-
Security Session '18Saturday 7. 4. 2018 at FIT VUT, Božetěchova 1, Brno
Register for the conference and tell us what is your area of interests in computer security.
9.00
Maria Rigaki [CVUT in Prague]
Generative Adversarial Networks (GANs) are a recent invention that shows impressive results in generating completely new images of faces, building interiors and much more. In this talk we present how we can use GANs to modify network traffic parameters in order to mimic other types of traffic. More specifically, we modify an open source malware to use a GAN to dynamically adapt its Command and Control network behavior and mimic the traffic characteristics of Facebook chat. In this way it is able to avoid the detection from new-generation Intrusion Prevention Systems that use behavioral characteristics. We will present our experiments from a real-life scenario that used the Stratosphere behavioral IPS deployed in a router between the malware which was deployed in our lab and the C&C server deployed in AWS. Results show that it is possible for the malware to become undetected when given the input parameters from a GAN. The malware is also aware of whether or not it is being blocked and uses this as a feedback signal in order to improve the GAN model. Finally, we discuss the implications of this work in malware detection as well as other areas such as censorship circumvention.
35 min
D105
Medium
EN
Raúl C. Benítez Netto [CVUT in Prague]
The ManaTI project consists of a front-end web application and a back-end server infras-tructure. The web application centralizes all the operations of the analysts and the back-end infrastructure stores the data and runs the algorithms. The main goal of the web application is to provide the threat analysts a fast interface and analysis tools to speed up their research.
35 min
D105
Medium
EN
11.00
Marek Pederzoli, Petr Wittner [Asociace českých lockpickerů]
Lecture focused on general information about the Association of Czech Lockpickers and on Lockpicking itself. Types, processing and distribution plan. Tubular, code and padlocks. Picking, Raking, Lifting, Jiggling). Dynamic Methods (Bumping, Pick Gun and Electric Plates). Safes and safes, their distribution and methods of non-destructive opening of the vault lock.
35 min
D105
Medium
CZ
11.40
13.00
David Szili [Alzette Information Security]
Lord Kelvin once said; "When you cannot express it in numbers, your knowledge is of a meagre and unsatisfactory kind". The majority information security practitioners have software engineering, electrical engineering or similar background, yet as an industry, we seem to forget the importance of measurements and metrics. Without measuring the effectiveness of our processes, it is very hard - if not impossible - to look for trends, misalignment between norms and current state or simply to make informed decisions. Even current trends point to the opposite direction; for example in Critical Security Controls (CSC) version 5, we had "Effectiveness Metrics" and "Automation Metrics" sections for each control, but CSC version 6 only mentions the importance of metrics without going into any details. In this talk, we will take an overview of the current state and resources available to security metrics. We will see why security metrics are important, how they relate to risk management and if there are "good" or "bad" metrics. We will also attempt to find the most vital security metrics that can indicate the effectiveness of the overall security program of an organization. Finally, we will see a few examples of collecting, analyzing data for metrics and how we can visualize and present them to senior management.
35 min
D105
Medium
EN
Zdeněk Letko, Michal Rajčan [Wandera]
Phishing is one of the most potent and widespread forms of cyberattack in the modern age, and mobile has offered a powerful new access and distribution network for hackers to exploit. In this talk, we describe common phishing attack vectors we spot in our infrastructure with special emphasis on the distribution methods used by attackers. Next, we introduce the Wandera Secure Gateway, the unique way in which we protect our customers against phishing, how we leverage modern artificial intelligence algorithms to detect zero day phishing in our infrastructure, and finally how we block users from accessing these pages.
35 min
D105
Medium
CZ/EN
Norbert Szetei
Exploiting the macOS kernel requires techniques that are distinct from other popular XNUs due to the XNU idiosyncrasis operating systems. After introducing its key constituents we will mention representative types of vulnerabilities a how to do any code execution in the kernel. Ideally he should be a listener familiar with the basics of exploitation issues in userspace and ROP. In the lecture we will explain how to get control over Jump Oriented Programming, we define primitives for deterministic memory allocation in kalloc zones (Heap Feng Shui) and ways to create "fake" objects in memory of overcoming existing of the current version of the kernel, in case of "heap overflow" vulnerabilities.
35 min
D105
Advanced
SK
Martin Hron [Avast]
Ongoing series of talks about interesting CPU, OS features and issues. This talk is going to explain the big two security bugs from the beginning of this year. We are going to focus on the downside of constant speeding up and increasing CPU complexity. These particular bugs are in fact design flaws which are present in the most modern CPUs. Meet Spectre and Meltdown. I'll explain in detail how do they work, where the problem is, what the risks are, how they have been "patched" a what can be done about it in the future.
35 min
D105
Medium
EN
16.45
9.00
Robert Šefr [Whalebone]
What threats can only be identified from the DNS traffic of more than one hundred thousand Czech households? What crap, botnets and suspicious behavior can be found in this totally native Zoo malware?
