Kiberdrošības konference "Kiberšahs 2019". Runātāji.
CyberChess CTF is a mixed-level, jeopardy style CTF, designed for Cybersecurity enthusiasts who are just trying to break into the field as well as experienced security experts. Challenges are meant to train fundamental understanding of concepts used by defense/attack, forensics and developer community. We encourage you to participate even if you have never played a CTF before. It is a unique chance for networking with likeminded people and learn from each other.
CyberChess CTF occurs over two days during the Conference.
Teams taking first three places will be awarded with cool gadgets and uniquely designed CyberChess CTF T-Shirts.
CyberChess CTF will run 02 - 03 October 2019
Start Time: 10:00 (GMT+3) Time, 2 October
End Time: 15:00 (GMT+3) Time, 3 October
Requirements for participation:
- Team consisting of 1 to 3 players must register under a team name on CTF platform https://ctf.cyberchess.lv
- Teams will need regular access to a computer and an Internet connection. Mobile devices with small screens (smartphones) are not recommended.
- Access to CTF platform - available from the Internet.
- Teams should connect to the CyberChess CTF Slack channel cyberchessctf.slack.com #ctf and keep it open during the competition to receive any updates and feedback.
- CTF platform will stay online until 31 October 2019.
Registration & more info: https://ctf.cyberchess.lv
Presentation title: Evaluating the human factor of cybersecurity through active engagement using a Dynamic e-learning Risk Assessment Platform (DelRAP)
Workshop: Cyber security risk assessment is important for understanding risk exposure to the confidentiality, integrity, and availability of assets. The human factor is recognized to have a growing importance for the organizations. Unfortunately, estimating such risk is difficult. We have developed three cyber hygiene courses for targeting the challenge. During the workshop, we will make an introduction to the overall threat landscape and highlight the importance of raising the awareness of people about cyber security topics. We will engage the participants in the cyber hygiene course using our DelRAP and give feedback about the results.
There is no previous experience needed.
Who would benefit: regular end users, HR, CISOs and all who are interested in end-user and overall security awareness.
Presentation title: European Cybercrime Centre (EC3): tackling cybercrime in the 21st century (no live stream)
Talk: Since Europol established the European Cybercrime Centre (EC3) in 2013, EC3 has made a significant contribution to the fight against cybercrime by coordinating and supporting many high-profile operations and hundreds of on-the-spot operational-support deployments, resulting in hundreds of arrests. This talk will present the pros and cons of the holistic approach taken by EC3 to tackle highly professionalised organised cybercrime groups and a recent successful operation.
Bio: Álvaro Azofra is a Cyber Crime Specialist at the Cyber Intelligence Team of the European Cybercrime Centre (EC3) at Europol. After receiving his BSc in Computer Science, he developed his professional career in the private sector as a Software Engineer. A few years later, he joined the Spanish National Police and was involved in the Counter Terrorism and National Critical Infrastructure Protection areas. He joined Europol in 2017 and since then, he has coordinated and supported several international Law enforcement investigations and co-developed Europol projects with Law enforcement, public and private partners, especially CSIRTs.
Presentation title: Reputation, finance and capability are at stake: the dark side of cybersecurity
Talk: Both private enterprises and public authorities implement cybersecurity solutions not because of a theoretical need for cybersecurity. Such cybersecurity solutions are necessary to protect the main assets: finance, reputation or capability to perform certain functions (for example, for the purposes national security). The presentation will
show specific examples of loss of reputation, negative impact on functional capability, bankruptcy cases, impact on stock price and trends in the area of mergers and acquisitions related to cybersecurity level and issues. At the end, the presentation will show the main source reasons that negatively influenced both public and private entities and that can be systematically managed and controlled to reduce a risk of negative consequences.
Bio: Anna is certified European (CIPP/E) and Latvian data protection officer and CSX certificate holder and is a part of Intellectual Property, IT & Regulatory practice group at law firm COBALT in Latvia. She got the relevant experience in Latvia and the US. Her main focus is data protection and technology matters. Anna carries out data protection compliance audits and consults clients on privacy issues. Anna also lectures at the Riga Graduate School of Law, BA School of Business and Finance, Vidzeme University of Applied Sciences and Baltic Computer Academy on Information and Communications Technology Security, Cybersecurity and Data Protection and has published extensively on those subjects.
