OMEGA HALL | Moderator: Mr. Reinis Zitmanis |
11:00 - 11:30 | Are We Reaching Early Maturity in Cybersecurity or a Brand-New Cycle? An Exploratory Perspective, Mr. Dion Hinchcliffe (USA)
The cybersecurity landscape continues to evolve rapidly, but an end state may be appearing in the rising prominence of zero trust architectures and a new, holistic approach known as Applied Threat Intelligence. Emerging trends include AI in threat development, multi-factor/passwordless authentication, IoT device proliferation, and human vector threats continue to create difficult challenges, but a new plateau in maturity appears in sight. Now new challenges arise from breakthroughs in quantum computing, organized ransomware, and ethical issues / new threats surrounding deepfakes and generative AI, that may spur a dramatic new cycle in cybersecurity regimes.
|
11:30 - 12:30 | Enhancing cyber resilience through public-private
cooperation
Moderator: Mr. Edmunds Beļskis (LV) Panelists: Mr. Jānis Garisons (LV), Mr. Richard Browne (IE), Mr. Ingmārs Pūķis (LV), Mr. Florian Pennings (Microsoft)
The geopolitical context and recent activities in the cyberspace highlight the multidisciplinary and global nature of cybersecurity – from transport and energy infrastructures, to state systems and private entities, cybersecurity is a concern for everyone. Addressing the existing and potential risks requires a holistic approach involving both cross- sectoral and regional cooperation. This panel will focus on what is the best approach for effective cooperation on all levels – how can we reach tangible outcomes that will help the industry and state institutions?
|
12:30 - 13:30 |
Lunch |
13:30 - 14:00 | EU Cybersecurity iniatives, Ms. Christiane Kirketerp de Viron (European Commission) |
14:00 - 15:00 | The role of NCCs in building cybersecurity competences across
sectors
Moderator: Mr. Mihails Potapovs (LV) Panelists: Mr. Lauri Tankler (EE), Mr. Jukka-Pekka Juutinen (FI), Ms. Inga Sūnelaitienė (LT), Mr. Tun Hirt (LU), Mr. Christoffer Karsberg (SE)
Cyber resilience of both public and private sector cannot be achieved without well-coordinated cybersecurity competence-building efforts. The National Coordination Centres (NCCs) are instrumental in consolidating national and European competence-building frameworks and activities, supporting cybersecurity research and deployment of innovative cybersecurity solutions, as well as facilitating collaboration and the sharing of expertise and capacities within the cybersecurity competence communities. The panel will look into the progress and challenges faced by the NCCs in addressing those issues.
|
15:00 - 15:30 | Coffee break |
15:30 - 16:00 | European Cybersecurity Competence Centre, Ms. Katarzyna Prusak-Górniak (ECCC) |
16:00 - 16:30 |
Securing Latvia's digital tomorrow, Mr. Dmitrijs Ņikitins (LV)
By safeguarding its own infrastructure, providing cybersecurity services to government entities, and offering solutions to local businesses, Tet plays a vital role in fortifying Latvia's digital resilience and security. Tet will demonstrate actions that encompass it to ensure the digital security of the country and their role in it.
|
16:30 - 17:00 |
LatQN practical outcomes, Dr. Leo Trukšāns (LV)
Talk about LatQN project and main goals, the intended network and it's use-cases, as well as partnership with industry.
|


Location
October 4 - 5, 2023
The conference time zone is Eastern European Summer Time (UTC/GMT +3)
Hybrid format:
On-site (Registration required):
Radisson BLU Latvija, Elizabetes Str.55, Riga, Latvia
Online (Certificate only for registered online attendees):
The streaming link will be available
from 3.10


Register
Participation in the conference is free of charge. Please note that for the workshops and trainings on 3 October, you must register separately by selecting the "Register" option below.


Agenda
03 OCT
Workshops and Trainings
Registration for the "CyberChess 2023" conference and the workshops and trainings on 3 October is separate. You can choose to attend the workshops and trainings only, even if you're not participating in the main conference. Registration for the workshops and trainings will be open until 27 September.
