Lectures
AI Exploitations
The potential for AI to exploit cybersecurity threats exists, as sophisticated algorithms can be used to automate and enhance various attack methods.
AI can analyze vulnerabilities, execute phishing attacks, and even learn to evade detection mechanisms. Developing robust cybersecurity measures is crucial to mitigate these risks.
AI in Cybersecurity and vice versa
AI has become a hot topic over last 2 years and cyber security has not been an exception. AI will influence the cyber security in many aspects and we keep hearing about this on a daily basis. However, we do not hear a lot on cyber security within the AI. This talk will cover basic stuff about the AI, how it influences cyber security processes, but also how the cyber security principles should be applied while building AI.
Balanced approach: Offense and defense
Organizations today build strong defenses by implementing as many checks and solutions as they can, and they keep doing this for every threat without realizing how much security their architecture needs. In this lecture, we will look at how one can determine which defense is best for them with the help of offensive security practices.
CTI Monitoring - Dark Web & InfoStealers: Uncovering Threats and Safeguarding Data
In an era where cyber threats are constantly evolving, organisations face significant challenges in securing their digital assets and sensitive information. This presentation delves into the realm of Cyber Threat Intelligence (CTI) monitoring, with a particular focus on the Dark Web and InfoStealers.
The Dark Web, an obscure underworld of the internet, harbors malicious actors who exploit vulnerabilities, trade stolen data, and launch cyber attacks. Understanding the intricacies of this hidden ecosystem is crucial for preemptively countering threats. Equally important is comprehending the techniques employed by InfoStealers, a class of malware designed to pilfer sensitive information from unsuspecting victims.
During this presentation, we will explore the methods employed by threat actors to operate within the Dark Web and distribute InfoStealers. We will delve into the Dark Web's structure, the types of illicit activities it facilitates, and how cybercriminals exploit its anonymity to their advantage. Furthermore, we will examine the inner workings of InfoStealers, analyzing their capabilities, infection vectors, and the wide-ranging consequences of their successful deployment.
We will outline effective strategies for CTI monitoring that organisations can implement to detect and mitigate Dark Web threats and InfoStealer attacks. We will explore the tools and techniques used to monitor and analyse the Dark Web.
Attendees of this presentation will gain a deeper understanding of the risks posed by the Dark Web and InfoStealers, and how CTI monitoring can play a pivotal role in mitigating those risks. Armed with this knowledge, organisations can bolster their security posture, proactively identify potential breaches, and fortify their defenses against emerging cyber threats.
Join us in this informative session as we shine a light on the dark underbelly of the internet and empower organisations to safeguard their critical data and infrastructure in an increasingly dangerous digital landscape.
Don't trust, verify!
In the ever-more digital era, protecting and verifying data is increasingly challenging. The prevailing paradigm relies on trusting information based on its source. While this model works effectively within closed systems, the verification and authorization of sources become progressively more complex, if not entirely unfeasible, in open data-sharing scenarios. This presentation will delve into the most recent trends in establishing digital frameworks for trustworthy data exchange in open systems, demonstrating how such frameworks enable us to efficiently and reliably verify the source and accuracy of information.
Driver Device Risks and their Management in Enterprise Contexts
What could be more normal than inserting a device on a machine and seeing it work natively? Anyone once in his/her life should have experienced the Plug and Play (PnP) interface related to devices. Some among us remember a time where it was necessary to install a “device driver” using floppy disks or CDs. Today, everything is done automatically, meaning a device driver is magically setup but the reality behind this magic that is quite technical.
In this talk, we will first describe the mainlines of the process of device driver installation in Windows 10/11. From the moment the device is physically inserted into the machine and identified by the system, to the moment a driver is selected to interface with it, including potential download of a specific driver to interface the device natively.
Examples of famous vulnerable drivers and associated exploits will be presented. In the end, we will briefly talk about the technical solutions to manage device drivers in an enterprise environment, especially with Windows Driver Update Management in Microsoft Intune. We will also present limitations inherent to all companies when dealing with the management of drivers.
Evil artificial intelligence and its influence
Malicious Artificial Intelligence (Evil AI) poses a significant challenge in the field of cybersecurity, bringing forth a range of potentially harmful consequences. While traditional defense methods against threats evolve with technology, MAI introduces new dimensions of danger that demand innovative approaches and solutions.
One key issue arising from malicious AI is the attacker's ability to employ advanced algorithms to deceive detection systems. Evil AI can automatically adapt its tactics, evade recognition, and easily circumvent traditional security measures. This complicates the identification and suppression of attacks, escalating the risk of unauthorized intrusions into systems.
Another challenge lies in compromising data integrity. Malicious AI can utilize sophisticated techniques to manipulate information, tracking patterns and adapting to remain unnoticed. This can lead to the spread of fake news, data theft, or even sabotage of critical systems, with serious consequences for individuals, companies, and society as a whole.
