Konference bude za

#Security Session'18

Je nekomerční konference, na které se dozvíte o novinkách a aktuálních problémech v oblasti bezpečnosti mobilních a informačních technologií.

Pro všechny

Vítaný je každý. Vstup na konferenci je zdarma.

Přednášející z praxe

U nás přednášejí odborníci z praxe, kteří mají dlouholeté zkušenosti v dané oblasti.

After Party

Debatuj s přednášejícími a sdílej své myšlenky na After party po konferenci.

registrace

Registrujte se na konferenci a prozraďte nám jaká oblast bezpečnosti Vás zajímá.

PROGRAM

Maria Rigaki [CVUT in Prague]

Arming malware with GANs

Generative Adversarial Networks (GANs) are a recent invention that shows impressive results in generating completely new images of faces, building interiors and much more. In this talk we present how we can use GANs to modify network traffic parameters in order to mimic other types of traffic. More specifically, we modify an open source malware to use a GAN to dynamically adapt its Command and Control network behavior and mimic the traffic characteristics of Facebook chat. In this way it is able to avoid the detection from new-generation Intrusion Prevention Systems that use behavioral characteristics. We will present our experiments from a real-life scenario that used the Stratosphere behavioral IPS deployed in a router between the malware which was deployed in our lab and the C&C server deployed in AWS. Results show that it is possible for the malware to become undetected when given the input parameters from a GAN. The malware is also aware of whether or not it is being blocked and uses this as a feedback signal in order to improve the GAN model. Finally, we discuss the implications of this work in malware detection as well as other areas such as censorship circumvention.

35 minut

D105

mírně pokročilý

EN

Raúl C. Benítez Netto [CVUT in Prague]

ManaTI: Web Assistance for the Threat Analyst

The ManaTI project consists of a front-end web application and a back-end server infras-tructure. The web application centralizes all the operations of the analysts and the back-end infrastructure stores the data and runs the algorithms. The main goal of the web application is to provide the threat analysts a fast interface and analysis tools to speed up their research.

35 minut

D105

mírně pokročilý

EN

Marek Pederzoli, Petr Wittner [Asociace českých lockpickerů]

Lockpicking

Přednáška zaměřená na obecné informace o Asociaci českých lockpickerů a na samotný Lockpicking. Typy, zpracování a rozdělení planžet. Trubkové, kódové a visací zámky. Techniky manipulace s planžetami (Picking, Raking, Lifting, Jiggling). Dynamické metody (Bumping, Pick Gun a elektrické planžety). Trezory a sejfy, jejich rozdělení a Metody nedestruktivního otevírání trezorového zámku.

35 minut

D105

mírně pokročilý

CZ

David Szili [Alzette Information Security]

The Metric System

Lord Kelvin once said; "When you cannot express it in numbers, your knowledge is of a meagre and unsatisfactory kind". The majority information security practitioners have software engineering, electrical engineering or similar background, yet as an industry, we seem to forget the importance of measurements and metrics. Without measuring the effectiveness of our processes, it is very hard - if not impossible - to look for trends, misalignment between norms and current state or simply to make informed decisions. Even current trends point to the opposite direction; for example in Critical Security Controls (CSC) version 5, we had "Effectiveness Metrics" and "Automation Metrics" sections for each control, but CSC version 6 only mentions the importance of metrics without going into any details. In this talk, we will take an overview of the current state and resources available to security metrics. We will see why security metrics are important, how they relate to risk management and if there are "good" or "bad" metrics. We will also attempt to find the most vital security metrics that can indicate the effectiveness of the overall security program of an organization. Finally, we will see a few examples of collecting, analyzing data for metrics and how we can visualize and present them to senior management.

35 minut

D105

mírne pokročilý

EN

Zdeněk Letko, Michal Rajčan [Wandera]

Phishing in the Mobile Landscape

Phishing is one of the most potent and widespread forms of cyberattack in the modern age, and mobile has offered a powerful new access and distribution network for hackers to exploit. In this talk, we describe common phishing attack vectors we spot in our infrastructure with special emphasis on the distribution methods used by attackers. Next, we introduce the Wandera Secure Gateway, the unique way in which we protect our customers against phishing, how we leverage modern artificial intelligence algorithms to detect zero day phishing in our infrastructure, and finally how we block users from accessing these pages.

