SIGS Technology Conference – Hacking Day Speakers 2017

All presentations are held in English

Key Notes

Cisco, Story Tweedie-Yates, Head of Security Business Unit – EMEAR
Story is a Product Manager for the Cisco Security portfolio in the Security Business Group. In her role, she is responsible for introducing customers to Cisco’s large portfolio of security offerings, applying these offerings to verticals, market segments and the local relevant EMEAR context. She serves as a Subject Matter Expert and thought leader on Cisco Security, creating content and presentations about how Security enables digitization and innovation. Recently she has served as the Product lead for Cisco Web Security, bringing new Cloud and CASB capabilities to market for Cisco customers while pioneering a popular webinar series.

Story is a Stanford graduate with a BS in Psychology. She also has an MBA from Thunderbird School of Global Management, speaks fluent Spanish and has done business in over 40 countries. In her time off, you will find her on a bike riding around Amsterdam or exploring underwater treasures with a scuba mask alongside her husband.

Cybersecurity topics for tomorrow – today
In this presentation, you will see an overview of the threat landscape of today and tomorrow. We will start with the latest trends in the threat landscape that are being seen today, followed by specific research currently underway to counteract the threat landscape of tomorrow. We will dive deeper into research underway in topics such as supply chain security, lightweight security and cryptography for IoT environments as well as quantum resistant cryptography and SDN. The presentation should provide participants with a good idea about new and interesting areas of cybersecurity to get involved in and look for in the future.

High-Tech Bridge SA, Stéphane Koch, Executive Vice President and General Counsel
At the benefit of a Master of Advanced Studies (MAS) in Economic Crime Investigation, and a degree of Specialist in Public Relations (ISRP), he also holds the position of Vice-President of the High-Tech Bridge SA (a web security company). Member of the scientific board of the Master of Advanced Studies (MAS) on Competitive Intelligence and Monitoring at the Geneva High School of Management. Specializes in the professional use of Social Media and Digital Strategy, online reputation management, information security and managing human risk. He also intervenes in cases related to Cyber-Bullying problem, Brand protection on the Internet, and in other cases related with cybercriminality.

Since 2003 Stephane Koch, is one of the Senior Online Security advisor for Reporters Without Borders, he has leaded his series of workshops on information security for journalists in various Institutes and Universities all around the world.

False Sense of Security is Insecurity
Human perception” versus “Security technologies”… Whatever security tool is used, it is only one of a link in a chain, and securing a link is not enough to secure the entire chain… Therefore, the way to understand “Computer and Information Security” should be considered with a similar perception that the way “quantum computing” works.
We need (at the personal and professional level) to makes our understanding of info security evolving from “bits” to “qbits”: accepting that there is two possible states of the security in the same time: to consider that application, or data, are not just secure or unsecure… but that they can be in a secure and insecure state in the same time…

modzero AG, Max Moser
Max Moser works at his self-founded company modzero AG as an IT Security Consultant for large and medium-sized businesses. As a ‘paid hacker’ he attacks software and hardware products by order of his customers to test their security or helps customers to improve their overall security.
Max Moser is an active member of the IT Security scene for over 20 years and known for his innovative security research as well as several Open Source projects.

Hacking 2017
The year is 2017 and the commercial Internet is soon 30 years old. 30 years is a long time in our fast-paced times. Computers, smartphones, robots, they all became our constant companions in life: At work, in our smart home, in the airplane or on the surgeon’s table. One would believe we have come to grips with the technology. Why then are ‘hacker attacks’ still an almost daily news item? How is it possible that large companies and individuals are seemingly becoming victims more and more frequently?
How hard is it to infiltrate systems and organizations or to tap their data? Based on examples from his work as a Security Analyst, Max Moser discusses ‘modern’ defenses and attack techniques.

SySS GmbH, Sebastian Schreiber, Founder and Managing Director

Sebastian Schreiber, born 1972, studied physics, mathematics, business studies and computer science at the University of Tuebingen.

He graduated in the latter (Diplom Informatiker), and in 1998 founded the SySS GmbH in his hometown Tuebingen in order to offer high-quality security assessments.Until the present days, he is owner and managing director of this fast growing company which currently employs a staff of about 90.

Schreiber is frequently present on national congresses an the media, being an demanded expert in the field of IT security.

As a long time member, he is also commited to, e.g., the „Verband für Sicherheit in der Wirtschaft Baden Württemberg e.V.” or the advisory council of the journal „Datenschutz und Datensicherheit“.

