Practical Exploitation - No CVE Required
A live hacking session! What actually happens between "no known vulnerability" and full compromise? In this session, we move beyond slides and theory and exploit real systems on stage. You will see how small implementation details, unsafe assumptions, and overlooked behaviors turn into working attack paths. No pre-recorded demos. Just live analysis. Live mistakes. Live exploitation. We start with exposed functionality and pull at the threads. We read the code. We question the assumptions. We look for the place where "this should be safe" quietly becomes "this is game over". Sometimes there is no CVE, no advisory, no warning — just logic, trust, and attack surface waiting to be understood. This session is for developers, defenders, and security engineers who want to understand not just that something is vulnerable — but why it is exploitable, and how attackers convert technical nuance into control. If you build systems, you should know how they break. If you defend systems, you should know how they fall. Because exploitation is not magic. It is method. And method scales.
Presented at Security Fest 2026.
Speaker: Emil TrägårdhAbout Emil Trägårdh
Emil Trägårdh is a Swedish hacker, entrepreneur and Blueteamer. At the age of 14 he created his first botnet and in high school he hacked a small city. At the age of 20 he founded a web dev agency and four years later he did his first large scale government contract with the Swedish authorities. In between, he traveled the world with his family for a year and he no longer works like regular people. Instead he devotes most of his time to security because it's fun!