08:30 - 09:00 | Registration |
Room | |
09:00 - 17:00 | MESSEU Working Group | TAU HALL | Invitations only |
09:00 - 13:30 |
Cybersecurity Breach Investigation Workshop (tabletop), Daina Ozoliņa (CERT.LV)
In this workshop, participants step into the shoes of Cyber Security Investigation team tasked with uncovering the culprits behind a cyberattack on business entity. The attack involves a multi-pronged assault, including a phishing attack, unauthorized access, a ransomware incident, and the spread of damaging fake news. Technical IT or cybersecurity skills are not required for this tabletop exercise. The workshop is designed to focus primarily on analytical and decision-making skills in a cyber crisis scenario.
Work language: Latvian One game session takes approximately 1,5 hours, therefore there will be 2 separate groups:
|
GAMMA HALL | Register |
09:00 - 13:30 | Recon, Scanning, and Enumeration Attacks, Chris Dale (SANS)
In this workshop, we'll look at the techniques attackers use to conduct reconnaissance as a pre-attack step, including how they use open-source intelligence, network scanning, and target enumeration attacks to find the gaps in your network security. You'll use attacker techniques to assess the security of a target network, evaluating popular protocols and endpoints for Windows, Linux, and cloud targets. After delivering the attacks, you'll investigate the logging data and evidence that remains to recognize these attacks as they happen.
Topics:
|
BETA HALL | Register |
09:00 - 14:30 | Cyber Fortress - Build the most resilient ICT security system, Marcin Fronczak, Miroslaw Maj and Piotr Kepski (ComCERT SA)
Cyber Fortress is a simulation game consisting in building the most resistant ICT environment security system and effective response to various threats from cyberspace. Each team gets a predetermined budget, which can be increased during the game. Teams have security at their disposal, which is divided into 8 categories (Organization, Physical infrastructure, Entire network, Network edge, Internal network, Endpoints, Apps and Data). Safeguards are scored differently based on their effectiveness in terms of prevention (identification and protection) and response (response, detection and recovery). The team that best prepares its organization for the events wins.
To play CyberFortress, players will need a computer or tablet with internet access and an installed web browser. |
ALFA HALL | Register |
04 OCT
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration & Coffee
|
09:00 - 10:30 | OPENING PLENARY :: Moderator: Mr. Reinis Zitmanis |
09:00 - 09:10 | Keynote, Mr. Andris Sprūds, Minister of Defense (LV) |
09:10 - 09:15 | Opening remarks, Ms. Baiba Kaškina (LV) |
09:15 - 09:20 | Opening remarks, Ms. Katrīna Sataki (LV) |
09:20 - 09:50 | DNS security & the Root DNSSEC KSK Ceremony, Mr. David Huberman (USA)
If you hear about the "keys to the Internet," the topic usually relates to a very specific thing — a digital key that is used to verify the security of the DNS. The concept of a master key that controls such an essential function sounds like it is lifted from spy novels. It has been the subject of many stories, television, and radio shows, that focus on the idea that seven people hold keys to the Internet. These fictionalized accounts, and some of the journalistic reporting, can overplay and sensationalize its importance. In this talk, David Huberman will describe what’s really going on, who is involved, and how ICANN keeps the keys secure.
|
09:50 - 10:20 | The Ever-Changing Landscape and Impact of Cyber Warfare, Mr. Chris Boehm (USA) (no live stream)
Join us for an insightful presentation on cyber warfare, where we'll explore evolving strategies used by threat actors and their impact on nations, organizations, and essential services. Learn from Ukraine's cyber resilience to enhance your organization's defenses. Understand the growing threat to NATO and varying levels of cyber security investments made by nation-states, along with the US Cyber Security Framework. Gain valuable insights into the collateral impact of cyber warfare within the European Union, data sovereignty challenges, and their implications for businesses operating in Ukraine and Europe.
|
10:30 - 11:00 | Coffee break |
BETA HALL | Moderator: Dr. Bernhards 'BB' Blumbergs |
11:00 - 11:45 |
Practical Frida, Mr. Fernando Diaz Urbano (JP)
The objective of this presentation is to introduce Frida with practical use cases. For those not unfamiliar with Frida, first we will introduce the usage by bypassing some common anti-frida techniques. Then, we will showcase some practical examples to accelerate malware analysis by instrumenting important functionality of an APK.
