Join the conference

register

Register for the conference and tell us what is your area of interests in computer security.

PROGRAM

Maria Rigaki [CVUT in Prague]

Arming malware with GANs

Generative Adversarial Networks (GANs) are a recent invention that shows impressive results in generating completely new images of faces, building interiors and much more. In this talk we present how we can use GANs to modify network traffic parameters in order to mimic other types of traffic. More specifically, we modify an open source malware to use a GAN to dynamically adapt its Command and Control network behavior and mimic the traffic characteristics of Facebook chat. In this way it is able to avoid the detection from new-generation Intrusion Prevention Systems that use behavioral characteristics. We will present our experiments from a real-life scenario that used the Stratosphere behavioral IPS deployed in a router between the malware which was deployed in our lab and the C&C server deployed in AWS. Results show that it is possible for the malware to become undetected when given the input parameters from a GAN. The malware is also aware of whether or not it is being blocked and uses this as a feedback signal in order to improve the GAN model. Finally, we discuss the implications of this work in malware detection as well as other areas such as censorship circumvention.

35 min

D105

Medium

EN

Raúl C. Benítez Netto [CVUT in Prague]

ManaTI: Web Assistance for the Threat Analyst

The ManaTI project consists of a front-end web application and a back-end server infras-tructure. The web application centralizes all the operations of the analysts and the back-end infrastructure stores the data and runs the algorithms. The main goal of the web application is to provide the threat analysts a fast interface and analysis tools to speed up their research.

35 min

D105

Medium

EN

Marek Pederzoli, Petr Wittner [Asociace českých lockpickerů]

Lockpicking

Lecture focused on general information about the Association of Czech Lockpickers and on Lockpicking itself. Types, processing and distribution plan. Tubular, code and padlocks. Picking, Raking, Lifting, Jiggling). Dynamic Methods (Bumping, Pick Gun and Electric Plates). Safes and safes, their distribution and methods of non-destructive opening of the vault lock.

35 min

D105

Medium

CZ

David Szili [Alzette Information Security]

The Metric System

Lord Kelvin once said; "When you cannot express it in numbers, your knowledge is of a meagre and unsatisfactory kind". The majority information security practitioners have software engineering, electrical engineering or similar background, yet as an industry, we seem to forget the importance of measurements and metrics. Without measuring the effectiveness of our processes, it is very hard - if not impossible - to look for trends, misalignment between norms and current state or simply to make informed decisions. Even current trends point to the opposite direction; for example in Critical Security Controls (CSC) version 5, we had "Effectiveness Metrics" and "Automation Metrics" sections for each control, but CSC version 6 only mentions the importance of metrics without going into any details. In this talk, we will take an overview of the current state and resources available to security metrics. We will see why security metrics are important, how they relate to risk management and if there are "good" or "bad" metrics. We will also attempt to find the most vital security metrics that can indicate the effectiveness of the overall security program of an organization. Finally, we will see a few examples of collecting, analyzing data for metrics and how we can visualize and present them to senior management.

35 min

D105

Medium

EN

Zdeněk Letko, Michal Rajčan [Wandera]

Phishing in the Mobile Landscape

Phishing is one of the most potent and widespread forms of cyberattack in the modern age, and mobile has offered a powerful new access and distribution network for hackers to exploit. In this talk, we describe common phishing attack vectors we spot in our infrastructure with special emphasis on the distribution methods used by attackers. Next, we introduce the Wandera Secure Gateway, the unique way in which we protect our customers against phishing, how we leverage modern artificial intelligence algorithms to detect zero day phishing in our infrastructure, and finally how we block users from accessing these pages.

35 min

D105

Medium

CZ/EN

Norbert Szetei

macOS kernel exploitation

Exploiting the macOS kernel requires techniques that are distinct from other popular XNUs due to the XNU idiosyncrasis operating systems. After introducing its key constituents we will mention representative types of vulnerabilities a how to do any code execution in the kernel. Ideally he should be a listener familiar with the basics of exploitation issues in userspace and ROP. In the lecture we will explain how to get control over Jump Oriented Programming, we define primitives for deterministic memory allocation in kalloc zones (Heap Feng Shui) and ways to create "fake" objects in memory of overcoming existing of the current version of the kernel, in case of "heap overflow" vulnerabilities.

35 min

D105

Advanced

SK

Martin Hron [Avast]

Wintel Hell II: Melting point

Ongoing series of talks about interesting CPU, OS features and issues. This talk is going to explain the big two security bugs from the beginning of this year. We are going to focus on the downside of constant speeding up and increasing CPU complexity. These particular bugs are in fact design flaws which are present in the most modern CPUs. Meet Spectre and Meltdown. I'll explain in detail how do they work, where the problem is, what the risks are, how they have been "patched" a what can be done about it in the future.

35 min

D105

Medium

EN

Robert Šefr [Whalebone]

Threats in DNS traffic in Czech households

What threats can only be identified from the DNS traffic of more than one hundred thousand Czech households? What crap, botnets and suspicious behavior can be found in this totally native Zoo malware?

