THE CONFERENCE IS SOLD OUT!!!REGISTRATION IS NOW CLOSED
The GrEEK Campus171 Tahrir St., Bab El Louk, Ad Dawawin, Abdeen, Cairo Governorate 11513, EGYPT
February 2, 201908:00 AM – 08:00 PM
200 Available SeatsHurryup! Few tickets are left
Lunch & CoffeeFor free
The mist is low over the ground. You walk past the rubble of ransom’d hard drives, manipulated PCBs, and broken systems. The air is heavy with disappointment from keys lost, and the silent betrayal of infected third party libraries. The power has been out for so long and you have lost track of time. But you see a path forward, and It fills you with determination. This talk examines four examples of software supply chain attacks. Each example highlights different aspects of this class of attacks. I discuss method, motive, scale and impact. The examples which will be presented are: getcookies NPM backdoor; Linux mint distribution takeover; MEGA chrome extension hijacking; and NotPetya ransomware attack.Location: Auditorium Biography:
Grace is a Security Engineer at Google working in Detection & Response. She is responsible for detection of malicious activity on Google’s networks and deep analysis of threats on their corporate, production, and acquisition environments. She works on engineering challenges that get Google closer to having fully automated detection and response systems. In her spare time she likes mentoring women in tech, playing video games, and painting watercolors.
Capture the Flag (CTFs) are competitions and puzzles based on real world information security vulnerabilities and challenges that are played online or at security events and conferences. Individuals or teams race against the clock solving complex and fun exercises gathering ‘flags’ to earn points. It’s an opportunity for existing and new skills to meet and grow in a great environment, but many have no idea where to start or how to get involved. If you want to grab some flags this talk is for you! Come play some common CTF games with me where I’ll answer frequently asked questions on how to play and where to find the resources you’ll need to be successful as you start to learn new skills, make new friends and happily pwn all the things no matter your skill level.Location: Auditorium Biography:
Heidi is an Australian professional currently specialising in cyber security risk management, incident management and operations. She has worked in IT project management, system administration, telecommunications and compliance, before making the switch to cyber security, where she has had the opportunity to experience both government and enterprise environments. She has a strong interest in offensive and deceptive security projects and has recently been delving into malware analysis and cyber threat intel. While also being a self-declared perpetual n00b, Heidi spends her time giving back to the community by volunteering at conferences across the globe, organising meet ups and CTFs, and running popular community projects to educate young and old on the joys of the infosec.
With the recent advancements in technology, more people are aware of the importance of security. More companies started paying huge rewards to protect the sensitive information of their customers. Automated scanners won’t yield you bugs these days. Automated scanners can’t be used to scan every website you visit daily. You need a smart scanner while hunting for bugs. Github link of the tool - https://github.com/rewanth1997/vuln-headers-extension I found vulnerabilities in Bugcrowd, Hotstar, Medium, Signup.com, Chargify etc using this minimal browser extension. In this talk, we will be focusing on creating your own minimal smart scanner as browser(Firefox ESR) extension to detect header related vulnerabilities. This extension monitors the request and response headers passing through your browser and detects vulnerabilities in them. The browser extension is capable of detecting CORS misconfigurations, host header injections, and clickjacking vulnerabilities. In the process, you will be learning about basic header vulnerabilities like CORS misconfiguration, host header injection, clickjacking and exploitation scenarios, detection methods and the biggest bounties earned through simplest detection techniques for each of the above vulnerabilities.Location: Auditorium Biography:
Rewanth Cool is currently working as a security consultant at Payatu. He was a speaker at HITB Dubai, Null Pune and trainer at MIT Pune. He participates in numerous Capture-the-Flags (CTF) and enjoys participating in private bug bounty programs. He is a programmer and open source contributor. He collaborated with Daniel Miller a.k.a bonsaviking and added 17,000 lines of code to Nmap. Currently, he is focused on Machine Learning and vulnerability research.