|
11:45 - 12:30 |
KronoDroid: addressing machine learning-based Android malware
detection challenges, Dr. Alejandro Guerra Manzanares (UAE)
Machine learning has been used to address numerous complex tasks in the cybersecurity domain in an automated fashion. Malware detection is a prominent one. Despite the myriad of studies addressing Android malware detection, just a few of them address real challenges surfacing in production environments such as concept drift and cross-device behavioral differences. This talk introduces the main methodologies used for Android malware detection, and the generation of KronoDroid, the first dataset enabling the study and analysis of concept drift and cross-device behavior for mobile malware detection.
|
12:30 - 13:30 |
Lunch |
13:30 - 14:15 |
DRAKVUF Sandbox - dynamic malware analysis from the hypervisor point of view, Mr. Paweł Srokosz (PL)
Malware is actively defending against dynamic analysis using various anti-vm and anti-sandbox techniques to prevent execution on a sandbox environment.It's difficult to avoid being detected when you're in the same ring, but fortunately, there are open-source projects that allow you to take the high ground.During this talk, I'll tell a story about our experience with DRAKVUF and DRAKVUF Sandbox, an agentless malware analysis system that is using Xen and Intel virtualization features (VT-x/EPT) to monitor malware execution as stealthy as possible.
|
14:15 - 15:00 |
Capturing Large-scale Cyber Exercises: Toward Automated Data
Labeling, Dr. Mauno Pihelgas (EE), MSc. Allard Dijk (NL)
A team of cybersecurity researchers has captured data (logs, PCAPs) from NATO CCDCOE's cyber exercises for several years. Having collected tens or even hundreds of terabytes of realistic data may seem like a gold mine for cybersecurity research, however, it is not trivial to make sense of vast amounts of raw data. This talk will demonstrate exploring such large datasets and discuss the necessary steps for moving toward automating data labeling for machine learning purposes.
|
15:00 - 15:30 | Coffee break |
15:30 - 16:15 |
An Exploration into Bluetooth RF Fingerprinting and Protocol
Fuzzing, Mr. Artis Rušiņš (LV), Mr. Eduards Blumbergs (LV)
In this talk, we will first delve into our experimental study on RF fingerprinting of Bluetooth devices, demonstrating the unintended privacy risks that exist at the physical layer. We will then pivot to our exploration of Bluetooth protocol fuzzing, showcasing the effective tools and techniques for vulnerability identification in consumer wearable devices.
|
16:15 - 17:00 |
Cracking the nuts with DNS, Mr. Heiki Pikker (EE) (no live stream)
In the information society, DNS is one of the very important core services that we use on a daily basis. Why not use then this service as on layer of your cyber security solution in addition to secure name resolution. Sounds like a reasonable idea? This presentation opens up a bit what CERT-EE provided DNS service does.
|
ALFA HALL | Moderator: Ms. Katrīna Sataki (LV) |
11:00 - 11:15 | Welcome to the Baltic Domain Days 2023, Ms. Katrīna Sataki (LV) |
11:15 - 11:45 |
The puzzle of the Baltic domains - .LT, .EE and .LV, Mr. Tomas Mackus (LT), Mr. Heiki Sibul (EE), Ms. Katrīna Sataki (LV)
Baltic domain registries .LV, .LT, and .EE will lead an insightful and data-rich discussion about their respective domains and the evolving internet landscape in the Baltic region. We will provide a comprehensive overview of each registry's statistics, facts, news, country trends, and future initiatives. It's an opportunity to delve into the most pressing issues and challenges the Baltic domain registries are facing and to compare the different approaches they pursue.
|
11:45 - 12:30 | Running a top level domain in times of war
Moderator: Ms. Katrīna Sataki (LV) Panelists: Mr. Dmitry Kohmanyuk (UA), Ms. Svitlana Tkachenko (UA)
Hear the story of the resilient Ukrainian national domain – .UA. How .UA registry is keeping the DNS infrastructure safe in such critical times and protecting what we all care about most: the people behind domains!
|
12:30 - 13:30 |
Lunch |
13:30 - 14:15 | DNS security in the Baltics
Moderator: Mr. David Huberman (US) Panelists: Mr. Patrik Fältström (SE), Mr. Tomas Simonaitis (LT), Mr. Timo Võhmar (EE), Mr. Ivo Ķutts (LV)
The DNS is often viewed as an effective launching point for malicious attacks on Internet infrastructure. During this panel discussion, experts from both the region and from around the world will share their experiences about threats to the DNS, mitigations of those threats, and some thoughts on futureproofing DNS operations to make the Internet safer and more secure while maintaining the resilience the world has come to expect.
