Talks Schedule 2020

Thursday, March 19th

Time TRACK 1 (ROOM A) TRACK 2 (ROOM C) TRACK 3 (ROOM K) CONTESTS (ROOM B)
09:00 Opening Keynote
by Riccardo Sibilia
Head of Computer Network Operations Team, Swiss Armed Forces
10:00 COFFEE
10:30 Hacking the DevOps Butler: the road from nothing to admin
by Nimrod Stoler
Fun with Windows processes: code injection techniques and where to find them
by Christophe Tafani-Dereeper & Nicolas Reich
Thinking Like a Cybercriminal
by Etay Maor (Intsights)
11:30 Practical security in the brave new Kubernetes world
by Alex Ivkin
GSuite Digital Forensics and Incident Response
by Megan Roddie
Hunting Ghosts – Uncovering the Latest Cyber Incidents and How to Hunt Them Down
by Lior Chen (Varonis)
12:30 LUNCH
13:30 [In]secure deserialization, and how [not] to do it
by Alexei Kojenov
Hypervisor-level malware monitoring and extraction system - current state and further challenges
by Michał Leszczyński & Krzysztof Stopczański
TX shift left (DevSecOps) Initiative
by Andreas Schneider
14:00 - 18:00
Splunk Boss Of The SOC
14:30 Practical OWASP CRS in High Security Settings
by Christian Folini
SMoTherSpectre: Exploiting speculative execution through port contention
by Atri Bhattacharyya & Mathias Payer
Failles de sécurité : comment éviter que la victime ne devienne coupable
by Sylvain Métille
15:30 COFFEE
16:00 30 CVEs in 30 Days
by Eran Shimony
Scaling Malware analysis & Threat Intelligence pipeline towards infinity & beyond!!
by Abhinav Singh
CLOSED
17:00 Attacking Bluetooth LE design and implementation in mobile + wearables ecosystems
by Sanjay V

Cyberburnouts: Detection, Prevention and Remediation in a complex world
by Bruno Kerouanton
CLOSED

Friday, March 20th

Time TRACK 1 TRACK 2 TRACK 3
9:00 Hacking your Smart Coffee Machine
by Axelle Apvrille
To Logical, Through Physical, Via Social: Accessing internal networks through physical access using social engineering techniques
by Tinker Secor
How much does it cost to build industrial APT?
by Vladimir Dashchenko & Sergey Temnikov (Kaspersky)
10:00 COFFEE
10:30 Practical exploitation of zigbee-class networks with USB-based RF transceivers & open source software
by Sunil Kumar Sakoti
Travel for Hackers
by Kirils Solovjovs
Protecting Operational Technology (OT) in a converging IT/OT/IoT world
by Antoine d’Haussy (Fortinet)
11:30 Car Hacking On Simulation
by Rohan Aggarwal
Back to the future: Computer science and systems biology
by Noa Novogroder & Dr. Lorenz Adlung
Detecting and Mitigating Cloud-native Threats
by Paolo Passeri (Netskope)
12:30 LUNCH
13:30 Redback: advanced static binary injection
Nguyen Anh Quynh & Do Minh Tuan
Social Engineering through Social Media: Profiling, Scanning for Vulnerabilities and Victimizing
by Christina Lekati
TBA
14:30 A Journey into Malware HTTP Communication Channels Spectacles
by Mohamad Mokbel
SYNwall - A new kind of IoT firewalling
by Cesare Pizzi & Miso Mijatovic
NSX-T Distributed Firewall & Intrusion Detection
by Erik Bussink (VMware)
15:30 COFFEE
16:00 Symbolic Execution Demystified
by Jannis Kirschner
Too much crypto
by Jean-Philippe Aumasson
Phishing Test Recommended Practice
Adrian Koster (MELANI)
17:00 Closing Keynote
The price of cybercrime
by Rob May
18:15 ROOM B
 
18:15 - 04:00
Capture The Flag

Opening Keynote

Riccardo Sibilia (Head of Computer Network Operations Team, Swiss Armed Forces)
SPEAKER BIO

Riccardo heads the Computer Network Operations team of the Swiss Armed Forces. In the last couple of years he and his team were charged (among other things) with the development of the technical training program and the necessary training infrastructure for the Cyber training within the military basic training. Riccardo is a physicist by training, has substantial experience in the SIGINT field and started his career in the field of Information Warfare / Information Operations. He is an active reservist in the Swiss Armed Forces and carries the rank of Lieutenant Colonel.
ABSTRACT
The challenge of integrating a complex and fast developing field of activity as Cyber Defence in the context of an army of conscripts requires to follow new paths in different areas. This starts with the selection of the personnel, based on the potential to rapidly acquire and integrate knowledge and to collaborate with skilled colleagues on a team or task force. In this talk both the current status and the ongoing and future developments towards an increasingly capable and reactive Cyber Force within the Swiss Army are presented.

Hacking the DevOps Butler: the road from nothing to admin

Nimrod Stoler
SPEAKER BIO

Nimrod is a cyber security researcher at CyberArk Labs where he focuses on researching the latest attack techniques, and applying lessons learned to improve cyber defenses. Nimrod's primary research areas are network defense, DevOps analysis and security and Linux containers. Prior to CyberArk, Nimrod served in several high-technology roles doing research and development of software and hardware.

Nimrod holds an LLB in Law and BA in economics.

ABSTRACT
Jenkins, also referred to as the DevOps Butler, is an open source automation server used to accelerate the software delivery process. It is now widely considered the de-facto standard in open source continuous integration tools. For many organizations, Jenkins effectively acts as the DevOps engine, addressing everything from source code management to delivering code to production.

Jenkins is an indispensable part of technology stacks around the world. Facebook, Netflix, Lyft, ebay and LinkedIn are examples of very large organizations that utilize Jenkins in their software DevOps stacks.

During our research of the Jenkins software we discovered several interesting vulnerabilities, 6 of them got CVEs. In this talk we mainly speak of two of them. The two combine together to create a security hole, allowing anonymous (completely unauthenticated) attackers to take over, and gain full privileges on Jenkins to become admins by sending specially crafted HTTP packets to the Jenkins master. This attack allows anyone to login to Jenkins as admins and gain complete control of the entire Jenkins infrastructure, and although these issues were fixed, thousands of Jenkins servers are still vulnerable.

