Lectures - HEK.SI
4G to 5G security challenges
5G network promises to transform industries and our digital society by providing enhanced capacity, higher data rates, lower battery for machine-type devices, higher availability and reduced power consumptions. In a way, 5G will act as a vehicle to drive much needed digital transformation race and will push the world into the information age. In addition, 5G can be used to replace the existing emergency communication network infrastructures. However, with a higher speed and low latency, higher bandwith availability attacks and attack surface will also be increased. In addition, in coming years, 5G may become the national critical infrastructure itself, thereby requiring new requirements, regulations, and policies to safeguard the national security interests. Several governments have been investigating different approach to build the 5G network with security and resiliency in mind. In this talk, first we discuss how 5G is different from the current 4G/3G/2G networks from system security design perspective. Then we outline potential security challenges in deployment of 5G networks for different industries and government entities. We use previously known and severe telecom security attacks examples to demonstrate potential risks of 5G. Finally, we provide future directions to minimize security risks to build 5G enabled information transportation superhighways.
Attacking the Wide Attack Surface of Manufacturing Systems
Over the last years, the phrases “Industry 4.0”, “connected factory” and “smart manufacturing” have become wildly popular. Apparently, we’re in the midst of a trend to connect production and manufacturing systems to the cloud, to collect data, perform predictive maintenance, and integrating big and bulky production systems with IoT devices. In this context, it may seem that, before the Industry 4.0 “revolution”, manufacturing devices were disconnected and that, thus, the modern Industry 4.0 “features” are the only things that constitute the attack surface of a manufacturing system. Unfortunately, this is not the case. In this presentation, I will analyze the attack surface of a manufacturing system, diving deep into the details of the security of industrial robots. Despite their appearance as bulky mechanical devices, robots are complex computer-controlled systems that move theit mechanical arms according to sophisticated programs written in domain-specific languages. In particular, we will show the impact and the effects of various attacks against an industrial robot (ABB IRC5), and we will tear its firmware down to uncover vulnerabilities that allow to perform the attacks we present. Notably, to attack the robot we don’t need any modern cloud-enabled Industry 4.0 device (just an old-fashioned remote access device), nor cloud integration, nor any Industry 4.0-specific technology.
Avtomatizacija penetracijskega testiranja oz. zakaj bi delal jaz, če lahko nekdo namesto mene
Closing lecture
Cyberwar, fact, myth or legend
We will embark on a small journey through the last few years of incidents, have a short visit to the legal corner, which we have to analyse to maybe find some basis for a common discussion, maybe even for some answers. Questions like, do cyber weapons exist? Is a war in a mankind created domain even possible? They need to be raised, they need to be discussed and answered.
From there, we will pose some more questions, some challenges, especially as we know other warfighting domains and how common principles and understandings of war might apply, or might not apply.
There might not be answers to those questions, but they need to be raised, they need to be worked on, and fast, as current real life, security and political challenges require a level of activity and attention which includes answering some of those challenges; or at least to be prepared to react to them. This is not only an issue for cyber security professionals, this involves the legal and the political level as well, if not even in a primary function (guidance, boundaries, direction to be taken).
On a personal level, important for us all, security professionals are thrown into the middle of this, as they are supposed to advice, to establish technical solutions and they are supposed to defend, while some might also be asked on what they can do if ever an active response is required. History shows us, such a function and activity can be a threat to security, consequences must be fully assessed, measures must be taken. We will end with a short Q&A, as time allows.
Ethics in Network Measurements - Moral obligations of engineers, scientists and hackers, based on example of RIPE Atlas
When designing technologies, networked systems, and measurements on the Internet, we must be aware of their implications and consequences for the society and participants. As engineers, scientists, programmers and other experts, we have moral obligations towards our peers, users of technologies we create, and the wider communities.
In this talk I want to talk both about general ethical considerations, and specific examples of moral dilemmas that come from building the RIPE Atlas system, and conducting measurements that reveal workings of Internet infrastructure and services.
