Omer Coskun
Ethical Hacker Royal Dutch Telecom (NL)
BIOGRAPHY
Omer works as an Ethical Hacker for KPN’s (Royal Dutch Telecom) REDteam in Amsterdam, the Netherlands. He enjoys diving into lines of code to spot bugs, tinkering in front of the debugger and developing wise tactics/tools to break applications on his day to day work. Prior to joining KPN REDteam, Omer worked for companies like IBM ISS, Verizon and as an external government contractor. He holds an Honour’s Engineering degree in Computer Science.
Twitter: 0xM3R.
Why nation-state malwares target Telco Networks: Dissecting technical capabilities of Regin and its counterparts
The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such like Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, it exclusively has almost focused on the executables or the memory dump of the infected systems – the research hasn’t been simulated in a real environment.
GSM networks still use ancient protocols; Signaling System 7 (SS7), GPRS Tunneling Protocol (GTP) and the Stream Control Transmission Protocol (SCTP) which contain loads of vulnerable components. Malware authors totally aware of it and weaponing exploits within their campaigns to grab encrypted and unencrypted streams of private communications handled by the Telecom companies. For instance, Regin was developed as a framework that can be customized with a wide range of different capabilities, one of the most interesting ability to monitor GSM networks.
In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective – kernel driver infection scheme, virtual file system and its encryption scheme, kernel mode manager- while analyzing its behaviors on a GSM network and making technical comparison of its counterparts – such as TDL4, Uruborus, Duqu2.
Are you the next cyber security superstar?
If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.
Other speakers joining this year
David Sancho
Senior Malware Researcher Trend Micro (ES)
Teodor Cimpoesu
Technical Director CERTSIGN
Alexandru Balan
Chief Security Researcher Bitdefender
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
COMPETITIONS
Sponsors & Partners
They help us make this conference possible.
POWERED BY
Orange Romania is part of the Orange Group, one of the largest global telecommunications operators that connects hundreds of millions of customers worldwide. With over 11 million local customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions for both individual and corporate customers, from basic connectivity services to complete mobile, fixed internet, TV packages, and complex IT&C solutions through Orange Business.
Orange Romania is the number 1 operator in terms of network performance, and also holds nine consecutive Top Employer certifications, which confirm that Orange Romania, in addition to the remarkable products and services it offers, pays special attention to its employees and working environment. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance.
In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.