In this talk we will describe in detail the code reverse-engineering process that led us to discover these vulnerabilities and how we managed to exploit them to trip the Jenkins security switch OFF and gain control over the entire Jenkins infrastructure.

Practical security in the brave new Kubernetes world

Alex Ivkin
SPEAKER BIO

Alex Ivkin is a director of solutions at Eclypsium, a US security company. His focus is on secure deployments of (in)secure software, including container orchestration, application security, and firmware security. Alex has two decades of security integration experience, presented at numerous security conferences, delivered trainings, holds Masters in Computer Science, co-authored the ISACA CSXP certification and climbs mountains in his spare ime.
ABSTRACT
Dive into a typical Kubernetes cluster by messing with the default security controls, popular sidecar containers and supporting infrastructure.

Kubernetes' broad adoption has triggered a growth of frameworks, tools and technologies supporting it. It also means a growth in the attack surface. Instead of taking Kubernetes clusters head on, learn how to do a recon on a real-world k8s cluster and the common sets of sidecar containers that it relies on. Then see what it takes to pwn ingress point, service mesh, network infrastructure, package manager and performance monitoring tools. From there, get persistence in Docker registries and images.

Fun with Windows processes: code injection techniques and where to find them

Christophe Tafani-Dereeper & Nicolas Reich
SPEAKER BIO

Christophe (@christophetd) holds a Computer Science Master's degree from EPFL and works in the security team of Nexthink. He holds a blog where he writes about infosec.

Nicolas Reich (@hatted_loutre) - Security engineer at Hacknowledge, graduated from EPFL, incidentally grew up 5 minutes from the conference's location

ABSTRACT
More and more corporate environments are adopting commercial antivirus and EDR solutions, forcing attackers to step up their game. In this context, malware and offensive actors increasingly use code injection techniques, allowing them to hijack legitimate processes and have them run malicious code in a stealthy manner. In our talk, we start by laying out some foundations on the internals of Windows processes. Building upon this, we present techniques to masquerade malicious processes, bypass EDRs, and inject code into legitimate processes. We include reusable proofs-of-concept and detection methods using forensics or live system monitoring tools.

[In]secure deserialization, and how [not] to do it

Alexei Kojenov
SPEAKER BIO

Alexei began his career as a software developer. A decade later, he realized that breaking code was way more fun than writing code, and decided to switch direction. He is now a full-time application security professional, with several years of assisting various development teams in delivering secure code, as well as security consulting. He holds OSCP and CISSP, and currently works as a senior product security engineer for Salesforce.
ABSTRACT
Serialized data is neither new nor exciting. Serialization and deserialization have been in use by countless applications, services and frameworks for a long time. Many programming languages support serialization natively, and most people seem to understand it well. However, many of us don’t fully understand security implications of data deserialization, and in the last couple of years this topic got an increasing focus in the security community, up to the point that insecure deserialization made it to the list of OWASP Top 10 most critical web application security risks! Needless to say high-severity vulnerabilities in some well-known applications as well as popular frameworks such as Apache Struts and Apache Commons Collections raised awareness of this risk.

In this session, we’ll discuss how serialized data are used in software, talk about different serialization formats and the dangers of deserializing untrusted input. We will review some real life vulnerabilities and related exploits. The presentation will contain several code examples with live demos of bypassing security controls by exploiting deserialization vulnerabilities. We’ll forge a session cookie, elevate privileges, cause a denial of service, and even perform a remote code execution - all via insecure deserialization! The demos will use native Java, Python and .NET serialization, as well as JSON and XML formats. Of course, we’ll also talk about how to deserialize in secure way!

Next time you develop your awesome web or mobile app or a microservice, keep in mind how a clever attacker could create and supply malicious data to your application, and thinking like a hacker you could write more secure code!

Hypervisor-level malware monitoring and extraction system - current state and further challenges

Michał Leszczyński & Krzysztof Stopczański
SPEAKER BIO

Michał Leszczyński (@icedevml) - Works at CERT Polska where his main duties are related to the development of a custom infrastructure for malware analysis. Contributor to the DRAKVUF project. He's also doing some DevOps or x86 reverse engineering from time to time. Previously specialized in web security&development. Still fascinated by the number of ways Internet can be broken.

Krzysztof Stopczański - Fascinated in computer security and low-level stuff since his childhood. Currently working as an IT Security Specialist in CERT Poland, taking care of securing Polish people from cryminals. From time to time playing CTFs, previously with CodiSec, currently with p4 team.

ABSTRACT
During the talk, we will present DRAKVUF, an open-source blackbox binary analysis system. This project leverages Virtual Machine Introspection and Xen’s altp2m in order to serve its purpose in a very stealthy manner. We will describe our recent contributions to the project, including Windows API tracing and heuristic malware unpacking. Moreover, we will present how this approach can be used to extract configuration out of malware samples. In addition, we would like to present some unique challenges that can be encountered when developing hypervisor-level monitors.

Practical OWASP CRS in High Security Settings

Christian Folini
SPEAKER BIO

Christian Folini (@ChrFolini) is a security engineer and open source enthusiast. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is not a big business anymore and so he turned to defending web servers, which he finds equally challenging. He brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling.

Christian Folini is the author of the second edition of the ModSecurity Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the "Swiss Cyber Storm" conference, the prime security conference in Switzerland. He helps to edit the Center for Internet Security "Apache Benchmark". He is a frequent speaker at conferences, where he tries to use his background in the humanities to explain hardcore technical topics to audiences of different backgrounds.

ABSTRACT
Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship project, has been hard to use. However, the release of CRS 3.0 in 2017 and the advancements made with CRS 3.1 and 3.2 successfully removed most of the false positives in the default installation. This improved the user experience when running the only general purpose open source web application firewall. The presentation explains how to operate CRS successfully in high security settings. This includes practical advice to tuning, working with the anomaly thresholds, the paranoia levels and complementary whitelisting rule sets. This talk is based on many years of experience gained by using CRS in various high security settings, including the one by Swiss Post for it's national online voting service.

SMoTherSpectre: Exploiting speculative execution through port contention

Atri Bhattacharyya & Mathias Payer
SPEAKER BIO

Atri Bhattacharyya is a doctoral student at the Ecole Polytechnique Federale de Lausanne. With a background in computer architecture, Atri is researching attacks and defenses in the space of microarchitecture. He has already published the first paper using transient side-effects of speculative execution to leak data. His future work aims to protect upcoming server architectures from practical microarchitectural attacks.

