We recognized the need to address information security at all levels at the same time and the same place.
We value the importance of knowledge and experience sharing.
Therefore, we provide everyone with the opportunity to share their knowledge and build their new experiences. Dive in and go deep with us.
Technical and low level stuff is in the focus here. It might be a game for some, but various real-world attack simulations can be expected in here, as well as hacking, exploits and malware dissecting. New ideas on how to identify and exploit vulnerabilities are more than welcome.
A combination of technical and management stuff is in the focus here. How to orchestrate people, technology and processes to achieve maximum protection efficiency? Topics such as infrastructure protection, damage control, threat intelligence and incident response. Case studies can be found in this track.
It’s all about management in here; governance, risk, compliance and business in general. Most of the people in here will try to get everyone on the same high-level page. It’s about understanding each other and dealing with future ideas and collaboration between business areas.
Do you want to test your decision-making abilities to see how well you manage crisis situations? This room will provide a unique educational opportunity that will guide you through key moments in a cyber incident on critical infrastructure. Whether you are from a technical or management world this workshop is the place to be! We are not looking for your technical skills, but decision-making skills!
Bojan Alikavazović is a senior consultant for information security in Diverto d.o.o. He is a member of Security Operation Center (SOC), responsible for monitoring, processing and managing security incidents in different business environments. He is experienced in penetration tests, reverse engineering of the malicious code, security hardening, revision of network architecture for the security improvement, as well as in integrating various solutions for detection and blocking of cyber-attacks.
Capture the Flag (CTF) is a competition where the entrants are solving different tasks from the fields of information technology and information security. The tasks are usually interesting and educative, requiring from the entrants to find certain parts of the text, called the flag. It might be hidden on a server, at a page or wherever an information could be hidden. CTF is open for all, there are no pre-requirements for entering it, so there is no reason why you shouldn’t try to participate, even in anonymous mode. It is also worth to participate knowing that the best entrant can earn some valuable prizes.
Filip Rapaić is an information security consultant in Diverto d.o.o. He is a member of the Security Operation Center (SOC), an entity responsible for monitoring, processing and handling the security incidents in various business environments. His fields of expertise are the incident responding and malicious code analysis. At Diverto he is also a specialist for Capture the Flag (CTF).
Research attacking ML-based image classifiers is common, but it is less frequent to see a study on how someone can bypass ML-based malware detection. Authors of presentation are Zoltan Balazs and Hyrum Anderson. In 2019, they organized a contest where participants had to modify Windows malware in a way where the provided three ML engines do not detect it. However, the modified sample is still functionally equivalent to the original binary. As it turned out, it is not that hard to come up with a generic solution which can bypass all three engines. In this presentation, we will discuss the details of the contests from 2020 and 2019, some of the techniques used by the participants (packing, overlays, adding sections), and information on the defensive tracks.
Zoltan Balazs (@zh4ck) is the Head of Vulnerability Research Lab at CUJO AI, a company focusing on smart home security. Before joining CUJO AI he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras.
He has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking.
An analysis of how the PAM solution was implemented in Fina system, presented by one of the key people who were involved in that process. Case study of PAM implementation in an extremely complex environment with huge number of systems and different access levels.
Ivan Poljak is one of the leading Fina engineers for cyber and IT security. He was involved in setting up of different security solutions (SIEM, DAM, APT, DLP, PAM) and actively contributes to ongoing development of different services within Fina, due to his vast experience. He graduated at FER and works at Fina since 2008., as system architect, security administrator, security analyst and security team leader at diverse Fina projects. He is actively involved in CERT’s work on recognition and blocking of security threats within FINA.
Critical infrastructure protection has been a high-profile topic for at least a decade. One reason for this is the growing exposure of industrial environments to security threats through the use of the Internet as well as through the use of standard hardware and software, from which they were historically isolated. Another reason is that the potential impact of attacks on critical infrastructures can no longer be ignored. In the past years, IT security experts became increasingly more involved with the protection of industrial control systems against cyber-threats and becoming responsible for establishing consolidated IT-OT SOCs. However, the harmonization of modern IT security approaches and the traditional process control culture is far from reality. The purpose of this presentation is to help IT security experts understand the specifics of OT environments as well as the associated vocabulary and mindset.
