BalCCon2k19
BalCCon2k19 - BalCCon Computer Congress2019-09-132019-09-15300:152019-09-13T12:00:00+02:0012:0000:15TeslaBalCCon2k19_-_276_-_en_-_tesla_-_201909131200_-_opening_-_jelena_georgijevic_krasojevicfalseOpeninglectureenJelena Georgijević Krasojevic2019-09-13T12:15:00+02:0012:1501:00TeslaBalCCon2k19_-_283_-_en_-_tesla_-_201909131215_-_the_road_to_hell_is_paved_with_bad_passwords_-_chris_kubeckafalseThe Road to Hell is Paved with Bad PasswordslectureenEver wonder what incident management is like when an embassy gets hacked by ISIS? Come on a journey that includes international threat actors, a state sponsored intelligence agency, and a foreign sovereign embassy. This journey includes a walk through a series of cyber challenges that includes surprisingly weak security, insider threats, a 50 million dollar extortion attempt, diplomatic immunity, city wide security lock down, all while >400 dignitary’s lives dangle in the negotiation crossfire. Join Chris, the lead investigator and resolver, as she takes you along on a super-secret squirrel mission that includes high adventure, nation state, cyber threat actors, and cyber terrorism. Solve the crime and save lives, all in a day’s work for cybersecurity professionals, who said STEM was boring? In this talk, you will discover the key takeaways and gain insight on how to protect yourself from the investigation and response to a real-life cyber terrorism incident. No classified information will be shared, some terrorists were harmed in the making of this talk.Presentation about the following two articles and the unclassified portions of the original report I wrote for the Kingdom of Saudi Arabia, Saudi Embassy of the Netherlands and Saudi Aramco.
https://hackernoon.com/the-road-to-hell-is-paved-with-bad-passwords-ef54815873f9
https://www.csoonline.com/article/3386381/inside-the-2014-hack-of-a-saudi-embassy.html
A few years ago, I led an unusual digital crime incident investigation. A mix between cyber crime and cyber terrorism, leaving the events etched my the memory banks. Finding oneself in the midst of terrorist groups and high level political intrigue as a security expert and all around hacker seemed more fitting on a warped version of the IT crowd.
An Embassy in a European country had been hacked, pwnd hard. The back end, official business email account was targeted and subsequently misused by miscreants who sent out emails as if they were from the Ambassador’s trusted Secretary. Utilizing the compromised account, the nefarious attackers attempted to extort additional visa fees from select VVIP applicants. Time was of utmost importance. Quickly, I assembled a team, myself and one person, a senior forensics expert rockstar. We immediately travelled to the location and began the investigation.
The Embassy in question was highly distrustful of both the local police and the local Diplomatic Corp Police, a separate branch of police for embassies and diplomatic staff. The Embassy email account was high value, gave attackers access to contacts, communications and could lead to maximum damage to reputation. Non reputation concerns.
It was the Embassy IT person’s first week on the job and the previous person gave zero hand over. They couldn’t even get in touch with the previous person. The Embassy IT person had zero security experience, pure IT; but was willing to do just about anything to stop the attack. Stopping the damage, the bleeding and securing the email account was a top priority.
“What’s the username and password?” I asked, expecting some super duper 26 + character, two factor authentication credential set, virgin blood sacrifice and the attackers were super spies. Answer: embassy@email.com, password is 123456. Yes, 123456.
We investigated further, my forensics person checked around, taking samples, network checks via taps. Even though Windows XP was rampant, no real anti-virus was installed. They relied entirely on Microsoft Security Essentials. How good is MSE? “In June 2013, MSE achieved the lowest possible protection score, zero.” We changed the password, thought the worst was over and job done. Lucky for them, only two systems had any internet access and were on a closed network, separate from embassy government operations. Embassies frequently host intelligence services in addition to diplomacy. Glad there was a real separation, almost an air gap.
A few weeks later, as life was getting back to normal, another summoning. At this point, I was never going to eat my lunch. What began as some dodgy emails trying to fraudulently acquire extra visa fees using the embassy email account grew, exponentially. This time, an email went out, again from the official embassy email account, signed as the Ambassador’s Secretary to a handful of friendly embassies asking for 25 thousand Euro in the name of a friend of ISIS.
Back to the location again, this time alone to try and sort things out. Forensics was no longer required. The Ambassador was concerned it was an insider, as was I. As if we were on some sort of comedy skit on the BBC. We waited until everyone else exited the embassy after it closed for official business. Then, the comedy began by crouching down on our hands and knees looking for passwords written on post-it notes, under desks and other places. We were looking for embassy employee credentials to use their logins so I could further investigate certain employees without their knowledge. By we I mean the Ambassador and I. Never in my life had I expected to see an Ambassador sifting around dusty desks with me, on hands and knees.
We began to liaise with the Diplomatic Corps Police in a limited extent. At arms length at all times, trust was strained. It took a great deal of effort, meetings with the Ambassador to speak with any outside party.
Unfortunately, the attackers still had access somehow to the embassy email account. The Diplomatic Police, sending via CC not BCC gave away all the other official embassy back end email addresses. Then the real fun began. The attackers quickly capitalized on the faux pas and sent back an email to everyone spreading the fear. What began as a few hundred euro grew to 50 million USD.
The threats grew to not so casually mentioning a big private event the Ambassadors of the USA, UK, Japan, 400+ dignitaries and staff etc.. were slated to attend. If the money wasn’t paid up, the event would blow in more ways than one. During this time, the attackers took a particular and personal interest in the Ambassador’s Secretary, prompting the regular police to become involved for a split second. The regular police had no jurisdiction or authority in the matter and were warned to back off ASAP.
Quietly and unbeknownst to the residents. The city was put on alert, embassies locked down, every person passing by was treated with suspicion. I even had the joy of not one, but three “Cultural Attachés” of an ISIS friendly embassy try to befriend me at a pub I frequented during the investigation. One gave me a very personal gift, a set of Islamic prayer beads. Which I had promptly checked for bugs. The trio didn’t drink alcohol but would sit patiently in the pub, drinking tea for hours until I arrived. The trio said they wanted English lessons, but all spoke English.
Eventually I was able to gain the Ambassador’s trust to further interrogate some of the digital assets and accounts. This was quite unusual, I was not a citizen of the country in question. They allowed me to take back an asset to my lodgings. After getting comfortable, trying to relax, a glass of wine in hand. Eureka, I found it! The attackers still had access to the embassy email account because they had setup a back end email forwarder. Back end email forwarder closed, secured up the email account, gathered evidence. We then went on the hunt for who was behind the attack, hop by hop following each step back over multiple countries. The suspect(s) were isolated, placed under surveillance and effectively neutralized. Months later I was invited to a private embassy function. In the end, I was the only one blown away, by the Ambassador’s gift.