Mathias Payer (@gannimo) is a security researcher and an assistant professor at the EPFL school of computer and communication sciences (IC), leading the HexHive group. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques.

ABSTRACT
Spectre, Meltdown, and related attacks have demonstrated that kernels, hypervisors, trusted execution environments, and browsers are prone to information disclosure through micro-architectural weaknesses. However, it remains unclear as to what extent other applications, in particular those that do not load attacker-provided code, may be impacted. It also remains unclear as to what extent these attacks are reliant on cache-based side channels.
We introduce SMoTherSpectre, a speculative code-reuse attack that leverages port-contention in simultaneously multi-threaded processors (SMoTher) as a side channel to leak information from a victim process. SMoTher is a fine-grained side channel that detects contention based on a single victim instruction. To discover real-world gadgets, we describe a methodology and build a tool that locates SMoTher-gadgets in popular libraries. In an evaluation on glibc, we found hundreds of gadgets that can be used to leak information. Finally, we demonstrate proof-of-concept attacks against the OpenSSH server, creating oracles for determining four host key bits, and against an application performing encryption using the OpenSSL library, creating an oracle which can differentiate a bit of the plaintext through gadgets in libcrypto and glibc.

30 CVEs in 30 Day

Eran Shimony
SPEAKER BIO

Eran Shimony is a security researcher at CyberArk.
Eran has an extensive background in security research that includes years of experience in malware analysis and vulnerability research on multiple platforms. With a growing interest in logical vulnerabilities, he has several dozens of acknowledged vulnerabilities across major vendors, like Microsoft, Intel, Samsung, and many others. Besides finding security bugs, he enjoys making cocktails and listening to heavy metal and classical music.
ABSTRACT
In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. We will present a complementary approach to fuzzing. By using the method, which is quite easy, we managed to get over 30 CVEs across multiple major vendors in only one month.
Some things never die, in this session, we'll show that a huge amount of software is still vulnerable to DLL Hijacking and Symlinks abuse and may allow attackers to escalate their privileges or DoS a machine. We will show how we generalized these two techniques within an automated testing system called Ichanea, with the aim - finding new vulnerabilities.
Our mindset was - choose software that is prone to be vulnerable: installers, update programs, and services. These types of software are often privileged. Therefore, they are good candidates for exploitation using symlink or DLL Hijacking attacks. We're only scratching the surface; we are positive that there are additional attack vectors that could be widely implemented to achieve similar results.

Attacking Bluetooth LE design and implementation in mobile + wearables ecosystems

Sanjay V
SPEAKER BIO

Sanjay (@sanjayvt) is a Security Analyst at Deep Armor. He is skilled in vulnerability assessment and penetration testing of IoT systems and web applications. He has advanced knowledge of AWS, and has developed numerous software stacks and tools for cloud-hosted web applications. In his previous role as a Business Technology Analyst at Deloitte India, he led project management and operations, focusing on stakeholder management, communication and program delivery.
ABSTRACT
Consumer IoT devices manifest in a variety of forms today, including fitness trackers, rings, smart-watches, pacemakers, and so on. The wearable IoT market is dominated by small and medium-sized business, who are often in a rush to hit the shelves before their competitors, and trivialize the need for security in the bargain, citing no “return on investment”. In our presentation, we deep-dive into the wireless protocol of choice for wearables — Bluetooth Low Energy (BLE), and its impact from a security perspective. We use a USB-based bluetooth hacking hardware board called Ubertooth-One to analyze popular market products, and also perform a live demo on stealing information from a fitness tracker using standard Android app development practices. We wrap up with a discussion on simple cryptographic approaches and BLE-hardening mechanisms to prevent such attacks on wearable and IoT platforms.

Cyberburnouts: Detection, Prevention and Remediation in a complex world

Bruno Kerouanton
SPEAKER BIO

Bruno Kerouanton (éé.net) is an infrastructure automation specialist and entrepreneur. He initially spent time at IBM (Paris, New-York) as an IBM SP/2 Advanced Technical Expert, and for Telco industries (Alcatel, Orange/France-Telecom, Cegetel/SFR) gaining knowledge in complex distributed architectures including WAP, the ancestor of 5G. He then focused on Infosec as a pentester and consultant before being a CISO for nearly 15 years in private and public sectors. Bruno holds a Msc in Information Security (CentraleSupélec), CISSP and other certifications, teaches at Mines and HEC Paris and speaks frequently in infosec conferences. Since 2019 he founded stay-zen.io Secure DevOps Solutions, a company focused on infrastructure automation and self-healing.
ABSTRACT
In the IT industry, and even more proeminently in the Cybersecurity ecosystem, more and more professionals suffer psychic
issues such as depression, burnouts and even suicide. As threats and risks expand continuoulsy and become difficult to cope with, numerous well-known infosec specialists, experts and CISOs have already suffered this condition, and media regularly relay this.

As a former CISO having experienced burnout, I have acquired expertise on psychiatry diagnosis and neuroscience, Post Traumatic Stress
Disorder, learned how to survive and rebuild myself, and am currently a happy IT entrepreneur.

This talk will give you practical bullet points on :
- Detection : what are the triggers, and signals. Be Your Own IDS.
- Prevention : what are the actions to avoid burnouts as an Infosec or CISO professional. Be Your Own Firewall.
- Remediation : In case you unfortunately fell into depression, is there a recipe to regain confidence and start over happily. Be Your Own Self-Healing IaaS Platform.

I hope this talk will help those of you who have experienced or seen their collegues affected. Simple recipes to detect, prevent, heal and
stay zen.

Hacking your Smart Coffee Machine

Axelle Apvrille
SPEAKER BIO

Axelle Apvrille (@cryptax) is principal security researcher at Fortinet. She specifically looks into mobile malware and smart devices (not always that smart...).
She is the lead organizer of Ph0wn CTF, a Capture The Flag dedicated to smart devices. Finally, she enjoys drawing comics and 3D printing.
ABSTRACT
When you organize a CTF dedicated to smart devices, you've obviously got to prepare challenges that involve smart devices, and all the better if those are known, off-the-shelf, devices. Additionally, we were looking for a visual challenge, where everybody can notice when a team flags. After some time, we found the right object: an affordable smart coffee machine. Just the perfect IoT for geeks, and a CTF 😉 However, the challenge for me as an organizer was to manage to create a challenge out of that, starting from scratch on this topic (I don't even drink coffee). I was lucky in that case and found a nice feature, present on the device, but not available through the mobile app.