Additionally, Anna is involved in speaking at privacy events and organizing them (for example, MyData conference and Cyberchess) and in assisting privacy and cybersecurity-related associations (for example, ISACA, MyData Global and Association of Certified Data Protection Officers).
Presentation title: Knowledge as a Weapon: Oversight and Review of Cyber Espionage and Cyber Weapons Development
Talk: Article 36 of Protocol I Additional to the 1949 Geneva Conventions requires states to conduct a legal review of all new weapons, means
and methods of warfare in order to ensure that their deployment would be in compliance with international law. It states that : "In the study, development, acquisition or adoption of a new weapon, means or method of warfare, a High Contracting Party is under an obligation to determine whether its employment would, in some or all circumstances, be prohibited by this protocol or by any other rule of international law applicable to the High Contracting Party." The cyber domain creates some new controversies as to what to review, when to conduct the review and which legal regime should apply - international human rights law, law of armed conflict or this of arms control. Cyber weapons development is a complex and time-consuming procedure, further complicated by the fact that majority of the more sophisticated cyber weaponry is custom-tailored to a specific target. Getting to know the target, its functioning and the vulnerabilities inherent to it, therefore, makes up a large share of the whole development and deployment procedure, while the actual attack may consist of merely switching a button. This kind of systemic long-period covert information gathering typically belongs to the arsenal of foreign intelligence services, rather than that of military cyber security officers or weapons industry. The merging of espionage and weapon acquisition implies that while one is accessing and copying the necessary data about the target and learning to know its systems, she might, in fact, already be building the weapon. Taking the latter as its point of departure, the present study aims to look at how cyber intelligence is regulated and compare it to the legal framework applicable to weapon reviews and arms control, search for overlaps and contradictions and ultimately shed some light into which regime should be preferred in the different stages from the study to deployment of a cyber weapon.
Presentation title: The 10 Immutable Security Facts for 2019
Talk: A top 10 is subjective in nature, but it wasn’t just pulled out of thin air. The 10 facts are based on trends in recent threats, my own security research, and discussions with CISOs and security leaders.
The Top 10 security facts for 2019:
1. The Attack Surface of the Public Cloud is defined by Permissions
2. The Insider thread of the Public Cloud is the Outsider
3. HIDs, NIDs, and Flow Collectors are pointless for Securing Cloud-based Applications
4. WAF does not keep up with Cloud Native Applications
5. East-West Traffic is getting Encrypted
6. Attackers are getting Automated
7. Attacks are getting more Sophisticated
8. APIs are the new Front-end
9. Machine and Deep Learning become essential for Threat Detection
10. 5G will fuel the next IoT Explosion
Starting the discussion with an overview of the current threat landscape, illustrating with real-world incidents in following categories:
- Cloud infrastructure abuse
- Data breaches through publicly exposed S3 buckets
- Ransom of poorly secured cloud data services
- Cloud Infrastructure owning and wiping
- Cloudification of DDoS attacks
- Automated threats
A quick run through of the top 10 security facts.
The rest of the discussion will lead to the 10 facts and is organized in 4 chapters, each centering around a top of mind topic:
1. Migrating to the cloud
2. Cloud Native Applications
3. Automated Threats
4. 5G/IoT Intersection
Each chapter is summarized with the top security facts that were demonstrated throughout the discussion.
Presentation title: Hidden Face of the Darknet
Talk: What is the dark net? Radware, will walk you through how hackers access the Darknet. A playground for illegal activities, the Darknet includes a large number of marketplaces and forms for hackers who are willing to buy and sell digital attack services. Attend this "virtual visit" and see the different attack services and tools that can be purchased. We will explore deeply the following:
Dark Net: Collection of websites accessed from a TOR server that keep the user anonymous
Dark Net Market
What Information Security Attacks can be purchased on the darknet
Vendors based on reputation
Lower prices, higher quality
Bio: Since 2010, Mr. Herberger has been responsible for the security business at Radware, a recognized information security business and technology leader. In this role, Mr. Herberger has been responsible for many industry firsts and awards including the introduction of the first ever Hybrid DDoS & Hybrid WAF Offerings, forging OEM alliances with Cisco, Checkpoint, Nokia, ATOS, Tierpoint and responsible for 67% of the world’s DDoS services running on Radware platforms. He also crafted technical leading positions in WAF, Workload Protection, Malware and Cloud Security Services in the marketplace.
