OMEGA HALL | Moderator: Mr. Oskars Priede |
11:00 - 11:30 |
Modern Proactive Threat Hunting in the context of dynamically changing Threat Landscape - the view of the CISO, Mr. Jason Steer (Recorded Future, UK)
TBC
|
11:30 - 12:00 |
Open, Composable, Unstoppable: The Next Gen of Threat Hunting, Mr. Matthias Vallentin (Tenzir, DE)
This talk advocates for an open and composable data stack as the foundation for the next generation of security architectures, specifically targeting detection engineering, threat hunting, and incident response. In an industry plagued by fragmented point solutions, there is an urgent need for a more sustainable and flexible approach to system architecture.
The presentation begins by examining the current landscape, highlighting the challenges and limitations of existing methods. It then introduces a modular, open-standards-based framework that fosters interoperability across the security ecosystem. At a technical level, the talk explores opportunities for standardization across various abstraction layers, including data storage, log/event encoding, schema normalization, and the representation of detections, threat intelligence, and analytics. The goal is to demonstrate how a modular, interoperable stack can effectively support and enhance critical operational security functions. |
12:00 - 12:30 |
CTI from the Underground: harness cybercrime intelligence to defend your organization and investigate threat actors, Ms. Or Lev, Ms. Irina Nesterovsky (KELA)
Join us for a comprehensive session on the importance of incorporating cybercrime intelligence into your CTI or threat hunting toolset. Learn about the latest cyber threats emerging from the cybercrime underground and how to effectively gather and translate this intelligence into actionable insights. This presentation will cover the key areas where cybercriminals operate, the methods they use, and how to hunt them. Gain the knowledge and tools necessary to investigate and mitigate these threats, ensuring your organization's defense against evolving cyber risks.
|
12:30 - 13:30 | Lunch |
13:30 - 15:00 | NATO - from Information Sharing to integrated Cyber Defence
Moderator: Mr. Rolands Heniņš (NCSC, LV) Panelists: TBC
TBC
|
15:00 - 15:30 | Coffee break |
15:30 - 16:00 |
Protecting the Blueprint of Life: The Importance of Information Security at the Sub-Molecular Level, Dr. Gregory Carpenter (Knowledge Bridge International, US)
TBC
|
16:00 - 16:30 |
Human augmentation for offensive cyber operations, Mr. Len Noe (CyberArk, US)
Transhumans, individuals enhanced with technological augmentations, are now a reality. Historically, these enhancements were viewed either medically, aiding those with disabilities, or as cyborgs in speculative fiction. However, advancements in Brain-Computer Interfaces (BCI), SMART technologies, and consumer products have blurred the lines between the physical and biological, transforming human capabilities and interactions.
Today, transhumans are not just concepts from science fiction but present significant cyber threats to modern security controls. These augmented humans can execute sophisticated cyber attacks, such as URL redirections, phishing, smishing, and man-in-the-middle (MiTM) attacks, using technology embedded within their bodies. Traditional security measures are inadequate against such advanced threats, necessitating a rethinking of our defensive strategies. The presence of transhumans requires a paradigm shift in cybersecurity, demanding new strategies and technologies to defend against their unique and evolving threats. This presentation will demonstrate various cyber attacks initiated by implants, including MiTM attacks, phishing, smishing, and automated Linux attacks, highlighting the urgent need for layered security solutions. Recognizing and addressing the cybersecurity implications of transhumans is crucial for safeguarding our society in this new era of human evolution. |
16:30 - 17:00 |
Cybersecurity in Health: Threats, challenges and ENISA’s contribution, Ms. Maria Papaphilippou (ENISA, GR)
1. Policy framework for cybersecurity in health
2. Cybersecurity threat landscape for the health sector 3. ENISA’s contribution in the health sector |
Location
VENUE
On-site: Radisson BLU Latvija, Elizabetes Str.55, Riga, Latvia
October 1 - 3, 2024
The conference time zone is Eastern European Summer Time (UTC/GMT +3)
LIVE STREAMING
Details and the streaming link for October 2-3 will be shared as we get closer to the event date.
Keep an eye on this page for the latest updates.
Note: Certificate only for registered on-site and online attendees!
Registration
Agenda
01 OCT
Workshops and Trainings
Registration for the "CyberChess 2024" conference and the
workshops and trainings on October 1 is separate. Please remember that you can register for either one full-day workshop OR one morning and one afternoon workshop. Note that seats are limited! Registration for workshops and training sessions will be open until September 10.
Workshops and training sessions are free of charge, and coffee breaks and lunches are included!
Morning Workshops
08:00 - 08:30 | Registration | Room | |
08:30 - 12:30 | Data science for incident responders working with data leaks [ENG], Mr. Éireann Leverett, Mr. Lorenzo Nicolodi | GAMMA II | |
The goal of this workshop is to provide to participants practical experience on how data science can be applied to data leaks and how the gained knowledge can be used to both strengthen the infrastructure and make the incident response phase more efficient and effective.