In this talk, I will explain:
- How this smart coffee machine works
- How I managed to hack the volume of coffee cups
- How I made the machine available on wifi, although it only nativelys supports Bluetooth Low Energy.

To Logical, Through Physical, Via Social: Accessing internal networks through physical access using social engineering techniques

Tinker Secor
SPEAKER BIO

Tinker Secor (@TinkerSec) is a full scope penetration tester with experience in testing and bypassing the security of logical, physical, and social environments. He has conducted red team engagements in the United States, Canada, and Europe. These have included network and systems hacking, social engineering in person and over voice and text, and physical entry and security bypass. Tinker has built up, managed, and trained red team and penetration testing teams. Prior to this, Tinker served in the SOC trenches as an Intrusion Detection Analyst. Prior to that, he served in the United States Marine Corps. He is currently Red Team Principal Consultant at company.
ABSTRACT
Logical, physical, and social environments are all connected. One can gain access to an internal network by breaking into a physical location and plugging into an ethernet jack or one could gain access to a physical location by hacking into a computer network, accessing the badge access system, and picking up an access badge at a front desk. All the while, users and people interact in physical and logical spaces, hardening the systems and creating vulnerabilities at Layer 8.

In this presentation, we'll discuss pragmatic applications of social engineering and give specific techniques to gain illicit entry into physical spaces for the purposes of accessing internal networks and gaining physical access to computing devices. We'll cover initial breach, lateral movement, privilege escalation, and actions on target. In the end, your mark will watch and encourage you to plug into their network and hack their devices.

Practical exploitation of zigbee-class networks with USB-based RF transceivers & open source software

Sunil Kumar Sakoti
SPEAKER BIO

Sunil (@sunils2991) is an industry expert in security research, product security assessment and risk management. He has worked extensively on threat modeling and penetration testing of Web applications, IoT products, Cloud infrastructure and mobile solutions. Sunil is skilled in JavaScript and Python scripting, and has developed numerous security tools and applications. He regularly speaks at local and international security conferences. He currently works as a Senior Security Analyst at Deep Armor. Prior to that, Sunil worked as a security engineer for Ola Cabs and Aricent Technologies.
ABSTRACT
Internet of Things (IoT) products proliferate the market today. They manifest in different forms – right from a pacemaker inside a human body, to an oil and gas rig monitoring device in the remotest locations on the planet. The hardware form factors in many such IoT solutions use tiny micro-controllers with strict low power consumption requirements. Securing these platforms often pose several security challenges.

The IEEE 802.15.4 is a standard developed for low-rate wireless personal area networks (LR-WPANs). The base specification of the standard does not specify how to secure the traffic between the IoT devices and the backend infrastructure, so there are often vulnerabilities in the design and implementation.

Penetration testing of zigbee-class wireless sensor networks need specialized hardware and software stacks for packet sniffing and injection. In this presentation, we will talk about various market-available solutions that pentesters can use for debugging and attacking such networks using USB-based dongles. We will demonstrate two custom hardware boards equipped with programmable micro-controllers that work with open source software solutions for performing attacks on an IEEE 802.15.4 based wireless sensor network. After our demos, we will discuss various hardening methodologies to protect IoT systems against such attacks.

Travel for Hackers

Kirils Solovjovs
SPEAKER BIO

Kirils Solovjovs (@KirilsSolovjovs) is Lead Researcher at Possible Security, bug bounty hunter, IT policy activist, and the most visible white-hat hacker in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance. Kirils has developed the jailbreak tool for Mikrotik RouterOS. He has extensive experience in social engineering, penetration testing, network flow analysis, reverse engineering, and the legal dimension.

He has spoken at many amazing conferences including Hack In The Box, Hack in Paris, Hackfest, Nullcon, SHA2017, 35C3, CONFidence, BalCCon, and TyphoonCon.

ABSTRACT
Travelling to India? Europe? USA? Belarus? Peru? Japan? Latvia?
The seasoned traveller will know that there are limits on tobacco, alcohol and currency. That's basically universal. However, that's not what interests most hackers.

Did you know some of these countries only allow to bring in just one puny laptop, a single portable calculator? No more than 20 CDs or 4 USB drives... No "politically sensitive literature", erotica... No lock picks or handcuff keys, no radio transmitters except when those are part of laptops or mobile phones...

Many of these restrictions are completely unexpected to your average hacker. But we do want to abide the law when at all possible. 😉

I'm here to help you.

Car Hacking On Simulation

Rohan Aggarwal
SPEAKER BIO

Rohan (@nahoragg) is an Offensive Cyber Security Analyst at TCS where he does IOT, Hardware, Web & Android application hacking.
He is also a part-time bug bounty hunter on Hackerone and Synack. He has found security vulnerabilities in big companies like Yahoo, Twitter, Goldman Sachs, Matomo, BrickFTP, Pixiv, etc.
He has presented a talk at SecTor International Security Conference & Microsoft Azure Bootcamp, delivering training on IOT, Web Application and Cloud Hacking.
ABSTRACT
Cars are no longer only mechanical vehicle. They may be getting more advanced, but that doesn’t mean they are immune to hacks. One particularly sensitive entry point for hacking car is the legally required OBD II port, which is basically “the Ethernet jack for your car”. This port works on a signaling protocol called CAN which is a de facto standard for the in-vehicle network. However, lack in security features of CAN protocol makes vehicles vulnerable to attacks..

This session introduces the basic theory about the CAN bus and how vulnerable it is. We will also provide an Instrument Cluster Simulator to get hands-on experience of hacking a real car by creating a functioning CAN simulator with a dashboard just like the one in your car and performing attacks on it.

The benefit of this session is that attendees can reproduce attacks on their system right there as well as at their home without the need of any hardware as everything will be done on a real-world simulation of Car Instrument Cluster.

Back to the future: Computer science and systems biology

Noa Novogroder & Dr. Lorenz Adlung
SPEAKER BIO

Noa Novogroder (@noanovo) graduated from the first round of the Israeli cyber security academy and is currently a master student at the Weizmann Institute of Science in Israel. Before turning into biology, she’s worked for several years at Checkpoint, an Israeli high-tech company in the field of cyber security. In her free time, she likes to swim and offer cure to obese mice.