|
14:15 - 15:00 | Collaboration between domain industry and CERTs
Moderator: Ms. Barbara Povše (SI) Panelists: Ms. Daiva Tamulioniene (LT), Ms. Dana Ludviga (LV), Mr. Tomas Simonaitis (LT), Mr. Timo Võhmar (EE)
ccTLD Registries have for many years been playing an important role and providing reliable, stable and secure services to their respective local internet communities. But over the last years the DNS landscape and the whole internet business has changed. Cyber security threats have impacted the trust in the internet, upon actually our day-to day life depends. How to re-build this trust?
CERTs' (Cyber Security Response Teams) mission has allways been that: building trust in in internet and help in the case something went wrong. Isn’t it time to start working together? |
15:00 - 15:30 | Coffee break |
15:30 - 16:15 | “Digital waste” for criminal minds and businessmen
Moderator: Ms. Dana Ludviga (LV) Panelists: Mr. Artūrs Mednis (LV), Mr. Sascha Kämpf (DE), Mr. Tomas Mackus (LT), Mr. Kārlis Svilans (LV)
It's common today for individuals and organizations to discard a domain name once a project is completed or renamed. However, what often goes unnoticed is that in doing so, they unwittingly squander not only their project's marketing budget but also expose themselves to potential cybersecurity risks. The panel will dive deep into this phenomenon, by analyzing a few real-world use cases and the reasons behind the common practice of valuable domain name abandonment and will look into the domain name secondary market and the pivotal role played by domain name investors.
|
16:15 - 16:45 |
Make a difference with KINDNS, Mr. David Huberman (USA)
The presentation will focus on the state of security in internet infrastructure, and highlight the efforts of the MANRS and KINDNS initiatives to promote a more secure operation of the Internet.
|
16:45 - 17:00 | Wrap-up of DAY 1, Ms. Katrīna Sataki (LV) |
17:00 - 20:30 | Social event, Main Lobby |
5 OCT
OMEGA HALL | |
---|---|
08:00 - 09:00 | Registration & Coffee
|
09:00 - 10:30 | OPENING PLENARY :: Moderator: Mr. Reinis Zitmanis |
09:00 - 9:20 |
How to create a National Guard sub-unit in a commercial company: LMT’s story, Mr. Mārtiņš Kaļķis (LV)
Latvijas Mobilais Telefons has been an active supporter of National security ever since. When it became possible to establish National guard subunit in a commercial company in Latvia, LMT set out to do this it in LMT group. We will share our story and successes so other critically thinking organizations can learn and help make Latvia more resilient.
|
09:20 - 9:45 |
AI Frontiers in Multimodal Information Warfare: Defending Democracy and Strenghtening StratCom in a Multilingual Landscape, Dr. Gundars Bergmanis-Korāts (LV)
AI is being used to support and counter disinformation in multilingual and multi-modal contexts. Despite the hype and limitations of current AI, recent advances in LLMs are opening up new possibilities for AI in multimodal information & cyber warfare. These advances have the potential to significantly impact the way that wars are fought in future.
|
09:45 - 10:10 |
Cyber Threat Intelligence - your guide to proactive
cybersecurity programme, Mr. Maciej Martinek (PL), Mr. Jakub Orkiszewski (PL)
In today's threat landscape more and more response tasks are destined to SOC teams. Alert volume and their specifics make this battle more complicated to win. What if we can change the rules of the game in our favor with a couple of smart moves? During the session we will show how knowledge about your enemies, who they are, what are their motivations and which tools they use can help Cybersecurity Teams in developing proactive mode and be one step ahead. Live demo will present the practical implementation and use cases that can be built around Cyber Threat Intelligence.
