CERT.LV

Location

VIDEO RECORDING
Technical track "CyberShock", 4 OCT: https://www.youtube.com/watch?v=-70Mlkmtdds
Technical track "CyberShock", 5 OCT: https://www.youtube.com/watch?v=iBSj9NMTUwQ
04 && 05 October | 2022
Conference_time_zone == Eastern European Summer Time (UTC+3)
On-line - CERT.LV page (URI TBD)
On-site - Limited seating on 04OCT, H206 Convention Hall, Aisteres Str. 2, Riga, LV-1007, Latvia
Topic discussion and questions to the speakers -> Discord

Agenda

04 OCT

14:00 - 14:05 -> Opening remarks, Dr. Bernhards 'BB' Blumbergs (LV);
14:05 - 14:55 -> Building highly available secure infrastructure based on Zero Trust, Jamie Bodley Scott (UK),
Zero Trust [ZT] is a security framework that requires users, wherever they are connecting from, to be authenticated, authorized, and continuously checked for any changes to their posture. Access may then be granted to select applications as long as the posture is maintained. Zero Trust assumes that there is no traditional network edge and applications can be local, remote, in the cloud, or any combination thereof. What steps can be taken to ensure that a ZT infrastructure is (very) highly available [HA]? This talk explores the many aspects of deploying HA ZT from the very beginning (Single packet authorization) to the aftermath (monitoring and audit logs);
15:00 - 15:50 -> Escaping from isolated environments, Mikko Kenttälä (FI),
We still heavily rely on isolation and "air gaps" as a security control in OT/banking/healthcare/secretive networks. Based on our experiences over 80% of the critical networks are leaking despite isolation attempts. I will walk you through the main technical and non-technical reasons why this is the case;
16:00 - 16:50 -> Moxa NPort Unauthenticated Denial of Service, Casper Bladt (DK),
A critical DoS vulnerability was found in the Moxa NPort product, and in this presentation, I will cover how we approached the product and how we found the vulnerability. I will talk on how this vulnerability in theory could be escalated to remote code execution. I get into the potential impact of this vulnerability and how we worked with the vendor to have it fixed;
17:00 - 17:50 -> Assemblyline – File triage & malware analysis at scale, Jean-Pierre Vigneault & Kevin Hardy-Cooper (CA),
We will take you around many of the new features & key concepts of Assemblyline 4. Using malware samples we will demonstrate the importance of recursive file analysis in combination with many tools from the infosec community and security vendors. We will highlight the importance of having the ability to quickly add detection to react to new techniques, such as the recent trend with .iso and .lnk files;
17:50 - 18:00 -> Closing remarks and CTF Day1 summary, Dr. Bernhards 'BB' Blumbergs (LV).

05 OCT

14:00 - 14:05 -> Opening remarks, Dr. Bernhards 'BB' Blumbergs (LV);
14:05 - 14:55 -> ROP-ing your way on Aarch64, Sascha Schirra (DE),
Nowadays many devices, e.g. Smartphones, Tablets, and Computers, utilize a CPU based on Aarch64 architecture. This technical talk gives a brief introduction to Aarch64 architecture. Furthermore, it explains Return Oriented Programming (ROP) on Aarch64 and shows how to create so-called working ROP-chains;
15:00 - 15:50 -> Decoding of Bluetooth from radio signal, Ēriks Dobelis & Dr. Pēteris Paikens (LV),
During the talk we will show that using universal SDR equipment Bluetooth traffic can be recorded and decoded;
16:00 - 16:50 -> Financial Econometrics Models for IEC104 Attack Detection, Caleb Mathis (US),
This talk will introduce IEC 104 background and protocol sequencing and explore aspects of why to use financial models for SCADA network time series analysis and how to achieve the reduction of false positives through GARCH and ARIMA modeling. This talk will take a dive into the Industroyer 2 malware requirements;
17:00 - 17:50 -> My journey to find vulnerabilities in macOS, Mikko Kenttälä (FI),
My journey to find vulnerabilities in macOS. During 2020 and 2021 I found two major vulnerabilities from macOS. In this presentation I walk you through the whole exploit chain to compromise users' sensitive data with one click. I will also explain my methodology to find logic bugs.;
17:50 - 18:00 -> Closing remarks and CTF award ceremony, Dr. Bernhards 'BB' Blumbergs (LV).

