Understanding both the attacker's tools and the defender's mechanisms is key to designing effective security strategies. This session presents an experimental study on how various open-source backdoor C2 tools (such as Sliver, Merlin, and Villain) perform against open-source defense and detection platforms (SIEM, EDR, IPS/IDS). We will test whether these backdoors can be detected or blocked in a custom-built environment and analyze their behavior and detection results. By uncovering defense blind spots and providing strategic recommendations, this session aims to give attendees a more comprehensive perspective on offensive and defensive strategies. It is suitable for those interested in open-source tools, attack techniques, and defense mechanisms. No deep technical background is required—just come and listen!

With the rise of DevOps, integrating security into the development process has become crucial, and continuous testing is an essential part of it. In CI/CD, various tests are conducted, and from a DevSecOps perspective, DAST is an important security testing method. However, in practice, DAST often requires specialized knowledge and can be challenging to integrate into pipelines. Common issues include long scanning times and difficulty in effectively identifying vulnerabilities. This session will start with an overview of security testing, provide an in-depth analysis of DAST web vulnerability scanning, and explore how to properly and efficiently integrate DAST into CI/CD pipelines to achieve continuous testing.