Further investigations by JM Porup, reporter for CSO Online revealed the rootkit in the original report had been used by some nefarious groups. Possibly pointing to the suspected insider having outside help.
Chris Kubecka2019-09-13T13:15:00+02:0013:1501:00TeslaBalCCon2k19_-_300_-_en_-_tesla_-_201909131315_-_no_more_whack-a-mole_how_to_find_and_prevent_entire_classes_of_security_vulnerabilities_-_sam_lanninganyfalseNo More Whack-a-Mole: How to Find and Prevent Entire Classes of Security VulnerabilitieslectureenWe frequently see the same types of security vulnerabilities appearing repeatedly over the course of a software project’s lifetime, and often across multiple projects. In this talk I’ll be discussing how security teams at companies such as Google and Microsoft use variant analysis to address this in their own software.In software development, we frequently see the same logical coding mistakes being made repeatedly over the course of a project’s lifetime, and often across multiple projects. When these mistakes lead to security vulnerabilities, the consequences can be severe. No one knows this better than companies like Google and Microsoft, whose software is used by millions of people every day.
With each code vulnerability discovered, we’re presented with an opportunity to investigate how often this mistake is repeated, whether there are any other unknown vulnerabilities as a result, and implement an automated process to prevent it reappearing. In this talk, I’ll be introducing Variant Analysis, a new process being pioneered by security teams at a number of companies including Google and Microsoft, that does just this. I’ll discuss how it can be integrated into your development and security operations, share some stories from the trenches, and also show how companies are sharing their knowledge and research as open source tools and queries that everyone can benefit from.
Sam Lanning2019-09-13T14:30:00+02:0014:3001:00TeslaBalCCon2k19_-_285_-_en_-_tesla_-_201909131430_-_infotainment_systems_hacking_-_vladan_nikolic_-_benjamin_lafoisfalseInfotainment systems hackinglectureenInfotainment systems in modern cars are very powerful devices which can interact with different subsystems in the car... But are they as safe as we would hope they should be?Modern car has more software in it then the average fighter plane. All systems are controlled by a piece of code running in one of hundreds of separate computers available in a normal car.
The most accessible computer are in the cabin itself as they are within the reach of passengers even without any special tools and knowledge.
But what can go wrong? Just imagine...
These devices have internet connectivity, can pair with a phone, offer in car wireless and Bluetooth connections.
Running underlying RTOS is expected to be secure, but there are always issues, and as these devices are commonly just OEM devices, a single vulnerability could impact more than just a single model or manufacturer.
These devices, when taken over by malicious actor can be used as a stepping stone to reach other, more critical car control systems.
In this session we will cover basics of car electrical systems, infotainment system architecture, most common protocols, QNX OS, and demonstrate some of the most common attacks on such systems.
Vladan NikolicBenjamin Lafois2019-09-13T16:00:00+02:0016:0001:00TeslaBalCCon2k19_-_289_-_en_-_tesla_-_201909131600_-_digital_anti-_forensics_-_stevan_gostojicfalseDigital (Anti-)ForensicslectureenDigital forensics is a well-established discipline within information technology and law enforcement. It is concerned with identification, acquisition, preservation, analysis, and presentation of digital evidence acceptable to courts of law. With the advance with digital forensics methods and tools, digital anti-forensics methods and tools also advance. In this session, I will introduce the audience to the basic concepts, methods, and tools used in digital (anti-)forensics. More specifically, the audience will be introduced to data hiding, artifact wiping, trail obfuscation, attacks against forensics methods and tools and indications of digital anti-forensics.Stevan Gostojić2019-09-13T17:00:00+02:0017:0001:00TeslaBalCCon2k19_-_314_-_en_-_tesla_-_201909131700_-_legitimate_tools_or_weapons_of_mass_compromise_-_vanjafalseLegitimate tools or weapons of mass compromise?lectureenWindows desktop and servers contain a large number of legitimate tools which can also be used by attackers, once they obtain initial access. This presentation describes those tools and their usage in real world attacks. Centralised logging and telemetry provides a wealth of information for blue team members and their day to day operations. These sources usually contain enough data to detect when attackers were successful in compromising the defended network.
But how to recognise a successful attack when the tools the attackers are using are also legitimate system administration utilities? Most Windows administrators would agree that PowerShell is an essential system administration tool but it has been frequently seen as an attack avenue for attackers and red team activities.
For example, we often observe Powershell activity in ransomware attacks, malicious crypto mining and even more serious targeted attacks. Powershell is typically used to load code from remote servers and make the attacks “fileless” using reflective dll loading, steal user credentials, pivot within the compromised network and execute other offensive tasks.
Right from the initial compromise we can expect the attackers to use standard Windows tools for enumerating the network, adding new users, pivoting to other servers, dumping databases, exfiltrating data etc.
This session will be a walkthrough of attackers techniques using tools which can also be considered legitimate and are usually installed by default on Windows. We will talk about basic and advanced functionality of these legitimate weapons and show their usage in recent real world attacks.
Vanja2019-09-13T18:15:00+02:0018:1501:00TeslaBalCCon2k19_-_301_-_en_-_tesla_-_201909131815_-_a_beast_and_a_poodle_celebrating_sweet32_-_bojanzfalseA BEAST and a POODLE celebrating SWEET32lectureenPOODLE, BEAST, CRIME, SWEET32 ... So many SSL/TLS vulnerabilities, so little time to analyze them. That's why we will cover the most common in this presentation, with some live demos, so we can make good risk assessment on what needs to be fixed quickly, and with what we can live.In last couple of years we have witnessed many SSL/TLS vulnerabilities with various acronyms: POODLE, BEAST, BREACH, CRIME, DROWN, FREAK and SWEET32 - to name some. Almost every time, a snazzy logo and a lot of panic around the vulnerability made us believe that this is the end of secure communication on the Internet.
However, we are yet to see any real hacks that actually exploited one of the above mentioned vulnerabilities.
This presentation will explain how these vulnerabilities work and will comment on their viability for web, mobile and fat client applications.