We will first take a look at how data can be programmatically acquired both on clearnet and on Tor (you can't evaluate data you don't have) and we will then move to some exercises leveraging Python, Jupyter notebooks and Panda library to see how these can be invaluable tools for practicing skills and for uncovering elusive evidence (e.g. attackers' TTPs).
Last but not least, we will see how similar skills can be transfered to a connected but different domain, i.e. the tracking of cryptocurrency addresses used for malicious activities.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: The participants are expected to have basic Python and networking knowledge. You may participate regardless, but we may not be able to help you as much as we might like due to time constraints.
Personal equipment necessary: Bring your own laptop with the possibility to install software (like Python and its packages). If you want to avoid doing this on your main machine, using a VM is also fine.
We suggest you to join the workshop with the latest version of Python3 already installed, together with your preferred text editor / Python3 IDE. If you don't have one, we suggest Microsoft Visual Studio Code, together with the Python extension.
|
|||
08:30 - 12:30 | GOing Beyond C: An Introduction to Reverse Engineering Go Malware [ENG], Mr. Max Ufer, Mr. Sebastian Tauchert (Fraunhofer FKIE) | KSI | |
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.
In this workshop, we want to provide an introduction to reverse engineering malware that was written in Go. Initially, we will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Participants should have a basic understanding of assembly and reverse engineering of x86/x64 binaries.
Personal equipment necessary: Participants should bring a laptop that is capable of running a VirtualBox virtual machine with at least 4GB Ram. VM download: TBA
|
|||
08:30 - 12:30 | Chess training [ENG], Riga Chess Federation | LAMBDA | |
Chess training involves structured learning and practice to improve your skills and understanding of the game. The training involves a combination of studying theory and refining both tactical and strategic skills.
Chess training is an investment in both - intellectual development and personal growth. It sharpens mind, builds critical skills, and provides a deep sense of satisfaction. It’s also a lifelong hobby that can be played and enjoyed at any age, offering continuous opportunities for learning and improvement.
|
|||
09:00 - 12:30 | Nacionālās kiberdrošības likuma prasības – kā sagatavoties? [LV], Mr. Mihails Potapovs (Aizsardzības ministrija) | EPSILON | |
TBC
|
Registration for morning workshops
Afternoon Workshops
13:00 - 13:30 | Registration | Room | |
13:30 - 17:30 | Threathunting with VT [ENG], Jose Luis Sanchez Martinez (VirusTotal) | GAMMA II | |
Threat hunting is one of the most powerful techniques to proactively uncover and neutralize threats. While it has traditionally been a blend of science and intuition, we witnessed a surge of innovative tools and techniques that can significantly enhance its effectiveness. In this hands-on workshop, we will explore how to effectively use new and traditional techniques including: Identify, monitor and get full context of malicious campaigns. Effective semi-automated YARA generation. Netloc hunting. Similarity analysis. Understanding and leveraging AI engines for code analysis. Tackling large datasets.
Throughout the workshop, you will engage in practical exercises and real case studies, equipping both seasoned and new hunters with practical knowledge to find and monitor all kinds of real threats.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Basic knowledge about VirusTotal.
Personal equipment necessary: Laptop, VirusTotal account created and confirmed once received confirmation email.
|
|||
13:30 - 17:30 | Cybercrime Investigation Workshop [ENG], Ms. Or Lev, Ms. Irina Nesterovsky (KELA) | KSI | |
In this workshop, participants will use a cybercrime investigations tool to track and investigate cybercriminals and their activities, aliases and TTPs. They will also get the opportunity to inspect how their organizations are already exposed to cybercriminal activities and learn of the ways to prevent further compromise. The workshop is designed to arm investigators with knowledge and insights on recent cybercriminal threats, the tricks to track cybercriminals and to leverage this knowledge to defend and investigate. No technical or CTI skills are required.
Level: beginner
Prior knowledge necessary: Registered participants will receive a link to the workshop materials prior to the workshop.
|
|||
13:30 - 17:30 | Chess tournament [ENG], Riga Chess Federation | LAMBDA | |
A chess tournament - a structured competition where players of various skill levels will compete against each other.
Chess tournaments are a powerful way to sharpen skills, challenge yourself mentally, and connect with the chess community. Whether you’re seeking to improve or simply enjoy the thrill of competition, tournaments offer valuable experiences that can elevate your chess journey.
|
Registration for afternoon workshops
Full Day Workshops
08:30 - 09:00 | Registration | Room | |
09:00 - 17:00 | Practical drone forensics [ENG], Mr. Wayne Burke (Cyber2Labs, US) | BETA | |
The workshop will begin with a detailed technical overview of the Drone / UAV eco system with major components. Then we will proceed with how, what and why for Drone forensics and incident response.
