Worldwide recognized speakers will showcase the naked truth about sensitive topics like infrastructure (in)security, GDPR, cyber warfare, ransomware, malware, social engineering, offensive & defensive security measurements etc. More than 60 speakers will be on stage in 2018 sharing researches & engaging into panels on different topics related to cyber security.

Save the date! 8th – 9th November 2018 

Subscribe to our newsletter to be the first who receives news about the upcoming edition and follow our Facebook page to stay updates with the announcements!

 

Thursday, 8th November - Bucharest Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

09:00 - 09:30

Opening Speech

Cristian Pațachia-Sultănoiu - Manager of Development & Innovation Team at Orange Romania

09:30 - 10:15

Year of the #WiFiCactus

Mike Spicer - Consultant

The #WiFiCactus is a wireless monitoring tool that is capable of listening to 50+ channels of WiFi at the same time. This talk will discuss the events and data from the last year traveling with the #WiFiCactus including warwalking at DEF CON.

Technical
10:30 - 11:00

Stealing Traffic: Analyzing a Mobile Fraud

Abdullah Obaied - Security Specialist at Adjust GmbH

In this talk, the speaker will the show how a popular app with over 10 million downloads can steal mobile traffic. The concept of “Click Injection”: a commonplace AdTech fraud technique will be introduced to the audience. Afterwards, the speaker will go through the process of reverse engineering an app that was suspected of conducting click injections.

Technical
11:00 - 11:30

Coffee Break

11:30 - 12:15

Needles, Haystacks and Algorithms: Using Machine Learning to detect complex threats

Ioan Constantin - Cyber Security Expert @Orange Romania

We’ve set up an ELK cluster, we’re adding algorithms, Threat Intelligence feeds and context. We use our extensive network to sample, label and classify ‘bad’ data and we’re starting with supervised Machine Learning to detect advanced & complex threats.

Technical
12:30 - 13:00

Internet Balkanization: Why Are We Raising Borders Online?

Stefan Tanase - Principal Security Researcher, Application and Threat Intelligence at Ixia, a Keysight business

We must decide now what kind of internet we want our kids to use – a free internet, or one in which everything you say or do is monitored?

Technical
13:00 - 14:00

Lunch break

14:00 - 14:45

You're right, this talk isn't really about you!

Jayson E. Street - VP of Infosec at SphereNY

In this presentation, we will discuss topics related to human behaviour, which need to be modified for the sake of better security. A mirror will be held up to our industry as we inspect how we can better teach and interact with others

Business
15:00 - 15:45

The challenge of building a secure and safe digital environment in healthcare

Jelena Milosevic - Nurse/Independent Researcher/Speaker

The importance of security and privacy, keeping the data safe in healthcare is huge. We also need to be aware, that the criminal can harm the patient in many different ways, for many different reasons, with the goal to harm them, but also doing it by accident, just simple because we did make everything digital, put and connect everything online, without thinking about the need to make it safe and secure.

Business
16:00 - 16:45

Threat Hunting: From Platitudes to Practical Application

Neil “Grifter” Wyler - Senior Threat Hunting & Incident Response Specialist at RSA

We’ll talk about hunting in network, as well as endpoint environments, and even who the right people on your team are to be your hunters. And finally, we’ll discuss several examples of security failures and data exposure found during actual threat hunting engagements on the networks of Black Hat and the RSA Conference.

Technical
17:00 - 17:30

Hacking at the ECSC

Octavian Guzu - CTF Enthusiast & ECSC Team Leader, Software Engineer at Bitdefender

In this talk we'll cover what a Capture the Flag event is and why they can be so fun and educational to play. I'll tell you about my experience at the European Cyber Security Challenge 2018 and get into some demos on the tasks that we had to solve.

Technical

Friday, 9th November - Bucharest Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical
09:00 - 09:45

What happened behind the closed doors at MS

Dimitri van de Giessen - n/a

In the year 2000 several Microsoft sites have been hacked by a Dutch Hacker named Dimitri. Several subdomain servers, such as windowsupdate.microsoft.com, 128download.microsoft.com, events.microsoft.com and so on has been hacked. Not even once but twice in a short period of time. A secret meeting was planned by Microsoft with Dimitri. Why was it secretly? What actually happened behind the closed doors at MS? And why even after 18 years it is still a secret? This presentation includes some Mystery, Drama, Action & NSFW.

