unfo · February 6, 2025 12:03
diff --git a/0-README.md b/0-README.md
diff --git a/1-disobey_program_json_to_ics.py b/1-disobey_program_json_to_ics.py
 from icalendar import Calendar, Event
 from datetime import datetime, timedelta
 from zoneinfo import ZoneInfo

 import hashlib
 import json

 # Base URL for event links
 base_url = "https://disobey.fi/2025/profile/"

 # Initialize the calendar
 cal = Calendar()

 # source: https://disobey.fi/2025/inc/schedule.json
 schedule_fp = open('schedule.json', 'r').read()
 schedule_data = json.loads(schedule_fp)
 conf = schedule_data['schedule']['conference']
 days = conf['days']  # Navigate directly to the nested events list
 tzname = conf['time_zone_name']

 print('# Disobey 2025')
 print(f'{conf["start"]} - {conf["end"]}\n')
 for day in days:
    print(f'\n## Day {day["index"]}')
    for room in day['rooms']:
        print(f'\n### {room}\n')
        for event in day['rooms'][room]:
            # Extract relevant information
            title = event['title']
            start_dt = datetime.fromisoformat(event['date']).astimezone(ZoneInfo(tzname))
            duration = event['duration'].split(':')
            duration_td = timedelta(hours=int(duration[0]), minutes=int(duration[1]))
            end_dt = start_dt + duration_td
            abstract = event['abstract']
            room = event['room']
            slug = event['slug']
            
            # Create the event
            ical_event = Event()
            ical_event.add('summary', title)
            ical_event.add('dtstart', start_dt)
            ical_event.add('dtend', end_dt)
            ical_event.add('description', abstract)
            ical_event.add('location', room)
            ical_event.add('url', base_url + slug)
            ical_event['uid'] = event['guid']
            
            # Add event to calendar
            cal.add_component(ical_event)
            print(f'#### {start_dt.strftime("%H:%M")} - {end_dt.strftime("%H:%M")} {title}')