Type of the workshop: technical
Level: beginner
Prior knowledge necessary: Entry level IOT / robotics hardware and software
Personal equipment necessary: Laptop and mobile phone / tablet
|
|||
09:00 - 17:00 | Building OpenShield - personal DNS Threat Intelligence with DNS Firewall [ENG], Armīns Palms (CERT.LV) | GAMMA I | |
Course attendee will gain practical skills on building powerful DNS Threat Intelligence system with active DNS protection using open source solutions. Name of the solution: OpenNameShield To build OpenNameShield, the full day workshop will provide following basic knowledge on following topics:
- Docker - OpenNameShield is a docker-ized project. Advantages of using docker will be explained as well as key commands of docker.
- BIND9 - DNS server set-up and configuration. It is planned to set up operational DNS server during workshop.
- RPZ - aka DNS Firewall. Basics on zone creation to block certain domain will be provided.
- ELK - Elasticsearch and Kibana set-up.
- mmnormalize – usage of rsyslog Log Message Normalization Module will be explained to ensure parsing of incoming log-file
- python3 – development of scripts that will enrich the incoming log-file. How to feed OpenNameShield with suspicious/ harmful domains.
- REDIS – this is important to ensure that external system limitations are not exceeded. It will be shown how to decrease outgoing requests using REDIS.
As a result OpenNameShield system will be developed where together with participants:
- The system will be enriched with suspicious/ harmful domains that are to be blocked.
- DNS blocking will be checked in real-life.
- DNS threat-hunting will be performed to identify suspicious domains.
- Identification of infected devices will take place based on the statistics of blocked DNS.
OpenNameShield system development includes usage of vast array of open-source solutions. Participants will attain excellent base level knowledge for own future project development as well as general creation of awareness on how such solutions operate.
Type of the workshop: technical
Level: beginner
Personal equipment necessary: Please install docker on you computer. Be sure that command "docker run hello-world" will work for you. Optional, but strongly advised, install "Visual Studio Code" also.
|
|||
09:00 - 17:00 | Security Analyst Workshop - Navigation to Investigation [ENG], Mr. Marvin Ngoma (Elastic, SE) | TAU | |
[The second half of the workshop will be conducted as a Threat Hunting CTF to enhance the gained knowledge in a competitive manner.]
Join us for an enlightening hands-on workshop which is aimed at providing participants with common workflows and analysis that a security analyst would leverage daily. This workshop is divided into four modules detailing Data Navigation and Visualization, Guided Investigation with Elastic, Threat Detection and Investigation and Dark Radiation Investigation and a roundup sample Ransomware Investigation.
The workshop focuses on "a day in the life of an analyst", Real data, real workflows, and investigating threat actor activity.
Workshop Takeaways:
Ability to leverage the Elastic Security for Incident Response.
Ability to understand common workflows for cyber security tasks.
Ability to create security focused visualizations.
Ability to take a proactive approach with Elastic Security.
Ability to apply comprehensive incident response with a case management workflow.
Type of the workshop: technical
Level: intermediate
Prior knowledge necessary: Eyes on Glass, Analyst Experience with Elastic Security or other SIEM Solutions. An understanding of current security operations procedures. An understanding of currently available data sources, desired integrations (other SIEM, SOAR).
|
Registration for full day workshops
Escape Room
A Security Awareness Adventure - Escape Room "Hack The Hacker" will be available two days - 01 & 02 October. Each session lasts 2h. Registration for the "CyberChess 2024" conference and Escape Room is separate!
01 & 02 OCT | Please arrive 10 minutes early | Room | |
10:30 - 12:30 | Hack The Hacker | SIGMA | |
A Security Awareness Adventure:
Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 other people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!
Duration of each session is 2h and consists of theoretical and practical part.
Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.
Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
|
|||
13:30 - 15:30 | Hack The Hacker | SIGMA | |
A Security Awareness Adventure:
Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!
Duration of each session is 2h and consists of theoretical and practical part.
Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.
Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
|
|||
16:00 - 18:00 | Hack The Hacker | SIGMA | |
A Security Awareness Adventure:
Your company suffers from ransomware attack. The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organisation!
Duration of each session is 2h and consists of theoretical and practical part.
Hack The Hacker is all about password security. Participants learn why we use passwords and about the risks that come with passwords, both through social engineering and technical attacks (like brute forcing.) The game leads to a deep understanding of the importance of creating strong passwords and storing them safely.
Type of the workshop: educational adventure
Level: beginner
Prior knowledge necessary: none
Personal equipment necessary: none
|
Registration for Escape Room activity
02 OCT
The cybersecurity conference CyberChess 2024
The CyberChess conference is a cornerstone of cybersecurity events within the Baltic states. It brings together a diverse array of security stakeholders, experts, ISPs, domain industry representatives, and other interested parties to discuss and examine the latest trends, issues, and innovations in cybersecurity.