RIPE Atlas (atlas.ripe.net) is an extensive measurement network, where the vantage points (sources of measurements) are hosted by volunteers: mostly individuals at home, but also some institutions (ISPs, IXPs, academia, various other businesses). RIPE Atlas users are using someone else's Internet connection to do measurements. In order to recognise ethical considerations surrounding the use of RIPE Atlas, we looked both into the historical considerations of engineers and scientists, and into practical constraints users should keep in mind.
From Zero to Hero – A practical example of a real-life Penetration Test
The talk is a walkthrough of a real-life corporate environment penetration test within the network of an (Austrian) company. Starting with a discussion regarding the test approach/scenario the main focus is an explanation of the test execution steps with a focus on the used TTPs (tools, tactics & procedures) and the challenges that organizations face in these times of complex infrastructures. The MITRE ATT&CK matrix will be the central theme for the TTPs and possible countermeasures that would have made our life as a tester (or a potential hacker) much more harder. The goal of the talk is to give the audience hands-on information how a penetration test might look like (90% practice, 10% theory).
How malware works?
A malware attack is a type of cyberattack in which malware or malicious software performs activities on the victim's computer system, usually without his/her awareness. In this lecture Stefan will explain what malware means, how it works, how it is detected, reported, he will present different types of malware analysis, how they work, etc. He will use windows 10, kali linux or parrot os, vmware and flare-wm.
How to shield an IoT product from the OWASP IoT TOP 10?
The “S” in IoT stands for security. I’ve read this line so many times on blogs and on twitter, that I think it is time to do something about it. So, how do we make an IoT product secure? Or how do we design a secure product from the start? The answer to the last question is easy, but doing it for an existing product, that is a big challenge. It probably can't be done in one release, but you have to start somewhere. This talk with walk you through IoT, its components, some principles to design a secure product, the OWASP IoT Top 10 and how to address them, setting up security requirements and controls, and last but not least analyze two popular IoT use cases: a GPS tracker and smart cities irrigation system. These should lay a fertile ground for further discussion.
Intelligence: Do you have it?
Cybersecurity experts responsible defending systems and business continuity, ethical hackers and red team members preparing penetration and exploitation all know the importance of proper intelligence on the target. The challenge is how to actually turn generic (and often overwhelming amount of) information into applicable operational intelligence to make strategic, operational and technical decisions. How to turn the white noise into an effective tool for raising the level of cybersecurity resilience by actively interfering with attacker activities?
Introduction speech: Kibernetska varnost 2.0: VIJO(D)LIČNA
Lecture is being prepared
Local lateral movement - new threat vector
In order to use hacking tools or malware code, hackers need to have them locally where all known threat vectors are worn out. This lecture will show using Microsoft technology against Microsoft OS in lateral movement and ways to defend against this threat, new threat vector.
Mainframes are ! dead
Mainframes can be hacked and have been hacked. They are still key pieces of infrastructure in many companies, and aren’t made redundant with the proliferation of the cloud. With mainframes’ true end-to-end encryption, almost endless scalability and the ability to dynamically adjust pricing to suit vastly different needs, it actually enables the cloud. Companies need a secure, scalable and flexible platform, which provides the trust organisations require and their customers expect. However, with rapid development and emerging technologies, the mainframe world is facing new security challenges which need to be addressed.
The evolving mainframe environment exposes a greater number of attack vectors than in the past. Mainframes interact with other systems and IT components meaning they are no longer isolated. In fact, they have become internet-exposed. The modern multi-platform software system implies it to become vulnerable as any other system.
People who understand the security of mainframes are hard to find. Universities rarely teach courses on mainframes and programming and control languages are very old. Mainframes are considered as secure – but who can really judge this?
In our digital world, mainframe knowledge has become available to potential attackers. We know that a mainframe represents a crown jewel in many organisation and so it needs dedicated security testing up to red teaming for mainframes to really test the defences and capabilities.
This speech is about attacks vectors, known weaknesses and exploitation techniques and includes Live demos as well. A mainframe is not too critical to be tested – it is too business critical to not be tested – treat it in the same way as any other key system!
Medical Device Security: Please (don’t) be patient!
