Qubit Conference Prague 2022 - Program Guide
Day 1 - May 25
9:00 - 9:30 - Conference opening - Maria Krahulecova & Rastislav Janota & Karel Rehka & Ondrej Krehel
CEO & Co-founder | Qubit Conference
Chief Scientist & Fellow, Cyber Risk & Resilience Services | LIFARS, a SecurityScorecard Company & Co-founder | Qubit Conference
Director, National Cyber Security Centre (SK-CERT) at National Security Authority | NBU
9:30 - 10:10 - Stop Chasing, Start Defending: Preventing Ransomware with Zero Trust abstract
An increasing number of MSPs have reported being victims of ransomware attacks. Cybercriminals are exploiting MSP products and services, including remote monitoring and management (RMM) tools. These tools are often accessed through software vulnerabilities or brute force attacks. Is your MSP prepared to protect against ransomware? Join Ben Jenkins, ThreatLocker Senior Solutions Engineer as we discuss what you can do to prevent cybercriminals from carrying out an attack.
10:10 - 10:55 - Case study: The First 48 Hours
The first 48 hours after a cyber incident are the most critical time for an organization that has been the victim of a cyber crime. Who? What? Where? How? Why? These are questions every business that has been a victim of a cyber crime want answers to as fast as possible. This presentation will go through the steps that need to be taken to stabilize the victim’s environment, preserve the potential evidence, deal with the threat actors, and mitigate the situation.
10:55 - 11:15 - Coffee Break
11:15 - 11:50 - A New Approach: Redefining Security Validation in Today's World of Endless Threats
If you take a look back, the security industry focused on manual penetration testing and traditional vulnerability scanning to evaluate an organization’s cyber risk and overall security resilience. This is just no longer something that is sustainable with how organizations operate in the digital world. Attacks have become so sophisticated that security teams are realizing that traditional approaches are no longer setting up teams for success and that compliance-focused approaches aren’t indicating the true readiness of an organization against ransomware and other advanced threats.
We are seeing a need to change our approach. Automated security validation is an advanced approach to testing the integrity of all cybersecurity layers.
11:50 - 12:15 - Data Security: From “Need To Know” to “Need To Share”
Organizations are moving from a risk-averse approach of data sharing to data-sharing-first approach. We will discuss the causes for this change, and whether this change is good for security and data teams. Finally, we’ll discuss data security platforms and best practices for data democratization.
12:15 - 13:00 - Improving risk management with cybersecurity testing
Secure development lifecycle includes different activities for achieving a secure product or solution, but unexperienced development teams can easily get lost. We will discuss the advantages of a centralized approach to cybersecurity testing and share best practices on setting it up.
11:50 - 12:15 - Anatomy of supply chain attack (Detection and Response)
Vendor of a Helpdesk system was breached and attacker managed to embed a malicious code into the product source code base. Next product build was released with a backdoor implanted and deployed by the customer base.
12:15 - 13:00 - How ML is used to find command and control channels?
When lights go out in IT systems of the critical infrastructure in a city thanks to ransomware attack, how can machine learning with its models and underline math help to detect attacker?
13:00 - 14:00 - Lunch
14:00 - 14:35 - Connecting the worlds of development and cybersecurity through DevSecOps methodology and tools
Development and cybersecurity teams were disconnected for a longtime, however with emerging threats in the cyberspace, implementation of agile development and push on cybersecurity efficiency, it has to change. Let us guide you though the way how to create synergy between those two worlds and significantly improve your security posture.
14:35 - 15:20 - Flying low - a look at some sophisticated and stealthy attacks in the region
It is no surprise that in last few years we are witnessing a number of attacks that are slowly becoming more sophisticated and stealthy. While there will always be opportunistic attackers that are simply going for the low hanging fruit (and they will always be the majority), we started observing dedicated attackers who want to remain as stealth as possible. At the same time, once such attackers become active, the damage they create can be overwhelming.
This presentation will show technical details about several incidents that Bojan and his team worked on. Specifically, we’ll take a look at a very novel attack against the SWIFT connected systems that was identified in a bank, and a devastating attack against a cryptocurrency exchange. What’s interesting about both of these cases is that attackers invested a significant amount of time into understanding their target’s business processes, before they actually launched the attacks.
14:35 - 15:20 - Demystifying Supply Chain Intrusions
Supply chain intrusions represent one of the most concerning but also most hyped intrusion vectors for cyber impact scenarios. Yet while frequently discussed, little effort has been expended to rigorously define what a supply chain intrusion entails, and what actions are necessary for an adversary to successfully conclude such an operation. This presentation will focus on the methodology behind supply chain intrusions, examining critical attacker decision-points for successful execution, while also identifying opportunities for defenders and asset owners to detect, deter, or defeat such efforts. To illustrate these concepts, we will explore several examples to varying degrees of detail, ranging from the NotPetya destructive event to the Nobelium-linked SolarWinds campaign to more recent items in Ukraine and in ransomware operations. Through this discussion, attendees will learn a more nuanced and complete understanding of supply chain intrusion methodologies and how to usefully counter such attacks.
