Registration

Pick up your badge & grab your coffee.

WiFi practical hacking "Show me the passwords!"

Konrad Jędrzejczyk - Threat Detection Analyst at Credit Suisse

There will be no wasting time on purely theoretical approaches or WEP that nobody uses nowadays. In contrast to other talks, it will be focused purely on the practical side: what can actually be done with affordable equipment. The primary focus will be on obtaining clear text passwords to both home and corporate networks.

Drupalgeddon 2 – Yet Another Weapon for the Attacker

Radu-Emanuel Chiscariu - Security Research Engineer at Ixia, a Keysight business

With over 1,000,000 websites on the Web, Drupal is one of the most popular Content Management Systems out there. This makes Drupal a juicy target for malicious actors. A recently discovered vulnerability in the Drupal Core Project effectively allows an attacker to gain remote code execution on the target server. How can this vulnerability be exploited? How can an attacker make use of such a tool? These are some questions that this talk will attempt to answer to.

Coffee Break

Catch Me If You Can - Finding APTs in your network

Leo Neagu - InfoSec Team Lead at SecureWorks

Adrian Tudor - SOC Team Lead at SecureWorks

APT attacks have traditionally been associated with nation-state players. But in the last few years, the tools and techniques used by few APT actors have been adopted by various cybercriminals groups. In this talk we will walk through an APT intrusion, exemplifying techniques used by threat actors to compromise enterprise networks and achieve their goals. We will also approach the defender side highlighting detection methods and countermeasures.

From Mirai to Monero – One Year’s Worth of Honeypot Data

Mihai Vasilescu - Senior Security Research Engineer at Ixia, a Keysight business

Adrian Hada - Senior Security Research Engineer at Ixia, a Keysight business

With the end of 2016 seeing the explosion of the Mirai malware with source-code included, 2017 saw more and more DDoS botnets based on the original or modified Mirai code. At the same time, another fad appeared: cryptomining on infected machines, with Monero mining becoming an important means for malware authors to make money with less overall risk involved. This presentation will focus on what we’ve seen in our honeypots in the past year – the threats involved, abused exploits and applications as well as other interesting data for the people involved in threat intelligence, operations and security roles.

Lunch Break

Weaponizing Neural Networks. In your browser!

Tiberiu Boros - Software Developer / Computer Scientist at Adobe

Cotaie Andrei - Senior Security Engineer at Adobe

Our Proof-of-Concept (POC) proves that neural networks can be used for irreversibly hiding malicious code, thus making any static code-scanner blind to the data that is being delivered through the browser. Also, dynamic analysis of code can be misled by making the network respond to different seeds in different ways (i.e. generate music for one seed and malicious code for another).

In search of unique behaviour

Ioan Iacob - Cyber Threat Analyst @CrowdStrike

Marius Bucur - Malware Analyst @CrowdStrike

A walk through multiple attack scenarios seen in our protected environments, hunting and dissecting different infection vectors with unique modus operandi for payload delivery and persistence followed by intel reporting and detection.

How to Fuzz like a Hacker

Marek Zmysłowski - Security Researcher at CYCURA INC.

This presentation will focus on methods that can be applied to optimize the fuzzing process and makes it more efficient. It includes tools and strategies like: Address Sanitizer, different distribution strategies, instrumentation and hardware advantages (depends on architecture). All those examples will be presented based on the current open-source leader, AFL.

Lattice based Merkle for post-quantum epoch

Maksim Iavich - CEO and President at Scientific Cyber Security Association

Scientists are actively working on the creation of quantum computers. Quantum computers can easily solve the problem of factoring the large numbers. Because of this, quantum computers are able to break the crypto system RSA, which is used in many products. We propose to use as the hash function, the lattice-based hash function, and to use lattice based one-way function as an one-way function in hash-based digital signature schemes.

Registration

Pick up your badge & grab your coffee.

Red, Blue and Purple Teaming Deep Dive

Shah Sheikh - Sr. Security Consultant at DTS Solution

Questions remain over an enterprise cyber security posture and the current level of the threat landscape and the inherent risk profile of the organization. Building a next generation cyber security operations center (CSOC 2.0) is one of the ways in which organizations can build better cyber defense mechanism across the organization.

