Kiberdrošības konference "Kiberšahs 2018". Runātāji.
Honeypots: Setting the Perfect Trap (EN)
If you have ever looked at logs of a machine left open to the world-wide networks you know that hacking attempts are highly frequent. Most of these are not sophisticated - portscans and credential bruteforce attempts dominate the lot, as it is something that can be easily automated and applied to large blocks of public addresses. Such techniques, commonly used for initial system compromise, do not seem to change much over time, but what happens if a probe succeeds and provides an attacker with access to the system? You would not want to find out from your own experience.
Honeypots are one of the few ways to study attacker behaviour on a compromised system. This talk will introduce this concept, contemplate potential uses is defensive and offensive security, as well as provide some guidance for designing and configuring your own honeypot.
Alise comes from an academic background in Computer Security and Forensics, and has been involved in penetration testing (a.k.a. offensive security) ever since graduation. She is now the application security lead at Accenture Latvia with vast and varied experience in security of a wide range of systems and technologies, as well as a keen interest in software development, security research and security education/training.
Kā kompromitēti maršrutētāji "rok" kriptovalūtu (LV)
Izmantojot vairāk kā gadu vecu ievainojamību 2018. g. augustā hakeri spēja iesaistīt vairāk kā 200 000 kompromitētus MikroTik maršrutētājus kriptovalūtas rakšanas talkā. Šī prezentācija detalizēti aplūko kas īsti notika, ko vajadzēja darīt, lai tas nenotiku, un kā pārbaudīt sava MikroTik drošību šodien. Plānotā mērķauditorija - IT drošības pārvaldnieki, interesenti, entuziasti, MikroTik lietotāji.
Andis Āriņš ir MikroTik sertificēts eksperts un pasniedzējs ar 15 gadu pieredzi datortīklu drošībā. Šogad pabeidzis doktorantūras studijas Latvijas Universitātē, aktīvi veic pētījumus kiberdrošībā un programdefinētā tīklošanas vidē.
Baiba Kaškina is the general manager of CERT.LV managing all activities including incident response, awareness raising and liaison with the constituencies. She has been leading the CSIRT team in Latvia since 2006 and before that used to work for TERENA (the Netherlands) managing large scale projects, including various EU funded projects. Baiba has been involved in various EU funded projects at the IMCS UL (e.g. BalticGrid, GEANT, etc.) and has project management professional certificate.
At CERT.LV Baiba is responsible liaison with the Ministry of Defence and keeps close relationship with many parts of the diverse CERT.LV constituency and especially with the international contacts.
Baiba Kaškina holds an MSc in Computer Science from the University of Latvia and has strong networking background. Since 2013 Baiba is the member of TF-CSIRT Steering Committee and since 2014 – the Chair of TF-CSIRT. Baiba has been a member of the TNC and FIRST conference programme committees as well as has participated in various working groups nationally and internationally.
The Military Role in Cyberspace (EN)
At the Warsaw Summit in July 2016, the NATO Heads of States and Governments agreed to recognize cyberspace as a domain of military operations and tasked the NATO Strategic Commands to develop a roadmap to establish NATO's operational capability in this new domain. In July 2018, the Allies agreed to establish a Cyberspace Operations Centre (CyOC) at SHAPE to plan and coordinate NATO military operations in cyberspace. The CyOC team is now working on how best to address Alliance operational and collective defence concerns. Some aspects of cyberspace capabilities fit well within the framework of existing NATO forces and doctrine; some can be addressed but require new doctrines and forces; and some are better addressed through other means--such as civil and commercial CERTs, for example. This talk will offer a candid view of NATO is dealing with the challenges of this new domain.
Brad Bigelow spent 25 years as a US Air Force officer planning, building, and operating networks, information systems, and software applications to support space operations. He worked on early US cyber policies while on the staff of the President's National Security Telecommunications Advisory Committee (NSTAC) in the mid-1990s, then ran the program office delivering initial US Air Force information operations systems. Since 2001, he has worked for NATO in both program and project management and strategic staff positions. He has spoken at numerous cyber security and project management conferences in Europe, the U.S., and the Middle East.
