The year is 2017 and the commercial Internet is soon 30 years old. 30 years is a long time in our fast-paced times. Computers, smartphones, robots, they all became our constant companions in life: At work, in our smart home, in the airplane or on the surgeon’s table. One would believe we have come to grips with the technology. Why then are ‚hacker attacks‘ still an almost daily news item? How is it possible that large companies and individuals are seemingly becoming victims more and more frequently?
How hard is it to infiltrate systems and organizations or to tap their data? Based on examples from his work as a Security Analyst, Max Moser discusses ‚modern‘ defenses and attack techniques.
Live Hacking: How digital attackers are intruding into your systems
During a live hacking presentation, Sebastian performs different attacks on IT systems. He shows that it is astonishingly easy to bypass protective measures in order to access sensitive information.
IT security incidents in the recent past demonstrate emphatical ly that the IT systems even in international high-tech companies and major state institutions are not given sufficient protection. Widespread IT quality assurance measures may suffice to safeguard 99 per cent of systems. However, the decisive factor is that the remaining 1 per cent vulnerability provides a target for digital attacks: Every gap, however tiny, is sufficient to render an otherwise well-secured IT infrastructure vulnerable in its entirety.
Cybersecurity topics for tomorrow – today
In this presentation, you will see an overview of the threat landscape of today and tomorrow. We will start with the latest trends in the threat landscape that are being seen today, followed by specific research currently underway to counteract the threat landscape of tomorrow. We will dive deeper into research underway in topics such as supply chain security, lightweight security and cryptography for IoT environments as well as quantum resistant cryptography and SDN. The presentation should provide participants with a good idea about new and interesting areas of cybersecurity to get involved in and look for in the future.
Social engineering is nothing new! The solution is simple
With the majority of threats originating from email attachments and internet downloads, users pose a huge threat to the organization. Starting with user behaviour, we look at what lessons can be learnt when it comes to security and how to put proactive measures in place that protect your data, even if users are clicking on untrusted links and opening malicious email attachments.
We will take you through a simple, smart approach to security that stops internal and external attacks before it’s too late.
How secure are secure messengers? Our experience reviewing popular applications
During the past year we’ve reviewed code from two of the most respected privacy-oriented messaging applications. The first review was for research purposes, and lead to the disclosure and patch of security issues. The second review was a paid audit of the cryptographic core of the application, and our audit report was made public.
In this talk, we’ll discuss the lessons from this experience as security reviewers, and will argue that, while such audits can’t guarantee that the software is bug-free, they are a necessary step that must be organized carefully to optimize the return on investment.
Know Thy Enemy
“Know the Enemy” in which we try and dispel some of the myths surrounding attackers emanating from the Deep and Dark Web (DDW), they are not a homogeneous group of all-knowing cyber ninja’s like the movies portray them. To effectively mitigate the threat it pays to follow Sun-Zhu’s advice to know yourself and your enemy. In this talk we offer some characteristics that can be used to differentiate different types of attackers and illustrate these cases with examples from the recent past and current events.
Planning and Implementing of Penetration Tests
Understand and prevent a Social Engineering attack
While day after day the technology is improving and the systems are always more secure, the weakest ring of the security chain is the human factor. Understand what is a Social Engineering attack, how it is developed, how to recognize it and how it can be prevented.
The Security Risks of Orphaned Network Traffic
As part of our research work focused on identifying automated network traffic that we can relate with malicious behaviour and botnet communications, we often come across with traffic not necessarily related to malicious intent, but that represents a high risk for the companies allowing it to occur on their networks.
Often associated with policy control failures, miss configurations, or abandoned software, this orphaned traffic tends to be neglected by security systems that focus on malicious behaviour and often end up exposing company information and assets to multiple risk levels.
On this talk, we are going to explore this by product of our botnet research, how widespread this problem is across multiple geographies sectors and industries, and how it can be used to relay risk information to companies, as well as the several degrees of exposure and impact that this type of traffic can represent.
False Sense of Security is Insecurity
Human perception” versus “Security technologies”… Whatever security tool is used, it is only one of a link in a chain, and securing a link is not enough to secure the entire chain… Therefore, the way to understand “Computer and Information Security” should be considered with a similar perception that the way „quantum computing“ works.
We need (at the personal and professional level) to makes our understanding of info security evolving from “bits” to “qbits”: accepting that there is two possible states of the security in the same time: to consider that application, or data, are not just secure or unsecure… but that they can be in a secure and insecure state in the same time.
Live Hacking: Lateral Movement
In the context of cyber security, lateral movement is one of the stages of an ongoing attack. It usually takes place after the attackers already gained an initial foothold into an organization’s network and are looking into ways how to spread to other networks within the organization with the goal to increase their sphere of compromise and gain further access to valuable assets. Depending on the victim organization, the targeted assets might be sensitive data (intellectual property, client data, employee data), critical systems (financial transaction systems, industrial control systems), or end-user devices used by C-level executives.
