Learn and collaborate with the cybersecurity industry leaders
Qubit Conference Prague strives to bring the latest information to the cybersecurity community in CEE region.
Ondrej Krehel, Digital forensics and cybersecurity professional, USA
Maria Krahulecova, CEO QuBit Security, Slovakia
Over two decades of offensive and digital forensics investigative engagements provide great learning and transforming lessons shared from Yankee land, Europe, scratching cyberwarfare in the Middle East, to nation state corporate espionage originated in Asia, while crossing Africa diamond trades ending in Switzerland.
Stories to be told that embrace human understanding of the digital universe dimension we are all plugged in.
Ondrej Krehel, Digital forensics and cybersecurity professional, USA
Lukas Okal, Security Lead | Security, Compliance & Identity | Microsoft Czech Republic and Slovakia
Organizations worldwide are targeted more than ever by external Cyber risks. The presentation deals with new tactics, techniques and protocols currently used by Cyber attackers, focusing on supply chain attacks, Cyber fraud, brand abuse and Cyber attacks on employees and executives.
Presentation flow: – Current trends in Cyber attacks against external (and less defended) entities in organizations’ Cyber ecosystem
Analysis of several use cases of attacks against supply chain & organizations’ customers, employees and executives
Key takeaways: – How to protect executives from Cyber attacks
Ways to protect remote workforce
Practical recommendations to prevent fraud, improve business continuity & reduce financial loss and damage to reputation
In 2021, Swedish national TV aired a six-part TV series called “Hacked” where 4 professional hackers hacked into the private assets of normal people, celebrities, and companies. Linus was one of the 4 hackers and is going to talk about some of the most interesting hacks that were seen on-screen.
Linus Kvarnhammar, Principal Cyber Security Consultant, Syneptic AB, Sweden
How the role of security has developed from an old fashion business blocker to a modern enabler? We will discuss key cyber security considerations for this year and demonstrate how a project for NIS 2 can look like and what organisations need to start doing now to ensure that they are compliant.
Financial and Geopolitical cyber challenges
Financial management and budgeting in recension era
– What needs to be addressed to C-Level and board on cyber breach preakness and potential cyber incident
– Geopolitical volatilities and their implication to enterprises – example Pegasus used to hack cellphones in middle east and the rest of the world, Ukraine attacked by criminal groups from Russia, and same threat actors attacking West for ransomware
Moderator: Ondrej Krehel, Digital forensics and cybersecurity professional, USA Panelists: Charles Tango, CISO, SYSCO, USA
Ondrej Krehel, Digital forensics and cybersecurity professional, USA
Maria Krahulecova, CEO QuBit Security, Slovakia
Over two decades of offensive and digital forensics investigative engagements provide great learning and transforming lessons shared from Yankee land, Europe, scratching cyberwarfare in the Middle East, to nation state corporate espionage originated in Asia, while crossing Africa diamond trades ending in Switzerland.
Stories to be told that embrace human understanding of the digital universe dimension we are all plugged in.
Ondrej Krehel, Digital forensics and cybersecurity professional, USA
Lukas Okal, Security Lead | Security, Compliance & Identity | Microsoft Czech Republic and Slovakia
Our research aimed to determine whether active cyber defense can prevent successful cyber attacks. We investigated whether preparing for an attack using CTI or increasing the environment’s resilience through detection rules hardening can help eliminate the possibility of a successful attack.
Presentation flow: Introduction
ACD use for private sector
Starting point
Questions
Use-case
Research
ACD Loop
ACD RA
Deception usage
Testing
Detection rules Hardening
Results
+C1
Key takeaways: 1. Effectiveness of Active Cyber Defense in preventing successful cyber attacks.
Possibility of preparing for an attack with the help of CTI.
Importance of emulation and detection rules hardening.
Reasons: Our paper presents the current results of our research on detection rules hardening using our ACD Loop and using deception elements. This is to inform and extend our knowledge to the expert community.
As an owners of a critical information infrastructure element we have a lot of experience here.
Secrets like API keys are constantly leaking, in your source code and even in your apps on the Google Play Store. This talk reveals how millions of secrets are leaking through public source code by mistake, and how nearly half of all apps on the Play Store contain extractable secrets.
My presentation explores using timing between network transactions to identify malicious activity in network traffic captures.
Joshua Pyorre, Senior Security Researcher, Cisco Talos, USA
In the ever-changing IT landscape where containerized applications running in a Kubernetes cluster are now the de facto standard, it is key to secure them properly to keep the malicious attackers out of the way. But can we keep the agility of DevOps without losing security controls in the SDLC?
Financial and Geopolitical cyber challenges
Financial management and budgeting in recension era
– What needs to be addressed to C-Level and board on cyber breach preakness and potential cyber incident
– Geopolitical volatilities and their implication to enterprises – example Pegasus used to hack cellphones in middle east and the rest of the world, Ukraine attacked by criminal groups from Russia, and same threat actors attacking West for ransomware
Moderator: Ondrej Krehel, Digital forensics and cybersecurity professional, USA Panelists: Charles Tango, CISO, SYSCO, USA
How to raise a number of women in cybersecurity and close the cybersecurity skill gap at the same time? The presentation will describe created concept of Women Security Academy with the details on how it helps women to get to cybersecurity fundamentals and find the job in entry level positions.
Marcela Zimova, Information Security Director, Piano Software, Slovakia
This session is built on my 2 years long research of EDRs and my experience with different EDR solutions during Red Teaming engagements. I will show you how EDRs work and how they don’t always cover all attack vectors as you expect.
Is it a secret, that all modern and especially tech-oriented firms actively reusing 3rd parties? Probably, no. I’d walk audience through the best tools and technics reflecting industry-leading practices to help IT or Dev teams to consum 3rd parties securely, not relying on “somebody else takes care”.
Roman Zhukov, Product Security Lead, Intel, Ireland
BurpSuite – although it’s a great tool it can miss vulnerabilities if you don’t know its limits. We’ll be looking how to programmatically change its behavior to fit the application that you’re pentesting. This is very useful in difficult pentesting scenarios or when pentesting web APIs.
Discover how advanced bad bots are threatening the internet and how they can be analyzed like malicious software to uncover detection strategies. This presentation covers bot types, their impact, ecosystem, and code protection.