Summit Agenda
We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.
| Sunday 21st July 2019 | |
|---|---|
| 18:00-20:00 |
Pre-Summit Meet and Greet |
| Monday 22nd July 2019 | |
| 08:30-09:30 | Registration and Coffee This is another great opportunity to meet, greet and interact with your peers so come down early. |
| 09:30-09:45 |
Welcome and Introduction by Summit Chair |
| 09:45-10:30 |
Keynote Speech The Close Relationship: Exploitation & Penetration Testing |
| 10:30-11:05 |
Blame Wars - How to Attribute Responsibility |
| 11:05-11:35 | Networking Break: Drinks and snacks will be served |
| 11:35-12:10 | Why it's easy being a hacker 20 years and SQL Injection is still a thing. Why is it so hard getting things right? What seems to be the root cause of things, and are we getting any better? What if we simply copy-paste code from Stackoverflow? Using Google as aid? What about the techie books that teach us how to develop, and all the courses and institutions that promise us to code like a pro? In this talk we will zoom in on how mistakes are made, and why it can be so crazy hard to get things right. Chris Dale, Head of Cyber Security at Netsecurity AS |
| 12:10-12:45 | A Journey Through Adversary Emulation During this talk, NVISO will take you on a journey through adversary emulation, from its inception to its adoption and application. They will show you how they integrated adversary emulation into their red teaming approach using MITRE's ATT&CK framework. Next to the more classic red teaming assessments, other adversary emulation flavors such as purple teaming and integration with the TIBER framework will be covered as well. To top things off, concrete examples from recent assessments and lessons learned will be shared. After this talk, you will have a structured overview of everything adversary emulation and enough inspiration to tackle every adversary emulation challenge coming your way. Jonas Bauters, Senior Security Consultant, NVISO |
| 12:45-13:45 | Networking Luncheon Lunch is served onsite to maximize interaction and networking among attendees. |
| 13:45-14:20 | Well, that escalated quickly! - A Local Privilege Escalation Approach Companies engage security experts to penetrate their infrastructures and systems in order to find vulnerabilities before malicious users do. During these penetration tests, security experts often encounter Windows endpoints or systems and gain low privileged access to these. To fully compromise the system, privileges have to be escalated. Windows contains a great number of security concepts and mechanisms. These render privilege escalation attacks difficult. Penetration testers should have a sound knowledge base about Windows components and security mechanisms in order to understand privilege escalation concepts profoundly and apply these. This talk imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most relevant privilege escalation methods, techniques and names suitable tools and commands. These methods and techniques have been categorised, included into an attack tree and were tested and verified in a realistic lab environment. Based upon these results, a systematic and practical approach for security experts on how to escalate privileges was developed. Khalil Bijjou, Senior Security Consultant, SEC Consult |
| 14:20-14:55 | Pentesting Cars Given the increasing popularity of automotive hacking, more and more bug bounty programs are setup by vehicle manufacturers, enabling researchers to collect a nice reward for reporting new vulnerabilities they find in their cars. A car pentesting apprentice will inevitably raise the question: How can I be part of this and how do I start doing some research on my own car? In this presentation, we will provide a quick walk-through of our penetration testing methodology for embedded systems, specifically tailored to automobiles. The interested audience will get to know a framework they can utilize to perform a full blown penetration test, starting on individual control units, i.e. the computers that are the basic building blocks of a car's electronics system, and from there work the way up to analysing the car as a whole. The methodology, will of course touch on the vehicle's backend communication, as connected features are an integral and - especially from a pentester's perspective - very attractive part of the modern vehicle's extras. Practical examples will be used to demonstrate how the methodology can be put to work in real life scenarios. With the framework at hand, attendees will have the necessary tool to get started with car security research in a structured and comprehensive manner. Oliver Nettinger, R&D, NVISO |
| 14:55-15:30 | With Just a Search Engine & Cup of Coffee: Hunting Vulnerabilities on the Web Our security team conducted several security studies in 2018, intended to discover vulnerabilities and weaknesses in web servers in the Czech Republic (or in the .CZ ccTLD and on IPs located in Czech Republic, to be more specific). Two of these studies (1. Identification of servers with open/ browsable directories and sensitive files and 2. Search for open redirection vulnerabilities) were conducted with not much more than a search engine. Given how simple it is (at least in theory) to identify and remove these vulnerabilities, one might assume they wouldn't be too common. Yet the results proved otherwise - in a quite interesting turn, we've managed to identify sensitive data and open redirection vulnerabilities on more that 250 servers, number of which were running fairly high-profile sites or belonged to a critical service providers. In the end, although we weren't looking for them, we found some interesting vulnerable servers outside the Czech Republic as well. The presentation would cover our methodology for conducting both of the studies, discussion of what we found/what was the impact of what we found, and how well (or less so) things went when we informed the subjects responsible for the impacted servers. Jan Kopriva, CSIRT Team Leader, Alef Nula a.s. |
| 15:30-16:00 | Networking Break: Drinks and snacks will be served |
| 16:00-16:40 |
Automated adversary emulation using Caldera "CALDERA is an automated adversary emulation system that performs post-compromise adversarial behaviour within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project. These features allow CALDERA to dynamically operate over a set of systems using variable behaviour, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions." During this talk, Erik will demonstrate some Caldera strong points and weaknesses and how it can be further improved (e.g. how can we build additional steps to increase our ATT&CK coverage or how can we adapt steps to handle new Windows 10 security features such as ExploitGuard and AMSI). |
| 16:40-17:00 | Closing Remarks by Summit Chair Erik Van Buggenhout, Certified Instructor & Author, SANS |
| Social events and informal networking activities are hosted after the Summit. | |