35 minut

D105

mírně pokročilý

CZ/EN

Norbert Szetei

macOS kernel exploitation

Exploitnutie jadra macOS vyžaduje vzhľadom k idiosynkrázie XNU techniky, ktoré sú odlišné od ostatných populárnych operačných systémov. Po predstavení jeho kľúčových konstituentov spomenieme reprezentatívne typy zraniteľností a spôsoby, akými je možné dosiahnuť vykonávanie ľubovolného kódu v jadre. V ideálnom prípade by mal byť poslucháč oboznámený so základmi problematiky exploitácie v userspace a s ROP. V prednáške vysvetlíme, ako získať kontrolu nad zásobníkom (Jump Oriented Programming), definujeme primitívy na deterministickú alokáciu pamäte v kalloc zónach (Heap Feng Shui) a spôsoby vytvárania "falošných" objektov v pamäti na prekonanie existujúcich ochrán v aktuálnej verzii jadra, pri výskyte zraniteľností typu "heap overflow".

35 minut

D105

pokročilý

SK

Martin Hron [Avast]

Wintel Hell II: Melting point

Ongoing series of talks about interesting CPU, OS features and issues. This talk is going to explain the big two security bugs from the beginning of this year. We are going to focus on the downside of constant speeding up and increasing CPU complexity. These particular bugs are in fact design flaws which are present in the most modern CPUs. Meet Spectre and Meltdown. I'll explain in detail how do they work, where the problem is, what the risks are, how they have been "patched" a what can be done about it in the future.

35 minut

D105

mírně pokročilý

CZ/EN

Robert Šefr [Whalebone]

Hrozby v DNS provozu v českých domácnostech

Jaké hrozby lze identifikovat pouze z DNS provozu více než sto tisíc českých domácností? Jakou havěť, botnety a podezřelé chování je možné najít v této veskrze přirozené malware ZOO?

35 minut

D206

mírně pokročilý

CZ

Daniel Chromek [ESET]

Analýza online webových služieb (alebo brace yourselves: GDPR is coming)

S príchodom GDPR sme začali v rámci internej bezpečnosti riešiť otázku online marketingových nástrojov a ich dopad na bezpečnosť a GDPR-compliance. V prezentácií ukážem postup, akým sme definovali kritériá na kontrolu online marketingových dodávateľov a vybranými zisteniami z analýzy. Primárne okruhy potenciálnych online dodátaveľov, ktoré sme riešili sú:

  • organizácia eventov - aplikácie na registráciu, distribúciu programu, mapy konferencii
  • marketingová komunikácia - newsletter, kampane
  • online tracking - tracking cookies / pixels / javascript

35 minut

D206

mírne pokročilý

SK

Vladimír Sedláček [GREYCORTEX]

Advanced unknown malware in the heart of Europe

Analysis and examples of unknown and targeted attacks on government and enterprise clients in the CEE region. Advanced persistent threats are becoming more and more common "in the wild" - and they are often undetected by the most commonly deployed network.

35 minut

D206

mírně pokročilý

CZ/EN

Kirill Puzankov [Positive Technologies]

Threats and vulnerabilities in mobile networks: real cases from our experience

These days it is hard to imagine life without telecommunications. Anyone who uses e-banking, online payment, online shopping, e-government are long used to one-time passwords for transaction confirmation. The security of this authentication method is based merely on restricting access to telecommunication networks.
While the internet of things is spreading widely into industrial processes and city infrastructure, failures in the mobile network can paralyze them, causing not only occasional interruptions in smart home or car devices, which dissatisfy the operator's customers, but also more critical consequences, such as traffic collapses or power outages.
This talk reveals the results of SS7 security analysis. Signaling System 7 (SS7) is used for exchanging data between network devices in telecommunications networks. While this standard was being developed, only fixed-line operators had access to the SS7 network, so its security was not first on the priority list. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability.
Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats.
To demonstrate the extend of security problems in modern communication networks, this talk shows not only the vulnerabilities that we revealed during SS7 networks security analysis, but also the exploitation of these vulnerabilities as would happen in real life. We have been monitoring SS7 security over the past three years and learned what protection methods are used by telecom operators and whether they are effective in real conditions.

