, we briefly touched practical aspects of SBOM implementation.

This seminar was given by Oleksandr Kosenkov and Alexander Adamov. Both are lecturers at the Blekinge Institute of Technology and team members of PROMIS. 

In this seminar we considered using Security Information and Event Management (SIEM) systems for collecting and processing data from your security perimeter in order to detect anomalies. We looked at Machine Learning Toolkits and its possible ways to detect anomalies to turn your SIEM into some kind of IDS/IPS.

Dr. Volodymyr Tkach is a Senior Lecturer at the Blekinge Institute of Technology. He is also an Associate Professor of Igor Sikorsky Kyiv Polytechnic Institute (Kyiv, Ukraine), Department of Information security. He’s an experienced lecturer and scientist in cybersecurity passionate in anomalous user behavior analysis and prediction using machine learning tools and methods. I am also passionate about Big Data processing to gain new knowledge and unveil what was hidden! His work experience includes the Foundation for Support of Reforms in Ukraine Project office involvement as a Senior Project Manager in cybersecurity to perform the methodological support of the National Bank of Ukraine, Department of Security. He has a Ph.D. degree in a field of applied mathematics.

The steady increase in the volume of indicators of compromise (IoC) as well as their volatile nature makes their processing challenging. Once compromised infrastructures are cleaned up, threat actors are moving on to other target infrastructures or simply change attack strategies.

In this presentation, we discussed the approaches for scoring models for decaying IoCs shared within different platforms to match their heterogeneous objectives. We described the using meta-information shared along with indicators of compromise, facilitating the decision-making process for machines in regards to the validity of the shared indicator of compromise.

Oleksii Baranovskyi is a Senior Lecturer at the Blekinge Institute of Technology and team member of PROMIS. He is an experienced cybersecurity expert with a demonstrated history of working in the academic as well as enterprise. He specializes in penetration tests, computer forensic, incident response, and technical audits. Dr. Baranovskyi took part in forensic investigations of nation-level APT attacks during several years as a subject matter expert. He obtained a Ph.D. degree in Information Technology and different recognized international cybersecurity certifications: CISSP, CISM, CEH, CHFI, etc.

As the second seminar in the series: “Vulnerability of modern society exemplified with large cyber-attack against Ukraine”, Dr. Alexander Adamov  devoted this webinar to an analysis of WhisperGate threats. We got under the hood of three malicious components of this malware family, namely MBR Writer, Trojan-Downloader, and File Corrupter that were used in the #attack13 to destroy target servers supposedly running the websites of the Ukrainian government agencies.

Backgrond: On January 13, 2022, several Ukrainian government networks were subject to a destructive cyber-attack. This was the largest such attack on Ukraine in four years and about 70 government websites were temporarily down.

Dr. Alexander Adamov – is a Researcher at BTH with 15-year experience in the analysis of cyberattacks obtained during his work in the antivirus industry. Currently, he teaches cybersecurity at Kharkiv National University of Radio Electronics in Ukraine and conducts scientific research in the areas of malware analysis and cyber threats detection leveraging AI/ML. In 2014, he founded the research laboratory called NioGuard Security Lab. Alexander is a co-author of the EU Master’s Program in Cyber Security developed within the ENGENSEC project guided by BTH. In cooperation with OSCE, he has given the training in Reverse Engineering of Cyberattacks to the Cyberpolice of Ukraine and cooperated with Europol in ransomware counteraction. Alexander has spoken at various security conferences and workshops such as Virus Bulletin Conference, Virus Analyst Summit, OpenStack Summit, OWASP, BSides, and UISGCON.

On January 13, 2022, several Ukrainian government networks were subject to a destructive cyber-attack. With help of information from sources proximity to the investigation we will provide a hypothetic scenario of this attack known as #attack13. This was the largest such attack on Ukraine in four years and about 70 government websites were temporarily down. During the seminar we will try to reconstruct the timeline of the attack and demonstrate those key points which can be useful to prevent such attacks in the future.

This seminar was the first of two in the series: “Vulnerability of modern society exemplified with large cyber-attack against Ukraine” given by Dr. Anders Carlsson and Dr. Oleksii Baranovskyi.