More than 50 speakers from nearly 20 countries will share their research and experiences in the following cybersecurity-related areas:
- protection of critical information and infrastructure;
- Cyber threat intelligence;
- Ransomware, its triage, and defense;
- Medicine, nanotechnology, and bio-hacking;
- Artificial intelligence and machine learning;
- Alliances and their importance in strengthening security in the Euro-Atlantic area (from strategic, operational and legal perspectives).
Bringing together over 500 attendees on-site and engaging with over 3000 participants online, the conference serves as a dynamic platform for fostering collaboration, knowledge exchange, and networking among Baltic cybersecurity professionals.
"Throughout the past few years we have seen growth in attacks, their sophistication as well as in the level of political support and importance of cybersecurity. This makes events such as CyberChess an important platform not only for knowledge sharing but also establishing new partnerships."
/B.Kaškina, CERT.LV General manager/
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration & Coffee (pre-registration 01 OCT 13:30 -17:00) |
09:00 - 10:30 | OPENING PLENARY :: Moderator: Mr. Oskars Priede |
09:10 - 09:20 | Keynote, Mr. Andris Sprūds, Minister of Defense (MoD, LV) |
09:20 - 09:25 | Opening remarks, Ms. Baiba Kaškina (CERT.LV, LV) |
09:25 - 09:55 |
Utilizing botnet tracking for enabling disruptions: The Grandoreiro story, Mr. Robert Lipovsky (ESET, SK)
Replicating specific samples to understand the inner workings and network structure of a botnet has several limitations. A more versatile approach involves developing a platform of parsers that can automate botnet tracking by processing malware samples, extracting relevant information, and directly communicating with its command and control (C&C) servers. While the main downside is having to maintain such parsers, the benefits are invaluable – full control over the execution, extraction of any required data, and the ability to fake requests to C&C servers, to name a few. For large botnets, with thousands of samples, this is an extremely effective approach.
Botnet tracking data has repeatedly proven invaluable to law enforcement. It helps them understand the extent of the botnets they are investigating and maps the botnet’s network infrastructure, which is crucial for taking steps to dismantle the botnet and arrest its operators. We utilized this technique to help successfully take down Trickbot in 2020, Zloader in 2022 and, most recently, Grandoreiro in January 2024. We will demonstrate the full power of botnet tracking and how we utilize it for fully automatic processing of thousands of samples of more than 50 different botnets daily. We will provide specific examples of data our tracking system produces, the large variety of features it offers, and how the system’s outputs can be made actionable. We will illustrate how we utilized these outputs to help the Federal Police of Brazil disrupt the Grandoreiro banking trojan early this year. |
09:55 - 10:25 |
Practical Active Cyber Defense and Threat Hunting, Mr. Varis Teivāns (CERT.LV, LV)
TBC
|
10:30 - 11:00 | Coffee break |
ALFA HALL | Moderator: Dr. Bernhards 'BB' Blumbergs |
11:00 - 11:45 |
GOing Beyond C: An Introduction to Reverse Engineering Go Malware, Mr. Max Ufer (Fraunhofer FKIE, DE)
Modern compiled programming languages such as Go are increasingly accepted by developers because of their benefits over C/C++, including a more straightforward syntax, memory safety, easy concurrency implementations, and cross-platform support. Unfortunately, these same benefits are also attracting malware authors, resulting in a surge of go-written malware in recent years. Reverse engineering Go binaries pose significant challenges due to their static linking and diverse calling conventions across different Go versions. Moreover, these binaries handle strings differently from C/C++, and exhibit increased complexity resulting from compiler-inserted code that handles advanced concepts such as garbage collection and goroutines.
In this talk, we want to provide an introduction to reverse engineering malware that was written in Go. We will provide an overview of the Go programming language along with its distinct features. We will then demonstrate how different Go concepts are translated to machine code and how they can be recognized and comprehended during reverse engineering. Subsequently, we will present tools that can assist in reversing Go binaries and provide guidance on how to apply them, based on real-world malware samples.
|
11:45 - 12:30 |
IoC asessment and analysis, Mr. Richard Weiss (Mandiant / Google, DE)
In a world of rising atomic indicators, we have to research and implement scalable, repeatable, and fast methods of handling indicators: it is essential to understand the actual and future situation in the cybersecurity field to derive actionable knowledge. The process starts with selection, preprocessing, and selection of the data. Often these fields are handled quickly, but we will take time to discuss and demonstrate the advantages of those steps accordingly to have a good understanding of advantages and resource savings. The usage of tagging, clustering, and adding additional meta information to the indicators and creating compound structures will help cybersecurity professionals to re-use those in different focus fields of cybersecurity.