Digital networking is already widespread in many areas of life. More and more medical devices are networked in the healthcare industry. The security of these devices will play a major role in the future, which the German Federal Office for Information Security (BSI) also shows in the 2018 report on the situation of IT security in Germany based on the steadily increasing product range of smart medical devices. According to the BSI, this is underlined by the increasing number of attacks on these devices with potential threats to patient safety.
The German Federal Institute for Drugs and Medical Devices (BfArM) publishes statistics on risk reports from medical devices annually. For 2017, these statistics result in 7404 incidents of active medical devices, popularly called medical devices, that could have endangered the life of a patient or user. The cause of these incidents can rarely be fully determined since these are not beyond doubt of the specific threat, e.g. Burn or overdose is traceable. Our research shows that medical devices that perform critical tasks only have basic security mechanisms. In the clinical environment, these include medication pumps, anesthetic devices, implants or large medical devices, such as CT and MRI. All of these devices have in common that they exchange sensitive health data to work as a unit.
Especially in the clinical environment, the complex and critical area of application, as well as the long service life and intensive use of the devices, is a serious problem, since the security mechanisms are usually not designed for this purpose. Weak points in these devices are to be treated particularly sensitively since disclosure must be well thought out and coordinated to keep the potential risk for patients low. A broken or tampered device can pose a massive threat to a patient's life. Withholding information about vulnerabilities and incidents means that the affected user groups and patients cannot assess the risk themselves until a specific incident occurs. This risk is compounded by the fact that healthcare providers have to rely on information technology to deliver their healthcare services, often relying on outdated technology and insecure network-enabled medical devices.
To counter this trend, the Food and Drugs Administration (FDA) in the USA and the German Federal Office for Information Security (BSI) in Germany published recommendations for manufacturers of medical devices in 2018. These specific aids for the design, implementation, operation, and maintenance of the devices focus on the security of the devices. Particularly noteworthy is that the BSI, in contrast to the FDA, does not orient the necessary security mechanisms according to the medical purpose and the specific risk for a patient, but rather to the mode of use and thus implicitly to the user groups using the device.
Round table
Scarecrow’s hands-on guide for Penetration Testing
This will be a practical lecture on how to hack into different types of structures, hacking Linux and Windows machines and analyzing a wide range of tools used to perform attacks in different steps and levels – this will involve port enumeration, finding vulnerabilities and exploit them, O.S., service and program scanning, privilege escalation. During the first part of the lecture, we will quickly talk about what penetration testing is and how it works, analyzing the steps to perform a successful attack, while in the second part we will put hands on practical stuff, hacking some machines and stealing data from them – everything in a controlled environment.
The Empire Strikes
Advanced persistent threats are becoming a real concern for all companies.The question that emerges is: how many customers and products do you have?
The larger a company becomes, the more likely it is to be a future target. In the world of cyberespionage campaigns and state-sponsored threat actors that will be the quantitative assessment. In this lecture you will find how the attackers gained access and the indicators of compromise when the empire strikes. Also there will be presented key aspects that are vital enablers in illuminating threats and offering protection to organizations at risk from hostile, state-sponsored economic cyberespionage.
The endless escalation of Malware Evasion Techniques
To perform malicious actions, attackers create malware. However, they cannot achieve their goals unless their attempts remain undetected. Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. There is a cat and-mouse game between security vendors and attackers, which includes attackers monitoring the operations of security technologies and practices. From process injection to sandbox evasion, attackers continue to innovate and seek new evasion techniques.
In this talk, we will deepen the most common evasion techniques through the most obscure and understand the latest trends used by attackers. This presentation will present the evolution of these techniques and show how to overcome them.
The time when I became a puppeteer
Mind control is all around us. When we wake up in the morning and read the newspaper or watch the tv and the ads are on, or when we walk out of the door and meet people, we usually confront with many situations in which someone tries to have us do something they wish.
Mind control and all the tactics that go with it are a big part of our lives, even if we don’t know or don’t realize it.
The most dangerous and sinister part of mind control is the one that uses deceptive techniques. You feel like you have a choice, but in reality the person that is manipulating you is taking the decision.
In this talk we will focus on deceptive mind control, psychological warfare, mind manipulation and how these techniques can be used in social engineering attacks. We will try to understand who is most at risk and if it’s possible to protect ourselves.
