Opisi predavanj - HEK.SI

 

Ethics in Network Measurements - Moral obligations of engineers, scientists and hackers, based on example of RIPE Atlas

When designing technologies, networked systems, and measurements on the Internet, we must be aware of their implications and consequences for the society and participants. As engineers, scientists, programmers and other experts, we have moral obligations towards our peers, users of technologies we create, and the wider communities.
In this talk I want to talk both about general ethical considerations, and specific examples of moral dilemmas that come from building the RIPE Atlas system, and conducting measurements that reveal workings of Internet infrastructure and services.
RIPE Atlas (atlas.ripe.net) is an extensive measurement network, where the vantage points (sources of measurements) are hosted by volunteers: mostly individuals at home, but also some institutions (ISPs, IXPs, academia, various other businesses). RIPE Atlas users are using someone else's Internet connection to do measurements. In order to recognise ethical considerations surrounding use of RIPE Atlas, we looked both into the historical considerations of engineers and scientists, and into practical constraints users should keep in mind.

Vesna Manojlović
RIPE NCC – RIPE Network Coordination Centre
O predavatelju

Hekanje in zaščita sodobnih alarmnih sistemov

Vedno več slišimo o zaščiti informacijskih sistemov in informacij. Od programske zaščite z najmodernejšimi pristopi stojnega učenja za zaznavo napadov, najmodernejših šifrirnih algoritmov, uporabe kvantnih računalnikov, pa do zakonskih ukrepov varovanja podatkov, kot je GDPR. Vendar pa vemo, da je informacijski sistem varen le toliko, kot njegov najšibkejši člen.
Kaj pa najosnovnejša oblika varnosti, ki velja tudi kot ena najpomembnejših potreb ljudi: »Fizična varnost«? Ali pa naprave, ki jih uporabljamo za naše varovanje?
V predstavitvi si bomo ogledali najpogostejše vrste napadov, ki se uporabljajo za vdore v brezžične naprave, kot so npr. alarmni sistemi. Ogledali si bomo tudi rezultate testov najbolj prodajanih nizko cenovnih alarmnih sistemov, in na kaj moramo biti pozorni pri nakupu takega sistema.

 
Črt Uršič
Fakulteta za varnostne vede UM
O predavatelju

How I get to see what you do on your home networks? – cracking wpa2 handshakes

Aljaž Starc
ŠC Nova Gorica
O predavatelju
Tjaž Valentinčič
ŠC Nova Gorica
O predavatelju

Internet stvari (IoT), ki temelji na arhitekturi spletnih vmesnikov pametnega doma ali podjetja

V predavanju bodo predstavljeni vidiki etičnega hekerja na tehnologijo implementirano v pametnih hišah in podjetjih, ki temelji na IoT napravah. Predavatelj, Žiga Podgoršek, bo uporabil nekaj primerov iz lastnih izkušenj in poskušal prikazati, kako je v praksi implementirana omenjena tehnologija in kjer so njene največje šibkosti ter kako jih regulirati. Spoznali bomo, da se kar nekaj ranljivosti povzroči zgolj z nepravilno implementacijo in z nezadostnim poznavanjem mrežnega segmenta s strani implementacijskih ekip. Prikazane bodo največje napake, ki se v praksi pogosto dogajajo, kako se veliko nepravilno implementiranih naprav prosto pojavlja v spletu, kjer čakajo, da jih zlonamerneži tako ali drugače izkoristijo.

Žiga Podgoršek
Inštitut za korporativne varnostne študije
O predavatelju

Kako hekerji vdrejo v notranje omrežje organizacije?