Dr. Lorenz Adlung (@lorenzadlung) obtained his PhD from Heidelberg University in Germany. Since 2017 he's a visiting scientist at the Weizmann Institute of Science in Israel working in the field of computational biology, with strong emphasis on both, the computation and the biology. Besides his profession, his main passion is science communication, preferably through poetry and performance.

ABSTRACT
Which creature implemented code injection 1.5 billion years before any computer malware did? What is the decoding algorithm being used in each of our cells to run the program written in our genes?
As computer scientists, we are pushing the edge to develop disruptive technologies for the future. In fact, we can learn from an industry that has been evolving since long before humankind existed: The evolution of biological systems.
With our proposal we hope to show the incredible parallels between bacteria and computer malware, the complex algorithms implemented in each of our cells, and how each plays a pivotal role in furthering the research of the other.
This lecture will take the audience on an educational journey through both disciplines. This will foster interdisciplinary collaboration and inspire innovative solutions to future challenges for instance in the context of synthetic biology (i.e. creating artificial life), or personalized medicine (i.e. machine learning to treat patients).

Scaling Malware analysis & Threat Intelligence pipeline towards infinity & beyond!!

Abhinav Singh
SPEAKER BIO

Abhinav Singh is an information security researcher for Netskope, Inc. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.
ABSTRACT
Malware and threat analysis plays a key role in security operations, research and forensic investigations. For businesses and applications moving to the cloud, this talk will provide “Security as Infrastructure” approach towards creating a scalable and robust threat detection pipeline in the cloud. This talk will demonstrate a novel approach towards building a threat detection pipeline by utilizing the public cloud infrastructure and services like serverless functions, containers and AMIs. This solution adapts a “DevSecOps” approach towards infrastructure security which is highly scalable and can scan over a million files every day.

Social Engineering through Social Media: Profiling, Scanning for Vulnerabilities and Victimizing

Christina Lekati
SPEAKER BIO

Christina Lekati (@ChristinaLekati) is a psychologist and a social engineer. With her background and degree in psychology, she learned the mechanisms of behavior, motivation, decision making, as well as manipulation and deceit. She became particularly interested in human dynamics and passionate about social engineering.

Contrary to typical career paths, her history and involvement in the cyber-security field started quite early in her life. Being raised by a cyber security expert, she found herself magnetized by the security field at a very young age. Growing up, she was able to get involved in different projects that were often beyond her age, that gave her an edge in her own knowledge and experience.

Christina has participated among other things in penetration tests, in training to companies and organizations, and in needs and vulnerability assessments.

She is working with Cyber Risk GmbH as a social engineering expert and trainer. Christina is the main developer of the social engineering training programs provided by Cyber Risk GmbH. Those programs are intertwining the lessons learned from real life cases and previous experiences with the fields of cybersecurity, psychology and counterintelligence. They often cover unique aspects while their main goal is to inspire delegates with a sense of responsibility and a better relationship with security.

ABSTRACT
While to the rest of the world social media are friendly platforms of communication and sharing, for the fellow OSINT analysts, hackers, social engineers and attackers, they are targeting and information harvesting platforms. Undoubtedly, online presence is important to all of us. But despite the benefits social networking can create, a strong online presence can also create vulnerabilities.

This talk will demonstrate how one's online presence on social media can attract social engineers to target them and victimize them to “open doors” through the organizational security. It will also discuss how social engineers and penetration testers can utilize social media for their engagements in creative ways and to identify their pretexts.

The talk covers the topic of information gathering through social media (a discipline called Social Media Intelligence, or SOCMINT, being a sub-division of OSINT) and explains how even seemingly innocent information can be used to manipulate and victimize targets. Case studies will be provided. A two-part demonstration is included on how a hacker's mind works when harvesting information on social media; The first part includes real examples of posts that expose vulnerabilities, attract attackers and ultimately lead to security breaches. The second part includes a demonstration on how personal information provided online are gathered, categorized, analyzed and then used to craft an attack, as well as how one ends up revealing online more than he intends to.

A Journey into Malware HTTP Communication Channels Spectacles

Mohamad Mokbel
SPEAKER BIO

Mohamad Mokbel (@MFMokbel) is a senior security researcher at Trend Micro, member of the Digital Vaccine Lab. He’s responsible for reverse engineering vulnerabilities and malware C&C communication protocols, among others, for the purpose of writing custom filters for TippingPoint NGIPS. Prior to joining Trend Micro, Mohamad worked for CIBC in the security operation center, one of the top five banks in Canada as a senior information security consultant - investigator (L3) where he realized that experience in the operation field is extremely important to understand the real sides of offense and defense. Prior to CIBC, Mohamad worked for Telus Security Lab as a reverse engineer/malware researcher for about 5 years. He’s been doing reverse code engineering for the last 14 years. His research interests lie in the areas of reverse code engineering, malware research, intrusion detection/prevention systems, C++, compiler and software performance analysis, and exotic communication protocols. Mohamad holds a MSc. in Computer Science from the University of Windsor and BSc. in Computer Engineering from the Lebanese International University.
ABSTRACT
Over the years, malware have used different communication protocols that sit at various layers in the OSI model to establish an exchange link with its C&C server(s). In particular, as malware C&C communications shifted its focus to HTTP, certain peculiarities, intentional or unintentional, blunders, and obvious errors in the usage of the protocol were spotted. For example, using specific headers in a GET request that only make sense in a POST request, or using wrong Content-Length value that doesn’t match the actual payload size, and the use of a unique non-standard header in a non-standard compliant way among others.

This talk will go through various use-cases of different malware families that have committed several interesting mistakes, deliberate or non-deliberate in their HTTP C&C communication protocols. The ultimate goal is to figure out those mistakes, understand the reason(s) behind them (e.g., bypass security solutions, trick automated systems…), and provide detection guidance. More importantly, how to look for such anomalies and others, synthetically, on the network, be it for threat hunting or data mining of traffic captures. To our knowledge, this is the first paper that attempts to survey, document and perform root-cause analysis on such cases.