We will try to identify the SSL/TLS vulnerabilities who cried wolf, so we can concentrate on those that pose a serious threat (if such exist, that is), with some live demos.
bojanz2019-09-13T19:15:00+02:0019:1500:45TeslaBalCCon2k19_-_338_-_en_-_tesla_-_201909131915_-_spispy_open_source_spi_flash_emulation_-_trammell_hudsonfalsespispy: Open source SPI flash emulationlectureenspispy is an open source hardware tool for emulating SPI flash chips that makes firmware development and boot security research easier. In this talk we'll discuss the challenges of interfacing on the SPI bus and emulating SPI devices, as well as demonstrate how to use it quickly debug issues with coreboot and how we used spispy to discover a critical class of TOCTOU vulnerabilities in secure boot systems like Intel BootGuard.Trammell Hudson
Source tree
2019-09-13T20:15:00+02:0020:1501:00TeslaBalCCon2k19_-_310_-_en_-_tesla_-_201909132015_-_ultimate_mobile_opsec_-_zoztrueUltimate Mobile OPSECSafest use of phones and mobile devices in maximum threat environmentslectureenNation-state adversaries use mobile devices to geolocate, track, and even kill those carrying them. Is it possible to make use of modern mobile communications while still protecting yourself from well-resourced attackers? It's not as simple as using burner phones -- the way you use them really counts. With the benefit of detailed case studies, this presentation will give you your best shot of protecting your privacy and your life while your phone or tablet does its utmost to betray you.
Mobile devices, particularly cellular telephones, have become almost a fact of modern life: beyond communications, in some areas, it's even difficult to make purchases or arrange transport without one. They are also the greatest boon to surveillance and intelligence organizations ever invented. Mobiles are used to instantaneously geolocate individuals, ascertain a pattern of life over time, and even kill them in some circumstances. Carrying such a device literally puts your life into the hands of powerful monitoring organizations.
Nevertheless, it's possible to make use of these devices without giving away your privacy, even when engaged in activities that are highly interesting to these agencies. In this privacy-focused presentation we'll look at the lengths that are necessary to go to in order to do this, with the benefit of some in-depth case studies and spectacular fuck-ups by high-profile organizations that should have known better.
Topics covered will include best practices with your own (traceable to you) personal device, but will primarily focus on evading systemwide surveillance with disposable "burner" devices. If you have plans that involve coordinating any kind of covert operation in the face of surveillance from any organization that's better resourced than your group, this presentation is for you.Zoz2019-09-13T13:15:00+02:0013:1501:00PupinBalCCon2k19_-_297_-_en_-_pupin_-_201909131315_-_rpki_validation_-_pcdogfalseRPKI ValidationSecure your routes - Run RPKIlectureenI will talk about the history of the internet, how networks connect together, and what you can do to optimize your Security by validating what your Peers send youRPKI is a Structure to validate BGP announcements against a PKI and discover fraudulent announcements and Prefix hijacks
pcdog2019-09-13T14:30:00+02:0014:3000:30PupinBalCCon2k19_-_334_-_en_-_pupin_-_201909131430_-_seccomp_your_next_layer_of_defence_-_philipp_krennfalseseccomp — Your Next Layer of DefencelectureenWhy should you allow all possible system calls from your application when you know that you only need some? If you have ever wondered the same then this is the right talk for you. We are covering:
* What is seccomp in a nutshell and where could you use it.
* A practical example with Elasticsearch and how it is implemented there; for example in SystemCallFilter.java.
Because your security approach can always use an additional layer of protection.Philipp Krenn2019-09-13T15:30:00+02:0015:3000:30PupinBalCCon2k19_-_345_-_en_-_pupin_-_201909131530_-_lessons_learned_while_pentesting_travel_industry_-_igor_lukicfalseLessons learned while Pentesting Travel IndustryWhat worked, what didnt!lectureenAs the current CEO of Enigmasec a Cybersecurity firm in Spain myself and my tiger-team have engaged many pentestings in all sorts of fields, specially in the Travel Industry, the talk will show what worked, what didnt, and conclusion what will eventually work.The talk will be hopefully usefull in the following scenarios:
- People/students with little field real life experience in pentesting
- Sysadmins who wish to fix the broken things we still exploit
- Travel industry, media, general awareness.
The talk will be presented in a friendly, casual way, first from a Red team perspective; real stories, our succeses and failures as well as some of the tricks we use to engage efficient Phishing campaings, social engeenering.
Next perspective will be Blue team as incident response in some of the cases, dirty tricks we saw in "CEO-Phishing targetted campaings" what did we get right and some lessons learned.
The end of the talk is my own and personal bet on how the use of the adversarial narrative is the new model for disinformation and how can this magnify potential mass-targetted attacks on bigger organizations.Igor Lukic2019-09-13T16:00:00+02:0016:0001:00PupinBalCCon2k19_-_295_-_en_-_pupin_-_201909131600_-_intro_balccon_beginner_ctf_-_cluosh_-_hettiCC BY-NC-SAfalseIntro: BalCCon Beginner CTFIntroduction Lecture and Workshopslectureen<b>CTF? WTF!</b>
CTF is an acronym for Capture the Flag. It is not only a gamestyle in video games but also an IT security competition. We want give a brief intro to CTFs in general and prepared a beginner CTF for BalCCon 2019. There will be also intro sessions for specific challenge types in the Hackcenter for interested people.<p>We are organizing a beginner Capture The Flag (CTF) challenge at BalCCon 2019. In the last years several people voiced their interest in CTF but had never played CTF before or found the challenges of the main CTF difficult to solve.</p>
<p>In order to counter this we want to provide a CTF with very basic challenges for people with no or little experience, combined with workshops in the Hackcenter going over the various tools and provide helpful advice for the players. In order to allow for a comfortable
learning experience, the beginner CTF will not have a public ranking system, but only give personal indicators for progress.</p>
<p>The beginner CTF is intended to span across all three days of BalCCon, but participation is not limited to people not able/willing to play on all days. The general outline of the event is as follows:</p>
<ul>
<li>Friday, we will hold an introduction lecture giving you a bit of the background information on CTFs in general and officialy start the CTF. </li>
<li>On Saturday, we will hold workshops on the CTF categories and the tools in the Hackcenter. We will also be available to help you out around the clock, even if you don't participate in the workshops.</li>
<li>On Sunday, we are closing the CTF, go through some of the challenges and discuss the solutions in case you are interested to learn about the intended solutions or did not manage to solve some challenges.</li>
<b>Challenge-Categories that will be available during CTF:</b>
<ul>
<li>Trivia</li>
<li>Web</li>
<li>Reversing</li>
<li>Crypto</li>
<li>Steganography</li>
<li>Pwn</li>
<li>Recon</li>
</ul>cluoshHetti2019-09-13T17:30:00+02:0017:3000:30PupinBalCCon2k19_-_299_-_en_-_pupin_-_201909131730_-_looking_through_muddy_waters_insight_into_ttps_of_a_middle_eastern_threat_actor_-_jaromir_horejsitrueLooking through Muddy Waters: Insight into TTPs of a Middle Eastern threat actorotherenThe presentation will be about MuddyWater APT, which is a threat actor from Middle East. We will cover the infection vector, various custom backdoors, post-exploitation tools and mobile malware. We will also discuss the infrastructure, false flags and some attacker's mistakes.MuddyWater is a threat actor likely based in Middle East, with known activities since at least the middle of 2017. It targets various individuals, government organizations and industries in many countries all across the Middle East and Central Asia, with the highest intensity of targets in Turkey, Pakistan, Afghanistan and Jordan.