Before joining Radware Carl had business leadership roles at Evolve IP, a leading cloud services company and Allied InfoSecurity, Inc. – an international provider of best-in-class security consulting and technical compliance services, where he served as President and Co-Founder. Prior to his tenure at Allied InfoSecurity, Inc., Carl served
as the Information Security Officer for Barclaycard US. In this role, he was responsible for the entire information security program.
From 2002 to 2006, Mr. Herberger was the senior executive in charge of the SunGard Professional Services IT hSecurity Practice, which was, recognized as one of the top-five IT security-consulting organizations in the U.S. in 2005.
Mr. Herberger also served as a U.S. Air Force officer, with his last duty serving the Pentagon. While at the Pentagon, he evaluated computer security events affecting daily Air Force operations. He also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense.
“You are spies and it came into your attention that an international company just created a mathematical formula which increases the efficiency of supply chains by 50 percent.
The file is being stored on Peter’s computer, who is just having a lunch break. Thus, you have 20 minutes to log into to his computer and email the highly confidential document. It is of utmost importance that his email address is used, because this way even if the information leakage is detected, he will be suspected by internal auditors…”
When taking part in the game we gain insight into the answers of the following questions:
- What bad habits are part of our everyday related to data protection?
- What serious damage can be caused by careless data protection?
- How can we develop our data protection awareness?
- How to protect company secrets and confidential information in our possession?
Sign up to get your place on the spy team:
Workshop title: Cyber Deception: Applying active defense measures to hunt attackers with MazeRunner
Workshop: Today, perimeter breaches are considered imminent. Once an attacker gets past a certain point in perimeter defense, defenders have little to no visibility of what is happening and thus have difficulties identifying and stopping attackers. Meanwhile, attackers are moving laterally within the organization or lying in wait for a good time to act. Cyber deception is about baiting, studying, investigating, fingerprinting, and/or smoking out these attackers.
During the workshop we will learn how to use MazeRunner, Cymmetria’s cyber deception solution. Cymmetria also offers a Community Edition of our product. We will begin by setting up decoys, real operating systems, and configure them with services and content so they look real to the attacker. Later we will create connections to these services which are deployed on endpoints, this information will attract the attacker to access our decoys. We will use metasploit to learn how attackers extract information from endpoints and move laterally. Then we will use MazeRunner to monitor the track the attacks.
Requirements: Each participant should have a laptop with the ability to connect to the internet and an option to open ssh/rdp session.
Presentation title: Adversary deception cases (TBC)
Talk: Deception is an effective way of catching attacker by placing real looking decoys in production organizational networks. Here Mr. Dekel tells the nitty gritty details of cyber deception, the value you get out of it, what works well and what doesn't. Examples includes the time we caught a bitcoin miner, the time we saw a nation state actor and even a major data dump and more.
Bio: Dekel Braunstein possesses more than 20 years of experience in web development and platform architecture. In addition to his service in an elite unit of the Israeli intelligence corps, he has worked in multiple web-based startup environments, where he developed analytical tools, e-commerce platforms and performed vulnerabilities research. Over the last decade Dekel has volunteered in the Israeli CERT, contributed to multiple open-source projects and is leading the technological development at Cymmetria, an Israeli startup focused on using deception to catch attackers.
STRIKE (Short-Term Real Intrusion and Hacking Exercise)
Presentation title: Machine code instrumentation for block runtime statistical analysis and prediction
Talk: Talk will be based on Master thesis. In the first part several use cases for machine code reverse engineering will be described (copyright and commercial secret protection, vulnerability analysis). As well as the process, tools and steps for binary analysis. In the second part, several analysis methods will be compared for effectiveness, identifying situations, where they might be lacking.
A new, original method will be proposed – “inter-block probabilistic transition graph”. It builds upon existing tracing methods, augmenting them with block history statistical analysis. After practical application, it was concluded that it has benefits in certain situations. Inter-block probabilistic transition graph can be used to model program future behavior.
Presentation title: 5G – Cybersecurity (RE)evolution
Bio: Egons Bušs has 25 years of experience in the field of information security, cyber security and information technology. Egons started his career back in 1980s on mainframe computers. His further work experience continued at the Bank of Latvia, first, as a Network and Systems Administrator, and the first bank’s Webmaster, up to the Deputy Head of Information Systems Department. Egons was assigned Project Manager for two security projects at the European Central Bank in Frankfurt am Main, Germany. From 2008 to 2016 Egons worked as an IT Director at ELKO Group, which is a large IT distributor in 10 Eastern and Central European countries. In 2016 Egons joined Latvian Mobile Telephone as a Security Director. Egons holds CGEIT (Certified in the Governance of Enterprise IT) Certificate. Egons serves on ISACA Latvia Chapter Board as Immediate Past President and Executive Vice President.