Symbolic Execution Demystified

Jannis Kirschner
SPEAKER BIO

Jannis (@xorkiwi) is a Swiss Security Researcher and CTF player. With a passion for reverse engineering and exploit development, he loves to analyze cutting edge technology, finding flaws in highly secured systems and complex applications. Jannis regularly participates in national and international cybersecurity competitions and speaks at various conferences and events.
ABSTRACT
Symbolic Execution is awesome!
From modern fuzzing tools, over automated exploit generation to solving complex reverse engineering challenges - frameworks like "angr" are getting increasingly popular.

There are a lot of crackme-style ctf challenges where the intended solution is to find a specific path through a binary while your input has to match various conditions.
Before symbolic execution techniques became popular you had to manually analyze these binaries, extract all the constraints by hand and use tools like the z3 theorem prover to solve the task. Depending on the binary size this would turn out to be a very tedious and time-consuming process.

What if there was a more effective way to tackle such a problem and supercharge your reverse engineering skills?

This introduction to symbolic execution is for everybody that might've already heard of the "angr" framework but never got to learn it. New CTF players will get a headstart into crackme solving, seasoned reverse engineers will discover a powerful technique for their toolbox.

You will learn where you can apply symbolic execution frameworks, how they work under the hood and how to integrate them into your reverse engineering workflow. Naturally the practical part won't fall short, so we'll apply the newly learned techniques on several demos.

GSuite Digital Forensics and Incident Response

Megan Roddie
SPEAKER BIO

Megan Roddie (@megan_roddie) is currently working as a Cyber Threat Analyst. With previous experience in the public sector and a current position in the private sector, she has a variety of experience in different types of environments. With a love for public speaking, she has spoken at DEFCON, BSides Dallas, SOURCEConf, and various other conferences. Megan recently graduated with a Master’s degree in Digital Forensics and holds GCIH and GCFA certifications.
ABSTRACT
It’s the norm now to hear companies discussing “moving to the cloud”. Before long your data center servers are going to be antiquated technology. Though the transition to the cloud marks an exciting time in Information Technology, digital forensic investigators and incident responders are facing new, unknown territory. Rather than tackling such a large topic and issue in 30 minutes, this talk aims to provide a real-life case study of what it is like to respond to an incident in GSuite, Google’s cloud business suite. With a few million businesses subscribed to GSuite and that number climbing it is likely that DFIR professionals will eventually need to handle an incident for a company that is using GSuite for business operations. Speaking from experience, the presenter of this talk hopes to use a real-life example of how incident responders would handle an account compromise that occured to a business using GSuite. Furthermore, the speaker will apply the SANS Incident Response process to the situation and briefly discuss the forensics surrounding GSuite incidents. The goal is that by reviewing this case study the audience will not only learn about GSuite DFIR but also begin to think about how this extends to all cloud environments.

TX shift left (DevSecOps) Initiative

Andreas Schneider
SPEAKER BIO

Andreas Schneider, born and raised in Munich, Germany, entered the field of IT Security at an early stage. Trained as a System Programmer, he took responsibility for a regional bank institute’s entire mainframe landscape security. He then grew his specialization in the field of IT Security and IT Risk Management throughout various related roles like Consultant, Specialist and CISO, while transforming IT Security across different businesses and company sizes, including startup, regional and multinational within banking, IT and media. With more than 10 years of international specialist experience, he currently acts as the Group CISO at TX Group (formerlly known as Tamedia AG), Switzerland’s largest private media company, progressing Cyber Security to become more agile. He further holds several well-respected professional certifications, such as the C-CISO, CISM, CISSP, CRISC, and is also certified in ISO 27001 and ITIL V3. He lives with his wife and son in Zurich, Switzerland.
ABSTRACT
Next to Agile CISO and Zero Trust, one main pillar of the TX Group security strategy is DevSecOps. This talk will give a glimpse into the tools and methods used by TX Groups companies to achieve built-in security with new digital products.

Redback: advanced static binary injection

Nguyen Anh Quynh & Do Minh Tuan
SPEAKER BIO

Dr.Nguyen Anh Quynh is a regular speaker at numerous industrial cybersecurity conferences such as Blackhat USA/Europe/Asia, Defcon, Recon, Eusecwest, Syscan, HackInTheBox, Hack.lu, Deepsec, XCon, Confidence, Hitcon, Opcde, Shakacon, Brucon, Zeronights, Tensec, H2HC, etc. He also presented his researches in academic venues such as Usenix, IEEE, ACM, LNCS. His contribution to the filed lays foundation for various innovative works in the industry and academia.

As a passionate coder, Dr. Nguyen is the founder and maintainer of several open source reversing frameworks: Capstone (http://capstone-engine.org), Unicorn (http://unicorn-engine.org) and Keystone (http://keystone-engine.org).

Do Minh Tuan (hardtobelieve) is a security researcher of CyStack, Vietnam. Soon going to finish his university study, he already has 4 years of working experience. He has some presentations at Xcon & T2. A passionate member of BabyPhD CTF team, Tuan also enjoys exploring deeply technique of fuzzing and software exploitation.

ABSTRACT
Static binary injection is a technique to permanently insert external code to an executable file, in order to observe or modify target behavior at run-time. From an attacker's perspective, this is helpful to enable persistent infection. For the defense side, this plays a crucial step in binary instrumentation. Unfortunately, good injection tools are seriously lacking: firstly, existing tools only support some limited platforms or CPU architectures. Secondly, they all restrict the injected code to be written in low-level assembly, which significantly raises the cost of development and maintenance.

It is highly complicated to implement a good static injection tool, which in essential requires to build an advanced static linker to properly link target binary with external code, so the output executable can be legitimately executed on modern systems with many mitigation techniques enabled by default. Considering that we wish to inject code built from high-level languages such as C/C++, the task is much more challenging.

This work provides a comprehensive overview on how static code injection is done on all platforms (Windows, MacOS, Linux, BSD). We will present all the technical issues we had to overcome, including understanding different executable file formats, how to expand the original binary to accommodate new code, data and meta-data coming from external binary, and how our static linker leverage the OS dynamic linker to do heavy lifting job for us.

We implemented all the ideas in a new solution named Redback. Our tool can inject code built from high-level languages like C/C++ into target executable of all platfoms (Windows, MacOS, Linux, BSD are confirmed). Redback also works cross-architecture (with support for ARM, ARM64, Mips, PPC, X86), and can handle multiple executable formats (PE/PE+, MachO & ELF).

This presentation will be concluded with some exciting demos. Redback will be released after our talk, with full source code.