Anders Carlsson is a senior researcher at Blekinge Institute of Technology and team member of PROMIS, with over 30 years of experience in computer-, network-security and digital forensics. He was educated and earned a degree as a Computer Engineer/Lieutenant-Commander specialist in the Submarines of the Royal Swedish Navy, where he worked for 25 years. He was involved in the EU project ISEC-I and ISEC-II for several years in order to develop courses and to train law enforcement officers within EUROPOL and BKA (the Federal Police in Germany) in forensics. He was also a project manager in BAITSE (Baltic Academic IT-Security Exchange), a project aimed at exchanging knowledge and harmonizing IT security in academic institutions within Sweden, Latvia, Poland and Ukraine.

Oleksii Baranovskyi is a Senior Lecturer at the Blekinge Institute of Technology and team member of PROMIS. He is an experienced cybersecurity expert with a demonstrated history of working in the academic as well as enterprise. He specializes in penetration tests, computer forensic, incident response, and technical audits. Dr. Baranovskyi took part in forensic investigations of nation-level APT attacks during several years as a subject matter expert. He obtained a Ph.D. degree in Information Technology and different recognized international cybersecurity certifications: CISSP, CISM, CEH, CHFI, etc.

This workshop is devoted to understanding of anomalous behavior in context of cybersecurity. We will define normal and abnormal, consider different types of anomalous behavior and methods and techniques for anomalous behavior detection, and finally figure out what tools cybersecurity specialists use daily to predict and counteract anomalies.


Dr. Volodymyr Tkach is a Senior Lecturer at the Blekinge Institute of Technology. He is also an Associate Professor of Igor Sikorsky Kyiv Polytechnic Institute (Kyiv, Ukraine), Department of Information security. He’s an experienced lecturer and scientist in cybersecurity passionate in anomalous user behavior analysis and prediction using machine learning tools and methods. I am also passionate about Big Data processing to gain new knowledge and unveil what was hidden! His work experience includes the Foundation for Support of Reforms in Ukraine Project office involvement as a Senior Project Manager in cybersecurity to perform the methodological support of the National Bank of Ukraine, Department of Security. He has a Ph.D. degree in a field of applied mathematics.

The clouds became a new cybercrime environment, thus giving rise to fresh legal, technical, and organizational challenges. In addition to the vast number of attacks that have had an impact on cloud computing and the fact that cloud-based data processing is carried out in a decentralized manner, many other concerns have been noted. Among these concerns are how to conduct a thorough digital investigation in cloud environments and how to be prepared to gather data ahead of time before the occurrence of an incident; indeed, this kind of preparation would reduce the amount of money, time, and effort that is expended. This workshop’s aim is to fill a particular gap in technical, legal, and organizational factors that facilitate forensic readiness in organizations that utilize an Infrastructure as a Service (IaaS) model.

We will present a framework helping to investigate the factors that facilitate the forensic readiness of organizations and mapping the framework to the real cloud infrastructures (Azure, AWS, etc.).

Dr. Oleksii Baranovskyi is a Senior Lecturer at the Blekinge Institute of Technology. He is an experienced cybersecurity expert with a demonstrated history of working in the academic as well as enterprise. He starts his career almost fifteen years ago in a software development company as a security analyst, proceeds with banking and financial industry as CISO, continued in a professional cybersecurity services company and academic institutions. Oleksii specializes in penetration tests, computer forensic, incident response, and technical audits. Dr. Baranovskyi took part in forensic investigations of nation-level APT attacks during several years as a subject matter expert. He obtained a Ph.D. degree in Information Technology and different recognized international cybersecurity certifications: CISSP, CISM, CEH, CHFI, etc.

In this seminar, we looked at the defense evasion techniques used in the most prominent ransomware attacks that happened during the last years: 1) REvil attack on Kaseya VSA servers; 2) WastedLocker attack on Garmin; 3) Netwalker attack on the University of California – San Francisco; 4) LockerGoga attack on Norsk Hydro. These techniques helped attackers go under the radar of endpoint security solutions and infect millions of computers.