Presentation title: WireGuard: Svaiga vēsma IP tīkla tunelēšanas protokolu saimē
Talk: WireGuard is drošs L3 līmeņa tīkla tunelēšanas protokols, kurš darbojas kā Linux kodola virtuālā tīkla saskarne. WireGuard mērķis ir aizstāt klasiskos bet nu jau novecojušos IPsec un uz TLS bāzētos VPN risinājumus kā OpenVPN, nodrošinot drošāku, veiktspējīgāku un vienkāršāku lietošanu. Aprakstītas IPsec protokola atslēgu apmaiņu apakšprotokolu IKEv1/IKEv2 drošības problēmas, sarežģītība kā arī demo tuneļa izveidē no Android 9 ar iebūvētajiem VPN L2TP/IPsec RSA un IPsec Xauth RSA(Cisco VPN) klientiem un vājo atslēgu apmaiņas algoritma izmantošanu. Aplūkoti WireGuard darbības principi ieskaitot komunicējošo pušu autentifikāciju, atslēgu apmaiņu, kripto atslēgu maršrutēšanu, autentificēto datu šifrēšanu un veiktspējas salīdzināšana ar klasiskajiem IPsec un OpenVPN risinājumiem. Demo ar tuneļa izveidi no Android 9 un iOS 12.3 lietotāja ierīcēm uz Ubuntu 18.04 WireGuard vārteju. WireGuard protokola drošības formālā analīze un secinājumi.
Bio: Vairāk 25 g. pieredze IT drošības jomā t.sk. vairāk kā 20 g. pieredze Latvijas Bankas informācijas sistēmu drošības administrēšanā un ekspertīzē.
Presentation title: How can students develop real Cybersecurity skills?
Talk: The growing and complexity of security challenges are starting points for educational institutions to focus on preparing a Cybersecurity conscious professionals. To develop effective active-learning exercises that engage students, it is important to provide them a more holistic view of real security world. We present some ideas, tools and resources (including open-sources) to promote more effectiveness of the Cybersecurity learning process.
The anticipated points for discussion include the Cybersecurity teaching approaches and importance of the industry–university collaboration.
Bio: IT Security Engineer (iPro SIA) with more than 12 years of teaching experience as a lecturer and Cisco Networking Academy Instructor (Transport and Telecommunication Institute).
Workshop title: Profiling and People based skills for Social Engineering Physical Engagements
Workshop: This session will cover the basics of people based social engineering skills. It will outline how to profile target organisations and prepare for physical infiltration engagements for social engineering tasks. The session gives practical advice on physical infiltration work and interactions with people during social engineering assignments. The session will cover preparation and planning for infiltrating target organisations, profiling skills for better interactions with people, and constructing scripts and pretexts for working with individuals within a target organisation.
Requirements: No previous knowledge is required. Laptop and access to the internet will be helpful but not mandatory.
Presentation title: Social engineering (TBC)
Bio: Jenny Radcliffe is an expert on the human element of social engineering and has vast experience in working with people on social engineering engagements. She teaches on the topic of human security and social engineering skills at many different universities and organisations on a global basis and is regularly featured in both the general media and for industry articles, interviews and publications, discussing social engineering, scams, cons and related topics. She is the host of the multiple award winning Human Factor Podcast and YouTube channel, and is a regular global keynote speaker at conferences and events related to security and how social skills contribute to security.
Presentation title: Security awareness & escape rooms – behind the scenes of “Hack The Hacker"
Talk: In August 2018, SWITCH launched “Hack The Hacker”, a interactive Security Awareness training in form of an escape room. Up to six participants are sent on a mission to stop the hacker’s attack against their organization. But first, an introduction provides basic knowledge about security which is further needed to solve the puzzles in the game. In a debriefing, the experienced security aspects are strengthened by referring back to the initially discussed topics.
After one year of hacking the hacker and having trained almost 300 participants, we gained a lot of insights into what to keep in mind when establishing a security awareness escape room, as well as what to expect from gamified trainings.
With this presentation, I will share our lessons learned during the process of planning, developing and maintaining a security awareness training in form of an escape room.
