Archive for the talks Category

Level: Organisation and policy (Non-tech)

Abstract:
The importance of security and privacy, keeping the data safe in healthcare is huge. We also need to be aware that the criminal can harm the patient in many different ways, for many different reasons, with the goal to harm them, but also doing it by accident, just simply because we make everything digital, put and connect everything online, without thinking about the need to make it safe and secure.

We need an environment within the organization that will make possible for infosec professionals to do their job as best as possible. With good communication, teamwork, and good agreements, we can make a stable base to build a safe and secure environment in healthcare.

Bio:
Jelena Milosevic – a pediatrician and ICU nurse with a lot of experience, working at many different hospitals in the Netherlands. Over the past 4 years active in the infosec community and applying the knowledge of infosec into the healthcare world to improve the security of the environment for patients and the medical staff. Last year, more directly active in the improvement of info security at different levels. A member of the I Am The Cavalry group and a part of the network of Women in Cyber.

Video/recordings:

[Slides (PDF)] [Recording (MP4)]

Level: Technical

Abstract:
In today’s multi-sourced enterprise, your security is as good as your worst written contract. The bad news? I haven’t seen many well-written contracts so far… The good news? I’ve seen plenty of bad ones. Why is that good news? Because now I can tell you what are the Security contractual sins you should avoid, and how to avoid them.

This presentation will take you through some of the most egregious Security mistakes I keep encountering in IT contracts and will offer solutions to avoid them. The presentation is targeted at both customers and providers of IT and Security services. Because better contracts mean happier business relations for both parties. And more profits. And better Security.

(And yes, a Decalogue means 10. In practice, we found that there are quite a few more “sins”. Hence, the “ish” suffix in the title. Hope it will be forgiven.)

Bio:
Sebastian Avarvarei is currently working as Director for Security Advisory Services at a global organization. Sebastian has been in IT and Security for over 20 years, covering a multitude of roles ranging from Security Architect and Consultant to Auditor and Developer, giving him a unique multi-faceted view on today’s Security challenges.

Video/recordings:

[Slides (PDF)] [Recording (MP4)]

Level: Low Tech

Abstract:
“We take security seriously” – four words that are so easy to say, but what does it mean in the real world?

Are they just soothing words designed to pacify frustrated users in the aftermath of a breach? Or can these words mean something more?

I spent months speaking to CISOs, security professionals and practitioners, as well as going undercover to speak to business owners which certainly rattled some cages.

Thankfully, I dodged many bullets, all in the name of attempting to quantify the unquantifiable – what does it really mean to take security seriously?

So, come along, find out what the professionals think, what the general landscape is, what steps businesses can take, and maybe a few hard-to-believe side stories.”

Bio:
Javvad Malik is a Security Advocate at AlienVault, a blogger event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security that speaks to both technical and non-technical audiences alike.

Prior to joining AlienVault, Javvad was a Senior Analyst at 451’s Enterprise Security Practice (ESP), providing in-depth, timely perspective on the state of enterprise security and emerging trends in addition to competitive research, new product and go-to-market positioning, investment due diligence and M&A strategy to technology vendors, private equity firms, venture capitalists and end users.

Prior to joining 451 Research, he was an independent security consultant, with a career spanning 12+ years working for some of the largest companies across the financial and energy sectors.

As well as being an author and co-author on several books, Javvad was one of the co-founders of the Security B-Sides London conference.

Level: Technical

Abstract:
The questions that are asked by researchers and incident responders are closely related, but are driven by different immediate needs. Two major questions are: “can I identify a sample as a member of a malware family?” and “can I find more samples that are related to a sample?” When trying to identify a particular sample, there are even two more problems introduced by the various nomenclatures used to identify malware samples with some names coming from AV vendors and other names coming from marketing departments.

This talk covers a number of techniques for identifying malware samples. Even though there is a nomenclature problem, methods of working with AV scanner results are also covered in the talk. A single solution to the problem of nomenclature is tough to agree upon, but a number of historical attempts including Common Malware Enumeration (CME), WildList, CARO, and more are reviewed. Additionally, I point out how other disciplines, specifically Biology, have solved nomenclature problems that still satisfy many of the needs of malware identification including some marketing problems.

Beyond the process of identification, I cover a number of techniques for finding additional samples related to a particular sample. Topics covered in this area include various types of fuzzy hashes, URL structure analysis, code signing signatures, metadata from static analysis, behavioral data from dynamic analysis, adversary infrastructure analysis (including the diamond model for intrusion analysis), clusterization algorithms, and control flow graph analysis. The listener will come away with a set of techniques that can be put to immediate use, from simple to complex.”

Bio:
Robert Simmons is an independent malware researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others. Robert also is a maintainer of plyara, a YARA rule parser written in pure python.

Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.

Video/recordings:

[Slides (PDF)] [Recording (MP4)]

Level: Technical

Abstract:
The speaker will go through the process of reversing two samples of live malware: the first is a Windows ransomware, the second is an Android malware. Moreover, the speaker will demonstrate the tooling and resources necessary to identify, handle and understand a malware sample. The idea here is to establish the methodology of how to approach a malware sample rather than focus on the technicalities of the platform.

Furthermore, there will be 2-3 write-ups posted on the speaker’s GitHub repo and website that demonstrate the entire walkthrough of the reversing process for both samples.

Bio:
Abdullah Joseph works as a Security Specialist at Adjust, a mobile analytics company, as part of the company’s Fraud team. Responsibilities include researching current and future Ad Fraud schemes and develop appropriate countermeasures.

Video/recordings:

[Slides (PDF)] [Recording (MP4)]