Live Hacking: How digital attackers are intruding into your systems
During a live hacking presentation, Sebastian performs different attacks on IT systems. He shows that it is astonishingly easy to bypass protective measures in order to access sensitive information.

IT security incidents in the recent past demonstrate emphatical ly that the IT systems even in international high-tech companies and major state institutions are not given sufficient protection. Widespread IT quality assurance measures may suffice to safeguard 99 per cent of systems. However, the decisive factor is that the remaining 1 per cent vulnerability provides a target for digital attacks: Every gap, however tiny, is sufficient to render an otherwise well-secured IT infrastructure vulnerable in its entirety.




Agam Security, Jean-Pierre Montaut, CTO
Jean Pierre Montaut has a 20 year experience within government agencies, where he was in charge of attacking and defending critical network infrastructure in real conditions. An expert in advanced attack methods, he is the key architect of the Agam Security cyber-defense appliance. He is currently the Agam Security CTO.

Attack-types which are hard to process in a SOC
This talk will focus on the attack-chain from the viewpoint of a SOC and SOC workers. How to discover and leverage information found in the various sources and formats, that are delivered from all the sensors in the enterprise network. We will walk you through the multiple stages of such an attack used against a specific target. This will help identifying correlation options that should trigger the attention of the SOC operators, within the overwhelming pool of information. This is particular important to spot zero-days and targeted attacks, that try to be as silent and invisible as possible.

Avecto, Dennis Weyel, Senior Technology Consultant
Dennis is a Senior Technology Consultant at Avecto. In his role, Dennis helps global organisations get the most out of their security software, helping them build stronger, better performing security environments. With over 17 years’ experience in the security and software industry, Dennis has a wealth of technical knowledge and insight working closely with CISOs and CIOs.

Social engineering is nothing new! The solution is simple
With the majority of threats originating from email attachments and internet downloads, users pose a huge threat to the organization. Starting with user behaviour, we look at what lessons can be learnt when it comes to security and how to put proactive measures in place that protect your data, even if users are clicking on untrusted links and opening malicious email attachments.

We will take you through a simple, smart approach to security that stops internal and external attacks before it’s too late.

Bitsight, João Gouveia, Labs CTO
João Gouveia has specialised in the IT security field for over 15 years, having solid knowledge over the broad spectrum of the IT security landscape. Primarily focused on understanding current and future threats and aligning technology strategy to come up with solutions for emerging problems, Joao is the original author and developer of a real time streaming API for threat data, which aimed towards providing real time actionable threat feeds via a streaming service.

The Security Risks of Orphaned Network Traffic
As part of our research work focused on identifying automated network traffic that we can relate with malicious behaviour and botnet communications, we often come across with traffic not necessarily related to malicious intent, but that represents a high risk for the companies allowing it to occur on their networks.

Often associated with policy control failures, miss configurations, or abandoned software, this orphaned traffic tends to be neglected by security systems that focus on malicious behaviour and often end up exposing company information and assets to multiple risk levels.

On this talk, we are going to explore this by product of our botnet research, how widespread this problem is across multiple geographies sectors and industries, and how it can be used to relay risk information to companies, as well as the several degrees of exposure and impact that this type of traffic can represent.

Cybereason, Richard Cassidy, Director Sales Engineering
Richard has been working in the IT Security arena for over 17 years, having ridden the waves of innovative technology era’s representing start-ups in networking, virtualisation, security, cloud security & compliance; Richard has gained extensive knowledge and experience of the threat landscape, including an innate appreciation of the advanced tools, techniques and procedures in operation today (by bad actor groups and solo campaigners) against businesses of all shapes and sizes, as a result of his direct involvement in Threat Intelligence operations at previous vendor roles. Richard is also a very active information security blogger and writer, having score of publications in national press in both EMEA and the U.S.

Through his experience, Richard worked to help consumers in understanding complex cyber security issues in a relevant and contextual manner, ensuring that lessons can be learned and security practices improved as a result.

Advanced Threat Hunting
Experience an advanced, multistage attack scenario from both an attacker and analyst’s point of view. Richard will provide a step-by-step threat hunting exercise: from the attacker’s initial infiltration through the entire attack lifecycle.

Come see the full story unfold. A story about how an analyst can spot and stop activities like malicious use of powershell and fileless malware, etc.