Starting with spear phishing emails and macro-powered attachments sent to carefully selected high profile targets, the threat actor attempts to deliver and install various backdoors written in different programming languages to the victims' computers – all with the purpose of performing cyber espionage. One of these backdoors has interesting capabilities, such as disk wiping, anti-analysis and numerous false flags. To increase stealthiness, C&C communication is forwarded via PHP proxies hosted on hacked websites, creating an asynchronous communication channel. We took advantage of this configuration to monitor the activity of this actor, discovering the identities of some of the victims as well as some commands which attackers attempted to execute on victims’ machines.
In this presentation, we will show the most recent evolution of the tools, tactics and procedures of this threat actor. We will present some examples of targeted documents and the multiple layers of obfuscation added to their payloads. We will also detail the different tools this threat actor uses, and we will propose some ideas on how to prevent and hunt for these threats.
Jaromir Horejsi
Our recent blogpost about MuddyWater threat actor
2019-09-13T18:15:00+02:0018:1501:00PupinBalCCon2k19_-_280_-_en_-_pupin_-_201909131815_-_the_leak_of_billions_of_passwords_-_kirils_solovjovsfalseThe leak of billions of passwordsAnalysis of the password leaks of January 2019lectureenBeginning of 2019 marked the time of many underground user:password databases leaking into the general internet. What's inside those leaks? Who's at risk? How did that happen? And what do we do now?Leaks began in October 2018 when wordlists were stolen from a darknet user and resold slowly seeping into November beyond darknet marketplaces. Leaks went well over a terabyte of compressed archives, text files and different database formats. Tens of billions of records in total - many of them duplicate. At least 3 billion unique e-mail addresses and associated passwords were leaked.
In this talk we take a look at the tedious road that your password took from your head to your keyboard to an online account and into the leaks. We'll have nice charts of password distribution, we'll try estimating the dating of each of the leaks, and discuss what, if anything, should every one of us do to fix/prevent this.Kirils Solovjovs2019-09-13T21:15:00+02:0021:1502:00Hacker AreaBalCCon2k19_-_306_-__-_hacker_area_-_201909132115_-_karaoke_night_-_maclemonNo evidence!trueKaraoke NightSing, my angel of songs! Sing, for meeeee!meetingKaraoke!
Everbody's favourite drinking game!What happens at Karaoke Night, stays at Karaoke Night!
We do have over 6.000 songs available, which is not a lot to be honest, but still more than some Karaoke Bars have on offer.
Songs in these languages are available:
* english
* austrian/german
* french
* italian
* swedish
* hungarian
* polish
* japanese
* chinese
* korean
* russian
* spanish
* portuguese
MacLemon2019-09-14T12:00:00+02:0012:0000:45TeslaBalCCon2k19_-_315_-_en_-_tesla_-_201909141200_-_network_access_uncontrolled_-_tanoy_notty_bosefalseNetwork Access UncontrolledInsecurity in port securitylectureenDuring an internal pentest, the red teamers often access the local area network for access to the internal network. This gets harder with the implementation of Network Access Control in the perimeter. The unavailability of well-implemented port security often results in recommendations for implementing more complex NAC solutions such as 802.1X.
Here we will discuss the various techniques of NAC that might be implemented and the techniques that could be utilized to bypass such an implementation. We shall put to test the implementation of 802.1X attempting to bypass and attempt to run various utilities required during a pentest and find out what is the maximum possible port security feature that can be implemented today.Introduction (2 mins)
In this section, we shall cover the following -
1. What is Network Access Control
2. Types of network access control and their timelines
Accessing the network (3 mins)
1. Dynamically Assigned IP Address
2. Statically Assigned IP Address
3. MAC Authentication and IP Sticky
4. Antivirus status based NAC
5. 802.1X (credential based and certificate-based)
Understanding 802.1X (10 mins)
1. Architecture behind 802.1X
2. Extensible Authentication Protocol 101
3. 802.1X Authentication Sequence and Design
Attacking the NAC (15 mins) (With Demos)
1. Identifying IP Address Schema and self assigning IP
2. MAC Authentication Bypass (MAB)
3. 802.1X Bypass
- Here we demonstrate our utility inside a raspberry pi which can act as a hardware implant to bypass any kind of network access control.
Demystifying attacks on 802.1X NAC protected network (with Demo) (10 mins)
- In this section, we cover the commonly utilized techniques during a network pentest and demonstrate how we would require to run the following applications from our implanted box on the network.
1. Nmap
2. Responder
3. Tomcat exploit
4. RDP
5. SMB (crackmapexec, eternal blue)
At the end of this, we shall also release a script that has integration similar to NACkered and Duckwall's NAC bypass technique along with the ease of configuring an attack.
Conclusions (1 min)
Questions (4 mins)Tanoy "NoTTY" Bose2019-09-14T13:00:00+02:0013:0001:00TeslaBalCCon2k19_-_281_-_en_-_tesla_-_201909141300_-_possible_effects_from_electromagnetic_pollution_of_micro_and_millimeter_waves_-_alucfalsePossible effects from electromagnetic pollution of micro and millimeter wavesa walk through the studies of the past 5 decadeslectureenThere are studies on the Effects on the human health by microwaves since 50 years. I will go through these papers with a bit of sarcasm and point out why it is a bad idea to use your cellphone day && night.
Sorry for the change in the subject but this talk really matters to me and i hope to the atendees to .Aluc2019-09-14T14:15:00+02:0014:1501:30TeslaBalCCon2k19_-_290_-_en_-_tesla_-_201909141415_-_secure_design_principles_-_nikola_luburicfalseSecure Design PrinciplesWhat they mean todaylectureenSoftware security needs to be addressed throughout the whole software development lifecycle to ensure that the software has a reasonable level of protection. Apart from securing the perimeter with network security tools, writing secure code and performing security testing, it is essential to address security issues at the design level, by creating a secure component architecture and avoiding vulnerable design constructs. An insecure design is hard or even impossible to mitigate through "good" code or "bolted-on" security tools. Constructing a secure software design entails the application of security design patterns, as well as adherence to secure design principles. This talk will focus on the latter.We start the session by defining what security design principles are and how they fit into secure software engineering.
The majority of the session is dedicated to examining different secure design principles, some applied at the level of code design of a single application, and others at the level of enterprise architecture, where the interactions of multiple applications and services are examined.
The first and most crucial principle is Defense in depth, where we examine how layers of security controls help us in thwarting attackers and limiting their power over our system even when they bypass a control.