Technical
10:00 - 10:45

Building application security with 0 money down

Mushegh Hakhinian - VP, Security Architecture at Intralinks

In this presentation we will share our experience in building application security process from the grounds up. Secure development lifecycle models are well publicized. They seem to be self-explanatory on what needs to be done: threat modeling, composition analysis, static code analysis etc.

Technical
10:45 - 11:15

Coffee Break

11:15 - 12:00

Backdooring DVR/NVR devices

Arun Mane - Security Researcher at TUV Rheinland

Although it’s an old technique to perform attack on embedded devices but its easy and proven attack and because of this some well-known researcher came with an idea called NSA playset which introduces the different kind of tools which researchers, security fellows can take advantage off and leverage their research/study/attack. In this talk, we are taking the reference of these ideas and implement a hardware backdoor by taking advantage of hardware hacking skills. Through this hardware backdoor, we can track devices, access root shell from anywhere and can stream fake videos/images on console like Hollywood style.

Technical
12:15 - 12:45

AutoHotKey Malware – The New AutoIT

Gabriel Cirlig - Senior Software Engineer, Application & Threat Intelligence at Ixia, a Keysight business

AutoHotkey is an open-source scripting language for Windows, that provides easy ways for users of most levels of computer skill to automate tasks in Windows applications—through keyboard shortcuts, fast macro-creation, and software automation. In this talk I will be showing ways that this tool can be used for malicious purposes, from droppers to keyloggers, and the OPSEC fails that their authors did.

Technical
12:45 - 14:00

Lunch break

14:00 - 14:30

Back to the future: how to respond to threats against ICS environments.

Ionut Georgescu - Security Operations Manager at SecureWorks

Cosmin Anghel - Digital Forensic Analyst and Incident Responder at SecureWorks

How can we investigate an incident from an ICS network? What tools should we use? What can we find in network packages for traffic between a PLC and a HMI? What…? We have a lot of questions.

Technical
14:45 - 15:30

Security pitfalls in script-able infrastructure pipelines.

Jesper Larsson - IT-Security Specialist at Assured & Cure53

The presentation will look at modern infrastructure from real companies and dissect their approaches to configurations a secure services.

Technical
15:45 - 16:30

IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies

Andrei Costin - Assistant Professor / Independent Security Researcher at University of Jyvaskyla / Firmware.RE

We start with mostly manual collection, archival, meta-information extraction and cross-validation of more than 637 unique resources related to IoT malware families. These resources relate to 60 1 IoT malware families, and include 260 resources related to 48 unique vulnerabilities used in the disclosed or detected IoT malware attacks. We then use the extracted information to establish as accurately as possible the timeline of events related to each IoT malware family and relevant vulnerabilities, and to outline important insights and statistics. For example, our analysis shows that the mean and median CVSS scores of all analyzed vulnerabilities employed by the IoT malware families are quite modest yet: 6.9 and 7.1 for CVSSv2, and 7.5 and 7.5 for CVSSv3 respectively.

Technical
16:45 - 17:30

DefCamp 2018 - Awards Ceremony

  • DEFCAMP CAPTURE THE FLAG (D-CTF)
  • DEFEND THE CASTLE
  • ARIADNE’s THREAD CTF 3.0
  • 8bit HACK
  • DOWN THE RABBIT HOLE
  • BOB, THE HACKER BOT
  • IoT VILLAGE
  • CRITICAL INFRASTRUCTURE ATTACK
  • HACK THE BANK
  • TARGET JOHN
  • LOCK PICKING VILLAGE
  • EA - LAZY DAVE
  • PASSPORT TO PRIZES
Technical

Thursday, 8th November - Roma Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical
09:00 - 10:15

WiFi practical hacking "Show me the passwords!"

Konrad Jędrzejczyk - Threat Detection Analyst at Credit Suisse

There will be no wasting time on purely theoretical approaches or WEP that nobody uses nowadays. In contrast to other talks, it will be focused purely on the practical side: what can actually be done with affordable equipment. The primary focus will be on obtaining clear text passwords to both home and corporate networks.

Technical
10:30 - 11:00

Drupalgeddon 2 – Yet Another Weapon for the Attacker

Radu-Emanuel Chiscariu - Security Research Engineer at Ixia, a Keysight business

With over 1,000,000 websites on the Web, Drupal is one of the most popular Content Management Systems out there. This makes Drupal a juicy target for malicious actors. A recently discovered vulnerability in the Drupal Core Project effectively allows an attacker to gain remote code execution on the target server. How can this vulnerability be exploited? How can an attacker make use of such a tool? These are some questions that this talk will attempt to answer to.