 # Save the .ics file
 file_path = 'schedule.ics'
 with open(file_path, 'wb') as f:
    f.write(cal.to_ical())

 file_path
diff --git a/2-disobey2025.md b/2-disobey2025.md
diff --git a/3-schedule-2025.ics b/3-schedule-2025.ics
 BEGIN:VCALENDAR
 BEGIN:VEVENT
 SUMMARY:Opening by NotMyNick
 DTSTART;TZID=Europe/Helsinki:20250214T123000
 DTEND;TZID=Europe/Helsinki:20250214T125000
 UID:7730d5a4-024a-54f9-9bb9-a576bb9613a1
 DESCRIPTION:Opening by NotMyNick
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-334-opening-by-notmynick
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:KEYNOTE : SIGINT\, COMINT\, Hack it
 DTSTART;TZID=Europe/Helsinki:20250214T130000
 DTEND;TZID=Europe/Helsinki:20250214T140000
 UID:fe174764-b730-57b7-8e75-ffda42d9e2ac
 DESCRIPTION:Radio communications are everywhere and can replace traditiona
 l wired connections to provide greater flexibility in new products and sys
 tems. However\, this shift introduces unique risks to both consumer produc
 ts and critical infrastructure. Identifying\, analyzing\, and exploiting t
 hese vulnerabilities requires some methodologies and specialized tools. In
  this talk\, we will see the potential risks exposed by RF communications\
 , and discuss the techniques and tools necessary to effectively uncover an
 d address these security challenges.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-263-keynote-sigint-comint-
 hack-it
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:From promises to performance: A critical review of WAF solutions
 DTSTART;TZID=Europe/Helsinki:20250214T141500
 DTEND;TZID=Europe/Helsinki:20250214T150000
 UID:55c95a80-dfbb-599a-97ce-931a82453199
 DESCRIPTION:Dive into the world of Web Application Firewalls (WAFs)\, expl
 oring the strengths and limitations of leading providers such as Azure & A
 WS\, as well as some decidedly commercial offerings. Through a detailed ev
 aluation based on a subset of the OWASP Top Ten vulnerabilities\, DoS/DDoS
  protection and AI/ML capabilities\, we uncover whether WAF solutions deli
 ver as promised in terms of protecting against common and bespoke web thre
 ats. Participants will gain insights into practical recommendations for se
 lecting and deploying WAFs effectively\, emphasizing the integration of de
 veloper expertise for enhanced security models. A blend of technical analy
 sis and identification of weak areas despite what glossy brochures would h
 ave you believe.\n\nTL\;DR: A quick look at what a WAF is\, some of the co
 mmercial offerings in WAF space\, what it can and cannot do for you\, some
  WAF fails
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-257-from-promises-to-perfo
 rmance-a-critical-review-of-waf-solutions
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Guardians of the Hypervisor\,
 DTSTART;TZID=Europe/Helsinki:20250214T154500
 DTEND;TZID=Europe/Helsinki:20250214T163000
 UID:41fea0e4-37fb-57ee-9b66-d653a9e2fd0b
 DESCRIPTION:All ransomware actors now have the capability to encrypt hyper
 visors\, which has led to some of the biggest attacks and has brought down
  entire organisations. This talk will give in-depth insight into how these
  attacks are performed in real-life\, how to protect against them but also
  how detection and response can be accomplished\, even though it is not po
 ssible to install any security agents in ESXi or vCenter Server.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-329-guardians-of-the-hyper
 visor-
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:OODA Loops and Building Mental Snowmobiles with Genghis John
 DTSTART;TZID=Europe/Helsinki:20250214T164500
 DTEND;TZID=Europe/Helsinki:20250214T173000
 UID:763a5cec-5aec-5e67-9fff-e93c2e815dfe
 DESCRIPTION:Just as offensive use cases of AI proliferate\, with the confl
 uence of data storage costs decreasing\, advent of big data computing and 
 edge computing capabilities increasing - now is the time to start modeling
  AI for organizational benefit. This presentation will give a brief introd
 uction to "Genghis" or "40 second" John Boyd\, OODA Loop basics like what 
 is Exceptional Information and why it matters\, how to structure a home-gr
 own Online Analytical Processing (OLAP) cube for rapid anomaly detection a
 t scale\, common cultural and cognitive biases and how they pertain to dis
 aster psychology\, the eustress vs. distress spectrum and the birth of Ent
 erprise Stress Management / Ikigai in HR programs\, how backwards or conic
 al planning can completely change how your organization accomplishes strat
 egic planning and ultimately how digitally captured after action reviews (
 AARs) can pave the way to Implicit Guidance and Control.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-244-ooda-loops-and-buildin
 g-mental-snowmobiles-with-genghis-john
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Exploiting Token Based Authentication: Attacking and Defending Ide
 ntities in the 2020s
 DTSTART;TZID=Europe/Helsinki:20250214T174500
 DTEND;TZID=Europe/Helsinki:20250214T183000
 UID:39b775a8-d84a-5945-ba9b-7efc3e98dca2
 DESCRIPTION:Modern services\, whether on-prem or cloud\, are using token-b
 ased authentication. These tokens are cryptographically signed or encrypte
 d and used as proof of users' identity when consuming services.\n\nThis ta
 lk explains two known token-based authentication attacks: stealing tokens 
 (token-replay) and forging tokens. I will cover how adversaries are conduc
 ting both attacks and how to detect & protect against them.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-297-exploiting-token-based
 -authentication-attacking-and-defending-identities-in-the-2020s
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Adventures in developing a C2 framework
 DTSTART;TZID=Europe/Helsinki:20250214T190000
 DTEND;TZID=Europe/Helsinki:20250214T194500
 UID:e431c920-523f-5cea-addb-80957eb85d51
 DESCRIPTION:Instead of going with an existing Command & Control (C2) frame
 work\, we decided to go a different route in our Red Team and have been de
 veloping our own tool called "Citadel". During this presentation\, I want 
 to talk about the architecture we chose as well as some of the challenges\
 , weird behaviors\, and solutions to these that we found during the develo
 pment process.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-289-adventures-in-developi
 ng-a-c2-framework
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Will It Run? Fooling EDRs with command lines using empirical data
 DTSTART;TZID=Europe/Helsinki:20250214T200000
 DTEND;TZID=Europe/Helsinki:20250214T204500
 UID:cb3a9053-fd04-5390-a881-87349f461c57
 DESCRIPTION:Most Endpoint Detection & Response solutions (‘EDRs’) heav
 ily rely on analysing process events for detecting suspicious behaviour\; 
 in particular\, command-line arguments are inspected for keywords or chara
 cter sequences that may indicate malicious activity. This is still common 
 practice\, despite the widely known fact that a process’ command line ca
 n be altered\, hidden\, or otherwise spoofed\, which may bypass such defen
 sive measures.\n\nLesser known is that\, particularly on Windows operating
  systems\, there is a wealth of system-native programs that happily accept
  ‘unexpected’ command-line transformations\, such as character substit
 utions\, deletions or insertions. An implication of this is that command-l
 ine-based detections can be bypassed with minimal effort\, and unlike comm