Advancements in Evil AI attacks can also have severe implications for privacy. Through the analysis of extensive datasets, Evil AI can identify and exploit sensitive information about individuals. This raises serious ethical and privacy protection questions, as defense mechanisms often struggle to keep pace with the rapid development of Evil AI.
Addressing these challenges requires collaboration between experts in artificial intelligence and cybersecurity. Implementing advanced detection systems, integrating artificial intelligence in defense mechanisms, and developing ethical guidelines for the use of artificial intelligence in the cyber sphere become imperative. Education about risks and prevention also plays a crucial role in building a more resilient society against MAI.
In conclusion, the impact of malicious artificial intelligence on cybersecurity is a serious challenge that demands comprehensive strategies and continuous evolution of defensive technologies. Only through the collective efforts of experts from various fields can we create a safer and more resilient digital environment.
Hunting the Shadows: Exploring Advanced Threats through Ethical Hacking
In this captivating presentation, 'Hunting the Shadows: Exploring Advanced Threats through Ethical Hacking,' speaker will delve into the intricate world of cybersecurity threats. Join us on a journey to uncover the sophisticated techniques employed by cyber adversaries and discover how ethical hacking serves as a powerful tool in understanding, mitigating, and defending against these advanced threats. This session promises insights into cutting-edge strategies, practical methodologies, and the ethical hacker's role in maintaining cyber resilience. Together, let's explore the shadows and emerge with a deeper understanding of the evolving cybersecurity landscape.
IP ThreatWatch: Fast-track incident investigations with OSINT and Shodan
The ever-increasing web presence of organizations with advent of remote work has attracted advanced malicious actors employing innovative and novel techniques to break in for either profit, intellectual property theft or sometimes even as a pawn for nation states. It has become increasingly difficult to keep track of exposed information, thereby increasing the attack surface for attackers. Modern vulnerability scanners are great at detecting and finding information about internet connected devices and applications owned by any business. But they fall short of keeping up with the dynamic nature of modern applications over cloud, microservices and on-prem data centers and are in most cases relegated to being mere open port identifiers.
Our project ‘IP ThreatWatch’ employs Shodan to identify internet-exposed assets and applications that are often used by attackers to find exploitable vulnerabilities which regular vulnerability scanners miss, especially related to IoT devices. We leveraged the same OSINT information that Shodan sees by streaming it using complex algorithms that keeps up with changing nature of IP addresses; to our SIEM to beef up the results of vulnerability scanners and combine the two to create a OSINT repository, which is used to enrich the alerts received by Security Operations Center with threat data associated with potential exploitability of exposed services. In addition to that, a completely automated pipeline is deployed to keep Shodan monitors updated with network identifiers for remote and work from home employees. As a result, the enriched data became an invaluable asset during incidents and forensic investigations handled by SOC to speed up incident response process.
NIS2 & CRA: Europe's Response to Cyber Shenanigans
In an era where cyber threats are getting increasingly sophisticated, Europe has stepped up its game with two pivotal regulations: the NIS2 Directive and the Cyber Resilience Act (CRA). These measures are redefining the cybersecurity landscape, offering comprehensive strategies to combat digital dangers.
In this session, we'll delve into the depths of both the NIS2 Directive and the CRA, unraveling their complexities and implications, looking at how they're changing the game, and what it means for businesses, individuals, and yes, even the humble smart devices in our homes. Walk away with insights that'll make you the star of your next virtual hangout, and have your smart toaster nodding in approval (well, metaphorically).
OPSEC Uncovered: Navigating the World of Operational Security
Originally developed for military organizations, OPSEC is a proactive approach to cybersecurity that helps identify and fix risks and vulnerabilities before they can be exploited by malicious actors. It helps protect sensitive information from falling into the wrong hands, thereby preventing data breaches and cyber-attacks.
In this talk, we will explore how different organizations implement OPSEC to secure their human and technical assets, using a gripping real-world scenario that underscores the severe consequences of poor OPSEC. We'll also delve into the various best practices of OPSEC and equip you with knowledge on how to implement these practices personally. Engage with us in this informative and enlightening journey.
Penetration Testing For NOT Dummies
Penetration testing is a vital part of a company's cybersecurity defense strategy. Pen testing efforts need to catch 100% of vulnerabilities but cybercriminal need to find just one way to breach your systems. How do you make sure that your pen testing methodologies are correct? In my presentation, I'll take a deep dive into complexities of penetration testing and discuss tools, techniques, limitations, scope and how to best understand what to test. We are not dummies and our pen tests need to be done with intelligence and skills to assess the true scope of system readiness to remediate the findings.