35 min
D206
Medium
CZ
Daniel Chromek [ESET]
With the advent of GDPR, we have begun to address online marketing issues in the context of internal security instruments and their impact on security and GDPR-compliance. In the presentations we will show the way we are defined criteria for online marketing vendors and selected analysis findings. The primary circuits of potential online suppliers that we have addressed are:
35 min
D206
Medium
SK
Vladimír Sedláček [GREYCORTEX]
Analysis and examples of unknown and targeted attacks on government and enterprise clients in the CEE region. Advanced persistent threats are becoming more and more common "in the wild" - and they are often undetected by the most commonly deployed network.
35 min
D206
Medium
CZ/EN
11.40
Kirill Puzankov [Positive Technologies]
These days it is hard to imagine life without telecommunications. Anyone who uses e-banking, online payment, online shopping, e-government are long used to one-time passwords for transaction confirmation. The security of this authentication method is based merely on restricting access to telecommunication networks. While the internet of things is spreading widely into industrial processes and city infrastructure, failures in the mobile network can paralyze them, causing not only occasional interruptions in smart home or car devices, which dissatisfy the operator's customers, but also more critical consequences, such as traffic collapses or power outages. This talk reveals the results of SS7 security analysis. Signaling System 7 (SS7) is used for exchanging data between network devices in telecommunications networks. While this standard was being developed, only fixed-line operators had access to the SS7 network, so its security was not first on the priority list. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability. Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats. To demonstrate the extend of security problems in modern communication networks, this talk shows not only the vulnerabilities that we revealed during SS7 networks security analysis, but also the exploitation of these vulnerabilities as would happen in real life. We have been monitoring SS7 security over the past three years and learned what protection methods are used by telecom operators and whether they are effective in real conditions.
35 min
D206
Medium
CZ/EN
Pavel Novikov [Positive Technologies]
After appearance of the botnet Mirai, only lazy did not talk about the insecurity of IoT devices. But is it really so bad? I will talk aboute our experience of researching such devices, as well as what the mobile industry is doing for IoT.
35 min
D206
Medium
EN
Pavol Rusnak, Marek Palatinus [SatoshiLabs]
We will show you a new version of TREZOR - the T model. What's new for users and developers. What design we have passed the security design decisions and we mention various improvements and plans for the future.
35 min
D206
Medium
SK/EN
Eva Szilagyi, David Szili [Alzette Information Security]
Bro is an open-source Network Security Monitor (NSM) and analytics platform. Even though it has been around since the mid 90's, its main user base was primarily universities, research labs and supercomputing centers. In the past few years however, more and more security professionals in the industry turned their attention to this powerful tool, as it runs on commodity hardware, thus providing a low-cost alternative to commercial solutions. At its core, Bro inspects traffic and creates extensive set of well-structured, tab-separated log files that record a network’s activity. Nonetheless, Bro is a lot more than just a traditional signature-based IDS. While it supports such standard functionality as well, Bro’s scripting language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions, detecting malware by interfacing with external source, detecting brute-forcing, etc. It comes with a large set of pre-built standard libraries, just like Python. During this two-hour workshop, we will learn about Bro's capabilities and cover the following topics: - Introduction to Bro - Bro architecture - Bro events and logs - Bro signatures - Bro scripting - Bro and ELK Requirements for the workshop: - A laptop with at least 8 GB of RAM and more than 30 GB of free disk space - VMWare Workstation or VMWare Player installed.
120 min
D207
Advanced
EN
13.00
Martin Drahanský, Ondřej Kanich, Mona Heidari [FIT VUT Brno]
Presentation of various biometric technologies and practical use.
90
D207
Medium
CZ
14.40
Marek Pederzoli, Petr Wittner [Asociace českých lockpickerů]
An example of opening a cylindrical insert and a paddle paddle, each participant will try lockpicking. An example of opening a cylindrical insert by electroplating, a pickgun, and using the bumping method, each participant will try lockpicking. Example of non-destructive opening of the vault lock using a decoder. Lockpicking mini-contest for participants in the workshop.
90 min
D207
Medium
CZ
Pavel Jirout
Utilizing common tools of trade to attack Windows 10 / Running OpenVMS 8.4 on simulated alpha CPU (x86-64) for fun and no profit. Prepare VirtualBox with Linux and Windows 10, Metasploit and GCC / Mingw 32/64.
90 min
D206
Medium
EN
Is a non-commercial conference, where you can learn about news & current issues from world of mobile & IT security.
Everyone is welcome. Free entry.
Professional speakers with long term expertise in the IT field.
Discuss and brainstorm with the speakers.
455
minutes
16
speakers
4
workshops
Let us know a we can agree terms a conditions of partnerships.
I WANT TO BECOME A SPONSOR