Timing attacks against web applications: Are they still practical?

Ivan Petrov - Penetration Tester at TAD Group

We will look into several web solutions that can be proven susceptible to such attacks, the resource required to execute an attack, likelihood of arousing suspicion and more. We will also demonstrate a real-time attack against a remotely hosted application that runs a well-known and widely used CMS. Our example represents an efficient method that improves the likelihood of exploiting a non-constant-time function in a PHP-based product.

Coffee Break

Cyber Security Startups from Orange FAB

Alex Negrea - Co-Founder & CTO at Appsulate

Bozeanu Andrei - Founder, Dekeneas

Adrian Furtuna - Founder Pentest-Tools.com

- Web Isolation 101: Securing Web Apps against data exfiltration and shielding corporate endpoints from web-borne threats, Alex Negrea - Co-Founder & CTO at Appsulate
- The lions and the watering hole, Andrei Bozeanu - Dekeneas
- Let's Make Pentesting Fun Again! Report writing in 5 minutes, Adrian Furtuna - Pentest Tools

Remote Yacht Hacking

Stephan Gerling - Security Evangelist ROSEN Technology & Research Center GmbH

In my Talk I will present latest attack scenarios against modern vessel and yachts.

Lunch break

Bridging the gap between CyberSecurity R&D and UX

Razvan Todor - Senior Product Manager at Bitdefender

If you want to understand how security products are designed, why some of those uninspired messages make it into product interfaces or you’re simply curious of how these things work, then here’s your product manager’s guide through a cybersecurity company.

Mobile signaling threats and vulnerabilities - real cases and statistics from our experience

Kirill Puzankov - Telecom Security Expert/Researcher at Positive Technologies

We have been exploring the security of mobile signaling for years. 2G, 3G and then 4G+, all the generations of protocols proved to be similarly vulnerable. However, the existence of vulnerability doesn’t automatically mean it is being exploited in the wild. Having conducted more than 60 security assessments for the mobile operators signaling networks, based on the experience of security monitoring projects, we gathered more than enough info to share with the world. What are the hackers up to? What is the state of networks security? How and which methods allow hackers to bypass evolving security measures? I will explore the most interesting cases in technical detail.

We will charge you. How to [b]reach vendor’s network using EV charging station.

Dmitry Sklyar - Application Security Specialist at Kaspersky Lab

This talk is focused on the research of one of the EV chargers intended for SOHO usage. It contains different wireless interfaces as well as mobile application for remote control. During our research, we have found multiple security issues that could provide remote adversary an ability to take control over charger and possibility to compromise vendor’s backend infrastructure.

Secure and privacy-preserving data transmission and processing using homomorphic encryption

Razvan Bocu - Lecturer and Researcher at Dept. of Mathematics and Computer Science, Transilvania University of Brasov

Hardware and software solutions for the collection of personal health information continue to evolve. The reliable gathering of personal health information, previously usually possible only in dedicated medical settings, has recently become possible through wearable specialized medical devices. Among other drawbacks, these devices usually do not store the data locally and offer, at best, limited basic data processing features and few advanced processing capabilities for the collected personal health data. In this presentation, we describe an integrated personal health information system that allows secure storage and processing of medical data in the cloud by using a comprehensive homomorphic encryption model to preserve data privacy.

Registration

Pick up your badge & grab your coffee.

The Hitchhiker's Guide to Disinformation, Public Opinion Swinging and False Flags

Dan Demeter - Security Researcher at Kaspersky Lab Romania

During this talk we will be touching on some cases of disinformation and discuss their impact over our societies. The stakes now are higher than ever and everyone wants to be part of the game.

Implementation of information security techniques on modern android based Kiosk ATM/remittance machines

Muhammad Mudassar Yamin - Research Fellow at Norwegian University of Science and Technology

ATM machines are rapidly developing and are finding new applications from bill payments to online fund transfers. Everything is getting smart in the modern world and ATM are no exceptions in this regard. The natural choice of manufacturers for making ATM smart is by making their function connected to android based system. However, android based Applications are inherently vulnerable and can be exploited by external attackers or by internal malicious users.