|
10:10 - 10:30 | The evolving domain landscape from the last 10 years: opportunities and threats to the traditional domain space, Mr. Rishi Maudhub (UK) |
10:30 - 11:00 | Coffee break |
OMEGA HALL | Moderator: Mr. Reinis Zitmanis |
11:00 - 11:30 |
Cyber Deterrence and Attribution - what have we learned so
far? Mr. Daniel Pilkington (UK)
An overview of the UK approach to cyber deterrence and how we approach international coordination. Assessment of how offensive cyber capabilities might contribute to cyber deterrence.
|
11:30 - 12:30 |
Neighbouring CSIRTS - What keeps us awake at nights
Moderator: Mr. Kārlis Svilans (LV) Panelists: Ms. Baiba Kaškina (LV), Mr. Danielius Vargonas (LT), Mr. Maciej Siciarek (PL), Mr. Jukka-Pekka Juutinen (FI)
In an interconnected world, cybersecurity challenges have become borderless, requiring nations to unite and collaborate in defence against cyber threats. Cyber threats and campaigns tend to be regional. A specific threat actor might target a specific region, a specific region may share similar holidays. There are multiple reasons as to why neighbouring countries could receive similar threat campaigns, differing only in the language of the payload. This panel discussion brings together esteemed representatives from the Latvian, Estonian, (Lithuanian), Polish, and Finnish Cyber Emergency Response Teams (CERTs) to explore the significance of cross-border cooperation in ensuring digital resilience and safeguarding our digital future.
|
12:30 - 13:30 |
Lunch |
13:30 - 14:30 | #StrongerTogether - Lasting alliances in a turbulent time (CAN, NCSC-UK, LVA)
Moderator: Maj. Reid Meyers Panelists: Mr. Varis Teivāns (LV), Mr. Daniel Pilkington (UK), Rear-Admiral Luciano Carosielli (CA)
This panel discussion aims to highlight the importance of unity and collaboration between NATO member states in face of the war in Ukraine. The events in Ukraine have had a meaningful impact on the topic of safety in this region of Europe. Being an interest and potential target of Russia should not be surprising for any country neighboring Russia, given recent and past events.
Shared values and commitment to international norms, deterrence against aggression that disregards sovereignty, amplification of collective strength and capability. All these topics and more, will be discussed in this panel discussion to bring to light the importance of building lasting capabilities and alliances in order to maintain a secure environment in an uncertain and turbulent time. |
14:30 - 15:00 | CERT-UA: Research and Technical Analysis of Large-Scale Cyber Attacks in Ukraine (2022-2023), Mr. Yevhen Bryksin (UA) |
BETA HALL | Moderator: Dr.Bernhards 'BB' Blumbergs |
11:00 - 11:45 |
Software Dependency Failures: jQuery, a Canary in the Coal
Mine, Mr. Lari Huttunen (FI) (no live stream)
Keeping dependencies up-to-date is challenging for any software development project and even more so from a systems administration point of view. Too often you see packaged web projects, which have been put together and then forgotten. They contain dependencies to third party libraries, which never get updated even if the application itself is maintained – at least to some extent.
|
11:45 - 12:30 |
Detecting Threats on Industrial and Automation Control System
Networks, Mr. Rūdolfs Ķelle (LV), Mr. Heinrihs Skrodelis (LV)
Detecting threats in IACS networks is critical for ensuring the security and reliability of critical infrastructure. Rudolfs will explore the process of crafting a Network Intrusion Detection System (NIDS) to provide visibility and proactive threat detection based on the IEC-60870-5-104 protocol.
Heinrihs will share the findings of the latest discoveries in ML applications in the development of IDS. He will address the challenges that arise, analyze past attacks, and delve into the creation of threat scenarios. |
12:30 - 13:30 |
Lunch |
13:30 - 14:15 |
Flipping Bits From Software with Rowhammer a Decade Later,
Mr. Andrea Di Dio (NL)
Rowhammer is a hardware failure mechanism discovered in 2014 which allows an attacker to modify data retained in DRAM cells without having access to that data. By merely accessing nearby rows in DRAM, an attacker can hinder the data integrity in other rows containing sensitive data. In this talk I will walk you through this phenomenon and give some examples of how one can exploit this DRAM vulnerability.
|
14:15 - 15:00 |
Streaming Anomaly Detection Using Sigma Rules, Mr. Jean-Claude Côté
(CAN)
This talk will demonstrate how to easily deploy Sigma rules in Spark streaming pipelines to handle stateful parent-child relationships between log events.
|
ALFA HALL | Moderator: Ms. Dana Ludviga (LV) |
11:00 - 11:45 | Chasing Cybersecurity Compliance: Will NIS 2 contribute to a greater DNS security?