Dr. Alexander Adamov – is a Researcher at BTH with 15-year experience in the analysis of cyberattacks obtained during his work in the antivirus industry. Currently, he teaches cybersecurity at Kharkiv National University of Radio Electronics in Ukraine and conducts scientific research in the areas of malware analysis and cyber threats detection leveraging AI/ML. In 2014, he founded the research laboratory called NioGuard Security Lab. Alexander is a co-author of the EU Master’s Program in Cyber Security developed within the ENGENSEC project guided by BTH. In cooperation with OSCE, he has given the training in Reverse Engineering of Cyberattacks to the Cyberpolice of Ukraine and cooperated with Europol in ransomware counteraction. Alexander has spoken at various security conferences and workshops such as Virus Bulletin Conference, Virus Analyst Summit, OpenStack Summit, OWASP, BSides, and UISGCON.

The computer forensics is a standardized and sometimes boring process when scrupulousness is very important because every little thing needs to be taken into account as digital evidence. Mostly, it takes a long time. However, sometimes findings during investigations become not only unexpected but also frightening. On the other hand, sometimes the investigation is stopped due to the lack of hypotheses, and only a happy case allows to get off the ground and find a way to continue the investigation. During this session, we will present to you artifacts from different forensic investigations which were very unexpected and changed the course of the entire investigation or were so significant that they caused an ambiguous reaction of responsible persons. Sometimes it was fun, but sometimes it was a marker of the critical situation with the necessity of emergency reaction.

Dr. Oleksii Baranovskyi is a Senior Lecturer at the Blekinge Institute of Technology. He is an experienced cybersecurity expert with a demonstrated history of working in the academic as well as enterprise. He starts his career almost fifteen years ago in a software development company as a security analyst, proceeds with banking and financial industry as CISO, continued in a professional cybersecurity services company and academic institutions. Oleksii specializes in penetration tests, computer forensic, incident response, and technical audits. Dr. Baranovskyi took part in forensic investigations of nation-level APT attacks during several years as a subject matter expert. He obtained a Ph.D. degree in Information Technology and different recognized international cybersecurity certifications: CISSP, CISM, CEH, CHFI, etc.

Reinforcement learning is a well-known concept used in the gaming industry, mostly in real-time strategies, to support computer players with AI. It is also known that AlphaGo, a computer program designed by DeepMind, has been recognized as the best Go and chess player in the world. The algorithm was trained by playing with human players as well as with other instances of itself to improve its play.

So, what if we use RL in Security Testing to discover vulnerabilities in products and weaknesses in defense? To prove that hypothesis, we applied RL to run ransomware simulation that can learn how to bypass anti-ransomware protection. We’ll present our results in the presentation.


Dr. Alexander Adamov – is a Researcher at BTH with 15-year experience in the analysis of cyberattacks obtained during his work in the antivirus industry. Currently, he teaches cybersecurity at Kharkiv National University of Radio Electronics in Ukraine and conducts scientific research in the areas of malware analysis and cyber threats detection leveraging AI/ML. In 2014, he founded the research laboratory called NioGuard Security Lab. Alexander is a co-author of the EU Master’s Program in Cyber Security developed within the ENGENSEC project guided by BTH. In cooperation with OSCE, he has given the training in Reverse Engineering of Cyberattacks to the Cyberpolice of Ukraine and cooperated with Europol in ransomware counteraction. Alexander has spoken at various security conferences and workshops such as Virus Bulletin Conference, Virus Analyst Summit, OpenStack Summit, OWASP, BSides, and UISGCON.

The area of security is critical for any company or agency. It is critical for individuals using-, and companies and organizations developing products, services, and infrastructure. This is most obviously seen through failures and news of breaches and revenue loss due to vulnerabilities utilized.

Traditionally security has been seen as large an operational effort.

Protecting, monitoring, fixing vulnerabilities as they are found, tracing, and so on. Albeit operational security being important and critical there are other ways to look at security. This seminar focuses on the potential of “engineering security” as a complement to operational security – where the knowledge and engineering practices and principles of products and services can be enhanced from a security perspective. This has the potential of working in a more pro-active manner by “engineering-in” security from the inception of a product/service. We will go over different views on security and the future potential of developing new ways of thinking and working. This is especially important as new products and services become more interconnected and accessible, and emergent behavior can also present new challenges.

