BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Crimson7//Cybersec Europe 2026//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VTIMEZONE
TZID:Europe/Brussels
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:19700329T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:19701025T030000
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:cs26-talk1@crimson7.io
DTSTAMP:20260428T120000Z
DTSTART;TZID=Europe/Brussels:20260520T130000
DTEND;TZID=Europe/Brussels:20260520T133000
SUMMARY:Always Under Attack: Turning Purple Teaming into Continuous Security Validation — Crimson7 @ Cybersec Europe Brussels
LOCATION:Theater 3\, Cybersec Europe Brussels\, Brussels Expo
URL:https://crimson7.io/lp/cs26
DESCRIPTION:Joey Verleg (Head of Managed Services\, Crimson7).\n\nIn this session\, Crimson7 tackles one operational question head-on: do our detections actually catch real attacks\, right now? We'll show how we use HackerFlow to answer that without waiting for the annual red/purple team cycle.\n\nInstead of relying on point-in-time exercises\, HackerFlow continuously ingests threat intelligence\, translates it into threat-informed test plans\, and runs repeatable attack simulations mapped to MITRE ATT&CK using open-source C2 frameworks plus a private C2 for more advanced tradecraft. Crucially\, we'll show how validation goes beyond "noisy" commodity tests (like basic PowerShell) by exercising fileless / in-memory behaviors and realistic operator patterns so you can verify whether your EDR and analytics catch what sophisticated intrusions actually do\, not just the easy stuff. As simulations execute\, HackerFlow validates whether detections fire\, captures full execution telemetry\, and produces audit-ready evidence and gap reports\, helping teams fix blind spots before incidents and support continuous validation expectations under DORA/NIS2.\n\nFull details: https://crimson7.io/lp/cs26
END:VEVENT
END:VCALENDAR