Burp-ing through your cryptography shield

Cosmin Radu - Information Security Consultant at Atos SE

What do you do when Burp is failing you, when even Google is failing you? This presentation describes the approach to a problem encountered during an application test. What can you do when the application sends encrypted requests? You find the encryption-key creation code, realize it’s broken, and then proceed to build a Burp Extension that allows you to intercept, decrypt , modify, re-encrypt the requests.

Coffee Break

Well, that escalated quickly! - a penetration tester's approach to privilege escalation

Khalil Bijjou - Senior Security Consultant at SEC Consult

This talk imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most relevant privilege escalation methods and techniques and names suitable tools and commands. These methods and techniques have been categorized, included into an attack tree and were tested and verified in a realistic lab environment. Based upon these results, a systematic and practical approach for security experts on how to escalate privileges was developed.

Mobile, IoT, Clouds… It’s time to hire your own risk manager!

Yury Chemerkin - Security Expert at JSC Advanced Monitoring

This talk is about how to use different techniques (including forensics) to break into data of mobile devices to define and quantify the severity of issues found by these methods. Some examples will be shown on popular apps everyone uses daily, some cases of various apps to highlight the exciting problems.

Lunch Break

CPU vulnerabilities - where are we now?

Manuel Wiesinger - Security Researcher at SBA Research

Recently discovered side-channel vulnerabilities in processors and memory modules (such as Meltdown, the Spectre family or Rowhammer) require us to rethink fundamental assumptions of operating system design – we can no longer take proper memory management for granted. Today’s predictable operating system behavior may eventually be leveraged to leak information helping attackers. This talk gives a high-level overview of publicly known side-channel attacks as well as proposed defense strategies. We discuss how such attacks can (realistically) help intruders as well as the side-effects of stopping them.

OSSTMM: The “Measure, Don’t Guess” Security Testing Methodology

Jan Kopriva - Team Leader of ALEFs Computer Security Incident Response Team (CSIRT)

With version 4.0 of OSSTMM about to hit the metaphorical shelves, it is a good time to have a closer look at what the methodology can offer both when used as a whole and when only some parts are utilized during a security test. Which is what we’ll do in this talk.

Open Directories: Sensitive data (not) hiding in plain sight

Jan Kopriva - Team Leader of ALEFs Computer Security Incident Response Team (CSIRT)

As a part of long-term research into the security of Czech and Slovak Internet (.CZ and .SK domains and/or IP addresses geolocated within CZ or SK), ALEF CSIRT conducted an analysis of data from several thousand freely accessible open directories. Many files from these directories turned out to be quite interesting as Jan will discuss during his talk.

Panel - CPU vulnerabilities, how to resist future attacks , new technologies and future trends in IT Security

Guests:

• RADAR Services – Speaker Harald Reisinger
• CATALYSTS Romania – Speaker Tamas Bakos
• PORSCHE Engineering – TBA
• SBA RESEARCH – Speaker Manuel Wiesinger

Registration

Pick up your badge & grab your coffee.

Tailored, Machine Learning-driven Password Guessing Attacks and Mitigation

Georg Knabl - Freelance Technical Director, Senior Software Engineer @Page On Stage

This talk is based on the presenter’s recent master’s thesis and hence will deal with the application of machine learning to password list generation to create human-like password dictionaries using character-based Recurrent Neural Networks. Furthermore, it will show that an attacker can facilitate machine learning to generate tailored password lists for specific victims by training a model on password creation schemes of other people in combination with user data of the victim. Additionally, a machine learning classification method will be presented to identify human-generated passwords.

The charter of Trust

Stefan Zarinschi - Penetration Tester Specialist @ Siemens

The digital world is changing everything. Billions of devices are connected by the Internet of Things. That holds great potential for everyone, but also great risk. The risk of exposure to cyber-attacks. The risk of losing control over the systems that run our infrastructures. Cybersecurity is and has to be more than a seat belt or an airbag for our data; it’s a factor that’s crucial to the success of the digital economy. People and organizations need to trust that their digital technologies are safe and secure; otherwise they won’t embrace the digital transformation. That’s why we are developing a Charter of Trust bearing the principles that are fundamental to a secure digital world.