Using the example of monitoring functions of IT infrastructures and industrial processes, as well as two seemingly very different job functions such as SOC Analyst (IT) and Control Room Operator (OT), it will be shown that the operational tasks of both job functions are fundamentally very similar. During the presentation, the similarities and specifics will be discussed in the context of key areas such as vocabulary, types of anomalies/events/threats, SIEM vs. HMI applications, alarm configuration and management, anomaly detection, event logging, and SOPs. Additionally, on the example of a real security incident, it will be shown how IT and OT teams can interact and work better together.
After this presentation, IT security experts will have a much better understanding of daily OT operations and its ecosystem, understand IT-OT synergies, and identify opportunities for cross-functional learning. But more importantly, IT experts will be able to better communicate with OT colleagues and ultimately achieve the much discussed "IT-OT Convergence".
Marina Krotofil is a Cyber Security Product Owner, Industrial Technologies: Connected Vessels, Terminals and Warehouses at A.P. Moller – Maersk in UK, with a decade of experiences in advanced methods for securing Industrial Control Systems (ICS). She is also an experienced Red/Blue Teamer who contributed research on novel attack vectors and advanced exploitation techniques, incident response, forensic investigations and ICS malware analysis. Previously, Marina worked as a Cyber Security Lead at ABB (UK), Senior Security Engineer at BASF (Germany), Principal Analyst and Subject Matter Expert (SME) in the Cyber-Physical Security Group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 25 academic articles and book chapters on ICS Security and is a regular speaker at the leading conference stages worldwide. She is also a frequent reviewer of academic manuscripts and talk proposals including Black Hat and USENIX WOOT. Marina holds an MBA in Technology Management, MSc in Telecommunications, and MSc in Information and Communication Systems.
Can Croatia be competitive in information security knowledge and experience needed for a booming industry? More than three million new jobs in that sector are expected to be created within next few years. An interesting subject will be discussed by dean of Faculty of Organization and Informatics prof. dr. sc. Nina Begičević Ređep, vice dean of Zagreb University of Applied Sciences mr.sc. Marinko Žagar, head of Laboratory for information security and privacy at Faculty of Electrical Engineering and Computing doc. dr. sc. Stjepan Groš, as well as our experts, Marko Grbić from Avola and Alen Delić from SpotMe.
After IoT devices started to spread out throughout the internet, malware-based abuses of those devices are on the rise.
From our malware repository we copied 150,000 samples of IoT related malware for analysis. We obtained initial analysis results (how A/V software classified them) and analysed them to have similarity information. These initial steps let us have a first classification of the samples, resulting plausible classes of similar samples. We started to analyse samples both automatically and manually and found some interesting insights. For example, some malware samples built on the leaked source code contained symbol information, and that helps us a lot to identify functions in malware samples that do not have such symbol information incorporated. Also, we can investigate evolution of some functionality by looking up the code parts in the evolution of the samples.
Ultimately, scaling of code level analysis of IoT malware samples is something possible and can help us to better detection and better understanding of the situation. In addition to the previous topic, I will try to give some insight about installing emulation-based environment, a "sandbox", for which we already see malware samples to build detection and anti-analysis efforts.
I will shortly talk about building such sandbox environments and how to avoid malware to circumvent analysis in the environment.
Dr. Boldizsár Bencsáth received the M.Sc. and Ph.D. degrees in Computer Science from the Budapest University of Technology and Economics (BME) in 2000 and 2009, respectively. He also earned the M.Sc. degree in economics from the Budapest University of Economics. From 1999, he is member of the Laboratory of Cryptography and Systems Security (CrySyS) of BME. His research interests are in network security, including DoS attacks, spam, malware, botnets, and cyber-physical system security.
