Call for Failure (CfF 0x1)

Over Fail: The Untold Truth Behind the Magic of Cybersecurity

10-minute talks during hack.lu to present your biggest failure in cybersecurity — and, most importantly, what you learned from it.

It’s Samion’s first week in the digital forensics team of the company where he has been working for the past two years since graduating. Before joining the “Super Hounds” — a nickname earned by his teammates after helping the organisation uncover a year-long operation led by a sophisticated threat actor — he was a mere SOC analyst. After months of weeding through useless alerts, responding to run-of-the-mill scam reports, and occasionally stumbling upon something interesting only to escalate it to the Super Hounds (as dictated by the rigid playbook he had to follow like a factory worker on Ford’s Model T assembly line), he began to experience the dreaded analyst fatigue.

Samion is a smart, curious, and respectful human being who doesn’t need a code of conduct to behave. He believed that his mission, as monotonous as it might have seemed, was important — allowing the Super Hounds, the organisation’s legendary forensicators, to focus on protecting the business from serious cyberattacks. However, his yin eventually overpowered his yang, and he decided to act before his frustration turned into a toxic dose of cynicism.

He asked for training, received approval, and threw himself into it — studying late into the night and running experiments in his home lab. He passed a forensics certification with flying colours and proudly earned a Lethal Forensicator Coin alongside his fellow trainees after solving a series of difficult challenges.

When he returned to work, he asked to join the Super Hounds. Given his loyalty, dedication, and overall performance, his wish was granted. Now here he was, facing his first assignment: analysing a disk image related to a case in which an employee at a subsidiary on the other side of the world had apparently been spear-phished, resulting in an unknown malware infection — detected thanks to some strange network connections.

He opened the freshly delivered parcel containing the drive, only to find it still in its original shrink-wrapped packaging. Being the new kid on the block, he didn’t dare question his coworkers. Maybe the local security officer, who had received clear instructions on how to clone the compromised endpoint’s disk, was just being extra careful or overly meticulous.

Samion removed the drive from its packaging, connected it with the proper write blocker, and plugged it into his forensic workstation. He began looking for the MFT and the drive’s volumes — but found nothing. He called over one of his seasoned coworkers, and after twenty minutes of testing different tools and methods, the verdict was in: the disk was brand new.

When Samion called the security officer to figure out what went wrong, the officer sheepishly admitted that he had sent them a fresh drive of the same make and model as the original one. The CFO, whose laptop had been compromised, had refused to hand over the real drive for several hours — and the officer had panicked.

This isn’t fake news (apart from the protagonist’s name). Cybersecurity is riddled with such epic fails. Some even say that incident response and forensics consist of more than 80% failures for every few genuine successes. And the same probably holds true across the cybersecurity field — whether in research, red teaming, or risk assessments.

While there are now more cybersecurity conferences than days in a year, most speakers focus on successes and so-called cutting-edge tools and methods that sometimes sound too good to be true, to the applause and back-patting of the audience. But we, at hack.lu, believe it’s time to give the stage to the untold truth behind the magic of cybersecurity — by making a Call for Failure.

Did you get flagged by a blue team for a dumb mistake during a red team engagement? Did you accidentally bring down an important application during a pentest or while researching a vulnerability? How about a blockchain blunder, a machine-learning meltdown, a “Big Data gone small” incident, or some cyber threat intelligence where the intelligence part was missing?

Do you have a story like Samion’s to share with other hack.lu attendees in ten minutes or less?
Then submit to our Call for Failure and help us dispel the magical and BS side of cybersecurity!
Human knowledge has always been built on regular failures. Be proud — and share yours in a 10-minute session during hack.lu.

Location

The event is open to all participants of hack.lu and to the accepted speakers for CfF 0x1.
It will take place on Wednesday, 22 October 2025, during the hack.lu conference, from 19:00 to 21:00.
Talks will be 10 minutes max.

History

The first edition (0x0) took place in 2019 at hack.lu.
Now, in 2025, it’s time for the second edition.