|
12:30 - 13:30 | Lunch |
13:30 - 14:15 |
(NO LIVE STREAM) Lucky Leaks: 400 million file paths are worth a thousand words, Mr. Lorenzo Nicolodi (Microlab.red, IT)
We spent the last two years collecting and studying the content provided by ransomware gangs on their DLS (Data Leak Site), more often than not hidden by the Tor network. We discovered that the list of the files inside the leaks can provide plenty of information about the gang's TTP, the impact for the victim and the most effective countermeasures. The victim's privacy is preserved, because we don't look at the content of the leak itself, except in specific circumstances we have a chance of getting the TTPs.
|
14:15 - 15:00 |
From AI to Emulation: Innovations and Applications, Mr. Jose Luis Sanchez Martinez (VirusTotal, ES)
During the session we will see how, through the use of AI and behaviors extracted from sandboxing and intelligence services such as VirusTotal, emulations can be created that help different teams such as blue teams, detection engineering teams and purple teams to improve the gaps in detection.
We will take several examples to see the different results we have obtained, the pros and cons and how this approach can be improved in the future. We will share the results obtained and also the tools and techniques that we have used to carry out this research. |
15:00 - 15:30 | Coffee break |
15:30 - 16:15 |
Advanced Threat Hunting: Leveraging AI and ML for Large-Scale Log Analysis, Mr. Marvin Ngoma (Elastic, SE)
In today's cybersecurity landscape, the ability to efficiently parse and analyze large volumes of log data is crucial for effective threat hunting and incident response. This in-depth tech talk will explore the cutting-edge mechanics and practical approaches employed by Elastic to facilitate advanced threat detection and mitigation. We'll delve into how Elastic's solutions leverage machine learning (ML) and artificial intelligence (AI) to automate the analysis of log files, enabling real-time insights and proactive security measures.
The session will cover key aspects such as the architecture and scalability of Elastic's platform, best practices for integrating ML models into your threat hunting workflows, and practical case studies demonstrating the effectiveness of these techniques in real-world scenarios. Attendees will gain a deeper understanding of how to utilize Elastic's powerful tools for large-scale data ingestion, correlation, and anomaly detection, ultimately enhancing their organization's cybersecurity posture. Whether you're a security analyst, data scientist, or IT professional, this talk will provide valuable insights into harnessing the full potential of Elastic for comprehensive threat hunting operations.
|
16:15 - 17:00 |
The Role of AI in Enhancing SOC Capabilities, Mr. Artur Bicki (Energy Logserver, PL)
TBC
|
BETA HALL | Moderator: Ms. Dana Ludviga (CERT.LV, LV) |
11:00 - 11:30 |
The power of persuasion: advocacy that transforms cybersecurity practices, Ms. Cornelia Puhze (Switch, CH)
This presentation explores how cybersecurity professionals can become effective advocates for security within their organisations. It emphasises the importance of non-technical skills, particularly the ability to translate complex cybersecurity concepts into language and context that resonate with the specific stakeholders addressed. Through storytelling and targeted communication, these advocates can illustrate the critical role of cybersecurity in managing enterprise risks and supporting business objectives.
Attendees will learn actionable strategies to enhance their advocacy efforts, ensuring that cybersecurity is recognised as a fundamental component of organisational strategy and risk management. The session will also discuss recruitment and training strategies to build a robust cybersecurity workforce, emphasising advocacy skills that enable professionals to effectively lobby for the integration of cybersecurity into organisational strategy and risk management. |
11:30 - 12:30 |
Encouraging Transparency and Stopping the Blame Game, Ms. Merike Kaeo (Double Shot Security, EE)
Reporting security incidents and breaches has historically been a matter of reporting as little as possible due to concerns about regulatory ramifications and negative media hype. Internal to an organization, leaders often question the resources spent on cybersecurity controls when breaches still exist. This session will utilize stories to showcase examples where transparency has been a priority when reporting cybersecurity incidents to regulators, organizational leaders and customers. Strategies are illustrated for working with organizational leaders to make effective risk management decisions where cybersecurity controls are shown to be a business enabler with associated risks that depend on the organization’s risk tolerance levels and eliminate the surprise of breaches.
Attendees will learn how to foster industry change to encourage cybersecurity incident transparency and break down the barriers that still exist in policy and regulatory frameworks to incentivize more timely reporting. The session will also detail strategies to meet cybersecurity reporting requirements stipulated in varying global laws and regulations, such as the NIS2. |
12:30 - 13:30 | Lunch |
13:30 - 14:00 |
The path from initial access to ransomeware attack - connecting the dots between accesses being sold in the underground communities to ransomeware attacks., Ms. Or Lev (KELA)
In recent years, there has been a significant increase in cybersecurity incidents initiated through valid credentials of victim company assets. Ransomware attacks, in particular, have caused severe financial and operational damage, and in some cases, even the loss of human lives. This session will explore the "reaction chain" leading to such attacks, tracing it from account credentials sold on underground platforms, to advertisements by Initial Access Brokers, and ultimately to ransomware deployment. We will present real-life examples and discuss effective strategies to prevent these attacks.