SYNwall - A new kind of IoT firewalling

Cesare Pizzi & Miso Mijatovic
SPEAKER BIO

Cesare Pizzi - Security researcher, analyst and technology enthusiast at Sorint.lab.
He develops software and hardware, and tries to share this with the community.
Some things:
* He play CTFs for fun
* He gave some presentations in different conferences:
- DEFCON 25 HHV: Ardusploit: PoC of Arduino code injection
- BSides 2018 Milano: Ardusploit evolution
- Italian Hacker Camp 2018: 0-ITM portable malware analysis lab
- DEFCON 27 PHV: Sandbox creative usage
* He developed a Volatility plugin for powershell analysis (available on Volatility Community repo)

github: https://github.com/cecio
Twitter: @red5heep

Miso Mijatovic - DevOps passionate about programming, security and communication at Sorint.lab.
github: https://github.com/MisoMadao
Personal project: https://underattack.today
linkedin: https://www.linkedin.com/in/mi%C5%A1o-mijatovi%C4%87-1b1064b3/

ABSTRACT
A lots of words has been spent in the last years about IoT security: but instead of thinking to deploy a new device, let's try
to stay on what we already have: we have a TCP/IP stack. And what we don't want to have? Complicated and cumbersome security configurations.
The aim of SYNwall is to build an easy to configure, no new hardware, low footprint, lightweight and multi-platform security layer on TCP/IP: with a one
way OTP authentication, SYNwall can make every device more secure and resilient to the real world networking reconnaissance and attacks.
If we think at some of the IoT installations (may be directly internet exposed, in difficult environments, with no support infrastructure
available), the possibility to have an on-board and integrated way to control access, can make a huge difference in terms of
security.
The device will became virtually unaccessible to anyone who don't have the proper OTP key, blocking all the communications
at the very first level of it: the SYN packet. No prior knowledge of who need to access is required at this point, making configuration and
deploy a lot easier.

Too much crypto

Jean-Philippe Aumasson
SPEAKER BIO

Jean-Philippe (JP) Aumasson is the founder and managing director of Teserakt, a Swiss-based company specialised in IoT security and offering an end-to-end encryption solution. He is an expert in cryptography and the author of the reference book Serious Cryptography (No Starch Press, 2017). He designed the widely used cryptographic algorithms SipHash and BLAKE2, which he developed after a PhD from EPFL (Switzerland, 2009). He regularly speaks at leading security conferences about topics such as applied cryptography, quantum computing, or blockchain security. JP also holds strategic roles in Kudelski Security and Taurus Group.
ABSTRACT
This talk will present controversial research about cryptographic, arguing that most cryptographic algorithms we use (such as AES, BLAKE2, ChaCha20, SHA-3) could achieve the same security by doing way fewer computations, and thus being much faster, and greener! Based on a review of 20 years of research and on a risk-based approach, this non-technical talk will review why and how cryptographic algorithms are selected, what can be improved, and suggest tweaks to make cryptography up to 2.5 times faster in your applications.

Phishing Test Recommended Practice

Adrian Koster (MELANI)
SPEAKER BIO

Analyst and Senior Legal Advisor at the Reporting and Analysis Center for Information Assurance MELANI
ABSTRACT
Many organizations carry out phishing tests (simulated phishing campaigns) as part of broader information and awareness campaigns on the risks and dangers of IT and Internet usage. Such campaigns can lead to reports to CERTs and several other organizations witch then investigate and may take a variety of measures.
In collaboration with the Swiss ccTLD registry and a major ISP, and after consultation of members of the security industry, the Swiss Government has issued a recommended practice for phishing tests.

The recommendation lists several technical, legal and organizational aspects to consider when performing phishing tests so they can be carried out as intended and without interruptions or collateral damage.

How much does it cost to build industrial APT?

Vladimir Dashchenko & Sergey Temnikov (Kaspersky)
SPEAKER BIO

SPEAKER BIO
ABSTRACT
BlackEnergy/Sandworm has exploited a set of bugs in 2014-2016 in Siemens, Advantech and GE SCADAs. Usually most of the APT actors who is exploiting a set of 0days need to do a lot of research for identifying these 0days. But how much does it cost? Do they spend a lot of time? We decided to take a look and measure how long you need to invest into 0day research in Siemens WinCC, Advantech WebAccess, GE Cimplicity to recreate attacker's steps. We will provide technical details on how difficult was to find those bugs with live demo.

Thinking Like a Cybercriminal

Etay Maor (Intsights)
SPEAKER BIO

Etay is Intsight’s Chief Security Officer, an industry recognized cyber security researcher and key note speaker.

Previously, Etay was an Executive Security Advisor at IBM where he created and led breach response training and security research. Prior to that Etay was the Head of RSA Security’s Cyber Threats Research Labs where he managed malware research and intelligence teams and was part of cutting edge security research and operations.

Etay is an adjunct professor at Boston College and holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism Etay contributed to the ICT (International Institute for Counterterrorism) in cybersecurity, fraud and dark web topics and is a frequent featured speaker at major industry conferences. He is often tapped by major news outlets for his astute commentary on and insights into the cybersecurity news of the day.

ABSTRACT
We read about hacks and breaches on a daily basis, but what do we actually know about these cybercrime groups and how they conduct these attacks? In this session, we will dive into basic hacking techniques, demonstrate what types of tools hackers are using today, examine the scope of these attacks, and discuss best practices on how to protect ourselves and our businesses. Demonstrations will include Phishing, WiFi attacks, USB based attacks, social engineering, OSINT (Open Source Intelligence) and more. It is only once you understand how the attacker operates that you can defend forward against these attacks using tools like MITRE ATT&CK and operationalization of threat intelligence.

Failles de sécurité : comment éviter que la victime ne devienne coupable

Sylvain Métille
SPEAKER BIO

Professeur à l'Université de Lausanne et avocat associé à l’Étude HDC, Sylvain Métille est un spécialiste du droit de la protection des données et du droit numérique. Il conseille des entreprises suisses et étrangères, ainsi que des administrations publiques, en lien avec de grands projets de traitement de données ou de déploiement d’outils informatiques, y compris les questions de surveillance, de profilage, de transfert de données, de cybercriminalité, etc. Il est régulièrement consulté comme expert par des autorités cantonales ou fédérales, ainsi que le Conseil de l’Europe et le Parlement européen.