Next, we examine attack surface analysis, where we discuss how to map and reduce the attack surface, to limit the available targets for our attackers.
We then go over several general sound design principles, such as economy of mechanisms, least common mechanism, and secure failure and defaults, which help us construct a secure software system.
We put particular emphasis on access control secure design principles, as this is a central security control which is often misconfigured.
Finally, we discuss how to secure our security controls and examine the process of adequately integrating security into our design.
We conclude the talk by examining ways in which secure design principles can be integrated into contemporary development methodologies.Nikola Luburić2019-09-14T16:00:00+02:0016:0000:30TeslaBalCCon2k19_-_339_-_en_-_tesla_-_201909141600_-_lazy_red_-_kostfalseLazy RedExploiting lazy attackerslectureenAttackers and attacker tools can also be prone to the attacks and vulnerabilities. Some of them can be used to easily detect the attack or the attacker.Some common attacks, tools and shells will be discussed which are often used on network and application layer. Kost2019-09-14T16:45:00+02:0016:4501:00TeslaBalCCon2k19_-_330_-_en_-_tesla_-_201909141645_-_hid_apocalipse_is_here_-_milan_gaborfalseHID Apocalipse is here!When clickers strike again!lectureenHID devices are capable of many good things. On the other HID devices can also be very dangerous and in some short time can do a lot of harm to the computer or some other device.During pentest HID devices can be really fun. Simply plug them in, wait a couple of seconds and you may already own targeted system. It doesn't matter if its Linux, Windows or Mac. Sometimes HID devices can also be used and abused remotely. They can be sniffed or even better. You can inject some cool stuff into the channel and if you are lucky, you may gain shell and execute commands on the remote system. You will say, of course, this is an old story, but I will show, that we have new attacks vectors and present some cool examples from this year and from research from some great security researchers.
During the presentation, some live demos will be shown, and some new attack vectors will be demonstrated, which will make you go Hmmm. Milan Gabor2019-09-14T17:45:00+02:0017:4501:00TeslaBalCCon2k19_-_278_-_en_-_tesla_-_201909141745_-_that_one_time_someone_tried_to_blackmail_kpn_-_arnim_eijkhoudt_-_desotrueThat one time someone tried to blackmail KPNWhen MSPs go badpodiumenIn February 2018, the Dutch and Slowakian police coordinated an international search and seizure for suspects and evidence in relation to a blackmail attempt against KPN. In October 2018, both suspects got convicted in public court. This talk will go through the internal investigation that lead up to the arrests and successful conviction of the criminals.KPN was the target of a blackmail attempt in October 2017 by an ex-employee of a KPN MSP. KPN-CERT conducted and coordinated an investigation, assisting Dutch Law Enforcement, into the situation. As a result, two suspects were raided and arrested, and eventually convicted in public court.Arnim EijkhoudtDeso2019-09-14T19:15:00+02:0019:1500:45TeslaBalCCon2k19_-_322_-_en_-_tesla_-_201909141915_-_known_and_less_known_methods_of_user_tracking_-_dejan_strbadfalseKnown and less known methods of user tracking enAnonymity doesn't exist on the Internet, you can try to hide but eventually you're going to get identified. This talk will give brief overview of tracking methods with emphasise on DNS cache based user tracking.Speaker will present methods of user tracking starting with HTTP cookies and various fingerprinting methods to DNS cache based user tracking.
Focus of the talk will be DNS cache based user tracking. Since this method is independent of Internet browser it is hard (impossible?) to run away from it. Other than presented threats of this method I will discuss possible countermeasures. Dejan Strbad2019-09-14T12:00:00+02:0012:0001:00PupinBalCCon2k19_-_286_-_en_-_pupin_-_201909141200_-_building_the_school_2_0_-_CC-BY-SA 4.0falseBuilding the School 2.0Free, common education for the bottom 7 billion.lectureenCan we unite on building the School 2.0 as public, free and open common infrastructure and enable universal access to education to the bottom 7 billion?This lecture goes into analysis of the current educational system, and presents a model for "free education" a school 2.0 model that is driven by similar principles to the ones of free software, and which aims to be sustainable for a common, crowdsourced, universal infrastructure that will power knowledge sharing and a new generation of schools. The lecture will go into analysis of current online platform, conventional schools and failures of MOOCs and similar attempts, and will try to make a parallel observation on economical principles that free software uses.Марко Кажић2019-09-14T13:00:00+02:0013:0001:00PupinBalCCon2k19_-_325_-_en_-_pupin_-_201909141300_-_no_it_security_without_free_software_-_max_mehlCC-BY-SA-4.0falseNo IT security without Free SoftwareHow openness contributes to securitylectureenIT security is one of the most challenging global issues of recent years. But apart from the establishment of countless "cyber security" authorities, politics doesn't seem to come up with something substantial. However, Free Software can be the solution to many pressing security problems. In this session, we will look at pros and cons and use concrete examples to illustrate why security and openness are not contradictory.Trojans shut down hospitals and Huawei's safety concerns are slowing down the 5G expansion worldwide. The state of IT security is troublesome, as the inflationary founded "cyber security" authorities and centers prove. But only recently people outside of the IT scene start to recognise the importance of Free and Open Source Software for security.
Free Software is an important component of IT security. However, experience has shown that it is not only the license that fixes critical programming errors and structural flaws. Max Mehl will therefore show in this talk how and in what form Free Software can provide a plus in security, and why it is so important to make decision makers understand this as quickly as possible.
But where there is light, there is shadow. This is why the lecture will also deal with potential disadvantages and cases of consideration as well as with typical counterarguments.Max Mehl2019-09-14T14:15:00+02:0014:1500:30PupinBalCCon2k19_-_287_-_en_-_pupin_-_201909141415_-_so_is_android_a_linux_-_dpavlinfalseSo, is Android a Linux?Let's try to compile mainline kernel and run Linux distribution!lectureenIn this talk, I will try to give overview of various (older) Android ARM CPUs on market with a goal of showing if it's feasible to run normal Linux distribution on top of mainline Linux kernel to get something similar to Raspberry Pi experience.dpavlin2019-09-14T15:00:00+02:0015:0000:45PupinBalCCon2k19_-_302_-_en_-_pupin_-_201909141500_-_the_day_i_reverse_engineered_a_gameboy_advance_game_-_macabeus_-_matheus_albuquerquefalseThe day I reverse engineered a Gameboy Advance gamelectureenHey, let’s learn how you can create your own rom hacking for your favorite game. You will discover how the loved Gameboy Advance works, understand a crazy ARM assembly and reverse engineering stuffs, in order to create a useful level editor, that works at the browser, using JS+React, of course.Gameboy Advance was one of the most popular video games platform of its time, and because of it, many people worked together as a community to study and to document its architecture, develop romhacking and others tools for the GBA - This community is still alive and working! This video game is a fantastic way to start studying reverse engineering, because it is an old console very well documented, it has a simpler architecture if compared to the current game console generation, and of course, it is very fun to work in a game-related project!