Bio: Mathias Karlsson studied Electrical Engineering at ETH Zürich, then briefly worked in a SOC in the financial sector and now works for 5 years as a Security Engineer at SWITCH-CERT. Besides incident management for all constituencies, he primarily provides services to the academic customers. This ranges from providing NREN community workshops, trainings and news, over process and service development, to the architecture and operation of data collection, processing, analytics, monitoring, reporting and delivery services.
SWITCH-CERT provides a wide range of services to multiple constituencies ranging from academia over financial and industry sector to the Swiss DNS infrastructure, and is one of two Swiss national CERTs.
Presentation title: What gaps and challenges are municipalities facing? Cybersecurity research results.
Talk: In the age of technology, traditional processes and services provided by the public sector are more and more often entrusted to information and communication technologies. The development of digital services, which appears to be on the rise in the public sector such as municipalities and the state, is also the cause of elevated risk of cyber threats. The chances that cyberattacks would harm not only the organisation itself but also the users of its online platform are high.
The goal of KPMG study “How cybersecure are municipalities in Latvia?” was to establish the level of cybersecurity at municipalities of Latvia, the most common issues they were dealing with, and how cyber intelligent public sector employees are.
Bio: Kaspars has extensive experience in performing cyber security audits, developing IT strategies, performing IT audits for local and international organisations in compliance with ISO/IEC 27001, among others. Kaspars holds an MSc degree in Management and Information Systems Innovation, 2013 (UK) as well as various professional certificates. At the moment Kaspars is in process of attaining his PhD with the core focus on Management.
Presentation title: Par ko publiski nestāsta - uzbrukumu sekas Latvijā
Workshop title: Exercise Mercury and Exercise Neptune: Social engineering in action
Workshop: The more and more we are online, the more we are increasingly leaving a digital footprint. We need to understand our individual element, in order to provide a full security picture of our organisation as a whole. In this workshop, we will go through the work conducted by TALTECH and KING'S and PEMBROKE college, University of Cambridge in how OSINT skills are used to better provide a penetration test and show any weaknesses in your organisation. We then go directly into a workshop, after teaching the basics, and then write an attack profile.
Presentation title: Exercise Mercury and Exercise Neptune: Social engineering in action
Bio: Kieren Lovell is the Head of TalTech CERT, incident response instructor for the Defence Academy of the United Kingdom, lecturer at King's and Pembroke college, Cambridge, product evangelist for SpectX and board member of Cyberstruggle. Prior to this role, he was the Head of CERT for the University of Cambridge, and CISO for Standing NATO maritime group one.
Presentation title: All the Animals are sad in the Zoo
Talk: This research employs zmap to look at the zoo that is Latvian IPv4 address space and quantify the number of hosts in it classifying them by type: servers, enduser devices directly connected to the internet, properly configured SOHO routers, badly configured SOHO routers etc.
Version detection is then attempted using masscan to gauge the security level of each endpoint by checking if it has any publicly known vulnerabilities. (This is reported to CERT.LV or MilCERT.) All of the data is grouped by the AS and inetnum objects. Interesting cases are investigated further using nmap and manual inspection. Research is carried out during Summer 2019.
Bio: Mg. sc. comp. Kirils Solovjovs is Lead Researcher at Possible Security, bug bounty hunter, IT policy activist, and the most visible white-hat hacker in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance. Kirils has developed the jailbreak tool for Mikrotik RouterOS. He has extensive experience in social engineering, penetration testing, network flow analysis, reverse engineering, and the legal dimension.
Presentation title: Ursnif campaign with the macro-enabled documents
Talk: During the first half of February 2019 there was an increase in occurences of the spam messages containing attached documents with the names in the form “Request” followed by the number, like “Request15.doc”. These documents contains slightly obfuscated macros which leads to execution of the powershell downloader. This powershell script downloads the Ursnif malware from the domains mostly registered in Russian Federation and resolved to the Russian IP adresses. In some cases the GandCrab ransomware is also downloaded and executed. This proposal is case study and analysis of abovementioned campaign.
Bio: Ladislav is a malware and forensics analyst, computer security enthusiast, software developer, occasional speaker at conferences and trainer. He has 10+ years of experience in education, lectures and trainings, mostly for students of high schools, universities and for employees in a public sector. He has also 5 years of experience in cyber security, incident response, malware analysis and forensics.
Presentation title: Unconscious Human Behaviour and Social Engineering: Bridging a Gap between Psychology and Information Security
Talk: The presentation will describe the basics of unconscious human behaviour that social engineers exploit. It will explain behaviours, how they manifest in daily life and how social engineers could exploit them. Then, the presentation will give tips about how to avoid these biases to make information security more robust.