Coffee Break

Between Hype and Need

Alex “Jay” Balan - Chief Security Researcher at Bitdefender

Is Big Brother really watching while you master baits for your next fishing trip? Are you as outraged as everyone else about the Snowden revelations? Is privacy really a myth? In this session we’ll learn exactly what data we should consider as already compromised, what and how to prioritise when it comes to our personal privacy and, of course, even more myths about privacy debunked for a more informed you in your day to day life. Make sure to bring your game for the end of the talk when, depending on how much time we have left, we’ll try to have a quick debate on this.

One year after a major attack

Daniel Tomescu - Manager Cyber Security at KPMG Romania

Gabriel Tanase - Director Cyber Security at KPMG Romania

One year after the ransomware attack from Astra Asigurari. Some interesting insights and lessons learned.

Lunch Break

Intro to Reversing Malware

Abdullah Obaied - Security Specialist at Adjust GmbH

Malware is any software intentionally designed to abuse the capability of its system API to cause damage to a computer, server or computer network. In this talk, the speaker will demonstrate the tooling and methodology used to reverse malware and understand its limits. This is a beginner-friendly talk that requires basic programming knowledge.

(Lighting Talk) Tor .onions: The Good, The Rotten and The Misconfiguread

Ionut-Cristian Bucur - Security Research Intern, Application & Threat Intelligence at Ixia, a Keysight Business

How can you make use of Tor in your day to day life? And what dangers do you expose yourself to when browsing it? What kind of people are there? What are they doing in such a shady place? What are they trying to do to you? And the most important question of all, do they fry the onions or eat them raw? Let us hold hands together with a Chrome Headless based .onion crawler and scuba dive into the magical wonderland of the Darknet. We will find answers to all questions you have and don’t have.

(Lighting Talk) Applying Fuzzy Hashing to Phishing Page Identification

Adrian Hada - Senior Security Research Engineer at Ixia, a Keysight business

Phishing attempts are generally met with only a limited measure of success – phishing attempts might get blocked or users might not be tricked by the attempt. Threat actors generally reuse the same phishing page template, customized for multiple targets, which they try to deploy at scale to increase their chances of success. Given the high amount of similarity between phishing pages, we can use near-similarity measures to identify phishing pages. This is a quick overview of how such an approach would work and its success rate in identifying phishing pages.

(Lighting Talk) Applying Honey to the Pot - The Saga of Port 5555

Gabriel Cirlig - Senior Software Engineer, Application & Threat Intelligence at Ixia, a Keysight business

Starting as a developer’s best friend, the Android Debug Bridge has slowly turned into a security nightmare over the years. While having an open port available for debugging your application over the internet sounds great, forgetting to turn off that service in production environment can spell big trouble for you or even the consumers using the said products. The Android Debug Bridge protocol was initially designed for accessing various critical services of an Android device over USB. While time passed, it also got encapsulated over TCP/IP, opening up port 5555 for a remote debugger to attach itself. From a security standpoint however, no improvements have been made, and a remote attacker can freely connect and exploit a device over the air. This is why I started developing a low interaction honeypot to catch this kind of attacks following a surge in hits on that specific port in our sensors. Shortly after deployment on only one machine, I started getting hits right off the bat. In the presentation I’ll be discussing the development procedure for the honeypot from the ground up as well as dissecting the ADB protocol in order to enable researchers to more easily implement their own honeypots.

Trust, but verify – Bypassing MFA

Stefan Mitroi - InfoSec Team Lead at Secureworks

Mircea Nenciu - Senior Advisor - Technical Team Lead within SecureWorks

This talk will present the basics of the MFA and deep-dive on how can this be bypassed in order to gain access to the user’s account.

Economical Denial of Sustainability in the Cloud (EDOS)

Raluca Stanciu - Software Developer at BullGuard

With the rising of Cloud, many enterprises are able to cut down their IT budget and gain flexibility by moving infrastructure, services and application development to the Cloud. But how safe are they? And at what scale do the economic losses of cyber attacks increase when having websites such as banking, online stores and social media platforms moved in the Cloud? How can companies protect themselves? With a focus on one of the most costly dangers in the Cloud, which is the Economical Denial of Sustainability attack, this presentation tries to answer all of the above questions and give an insight on how such security problems can be prevented and addressed.