À l'Université, il est Directeur de la Maîtrise universitaire en Droit, criminalité et sécurité des technologies de l'information (M DCS) et Membre de la Commission d’éthique de la recherche de l’Université de Lausanne (CER-UNIL). Il tient depuis 2010 un blog (www.smetille.ch/blog) sur les enjeux des nouvelles technologies.

Inscrit au barreau depuis 2005, il est reconnu par les principaux guides juridiques (Chambers & Partners, Legal500 and the Best Lawyers) dans les domaines de la protection des données, médias, technologies et télécommunication. Il y est décrit comme an outstanding data protection expert”, who “always thinks at least two steps ahead”, “intelligent and pragmatic”. Titulaire d'un doctorat en droit de l'Université de Neuchâtel (2010), il a été invité comme Visiting Scholar par le Berkeley Center for Law and Technology (University of California) en 2010-2011.

ABSTRACT
L’entreprise victime d’une cyberattaque doit souvent réagir dans l’urgence pour sécuriser et rétablir son infrastructure. Si des données personnelles sont exposées, cela peut déclencher une obligation de notification aux autorités de contrôle suisses et étrangères dont la violation peut être sévèrement sanctionnée. Mais une notification inutile peut aussi révéler des mesures de protection insuffisantes et ouvrir la voie à d’autres sanctions. Les délais sont très brefs et exigent qu’un processus clair ait été préalablement mis en place.

Detecting and Mitigating Cloud-native Threats

Paolo Passeri (Netskope)
SPEAKER BIO

Paolo Passeri, Netskope's Cyber Intelligence Principal is also a blogger, passionate security enthusiast and evangelist with over 20 years experience in the Information Security arena. Currently, focusing on cloud security, advanced malware detection and risk mitigation, Paolo supports Netskope's customers in protecting their journey to the cloud. In his spare time, he updates his blog hackmageddon.com, which details timelines and statistics of all the main cyber-attacks occurred since 2011. The blog is a primary source of data and trends of the threat landscape across the Infosec community.
ABSTRACT
The cloud is not only a key element of the digital transformation process, but also a powerful weapon in the hands of cybercriminals. Using cloud services to host malicious infrastructures and launch evasive attacks is now a consolidated modus operandi adopted by malicious actors. Aspects like evasion, implicit trust, and the new concept of perimeter that is user-centric, greatly increase the attack surface and expose organizations to these novel cloud-native threats. This keynote session will explore the latest trends in this domain, suggesting some mitigation scenarios to ensure a secure digital transformation journey.

NSX-T Distributed Firewall & Intrusion Detection

Erik Bussink (VMware)
SPEAKER BIO

Senior Solution Architect at VMware, helping Customers & Partners, Design and Architect solutions on Virtualized Infrastructures & Hybrid Cloud.
ABSTRACT
Managing the firewall rules for a dynamic virtualized environment is hard. It’s an impossible task in the container era when workloads live a very short life. The same is true for IPS: you can’t protect what you don’t know – does your IPS know in realtime, what is behind a workload? This is a follow-up to last year’s workshop: https://youtu.be/08LeF8ceMzk

Protecting Operational Technology (OT) in a converging IT/OT/IoT world

Antoine d’Haussy (Fortinet)
SPEAKER BIO

Antoine joined Fortinet last July as BD Director to lead the OT strategy and revenue growth in EMEA.

With 20+ years’ experience in product management, sales and marketing, Antoine mostly worked for industrial clients together with General Electric, ALSTOM, and ALTRAN.

In his last product management role with General Electric Automation and Controls (GE A&C), he was leading the digital solution portfolio including the cyber security products and solutions for GE Industrial Control Systems.

A native of Paris, he lived in several countries to finally settle in Zurich area in Switzerland, where he enjoys spending quality time with his wife and two kids.

Antoine is a certified Global Industrial Cyber Professional (GIAC-GICSP) trained at SANS institute, he holds a MSc of Telecom & IT and an MBA.

ABSTRACT
Digitization and removal of the traditional air-gap between IT and OT leaves Industrial Control Systems vulnerable.
Let’s discover some advance best practices to efficiently secure converging IT/OT infrastructures with real-time integrated detection and protection
- Automate assets discovery and detect intrusions using OT Intrusion Detection System
- Secure IT/OT convergence using Micro Segmentation (Access vLANs)
- Automate OT threat response with IDS integration into Network security management
- Use Case of Fortinet’s Fabric integrated detect-protect capabilities

Hunting Ghosts – Uncovering the Latest Cyber Incidents and How to Hunt Them Down

Lior Chen (Varonis)
SPEAKER BIO

Lior is the director of cybersecurity at Varonis, a US based company securing more than 7000 enterprises around the world. Lior is leading the development of Varonis cyber platform, security research, forensics and incident response. His team is focused on researching latest attack techniques, malwares and vulnerabilities and applying lessons learned to stop cyber-crime.

Lior has over 20 years of security experience, starting his career in the IDF Technology and Intelligence unit and then serving in several high-technology roles doing research and development of application security, software and hardware.

ABSTRACT
This session focuses on 3 recent major cyber-attacks discovered as part of a comprehensive study of dozens of evasive incidents managed by our security team.
We will look at major real-world exploits uncovered by Varonis, including Qbot (a large-scale APT), “Norman” (a massive crypto-mining infection), and “Save the Queen” (ransomware) as well as unique insider incidences of employees who went rogue.

You will get an in-depth explanation of the techniques used, how perimeter detection are evaded, and what you can do to detect and hunt such advanced attacks.

Closing Keynote - The price of cybercrime

Rob May
SPEAKER BIO

Rob (@robmay70) is an award-winning speaker and a Professional Member of the PSA (Professional Speaking Association).

He delivers keynotes internationally and runs CEO and Director workshops for both Vistage and the Institute of Directors. He speaks as a current and very relevant expert, being founder and Managing Director of ramsac who deliver IT and Cybersecurity services/support, he’s got a team of 70 consultants working with him (and an alliance partnership with PwC).

Rob is the UK Ambassador for CyberSecurity for the Institute of Directors and he is currently ranked No.5 in the Global rankings for CyberSecurity Thought Leaders/Influencers.
His CyberSecurity TED Talk has had approximately 400,000 views (on both TEDx YouTube and also TED.COM). He’s a published author selling his CyberSecurity books on Amazon in 8 countries.

And he makes a complex yet vital subject fun, entertaining, actionable and very relevant.