"Does your fridge help to 'crack' the Pentagon servers" (EN)
Egons Bušs has 25 years of experience in the field of information security, cyber security and information technology. Egons started his career back in 1980s on mainframe computers. His further work experience continued at the Bank of Latvia, first, as a Network and Systems Administrator, and the first bank’s Webmaster, up to the Deputy Head of Information Systems Department. Egons was assigned Project Manager for two security projects at the European Central Bank in Frankfurt am Main, Germany. From 2008 to 2016 Egons worked as an IT Director at ELKO Group, which is a large IT distributor in 10 Eastern and Central European countries. In 2016 Egons joined Latvian Mobile Telephone as a Security Director. Egons holds CGEIT (Certified in the Governance of Enterprise IT) Certificate. Egons serves on ISACA Latvia Chapter Board as Immediate Past President and Executive Vice President.
Kriptovalūtu tehnoloģijas: priekšrocības un izaicinājumi (LV)
Prezentācijā tiks paskaidrots kriptovalūtu jēdziens, nodemonstrēta kriptovalūtu pielietošana sadzīvē un integrācija IT risinājumos, kā arī tiks aplūkoti svarīgāki tehnoloģijas aspekti - priekšrocības, drošība, privātums, riski un problēmas.
Latvijas Universitātes Datorikas fakultātes absolvents, specializējos datorsistēmu un datortīklu projektēšanas un uzturēšanas jomā. Profesionālās gaitas sāku telekomunikāciju nozarē, vēlāk pievērsos viedo siltumsistēmu jomai un ņēmu dalību vairāku informācijas sistēmu izveidē, kuras ir tēmētas uz siltummezglu darbības optimizāciju, pārvaldības un uzskaites digitalizāciju. Esmu programmatūras izstrādes uzņēmuma "Alicorn" līdzdibinātājs, kura darbības ietvaros kopš 2014. gada sāku aktīvi pētīt kriptovalūtu tehnoloģiju, kā rezultātā tika dibināts finanšu tehnoloģiju birojs "Zatoshi". Aktīvs kriptovalūtu un kiberdrošības entuziasts, Latvijas atvērto tehnoloģiju asociācijas asoc.biedrs, atvērta pirmkoda risinājumu popularizētājs.
Informācijas drošības kultūra (LV)
Prezentācijā tiks apskatīti tehnoloģiju ietekme uz kopējo drošības kultūru organizācijā un tās saistību ar stratēģisko un biznesa mērķu sasniegšanu. Pamatprincipi un darbinieku lomas drosības kultūras apzināšanā un ieviešanā. Cilvēku paradumu izmaiņu ietekme uz uzvedības kultūru un motivācija ievērot vai neievērot zināmus drošības noteikumus.
Egilam Stūrmanim ir maģistra grāds tehniskajās zinātnēs un finansēs. Jau vairāk nekā 10 gadus Egils Stūrmanis strādā IT drošības jomā vadot un realizējot dažādus projektus, pēdējos gadus daudz laika veltot sabiedrības izglītošanai.
Deivids Golubs ir profesionālis IT jomā un 20 gadus vienlaikus strādā gan publiskajā, gan privātajā sektorā, bet pēdējo 10 gadu laikā ir pievērsies IT drošības jautājumu risināšanai. Profesionālās darbības laikā ir uzkrāta ievērojama pieredze darbojoties kā inženierim visdažādāko industriju IT infrastruktūras ieviešanas projektos Latvijā un ārvalstīs. Deivids labprāt dod priekšroku darbam ar cilvēkiem, jo spēj panākt savstarpējo sapratni starp informācijas tehnoloģiju izstrādātājiem un lietotājiem, un palīdzēt rast risinājumu konflikta situācijām, kas nereti veidojas vienotas izpratnes trūkuma dēļ. Deivids ir Banku augstskolas Maģistra studiju programmas Kiberdrošības pārvaldība absolvents un kopš 2018. gada darbojas ISACA Latvijas nodaļas valdē.