Prof. Dr. Tony Gorschek is a Professor of Software Engineering at Blekinge Institute of Technology – where he works as a research leader and scientist in close collaboration with industrial partners. Dr. Gorschek has over fifteen years industrial experience as a CTO, senior executive consultant and engineer. In addition he is a serial entrepreneur – with five startups in fields ranging from logistics to internet based services and database register optimisation. At present he works as a research leader and in several research projects developing scalable, efficient and effective solutions in the areas of Requirements Engineering, Product Management, Value based product development, and Real Agile™ and Lean product development and evolution. Dr. Gorschek leads the SERT profile (Software Engineering ReThought) – Swedens largest software engineering research initiative, developing the next generation of applied empirical research movements to meet the challenges of the next generation of software-intensive products and services.

APT3, APT10, APT28, APT41, Sandworm, Energeticbear, Equation Group, Unit 99650 ++  is the name connected to the last year’s trend change, from Anonymus attack to APT’s that use specially composed malware against selected spear pointed targets.

They had developed a calculated CKC, Cyber Kill Chain.

Who is behind those and the Infrastructure attacks we notice in both Europa and the US? Is it organized crime, is it state-funded or both?

The presentation includes an overview starting from 2014 and the attacks in Ukraine when Russia invaded Crimea, describing True Postnord ransomware attack that targets Sweden. Also Wanacry, NotPetya, Medoc to Shadow Brokers leak of “Vault 7 from NSA to 2019’s  trend of ransomware attacks targeting companies and the US government. Only in 2019, ransomware in the US hit 103 federal, state and municipal agencies, 759 healthcare providers, and 86 schools and universities. The incidents were not merely expensive inconveniences; the disruption they caused put people’s health, safety, and lives at risk. Atalanta spend 2.6 million to restore the system rather than pay  €52000 in ransom, many officials have now decided that it is cheaper to pay the hackers, now the price got higher. 
Are Swedish organization prepared?

Dr. Anders Carlsson has over 30 years of experience in computer-, network-security and digital forensics. He was educated and earned a degree as a Computer Engineer/Lieutenant-Commander specialist in the Submarines of the Royal Swedish Navy, where he worked for 25 years. Since 1999 he has been employed as a senior researcher by BTH, Blekinge Institute of Technology, where he is responsible for networks, network security, computer security and digital forensic at B.Sc. and M.Sc. levels. He has also been involved in the EU project ISEC-I and ISEC-II during 2007–2013 to develop courses and to train law enforcement officers within EUROPOL and BKA (the Federal Police in Germany) in forensics. He was a project manager in BAITSE (Baltic Academic IT-Security Exchange) 2010–2013, a project aimed at exchanging knowledge and harmonizing IT security in academic institutions within Sweden, Latvia, Poland and Ukraine. He continued this work as General Manager for the EU-TEMPUS IV funded project ENGENSEC (Educating Next Generation IT Security Experts) that ended in November 2017. author of two books Educating The Next Generation Msc In Cyber Security” ISBN: 978-91-7295-963-7 “Cyber Security for Next Generations Experts” ISBN 9 789172 959620

A modern cybersecurity solution cannot be imagined without using Artificial Intelligence and Machine Learning for detecting cyberattacks. In this regard, two main approaches are typically used: finding patterns of known cyberattacks and anomaly detection for unknown ones. 

Therefore, to bypass anti-malware protection, attackers invest their efforts into changing the behavior to break the existing detection pattern. Moreover, they try to mimic benign application form and behavior to not being discovered as an anomaly. For example, we’ll consider tactics and techniques used in the well-known targeted ransomware attacks happened last year in LockerGoga, MegaCortex, Buran, and Ryuk ransomware to reduce the footprint in a victim’s system that includes the usage of digital signature, multiprocess encryption, and replacing Microsoft CryptoAPI with hardcoded open-source crypto code.

Dr. Alexander Adamov – is a Researcher at BTH with 15-year experience in the analysis of cyberattacks obtained during his work in the antivirus industry. Currently, he teaches cybersecurity at Kharkiv National University of Radio Electronics in Ukraine and conducts scientific research in the areas of malware analysis and cyber threats detection leveraging AI/ML. In 2014, he founded the research laboratory called NioGuard Security Lab. Alexander is a co-author of the EU Master’s Program in Cyber Security developed within the ENGENSEC project guided by BTH. In cooperation with OSCE, he has given the training in Reverse Engineering of Cyberattacks to the Cyberpolice of Ukraine and cooperated with Europol in ransomware counteraction. Alexander has spoken at various security conferences and workshops such as Virus Bulletin Conference, Virus Analyst Summit, OpenStack Summit, OWASP, BSides, and UISGCON.