Nobody cares about his smart-home security, and nobody seems to care about smart-city threats that affect billions people. However, what about threats in connected medicine that are able to change the life of a patient? Patient-doctor confidentiality is a sacred bond. A time to share anxieties and concerns with an entrusted caretaker and no one else. So how do we account for that silent third-party watching the doctors? Medical infrastructure is a highly sought after target for motivated cybercriminals. That ‘infrastructure’ is in reality a combination of unusual outdated devices coupled with unpatched forgotten machines. That combination is riddled with entry points into medical networks allowing threat actors to sit alongside doctors and administer their hostile brand of bedside manner. The threat is far from theoretical. This year alone has been riddled with healthcare related headlines: “WannaCry Malware Caused Chaos for National Health Service”, “Two major Indonesian hospitals attacked in ‘ransomware’ storm”, “Hackers publish private photos from cosmetic surgery clinic”. But just how big is this threat? The numbers are staggering. Our research will show that more than 70% of medical organizations have faced some kind of malware attack in the last six months. One in ten was the subject of an attempted ransomware attack. And that the healthcare industry alone accounts for 30% of recent data leaks. Is your anxiety peaking yet? Well, pop a Xanax and join us for a therapy session on the dreadful state of medical infrastructure. Based on research of various smart-city and connected medical devices, this session will offer a guide which will answer the following question: how to survive in the connected world?Location: Auditorium Biography:
Denis has gained diverse experience while working in the information security area. On the defensive side, as a Security Architect, he is responsible for building a security architecture of distributed IT infrastructure across various international business units for a global Fortune 500 company. As a security researcher with the Global Research and Analysis Team at Kaspersky Lab, he was focused on vulnerability research and security assessment of emerging technologies. Based on his offensive expertise, he's been a founder and leading expert in the development of a threat intelligence product. Having graduated from the Information Security Faculty of the National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), he is continuing his research project related to methods of targeted attack detection as a Ph.D. candidate. Denis has presented at many public international security conferences, including Defcon, RSA Conference, CARO, BSides, Infosecurity, as well as multiple closed-door invite-only security industry events.
Social Engineering has many different faces from using open source intelligence (OSINT), phishing,vishing, smishing and all the other '-ishings',dropping weaponized USB flash drives to eventually getting right in middle of your target's own office and pwn all things! As there are many tools and described ways of all the -ishings and almost all of them do not require any interaction with target because it does not require to leave your warm chair in front of your machine at home. But everyone wants to break into buildings like a pirate queen, am I right? To do that , we will have to interact with our target directly and that requires certain knowledge of techniques and skills. I will describe techniques using knowledge of facial expressions, body language, psychology behind influence and persuasion and how to manipulate targets into believing my pretext and comply with my (evil) plans. I will step over to the defensive side as well and explain how to defend against the attack techniques I use.Location: Auditorium Biography:
Grace O’Malley is pirate queen from 16th century that breaks into buildings, exfiltrates sensitive data and gets to places where she shouldn’t be, manipulates people to comply with her demands…oh and Sharka is the nice one, she has been in IT for over 10 years and has rich experience in blue team environment having worked in and managed SOC that guards national British infrastructure in past. Currently she works as penetration tester for SureCloud where she tests everything from infrastructure, web apps to payment systems and specializes in social engineering. In her free time, she researches mainly around radio frequency technologies.
MuddyWater is a threat actor likely based in Middle East, with known activities since at least the middle of 2017. It targets various individuals, government organizations and industries in many countries all across the Middle East and Central Asia, with the highest intensity of targets in Turkey, Pakistan, Afghanistan and Jordan. Starting with spear phishing emails and macro-powered attachments sent to carefully selected high profile targets, the threat actor attempts to deliver and install various backdoors written in different programming languages to the victims' computers – all with the purpose of performing cyber espionage. One of these backdoors has interesting capabilities, such as disk wiping, anti-analysis and numerous false flags. To increase stealthiness, C&C communication is forwarded via PHP proxies hosted on hacked websites, creating an asynchronous communication channel. We took advantage of this configuration to monitor the activity of this actor, discovering the identities of some of the victims as well as some commands which attackers attempted to execute on victims’ machines. In this presentation, we will show the most recent evolution of the tools, tactics and procedures of this threat actor. We will present some examples of targeted documents and the multiple layers of obfuscation added to their payloads. We will also detail the different tools this threat actor uses, and we will propose some ideas on how to prevent and hunt for these threats.Location: Auditorium Jaromir's Biography:
Jaromir Horejsi is a threat researcher at Trend Micro. He specializes in hunting and reverse-engineering threats that target Windows and Linux. He has researched many types of threats over the course of his career, covering threats such as APTs, DDoS botnets, banking Trojans, click fraud and ransomware. He has successfully presented his research at RSAC, Virus Bulletin, FIRST, AVAR, Botconf and CARO.Daniel's Biography:
Daniel Lunghi is a threat researcher at Trend Micro. He has been hunting malware and performing incident response investigation for years, sometimes in IT infrastructures involving thousands of hosts.
Security detection often feels like being stuck in an endless cycle. Acquire new data, sift through the data, get overloaded, drive new automation initiatives to get us out of our backlog, and then we break stuff all over again. What if detection at scale wasn’t this at all? What if our job wasn’t to process logs at all? The Google Detection & Response team would like to show you how we are reframing our perspective of what security engineers should be experts in. Stepping back from the day to day analysis of endless log sources. Instead, we research new detection ideas and codify those into a framework supported by end to end testing. Examples of how real Google security engineers approach this idea included.Location: Auditorium Biography:
Kris Hunt is the manager of the Australian arm of the Google Detection & Response team. He has focused on the detection side of security for the past 15 years and today, his role is to lead teams of security engineers who innovate and evolve Alphabet's detection systems to match the ever increasing sophistication of attackers.
bsidescairo [at] gmail [dot] com