Technical
11:00 - 11:30

Coffee Break

11:30 - 12:15

Catch Me If You Can - Finding APTs in your network

Leo Neagu - InfoSec Team Lead at SecureWorks

Adrian Tudor - SOC Team Lead at SecureWorks

APT attacks have traditionally been associated with nation-state players. But in the last few years, the tools and techniques used by few APT actors have been adopted by various cybercriminals groups. In this talk we will walk through an APT intrusion, exemplifying techniques used by threat actors to compromise enterprise networks and achieve their goals. We will also approach the defender side highlighting detection methods and countermeasures.

Technical
12:30 - 13:00

From Mirai to Monero – One Year’s Worth of Honeypot Data

Mihai Vasilescu - Senior Security Research Engineer at Ixia, a Keysight business

Adrian Hada - Senior Security Research Engineer at Ixia, a Keysight business

With the end of 2016 seeing the explosion of the Mirai malware with source-code included, 2017 saw more and more DDoS botnets based on the original or modified Mirai code. At the same time, another fad appeared: cryptomining on infected machines, with Monero mining becoming an important means for malware authors to make money with less overall risk involved. This presentation will focus on what we’ve seen in our honeypots in the past year – the threats involved, abused exploits and applications as well as other interesting data for the people involved in threat intelligence, operations and security roles.

Technical
13:00 - 14:00

Lunch Break

14:00 - 14:45

Weaponizing Neural Networks. In your browser!

Tiberiu Boros - Software Developer / Computer Scientist at Adobe

Cotaie Andrei - Senior Security Engineer at Adobe

Our Proof-of-Concept (POC) proves that neural networks can be used for irreversibly hiding malicious code, thus making any static code-scanner blind to the data that is being delivered through the browser. Also, dynamic analysis of code can be misled by making the network respond to different seeds in different ways (i.e. generate music for one seed and malicious code for another).

Technical
15:00 - 15:45

In search of unique behaviour

Ioan Iacob - Cyber Threat Analyst @CrowdStrike

Marius Bucur - Malware Analyst @CrowdStrike

A walk through multiple attack scenarios seen in our protected environments, hunting and dissecting different infection vectors with unique modus operandi for payload delivery and persistence followed by intel reporting and detection.

Technical
16:00 - 16:45

How to Fuzz like a Hacker

Marek Zmysłowski - Security Researcher at CYCURA INC.

This presentation will focus on methods that can be applied to optimize the fuzzing process and makes it more efficient. It includes tools and strategies like: Address Sanitizer, different distribution strategies, instrumentation and hardware advantages (depends on architecture). All those examples will be presented based on the current open-source leader, AFL.

Technical
17:00 - 17:30

Lattice based Merkle for post-quantum epoch

Maksim Iavich - CEO and President at Scientific Cyber Security Association

Scientists are actively working on the creation of quantum computers. Quantum computers can easily solve the problem of factoring the large numbers. Because of this, quantum computers are able to break the crypto system RSA, which is used in many products. We propose to use as the hash function, the lattice-based hash function, and to use lattice based one-way function as an one-way function in hash-based digital signature schemes.

Technical

Friday, 9th November - Roma Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical
09:00 - 09:45

Red, Blue and Purple Teaming Deep Dive

Shah Sheikh - Sr. Security Consultant at DTS Solution

Questions remain over an enterprise cyber security posture and the current level of the threat landscape and the inherent risk profile of the organization. Building a next generation cyber security operations center (CSOC 2.0) is one of the ways in which organizations can build better cyber defense mechanism across the organization.

Business
10:00 - 10:45

Timing attacks against web applications: Are they still practical?

Ivan Petrov - Penetration Tester at TAD Group

We will look into several web solutions that can be proven susceptible to such attacks, the resource required to execute an attack, likelihood of arousing suspicion and more. We will also demonstrate a real-time attack against a remotely hosted application that runs a well-known and widely used CMS. Our example represents an efficient method that improves the likelihood of exploiting a non-constant-time function in a PHP-based product.