Bio: Mischa is a Master of Science in Mediapsychology, Chief Psychology Officer at Grey Matters and a public speaker giving speeches on consumer psychology, social psychology, media psychology, nudging, behaviour influence, escalation prevention, fake news and social engineering. He is also a jury member for Digital communication Awards, co-founder of TEDxUtrecht and certified Microexpression Recognition expert.
Unicorns, Bigfoot, Threat Intelligence, Information Sharing and Other Myths
Talk: Threat Intelligence is heralded as the Holy Grail of security. Knowing your enemy and their tactics is the only way to defend yourself in the new world of constant attack. Or is it? Does Threat Intelligence really provide the promised value or is it the flavor of the month? How does an organization know which sources to trust, when to share and how to transform the endless flood of security data into actionable information?
Whether your intelligence sharing/gathering is peer to peer, public/private, commercial service or open source, there is a risk of realizing the quote from Aristotle: 'the more you know, the more you don’t know.’ In this session you will hear experiences, practical lessons learned, pitfalls and successes from more than ten years of active participation in various flavors of information sharing and threat intelligence from key critical infrastructure sectors - in addition to a healthy dose of truth, heresy and comedy.
When Data Eats SCADA
Talk: The latest idea I’ve been working on is related to the shift in the risk model to industrial security as the data becomes as valuable (or more valuable) than the actual operations. Think of a day when the electric utility gives away power to get access to the data. Why? Because the data will be worth more than the power. What will this mean for how we secure any modern/future industrial organization - holistically - from the industrial process to the data sales, watermarking and integrity efforts to keep the business viable.
Bio: Patrick Miller has dedicated his career to the protection and defense of critical infrastructures as a trusted independent security and regulatory advisor. He is a Managing Partner at Archer International, as well as the founder, director and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water and Financial Services verticals including key positions with regulatory agencies, private consulting firms, utility asset owners and commercial organizations.
Presentation title: Hunting the Bad Guys: Approaches to Threat Detection
Talk: Many organisations have invested in multiple security technologies but find it difficult to use them effectively to identify and mitigate
threats with early detection when an attacker attempts to exploit a vulnerability in your network.
Cymmetria is a cybersecurity company at the forefront of deception technology. Effective implementation of cyber deception requires an
understanding of your information assets, the threats that you are facing, and the security controls you have in place to mitigate them.
This talk, based on practical experiences, examines a best-practise approach to detecting potential and exploitable threats in your network.
Bio: Peter Glock is Managing Director for Cymmetria in Europe, Middle East and Africa and board member for a number of technology start-ups. Peter was co-founder of Equant Security Services (now Orange Cyberdefense) with more than 20 years experience of developing and managing cyber security services for multinational organisations. He is a physics nerd with a peculiar interest in quantum computing.
Presentation title: Who’s bad? Can Anomaly Detection Figure it Out?
Talk: The presentation deals with the most basic question of cybersecurity, the universe and everything - How to figure out the good, the bad and the ugly in an immense amount of network traffic and data in general.
GREYCORTEX deploys Machine Learning to help the information security analyst focus his search on known and unknown threats more efficiently. The aim of the presentation is to explain the relationship of Anomaly and Outlier Detection on different levels and its particular security implications.
Bio: Petr Chmelar, the Chief Technology Officer of GREYCORTEX, possess 15 years experience in advanced data mining, machine learning, and artificial intelligence. Starting at Brno University of Technology, he gained multiple successes in US-based NIST challenges (TrecVid and AVSS Challenges between 2008 a 2012) and acted as a yellow-teamer in the Crossed Swords NATO CCDCOE cyberdefense exercise. He is a co-founder of GREYCORTEX and the mastermind behind its technology.
Presentation title: Stop chasing security
Talk: Defences fail; there is no silver bullet or special combination of layered security or a defence-in-depth strategy that will achieve absolute protection. This leads to the question: how can you effectively demonstrate - right now - that your enterprise isn't breached?
The purpose of this talk is to cut through some of the market noise that convinces enterprises that it's a good idea to rely on the very defensive tools that let malware breach to then go find it.
We will introduce the four emerging endpoint-focused malware hunt methodologies and then explore how adopting a forensic state analysis (FSA) methodology and framework can be used to develop/tailor malware hunt programs and answer the question "am I breached right now".