So, what do you think of learning reverse engineering through this challenge: developing a level editor for a GBA game called “Klonoa: Empire of Dreams”? It is a very interesting challenge, because we need to understand the architecture of ARM hardware, apply reverse engineering in order to discover how the logic of the game works, and then use our knowledge to build a level editor, that will be developed using JS + React.macabeusMatheus Albuquerque
github
2019-09-14T15:45:00+02:0015:4501:00PupinBalCCon2k19_-_305_-_en_-_pupin_-_201909141545_-_emoji_how_do_they_even_work_-_maclemonCC-BYfalseEmoji, how do they even work?They can break your security! 😂lectureenEmoji are used everywhere these days and cannot be retracted from our daily communication. But how do the work and where did Emoji originate from? Join this talk and learn about their security relevance and the semiotics in the 21st century.# Emoji
Where do they come from? How did they develop historically and how is that related to Asia?
How do Emoji work technically and why are they relevant for IT-Security?
Which cultural and linguistic entanglements do Emojis cause in our daily communication and why?
To prevent boringness and terrible technicalities there will be lots of obscure trivia regarding these most beloved Unicode characters.MacLemon2019-09-14T17:00:00+02:0017:0002:00PupinBalCCon2k19_-_335_-_en_-_pupin_-_201909141700_-_workshop_kali_linux_and_metasploit_for_beginners_-_leyrertrueWorkshop: Kali Linux and Metasploit for BeginnersHacking in a Save EnvironmentworkshopenAs a gray/whithat hacker or as a member of a red/blue team? Kicking off your career in infosec. I will give you a head start with the basic tools of the trade (except from the often mentioned Rakija). In two hours, we will explore Kali Linx and the metasploit toolkit with a few selected attacks and exploits to get you started with the tools. If I can set up a dedicated WiFi, we will even hack that! Try out brute-force attacks and password cracking in a save environment, whithout the threat of legal repercussions. Have fun while learning new stuff. And all for the price of the conference attendance fee!
Prerequisites:
+ Your own laptop with VirtualBox or VMware installed
+ Kali Linux installed in a vm
+ Optional: Metasploitable 3 VM installed or enough disk space available to install on siteleyrer2019-09-14T19:15:00+02:0019:1501:00PupinBalCCon2k19_-_307_-_en_-_pupin_-_201909141915_-_eyes_for_robots_-_mr_gadgetfalseEyes for RobotsAdventures in vision based navigation for beginnerslectureenSensing the world and potential obstacles, becomes a crucial aspect of every robot, autonomous car and drone. Most of the time there is no existing map data available so these systems must be able to localize and map the environment on the go.
Although regular GPS technology provides initial localization, its accuracy alone is insufficient to operate autonomous systems only on GPS. Furthermore a system needs to be able to localize itself in an environment with limited to no GPS signal (Indoors/Urban environments).
This session will cover the basics of vision based navigation and how it works, different sensor types and their strengths and limitations.
Mr.Gadget2019-09-14T20:15:00+02:0020:1502:00PupinBalCCon2k19_-_318_-_en_-_pupin_-_201909142015_-_lightning_talkfalseLightning Talken2019-09-14T12:00:00+02:0012:0001:00Hacker AreaBalCCon2k19_-_323_-_en_-_hacker_area_-_201909141200_-_amateur_radio_activity_days_-_abakalovfalseAmateur radio activity daysEverything You Always Wanted to Know About Amateur radio * But Were Afraid to AskmeetingenDuring Balccon2k19 we will be active making amateur radio QSOs
(contacts) with stations worldwide using digital modes, radiotelegraphy
(CW) and voice modes.
We will also present images received in real time from weather satellites and weather fax images using our equipment on site.During Balccon2k19 we will be active making amateur radio QSOs
(contacts) with stations worldwide using digital modes, radiotelegraphy
(CW) and voice modes.
We will also present images received in real time from weather satellites and weather fax images using our equipment on site.
Come join our operators any time during the conference and ask us any
question regarding amateur radio or just observe how amateur stations
are used and contacts are made.abakalov
Amateur-radio club "Zrenjanin"
2019-09-14T14:15:00+02:0014:1504:00Hacker AreaBalCCon2k19_-_341_-_en_-_hacker_area_-_201909141415_-_hebocon_-_benadskiCC0falseHeboconCrappy robot competitionworkshopenBuild a small crappy robot from old junk and battle against other contestants! If you win your robot was probably not crappy enough. Fun for all ages (young children could use the help of parents).Hebocon consists of two parts. Building a small robot from old junk and broken toys is the first part. It takes about 3 hours, but can be done in an hour with some technical helpers. The second part is the competition in which the contestants battle against each other.
rules: https://splatspace.org/wp-content/uploads/2018/03/2.Hebocon_Official_Rule_Book_en.pdf
Parts for building:
-A LOT OF: toys (broken or working), preferably with switches, motors, remotes etc. and not too big, plastic dolls, old small pcb's, mechanical stuff, weird looking objects, small motors with gears, battery holders, switches, pushbuttons, craft material, glitter, ribbons, and more craft stuff. The amount of motors and battery holders must be about double of the number of contestants.
-some thin rope, tape, rubber bands, etc.
-a lot of AAA and AA batteries, some 9V alkaline as well.
-a lot of thin cable (speaker wire, hookup wire)
Tools for upto 20 contestants:
-3x Large table with some chairs
-2x glue-gun with a lot of glue sticks
-2x soldering iron with some solder
-2x screwdriver set (PH1/PH2 and flat 2.5mm, 4mm ish)
-2x wire cutter
-small handsaw for iron/plastic
Battle arena / competition:
-Piece of cardboard or wood 50x100cm
-Some paper to write on
-A few markers to write with
If possible:
-A projector, HDMI cable and a screen to show some other hebocon creations
-A crowd and a video camera on a tripod.benadski2019-09-14T21:00:00+02:0021:0002:00LoungeBalCCon2k19_-_317_-_en_-_lounge_-_201909142100_-_rakija_leaksfalseRakija LeaksworkshopenRakija connecting people!
Rakia is one of the most popular alcoholic drink in Serbia. It is usually served before lunch and dinner and is drunk along with appetizers. It is mandatory to drink with roasted pig, lamb, or dried meat. It is a very important part of the Albanian and Serbian cultures and there are many historians that say that the origins of rakia are in Serbia. Serbia has the most consumption of rakia per capita and is the largest exporter of rakia. In a 2009 European Court ruling, the names "Slivovica" (Slivovitz), Dunjevaca, Orahovaca, and Kruskovaca were ruled to be Serbian and thus the country has a trademark on those three types of rakia (Slivovitz being the most famous and most consumed in the world).