Among other things, Boldizsár also works in multiple start-up companies of the lab and participates in a number of consulting projects in the field of ethical hacking, security design and forensics. Boldizsár led the team in the CrySyS lab that investigated the Duqu malware and later worked on a number of other well-known APT attacks and currently works on actual questions of malware-based attacks, cyber-physical system security (including cars, factories, nuclear power plants), and other related topics.
It's difficult to read any information security news lately without learning about large corporations being extorted by cyber criminals. In today's threat landscape, organisations increasingly rely on red teams to identify risks and mitigate vulnerabilities in their infrastructure, so much so that an entire industry exists around tools to help facilitate this effectively and efficiently as possible.
Dual-use tools are developed to assist administrators in managing their systems or assist during security testing or red-teaming activities. Unfortunately, many of these same tools are often co-opted by threat actors attempting to compromise systems, attack networks, or otherwise adversely affect companies. This talk discusses the topic of dual-use tools and how they have historically been used in various attacks. We dig deeper in dual-use tools detection to try to find out who could hide behind them - a friendly red team member or a real attacker?
Vanja Švajcer works as a Technical Leader for Cisco Talos. He is a security researcher with more than 20 years of experience in malware research and detection development. Prior to joining Talos, Vanja worked as a Principal researcher for SophosLabs and led a Security Research Team at Hewlett Packard Enterprise.
Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He thinks time spent scraping telemetry data to find indicators of new attacks is well worth the effort. He presented his work at conferences such as Virus Bulletin, RSA, CARO, AVAR and many others.
Our great roaster of DEEP presenters has a very interesting recent addition. Daniel Gruss (@lavados) is an Assistant Professor at Graz University of Technology and will be one of the presenters at DEEP .tech track. Specialized in hottest, up-to-date security issues, he will announce the theme only shortly before the conference, deciding on what is the most actual and important by then. We’re looking forward to that!
He finished his PhD with distinction in less than three years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel's research focuses on side channels and security on the hardware-software boundary. His research team was involved in several vulnerability disclosures, including Meltdown and Spectre. He has co-authored more than 20 top-tier academic publications in the past five years and received several prizes for his research.
This presentation is addressing some of really important questions in our business.
What is it about and is it significant for you? Let’s check:
Do you use MITRE ATT&CK framework?
If you are a red teamer, blue teamer or incident handler - you should. To make it simpler, if you are an X teamer - you should definitely use it. If you are an adversary - you probably already are using it.
So, what's the point behind it?
Released to the public in 2015, MITRE ATT&CK framework gives the context to the attack. Instead of trying to identify tools and malware used in adversary campaigns, the focus is on techniques (how) and tactics (why). If you want to learn about MITRE ATT&CK framework and how to use it in your incident handling or X teaming - this is the right lecture for you. Or, if you just want to see the process a decent hacker would go through (DEMO: from initial foothold to persistence), you should join us too.
Of course, Robert will do the talk on the basis of vast personal experience. He works as a senior information security consultant in Eduron IS, the company dedicated to IT security education, penetration testing and computer forensics. He is also a lecturer in most successful Croatian private college Algebra - university college for applied computer engineering, where he has designed several courses related to computer security and forensics.
Robert is Microsoft certified trainer since 2002, EC-Council certified trainer since 2008 and ISC2 certified trainer since 2014. He works mainly in security field starting 2004, and Microsoft acknowledged this at 2008, assigning him Microsoft most valuable professional recognition for nine years in a row. For the last sixteen years Robert is working on programs related to ethical hacking and IT security awareness for systems administrators, developers and IT security consultant. He is also often a lecturer at regional IT conferences.
Broadcom’s Symantec Enterprise Division, the global leader in cyber security, helps organizations and governments secure identities and information wherever they live. The Symantec Integrated Cyber Defense (ICD) Platform simplifies cyber security with comprehensive solutions to secure critical business assets across on-premises and cloud infrastructures. Symantec Endpoint Security, Information Security, Web & Email Security, and Identity Security solutions are uniquely integrated and infused with rich threat intelligence from the Symantec Global Intelligence Network as well as advanced AI and machine learning engines to protect data where it resides, to connect trusted users with trusted applications, and to detect and respond to the most advanced, targeted attacks.