Bio: Robert is a senior level consultant with a broad range of skills developed over 25 years of experience in IT. With roots in software development, Robert can write code and program - however his interest lies in strategy and technology alignment and he has built a solid history of identifying trends ahead of the curve.
Robert has led entrepreneurial ventures as well as successful projects with medium and large enterprises and national and regional governments across the world. Successfully operating small and medium sized firms in Canadian and international markets across Africa, Middle East, and Asia equips him with a unique and adaptive skill set.
Robert is currently the Head of Cyber Security at Virgin Mobile in the United Arab Emirates. Additionally, in recent years Robert has invested his time advising and guiding six technology startups through their early stage product development and roll-out to market.
Presentation title: Advanced Neural Network-Based Technique for Android Smartphone Applications Classification
Talk: With the booming development of smartphone capabilities, these devices are increasingly frequent victims of targeted attacks in the cyberspace. Protecting Android smartphones against the increasing number of malware applications has become as crucial as it is complex. To be effective in identifying and defeating malware applications, cyber analysts require novel distributed detection and reaction methodologies based on artificial intelligence techniques that can automatically analyse new applications and share analysis results between smartphone users. Our goal is to provide a real-time solution that can extract application features and find related correlations within an aggregated knowledge base in a fast and scalable way, and to automate the classification of Android smartphone applications. Our effective and fast application analysis method is based on AI and can support smartphone users in malware detection and allow them to quickly adopt suitable countermeasures following malware detection. We evaluate a deep neural network supported by word-embedding technology as a system for malware application classification and assess its accuracy and performance. This approach should reduce the number of infected smartphones and increase smartphone security. We demonstrate how the presented techniques can be applied to support smartphone application classification tasks performed by smartphone users. We perform manual analysis of the manifest and source files of android applications in order to formulate additional features if possible. The model trained on the newest malware samples we compare with our previous model.
Bio: Roman Graf, Ph.Dr., OSCP, research engineer at Center for Digital Safety & Security in Austrian Institute of Technology GmbH, works on AI, Cyber Security and Data Analytics topics, contributing to the development of several European research projects like EDSI, MAL2, EARK, DMA, SonnWende+, Ecossian, Planets, Assets and SCAPE. He has published widely in the area of AI and Cyber Security, being an active member of the Open Preservation Foundation (OPF). Finally, Dr. Graf supported the development of File Format Metadata Aggregator (FFMA) and cyber threat intelligence solution CAESAIR serving as one of a key developer and contributed a module to the Open Source Threat Intelligence Platform (MISP).
Presentation title: Īsa pamācība laušanā jeb tīmekļa lietotņu izplatītākie drošības apdraudējumi [LV]
Workshop: Darbseminārs ir paredzēts kā īss ieskats ētisko urķu ikdienā. Semināra gaitā tiks apskatīti izplatītākie tīmekļa lietotņu riski gan vadoties pēc OWASP vadlīnijām, gan arī no reālās prakses. Piedāvāsim minētās ievainojamības atrast un izpildīt kontrolētā vidē, izmantojot ikdienā lietotus rīkus un metodes. Papildus, dosim padomus, kā šādas ievainojamības efektīvi novērst.
Bio: Rūdolfs Augustovskis, CEH, OSCP: Rūdolfs ir IT drošības konsultants ar pieredzi iekšējo un ārējo ielaušanās testu veikšanā, padziļinātā lietotņu drošības testēšanā, sociālās inženierijas uzbrukuma scenāriju pārvaldīšanā un lietotāju drošības izpratnes veicināšanas semināros, drošības risinājumu ieviešanā, kā arī drošības auditu veikšanu vairākiem klientiem. Kā OWASP biedrs ar vairāku programmēšanas valodu pieredzi, Rūdolfs arī aizraujas ar tīmekļa lietotņu un serveru drošību.
Presentation title: Your internet is down? It's cyberwarfare, stupid
Talk: So you have a firewall, an anti-virus, a sandbox, a super-sophisticated SIEM, but you still don’t feel safe? You’re absolutely right! The reference threat for enterprises, large organizations, infrastructure, and suppliers today is not the random hacker or a ransomware infection, it’s the state-sponsored attacks! And the reason for that is the lack of our ability to effectively defend against those. Current days security measurements can’t handle a well-crafted targeted attack. And it’s not a question of “if” but of “when”. And when successful, it’s not only your data that’s at stake, but the blast radius you can create. Because if you run a power grid, electricity supply might get interrupted. If you run a bank, you might come one day only to see you're missing a few millions of dollars. And if you have an election campaign the public opinion might be manipulated due to fake news. These attacks are happening all the time. Very often undetected, but always carry a big damage potential. We don’t know much about state-sponsored attack. I mean, you don’t know much. I had the chance of seeing some of them in action, first hand, during my military service in 8200. In this talk we will go over some of the recent attacks, learn how were they executed and what must organizations do avoid such incidents.