 and-line spoofing\, without the need for special system calls. Tools vulne
 rable to this include those often leveraged in attacks that ‘live off th
 e land’ (also known as LOLBins or LOLBAS). \n\nThis talk will show\, bas
 ed on empirical analysis of the 60 most commonly used LOLBins\, how many d
 etections can bypassed making minimal tweaks to how a LOLBins are called. 
 Furthermore\, we will introduce a new web-based tool that not only documen
 ts the results for all these executables\, it allows everyone to generate 
 obfuscated command lines themselves with the click of a button.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-292-will-it-run-fooling-ed
 rs-with-command-lines-using-empirical-data
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Dissecting the Cicada - In the shadow of the Black Cat
 DTSTART;TZID=Europe/Helsinki:20250214T210000
 DTEND;TZID=Europe/Helsinki:20250214T214500
 UID:0a692c49-0040-51d7-bff6-1c43d190073f
 DESCRIPTION:In the end of June 2024\, a new enigmatic ransomware-as-a-serv
 ice group emerged under the name Cicada 3301. They have apparently stolen 
 the name and branding from a cryptographic puzzle to add mystery to their 
 name. Since the start\, this ransomware has added numerous victims to thei
 r onion site and analysis of their attacks has shown several links to the 
 notorious ransomware group BlackCat/ALPHV\, that was dissolved in a multi-
 million exit scam after the group’s infrastructure was hacked by interna
 tional law enforcement.\n\nThis presentation will contain technical and no
 n-technical evidence suggestion a link between Cicada and BlackCat\, such 
 as\n\nIn-depth malware analysis of both ESXi and Windows ransomware used b
 y Cicada and similarities to the ALPHV ransomware\nTools\, Techniques and 
 Procedures (TTP) used in ransomware attacks investigated by Truesec\, comp
 aring Cicada 3301 incidents to BlackCat/ALPHV\nConnections to a possible a
 ccess broker\, responsible for the Brutus botnet\nCommand and control infr
 astructure used by Cicada 3301 and how it is linked BlackCat\nTracing prof
 iles on Russian cybercrime forums related to Cicada 3301\nWe at Truesec we
 re the first cybersecurity company to publish the links between Cicada 330
 1 and BlackCat. Since publication\, by Bleeping Computer and other news si
 tes\, we have investigated more data and can present further evidence of c
 onnections between these two groups.\n\nWe will demonstrate how a holistic
  approach to threat intelligence\, combining reverse engineering\, forensi
 c analysis and dark web investigation can provide a deeper understanding o
 f threat actors.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-251-dissecting-the-cicada-
 in-the-shadow-of-the-black-cat
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Hacking people and organizations for greater good
 DTSTART;TZID=Europe/Helsinki:20250214T141500
 DTEND;TZID=Europe/Helsinki:20250214T150000
 UID:0d88922b-2ab7-5442-9529-fddd6784fd75
 DESCRIPTION:Life is a game. You're a part of a game called worklife chess.
  Players and goals shift highlighting the importance of understanding the 
 core rules and the metagame in order to succeed. But only a part of the ga
 me is visible or clear. The rest is happens beyond your reach. You are sur
 rounded by attitudes\, ambitions\, hidden agendas and human irrationality 
 on your journey to safeguarding the organization from evil and chaos. Can 
 you reach your goals? What actually are your goals? Can you succeed by pla
 ying by the rules or do you need to force a change into the rules?
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-304-hacking-people-and-org
 anizations-for-greater-good
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:State of Union
 DTSTART;TZID=Europe/Helsinki:20250214T151500
 DTEND;TZID=Europe/Helsinki:20250214T160000
 UID:5ac5a305-6c9a-55c7-96e6-4781c0fdf197
 DESCRIPTION:Updated Radio Equipment Regulation is practically ready to be 
 enforced and Cyber Resilience Act is in horizon.\n\nWhat does this mean fo
 r consumers and manufacturers? \nHow many of our devices actually meets th
 e new requirements?\nHow the consumer market of smart devices will look li
 ke in 2030?
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-239-state-of-union
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Let's get physical
 DTSTART;TZID=Europe/Helsinki:20250214T161500
 DTEND;TZID=Europe/Helsinki:20250214T170000
 UID:1ff8c11a-754c-552e-9b74-d547af0078be
 DESCRIPTION:It will be demonstrated through stories\, images\, and videos 
 how various locking mechanisms can be bypassed. The lecture will cover wea
 knesses in\, among other things\, doors\, key switches\, combination locks
 \, padlocks\, access control systems etc.\, providing a unique insight int
 o the vulnerabilities of common security systems that we rely on.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-253-let-s-get-physical
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Hunting for Attack Paths in OpenAPI Documentations
 DTSTART;TZID=Europe/Helsinki:20250214T173000
 DTEND;TZID=Europe/Helsinki:20250214T181500
 UID:4856635c-435b-55e9-b7f2-78dad531c7ab
 DESCRIPTION:How to uncovered vulnerabilities in APIs by analyzing the docu
 mentation and how testing techniques can be improved based on these result
 s.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-277-hunting-for-attack-pat
 hs-in-openapi-documentations
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Supercharging Your Security Pipeline: Managing Vulnerabilities in 
 a Multi-Tool Jungle
 DTSTART;TZID=Europe/Helsinki:20250214T183000
 DTEND;TZID=Europe/Helsinki:20250214T190000
 UID:057e6e71-0be1-5ba7-8157-cfefc6730d93
 DESCRIPTION:In today’s rapidly evolving cybersecurity landscape\, the sh
 eer number of security tools available to scan your pipeline is constantly
  increasing. With new tools entering the market at an unprecedented pace\,
  it can be challenging to manage overlapping findings and determine which 
 tools excel in specific areas. The overwhelming amount of data generated c
 an make it difficult to focus remediation efforts and build a comprehensiv
 e security posture.\n\nVulnerability management tools like [DefectDojo](ht
 tps://github.com/DefectDojo/django-DefectDojo) address this challenge by c
 orrelating findings from various security tools\, including SAST\, DAST\, 
 SCA scanners\, and image/container/posture scanners\, presenting them on a
  single pane of glass. By creating a data model of your product stack and 
 security engagements\, and enriching it with metadata such as internet exp
 osure and criticality\, security management can make informed decisions on
  prioritizing vulnerability mitigation and remediation across your product
  range.\n\n[DefectDojo](https://github.com/DefectDojo/django-DefectDojo) e
 nables the triage of findings—filtering out non-applicable findings\, fa
 lse positives\, and deduplication—prior to assigning them as work items\
 , regardless of the source. While traditional process-based approaches can
  still be utilized\, [DefectDojo](https://github.com/DefectDojo/django-Def
 ectDojo) offers users the capability to automate much of the process. Allo
 wing teams to run multiple security tools in parallel\, comparing their ou
 tputs to determine the most effective solutions for your security needs.\n
 \n**Why is this important?** According to the Verizon 2024 Data Breach Inv