Technical
10:45 - 11:15

Coffee Break

11:15 - 12:00

Cyber Security Startups from Orange FAB

Alex Negrea - Co-Founder & CTO at Appsulate

Bozeanu Andrei - Founder, Dekeneas

Adrian Furtuna - Founder Pentest-Tools.com

- Web Isolation 101: Securing Web Apps against data exfiltration and shielding corporate endpoints from web-borne threats, Alex Negrea - Co-Founder & CTO at Appsulate
- The lions and the watering hole, Andrei Bozeanu - Dekeneas
- Let's Make Pentesting Fun Again! Report writing in 5 minutes, Adrian Furtuna - Pentest Tools

Business
12:15 - 12:45

Remote Yacht Hacking

Stephan Gerling - Security Evangelist ROSEN Technology & Research Center GmbH

In my Talk I will present latest attack scenarios against modern vessel and yachts.

Technical
12:45 - 14:00

Lunch break

14:00 - 14:30

Bridging the gap between CyberSecurity R&D and UX

Razvan Todor - Senior Product Manager at Bitdefender

If you want to understand how security products are designed, why some of those uninspired messages make it into product interfaces or you’re simply curious of how these things work, then here’s your product manager’s guide through a cybersecurity company.

Business
14:45 - 15:30

Mobile signaling threats and vulnerabilities - real cases and statistics from our experience

Kirill Puzankov - Telecom Security Expert/Researcher at Positive Technologies

We have been exploring the security of mobile signaling for years. 2G, 3G and then 4G+, all the generations of protocols proved to be similarly vulnerable. However, the existence of vulnerability doesn’t automatically mean it is being exploited in the wild. Having conducted more than 60 security assessments for the mobile operators signaling networks, based on the experience of security monitoring projects, we gathered more than enough info to share with the world. What are the hackers up to? What is the state of networks security? How and which methods allow hackers to bypass evolving security measures? I will explore the most interesting cases in technical detail.

Technical
15:45 - 16:30

We will charge you. How to [b]reach vendor’s network using EV charging station.

Dmitry Sklyar - Application Security Specialist at Kaspersky Lab

This talk is focused on the research of one of the EV chargers intended for SOHO usage. It contains different wireless interfaces as well as mobile application for remote control. During our research, we have found multiple security issues that could provide remote adversary an ability to take control over charger and possibility to compromise vendor’s backend infrastructure.

Technical
16:45 - 17:30

Secure and privacy-preserving data transmission and processing using homomorphic encryption

Razvan Bocu - Lecturer and Researcher at Dept. of Mathematics and Computer Science, Transilvania University of Brasov

Hardware and software solutions for the collection of personal health information continue to evolve. The reliable gathering of personal health information, previously usually possible only in dedicated medical settings, has recently become possible through wearable specialized medical devices. Among other drawbacks, these devices usually do not store the data locally and offer, at best, limited basic data processing features and few advanced processing capabilities for the collected personal health data. In this presentation, we describe an integrated personal health information system that allows secure storage and processing of medical data in the cloud by using a comprehensive homomorphic encryption model to preserve data privacy.

Technical

Thursday, 8th November - Vienna Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical
09:00 - 09:30

The Hitchhiker's Guide to Disinformation, Public Opinion Swinging and False Flags

Dan Demeter - Security Researcher at Kaspersky Lab Romania

During this talk we will be touching on some cases of disinformation and discuss their impact over our societies. The stakes now are higher than ever and everyone wants to be part of the game.

Technical
09:30 - 10:15

Implementation of information security techniques on modern android based Kiosk ATM/remittance machines

Muhammad Mudassar Yamin - Research Fellow at Norwegian University of Science and Technology

ATM machines are rapidly developing and are finding new applications from bill payments to online fund transfers. Everything is getting smart in the modern world and ATM are no exceptions in this regard. The natural choice of manufacturers for making ATM smart is by making their function connected to android based system. However, android based Applications are inherently vulnerable and can be exploited by external attackers or by internal malicious users.

Technical
10:30 - 11:00

Burp-ing through your cryptography shield

Cosmin Radu - Information Security Consultant at Atos SE

What do you do when Burp is failing you, when even Google is failing you? This presentation describes the approach to a problem encountered during an application test. What can you do when the application sends encrypted requests? You find the encryption-key creation code, realize it’s broken, and then proceed to build a Burp Extension that allows you to intercept, decrypt , modify, re-encrypt the requests.