Exeon Analytics, Dr. David Gugelmann
Dr. David Gugelmann is a security analytics researcher and the CEO of the ETH Spin-off Exeon Analytics. Prior to founding Exeon Analytics GmbH in 2016, he was a postdoctoral researcher at ETH Zurich in the Networked Systems Group. His research interests are in big data analytics, digital forensics and machine learning for anomaly detection. He combines these areas by developing big data security analytics solutions to summarize and visualize network data.

Deep Learning and Machine Learning for Network Traffic Analysis
In today’s IT networks, enormous amounts of network traffic are caused by benign activities every day. This makes anomalies difficult to identify and allows cyber attackers to hide in the noise.

Deep learning and machine learning in general are promising technologies to filter the noise and reveal such activities.
In this talk, I first give some insights into the technology behind the buzzword “deep learning” and discuss the strengths and weaknesses of deep learning compared to traditional machine learning approaches.

Second, I present examples showing how these technologies can identify patterns and outliers in network traffic.

Flashpoint, Maurits Lucas, Director Strategic of Accounts
Maurits Lucas is a Director of Strategic Accounts at Flashpoint. As a member of the Business Risk Intelligence (BRI) team, Maurits specializes in bridging the gap between technology and business to address the unique security challenges often faced by today’s executives. He has dedicated himself to analyzing long-term trends and emerging threats emanating from the Deep & Dark Web to help business leaders across the enterprise leverage such information to make informed decisions and mitigate risk.

Previously, Maurits lead the cyber intelligence team at one of Europe’s oldest cybersecurity firms. He was the driving force behind a collaborative portal and unique approach to cyber intelligence. Maurits is a subject matter expert on cybercrime and has had the pleasure of presenting his research numerous times to distinguished audiences all across the globe.

Know Thy Enemy
“Know Thy Enemy” in which we try and dispel some of the myths surrounding attackers emanating from the Deep and Dark Web (DDW), they are not a homogeneous group of all-knowing cyber ninja’s like the movies portray them. To effectively mitigate the threat it pays to follow Sun-Zhu’s advice to know yourself and your enemy. In this talk we offer some characteristics that can be used to differentiate different types of attackers and illustrate these cases with examples from the recent past and current events.

Intellec AG, Christian Jucker, CEO
Christian Jucker graduated at the ETHZ and is the founder of Intellec AG, a company specialized in Mobile Device Management and Mobile Device Security. He started with Windows Phones, Blackberry and Symbian phones and converged now into the new “mobile first” world based on Android and iOS.

He is mainly consulting large scale companies in their mobile device management and mobile security projects as well as consulting the customer’s’ strategic development of their mobile device infrastructure.

Mobile Device Security, what can happen today?
Every large consulting company puts Mobile Security on top of their “must do” list, but what is actually out there?

This presentation provides live demos and overviews on the current threat landscape, current hacking techniques as well as detection and prevention technologies on the endpoint.

Kudelski Security, Alexandre Bécholey, Senior Security Engineer
Alexandre Becholey has worked in the field of information security since 2011. He started out as a security administrator at a major financial institution, where he focused on researching and implementing security solutions; however, he found his true passion when he switched to offensive security in 2013.

He is well versed in in exploit development, reverse engineering, and iOS pentesting, and uses these skills on a daily basis for clients in a variety of industries. Recently appointed team expert at Kudelski Security, he truly relishes in the opportunity to guide and teach his peers.

Bypassing iOS application anti-debugging technique and jailbreak detection
Mobile application penetration testing has become increasingly difficult. From a simple request as: “What is it possible to do with my app”, it has evolved into the tests of specific aspects and features of the application. To be able to manipulate and play with these parts and the involved functions, a jailbroken iOS device is required.

However applications that have a focus on security usually won’t run on a compromised device and will surely detect the jailbreak. A penetration tester needs now to be able to find and bypass the usually obfuscated parts of the application that execute the jailbreak detection mechanisms. There is no bullet-proof solution as it is a game of cat and mouse where the developers change the obfuscation techniques once the previous ones have been discovered.

This talk will present recent jailbreak detection methods, propose techniques to find them in the binary and discuss possible ways to bypass them from a simple hook of a function to create script, to create scripts patch the binary at runtime.

Kudelski Security, Jean-Philippe Aumasson, Principal Research Engineer
Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security. He designed the popular cryptographic functions BLAKE2 and SipHash, initiated the Crypto Coding Standard and the Password Hashing Competition that developed the Argon2 algorithm.