Moderator: Ms. Polina Malaja (BE) Panelists: Ms. Barbara Povše (SI), Mr. Tomas Mackus (LT), Ms. Helen Aaremäe-Saar (EE), Mr. Edgars Kiukucāns (LV)
Revised cybersecurity norms in the European Union widen its regulative scope by including DNS infrastructure stakeholders. The panel will discuss key elements of the NIS2 directive that can affect top-level-domain (TLD) name registries, DNS service providers, and entities providing domain name registration services (Articles 21 and 23), and will touch upon challenges for its transposition across the EU.
|
11:45 - 12:30 | Data accuracy and tools for implementing it
Moderator: Ms. Katrīna Sataki (LV) Panelists: Ms. Iveta Skujiņa (LV), Ms. Laura Subačienė (LT), Ms. Helen Aaremäe-Saar (EE), Ms. Asta Mineike (EU)
The data accuracy requirement in NIS2 directive obliges registries and registrars to ensure that the domain name registration data they collect and store is accurate and complete. The data accuracy requirement aims to contributing to the security, stability and resilience of the DNS. The discussion will address the methods and measures that registries or registrars should implement to ensure data accuracy; the challenges of complying with the data accuracy requirement, such as the costs and resources involved, risks and liabilities, and the added value for DNS security and trust; the tools that can help registries and registrars to comply with the data accuracy requirement.
|
12:30 - 13:30 |
Lunch |
13:30 - 14:00 |
Effective domain name strategies to protect vital assets and
tackle cybercrime, Mr. Patrick Hauss (FR)
Patrick Hauss will present on how to build a 360 domain security strategy that is looking at both angles of domain security: consolidating domain portfolio and identity vital domains within growing portfolios, as well as putting in place domain threat intelligence tools in order to respond to cybersquatting and phishing attacks.
|
14:00 - 14:45 | Predictions on the future of the DNS
Moderator: Mr. Christopher Mondini (US) Panelists: Mr. Patrik Fältström (SE), Mr. Tomas Mackus (LT), Mr. Vaggelis Segredakis (GR), Rishi Maudhub (UK)
The Domain Name System, or DNS, is what keeps the Internet global, interoperable, and expanding. It has worked uninterruptedly for forty years, resolving billions of queries every second, surviving wars, pandemics, and natural disasters. The DNS allows the Internet to connect 5.5 billion humans and tens of billions of our devices. It allows each of us access to all of the world’s knowledge, and gives us the ability to communicate directly with two-thirds of humanity. But how long can it survive? And what changes are on the horizon?
Please join our discussion, “Predictions on the Future of the DNS”, with top experts on the technical, political, and business dynamics that will determine the DNS’ future. Will blockchain-based identifiers, the Internet of Things, or cyberattacks overwhelm current DNS structures? Will businesses develop new DNS applications that delight consumers and spur innovation? Or will centrifugal geo-political forces, such as trade wars, sanctions and tech regulation fragment the global DNS? We will explore both the most optimistic and pessimistic scenarios for this amazing global system that continues to surpass the expectations of its founders and evolve in remarkable ways. |
14:45 - 15:00 | Wrap-up of BDD, Ms. Katrīna Sataki (LV) |
15:00 - 15:30 | Coffee break |
15:30 - 17:00 | CLOSING SESSION :: Moderator: Mr. Reinis Zitmanis |
15:30 - 16:00 |
Cyber survivability, Mr. Patrik Fältström (SE)
We have a number of examples where we see organizations be able to handle a cyber attack without much notice, while others crawl out of the mud only after severe damages. Why is the difference between surviving or not in a cyber conflict depending so much on how well you have prepared?
|
16:00 - 16:30 | Keynote, Rear-Admiral Luciano Carosielli (Canadian Armed Forces) |
16:30 - 16:45 | CTF Competition overview and announcement of the CTF winners, Dr. Bernhards `BB` Blumbergs |
16:45 - 17:00 | Conference end ceremony |


Speakers


CTF
registration code: {iEU8fbozs70xgcIZTzaDHX5n}