Technical
11:00 - 11:30

Coffee Break

11:30 - 12:15

Well, that escalated quickly! - a penetration tester's approach to privilege escalation

Khalil Bijjou - Senior Security Consultant at SEC Consult

This talk imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most relevant privilege escalation methods and techniques and names suitable tools and commands. These methods and techniques have been categorized, included into an attack tree and were tested and verified in a realistic lab environment. Based upon these results, a systematic and practical approach for security experts on how to escalate privileges was developed.

Technical
12:30 - 13:00

Mobile, IoT, Clouds… It’s time to hire your own risk manager!

Yury Chemerkin - Security Expert at JSC Advanced Monitoring

This talk is about how to use different techniques (including forensics) to break into data of mobile devices to define and quantify the severity of issues found by these methods. Some examples will be shown on popular apps everyone uses daily, some cases of various apps to highlight the exciting problems.

Business
13:00 - 14:00

Lunch Break

14:00 - 14:45

CPU vulnerabilities - where are we now?

Manuel Wiesinger - Security Researcher at SBA Research

Recently discovered side-channel vulnerabilities in processors and memory modules (such as Meltdown, the Spectre family or Rowhammer) require us to rethink fundamental assumptions of operating system design – we can no longer take proper memory management for granted. Today’s predictable operating system behavior may eventually be leveraged to leak information helping attackers. This talk gives a high-level overview of publicly known side-channel attacks as well as proposed defense strategies. We discuss how such attacks can (realistically) help intruders as well as the side-effects of stopping them.

Technical
15:00- 15:30

OSSTMM: The “Measure, Don’t Guess” Security Testing Methodology

Jan Kopriva - Team Leader of ALEFs Computer Security Incident Response Team (CSIRT)

With version 4.0 of OSSTMM about to hit the metaphorical shelves, it is a good time to have a closer look at what the methodology can offer both when used as a whole and when only some parts are utilized during a security test. Which is what we’ll do in this talk.

Technical
15:30 - 15:45

Open Directories: Sensitive data (not) hiding in plain sight

Jan Kopriva - Team Leader of ALEFs Computer Security Incident Response Team (CSIRT)

As a part of long-term research into the security of Czech and Slovak Internet (.CZ and .SK domains and/or IP addresses geolocated within CZ or SK), ALEF CSIRT conducted an analysis of data from several thousand freely accessible open directories. Many files from these directories turned out to be quite interesting as Jan will discuss during his talk.

Technical
16:00 - 17:30

Panel - CPU vulnerabilities, how to resist future attacks , new technologies and future trends in IT Security

Guests:

  • RADAR Services – Speaker Harald Reisinger
  • CATALYSTS Romania – Speaker Tamas Bakos
  • PORSCHE Engineering – TBA
  • SBA RESEARCH – Speaker Manuel Wiesinger
This panel is moderated by Gerd Bommer, ADVANTAGE AUSTRIA.
Technical

Friday, 9th November - Vienna Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical
09:00 - 09:45

Tailored, Machine Learning-driven Password Guessing Attacks and Mitigation

Georg Knabl - Freelance Technical Director, Senior Software Engineer @Page On Stage

This talk is based on the presenter’s recent master’s thesis and hence will deal with the application of machine learning to password list generation to create human-like password dictionaries using character-based Recurrent Neural Networks. Furthermore, it will show that an attacker can facilitate machine learning to generate tailored password lists for specific victims by training a model on password creation schemes of other people in combination with user data of the victim. Additionally, a machine learning classification method will be presented to identify human-generated passwords.

Technical
10:00 - 10:45

The charter of Trust

Stefan Zarinschi - Penetration Tester Specialist @ Siemens

The digital world is changing everything. Billions of devices are connected by the Internet of Things. That holds great potential for everyone, but also great risk. The risk of exposure to cyber-attacks. The risk of losing control over the systems that run our infrastructures. Cybersecurity is and has to be more than a seat belt or an airbag for our data; it’s a factor that’s crucial to the success of the digital economy. People and organizations need to trust that their digital technologies are safe and secure; otherwise they won’t embrace the digital transformation. That’s why we are developing a Charter of Trust bearing the principles that are fundamental to a secure digital world.

Business
10:45 - 11:15

Coffee Break

11:15 - 12:00

Between Hype and Need

Alex “Jay” Balan - Chief Security Researcher at Bitdefender

Is Big Brother really watching while you master baits for your next fishing trip? Are you as outraged as everyone else about the Snowden revelations? Is privacy really a myth? In this session we’ll learn exactly what data we should consider as already compromised, what and how to prioritise when it comes to our personal privacy and, of course, even more myths about privacy debunked for a more informed you in your day to day life. Make sure to bring your game for the end of the talk when, depending on how much time we have left, we’ll try to have a quick debate on this.