 estigations Report ([verizon.com/dbir](https://verizon.com/dbir))\, accele
 rating the patching of critical vulnerabilities is crucial. By filtering o
 ut irrelevant data and enabling developers to focus on quickly remediating
  critical vulnerabilities through risk-based SLAs\, you can significantly 
 reduce the time from vulnerability disclosure to remediation. Additionally
 \, integrating tools through APIs and automating the processing\, prioriti
 zation\, deduplication\, and assignment of findings to the appropriate dev
 elopers further increases remediation velocity.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-265-supercharging-your-sec
 urity-pipeline-managing-vulnerabilities-in-a-multi-tool-jungle
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:WarGames: Security in Games
 DTSTART;TZID=Europe/Helsinki:20250214T191500
 DTEND;TZID=Europe/Helsinki:20250214T200000
 UID:60e44f28-ceee-544c-a6f0-4575ec4d944e
 DESCRIPTION:What sets games apart from other applications on the web?\nAlm
 ost nothing and everything! While many games are just like any other moder
 n website with an API\, database\, data going back and forth games introdu
 ce a interesting new vector in it all.\nNot only can items in games be wor
 th a lot of money\, accounts can be grown and harvested to be sold and gam
 es themselves can become the attack vector for something else.\nWith inter
 net entertainment having evolved from game trailers\, to Let's plays\, to 
 streamers\, to VTubers we see attacks targeting single individuals to hara
 ss or dox through the games they play.\nSo what attacks do we see\, what d
 esign patterns do we use to minimize our attack surfaces and what can happ
 en when we fail?\nLet's take a dive beyond the normal problems with web ap
 plications into the world of games.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-301-wargames-security-in-g
 ames
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Flipping Bits: Your Credentials Are Certainly Mine
 DTSTART;TZID=Europe/Helsinki:20250214T201500
 DTEND;TZID=Europe/Helsinki:20250214T210000
 UID:a47310c0-d7e6-59ce-a4ad-08e58b76ff77
 DESCRIPTION:Did you know that if you change a single bit from 1 to 0 (or v
 ice versa) in the first 'g' of the domain name google.com (which is 011001
 11 in binary) you will end up with variety of valid "bitflip" domains like
  coogle.com\, oogle.com\, & woogle.com\n \nSo what happens if you generate
  and register a bunch of cheap bitfliped versions of popular cloud / Saas 
 provider domains\, point them to your VPS\, log all incoming requests & th
 en forget about the whole thing for two years?\n \nWell you will in fact r
 eceive a stiff bill\, generate huge log files and eventually run out of di
 sk space. But on the upside\, you will also have collected a treasure trov
 e of legit credentials & interesting stuff like valid OAuth refresh tokens
 \, JWT tokens\, bearers\, cookies\, emails\, meeting invites with password
 s & truckloads of internet scanner noise.\n \nIn this session we will revi
 sit bitflip research from the last decade and weponize it. Showcase 'Certa
 inly' a pioneering offensive / defensive tool that employs Wildcard DNS ma
 tching & on-the-fly generated SSL certificates and custom payloads for inc
 oming requests across various protocols. All with the intention to downgra
 de security\, harvest credentials\, capture emails and replacing dependenc
 ies with custom "malicious" payloads
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-254-flipping-bits-your-cre
 dentials-are-certainly-mine
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:How Fast and Deliberate Swiping Gave Us Access to Very Sensitive D
 ata
 DTSTART;TZID=Europe/Helsinki:20250214T211500
 DTEND;TZID=Europe/Helsinki:20250214T214500
 UID:6143e6f4-9f44-5765-97f0-5c747eec4ea6
 DESCRIPTION:When pentesting for a customer\, we discovered that fast and d
 eliberate swiping could give us access to very sensitive data through a mo
 bile phone.\n\nIn this talk Bartek Pszczola will tell the tale of how he d
 iscovered a 0-day in a widely used VMware app\, what it could lead to and 
 how the process was when reporting the vulnerability to the vendor.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-291-how-fast-and-deliberat
 e-swiping-gave-us-access-to-very-sensitive-data
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Build a Debugger from Scratch
 DTSTART;TZID=Europe/Helsinki:20250214T141500
 DTEND;TZID=Europe/Helsinki:20250214T171500
 UID:207fd33a-2040-59f8-8a38-c0fab64443e0
 DESCRIPTION:This workshop focuses on how to build a debugger from scratch.
  It will look at various types of debuggers used for malware analysis foll
 owed by an in-depth walkthrough of building a Windows debugger from scratc
 h using Python in JupyterLab.
 LOCATION:Security Forum
 URL:https://disobey.fi/2025/profile/disobey2025-258-build-a-debugger-from-
 scratch
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Abloy Classic Picking: From Beginner to Boss Level
 DTSTART;TZID=Europe/Helsinki:20250214T180000
 DTEND;TZID=Europe/Helsinki:20250214T200000
 UID:a628c9bb-059e-5655-a07c-d0a8ac671382
 DESCRIPTION:Every Finn knows the legend of the unpickable Abloy lock. Now 
 it is your chance to challenge that myth and earn the exclusive "I picked 
 Abloy" -sticker\, proving your mastery of this legendary lock.  In our wor
 kshop\, you will face a series of Abloy Classic practice locks\, each more
  challenging than the last\, carefully designed to guide you on your path 
 to expertise. Those who conquer the final boss mob –the iconic Abloy Cla
 ssic – will be awarded by coveted sticker. Are you ready to make the imp
 ossible\, possible?
 LOCATION:Security Forum
 URL:https://disobey.fi/2025/profile/disobey2025-314-abloy-classic-picking-
 from-beginner-to-boss-level
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Is this it: Does DevOps development style decrease the security of
  software and it’s development?
 DTSTART;TZID=Europe/Helsinki:20250215T103000
 DTEND;TZID=Europe/Helsinki:20250215T111500
 UID:1cef67fd-a9f7-561e-a5ae-a658cdd3fb0b
 DESCRIPTION:The DevOps methodology has become dominant on the software dev
 elopment field. It’s benefits have been praised for years. In 2022\, we 
 carried out a literature review on DevOps security postures and greatest c
 hallenges for software development. The BSIMM framework was used for organ
 izing the data.\nSynopsis corporation has gathered data from over 130 orga
 nizations by using the BSIMM software security maturity framework. This pr
 ovided us a chance to compare findings from our study using the academic s
 ources with those from real industry\, and also with regard to timeline co
 vering 2019-2024.\nTop findings of our academic literature review on 2022 
 were:\n1) People have been complaining about security being considered too
  late on the software development cycle for ages\, still we did not identi
 fy that security postures would cover the whole development cycle.\n2) Dev
 Ops development is carried out on a multi-complex environment.\n3) DevOps 
 style even brings in novel challenges for software security. \n\nIn this t
 alk\, \n1) First\, challenges and common postures for software security fr
 om the2022 literature review are summarized\; the findings related to DevO
 ps development style are discussed in more detail than in the original res
