06-08, May 2026

Málaga, Spain

PIVOTconThreat Research conference

Our goal is to create a forum to discuss the latest threats and to build connections between threat researchers.

Location

Malaga, Spain

PIVOTcon is an invite-only event that will be held in Malaga, Spain, on May 6-8, 2026 and focus on threat research and technical analysis tradecraft.

Get directions

Speakers

Nicole Fishbein

Security Researcher and Malware Analyst at Intezer

Julian-Ferdinand Vögele

Principal Threat Researcher at Recorded Future's Insikt Group

Bea Venzon

Senior Security Researcher at CrowdStrike

Sébastien Féry

Head of Research and Development at FoxIO

Michael August Raggi

Principal Threat Response Specialist at Crowdstrike

Michael Horka

Principal Information Security Engineer at Black Lotus Labs Lumen

Silvia Yeh

Cyber Threat Intelligence Analyst at TeamT5

Roberto Martinez

Senior Analyst at Mandiant (part of Google Cloud)

View all speakers

Agenda

May 6, 2026

Day 0

13:45

Registration Desk Opens at Workshops area

14:15

WS1: Uncovering Phishing Infrastructure: A Hands-On Workshop with urlscan.io

Johannes Gilger

Jake SURLSCAN

14:15

WS2: How it Started / How it's Going. Threat Clustering Workshop 2.0 with Synapse Enterprise

Jennifer KoldeTHE VERTEX PROJECT

14:15

WS3: Pivoting with Applied Network Science

Lee FosterASPECT LABS

Network Science, and the closely related Social Network Analysis, is a decades old mathematical discipline focused on understanding, making inferences, and deriving insights about networks based on the structural properties of graphs. In particular, Network Science offers numerous statistical approaches and techniques by which we can efficiently *pivot* through networks based on their underlying mathematical properties. While many of us may not realize it, we are often using Network Science-derived concepts in everyday investigative work. In CTI, we are awash with graphs; whether investigating cryptocurrency transactions, computer network traffic, social media networks, or even navigating diverse indicator sets within our own collections and analysis platforms, we are frequently using high-fidelity, highly structured graph data to help us pivot in investigations. This workshop will train participants on how they can apply concepts from network science/social network analysis to help identify pivot points during cyber threat investigations. Using datasets of various networks such as cryptocurrency transactions, computer network traffic, and social media conversations, participants will learn how to apply statistics including various centrality metrics and algorithms for community detection to help make sense of large, messy networks of data and prioritize aspects for potential investigation. Importantly, participants will also learn how Network Science concepts are often misapplied or even abused in investigations and common mistakes and pitfalls to avoid. The workshop will be conducted in Python using the NetworkX library; participants require familiarity with the Python (3) programming language up to and including importing libraries and using Pandas and NumPy. For efficiency and to maximize our time, the workshop will be conducted using Jupyter Notebooks that will be provided to participants; participants may keep these for future reference. Note: This workshop will not NOT be math heavy, and will instead focus on building a quick theoretical understanding of concepts and then applying them to actual data.

18:30

Registration before Welcome reception

19:00

Welcome Reception

May 7, 2026

Day 1

09:00

PIVOTcon Opening

09:15

Fresh Tracks: Hunting the New Class of Russian Espionage Clusters

Greg LesnewichPROOFPOINT

09:50

Paper Cuts: How an XLL Led Us to an Espionage Campaign Targeting Russia

Nicole FishbeinINTEZER

10:20

COFFEE BREAK

10:50

Sandworm's Trojan Odyssey

Redacted

11:25

Redacted

12:00

Redacted

12:30

LUNCH BREAK

13:45

EDR Evasion Counterintelligence: Tracking Adversary Testing

Colin CowieSOPHOS

14:20

Mysterious ORBs and Where to Find Them

Redacted

14:55

Inside China Covert Infrastructure: Tracking Nation-State Obfuscation Networks on a Global Scale

Michael HorkaLUMEN (Black Lotus Labs)

15:30

COFFEE BREAK

15:55

A "Fishy" Conference in Autumn

Julian-Ferdinand VogeleRECORDED FUTURE (Insikt Group)

16:30

Redacted

NCSC-NL CTI CREW

May 8, 2026

Day 2

09:35

Redacted

10:10

Pivoting to Find "Invisible" Nation State C2s

John Althouse

Sebastien FeryFOXIO

10:40

COFFEE BREAK

10:10

From Research to the Courtroom: Inside Google's Disruption of the Lighthouse and Darcula PhaaS Empires

Roberto MartinezGOOGLE CLOUD (Mandiant)

11:10

APAC Escrow Services: Building Trust in Untrusted Spaces

Bea Venzon

Mao SuiCROWDSTRIKE

12:15

LUNCH BREAK

13:30

The Infinite Game: The World Burns - How Do We Survive?

Leon ChangTRENDAI

14:15

Know Thy Network, Because They Already Do: A Case Study of SLIME27's Campaign against Telecoms

Silvia Yeh

Rax ChuangTEAM T5

14:40

The Rise of China's Cloud Access Brokers: Cyber Espionage From GENESIS PANDA to WARP PANDA

Michael August RaggiCROWDSTRIKE

15:10

COFFEE BREAK

15:40

Redacted

16:15

Paint Me Like One of Your Elephants: Do Sidewinder and Bitter Have a New Sibling?