Bio: Shira Shamban is a security researcher and technical expert with a focus on threat intelligence. She started her professional career in cybersecurity as a Military Officer in the elite intelligence unit 8200 of the Israel Defense Force. During her 13-year service in the unit, Shamban acquired hands-on experience in cybersecurity and intelligence operations while earning an engineering degree from Tel-Aviv University. After her military service, Shamban turned to security innovation in business. As the Data Initiative Lead at Dome9 Security, Shamban is now helping organizations embrace the public cloud securely. Shamban strongly believes in empowering women in the world of technology. She volunteers as a Lecturer and a Mentor in forums such as SheCodes and OWASP-WIA.
Presentation title: Web application and cloud security: Learning through mistakes
Talk: Doing security in smart, well thought manner doesn’t exist in the world of web application security and public cloud. Evaluating the maturity of Yourself, Your company and the partner You are doing drastic moves towards cloud makes all the difference. In this maturity process also, the technical solutions are getting their place into the architecture of the solutions. There are a lot of misunderstandings on the way to the cloud and towards the cloud native applications on the way.
This talk is all about the mistakes being made on this journey and the possible solutions to do it better from perspective of a person who has seen a lot of it and is probably going to see a lot more of it in the future.
Plan is to learn together what to do, what to demand and what to ask to make the right choices when that time comes.
Bio: Timo Lohenoja is the System Engineer at FORTINET, Finland and the Baltics. Moreover, Timo is long term application security enthusiast and cybersecurity educator, frequent key note speaker in public cybersecurity events and conferences. As a builder of security integrated world, Timo is educating companies and communities to combine strong security solutions, such as SD-WAN, client security and next generation firewalling with findings through smart logging and machine learning to build best possible solutions for each and every case. Recent interests are in machine learning, containerized protection implementations and continuous education to build better cybersecurity understanding for everyone.
Presentation title: Core Infrastructure Protection from Distributed Denial-of-Service (DDoS) Attacks
Talk: The use of new technologies including IoT, sensors and controllers is increasing all over the world. This trend is observed in Latvia as well, considering the excellent local digital infrastructure and cheap, stable Internet connection. However, the process has the “other side of the coin” – the number of cybercriminals, using innovative devices and techniques for attacks, is also growing.
SIA Tet is a long-standing leader in the technology market, as well as being responsible for the Internet “backbone” and the national critical infrastructure.
As a service provider Tet faces distributed/denial service attacks (DOS/DDoS) and has extensive experience in preventing them. During the presentation Tet will provide insights into measures which we have implemented for monitoring and remediating threats as well as few case studies on cyberattacks. Tet will also explain how to protect yourself if you have become a victim of DoS/DDoS attack.
Bio: Uldis Libietis is a Chief Information Security Officer and Head of data protection and IT security at SIA Tet (ex-Lattelecom). He is a highly-qualified IT professional with over 20 years of experience at Tet group companies. Uldis participated in various crucial Tet projects starting from telephony modernization in 90s, internet services implementation in 00s and development of Tet cloud services in recent years. Uldis is an active member of non-profit telecom community ETIS, vice-chairman of Data privacy task force working group and a member of ETIS SOC/CERT working group.
Presentation title: Secure Online Identification of Natural Persons
Talk: With a growing number of business or administration processes being provided digitally rather than face-to-face or in written form, the demand for online mechanisms to securely identify natural persons on suitable assurance levels is rapidly increasing. Video-based methods are widespread but prone to a number of additional attack vectors. This talk examines feasibility and mitigation of such attacks as well as alternative methods of identifying customers and citizens. Appropriate identification mechanisms should be chosen according to eIDAS assurance levels required by risk assessment or regulatory requirements.
Bio: Dr. Ulf Löckmann is a member of unit "eID Solutions for Digital Administration" of the Federal Office for Information Security in Germany. He is engaged with the secure application of identification and authentication mechanisms especially for trust services and user accounts for electronic government.