Pizza, Pasta and Red Teaming: insights and ideas for an efficient report
Roberto Chiodi - Head of Red Team of Yarix, suggests a point for reflection on a topic as complex as delicate as the Red Teaming reports, trying to go beyond the fight to the bitter end for the know-how, wanting instead to propose a moment of sharing and hopefully of pleasant debate.
Prototype Pollution
JavaScript's prototype pollution vulnerability allows attackers to add arbitrary properties to global object prototypes, potentially inherited by user-defined objects. While not always exploitable independently, it enables attackers to manipulate typically inaccessible object properties. If mishandled, this may lead to chaining with other vulnerabilities.
In client-side JavaScript, this often results in DOM XSS, compromising user security by injecting malicious scripts into the Document Object Model. On the server side, prototype pollution poses a severe threat, potentially leading to remote code execution. Exploiting this vulnerability allows attackers to execute arbitrary code on the server, jeopardizing system security.
Securing Health: Navigating Cybersecurity in Medical Devices under the Medical Device Regulation
The presentation offers a comprehensive crash course for those keen to understand the intersection of cybersecurity and medical device regulation.
Attendees will gain insights into the specific requirements set by the Medical Device Regulation (MDR), explore the risks and opportunities associated with connected medical devices, and delve into relevant standards and guidance documents. This session is designed to equip participants with essential knowledge and best practices in safeguarding medical devices against cyber threats within the regulatory framework.
Teaching Cybersecurity in High School and ITS/IFTS Courses
Unfortunately, many citizens and companies still underestimate the importance of cybersecurity.
Can people's mentality be changed starting from the new generations?
Can Cybersecurity be successfully taught in high school and graduate courses?
What are the future prospects?
What are the margins for improvement?
The speaker will address these issues by reporting some experiences he has had in carrying out his work as a teacher and freelancer.
The rise of hybrid threats
In the early 1980s, a new warfare concept emerged, known as the Revolution in Military Affairs (RMA). This concept signified a technological revolution in the military, promising significant enhancements in the lethality and capabilities of conventional weapons. Presently, Information and Communication Technologies (ICTs) play a crucial role in RMA, integrating services, command structures, authorities, devices, and weapon-delivery systems into a cohesive "system of systems." This integration boosts situational awareness, lethality, and versatility. Hybrid warfare combines elements of conventional and irregular warfare, cyberwarfare, and information warfare tactics, including the spread of fake news, disinformation, and misinformation. It involves various modes of warfare like conventional and irregular tactics, terrorist acts, violence, coercion, and criminal activities, engaged by both states and non-state actors. In this warfare style, conventional military operations are secondary to information campaigns. Currently, the distinction between cybercrime and cyberattacks, as well as between reality and perceived reality, truth and falsehood, is increasingly ambiguous. With the growing integration of Artificial Intelligence in daily life, the eventual use of this technology in fully autonomous systems or in developing advanced malware and chatbots is inevitable.
Threat Hunting Space and Digital Energy with Physics
In this talk we will discuss new ideas for threat hunting ICS\SCADA networks. This talk will discuss new ways to provide secure visualization and instrumentation for ICS\SCADA networks utilizing physics to identify advanced adversarial threats. This talk expands upon the traditional methods for monitoring networks and hunting threat activities as typically performed in an enterprise network. This presentation will dive into examples of how to monitor the Internet of Military Things (IoMT) and ICS\SCADA infrastructure to collect physics-based data that may provide new insights into complex threats that may be sourced from the supply-chain, an insider or external threat. Threat hunting space and the Internet of Space Things (IoST) will be discussed.
What are syscalls and how they help bypass EDRs?
In the world of antivirus and EDRs, there is a constant effort to validate the use of suspicious Windows API calls. These checks help mitigate attacks from malware and adversaries that utilize these APIs. In this talk, presenter will share insights on malware attempts to bypass these checks by utilizing direct syscalls.
Through direct syscalls, we can circumvent the Windows API and communicate directly with the kernel. By the end of this talk, you will gain additional knowledge about EDRs, the nature of syscalls, and how they are employed in malware to evade security checks from antivirus and EDR systems. You will also gain insights into how you could develop these techniques yourself.
XDR Unleashed: The Next Frontier in Cybersecurity
This session will explore the transformative impact of Extended Detection and Response (XDR) on the cybersecurity landscape. We'll delve into the evolution of XDR solutions, their role in addressing modern threats, and the potential they hold for enhancing overall cybersecurity strategies. The presentation will touch upon key components and future trends, offering attendees valuable insights into the forefront of cybersecurity innovation.
We believe this topic aligns seamlessly with the conference's focus on advancements in cybersecurity technologies.
XDR is rapidly becoming a cornerstone in modern cybersecurity strategies. Attendees will gain practical insights into the capabilities and potential of XDR solutions, providing actionable takeaways for their organizations.
On-Line
When registering for the HEK.SI 2024, you get FREE TICKET for the INFOSEK 2024!