4-5 JunePosthuset 7A

Midnight Sun CTF Conference

MidnightSun houses Sweden’s biggest CTF event involving teams from all over the world. It has grown to include an offensive and policy focused conference by hackers, for hackers in Stockholm, Sweden.

This year, the conference theme is "Cyber Conflicts: The Tools and Techniques of Tomorrow". At Midnight Sun, talks revolve around offensive security, including advanced exploitation methods, reverse engineering, vulnerability detection and cyber strategy.

Earlybird discount until 31 March! Use promo code Earlybird when choosing ticket.

Sample speakers 2026

Kristoffer Hultgren
Head of Space Security, The Swedish Civil Defence Agency

Dr Kristoffer Hultgren is the Head of the Space Security Section at the Swedish Civil Defence and Resilience Agency (MCF). At MCF Dr Hultgren is responsible for the space related work which includes being the Director of both the Competent Galileo PRS Authority and the Competent Govsatcom Authority of Sweden in the EU.

Dr Hultgren holds a PhD degree in atmospheric physics from Stockholm University, a MSc degree in Space Technology from Luleå Technical University, a MSc degree in Space Physics from Université Paul Sabatier Toulouse III, and a BSc degree in Physics from Karlstad University.

Read more

Space Security as a Pillar of National and Civil Resilience

As modern societies grow increasingly dependent on space-based systems for critical services, ranging from communication and navigation to emergency response and infrastructure coordination, the security and resilience of these systems have become essential components of both national and civil defence. This presentation explores the intersection of space security, cyber resilience, and societal preparedness, highlighting how threats to space assets can have cascading effects on civilian functions on the ground.

Participants will gain an overview of current and emerging risks to space‑dependent services, including cyberattacks, system disruptions, signal interference, and vulnerabilities within the expanding commercial and governmental space ecosystem. The session will also discuss strategic approaches to enhancing resilience, covering topics such as risk management, public–private collaboration, capability development, and integration of space considerations into broader civil defence planning.

Read more

Carl Heath
Senior Researcher in digital resilience at RISE: Center for Security Design and Innovation

Carl Heath is a senior researcher at the Center for Security Design and Innovation (CSDI) at RISE – Research Institutes of Sweden, as well as a researcher at the University of Gothenburg. He works in applied research relating to society's digital transformation, particularly concerning issues related to democracy, digital resilience, AI and innovation management. Carl has served as a Special Counsel for the protection of democratic dialogue for the Swedish government, examining democracy in the digital age, as it relates to disinformation, propaganda and hate speech. 

He currently assists the Swedish Psychological Defense Agency as well as other agencies in applied research and innovation in the context of digital transformation, total defense and hybrid warfare. Carl Heath is also a board member of the Swedish eHealth Agency and a member of the Media Subsidies Council, a part of the Swedish Media Authority. He won the Swedish eGovernment Awards in 2020 and is an international keynote speaker.

Read more

The Good, The Bad and The Ugly of technology in turbulent  times

Palmsalen

In an age where digital technology and artificial intelligence play an ever-expanding role in shaping our lives, the risks associated with their misuse in cyber- and hybrid warfare, and foreign influence operations and malign information campaigns are becoming increasingly significant. This lecture aims to deepen the understanding of how technology plays a role in these domains in our geopolitically turbulent times.The session will provide insights into the mechanisms by which technology is employed in cognitive warfare to create and amplify hybrid- cyber and malign information. It will explore both the opportunities AI presents for defending democratic values and the ethical challenges it poses. Participants will gain an understanding of how societies can build resilience against cognitive warfare while safeguarding core principles such as freedom of expression and democracy.

Read more

Faith
Chronomaly: Tick, Tock, Root

Faith is a Lead Blockchain Security Researcher. He previously worked as a vulnerability researcher at Dataflow Security, and has continued doing vulnerability research

in his free time. Most recently, he found a vulnerability in the Linux kernel's RxRPC subsystem, which he used as an entry for ZeroDay.Cloud as part of Team CCC.

Read more

Chronomaly: Tick, Tock, Root

What happens when the kernel's own timekeeping mechanisms can be turned against it? Such was the case for CVE-2025-38352 – a vulnerability in the Linux / Android kernel's POSIX CPU timers implementation that was exploited in the wild. In this talk, I'll walk through the vulnerability and dissect Chronomaly, the exploit I built for it.

Read more

Johan Carlsson
Bug bounty hunter

Johan Carlsson is a self-employed, full-time bug bounty hunter based in Gothenburg, Sweden. Currently ranked number one on GitLab’s bug bounty program on HackerOne, he has found and reported vulnerabilities to a host of major companies, including Zoom, Google, Apple, and GitHub. Johan holds a Bachelor’s degree in Computer Science from KTH in Stockholm, as well as a Bachelor’s degree in Fine Arts from KHiO in Oslo, Norway.

Read more

What happens if you let a security novice hack your company for five years?

Palmsalen

Life took an unexpected turn when I left an art career to study computer science, eventually pivoting to cybersecurity and making bug bounty my full-time livelihood. Bug bounties allow anyone to use big corporations as a playground for real-world security learning. I will walk through some of my favorite findings from my years hacking GitLab, demonstrating how curiosity and persistence can allow anyone to join the field of cybersecurity.