15:20 - 15:35 - Coffee Break
15:35 - 16:20 - Cybercrime offender Prevention: Understanding Cybercriminal Career Pathways: to Deter, Divert, Degrade or Disrupt
Cybercriminal Career Pathways, youth cybercrime and interventions utilised by Law Enforcement to reduce entry and engagement in all levels of Cybercrime. Interpretation of Digital Responsibility and necessity for Private Sector engagement alongside academic findings on the efficacy of initiatives..
16:20 - 17:05 - [Re-]Enabling Women in Technology: Lessons from the Past for an Inclusive Future
Computing and cyber are male-dominated fields. Yet software development started out as exclusively women’s work. Learn about how industry changes caused women to leave the field, especially in post-Communist nations, and how to tap into women workers’ potential to combat the talent shortage.
15:35 - 16:20 - Anatomy of the CodeCov Breach
In this session, Andy Thompson will dissect and analyze the recent supply chain attack on the DevOps tool CodeCov. He’ll break down what happened, how it happened, and most importantly cover how cybersecurity best practices can prevent such attacks in the future.
16:20 - 17:05 - From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack
Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker’s techniques used and how they went from zero to full domain admin compromise that resulted in a nasty CryLock ransomware incident.
In this session I will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers. The footprints left behind and uncovering the techniques used.
- How attackers gained access to system
- Established staging
- What tools were used
- What commands were executed
- How the ransomware was delivered
- How AD elevation was achieved
Day 2 - May 26
9:00 - 9:30 - Practical Defense Evasion
These days, perhaps most organizations have deployed basic security technologies to protect against cyber attacks. Thus, malicious actors today have to overcome considerable barriers. In my talk, I will show you the various techniques these bad guys use to successfully execute their code, eliminate anti-malware solutions, bypass network restrictions, escalate privileges, or make it difficult for internal security teams to detect and respond. All demonstrated on practical examples on a commonly secured organization.
9:30 - 10:00 - Cyber security talent crisis: Today and Tomorrow
The cyber security talent shortage is no longer a security problem but a global crisis as all of us are under attack. Insufficient staffing, funding and understanding of this problem will make this worse in the next years.
10:00 - 10:30 - Panel discussion: Cybersec talent crisis
9:30 - 10:30 - Cameras, CACs & Clocks: Enterprise IoT Security Sucks - A Story of Two Million Interrogated Devices
Working globally with Fortune 500 enterprises and government agencies we’ve interrogated over two million production IoT devices. The presentation is based on the analysis of over two million Enterprise Internet of Things (IoT) devices. It outlines security challenges and risk mitigation techniques.
10:30 - 10:45 - Coffee Break
10:45 - 11:30 - Philosophizing the security in the Apps world
Try to apply philosophy methods to the Mobile apps security subject domain. The best approach to combat biases and go to the core is philosophizing the subject. I propose to look closer at the security and its perception by users of mobile Apps.
11:30 - 12:15 - Why do companies need tabletop exercises?
Tabletop exercises are a terrific opportunity for companies to prepare for unexpected. Incident response plans and other documentation are an essential part of a company’s maturity in cybersecurity. All plans should be tested, and it is always better to test it outside an actual cyber crisis.
Tabletop exercises offer companies an opportunity to try to work together as a team in times of crises and see what could be improved and which parts of the crises the company is managing well. In this presentation we will show the most common mistakes that companies are making in exercises and during the major breaches. Who will be making the decision in your company whether to pay or not to pay the ransom and based on which information decision will be made?
10:45 - 11:30 - Dumb and Dumbr
In the age of sophisticated attacks of the 21st century, is there any room left for those who prefer brawns over brains? The answer will shock you… not. Our presentation will look into a few important cases of past and current malware which went the destructive way; focusing not just on the goals they were trying to achieve but also on the means used to do so.
11:30 - 12:15 - Cryptocurrrency Crime, Investigation and Crime Prevention
12:15 - 13:15 - Lunch
13:15 - 13:25 - Introduction of project LOCARD
Digital evidence is nowadays an integral part of criminal investigations, and it is not only focussed on cybercrime specific cases, but also on determining criminal behaviour (i.e., financial fraud, theft of intellectual property, industrial espionage and terrorist networks) that constantly use the Internet and cyberspace. Thus, the ubiquity of digital devices along with its correct management remains extremely important.