Arrival of 5G. Risks & Opportunities (EN)
Since 2009 Marketing and Business Development Vice President, Member of the Management Board of Latvijas Mobilais Telefons LLC.
2005-2009 owner and CEO of Exact Management LLC, 2006-2007 Marketing Director at Exigen Services Latvia JSC. 2000-2004 progressed from Marketing Manager to Director of Broadband Services Department at Lattelekom LLC. Duringhis studies in 1996-1997 Marketing Manager at Ionica LLC. Started carrier in 1995 at NTV5 and PICCA TV as a Sales Representative.
Member of the Latvian Internet Association, member of the State Administration Policy Development Council, as well as a national guard with the NG Student Battalion.
SIEM - prakse, padomi un ieteikumiun (LV)
Prezentācija iepazīstinās ar vairāku gadu garumā uzkrāto pieredzi darbā ar SIEM un sniegs padomus efektīvākai tā izmantošanai.
Kaspars has more than 15 years of experience in IT with focus on IT risk and security management.
Prior joining dots. (previously, SQUALIO cloud consulting) Kaspars was employed as an IT security manager in Finland based software provider and as IT risk manager in Latvia based telecommunications company. Kaspars is qualified technical professional owning such certifications as CISM, CISA and CEH.
a8Q. Malware sample reweaponization. (EN)
Malware samples are as abundant as pawns on a chess field. While pawns can be promoted to more valuable piece, a malware sample can be binary edited and turned into a cyber weapon.
Karlis holds a MSc degree from University of Latvia. After a prolonged international experience working in the field of cyber security he is happy to hold an operational position of a threat analyst with CERT.LV.
Uzvedības problēmas dzīvē un uzvedības problēmas internetā (LV)
Drošības instrukcijas- tas ir garlaicīgi, jo nereti lasāmviela aizņem vairākas mapes, bet paši treniņi – pat vairākas mokošas dienas.
Runāt par drošības noteikumiem internetā ar bērniem – tas var būt vēl sarežģītāk, jo viņu spēja un motivācija koncentrēties nopietnam saturam (pat ja tā var ietekmēt viņa drošību un veselību) ir vēl īsāka.
Kas vieno pieaugušos un bērnus? Spēles! Tas jau ir pierādīts – spēles palīdz noturēt uzmanību, palielina koncentrēšanās spējas un padara mācību procesu efektīvāku. Kā spēļu elementu ieviešana dzīvē var palīdzēt darbā un ārpus darba? Kā dzīves situāciju spēļošana var palīdzēt drošai uzvedībai gan lieliem, gan maziem? Kā mēs varam pārliecināties, ka mūsu sacītais patiešām ir ticis sadzirdēts?
Līga Bērziņa ir Out Loud SIA vadītāja, un jau vairāk nekā 10 gadus veido drošības spēles industriālos uzņēmumos gan emocionālās vardarbības prevencijai, gan drošai uzvedībai kopumā. Ņemot vērā, ka daudzi jaunieši savainojas jau pirmajās prakses dienās, uzņēmums pirms diviem gadiem izveidoja zīmolu uzvediba.lv ar mērķi izstrādāt instrumentus, kas palīdzētu bērniem un jauniešiem, kuri cieš no vardarbības skolā un virtuālajā vidē. Jaunākās spēles ir „Dusmu kontroles spēle” un „Nosargāt internetā”.
User and IoT-Oriented Network Traffic Monitoring (EN)
For years network traffic monitoring has focused on protocols, and IP address/ports. Today users demand more behaviour-oriented tools able to characterise user traffic, and prevent device/Iot-specific data exchanges. This talk show how to achieve this using open source software on embedded systems. ntopng is an open source network traffic application based on nDPI a library for deep-packet inspection (both available as open source at http://github.com/ntop). The talk describes the challenges of modern, content/user-oriented network traffic monitoring where we need to move from the traditional packet-oriented paradigm (IP X contacted host Y) to user-oriented (user A is talking on Skype call with user B) and IoT-aware (my television is trying to send an email, is this allowed?) traffic patterns. Finally it describes the challenges of these monitoring activities, and how to make them efficient enough to be run on cheap embedded devices. The core talk topics include network traffic monitoring, deep packet inspection, embedded devices.