 earch.\n2) Secondly\, we  compare the results with the findings of the mos
 t recent BSIMM research.\n3) Thirdly\, we discuss the trend of integrating
  security into DevOps in the light of this analysis covering 4 years.\n\nB
 y our analysis\, we conclude that \n-it seems that DevOps brings additiona
 l challenges to secure software development\n-It seems that security is st
 ill not taken into consideration in a wholistic way\n-As more and more sof
 tware is produced by using AI\, uttermost care should be taken to train th
 e AI with the code models that take security into consideration.\n\nWe cha
 llenge you to:\nDisagree – what contrasting evidence do you have? (on th
 e brief discussion after the presentation)\nMake a world better – one so
 ftware development project at time (this happens when you go home and see 
 anyone forgetting the security on their software development postures).
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-287-is-this-it-does-devops
 -development-style-decrease-the-security-of-software-and-it-s-development-
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Cloud Custodian Unleashed: Automate and Dominate Cloud Governance
 DTSTART;TZID=Europe/Helsinki:20250215T113000
 DTEND;TZID=Europe/Helsinki:20250215T120000
 UID:25f9839c-495a-562b-9e25-64ca004b5e72
 DESCRIPTION:You installed the cloud security posture monitoring software\,
  but you have a ton of alerts and don't know where to start. What would it
  take to get to 100% compliant? A workshop-style talk showcasing Cloud Cus
 todian\, a simple cloud governance automation tool\, with teeth. Automatic
 ally fix compliance issues in real-time with AWS Config\, as they appear\,
  and build a defense in-depth approach to cloud security.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-323-cloud-custodian-unleas
 hed-automate-and-dominate-cloud-governance
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:How to break a voice scrambler: Privacy features in walkie-talkies
 DTSTART;TZID=Europe/Helsinki:20250215T121500
 DTEND;TZID=Europe/Helsinki:20250215T124500
 UID:66b25e13-6bbe-58ad-9e40-8b7f5d2a113e
 DESCRIPTION:Analog hand-held radios\, aka. walkie-talkies\, are still a vi
 able option to mobile phones in many situations. Their users are generally
  aware of the drawback that they transmit in the clear\, without any encry
 ption.\n\nSome radio manufacturers offer privacy options like 'privacy cha
 nnels' and voice scrambling to prevent eavesdropping. We'll take a look at
  how secure exactly some of these legacy techniques are\, as well as some 
 ways to use signal processing and visualisations to un-scramble frequency 
 inversion\, split-band inversion\, and rolling-code scrambling.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-327-how-to-break-a-voice-s
 crambler-privacy-features-in-walkie-talkies
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:KEYNOTE: You're in the Army Now: How Cyber Offense Became Militari
 zed but Defense Not - Challenges Ahead for Those Who Protect
 DTSTART;TZID=Europe/Helsinki:20250215T130000
 DTEND;TZID=Europe/Helsinki:20250215T134500
 UID:57b6fb60-f27f-5950-a1ef-29cb5d598ce6
 DESCRIPTION:With the designation of cyberspace as the fifth domain of warf
 are\, the military's grip on cyber operations has tightened in an effort t
 o enhance their strategic potential and tactical success. As cyber offense
  increasingly resembles special forces with their slick coordination and l
 aser-focused missions\, as seen in Hollywood movies\, many enterprises con
 tinue to flounder in outdated management structures and a consensus-orient
 ed mindset that cannot contend with this emerging breed of adversary. To s
 tand a chance\, defenders must not only understand their opponents' end ga
 me and strategies but also be trained to engage at a comparable level. Dra
 wing on years of personal hands-on experience in both offensive and defens
 ive activities\, this keynote will provide insights into the "behind the s
 cenes" aspects of the strategic and tactical planning of state-sponsored c
 yber operations and explain why the public sector has been drawn into orga
 nized hybrid warfare without consent. By focusing on the limitations of bu
 siness-oriented environments and civilian mindsets when defending against 
 resourceful\, mission-oriented threat actors\, this talk aims to stimulate
  the audience’s independent thinking and reasoning about the necessary c
 hanges in problem-solving\, decision-making\, and leadership in "left-behi
 nd" nonmilitant defense.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-333-keynote-you-re-in-the-
 army-now-how-cyber-offense-became-militarized-but-defense-not-challenges-a
 head-for-those-who-protect
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:On the Receiving End of TIBER: A Reformed Red Teamers Perspective
 DTSTART;TZID=Europe/Helsinki:20250215T141500
 DTEND;TZID=Europe/Helsinki:20250215T150000
 UID:950803f9-8696-5e32-b2e7-a7a6b5f98ad9
 DESCRIPTION:Going from a red team lead on numerous international red team 
 engagements and recently a TIBER test to a detection engineer at a large f
 inancial institution\, perspectives on red teaming change. Come along as w
 e dissect the results of Storebrand's first TIBER test in a brutally hones
 t story covering targeted (successful) social engineering against portfoli
 o managers\, the very real human toll of red team testing\, (really) expen
 sive red team tools and C2 frameworks being used against us\, company wide
  attack alerts\, token theft\, defensive failures\, pitfalls and huge wins
 . The talk will explore a reformed red teamers perspective on their previo
 us actions\, social engineering tactics\, OPSEC\, engagement value and wha
 t they would do differently were they performing red teaming today.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-272-on-the-receiving-end-o
 f-tiber-a-reformed-red-teamers-perspective
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Playing hide and seek in Java land - Extra Spicy edition!
 DTSTART;TZID=Europe/Helsinki:20250215T154500
 DTEND;TZID=Europe/Helsinki:20250215T163000
 UID:9677ca1d-db67-5d02-b14d-c1582c6f8a1a
 DESCRIPTION:We'll take you on a journey from conventional Java exploitatio
 n to the emerging threat of supply-chain attacks in the land of Java.\n\nY
 ou'll learn about attack patterns in Java and why (and how) they're easily
  detectable. You'll also learn about exploits that are much stealthier (an
 d why). Further\, we'll transition into the latest and hottest trend in so
 ftware security: Supply-chain attacks.\n\nAs a grand finale\, we'll talk a
 bout Cross-Build Injection as a pivot point and advanced persistence in th
 e Java build pipeline. As a parting gift\, we provide you with an open-sou
 rce tool we wrote for Red Teams to simulate these kinds of attacks in a vi
 able way.\n\nIf you work with organizations/clients that build Java code\,
  then you need to see this.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-264-playing-hide-and-seek-
 in-java-land-extra-spicy-edition-
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Navigating Chaos: A Prison's Struggle with Ransomware and Legacy S
 ystems
 DTSTART;TZID=Europe/Helsinki:20250215T164500
 DTEND;TZID=Europe/Helsinki:20250215T173000
 UID:84fabaa2-ccc7-55aa-ac35-6a330548ed37
 DESCRIPTION:As a seasoned security consultant with decades of experience\,
  I've witnessed a wide range of cybersecurity incidents. In this talk\, I 
