Agenda

1 OCT

14:05 - 14:10 -> Opening remarks, Bernhards Blumbergs (CERT.LV);
4:10 - 15:00 -> Communication in HyperV, Jaanus Kääp (EE),
This talk will give an overview of some of the communication paths and methods used by Windows in the HyperV environment, with emphasis put on the knowledge needed to intercept such traffic for research and fuzzing. Speaker will also make one of his own tools public that allows sending, recording, and fuzzing hypercalls;
15:10 - 16:00 -> An Overview of the Ransomware Defense Evasion Techniques, Alexander Adamov (UA),
The talk will shed light on the defense bypassing techniques used in the targeted ransomware attacks this year;
16:10 - 17:00 -> Made in Latvia: Slack RCE, Oskars Veģeris (LV),
The talk will present a case study on how to debug & exploit modern ElectronJS applications;
17:05 - 17:20 -> Overview of the CTF day one, Hans Lõugas (EE).

2 OCT

14:05 - 14:10 -> Opening remarks, Bernhards Blumbergs (CERT.LV);
14:10 - 15:00 -> Up your Threat Hunting Game using Yara, Dan Demeter (RO),
Talk aims to provide the audience hands-on experience to the industry wide pattern matching tool called Yara and how you can start creating your own hunting rules in a matter of hours;
15:10 - 16:00 -> Metadata in Digital Photos: IP, Data protection and Forensics, Kārlis Apalups (LV),
Aim of the talk is to show how metadata in digital photos can be used for different purposes and is a liability if disregarded as non important;
16:10 - 17:00 -> A Deep Dive into Emotet's Email Stealing Module, James Quinn (US),
The talk aims to give a hands-on walk through Emotet's Email Stealing Module, including explanations of the Com Objects, and tips/tricks for walking through them;
17:05 - 17:15 -> Overview of the CTF day two and winner announcement, Hans Lõugas (EE);
17:15 - 17:20 -> CTF awarding ceremony, Uldis Lībietis (LV).

Speakers

Jaanus Kääp == {Security Researcher, Clarified Security, EE;
His expertise is currently focusing on penetration testing, exploit development, and security research.
}
Alexander Adamov == {Founder and CEO, NioGuard Security Lab, UA;
Dr. Alexander Adamov analyses the newest breeds of ransomware and explores AI/ML capabilities to detect cyberattacks.
}
Oskars Veģeris == {Security Engineer, Evolution Gaming, LV;
His focus is on application, system security and exploitation research.
}
Dan Demeter == {Senior Security Researcher, Kaspersky, RO;
Dan graduated from Imperial College London and holds a Master of Engineering in Software Engineering. He then joined Kaspersky Lab in 2014 where his work focuses on developing threat intelligence systems, processing big data and creating new technologies to fight advanced persistent threats.
}
Kārlis Apalups == {Security Consultant, TET Group, LV;
He has seven years experience in security industry, working in public and private sectors as security specialist (both Physical and Cyber). Currently holds BA in Organisation Security and studies MBA in Cybersecurity Management.
}
James Quinn == {Threat Reseracher, Binary Defense, US;
James works at Binary Defense as a Threat Researcher and primarily as a reverse engineer of malware/tools to understand their behavior and write better detections for that behavior for a variety of EDR tools.
}
Hans Lõugas == {CTF Producer, Cybexer Technologies, EE;
Hans has been working with technology and cybersecurity journalism, communication and analysis for the last decade. Now his mission with CybExer Technologies and CTF Tech is to bring new people to cyber security, especially through events like CTF.
}
Uldis Lībietis == {CISO, TET Group, LV}

Aftershock

The conference is over, but we would like to share some information with you:

An Overview of the Ransomware Defense Evasion Techniques, Alexander Adamov
Up your Threat Hunting Game using Yara, Dan Demeter
A Deep Dive into Emotet's Email Stealing Module, James Quinn
Overview of the CTF day one, Hans Lõugas & Aare Reintam
Overview of the CTF day two, Hans Lõugas & Aare Reintam

CTF

1st place EVOSEC
2nd place К|/|БЕР BABUSHKA
3rd place L&B
// EOF
CTF status CLOSED!
CTF style Jeopardy && infrastructure takeover
Registration start 22SEP 12:00 (UTC+3)
Registration end 29SEP 23:59 (UTC+3)
Registration confirmations Until 30SEP 17:00 (UTC+3)
CTF start 01OCT 09:00 (UTC+3)
CTF end 02OCT 17:00 (UTC+3)
Maximum team count 30
Participants per team 2 to 5
Awards Top three teams based on the points scored
CTF provided by CybExer Technologies && CTF Tech (EE)
Infrastructure provided by TET Group (LV)