Read more

Harri Larsson
CEO Cparta Cyber Defense AB

Read more

Opening Speach

Palmsalen

David Olgart
Director of Cybercampus Sweden

David Olgart has more than 25 years of experience in cybersecurity work as both an expert and an operational leader in the defence sector, with a background in government agencies as well as consulting. He previously coordinated the Swedish Armed Forces’ research and technology development for cyber defence. David holds an M.Sc. in Computer Science from KTH Royal Institute of Technology, specializing in data security and information systems, and serves as a Commander and Reserve Officer.

Cybercampus Sweden’s mission is to conduct groundbreaking research, innovation, and education in cybersecurity and cyber defence—beyond what individual organizations can accomplish on their own. Cybercampus is a national collaboration between universities, research institutes, government agencies, and companies, aimed at strengthening the talent pipeline for both civilian and military domains. Cybercampus addresses needs that no other actor in the cybersecurity field currently meets. Its results are intended to enhance society’s ability to manage cyber threats, strengthen Sweden’s competitiveness, and ultimately promote our economic prosperity.

Read more

Opening Speach

Palmsalen

1v1 pwn

Read more

1v1 pwn

Palmsalen

On-stage head to head binary exploitation tournament. Are you fast at hacking? Show it off!

Read more

1v1 pwn

Palmsalen

On-stage head to head binary exploitation tournament. Are you fast at hacking? Show it off!

Read more

Pontus Johansson
Professor of Cybersecurity, KTH Royal Institute of Tehcnology

Pontus Johnson is a professor of cybersecurity at KTH Royal Institute of Technology in Stockholm, specializing in network architecture and cyber‑attack simulation. He directs the Center for Cyber Defense and Information Security and serves as deputy director of Cybercampus Sweden. Pontus holds an MSc from Lund and earned his PhD and Docent degrees at KTH, becoming a professor in 2009.

He has been a member of the Royal Swedish Academy of Engineering Sciences (IVA) since 2013 and joined its board as deputy chair in 2024. In 2025, he also joined the board of the Swedish Research Council.

Pontus co‑founded Foreseeti, whose attack‑simulation technology was acquired by Google in 2022; he worked part‑time at Google Cloud from 2022 to 2025. In 2025, he co‑founded Nørdsnipe, developing an AI assistant for security testing.

He has authored more than 100 scientific papers, served on numerous international program and steering committees, and was listed by Tech Awards Sweden in 2022 and 2023 as one of the 50 most influential people in Swedish tech. Pontus works 20% at Nørdsnipe and 80% within the SSAS research group at KTH.

Read more

08:30

Check-in and coffee

09:00

Opening Speach

Palmsalen
Harri Larsson
CEO Cparta Cyber Defense AB
David Olgart
Director of Cybercampus Sweden
09:15
To be announced
Palmsalen
10:00
To be announced
Palmsalen
10:45
To be announced
11:30

The Good, The Bad and The Ugly of technology in turbulent  times

In an age where digital technology and artificial intelligence play an ever-expanding role in shaping our lives, the risks associated with their misuse in cyber- and hybrid warfare, and foreign influence operations and malign information campaigns are becoming increasingly significant. This lecture aims to deepen the understanding of how technology plays a role in these domains in our geopolitically turbulent times.The session will provide insights into the mechanisms by which technology is employed in cognitive warfare to create and amplify hybrid- cyber and malign information. It will explore both the opportunities AI presents for defending democratic values and the ethical challenges it poses. Participants will gain an understanding of how societies can build resilience against cognitive warfare while safeguarding core principles such as freedom of expression and democracy.

Read more
Palmsalen
Carl Heath
Senior Researcher in digital resilience at RISE: Center for Security Design and Innovation
12:15

Lunch

Orangeriet
12:55
To be announced
13:40
To be announced
Palmsalen
14:25
To be announced
15:05

Coffee

Orangeriet
15:25
To be announced
15:45
To be announced
Palmsalen
16:30

Lightning talks

Palmsalen
17:00

Drinks and mingle

08:30

Check in and coffee

09:00

What happens if you let a security novice hack your company for five years?

Life took an unexpected turn when I left an art career to study computer science, eventually pivoting to cybersecurity and making bug bounty my full-time livelihood. Bug bounties allow anyone to use big corporations as a playground for real-world security learning. I will walk through some of my favorite findings from my years hacking GitLab, demonstrating how curiosity and persistence can allow anyone to join the field of cybersecurity.

Read more
Palmsalen
Johan Carlsson
Bug bounty hunter
09:45
To be announced
10:30

Coffee break

10:45

Chronomaly: Tick, Tock, Root

What happens when the kernel's own timekeeping mechanisms can be turned against it? Such was the case for CVE-2025-38352 – a vulnerability in the Linux / Android kernel's POSIX CPU timers implementation that was exploited in the wild. In this talk, I'll walk through the vulnerability and dissect Chronomaly, the exploit I built for it.

Read more
Faith
Chronomaly: Tick, Tock, Root
12:00

Lunch

Orangeriet
12:40

1v1 pwn

On-stage head to head binary exploitation tournament. Are you fast at hacking? Show it off!

Read more
Palmsalen
1v1 pwn
13:20

CTF Final presentation on Stage

CTF teams presented on stage and the winners are announced.

Read more
14:00

Coffee break

Orangeriet
14:20
To be announced
Palmsalen
15:05

1v1 pwn

On-stage head to head binary exploitation tournament. Are you fast at hacking? Show it off!

Read more
Palmsalen
1v1 pwn
16:15
To be announced
Palmsalen

All you need to know


© MapTiler © OpenStreetMap contributors