Veracomp is a regional representative of leading ICT companies, offering security, network, telecommunications and data center solutions. They have been present on the market since 2001, when they started distributing security solutions, and to this day they follow trends and continuously add leading companies to their portfolio. Through a long-standing presence in the Adriatic region, Veracomp offers pre-sales and technical support to its partners, as well as education and consulting services. The goal of Veracomp is to be an extended hand and support to partners in the entire business process and to provide services that ensure continuity and flexibility of work, security of data from threats and insight into the activities of system users.
Kodeks is for more than 30 years known as first Dell Distributor in Croatia. Over the years it has developed into one of the leading system integrators in the region and beyond. Through direct collaboration with global technology partners such as Dell, Cisco, Mitel and Bosch Kodeks delivers information technology, telecommunications, networking and security systems, integration services, maintenance and support. Kodeks’s customers are leading telecom operators, government institutions, hotels, finance institutions, commercial and global customers.
Nestec is a value-add distributor of cloud and on-premise solutions for managed service providers and IT professionals with focus on security, communication and documentation of IT environments. In our portfolio you will find well-known technologies and established vendors like Solarwinds, Altaro and Thycotic, as well as innovative vendors and technologies that set new trends, help retail partners and managed service providers to create new projects and improve their service offering. In addition to solutions we provide sales and technical trainings, business and marketing consulting, and support our partners in all phases of the sales and implementation process.
Falkensteiner Punta Skala, hotel IADERA
Punta Skala bb, HR-23231 Petrčane
the best suited mid-Dalmatian conference venue waits for the participants of very first DEEP
Looking for starting in very best possible manner, DEEP proudly presents an excellent venue for the first conference, to be held from 14th to 15th of April 2021. We are proud to welcome you to glorious five-star Falkensteiner Hotel & Spa Iadera
Hotel & Spa Iadera - part of famous Falkensteiner Punta Skala Resort, one of most respected tourist complexes in whole Adriatic area. Resort is conveniently situated just a short drive from vibrant city of Zadar but it also contains all the facilities any conference attendee might need during a stay. Even if this is first DEEP, we have huge experience in organizing similar events, and it assured us that single-point conference is the most convenient way for our guests and visitors to enjoy both the conference and any free time dedicated to themselves.
Apart from breath-taking location directly at the top of the Peninsula and exclusive 5-star service, at our chosen venue you can also enjoy Mediterranean cuisine with hotel restaurant, fish restaurant Bracera, Steak house Planika and Hideout beach bar directly at the sea.
Should you want to stay for the weekend, there are several great areas for visiting, from the ancient town of Zadar, famous - among other things - for the most beautiful sunset in the world, to the national parks of Velebit and Kornati or worldwide known sci-fi landscapes of island Pag.
We are looking forward to be your hosts at this magnificent hotel during the conference. Online registrations will start soon, offering you accommodation in single or double rooms at this hotel during the process, at special prices agreed with Falkensteiner Hotels & Residences, available only to the DEEP attendees. Should you have any additional questions please be free to ask us at email@example.com. We are sure that this venue will fully enhance your experience and make your stay there during DEEP more enjoyable.
Unfortunately, unpredictable situation with pandemic and constant changing regulations about travelling and gatherings influenced DEEP conference, like many other events. Thus, we had to postpone the inaugural DEEP conference, so it will happen 29. - 30. September, 2021. in Petrčane, Croatia. Same venue, same presentations, workshops and everything else, but at different date. Pricing remains the same as well, with all paid tickets and hotel reservations valid for the new dates. We are truly sorry not to be able to meet you at the initially planned time but we also plan to add a lot more details and content to the conference within these extra months of preparation, so that your experience will be even better.
All the participants should be assured that:
We appreciate your time and are trying to share all the information with you immediately, so that you can organize it. Please follow us at https://deep-conference.com/ or our Facebook and Linkedin pages. We’ll try to answer all your questions and are really happy to provide you nice and fulfilled, really DEEP experience, at whatever dates possible.