Uspešnost pri izvedbi notranjega varnostnega pregleda:
• Pri 90% organizacij pridobimo vsaj eno veljavno domensko uporabniško ime in geslo v uri ali dveh.
• V 60% slovenskih podjetjih/organizacijah pridobimo geslo domenskega administratorja v dnevu ali dveh, in si tako zagotovimo popoln nadzor nad uporabniškimi pravicami ter ostalimi domenskimi storitvami.
Pri tem ne uporabljamo metod socialnega inženiringa, ampak se osredotočamo na tehnično izrabo ranljivosti. Kako nam to uspe, čeprav imajo organizacije implementirane najrazličnejše varnostne rešitve? Na predavanju si bomo ogledali najpogostejše tehnike za izrabo notranjega omrežja, kje se skrivajo pasti in kako z logičnim povezovanjem manjših nepravilnih konfiguracij, izkoristimo notranje omrežje organizacije.

Boštjan Špehonja
GO-LIX d.o.o.
O predavatelju

Kako si pri informacijski varnosti pomagamo z umetno inteligenco?

Strojno učenje in avtomatizacija procesov sta v zadnjem času ključna oblikovalca novih poslovnih modelov. Z njimi lahko izboljšamo učinkovitost preventive in odkrivanja varnostnih vdorov, omogočajo hitrejše odkrivanje vdorov ter hitrejši odziv in končno – zmanjšamo odvisnost od omejene strokovne delovne sile na tem področju. Pripravili bomo tudi nekaj primerov varnostnih lukenj, ki jih prinaša zastarela tehnologija in nepoznavanje varnostnih groženj.

Jurij Kodre
Deloitte
O predavatelju

Local lateral movement - new threat vector

In order to use hacking tools or malware code, hackers need to have them locally where all known threat vectors are worn out. This lecture will show using Microsoft technology against Microsoft OS in lateral movement and ways to defend against this threat, new threat vector.

Mane Piperevski
Piperevski & Associates
O predavatelju

Medical Device Security: Please (don’t) be patient!

Digital networking is already widespread in many areas of life. More and more medical devices are networked in the healthcare industry. The security of these devices will play a major role in the future, which the German Federal Office for Information Security (BSI) also shows in the 2018 report on the situation of IT security in Germany based on the steadily increasing product range of smart medical devices. Acccording to the BSI, this is underlined by the increasing number of attacks on these devices with potential threats to patient safety.
The German Federal Institute for Drugs and Medical Devices (BfArM) publishes statistics on risk reports from medical devices annually. For 2017, these statistics result in 7404 incidents of active medical devices, popularly called medical devices, that could have endangered the life of a patient or user. The cause of these incidents can rarely be fully determined since these are not beyond doubt of the specific threat, e.g. Burn or overdose is traceable. Our research shows that medical devices that perform critical tasks only have basic security mechanisms. In the clinical environment, these include medication pumps, anesthetic devices, implants or large medical devices, such as CT and MRI. All of these devices have in common that they exchange sensitive health data to work as a unit.
Especially in the clinical environment, the complex and critical area of application, as well as the long service life and intensive use of the devices, is a serious problem, since the security mechanisms are usually not designed for this purpose. Weak points in these devices are to be treated particularly sensitively since disclosure must be well thought out and coordinated to keep the potential risk for patients low. A broken or tampered device can pose a massive threat to a patient's life. Withholding information about vulnerabilities and incidents means that the affected user groups and patients cannot assess the risk themselves until a specific incident occurs. This risk is compounded by the fact that healthcare providers have to rely on information technology to deliver their healthcare services, often relying on outdated technology and insecure network-enabled medical devices.
To counter this trend, the Food and Drugs Administration (FDA) in the USA and the German Federal Office for Information Security (BSI) in Germany published recommendations for manufacturers of medical devices in 2018. These specific aids for the design, implementation, operation, and maintenance of the devices focus on the security of the devices. Particularly noteworthy is that the BSI, in contrast to the FDA, does not orient the necessary security mechanisms according to the medical purpose and the specific risk for a patient, but rather to the mode of use and thus implicitly to the user groups using the device.

 

Julian Suleder
ERNW Research GmbH
O predavatelju

Methodology Of Finding Vulnerabilities In Web Application Source Code

Web applications are today the most common form of applications found in many important and critical systems. The increase in popularity of hacking web apps can be easily seen across multiple bug bounty platforms and programs, but what would be the most precise way to fully test and understand the security of an application? White box approach is probably the best answer and solution to this question. By reviewing every functionality, making smart decisions based on direct known path between user input, variables, functions and vulnerabilities at the end becomes not just a mandatory skill, but also a fun way to discover new vulnerabilities!