Technical
12:15 - 12:45

One year after a major attack

Daniel Tomescu - Manager Cyber Security at KPMG Romania

Gabriel Tanase - Director Cyber Security at KPMG Romania

One year after the ransomware attack from Astra Asigurari. Some interesting insights and lessons learned.

Business
12:45 - 14:00

Lunch Break

14:00 - 14:30

Intro to Reversing Malware

Abdullah Obaied - Security Specialist at Adjust GmbH

Malware is any software intentionally designed to abuse the capability of its system API to cause damage to a computer, server or computer network. In this talk, the speaker will demonstrate the tooling and methodology used to reverse malware and understand its limits. This is a beginner-friendly talk that requires basic programming knowledge.

Technical
14:45 - 15:00

(Lighting Talk) Tor .onions: The Good, The Rotten and The Misconfiguread

Ionut-Cristian Bucur - Security Research Intern, Application & Threat Intelligence at Ixia, a Keysight Business

How can you make use of Tor in your day to day life? And what dangers do you expose yourself to when browsing it? What kind of people are there? What are they doing in such a shady place? What are they trying to do to you? And the most important question of all, do they fry the onions or eat them raw? Let us hold hands together with a Chrome Headless based .onion crawler and scuba dive into the magical wonderland of the Darknet. We will find answers to all questions you have and don’t have.

Technical
15:00 - 15:15

(Lighting Talk) Applying Fuzzy Hashing to Phishing Page Identification

Adrian Hada - Senior Security Research Engineer at Ixia, a Keysight business

Phishing attempts are generally met with only a limited measure of success – phishing attempts might get blocked or users might not be tricked by the attempt. Threat actors generally reuse the same phishing page template, customized for multiple targets, which they try to deploy at scale to increase their chances of success. Given the high amount of similarity between phishing pages, we can use near-similarity measures to identify phishing pages. This is a quick overview of how such an approach would work and its success rate in identifying phishing pages.

Technical
15:15 - 15:30

(Lighting Talk) Applying Honey to the Pot - The Saga of Port 5555

Gabriel Cirlig - Senior Software Engineer, Application & Threat Intelligence at Ixia, a Keysight business

Starting as a developer’s best friend, the Android Debug Bridge has slowly turned into a security nightmare over the years. While having an open port available for debugging your application over the internet sounds great, forgetting to turn off that service in production environment can spell big trouble for you or even the consumers using the said products. The Android Debug Bridge protocol was initially designed for accessing various critical services of an Android device over USB. While time passed, it also got encapsulated over TCP/IP, opening up port 5555 for a remote debugger to attach itself. From a security standpoint however, no improvements have been made, and a remote attacker can freely connect and exploit a device over the air. This is why I started developing a low interaction honeypot to catch this kind of attacks following a surge in hits on that specific port in our sensors. Shortly after deployment on only one machine, I started getting hits right off the bat. In the presentation I’ll be discussing the development procedure for the honeypot from the ground up as well as dissecting the ADB protocol in order to enable researchers to more easily implement their own honeypots.

Technical
15:45 - 16:30

Trust, but verify – Bypassing MFA

Stefan Mitroi - InfoSec Team Lead at Secureworks

Mircea Nenciu - Senior Advisor - Technical Team Lead within SecureWorks

This talk will present the basics of the MFA and deep-dive on how can this be bypassed in order to gain access to the user’s account.

Technical
16:45 - 17:30

Economical Denial of Sustainability in the Cloud (EDOS)

Raluca Stanciu - Software Developer at BullGuard

With the rising of Cloud, many enterprises are able to cut down their IT budget and gain flexibility by moving infrastructure, services and application development to the Cloud. But how safe are they? And at what scale do the economic losses of cyber attacks increase when having websites such as banking, online stores and social media platforms moved in the Cloud? How can companies protect themselves? With a focus on one of the most costly dangers in the Cloud, which is the Economical Denial of Sustainability attack, this presentation tries to answer all of the above questions and give an insight on how such security problems can be prevented and addressed.

Business

Sponsors & Partners

They help us make this conference possible.

Stay Updated - Join Our Newsletter