Trends in mobile application vulnerabilities in the region
INFIGO IS performed dozens of mobile application penetration tests in last several years. Although OWASP mobile Top 10 list is a great reference to most common mobile application vulnerabilities, we have decided that it is not sufficient due to some specific vulnerabilities we have been encountering.
Jagor Čakmak, INFIGO’s senior information security specialist will talk about some more obscure, but nevertheless interesting (and devastating!) vulnerabilities INFIGO has found during penetration tests of mobile applications used by various companies in the region. We will also touch base with some new features by mobile devices as well as new technologies such as chat bots, which might end up making a hacker’s life even easier.
Un-hacking the Oracle database
Every Oracle database installation is different and all have some levels of security issues. Oracle is a complex product with hundreds or even thousands of possible security settings that can be changed or tweaked to improve the hardening of the database. Combine this with the need to have actual data security and you could have a very secure Oracle database. In this short talk Pete will highlight some of the key directions that you can take to secure your Oracle database and also show useful tools that can be used to assist in this process to ensure that your data is not lost or stolen.
Vulnerability Research in Large-Scale Systems
As our society faces a digital transformation, not only the amount of data is growing exponentially, but also our software products are rapidly increasing in size.
As an example, early 2019 the Swiss government released source code for their electronic voting system as part of a mandatory public intrusion test. Hackers from all around the world were invited to try and find vulnerabilities in this bug-bounty program. The codebase itself contained over 250’000 lines of Java code and, as a microservice architecture, was distributed over several interactive modules.
Naturally, the analysis of complex systems involves its own challenges and problematics.
In this talk, we are going to look at how to approach large-scale systems, what restrictions can harden bounty-hunting for researchers and how to find vulnerabilities in massive security critical applications.
Weaponising Neural Networks. In your browser!
Neural Networks have received an increasing interest from both the academia and the industry segments. The unreasonable effectiveness of recurrent neural networks makes them ideal candidates for tasks where the inner patterns inside the data are hard to spot and exploit using classical approaches. This includes Natural Language Processing, Speech Recognition, Image Captioning, Machine Translation, Speech Synthesis, Anomaly Detection and the list can continue.
Generative models are currently used to produce handwriting, signatures, speech and images that are indistinguishable from human-level quality. Supporting programming languages and machine learning frameworks, make it easy to deploy and run neural networks on virtually any hardware or software, for that matter.
Our work explores the availability of ML frameworks that work in JavaScript environments and the fact that generative models can be used for encoding, storing and reconstructing any coherent data sequence. We state that by conditioning the model to output data based on a key (seed), the reconstruction and analysis of the learned sequence is virtually impossible by means of static analysis of the weights of the model.
Our Proof-of-Concept (POC) proves that neural networks can be used for irreversibly hiding malicious code, thus making any static code-scanner blind to the data that is being delivered through the browser. Also, dynamic analysis of code can be misled by making the network respond to different seeds in different ways (i.e. generate music for one seed and malicious code for another).
And all of this, in the client’s browser!"
Weaponizing ROP with pwntools
This presentation will be focused on how we can evade modern defense mechanisms with a high focus in bypassing ASLR protections.
We will cover both introductory knownledge as well as more advanced techniques. Even though half of the presentation will be mainly
focused on a short recap on exploiting different types of ELF file, the second part is focused on automation and creating template
scripts that can make our job easier on a daily basic. Here we will dive into the pwntools framework and try to utilize as much of its
features as possible. Don't miss the chance on seeing some cool stuff as well as a live demo to demonstrate the presented technique.
What is so funny on DarkWeb?
The presentation is based on the research that Aleksandar did on DarkWeb. It will show what are the most interesting things that you can buy or sell on it, and how easy is to get to them.
Where is your data gone? A Hacker's Story
This is a journey in the digital environment that starts from a picture take by your mobile phone, after a while you loose control about where copies of that pictures are, and your photo is taken by hackers and sold in the darkweb for completing fake profiles that, at the end, become other's people new lives in a different country.
On-Line
When registering for the HEK.SI 2024, you get FREE TICKET for the INFOSEK 2024!