Founder of the ntop project that develops open source network traffic monitoring applications. ntop (circa 1998) is the first app we released and it is a web-based network monitoring application. Today our products range from traffic monitoring, high-speed packet processing, deep-packet inspection (DPI), IDS/IPS acceleration, and DDoS Mitigation. See http://github.com/ntop/
Kiberdrošības brieduma novērtējums bankā (LV)
Sekmīgs kiberuzbrukums, kādai no Latvijā strādājošajām sistēmiski nozīmīgajām bankām, spēj radīt ne tikai reputācijas un finanšu zaudējumu riskus pašai bankai, bet arī būtiski ietekmēt valsts finanšu sistēmas stabilitāti kopumā. Riska mazināšanai un aizsardzības efektivitātes celšanai, ir nepieciešams veikt banku kiberdrošības novērtējumu, iegūstot zināšanas ne tikai par atsevišķu drošības kontroļu un tehnoloģiju efektivitāti, bet arī par uzņēmumā veikto kiberdrošības pārvaldību kopumā.
Kiberdrošības brieduma novērtējums ir efektīvs veids, kā šīs zināšanas iegūt, savukārt NIST kiberdrošības ietvars, ir piemērots rīks kā salīdzinoši vienkārša veidā un runājot visām novērtējumā iesaistītajām pusēm saprotamā valodā, šo novērtējumu veikt. Turklāt NIST kiberdrošības ietvars pēc savas uzbūves ir universāls un elastīgs, ļaujot to piemērot faktiski jebkurā nozarē un industrijā.
Pētījums neaptver visas Latvijā strādājošās bankas, taču tas sniedz ieskatu sektora kiberdrošības brieduma kopējās tendencēs un identificē nepieciešamos pilnveidošanās virzienus.
Cyber Security Supply Chain Risk (EN)
Peter Yapp is a Certified Information Systems Security Professional with 25 years’ experience in cyber security and computer forensics.
Peter joined the National Cyber Security Centre in October 2016 as Deputy Director, Incident Management. In April 2017 he became Deputy Director, Private Sector Critical National Infrastructure. He is currently examining cyber security supply chain risk.
Before joining the National Cyber Security Centre, Peter was Deputy Director, Operations for CERT-UK. Prior to this he was the Managing Director for Accenture’s global Computer Incident Response Team (CIRT) running a team of 50 based at five locations around the world.
Prior to Accenture, Peter was head of Forensics and Information Security consulting at Control Risks in London.
Large-scale Monitoring of the Darker Side (EN)
The non-profit Shadowserver Foundation has been collecting network threat information on a big-data scale for many years with a mission to make the Internet a more secure environment for all. The collected data is sent to 90+ National CERTs and over 4000 network owners via the Shadowserver free daily remediation feeds and used to support various law enforcement investigations. From large-scale scanning to malware collection and sinkholing, the talk will give an overview of how we collect data, challenges that have to be overcome and provide insights into the datasets collected and observed attack trends, with a particular focus on the Baltic region (especially Latvia, Estonia and Lithuania) but also providing a wider European angle.
Piotr is the Strategic Programmes Manager at The Shadowserver Foundation, a non-profit with a mission of making the Internet a more secure environment. He has a strong CSIRT background, previously working in incident response at a national level for 14 years in the CERT Polska (CERT.PL) team. He managed the team for nearly 7 years up till 2016, building up its various security data gathering and analysis projects as well as managing its anti-malware operations, including numerous botnet disruptions. Piotr currently also serves on the Board of Directors of the Honeynet Project, a well-known and respected non-profit that is committed to the development of honeypot technologies and threat analysis.