Damjan Cvetanović
RAS-IT
O predavatelju

Predavanje v pripravi

Andrej Tomšič
Informacijski pooblaščenec Republike Slovenije
O predavatelju

Predavanje v pripravi

Marko Grobelnik
Institut Jožef Stefan
O predavatelju

Predavanje v pripravi

Igor Eršte
URSVTP, Laboratorij za kriptografijo
O predavatelju

Secure bank – OWASP TOP 10

S prihodom novih disruptivnih tehnologij se je površina potencialnega napada še dodatno povečala, s čimer so se vpeljala nova tveganja in nove nevarnosti. Tekom predavanja vam bodo predstavljena nekatera tveganja in nevarnosti, ki jih prinašajo nove disruptivne tehnologije. Prav tako si bomo na predavanju na primeru spletne banke ogledali OWASP TOP 10 ranljivosti, ki jih še zmeraj srečujemo pri spletnih aplikacijah. Pokazali bomo, da ne glede na obstoj orodij, ki nam omogočajo zaščito pred najbolj pogostimi ranljivostmi, lahko ta orodja razvijalci napačno uporabijo, ter s tem povzročijo škodo podjetjem ter posameznikom.

Gregor Spagnolo
SSRD d.o.o.
O predavatelju

Socialni inženiring, ki se mu ni mogoče ubraniti

Aleš Ažman
Detekta d.o.o.
O predavatelju

Un-hacking the Oracle database

Every Oracle database installation is different and all have some levels of security issues. Oracle is a complex product with hundreds or even thousands of possible security settings that can be changed or tweaked to improve the hardening of the database. Combine this with the need to have actual data security and you could have a very secure Oracle database. In this short talk Pete will highlight some of the key directions that you can take to secure your Oracle database and also show useful tools that can be used to assist in this process to ensure that your data is not lost or stolen.

Pete Finnigan
Pete Finnigan Ltd., Oracle Security Expert
O predavatelju

Uvodni nagovor: Kibernetska varnost 2.0: VIJO(D)LIČNA

mag. Matjaž Kosem
CARBONSEC d.o.o.
O predavatelju

Vulnerability Research in Large-Scale Systems

As our society faces a digital transformation, not only the amount of data is growing exponentially, but also our software products are rapidly increasing in size.
As an example, early 2019 the Swiss government released source code for their electronic voting system as part of a mandatory public intrusion test. Hackers from all around the world were invited to try and find vulnerabilities in this bug-bounty program. The codebase itself contained over 250’000 lines of Java code and, as a microservice architecture, was distributed over several interactive modules.
Naturally the analysis of complex systems involves its own challenges and problematics.
In this talk we are going to look at how to approach large-scale systems, what restrictions can harden bounty-hunting for researchers and how to find vulnerabilities in massive security critical applications.

Jannis Kirschner
Independent Security Researcher
O predavatelju

What is so funny on DarkWeb?

The presentation is based on the research that Aleksandar did on DarkWeb. It will show what are the most interesting things that you can buy or sell on it, and how easy is to get to them.

Aleksandar Mirković
e-Sigurnost
O predavatelju
8.4.2020
Ljubljana
Gospodarsko razstavišče

Izkoristite posebno ceno, ki velja samo še
do 23.02.2020!

Cena za 1 dan
315€
Cena za 2 dni
368€

Cene ne vsebujejo DDV

PRIJAVI SE

Izkoristite posebno ceno, ki velja samo še
, do 23.02.2020!

Cena za 1 dan
424 €
315€

Cene ne vsebujejo DDV

Cena za 2 dni
496€
368€

Cene ne vsebujejo DDV

Zlati sponzorji

Bronasti sponzorji

Sodelujoči

Medijski sponzorji

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.