Cybersecurity training without home or office distractions: 11 courses | San Francisco | Dec 2-7

Cyber Security Middle East Summit

Abu Dhabi, United Arab Emirates | Thu, Apr 4 - Thu, Apr 11, 2019
This event is over,
but there are more training opportunities.

Summit Agenda

Download the full Summit Agenda

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Wednesday, 3 April 2019
18:00-20:00

Pre-Summit Meet and Greet
This optional session offers the opportunity to meet and network with your fellow attendees the night before the Summit kicks off. We highly recommend you attend if possible.

Thursday, 4 April 2019
08:00-09:00 Registration and Coffee
This is another great opportunity to meet, greet and interact with your peers so come down early.
09:00-09:20

Welcome and Introduction by Summit Chair
Bojan Zdrnja, CTO, INFIGO IS

09:20-09:55 In the Trails of the Windshift APT
WINDSHIFT APT is an obscure cyber espionage actor, discovered recently targeting individuals working at a government. This actor has a dedicated and advanced spear phishing infrastructure, able to serve spear phishing emails and SMS to track individuals continuously during the reconnaissance phase, and deceiving targets during the credentials harvesting phases through the impersonation of global and local platform providers.
What makes WINDSHIFT APT different from the rest of APT actors is their sole focus on specific individuals for espionage and surveillance purposes and their very hard to attribute Modus Operandi (MO) that we will present during this talk. WINDSHIFT APT rarely engage targets with malware, We uncovered very few targeted attacks from this actor and we were able to uncover and analyze macOS malwares used. Finally, WINDSHIFT APT have unique macOS infection tricks abusing macOS native functionalities to automatically spread malware to targets.
This presentation will go through the reconnaissance, credentials harvesting, malware spreading, disappearing and escape phases this advanced actor is following
and will give all details about the new macOS malware uncovered dubbed WINDTAIL and WINDTAPE also as the new attribution work done by tephracore Technologies.
Taha Karim, Founder and CTO, tephracore Technologies
09:55-10:30

Attacking & Defending AWS S3 Bucket
In the recent years, we have seen various well-known organizations encountered S3 bucket data leak exposing millions of customer records and confidential corporate information. Hackers enumerate and try to find out publicly accessible s3 buckets because it’s like public share with juicy information. In most of the cases, it was seen that excessive permissions and misconfiguration were the main reasons for data exposure. In the run to get the most benefit of cloud, security considerations are avoided or ignored leaving S3 bucket exposed. In this talk the audience will learn to enumerate public buckets and gain access to them through open sources tools. Further, they will also learn how use security settings, various AWS tools to secure and restrict S3 bucket to avoid information disclosure.
Sapna Singh, Senior Consultant, Deloitte & Touche (M.E.)

10:30-11:00 Networking Break: Drinks and snacks will be served
11:00-11:35 The Case for Building Your Own SOC Automations

Security Orchestration, Automation and Response platforms are promising easy automation of Security Operations Centre tasks, but can it be as easy as the product vendors say it is? Is there still a case to be made to learn how to automate SOC processes for yourself? Is all hope lost for those that do not have the latest SOAR products? What can be done when you ask your product vendor if they have compatibility with an existing network device and they respond with “We have an API”? Attendees will be given examples of how to automate security operations and intelligence gathering that they can use to mature their security operations.
Nathanael Kenyon, Business Systems Analyst II, Saudi Aramco

11:35-12:10 Emerging threats by SANS Internet Storm Centre

In the last couple of years, we have witnessed some sophisticated and also simplistic attacks that have severely impacted businesses around the world resulting in of in damages costing them millions. SANS Internet Storm Centre has been following and analysing various attacks for over 2 decades. In this presentation, Bojan will introduce the SANS Internet Storm Centre and will talk about several new emerging threats that are slowly becoming prevalent. We will also discuss some incidents that Bojan and other SANS ISC handlers have worked on in last year.
Bojan Zdrnja, CTO, INFIGO IS

12:10-13:30 Networking Luncheon
Lunch is served onsite to maximize interaction and networking among attendees.
13:30-14:05 A Knack for NAC: Locking Down Network Access Across a Global Enterprise

The proposed talk is to share our experience deploying and enforcing Network Access Control, including: organizational and security goals, policy and implementation decisions, high-level architecture and design, including scalability, performance, and high-availability considerations, challenges, failures, successes, and lessons-learned, and integration with other related security functionality such as logging, guest network access, and network segmentation.
Maged Elmenshawy, Global Network Services Manager, Schlumberger

14:05-14:40 Exploiting relationship between Active Directory Objects

Gone are the days when Penetration testing was just running a vulnerability scanner and exploiting the system to gain remote code execution. Organizations are making sure patches are applied consistently across their IT Infrastructure making the life harder for attackers. Penetration testers have to adopt new techniques to gain foothold inside the organization and Active Directory Domain plays a major role in it. This talk explores how as an attacker you could exploit misconfigured permissions between different Active Directory objects to main persistence and escalate privilege across the Domain environment. For the Defenders this talk will highlight critical mistakes that your Domain Admins make.
Juned Ahmed Ansari, Senior Security Consultant, DarkMatter

14:40-15:15 Actionable CTI Not a Pipedream

Structured threat intelligence is great – but few practitioners are at a stage to make it truly actionable. When achieved, it is often in an academic ‘vacuum’ under specific conditions and for stand-alone use cases. We can do so much more with just the tools we have. Modern approaches to this problem set resemble the creation of a cyber threat landscape ‘knowledge base’ and accompanying analytics to answer ‘canned queries’, but building those capabilities to be truly scalable requires a foundation that includes a robust (yet flexible) data model with the ability to interact with non-cyber related data such as risk management and HR.
In this talk we will explore the scalability challenges of threat intelligence analysis for cyber security and how to best use structured languages such as STIX to achieve this in a standardised, repeatable way. Such a design can be used to make your cyber threat intelligence automated, scalable and truly ‘actionable’ – commoditizing the most basic functions of analysis, emphasizing the skillsets of a truly gifted analyst skillset and producing output that is understandable to audiences ranging from machine and C-Suite.
Javier Velazquez, Cyber Threat Intelligence Analyst, EclecticIQ

15:15-15:45 Networking Break: Drinks and snacks will be served
15:45-16:20 Raising the Bar for the Attacker

You're responsible for network security, and network security is heavily dependent on network architecture. Unfortunately, you probably don't control network architecture or might have inherited a somewhat non-defensible network. If that sounds familiar, then you should attend this talk! We'll briefly discuss strategies for working collaboratively with your network architect colleagues and then dive headfirst into wildcard masks, router ACLs, and PVLAN design and configuration - techniques that can stop cold an attacker's lateral movement.
Greg Scheidel, Chief Cybersecurity Officer, Iron Vine Security

16:20-16:30 Closing Remarks by Summit Chair
Bojan Zdrnja, CTO, INFIGO IS