|
14:00 - 14:40 |
Negotiation beats manipulation, Mr. Matthias Herter (MSH Advice & Training, CH)
Modern cyber extortion follows a pattern that seeks a transactional solution to the caused crisis in the shortest possible time and without unnecessary communication. The obvious solution is payment in electronic currency for the criminals and the decryption of data or termination of criminal activities for the victims. The victims rarely have the resources and skills to do anything about these crimes other than either give in to the demands or suffer major damage. One of the offenders' most effective weapons is the fear and shame of the victims, the conveyed feeling of powerlessness and the domination of communication. In this respect, little has changed historically in the general dynamics of blackmail. However, despite this demonstrated power imbalance, communication with the perpetrators is one of the keys to counteracting modern cyber extortion. The presentation shows which negotiation methods private individuals, security service providers and law enforcement agencies can use to counter the strategies of criminals and provides recommendations that will serve as a decisive contribution to the prevention of cyber extortion. The title "Negotiation beats manipulation" stands for the approach that utilises the potential of communication to develop alternative solutions.
|
14:40 - 15:00 |
Our journey in navigating Obstacles and Evaluating the Worth of Cybersecurity Insurance, Mr. Roberts Pumpurs (ALTUM, LV)
TBC
|
15:00 - 15:30 | Coffee break |
15:30 - 16:00 |
Analysis and forecasting of exploits with AI, Mr. Roman Graf (Deloitte, AT)
In this talk we address questions, such as: Why is Cyber Security important? What is the current cyber threat landscape? How have particular attack vectors evolved in the past? Which cyber threats are most important at the moment? Which cyber threats could be important in the future? How to protect against it?
Protection organizations against increasing number of cyber-attacks has become as crucial as it is complicated. To be effective in identifying and defeating such attacks, cyber analysts require novel threat modelling methodologies based on information security and AI techniques that can automatically recommend protection measures. We propose custom simple explainable on-site approach to recommend most significant threats. Our goal is to provide solution that could extract attack vector features, find related correlations with aggregated knowledge base in a fast and scalable way, and to automate recommendation of additional attack vectors and protection measures. Our effective and fast threat analysis method is based on artificial intelligence and can support security experts in threat modelling, security budget planning, and allow them to quickly adopt suitable protection measures for current and future periods. In this talk, we evaluate AI similarity search and recommendation technologies as a system for threat modelling facilitation and assess its accuracy and performance. This approach should reduce the number of manual research activities and increase organization’s security. We demonstrate how the presented techniques can be applied to support security experts to plan an organization’s protection strategy. |
16:00 - 16:30 |
How to Create a Cyberspace Operations Artificial Intelligence Avatar, Mr. Michael Price (ZeroFox, US)
It is now possible to create a cyberspace operations artificial intelligence avatar. The avatar can be created by combining numerous AI-based capabilities, including: Speech-To-Text (STT), Large Language Models (LLM), Text-To-Speech (TTS), multi-modal LLMs for image generation, generative AI models for lip syncing and so on. These AI-based capabilities can
be combined with traditional cyberspace operations capabilities to create the desired avatar. In effect, the human operator can speak to an avatar conversationally, issuing voice commands and receiving voice responses spoken by a human-like avatar presented to the user within a software application.
A software controller can be implemented that leverages LLMs to interpret commands and to generate and execute plans. Output can then be relayed back to the user. This can be used, for example, to support Offensive Cyber Operations (OCOs), whereby the human user instructs the avatar to attempt to exploit a vulnerable host within a victim’s cyber attack surface. There are many other possibilities as relates to both offense and defense as well. |
16:30 - 17:00 |
(NO LIVE STREAM) The process of blocking malicious SMS and other forms of phishing, Mr. Szymon Sidoruk (CERT.PL, PL)
Last year Polish parliament has passed the Act of Combating Abuse in Electronic Communications, which includes attempt to fight with malicious SMS. I'll show how we do it and how it fits into our existing anti-phishing workflow.
|
17:00 - 20:30 | Social event, Main Lobby |
03 OCT
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration & Coffee |
09:00 - 10:30 | OPENING PLENARY :: Moderator: Mr. Oskars Priede |
09:00 - 9:25 |
Keynote, MGen. Dave R. Yarker (Canadian Cyber Forces, CA)
TBC
|
09:25 - 9:55 |
(TBC) Collective cyber defense, Mr. Luc Dandurant (NCIA and NATO DCO, BE)
TBC
|
09:55 - 10:25 |
Supply chain and cyber physical system protection, Mr. Egons Bušs (LMT, LV)
TBC
|
10:30 - 11:00 | Coffee break |
OMEGA HALL | Moderator: Mr. Oskars Priede |
11:00 - 11:30 |
(NO LIVE STREAM) russian cyber focus on destroying Ukrainian energy sector, Mr. Serhii Barabash (UA)
This presentation is intelligence view on russian attacks against energy sector of Ukraine.