 will share a compelling true story of a prison that fell victim to a ranso
 mware attack\, leading to the exfiltration of over 250GB of personally ide
 ntifiable information (PII).
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-318-navigating-chaos-a-pri
 son-s-struggle-with-ransomware-and-legacy-systems
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Ransomware Leaks Lead To Floods - How Leaked Files From Ransomware
  Can Be Weaponized Against Further Victims
 DTSTART;TZID=Europe/Helsinki:20250215T174500
 DTEND;TZID=Europe/Helsinki:20250215T183000
 UID:30e20c8a-bfb9-5d83-8dd8-776d8b7e3c98
 DESCRIPTION:We analyze the content we have aggregated from files exposed o
 n ransomware leak sites to assess the types of files and the types of cont
 ent these files contain. We further evaluate how the types of content can 
 be scraped and weaponized by threat actors against further victims by crim
 inal\, nation-state\, and hacktivist or extremist actors. Finally\, we att
 empt to find evidence linking an organization that has been hit by ransomw
 are to mentions of the organization in earlier leaks.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-306-ransomware-leaks-lead-
 to-floods-how-leaked-files-from-ransomware-can-be-weaponized-against-furth
 er-victims
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Microsoft Entra ID: Gateway to Supply Chain Attacks on a Global Sc
 ale
 DTSTART;TZID=Europe/Helsinki:20250215T190000
 DTEND;TZID=Europe/Helsinki:20250215T194500
 UID:e0d7ff38-a367-557d-998d-ba7ae51b67a5
 DESCRIPTION:Entra ID holds a criticality on par with Active Directory\; it
 s compromise equates to the compromise of the entire company. Standard sec
 urity practices include the use of dedicated administration accounts\, Pri
 vileged Identity Management (PIM)\, Multi-Factor Authentication (MFA) requ
 irements\, and Conditional Access Policies to safeguard and protect the en
 vironment.\nHowever\, there are dangers that sometimes go unnoticed. In on
 -premise Active Directory\, issues such as credential caching (dumping via
  tools like Mimikatz)\, NTLM attacks (including NTLM relay and Net-NTLM ha
 sh cracking)\, among others\, enable ransomware threat actors to move late
 rally within a matter of hours.\nEntra ID\, a recent and complex technolog
 y\, is not exempt from these issues. As best practices continue to evolve\
 , there is room for misconfigurations that can be just as exploitable.\nIn
  my presentation\, I will elucidate how poor practices and misconfiguratio
 ns in Enterprise Applications and GDAP can lead to an exponential supply c
 hain attack. The session aims to shed light on these vulnerabilities\, pro
 viding insights into how they can be identified and mitigated to protect a
 gainst such expansive threats.
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-250-microsoft-entra-id-gat
 eway-to-supply-chain-attacks-on-a-global-scale
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Out of Order: protocol confusion attacks in the real world
 DTSTART;TZID=Europe/Helsinki:20250215T200000
 DTEND;TZID=Europe/Helsinki:20250215T204500
 UID:b91703fb-126f-53df-9aa9-994d0c7f1497
 DESCRIPTION:IPMI\, a protocol many will never have heard of\, underpins re
 mote access to some of the most critical elements of server infrastructure
 . The years have not been kind to IPMI\, and research has repeatedly found
  flaws in these systems. As part of our talk we will explore new issues th
 at have been discovered following our research and how they impact an open
  source IPMI implementation. \nThe talk will provide technical background 
 on what Baseboard Management Controllers (BMCs) are\, the role they play i
 n our infrastructure\, and how they can be abused to grant privileged acce
 ss to servers across the world. \n\nSpecifically\, we'll look at protocol 
 exploitation and state machine analysis\, explaining the steps taken to an
 alyse remote management protocols\, how audience members can use this to a
 nalyse other protocols\, and how this resulted in discovering critical fla
 ws in IPMI and other software\, allowing remote administrative access to s
 erver infrastructure.\n\nThe main takeaways from the presentation will be:
 \n - Learning about the IPMI protocol (maybe TLS/WPA too)\n - showing off 
 some interesting vulns\n - Learning about protocol research methodology\, 
 and how to design secure protocols
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-326-out-of-order-protocol-
 confusion-attacks-in-the-real-world
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Closing by NotMyNick
 DTSTART;TZID=Europe/Helsinki:20250215T210000
 DTEND;TZID=Europe/Helsinki:20250215T220000
 UID:e739f813-0c6a-5f74-bf55-ed6cc31d1c79
 DESCRIPTION:Closing by NotMyNick
 LOCATION:Terminal Stage
 URL:https://disobey.fi/2025/profile/disobey2025-335-closing-by-notmynick
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Social Engineering and elicitation techniques of hacking a human b
 eing
 DTSTART;TZID=Europe/Helsinki:20250215T103000
 DTEND;TZID=Europe/Helsinki:20250215T111500
 UID:45521d82-98c1-5323-9861-8dd305b2acfb
 DESCRIPTION:1. **What is social engineering? History\, Attack vectors.**\n
 2. **Examples of Real Social Engineering Attacks.**\n3. Four Phases of Soc
 ial Engineering (Reconnaissance\, Engagement\, Exploitation\, Closure)\;\n
 4. Building your artwork: What is elicitation? Elicitation Techniques.\n5.
  I know how to make you like me - Building Rapport\n6. Becoming Anyone you
  want to be - Pretexting.\n7. **Influence and persuasion.**\n8. **Reality 
 alteration (framing).**\n9. Now What? Skills you need to become a social e
 ngineer\, and how to defend yourself.\n10. **Conclusion\, final thoughts.*
 *
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-252-social-engineering-and
 -elicitation-techniques-of-hacking-a-human-being
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Deep fake it till you make it!
 DTSTART;TZID=Europe/Helsinki:20250215T113000
 DTEND;TZID=Europe/Helsinki:20250215T120000
 UID:905b53ab-21ae-5f42-a66e-bcc65c4a5897
 DESCRIPTION:Deep fake it till you make it is a continuation of a talk i di
 d at Häjysec in Vaasa\, The concept is to look at the evolution of AI and
  it's implications\, the talk is humourous in nature and involves several 
 demos.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-255-deep-fake-it-till-you-
 make-it-
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Staying Sneaky in Microsoft Azure
 DTSTART;TZID=Europe/Helsinki:20250215T121500
 DTEND;TZID=Europe/Helsinki:20250215T124500
 UID:457d5c86-4e08-5e55-9560-deb705cf2705
 DESCRIPTION:Microsoft are improving their cloud platform by providing more
  log sources that can be consumed to gain visibility into enumeration and 
 data read events. However\, due to Azure's complexity\, such as different 
 legacy and modern systems\, the same objective can be achieved by an attac
 ker through different methods\, inherently with different indicators. As a
  result\, the challenges that organisations face\, and will continue on fa
 cing\, are the following:\n\n- Attackers using known and lesser-known APIs
  to perform activities against a tenant and Azure resources.\n- Attackers 
 remaining undetected due to assumptions taken by defensive teams in how sp
 ecific attacks would be performed.\n\nThis talk will aim to build up on pu