Opening remarks (EN)
Mr. Bergmanis is the Minister of Defence of the Republic of Latvia since July 2015. He was appointed to this post after the former minister Raimonds Vējonis became the President of the Republic of Latvia. Before taking up this post Mr. Bergmanis was a Member of the 12th Saeima (the Parliament of Latvia) and actively worked as a Deputy-Chairman in the Defence, Interior Affairs and Corruption Prevention Committee.
Before being elected as a Member of Parliament he was involved with various defence sector institutions, such as Recruitment and Youth Guard Centre, Ministry of Defence and National Armed Forces. Mr. Bergmanis has been working in the defence sector since 2001. He has obtained a master’s degree from the Riga Technical University in 1991 and a master’s degree from the Latvian Academy of Sports Education in 1998. In addition to his career in defence sector Mr. Bergmanis has been a professional athlete and Vice President of the Latvian Olympic Committee.
DOH! DNS over HTTPS (EN)
Domain Name System (DNS) was invented on year 1983, which is more than 35 years ago and it is a critical part of the Internet. Since it is such a critical component, security is a very important issue in DNS.
How do I protect my privacy on the Internet? How do I protect myself and my company from DNS-based attacks? Mozilla’s Trusted Recursive Resolver (TTR)
project by utilizing Dns-over-https (DoH) protocol comes to the rescue.
DoH is a new modern standard, currently in Internet Engineering Task Force (IETF) Request for Comments (RFC) draft state, with relatively simple implementation to get it working and a high level of security. With the backing of Mozilla and already working DoH servers from such companies as Google and Cloudflare it has a great potential.
Let’s secure our privacy on the internet by securing our DNS.
I am an IT security researcher and consultant. I am working with public, defense, finance and manufacturing verticals to architect and implement different security solutions which help protect their IT enviroment's accessibility, integrity and confidentiality. Some of the solutions are SIEM(Security informational events management) systems, vulnerability lifecycle management and privileged access management.
Tales from the trenches: Lessons from security incidents (EN)
Raymond will cover 4 major incidents that the Check Point Incident Response Team (IRT) have been involved in and provide the lessons
learnt. The talk covers both cloud, on-premise incidents, as well as a variety of actors, and will provide lessons learnt and recommendations so that other organisations can learn from these incidents and be better prepared.
Raymond Schippers is a senior analyst with the Check Point Incident Response Team. He is responsible for the Asia-Middle East-Africa region.
He has worked investigations from Australia, to Europe and the US. Raymond has been with Check Point for over 6 years and before that was
in cyber security operations at a gambling company and for various mining companies. He has presented at various regional conferences and
is passionate about sharing lessons learnt with the public.
SheLeadsTech Program & Cyber Security Gap - how it fits together (EN)
Sanja is the president of ISACA’s Belgrade Chapter and she is also one of its founders, devoted to promote the visibility of ISACA and its core values among the Serbian market. Sanja is also very active volunteer in chapter Engagement Working Group for SheLeadsTech programs, supporting development and delivery of specific SheLeadsTech program elements by providing advice and strategic directives over development of culture programs, according to the chapters and membership needs. She is a professional focused on audit, risk management, governance, security and compliance. In her 20 years long career path, she has lead and executed
various types of complex projects related to Risk Management, Information Security, Internal Control System Management, Internal
Audit, IT Risk Management, IT Internal Control System Management and IT and Forensic Audits across Serbia and SEE region. Sanja gained her experience by working for Big 4, several largest banks and financial institutions in Serbia and for the largest mobile operator in the Balkans region.