|
11:30 - 12:00 |
Reaping process improvements from network leaks - boost your OT security controls, Mr. Mikko Kenttälä (SensorFu, FI) and Mr. Robert Valkama (Fortum, FI)
We will walk you through how focused testing of network segregation, a fundamental security control, can reap unexpected benefits on improving the overall OT security posture on other fronts as well.
|
12:00 - 12:30 |
Guardians of the Network: Key Security Events and Insights from the Mobile Frontier, Mr. Mārtiņš Kaļķis (LMT, LV)
The presentation will explore notable security events observed by LMT across three critical domains: physical security, mobile security, and cybersecurity. We will discuss the mitigation efforts implemented to address these security challenges, sharing valuable insights and lessons learned from our experiences. This presentation aims to equip attendees with a deeper understanding of the multifaceted security landscape and the proactive comprehensive measures necessary to safeguard against potential threats.
|
12:30 - 13:30 | Lunch |
13:30 - 14:30 | Strengthening the European cybersecurity ecosystem
Moderator: TBC Panelists: TBC
TBC
|
14:30 - 15:00 |
TBC
Panelists: TBC
TBC
|
ALFA HALL | Moderator: Dr.Bernhards 'BB' Blumbergs |
11:00 - 11:45 |
Drone Tactical Forensics and Incident Response, Mr. Wayne Burke (Cyber2Labs, US)
During this high energy presentation we will cover fundamental Drone Forensics and the importance for law enforcement, emergency / security personnel and all professionals responsible for managing various aspects of Drone operations. Coupled with effective techniques for data extraction methods: onboard storage, data acquisition. Analyzing flight logs and telemetry data with a tear-down to identify all core drone components.
|
11:45 - 12:30 |
TA577 Walked just past You: Indirect Syscalls in Pikabot
, Mr. Patrick Staubmann (VMRay, AT)
In late 2023, the notorious Pikabot loader reappeared after a break of several months. Its reappearance, coupled with striking similarities in its delivery chain with QBot suggests its role as a replacement family used by threat group TA577. Pikabot's reputation for being evasive precedes it, but its latest variant introduces a new level of sophistication, with techniques attempting to bypass AV, EDR, and even sandboxes. The integration of indirect syscalls has left security products grappling with detection challenges, as hooks, commonly used in EDRs and sandboxes, won't be enough to inspect the inner workings of such samples during execution.
Our talk aims to delve deep into the world of Pikabot, sharing insights, pitfalls, and thoughts gathered from analysis and tracking. We'll provide an exhaustive analysis of Pikabot's loader module, dissecting its obfuscation and evasion techniques in detail. With a special focus on the intricacies of indirect syscalls, we'll explore how this technique successfully circumvented many sandboxes and how our proof-of-concept reimplementation demonstrates how many more enhanced indirect syscall techniques malware developers could already have in their arsenal. Furthermore, as Pikabot's operation have been shutdown via Operation Endgame, we'll speculate on future developments and trends in evasion techniques, offering practical recommendations for effectively detecting and mitigating such and similar threats. |
12:30 - 13:30 | Lunch |
13:30 - 14:15 |
The future of vulnerability management is predictive, Mr. Éireann Leverett (Concinnity-risks, UK)
Vulnerability management and patching prioritization are undergoing a revolution. Prediction and forecasting have become rich research arenas, and we'll present an assortment of those advances, some of which are ours. We are moving to a world where vulnerabilities can be foreseen, and exploits anticipated. Even exploitation events in specific networks aren't immune to quantification, and we expect this to advance quickly. Why wait for zero days when the future of vulnerability management is getting away from reaction and moving towards predictive risk. I share my experience writing the vulnerability forecasts for FIRST.org, and running the Vuln4Cast conference.
|
14:15 - 15:00 |
Federated Learning Approaches to Bolstering Cyber-Physical Systems Resilience, Dr. Delwar Hossain (NAIST, JP)
The lecture covers security issues in modern automobiles and Industrial Control Systems and proposes Deep Learning, Federated Learning-based solutions to address them. The CAN bus system used in modern cars lacks basic security features, making it susceptible to attacks such as DoS, Fuzzing, and Spoofing. Similarly, the Modbus RS-485 protocol used in smart meters lacks authentication and encryption mechanisms, making it vulnerable to attacks. As a countermeasure, an intrusion detection system (IDS) using the Federated Learning (FL) approach can effectively detect malicious activities and ensure data protection from intruders. The structured presentation covers topics ranging from the security challenges of automotive and ICS systems to the development of AI-based IDS, autonomous driving model resiliency, using Federated Learning.