The European project LOCARD addresses this need by providing a unique platform for exchanging this evidence. The project would automate the collection of digital evidence in any electronic format and medium. Its goal is to provide a comprehensive management approach to handle digital evidence to be presented in a court of law, alleviating many issues of current art and practice. LOCARD aims to increase trust in the handling and processing of digital evidence and the management of chain of custody by providing transparency and using immutable chain of custody stored with blockchain technology.
13:25 - 14:10 - Engaging your Board and Senior Leadership
Sharing experience as someone who has engaged all levels within large & mid-size companies, Rays presented to governments, ministers, and board directors. Discussing lessons learned with examples of what will be asked from Board Directors & Senior Leaders at this level & how to avoid Bear Traps
14:10 - 14:55 - The Social Dilemma
I will be discussing how social media causes issues for people and companies. This discussion looks at the research we have done into interest groups, propaganda, and unethical practices that social media utilizes to produce fake narratives that trap people, attack teenagers, and force them to be hyper sexually active as well as create an environment of aggression.
13:25 - 14:10 - The growing problem of leaked credentials - How adversaries find and use secrets to break into our systems
Secrets like API keys are sprawling through the internet at an alarming rate. In 2021 a research project uncovered 6 million leaked secrets publically. This presentation reviews that research and uses recent breaches to show how adversaries discover and exploit secrets to breach organizations.
14:10 - 14:55 - Traps and gaps of E0T (Email Zero Trust)
Emailing world applies the E0T best practices and standards for decades. Which are the key technologies, their efficacy compared to MITRE ATT&CK TnT’s, and practical impacts on the balance between security and deliverability?
14:55 - 15:25 - Cyber Threat Observations
Cyber threats increase in volume and sophistication each year, even taking advantage of the COVID-19 pandemic. See how the FBI views these threats and works to increase awareness to mitigate them.
How to implement risk management in an organization
The goal of the workshop is to show practical ways how to implement security risk management in your organization. We will present the importance of ICT risk management in terms of organizational management and the best utilization of resources in the organization. We will use practical simulations in which we define and test the entire risk management life cycle. We will learn how to set up risk management processes so that the information security and business area would be interconnected, and at the same time understandable for the top management in the organization.
Introduction to hacking gamification
Staying up to date and learning hacking techniques is one of the best ways to know how to defend your organization from cyber-attacks. Hacking gamification is on the rise to help keep security professionals up to date on the latest exploits and vulnerabilities. This workshop is about helping you get started with hacking gamification to strengthen your security team whether it is about understanding hacker techniques, pentesting or incident response.
Targeted Threat Hunting
Incidents happen. The question is when. And maybe even better question is not when it will happen, but what if it has already happened. The attack could be stealthy and undetected yet. However, we can assume that the attack is still ongoing. Now, with this mindset, lets focus on our possibilities. How we can detect the attack and verify our hypothesis? The answer is Threat Hunting.
Additional Conference Events
May 26, 10:30 - 13:30 - CISO Club - 12th meeting
CISO Club represents the independent Slovak – Czech community of CISOs (or similar positions), who discuss the most important cybersecurity topics and challenges. This meeting will be held in Slovak language.
- Porovnanie Cloud služieb z pohľadu security AWS/Azure/Google
- Proces na používanie cloud compliance security
- SOC a využívanie Threat Inteligence v praxi, SW na Incident Management – praktické skúsenosti s nasadením, prevádzkou
- Skúsenosti s prevádzkou Pentery a podobných nástrojov v spoločnostiach
- Zmeny v štandardoch: NISv2, nové ISO 27002
- Nový pohľad na IKT bezpečnosť vzhľadom na udalosti okolo nás
Bonus virtual sessions
From SEH Overwrite with Egg Hunter to Get a Shell
For end, we gonna learn create from zero an exploit, to exploit a Buffer Overflow vulnerability utilizing the technique SEH Overwrite with use of Egg Hunter, and we will looking for badchars to avoid errors in our shellcode, all this to get a reverse shell.
How to Secure Your Software Supply Chain – Practical lessons to protect your app
Open source code makes up 90% of most codebases. How do you know if you can trust your open source dependencies? It is critical to manage your dependencies effectively to reduce risk, but most teams have an ad-hoc process where any developer can introduce dependencies leaving organizations open to risk from malicious dependencies. Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022 and beyond. We’ll dive into examples of recent supply chain attacks and what concrete steps you can take to protect your team from this emerging threat.
Insider Threat: What is Social Engineering?
Retired Criminal Profiler & Hostage Negotiator, Crux Conception, has taken his years of training, education, and experience to develop a method that will allow individuals within The Tech Community to utilize: social, people, and observation skills, to detect potential theft.