35 min

D206

Medium

CZ

Daniel Chromek [ESET]

Analysis of online web service or brace yourselves: GDPR is coming

With the advent of GDPR, we have begun to address online marketing issues in the context of internal security instruments and their impact on security and GDPR-compliance. In the presentations we will show the way we are defined criteria for online marketing vendors and selected analysis findings. The primary circuits of potential online suppliers that we have addressed are:

  • event organization - application for registration, program distribution, conference maps
  • marketing communication - newsletter, campaigns
  • online tracking - tracking cookies / pixels / javascript

35 min

D206

Medium

SK

Vladimír Sedláček [GREYCORTEX]

Advanced unknown malware in the heart of Europe

Analysis and examples of unknown and targeted attacks on government and enterprise clients in the CEE region. Advanced persistent threats are becoming more and more common "in the wild" - and they are often undetected by the most commonly deployed network.

35 min

D206

Medium

CZ/EN

Kirill Puzankov [Positive Technologies]

Threats and vulnerabilities in mobile networks: real cases from our experience

These days it is hard to imagine life without telecommunications. Anyone who uses e-banking, online payment, online shopping, e-government are long used to one-time passwords for transaction confirmation. The security of this authentication method is based merely on restricting access to telecommunication networks.
While the internet of things is spreading widely into industrial processes and city infrastructure, failures in the mobile network can paralyze them, causing not only occasional interruptions in smart home or car devices, which dissatisfy the operator's customers, but also more critical consequences, such as traffic collapses or power outages.
This talk reveals the results of SS7 security analysis. Signaling System 7 (SS7) is used for exchanging data between network devices in telecommunications networks. While this standard was being developed, only fixed-line operators had access to the SS7 network, so its security was not first on the priority list. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability.
Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats.
To demonstrate the extend of security problems in modern communication networks, this talk shows not only the vulnerabilities that we revealed during SS7 networks security analysis, but also the exploitation of these vulnerabilities as would happen in real life. We have been monitoring SS7 security over the past three years and learned what protection methods are used by telecom operators and whether they are effective in real conditions.

35 min

D206

Medium

CZ/EN

Pavel Novikov [Positive Technologies]

IoT Security in Mobile Networks

After appearance of the botnet Mirai, only lazy did not talk about the insecurity of IoT devices. But is it really so bad? I will talk aboute our experience of researching such devices, as well as what the mobile industry is doing for IoT.

35 min

D206

Medium

EN

Pavol Rusnak, Marek Palatinus [SatoshiLabs]

TREZOR model T - Evolution or Revolution?

We will show you a new version of TREZOR - the T model. What's new for users and developers. What design we have passed the security design decisions and we mention various improvements and plans for the future.

35 min

D206

Medium

SK/EN

Eva Szilagyi, David Szili [Alzette Information Security]

Introduction to Bro Network Security Monitor

Bro is an open-source Network Security Monitor (NSM) and analytics platform. Even though it has been around since the mid 90's, its main user base was primarily universities, research labs and supercomputing centers. In the past few years however, more and more security professionals in the industry turned their attention to this powerful tool, as it runs on commodity hardware, thus providing a low-cost alternative to commercial solutions. At its core, Bro inspects traffic and creates extensive set of well-structured, tab-separated log files that record a network’s activity. Nonetheless, Bro is a lot more than just a traditional signature-based IDS. While it supports such standard functionality as well, Bro’s scripting language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions, detecting malware by interfacing with external source, detecting brute-forcing, etc. It comes with a large set of pre-built standard libraries, just like Python. During this two-hour workshop, we will learn about Bro's capabilities and cover the following topics: - Introduction to Bro - Bro architecture - Bro events and logs - Bro signatures - Bro scripting - Bro and ELK Requirements for the workshop: - A laptop with at least 8 GB of RAM and more than 30 GB of free disk space - VMWare Workstation or VMWare Player installed.

120 min

D207

Advanced

EN

Martin Drahanský, Ondřej Kanich, Mona Heidari [FIT VUT Brno]

Biometric technologies

Presentation of various biometric technologies and practical use.


90

D207

Medium

CZ

Marek Pederzoli, Petr Wittner [Asociace českých lockpickerů]

Lockpicking

An example of opening a cylindrical insert and a paddle paddle, each participant will try lockpicking. An example of opening a cylindrical insert by electroplating, a pickgun, and using the bumping method, each participant will try lockpicking. Example of non-destructive opening of the vault lock using a decoder. Lockpicking mini-contest for participants in the workshop.

90 min

D207

Medium

CZ

Pavel Jirout

Attacking modern Windows systems / OpenVMS 8.4 lab for security testing

Utilizing common tools of trade to attack Windows 10 / Running OpenVMS 8.4 on simulated alpha CPU (x86-64) for fun and no profit. Prepare VirtualBox with Linux and Windows 10, Metasploit and GCC / Mingw 32/64.

90 min

D206

Medium

EN

#Security Session'18

Is a non-commercial conference, where you can learn about news & current issues from world of mobile & IT security.

For everyone

Everyone is welcome. Free entry.

Professional Speakers

Professional speakers with long term expertise in the IT field.

After Party

Discuss and brainstorm with the speakers.

Venue

Brno University of Technology

Faculty of Information Technology

fit

adress

Faculty of Information Technology
Božetěchova 2
612 66 Brno, Czech Republic

Info Map

After Party

You didn't get opportunity to ask questions during conference? Join us after party for open discussion in more relaxed atmosphere.

Our Partners