35 minut

D206

mírně pokročilý

CZ/EN

Pavel Novikov [Positive Technologies]

IoT Security in Mobile Networks

After appearance of the botnet Mirai, only lazy did not talk about the insecurity of IoT devices. But is it really so bad? I will talk aboute our experience of researching such devices, as well as what the mobile industry is doing for IoT.

35 minut

D206

mírně pokročilý

EN

Pavol Rusnak, Marek Palatinus [SatoshiLabs]

TREZOR model T - Evolúcia alebo revolúcia?

Ukážeme si novú verziu TREZORu - model T. Čo nové prináša pre užívateľov a vývojárov. Aké dizajnové rozhodnutia ohľadne bezpečnostného dizajnu sme absolvovali a spomenieme rôzne vylepšenia a plány do budúcna.

35 minut

D206

mírně pokročilý

SK/EN

Eva Szilagyi, David Szili [Alzette Information Security]

Introduction to Bro Network Security Monitor

Bro is an open-source Network Security Monitor (NSM) and analytics platform. Even though it has been around since the mid 90's, its main user base was primarily universities, research labs and supercomputing centers. In the past few years however, more and more security professionals in the industry turned their attention to this powerful tool, as it runs on commodity hardware, thus providing a low-cost alternative to commercial solutions. At its core, Bro inspects traffic and creates extensive set of well-structured, tab-separated log files that record a network’s activity. Nonetheless, Bro is a lot more than just a traditional signature-based IDS. While it supports such standard functionality as well, Bro’s scripting language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions, detecting malware by interfacing with external source, detecting brute-forcing, etc. It comes with a large set of pre-built standard libraries, just like Python. During this two-hour workshop, we will learn about Bro's capabilities and cover the following topics: - Introduction to Bro - Bro architecture - Bro events and logs - Bro signatures - Bro scripting - Bro and ELK Requirements for the workshop: - A laptop with at least 8 GB of RAM and more than 30 GB of free disk space - VMWare Workstation or VMWare Player installed.

120 minut

D207

pokročilý

EN

Martin Drahanský, Ondřej Kanich, Mona Heidari [FIT VUT Brno]

Biometric technologies

Presentation of various biometric technologies and practical use.


90

D207

mírně pokročilý

CZ

Marek Pederzoli, Petr Wittner [Asociace českých lockpickerů]

Lockpicking

Ukázka otevírání cylindrické vložky a visacího zámku planžetou, každý účastník si vyzkouší lockpicking. Ukázka otevírání cylindrické vložky elektropickem, pickgunem a použití metody bumping každý účastník si vyzkouší lockpicking. Ukázka nedestruktivního otevírání trezorového zámku pomocí dekodéru. Minisoutěž v lockpickingu pro účastníky workshopu.

90 minut

D207

mírně pokročilý

CZ

Pavel Jirout

Attacking modern Windows systems / OpenVMS 8.4 lab for security testing

Utilizing common tools of trade to attack Windows 10 / Running OpenVMS 8.4 on simulated alpha CPU (x86-64) for fun and no profit. Prepare VirtualBox with Linux and Windows 10, Metasploit and GCC / Mingw 32/64.

90 minut

D206

mírně pokročilý

EN

místo konání

Vysoké učení technické v Brně

Fakulta informačních technologií

fit

adresa

Fakulta informačních technologií
Božetěchova 2
612 66 Brno

InformaceMapa

After Party

Nestihl jsi položit otázku během konference? Připoj se k nám v přátelské atmosféře na After Party a diskutuj s přednášejícími a účastníky.

Naši partneři