 blicly available research into undocumented APIs within Azure and present 
 different ways that attackers can use these APIs to gather information abo
 ut an environment and also perform actions against the estate. With each m
 ethod that is discussed\, the talk will also present what controls exist t
 o try and prevent their abuse within an organisation as well as what telem
 etry is generated when performing these attacks. Thus\, allowing attendees
  to understand the available attack surface within Azure and help provide 
 guidance on the potential non-typical log sources that should be ingested 
 to improve an attack detection in an estate.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-324-staying-sneaky-in-micr
 osoft-azure
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Investigating Industrial Control Systems
 DTSTART;TZID=Europe/Helsinki:20250215T141500
 DTEND;TZID=Europe/Helsinki:20250215T150000
 UID:386d3b5b-5084-5e00-8fea-dbbea9388e14
 DESCRIPTION:What to expect when you're all of a sudden called in to invest
 igate a suspected cyber attack against a power plant or an oil refinery? H
 ow does such a system even look like from DFIR perspective\, and how would
  an adversary approach attacking them?\n\nIn this talk I will teach you so
 me basics of Industrial Control Systems (ICS)\, explain what a successful 
 cyber attack against an ICS system often looks like\, and finally present 
 my personal opinion on how investigating an ICS incident differs from inve
 stigating a compromised IT system. If you've never heard about the ICS Cyb
 er Kill Chain or don't know what a PLC or an RTU is\, then this talk is fo
 r you!
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-308-investigating-industri
 al-control-systems
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Ten Security Design Strategies from 2004
 DTSTART;TZID=Europe/Helsinki:20250215T151500
 DTEND;TZID=Europe/Helsinki:20250215T160000
 UID:c18cd24e-dd14-5290-83a6-6c18110d1d06
 DESCRIPTION:In 2004\, I compiled a list of ten security design strategies 
 for software engineering. In this presentation\, I revisit the original sl
 ide deck and reflect on the last 20 years of software security.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-268-ten-security-design-st
 rategies-from-2004
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Email hacking\, attacks and defence today
 DTSTART;TZID=Europe/Helsinki:20250215T161500
 DTEND;TZID=Europe/Helsinki:20250215T170000
 UID:47b8beea-29cf-5140-ba0e-a2e9dc9bde3f
 DESCRIPTION:Email is the open non-proprietary messaging system on the inte
 rnet that reaches everyone. Practically all other internet systems rely on
  email at least as a backup contact or for notifications. Hear about the c
 hanging threat landscape of internet email\, see current and evolving emai
 l threats and attacks\, and learn best practises of defence against email 
 abuse.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-290-email-hacking-attacks-
 and-defence-today
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Web security is fun (or how I stole your Google Drive files)
 DTSTART;TZID=Europe/Helsinki:20250215T173000
 DTEND;TZID=Europe/Helsinki:20250215T180000
 UID:18cd9ca8-24cc-53e5-8b1f-df22c2e87145
 DESCRIPTION:This talk is about a vulnerability in Google Drive. But it's a
 lso a talk about web security concepts\, how services can be made to inter
 act in unintended ways\, and how a few seemingly harmless flaws can be cha
 ined to defeat security boundaries.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-311-web-security-is-fun-or
 -how-i-stole-your-google-drive-files-
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Living off Microsoft Copilot
 DTSTART;TZID=Europe/Helsinki:20250215T181500
 DTEND;TZID=Europe/Helsinki:20250215T190000
 UID:b16e5f6a-7c34-50eb-b928-7350b4a231d0
 DESCRIPTION:Whatever your need as a hacker post-compromise\, Microsoft Cop
 ilot has got you covered. Covertly search for sensitive data and parse it 
 nicely for your use. Exfiltrate it out without generating logs. Most frigh
 tening\, Microsoft Copilot will help you phish to move lately. Heck\, it w
 ill even social engineer victims for you!\n\nThis talk is a comprehensive 
 analysis of Microsoft copilot taken to red-team-level practicality. We wil
 l show how Copilot plugins can be used to install a backdoor into other us
 er’s copilot interactions\, allowing for data theft as a starter and AI-
 based social engineering as the main course. We’ll show how hackers can 
 circumvent built-in security controls which focus on files and data by usi
 ng AI against them.\n\nNext\, we will drop LOLCopilot\, a red-teaming tool
  for abusing Microsoft Copilot as an ethical hacker to do all of the above
 . The tool works with default configuration in any M365 copilot-enabled te
 nant.\n\nFinally\, we will recommend detection and hardening your can put 
 in place to protect against malicious insiders and threat actors with Copi
 lot access.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-331-living-off-microsoft-c
 opilot
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Sounds from the basement: Extreme low-level game cheating
 DTSTART;TZID=Europe/Helsinki:20250215T191500
 DTEND;TZID=Europe/Helsinki:20250215T200000
 UID:cedeeb3f-1087-51b5-8847-bdfaff8326b4
 DESCRIPTION:In this talk\, we will explore an advanced method for cheating
  in multiplayer PC-based games by leveraging System Management Mode (SMM) 
 as the cheat’s runtime environment. SMM\, a privileged execution mode in
  x86_64 processor architecture\, operates at the lowest level of the CPU p
 rivilege rings\; beneath even the kernel's ring 0 or hypervisor’s “rin
 g -1” - SMM executes in so-called “ring -2”. This makes it an ideal 
 environment for executing anything undetected by traditional detection sof
 tware typically running in higher privilege rings\, be it anti-cheat or an
 ti-virus software. \n\nWe will cover the technical details of how to use S
 MM\, its inherent advantages over other cheating techniques\, and the chal
 lenges in interfacing with game memory and game object types while remaini
 ng undetected from the most established anti-cheat platforms. This talk wi
 ll include a demonstration of a working game cheat which can bypass modern
  anti-cheat tools and a deep dive into the potential implications for anti
 -cheat developers (and other security professionals whose job it is to det
 ect malicious activity in their context). Attendees will leave with a soli
 d understanding of why SMM is a powerful tool for stealth in executing cod
 e maliciously and what countermeasures might be required to combat such so
 phisticated attacks.
 LOCATION:Security Theater
 URL:https://disobey.fi/2025/profile/disobey2025-284-sounds-from-the-baseme
 nt-extreme-low-level-game-cheating
 END:VEVENT
 BEGIN:VEVENT
 SUMMARY:Security safeguards in continuous integration
 DTSTART;TZID=Europe/Helsinki:20250215T141500
 DTEND;TZID=Europe/Helsinki:20250215T171500
 UID:2515dbc8-4167-57e4-a457-42a2150063e2
 DESCRIPTION:Learn how to safeguard your software development project by im
 plementing automated security checks in continuous integration.
 LOCATION:Security Forum
 URL:https://disobey.fi/2025/profile/disobey2025-275-security-safeguards-in
 -continuous-integration
 END:VEVENT
 END:VCALENDAR
	from icalendar import Calendar, Event
	from datetime import datetime, timedelta
	from zoneinfo import ZoneInfo