He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, Troopers about applied cryptography, quantum computing, and platform security. He published the 2015 book “The Hash Function BLAKE”, and will publish a new book about cryptography in 2017. JP tweets as @veorq

How secure are secure messengers? Our experience reviewing popular applications
During the past year we’ve reviewed code from two of the most respected privacy-oriented messaging applications. The first review was for research purposes, and lead to the disclosure and patch of security issues. The second review was a paid audit of the cryptographic core of the application, and our audit report was made public.

In this talk, we’ll discuss the lessons from this experience as security reviewers, and will argue that, while such audits can’t guarantee that the software is bug-free, they are a necessary step that must be organized carefully to optimize the return on investment.

Lucy Phishing, Oliver Muenchow, Founder
Oliver is a IT security auditor and entrepeneur living in Switzerland. He is the founder of LUCY Security, a company that develops an application to educate users towards cyber-attacks. Beside IT Security he is also engaged in the art scene and founded the located in the old town of Zurich.

Social Hacking
After quickly jumping in the dark & surface web to take a peek where you can find hacked account dumps we will dig into one of the most simple, but also most effective hacking methods to quickly get access to user’s data: a brief demo on how to setup a spear phishing attack in combination with a malware which doesn’t get triggred by regular AV’s.

OWL CyberSecurity, Oren Arar, Regional Director EMEA
Oren has more than 15 years of experience in the Cyber Security industry. Oren served as a Counter-Terrorism Intelligence Officer (Captain, res.) in Israel’s elite Cyber unit (8200). He later worked for some of Israel’s top cybersecurity and FinTech software companies and assumed senior roles in Product Management, Business Development and Sales.

During his time in the military and later in business, Oren worked with the leading Intelligence and Security agencies worldwide. He has a deep understanding of the growing cyber security needs and threats for Enterprises and Governments. Oren holds an MBA from Massachusetts Institute of Technology (MIT).

The Darknet risks for corporations
The Darknet has become one of the main playgrounds for criminals, terrorists and hackers. “The road to hell is paved with good intentions”: the TOR project actually started off as a good thing, allowing voiced in censured countries to be heard. But full anonymity was too appealing for today’s cyber criminals and many things changed since the notorious “Silk Road” closing.

In my talk, I plan to present different use cases of significant risks to corporations, originating in the illegals trade of information on The Darknet: credential leaks, counterfeit, fraud, identity theft and more. I will also provide real-life examples. My goal is to increase the awareness of the audience to those risks.

PSYND, Mauro Verderosa, IT Security & IAM Specialist
Mauro Verderosa is a CISSP certified security expert with more than 15 years of experience in the domain of CyberSecurity. He is passionate about CyberSecurity in general, as in cryptography, access control, data privacy and any new technology involving aspects about potential threats.

He is a recognized expert of Identity and Access Management and he participated on the most important projects in Switzerland and Europe for the telco and financial industries. He is the founder of PSYND, a Swiss company specialized in CyberSecurity consultancy and he is based in Geneva.

Understand and prevent a Social Engineering attack
While day after day the technology is improving and the systems are always more secure, the weakest ring of the security chain is the human factor. Understand what is a Social Engineering attack, how it is developed, how to recognize it and how it can be prevented.

RUAG Schweiz AG, Alban Hessler, MSc EPFL, Security Analyst & Peter Hladký, MSc ETH, Senior Cyber Security Specialist
Alban Hessler graduated at the Swiss Institute of Technology in Lausanne (EPFL) in Communication Systems with a focus on IT Security. Ever since he has devoted his career to information security, covering both theoretical and practical aspects as he spent his first professional years in industrial research, also by contributing to European projects to improve the security of wireless sensor networks, Internet of Things, and critical infrastructures.
In the recent years he has been providing cyber security services to large organizations, mainly operators of critical infrastructures, to strengthen their security posture by executing risk assessments and audits, as well as developing security concepts.

together with

Peter Hladký graduated at the Swiss Institute of Technology in Zurich (ETH Zurich) in Computer Science specializing in Information Security. Throughout his career, he worked and gained experience at number of companies as a Linux System Administrator Intern at Google – New York, Research Intern at IBM Research Lab – Zurich, Software Engineer at AdNovum, and Senior Consultant in Information Security at KPMG where he primarily worked with large Swiss banks on cyber security and client data confidentiality engagements.
Peter’s current focus activities include preparation and execution of trainings at RUAG’s Cyber Training Range, building RUAG’s Cyber Security Services and participating this year’s Locked Shields Cyber Defense Exercise.