The live demo will explore some of the tools and techniques used for lateral movement in a simulated enterprise with common end-user systems and network(s). We will look into the following steps of lateral movement in different levels of detail: internal reconnaissance, harvesting and abuse of credential material, network pivoting, and remote code execution. The purpose of the demo is to raise awareness and show the relative ease of an attack when facing an enterprise environment with an average level of defense.
The Darknet risks for corporations
The Darknet has become one of the main playgrounds for criminals, terrorists and hackers. “The road to hell is paved with good intentions”: the TOR project actually started off as a good thing, allowing voiced in censured countries to be heard. But full anonymity was too appealing for today’s cyber criminals and many things changed since the notorious “Silk Road” closing.
In my talk, I plan to present different use cases of significant risks to corporations, originating in the illegals trade of information on The Darknet: credential leaks, counterfeit, fraud, identity theft and more. I will also provide real-life examples. My goal is to increase the awareness of the audience to those risks.
Advanced Threat Hunting
Experience an advanced, multistage attack scenario from both an attacker and analyst’s point of view. Richard will provide a step-by-step threat hunting exercise: from the attacker’s initial infiltration through the entire attack lifecycle.
Come see the full story unfold. A story about how an analyst can spot and stop activities like malicious use of powershell and fileless malware, etc.
Bypassing iOS application anti-debugging technique and jailbreak detection
Mobile application penetration testing has become increasingly difficult. From a simple request as: “What is it possible to do with my app”, it has evolved into the tests of specific aspects and features of the application. To be able to manipulate and play with these parts and the involved functions, a jailbroken iOS device is required.
However applications that have a focus on security usually won’t run on a compromised device and will surely detect the jailbreak. A penetration tester needs now to be able to find and bypass the usually obfuscated parts of the application that execute the jailbreak detection mechanisms. There is no bullet-proof solution as it is a game of cat and mouse where the developers change the obfuscation techniques once the previous ones have been discovered.
This talk will present recent jailbreak detection methods, propose techniques to find them in the binary and discuss possible ways to bypass them from a simple hook of a function to create script, to create scripts patch the binary at runtime.
Setting the WAF on Fire
ModSecurity is the king of the hill in the field of Open Source Web Application Firewalls (WAF). Its standard ruleset, the OWASP ModSecurity Core Rule Set (CRS), is known for a high detection rate of standard OWASP Top Ten attacks and granular controls down to the byte level. The recent major 3.0 release of the CRS (hence CRS3) extended the detection capabilities significantly, while reducing the false alarms (aka false positives) by over 95% in the default installation and simplifying the administration with the introduction of sane defaults in all areas of the configuration.
New research of netnea and Zurich University of Applied Sciences (ZHAW) puts these claims to the test. We set up a default ModSecurity / CRS3 in front of a vulnerable WAVSEP installation. Then we fired half a dozen of well known web application security scanners including Burp, Zap, Arachni, Wapiti etc. to see which attacks the WAF would be able to block and which attacks would pass the firewall successfully, thus allowing it to exploit the application.
Results depend on the security scanner in question and the paranoia level setting of the CRS3. But regardless of the settings, ModSecurity / CRS3 yield a high return on investment with minimal setup costs and a significant security gain earning it a title of a „1st Line of Defense“.
You always wanted to see many of the well-known attack vectors live? Then join us and see USB sticks that pretend to be a keyboard, watch how we find out in which Hotels you stayed lately and how we hijack your WLAN connection at the Airport. Furthermore, see how we use a software-as-a-service solution for attacks on SMS-based two factor authentication and observe a drive-by attack on the web browser. Finally, we also show how to trick people into clicking on active content in office documents.
After quickly jumping in the dark & surface web to take a peek where you can find hacked account dumps we will dig into one of the most simple, but also most effective hacking methods to quickly get access to user’s data: a brief demo on how to setup a spear phishing attack in combination with a malware which doesn’t get triggred by regular AV’s.
Mobile Device Security, what can happen today?
Every large consulting company puts Mobile Security on top of their „must do“ list, but what is actually out there?
This presentation provides live demos and overviews on the current threat landscape, current hacking techniques as well as detection and prevention technologies on the endpoint.
Attack-types which are hard to process in a SOC
This talk will focus on the attack-chain from the viewpoint of a SOC and SOC workers. How to discover and leverage information found in the various sources and formats, that are delivered from all the sensors in the enterprise network. We will walk you through the multiple stages of such an attack used against a specific target. This will help identifying correlation options that should trigger the attention of the SOC operators, within the overwhelming pool of information. This is particular important to spot zero-days and targeted attacks, that try to be as silent and invisible as possible.
Deep Learning and Machine Learning for Network Traffic Analysis
In today’s IT networks, enormous amounts of network traffic are caused by benign activities every day. This makes anomalies difficult to identify and allows cyber attackers to hide in the noise.
Deep learning and machine learning in general are promising technologies to filter the noise and reveal such activities.
In this talk, I first give some insights into the technology behind the buzzword „deep learning“ and discuss the strengths and weaknesses of deep learning compared to traditional machine learning approaches.
Second, I present examples showing how these technologies can identify patterns and outliers in network traffic.