	import hashlib
	import json

	# Base URL for event links
	base_url = "https://disobey.fi/2025/profile/"

	# Initialize the calendar
	cal = Calendar()

	# source: https://disobey.fi/2025/inc/schedule.json
	schedule_fp = open('schedule.json', 'r').read()
	schedule_data = json.loads(schedule_fp)
	conf = schedule_data['schedule']['conference']
	days = conf['days'] # Navigate directly to the nested events list
	tzname = conf['time_zone_name']

	print('# Disobey 2025')
	print(f'{conf["start"]} - {conf["end"]}\n')
	for day in days:
	print(f'\n## Day {day["index"]}')
	for room in day['rooms']:
	print(f'\n### {room}\n')
	for event in day['rooms'][room]:
	# Extract relevant information
	title = event['title']
	start_dt = datetime.fromisoformat(event['date']).astimezone(ZoneInfo(tzname))
	duration = event['duration'].split(':')
	duration_td = timedelta(hours=int(duration[0]), minutes=int(duration[1]))
	end_dt = start_dt + duration_td
	abstract = event['abstract']
	room = event['room']
	slug = event['slug']

	# Create the event
	ical_event = Event()
	ical_event.add('summary', title)
	ical_event.add('dtstart', start_dt)
	ical_event.add('dtend', end_dt)
	ical_event.add('description', abstract)
	ical_event.add('location', room)
	ical_event.add('url', base_url + slug)
	ical_event['uid'] = event['guid']

	# Add event to calendar
	cal.add_component(ical_event)
	print(f'#### {start_dt.strftime("%H:%M")} - {end_dt.strftime("%H:%M")} {title}')

	# Save the .ics file
	file_path = 'schedule.ics'
	with open(file_path, 'wb') as f:
	f.write(cal.to_ical())

	file_path