Speakers

Dr. Bernhards 'BB' Blumbergs == {CERT.LV, Lead Cyber Security Expert;
Dr. Bernhards Blumbergs is a lead cyber-security expert at the Information Technology Security Incident Response Institution of the Republic of Latvia (CERT.LV) and the former Technology Researcher at the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) also the Ambassador of the Centre since 2018. He is the creator and the technical director of the world’s largest and most innovative full-spectrum offensive cyber operation exercise Crossed Swords. He is a certified exploit researcher and advanced penetration tester (GXPN), industrial cyber security professional (GICSP), and response and industrial defense expert (GRID). He has a solid military background, targeted at developing, administering, and securing wide-area information systems.Dr. Blumbergs received his Computer Science PhD degree in Cyber Security from Tallinn Technical University in 2019, with his dissertation on specialized cyber red team responsive computer network operations.
}
Jamie Bodley Scott == {AppGate, Senior Product Manager;
Jamie Bodley-Scott is a specialist in the security sector where he has worked for two decades. Initially working for his own company where he supported AirZip and Appgate in the UK. He was an active member of the Jericho Forum and co-author of the paper which won the Jericho Challenge in 2005 - "Moving away from the firewall-centric view of security". He is now a Senior Product Manager at Appgate with responsibility for the company’s SDP product offering. Originally qualifying as an electronics engineer, subsequently achieved both Chartered Engineer and Chartered Marketeer status. He has worked in many disciplines including hardware and software design, project management, sales & marketing, quality, product management, and general management in industries as varied as defense, aerospace, automotive, mobile, retail, financial services, and IT security. In his spare time, he has a habit of building/modifying houses and enjoys sharing his view of the world through photography.
}
Mikko Kenttälä == {SensorFu, CEO;
Since I remember, I have hacked, built, and broken stuff, and that landed me a career in cybersecurity over 10 years ago. I have done technical security audits, hunted bug bounties, and now also built security products as CEO of SensorFu. Hacking still makes me happy, I enjoy blue and red teaming in exercises, and I am interested in defending electronic freedoms and privacy in our digital society.
}
Caleb Mathis == {SynSaber, Principal Content Engineer;
Caleb is a Principal Content Engineer at the industrial security company Synsaber. A chemical engineer by trade, with experience in oil and gas was transitioned to the electric sector as a security analyst before expanding across sectors via SCADA red teaming. Currently, lead for protocol and control system R&D with a focus on aligning red team experience to defensive detection capabilities.
}
Jean-Pierre Vigneault & Kevin Hardy-Cooper == {Canadian Centre for Cyber Security, Expert Engineers;
Jean-Pierre has 16 years of experience in Infosec. Working on Red Team exercises, and EDR engineering and is now leading the Malware analysis & automation team at the CCCS.
Kevin is a sandbox expert at the CCCS, he contributed to the Cuckoo project & is now one of CAPE's top contributors.
}
Sascha Schirra == {Recurity Labs, Security Consultant;
Sascha is a Security Consultant at Recurity Labs GmbH with a strong interest in binary exploitation on mobile devices. Prior to joining Recurity Labs, he worked several years for the german armed forces as a specialist for reverse engineering and binary exploitation and gave several courses for the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE).
}
Casper Bladt == {ICS Range, Technical Lead;
With 8 years of experience in the development of embedded and ICS software, Casper Bladt now combines his ICS knowledge with cybersecurity. In 2016 he qualified for the Danish Defence Intelligence Service's Hackeracademy, and again for the national hacking team boot camp in 2018 and 2019. Now he is the technical lead on the ICS Range platform - an interactive educational platform, where both red and blue teams will be challenged in ICS cybersecurity.
}
Dr. Pēteris Paikens == {The University of Latvia, Institute of Mathematics and Computer Science, Lead Researcher;
Pēteris is a senior researcher at University of Latvia Institute of Mathematics and Computer Science Artificial Intelligence laboratory, working on applied machine learning in the domains of cyber security and natural language processing. He is also teaching at University of Latvia and Riga Technical University. His earlier industry experience includes consulting on IT security, software architecture and machine learning applications, and 10 years working in banking.
}
Ēriks Dobelis == {The University of Latvia, Institute of Mathematics and Computer Science, Researcher;
Ēriks has an extensive cyber security background, and currently is working as a researcher at University of Latvia Institute of Mathematics and Computer Science Artificial Intelligence laboratory working on projects related to radio signal processing.
}

CTF

CTF status GameOverMan!
First position EVOSEC
Second position K|/|BEP BABUSHKA!
Third positionWESHOWEDUP
CTF style Jeopardy && infrastructure takeover
CTF start 04OCT 09:00 (UTC+3)
CTF end05OCT 16:00 (UTC+3)
Accepted team count 40
Maximum members per team 5
Awards Top three teams based on the points scored
CTF provided by CybExer Technologies && CTF Tech (EE)
Infrastructure commitment Tet Group (LV)
Awards provided by CERT.LV