Rakia is part of Serbian culture. It is part of many special occasions, including baptisms, marriages, joining of the army, and visiting of friends. At funerals, custom demands that a bottle of rakia be left on the grave of the deceased who liked to drink it, or at least to sprinkle a drop or two during the memorial service for peace of the person’s soul. For some peasants, a flask of rakia is one’s only luggage. Poor peasants many even offer the village doctor, policeman, judge, tax collector, or minister a flask of rakia as a gift of payment. Many folk songs have been composed during rakia production.
2019-09-15T12:00:00+02:0012:0001:00TeslaBalCCon2k19_-_343_-_en_-_tesla_-_201909151200_-_busting_advance_botnets_-_senad_arucfalseBusting Advance BotnetslectureenWe all are aware of the malware attacks and bot-net's behind this massive illegal industry which drains out pockets and even take our lives. This criminal organisations have own rules and own secrets that they don't want us to reveal. They like to infect hack and control the victims without get caught by law enforcements. We all know that end-point security is not enough for the zero day malware attacks so my research was always focused on their command and control centres. We will never win the malware war if we don't reveal their dirty job from inside, having this aim i managed to revel more than 10 unique C&C server dirty secrets in past years. This research articles are published in various cybersecurity magazines in Europe and Asia.At this presentation i will reveal the famous bot-net’s from inside to outside, with all the original source code, files and logic behind those criminals. By revealing this C&C servers we will see and learn how serious they take this illegals business and we will have a chance to peak inside the Cryptolocker C&C server and unique full autopilot C&C server for bank fraud as other unique C&C servers listed below.
This is the list of the bot-net’s i covered in this presentation.
• Revealing Unique MitB Builder C&C Server
• NAS Botnet Revealed
• Inside Cryptolocker C&C server
• Are 2 factor authentications enough to protect your money?
• Kins origin malware acting like a Real E-banking web app
• Infostealer Botnet Reveal
• State of ART Phishing Attack stealing 50K Credit Cards Reveal
• One shot eight banks
• Target List of Hesper-BOT Malware Senad Aruc2019-09-15T13:00:00+02:0013:0001:00TeslaBalCCon2k19_-_340_-_en_-_tesla_-_201909151300_-_into_a_climate_changed_world_uncharted_waters_-_igor_nikolicfalseInto a climate changed world: Uncharted Waters lectureenClimate change and environmental degradation is here to stay and get worse. In this talk, we will explore the known, expected and possible changes that we will be facing in the next decades as the climate changes. While clime change will affect every living being on the planet, we will look at the world from the hacker perspective. What can and will the impacts be on technology, privacy, communication, openness, communities and most important of all, Aliexpress shipments. What can we, as the hacker community, do to prepare ourselves and the communities around us to be robust and resilient to those changes. Do not expect a prepper talk (okay, just a tiny bit), but rather a discussion based on empirical observations and scientific insights from a wide variety of academic disciplines.Igor Nikolic2019-09-15T14:15:00+02:0014:1501:00TeslaBalCCon2k19_-_342_-_en_-_tesla_-_201909151415_-_application_security_screw-ups_vintage_of_2019_-_tonimir_kisasondifalseApplication security screw-ups, vintage of 2019enThis talk will show some application security problems that while untreated, can result in various levels of compromise. Mostly everyone focuses on the OWASP Top 10, which is in larger sense true and valid, but commonly, far more problematic attacks happen from either lower hanging fruit or vulnerabilities that can be easily mitigated.
Let's explore a few things like XSS, authentication, authorization and see what kind of stuff can attackers and defenders can do in this space to make life hard for the other party :) Tonimir Kisasondi2019-09-15T15:15:00+02:0015:1501:00TeslaBalCCon2k19_-_312_-_en_-_tesla_-_201909151515_-_lock_picking_101_102_-_zozfalseLock Picking 101/102Introduction to lock pickinglectureenIntroduction to common types of locks and locksport tools, from beginner techniques to reasonably advanced methods.Presentation of the TOOOL lockpicking village introduction and overview.Zoz2019-09-15T16:15:00+02:0016:1501:00TeslaBalCCon2k19_-_293_-_en_-_tesla_-_201909151615_-_noth1ng_t0_hid3_-_kirils_solovjovsfalseNOTH1NG T0 HID3Should we fix privacy?lectureenThis talk revisits the theme of personal privacy in the digital world, this time centring around the "I've got nothing to hide" argument. A beam of intensive light is shed on the motivation behind caring about one's privacy. We go in depth into what we can do to stay private and should we even try to do it at all. We talk about where we as an global society were able to fix privacy and where we have failed. New topics previously not covered are discussed, such as herd immunity and certification programs.Kirils Solovjovs2019-09-15T17:15:00+02:0017:1501:00TeslaBalCCon2k19_-_337_-_en_-_tesla_-_201909151715_-_modern_commandline-tools_final_last_version_-_leyrerfalseModern Commandline-Tools (Final Last Version)Yes, Again.lectureenLinux without a command line is like the sky without stars. But most of the tools we use daily are from the late 1980ties or even older. In this talk I want to present to you modern alternatives to tools you might already know.Initially I thought that I covered all relevant command line tools last year. Thanks to a lot of wonderful people as well as new requirements in my job, I gathered so many new tools, that I can do another talk on thems. So you will get 95% new content in this talk. Only the jokes will be old.leyrer2019-09-15T18:15:00+02:0018:1501:00TeslaBalCCon2k19_-_308_-_en_-_tesla_-_201909151815_-_where_is_my_cache_architectural_patterns_for_caching_microservices_by_example_-_rafal_leszkofalseWhere is my cache? Architectural patterns for caching microservices by examplelectureenEverybody knows that we need a cache, but where exactly to put it? Inside your application or as a layer in front of it? In the container or outside the container? In the era of Cloud and Microservices these questions get even more complicated. In this session, I'll present different architectural patterns for distributed caching: Embedded, Client-Server, (Kubernetes) Sidecar, and Proxy Caching.Everybody knows that we need a cache, but where exactly to put it? Inside your application or as a layer in front of it? In the container or outside the container? In the era of Cloud and Microservices these questions get even more complicated. In this session, I'll present different architectural patterns for distributed caching: Embedded, Client-Server, (Kubernetes) Sidecar, and Proxy Caching.