Demystifying Third Party Risk Management (TPRM) - A practical approach (EN)
Today it is rare to see large enterprise carrying out business operations without partnerships with third parties. However, this brings with itself new risks related to cybersecurity, privacy, business and regulatory risks. It becomes even more important to ensure that enterprises today are able to first strategically identify and classify its third parties using a risk based approach. The objective of the presentation is to provide insights on how to better evaluate third parties based on key parameters such as sensitive information they process, access provisioning mechanisms, services they offer, vendor dependency, etc. Then assess these vendors security maturity based on alignment with company’s security policies and based on leading security, privacy standards and regulatory requirements. The objective is to provide ideas how an enterprise can perform VRM as a continuous improvement activity as part of business-as-usual activity for a compliance or internal audit team.
Sheldon is a Cyber Security professional with Accenture Latvia and holds a total of 9+ years of experience. Prior to Accenture, Latvia he was part of the Cyber Security practice in Ernst & Young LLP in India and Lithuania. He has led and executed several complex information security programs and projects in a variety of sectors, with companies across Sweden, India, Africa, Lithuania and United States.
He has in-depth experience in performing Security Audits for IT Infrastructure and Industrial Control Systems environments. He has led reviews including Data Leakage reviews, Network Architecture reviews, SAP Security reviews, Vendor risk management, GDPR readiness reviews and ISO 27001, NIST, ISF and ISAE 3402 standards and frameworks. Sheldon currently holds CISSP, CISA and several Microsoft certifications. He has a Post Graduation Diploma in IT Systems from MET Institute, Mumbai India and a Bachelors degree in Business Management from Mumbai University.
Only an Electron away from Code Execution (EN)
Over the decades, various security techniques to mitigate desktop specific vulnerabilities have been developed which makes it difficult to successfully exploit traditional desktop applications. With the rise of Electron framework, it became possible to develop multi-platform desktop applications by using commonly known web technologies. Developed by the Github team, Electron has already become amazingly popular (used by Skype, Slack, Wire, Wordpress and so many other big names), bringing adventurous web app developers to explore the desktop environment. These same developers who make the XSS to be the most common web vulnerability are now bringing the same mistakes to a whole new environment.
While XSS in the web applications is bounded by the browser, the same does not apply to Electron applications. Making the same kind of mistakes in an Electron application widens the attack surface of desktop applications, where XSS can end up being so much more dangerous.
So in this talk, I will discuss the Electron framework and the related security issues, its wonderful “features” getting me a bunch of CVE’s, possible attack vectors and the developers in the dark about these issues.
AND as Electron apps do not like to play in the sandbox, this talk will DEMO Electron applications found to be vulnerable, gaining code execution from XSS.
Security researcher from Estonia, working as a web-application pentester in Clarified Security. She has been the speaker at the NorthSec 2018 in Montreal, Hack.lu (upcoming) in Luxembourg. In 2018 she also won the Google scholarship to attend Hack in the Box conference in Amsterdam. Proud member of the reversing group Blackhoodie and one of the founders of TallinnSec - non-profit organization focused on IT security.
Sintija Deruma, CISM is the president of ISACA Latvia Chapter. She is an industry recognized executive with strong business acumen and over 10 years of information security experience. She is completely inspired by the challenge of creating and growing Information Security practices and programs within large organizations, which fits nicely with her passion for managing and developing people.
Sintija has also served as a voluntary expert at Latvian Information and communications technology association (LIKTA). This allowed her to take part in the law development processes in such areas as Critical Infrastructure Protection, National Cyber Security Strategy and The Global Cybersecurity Index (GCI) survey, which measures each nation's level of cyberwellness. Sintija is one of the founders and a member of Latvian information security experts group [DEG] formed in 2012.
Besides that, Sintija is also directly responsible for the management of master degree programme (MBA in Cybersecurity Management) and provides young scientists with the opportunity to conduct research in the newly established cybersecurity research laboratory at BA School of Business and Finance.
Building an Efficient Backdoor Distribution system (EN)
There are many single webshell researches already available on the Internet, this is not one of them. This presentation will focus on techniques used to hide backdoors in existing webshells or backdoored backdoors. Presenter will shed some light on the supply chain integrity problems Cyber Criminals are facing and what we can learn from these findings for a legitimate open source software maintenance and distribution in a trusted manner.