Live Hacking: Lateral Movement
In the context of cyber security, lateral movement is one of the stages of an ongoing attack. It usually takes place after the attackers already gained an initial foothold into an organization’s network and are looking into ways how to spread to other networks within the organization with the goal to increase their sphere of compromise and gain further access to valuable assets. Depending on the victim organization, the targeted assets might be sensitive data (intellectual property, client data, employee data), critical systems (financial transaction systems, industrial control systems), or end-user devices used by C-level executives.
The live demo will explore some of the tools and techniques used for lateral movement in a simulated enterprise with common end-user systems and network(s). We will look into the following steps of lateral movement in different levels of detail: internal reconnaissance, harvesting and abuse of credential material, network pivoting, and remote code execution. The purpose of the demo is to raise awareness and show the relative ease of an attack when facing an enterprise environment with an average level of defense.

Swiss Cyber Storm
The Swiss Cyber Storm association was founded on November 15, 2012 by a group of cyber security enthusiasts. The purpose of this association is to promote young cyber security talents and to regularly carry out cyber security events for security professionals and decision-makers.
ZHAW, Moritz Zollinger, Research Assistant & Master Student
Moritz has graduated from ZHAW with a bachelor’s degree in information technology in 2015. During his studies he had a strong focus on IT security and software development. His bachelor thesis was about “Mobile Malware”. Currently, Moritz is doing a master’s in information systems and is a research assistant at the institute of applied information technology (InIT) at the ZHAW. He is part of the security team and works on various research projects in the field of IT security.

Hacking Show
You always wanted to see many of the well-known attack vectors live? Then join us and see USB sticks that pretend to be a keyboard, watch how we find out in which Hotels you stayed lately and how we hijack your WLAN connection at the Airport. Furthermore, see how we use a software-as-a-service solution for attacks on SMS-based two factor authentication and observe a drive-by attack on the web browser. Finally, we also show how to trick people into clicking on active content in office documents.

VSHN AG, Dr. Christian Folini, Business Partner and Security Engineer
Dr. Christian Folini is a partner at netnea AG in Berne, Switzerland and business partner of VSHN AG, Zurich. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years experience in this role, specialising in Apache / ModSecurity engineering, DDoS defense and threat modeling.

Christian is the author of the ModSecurity Handbook (2nd Edition), a frequent committer to the OWASP ModSecurity Core Rule Set project, vice president and CTO of Swiss Cyber Experts (a public private partnership), head of the program committee of the the Swiss Cyberstorm conference and many other things. Just follow him at @ChrFolini

Setting the WAF on Fire
ModSecurity is the king of the hill in the field of Open Source Web Application Firewalls (WAF). Its standard ruleset, the OWASP ModSecurity Core Rule Set (CRS), is known for a high detection rate of standard OWASP Top Ten attacks and granular controls down to the byte level. The recent major 3.0 release of the CRS (hence CRS3) extended the detection capabilities significantly, while reducing the false alarms (aka false positives) by over 95% in the default installation and simplifying the administration with the introduction of sane defaults in all areas of the configuration.

New research of netnea and Zurich University of Applied Sciences (ZHAW) puts these claims to the test. We set up a default ModSecurity / CRS3 in front of a vulnerable WAVSEP installation. Then we fired half a dozen of well known web application security scanners including Burp, Zap, Arachni, Wapiti etc. to see which attacks the WAF would be able to block and which attacks would pass the firewall successfully, thus allowing it to exploit the application.

Results depend on the security scanner in question and the paranoia level setting of the CRS3. But regardless of the settings, ModSecurity / CRS3 yield a high return on investment with minimal setup costs and a significant security gain earning it a title of a “1st Line of Defense”.




Exeon Analytics, Dr. David Gugelmann
Dr. David Gugelmann is a security analytics researcher and the CEO of the ETH Spin-off Exeon Analytics. Prior to founding Exeon Analytics GmbH in 2016, he was a postdoctoral researcher at ETH Zurich in the Networked Systems Group. His research interests are in big data analytics, digital forensics and machine learning for anomaly detection. He combines these areas by developing big data security analytics solutions to summarize and visualize network data.

modzero AG, Max Moser
Max Moser works at his self-founded company modzero AG as an IT Security Consultant for large and medium-sized businesses. As a ‘paid hacker’ he attacks software and hardware products by order of his customers to test their security or helps customers to improve their overall security.
Max Moser is an active member of the IT Security scene for over 20 years and known for his innovative security research as well as several Open Source projects.

Event Partner