The lecture is structured as follows:
- Security issues of modern automotive and ICS systems
- Proposed defense verification platform for the CAN bus system
- Development of a deep learning, Federated Learning-based IDS
- Development of automotive and Modbus attack datasets and AI-based IDS
- Attacker Localization with Machine Learning in RS-485 Industrial Control Networks.
|
BETA HALL | Moderator: Ms. Dana Ludviga (CERT.LV, LV) |
11:00 - 12:30 |
DNS on steroids
Moderator: Ms. Dana Ludviga (CERT.LV, LV) Panelists: Ms. Katrīna Sataki (NIC.LV, LV), Mr. Kirils Solovjovs (Possible Security, LV), Iveta Skujiņa (NIC.LV, LV), Mr. Kristians Meliņš (NIC.LV, LV), Mr. Helmuts Meskonis (Domain Summit Ltd, UK)
In this engagement session, we will delve into the dynamic world of the Domain Name System /DNS/ and its evolving landscape. We will cover traditional DNS, the introduction of new generic Top-Level Domains /gTLDs/, and their impact on the domain name market. We'll discuss the benefits and challenges these changes bring for businesses and consumers, as well as the potential for innovation in areas like decentralized internet addressing.
Panelists and the audience will also explore critical cyber security and legal issues that average internet users should be aware of.
|
12:30 - 13:30 | Lunch |
13:30 - 14:00 |
TBC, Ms. Merle Maigre (eGA, EE)
TBC
|
14:00 - 14:30 |
TBC, Mr. Maxim Matskul (CloudFlare)
TBC
|
14:30 - 15:00 | Game of Drone! Field insights from the war in Ukraine, Ms. Gabrielle Joni Verreault (Universite de Montreal, CA)
As technology continues redefining modern warfare's landscape, its impact extends beyond the battlefield to involve civilians in unprecedented ways. This presentation, "Game of Drone! Field Insights from the War in Ukraine," offers a unique perspective grounded in firsthand experiences from the front lines of the conflict. It explores the critical intersection of technology, ethics, and civilian involvement, drawing from the presenter's extensive fieldwork in Ukraine.
The session will explore the challenges and legal ambiguities that arise when civilians, driven by a desire to support Ukraine, engage in activities ranging from ethical hacking to drone operations. Key areas of focus will include the blurred lines between civilian and combatant roles in cyber operations, the ethical dilemmas inherent in these initiatives, and the broader implications of these efforts within the framework of International Humanitarian Law.
Beyond the technical and legal analysis, the presentation will offer insights into the presenter's unique stance on security, informed by a background in public health and a deep commitment to human well-being. This perspective is rooted in a care-oriented and reduction-of-harm approach, emphasizing the importance of ethical considerations and the responsible use of technology in conflict zones.
Attendees will gain a nuanced understanding of the ethical and legal considerations essential for aligning technological skills with the needs on the ground in a responsible and impactful manner. This discussion is particularly relevant for ethical hackers, technologists, and those interested in the practical and ethical dimensions of civilian participation in modern conflicts.
|
15:00 - 15:30 | Coffee break |
15:30 - 17:00 | CLOSING SESSION :: Moderator: Mr. Oskars Priede |
15:30 - 16:00 |
Countering generative AI disinformation: a Ukraine experience, Mr. Dmytro Plieshakov (Osavul, UA)
The presentation will cover the most recent AI-powered techniques used by hostile actors to plan, create and disseminate disinformation campaigns. It will also focus on how AI and Large Language Models can used by the defenders community to protect the information environment from hostile activities.
|
16:00 - 16:20 |
Tailoring security systems for the AI era, Mr. Dmitrijs Ņikitins (Tet, LV)
This presentation will explore the significant transitions within the IT industry over the past decades, focusing on the integration of advanced AI technologies that have transformed traditional security measures.
AI is a double-edged sword in the realm of cybersecurity. On one hand, it represents a potent threat vector, with AI-driven attacks becoming increasingly sophisticated. On the other hand, AI is indispensable for developing proactive defenses, capable of predicting and neutralizing threats before they manifest.
This presentation will explore the significant transitions within the IT industry over the past decades, focusing on the integration of advanced AI technologies that have transformed traditional security measures. And highlight how cybersecurity must evolve, incorporating AI not only as a tool but also as an integral part of the strategic framework.
Looking ahead, we will explore predictions for the next decade, emphasizing how advancements like quantum computing might influence cybersecurity. This presentation is designed to equip audience with the knowledge and tools necessary to adapt your security strategies effectively in anticipation of these developments.
|
16:20 - 16:40 |
Helping defend the UA powergrid, Mr. Patrick C. Miller (Ampere Industrial Security, US)
TBC
|
16:40 - 17:00 | Conference end ceremony |
Speakers
From 2020 till 2021, prior to joining Deloitte, Roman worked as a consultant, pentester and DevSecOps engineer for a big consulting company.From 2009 till 2020 he was working as a pentester and researcher for one of the leading European Research Institutes, where he was responsible for penetration testing, threat modelling and AI application for security domain. He was also tasked with the planning, preparation and presentation of individual workshops for different target groups.