Nick Attfield

Konstantin KlingerPROOFPOINT

16:50

Special talk

Committee

Kris McConkey

Global Lead for Threat Intelligence at PwC

Jennifer Kolde

Principal Intelligence Analyst at The Vertex Project

Chris St. Myers

Deputy Threat Research Manager at SentinelLabs

Christopher Glyer

Principal Security Researcher at Microsoft Threat Intelligence Center

Vicente Diaz

Threat Intelligence Strategist at VirusTotal

Timo Steffens

Threat Intelligence Analyst at German BSI

Jasmin Stadler

Technical Analyst at GovCERT, Swiss NCSC

Max Smeets

Co-Director Virtual Routes

Kris leads PwC’s Global Cyber Threat Intelligence practice, which tracks a wide variety of targeted threat actors operating from more than 27 countries. This research underpins PwC’s security services and is used by public and private sector organisations around the world to protect networks, defend nations, provide situational awareness and inform strategy.

Kris also leads the EMEA Cyber Threat Operations practice – a front line technical services group responsible for a portfolio of defensive and offensive cyber security services to help clients detect and respond to cyber security threats and incidents.

He has spent the past 20 years at PwC delivering cyber incident response, threat hunting and threat research services to global clients across multiple sectors.

Jennifer Kolde has been an innovator in threat intelligence and analysis for over two decades. As a computer scientist with the federal government, she was a leading force in the early tracking of nation-state threats. Jennifer was part of the original Mandiant Threat Intelligence team and later led the team as its technical director. She supported cutting-edge DARPA research, testified before Congress on emerging cyber threats, and acted as an expert witness on threat intelligence and attribution. She is currently a Principal Intelligence Analyst for The Vertex Project.

Chris is the Deputy Threat Research Manager at SentinelLabs where he leads a dedicated team specializing in the research and analysis of a spectrum of threats. His primary focus is on equipping customers with comprehensive analysis and insights, aiding them in effectively safeguarding their organizations.

Chris’ career spans more two decades, marked by a number of significant roles. Before his current tenure at SentinelOne, he served as Head of Threat Research at Stairwell and as a Sr. Staff Threat Researcher, Research Team Lead at Chronicle (Google Cloud), Manager of Espionage Intelligence at iDefense, and Lead Researcher at Rackspace. He is also an organizer of the annual LABScon conference.

Christopher Glyer is a Technical Director with Microsoft Threat Intelligence, where he oversees the strategic direction and execution of threat intelligence initiatives. In this role, he leads the technical strategy for a team of experts dedicated to identifying, analyzing, and mitigating advanced cyber threats. Christopher’s work involves collaborating with various stakeholders to enhance Microsoft’s security posture and protect customers from emerging threats.

Vicente is a specialist in Threat Intelligence and Threat Hunting. He works in the VirusTotal team in Google as Threat Intelligence Strategist. He holds a degree in Computer Science and an MsC in Artificial Intelligence. He was e-crime manager in S21sec for 5 years and deputy director for EU in Kaspersky’s Global Research and Analysis team for almost 10 years, where he was co-creator and responsible for the APT Intelligence Reporting service.

Timo was involved in the analysis of many of the most spectacular cyber-espionage cases in Germany. He has been tracking the activities and techniques of sophisticated hacker groups for almost a decade. He is the author of ‘Attribution of Advanced Persistent Threats’.

Jasmin Stadler is a GovCERT Analyst at the Swiss National Cyber Security Centre (NCSC_CH). Previously, she worked in law enforcement digital forensics, after serving as cyber defence project manager in the general secretariat of the Swiss Department of Defence. She started her career in Blackrock’s Financial Markets Advisory, after specialising in Chinese cybersecurity policy for her master’s degree in comparative government at the University of Oxford.

She is an ECCRI European Cybersecurity Fellow, an inaugural Schwarzman Scholar, and speaks fluent Mandarin Chinese and intermediate Korean.Jasmin Stadler is a GovCERT Analyst at the Swiss National Cyber Security Centre (NCSC_CH). Previously, she worked in law enforcement digital forensics, after serving as cyber defence project manager in the general secretariat of the Swiss Department of Defence. She started her career in Blackrock’s Financial Markets Advisory, after specialising in Chinese cybersecurity policy for her master’s degree in comparative government at the University of Oxford.

She is an ECCRI European Cybersecurity Fellow, an inaugural Schwarzman Scholar, and speaks fluent Mandarin Chinese and intermediate Korean.

Max Smeets is the Co-Director of Virtual Routes and Senior Researcher at ETH Zürich. He is the author of No Shortcuts: Why States Struggle to Develop a Military Cyber-Force and Ransom War: How Cybercrime became a Threat to National Security.

View all committee

About us

PIVOTcon is a non-profit event created by veteran threat intelligence practitioners Pasquale Stirparo and Bartosz Jerzman. With no corporate backing, all revenue goes directly into running the conference.

It’s built by threat analysts for threat analysts — a trusted space to share deeper insights, discuss emerging threats beyond public reports, and strengthen connections across the community.

FAQs

What is PIVOTcon?

When/Where is PIVOTcon?

How to get an invite to attend PIVOTcon?

Why do I need an invite instead of simply buying a ticket?

How to apply to present at PIVOTcon?

How long are the talks?

Are speakers costs covered?

Are second speaker costs covered?

What topics are in scope of PIVOTcon?

Can I sponsor PIVOTcon?

Will the talks be streamed or recorded?

How many tracks for speakers will be organised during PIVOTcon?

PIVOTconThreat Research conference

Sponsors

Location

Speakers

Nicole Fishbein

Greg Lesnewich

Nick Attfield

Colin Cowie

Julian-Ferdinand Vögele

Bea Venzon

Sébastien Féry

Leon Chang

Michael August Raggi

Michael Horka

Silvia Yeh

Roberto Martinez

Agenda

May 6, 2026

May 7, 2026

May 8, 2026

Committee

Kris McConkey

Jennifer Kolde

Chris St. Myers

Christopher Glyer

Vicente Diaz

Timo Steffens

Jasmin Stadler

Max Smeets

FAQs