The volume of information that we work with today is overwhelming. And it’s getting worse: we apply new approaches, install new monitoring systems, create more new hardware, software, increase Internet bandwidth etc. And we have to process all this data and extract critical usefulness out of it. On other hand, in the modern world of online, we often suppose our customers come via the Internet. But as well known, hackers come the same way. And basically, we need malicious user to be recognized and stopped before it’s too late. The detection and early warning of potential cyber-threat implementations is perhaps the most urgent task for today.

So, during the seminar we will find an answer to “how to recognize malicious user?” and will figure out how to use modern tools to detect and predict anomalous user behavior.

Dr. Volodymyr Tkach is a Senior Lecturer at the Blekinge Institute of Technology. He is also an Associate Professor of Igor Sikorsky Kyiv Polytechnic Institute (Kyiv, Ukraine), Department of Information security. He’s an experienced lecturer and scientist in cybersecurity passionate in anomalous user behavior analysis and prediction using machine learning tools and methods. I am also passionate about Big Data processing to gain new knowledge and unveil what was hidden! His work experience includes the Foundation for Support of Reforms in Ukraine Project office involvement as a Senior Project Manager in cybersecurity to perform the methodological support of the National Bank of Ukraine, Department of Security. He has a Ph.D. degree in a field of applied mathematics.

Even skilled programmers can unintentionally create bugs. Most are caught and fixed during development, others escape into the wild. Many bugs are just an annoyance that interfere with the workflow of the users and lowers their productivity. However, there are some bugs that are far more dangerous because they can be exploited for malicious purposes, such as hijacking systems, destroying data and exfiltrating information. The effects can go beyond annoyance and lost productivity, extending to reputation damage, financial losses, harm to IPRs and unintended engagement in unlawful online activities. This seminar focuses on exploitable bugs. It dives into the causes for their appearance and provides a glimpse into how far they can be exploited. Furthermore, a demo will be given to exemplify an approach for exploiting a specific type of bugs referred to as buffer overflow.

Dr. Dragos Ilie is an Assistant Professor in Telecommunication Systems at Blekinge Institute of Technology. His work involves research and teaching in security, computer networks and cloud-based systems. Dragos has seven years of experience from the telecommunications and software industry. He has taken on various roles such as software developer, tester, researcher and team leader for projects in Sweden, USA and India. Some highlighs of work done in these projects include development of firmware software for VPN systems certified for high-level security at national and EU level, design and development of appliances for automatic networking monitoring and data analysis for security and performance, as well as staff training. Dragos thrives when working with research, development and teaching at the intersection between security, software development, and networking.

The modern web application developers very often believe that using popular frameworks will allow their systems to be completely secure, but it is a mistake. Yes, the use of ready-made and proven frameworks and libraries avoids the presence of commonplace vulnerabilities, however, there are few higher-level risks, which exploitation can lead to the compromise of user accounts, sensitive data and even cause a financial impact. Also, it is very important to consider the rapid evolution of technologies and levels of developing abstraction, which lead to the emergence of new vulnerabilities and exploitation technologies.

During the seminar, we will demonstrate several logical and technical vulnerabilities of real Web applications that have or could lead to serious consequences for resource owners.

Dr. Oleksii Baranovskyi is a Senior Lecturer at the Blekinge Institute of Technology. He is an experienced cybersecurity expert with a demonstrated history of working in the academic as well as enterprise. He starts his career almost fifteen years ago in a software development company as a security analyst, proceeds with banking and financial industry as CISO, continued in a professional cybersecurity services company and academic institutions. Oleksii specializes in penetration tests, computer forensic, incident response, and technical audits. Dr. Baranovskyi took part in forensic investigations of nation-level APT attacks during several years as a subject matter expert. He obtained a Ph.D. degree in Information Technology and different recognized international cybersecurity certifications: CISSP, CISM, CEH, CHFI, etc.