In this session you'll learn:
- What are the design options for including the caching layer
- Common pitfalls when setting up caching for your system
- Differences between distributed caching and in-process caching
- How to speed up a (micro)service without modifying it
Rafal Leszko2019-09-15T19:15:00+02:0019:1500:15TeslaBalCCon2k19_-_316_-_en_-_tesla_-_201909151915_-_closing_ceremonyfalseClosing Ceremonyotheren2019-09-15T19:30:00+02:0019:3003:00TeslaBalCCon2k19_-_347_-__-_tesla_-_201909151930_-_after_partyfalseAfter Party2019-09-15T12:00:00+02:0012:0002:00PupinBalCCon2k19_-_298_-__-_pupin_-_201909151200_-_bgp_workshop_-_pcdogtrueBGP Workshoplets do bgp againworkshopWe will run our own routers and set up our own BGP peering mesh again.you can run your own BGP Router or get a VM/Box from us. We will be peering between each other like in the real Internet.pcdog2019-09-15T14:15:00+02:0014:1504:00PupinBalCCon2k19_-_344_-_en_-_pupin_-_201909151415_-_threat_hunting_workshop_-_senad_arucfalseThreat Hunting Workshop workshopenBecome the hunter In the heat of a crisis, every keystroke counts and indecision could cost your organization millions of dollars. Join Cisco's Threat Hunting Workshop to develop your skills and test your abilities. At the end of the workshop you will be armed with knowledge and hands-on experience in hunting down threats and defending networks against advanced adversaries.Get your hands dirty to keep your organization clean. In order for your businesses to continually innovate and transform, it must remain secure. To do this, you need a comprehensive security strategy that will enable you to gain visibility and control into all endpoint devices. Join Cisco’s Advanced Threat Solutions Specialists for this hands-on threat hunting workshop to learn: How to identify advanced threats that lurk in your environment, What is your exposure to emerging threats and how should you respond, How to regain resources and minutes by reducing time to remediate.Detailed Outline:
What should you expect? In the heat of a crisis, every keystroke counts and indecision could cost your organization millions. What separates security pros from security liabilities? A plan – and practice.
Join this Threat Hunting Workshop to develop your skills and test your abilities. In this full-day workshop, you will uncover best practices for threat hunting, learn how to incorporate threat hunting into your daily workflow, network with your peers to share strategies and techniques, and execute four real-world lab scenarios: Hunt and Contain A new threat is making headlines and your executives want complete answers fast. You need to know if it is inside your organization and how to contain it. Catch the Phish You have evidence that a remote user was phished. Follow the attack from entry to execution. Event Overload Hundreds of events are clamoring for your attention, but you have a plan to prioritize and execute a response. Screenshot Holds the Clue There’s not much to go on – just a single screenshot – but that’s all you need to trace the attack back to the entry point.
What will you learn? Lab 1: Olympic Destroyer
The CIO read a front - page news article on something called “Olympic Destroyer”, which was recently used to disrupt the Winter Olympic Games in Pyeongchang. The news article suggests that other threat actors may be able to reuse this malware in a commodity attack against other
targets. The CIO is asking if our security products are already blocking this threat or if we need to update to be protected.
Lab 2: Bifrost One of your users was phished. The attacker was very careful, using a legitimate email account belonging to an employee of a catering company that you’ve done business with in the past. The email didn’t contain any active code or malicious attachments – just a link to a website that looked very similar to a portal that is sometimes used for invoicing, but in this case, the “ invoice ” was actually a powerful piece of malware. We were able to trace the name of the file that was downloaded by querying our firewall, which intercepted the file and sent it to the cloud sandbox for analysis. Unfortunately, the file was already on its way to the victim’s computer when the alert came back for a malware detection.
Lab 3: Poweliks It’s early in the workday and you log in to AMP and see a lot of activity in the dashboard. In fact, if you look at your Events tab, you might see hundreds or even thousands of individual malware detection events. Which event type do we start with? How do we better group these and get a handle on them? Are any of these events connected to one another? If they are connected to one another how? Are they part of the same campaign? If they are, we can minimize our response actions and de-duplicate efforts
-that is, the action for a single system will likely be the same for the others impacted by the same campaign or event.
Lab 4: Threat Hunting John Doe from Human Resources is working on hiring additional security engineers for your
department. Unfortunately, this morning John let you know that he tried to open a resume from an email attachment, but it did not open correctly - instead of a document, he saw a command prompt window pop up on his desktop. John doesn't remember anything about the email message subject, sender, or file attachment name, but he did take a screen capture of his desktop
Skill Requirements: The Cisco Threat Hunting Workshop is designed for one and all. You do not need an in-depth understanding of security operations or Cisco security products to successfully complete and understand the labs. The labs provided will be a step-by-step guide to follow with ease and understand today's sophisticated threat landscape and successfully secure your network before, during and after an attack. Moreover, this will entail threat hunting capability for your mobile and BYOD endpoints, branch, headquarter, and your multi-cloud environments. Access to all the required products and tools will be provided.
Supporting File(s)?: Threat Hunting Workshops.pdf , THW 180724.JPG, THW pic1.jpg and Threat Hunting Workshop Lab Guide.pdf
https://www.dropbox.com/s/gwm8098pzqcdfnd/Threat%20Hunting%20Workshop%20Lab%20Guide.pdf?dl=0
https://www.dropbox.com/s/o342cbfxwa861bi/Threat%20Hunting%20Workshops.pdf?dl=0
https://www.dropbox.com/s/zlwh71ktznx88qk/Photo%2023-07-2018%2C%2000%2057%2026.jpg?dl=0
https://www.dropbox.com/s/dz3m9nxzyzrfkb4/Photo%2008-11-2018%2C%2000%2058%2006.jpg?dl=0
Senad Aruc2019-09-15T18:15:00+02:0018:1501:00PupinBalCCon2k19_-_346_-_en_-_pupin_-_201909151815_-_cft_reviewfalseCFT reviewen2019-09-15T16:15:00+02:0016:1502:30Hacker AreaBalCCon2k19_-_326_-_en_-_hacker_area_-_201909151615_-_generating_art_with_neural_nets_-_dan_o_huiginnfalseGenerating Art With Neural NetsworkshopenLet's use Machine Learning to make pretty pictures! Or horrifying pictures, or trippy pictures, or whatever suits your taste.
With 'Generative Adversarial Networks' we can take a group of images, and generate new pictures with similar style and contents.
We'll work with an <a href="https://github.com/ajbrock/BigGAN-PyTorch">existing implementation</a> based on <a href="https://arxiv.org/abs/1809.11096">this paper</a>.
By choosing different input data and tweaking the parameters, we can create all kinds of image. Want to create imaginary spiders? A fake Picasso? Spiders that <i>look like they were painted by Picasso</i>? Then this is the workshop for you.Dan O'Huiginn