-
Kim Zetter
Journalist, writer
American freelance journalist in Oakland, California.
She has written on a wide variety of subjects from the Kabbalah to dining out in San Francisco to Israel to cryptography and electronic voting, and her work has been published in newspapers and magazines all over the world, including the Los Angeles Times, San Francisco Chronicle, Jerusalem Post, San Jose Mercury News, Detroit Free Press, and the Sydney Morning Herald. She has been a staff reporter at Wired, a writer and editor at PC World, and a guest on NPR and CNN.
She is probably best known for her reporting for Wired News, where she has written over 100 articles. Some of her work, such as that dealing with the security problems of electronic voting machines, and public interest in the CIA's Kryptos sculpture, introduced stories that were not covered by the mainstream press until months later. Her 2003–2004 series of articles on electronic voting won several awards, and she was shortlisted for the prestigious Investigative Reporters and Editors Award.
Zetter has interviewed and written about many notable people including sculptor Jim Sanborn (creator of the CIA's Kryptos sculpture), Ed Scheidt (Chairman of the CIA's Cryptographic Center), Mike Lynn (about the Cisco scandal in 2005), Australian film director Baz Luhrmann, United States Assistant Attorney General Viet Dinh (creator of the Patriot Act), and the famous cryptographer Bruce Schneier.
Stuxnet and Beyond: The Age of Cyberwarfare
In June 2010, researchers with an antivirus firm in Belarus discovered malware on com-puters in Iran that were causing the machines to crash repeatedly. At first they thought it was a routine virus. But as they and other experts around the world delved into it further, they discovered the code was a mysterious worm of unparalleled complexity. They had, they soon learned, stumbled upon the world's first digital weapon. Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual physical destruction on equipment controlled by the computers -- in this case, cen-trifuges used to enrich uranium for Iran's nuclear program.
Kim Zetter, author of the book Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, will tell the story of Stuxnet's planning, execution and dis-covery and why the attack was so unique and sophisticated. She'll also discuss the impli-cations and repercussions of the assault and why it was the harbinger for attacks on other critical infrastructure in Ukraine and elsewhere.
Download PDF
-
Kauto Huopio
FICORA/NCSC-FI
senior specialist, Collaboration Networks and Situational Awareness Group Finnish Communications Regulatory Authority (FICORA) / National Cyber Security Centre Finland (NCSC-FI)
FICORA/NCSC-FI
Kauto Huopio has been involved with Finnish Communications Regulatory Authority (FICORA) since 2001, working whole time with the information security activities within the agency. As Chief Specialist of the Collaboration Networks and Situational Awareness group, his duties span from Situational Awareness Coordinator shifts at the NCSC-FI Situation Centre to national and international collaboration with other CSIRT actors and critical infrastructure providers.
How the National Cyber Security Centre of Finland is cooperating with the critical infra-structure companies and actors in Finland?
How ISP community is cooperating on cyber security matters? What are the Finnish tools to get network abuse information distributed to the end users?
This talk will describe the cyber security community cooperation in Finland.
Download PDF
-
Aaron Luo
Trend Micro
security researcher, Trend Micro
Trend Micro
He joined the Cyber Safety Solution team of Trend Micro in 2015. Aaron has started his security research since 2005 and is active in the information security communities in Taiwan. He has several research papers published in HITCON, UISGCON, CLOUDSEC, SYSCAN360 and DEFCON.
IoT, SDR, and Car Security
With the growth of IoT devices, the security of IoT became more and more important. Due to natural of wireless connected devices, Software Defined Radio (SDR) has become an important issue of IoT security. In this presentation, we will share the security issues of various IoT devices, such as router, drone, and infotainment system of cars. We will introduce the approaches and tools, such as logic analyzer, SDR, USB to TTL and IDA Pro, used to analyze and discover these issues as well.
Download PDF
-
Anton Pavlushko
InformNapalm
volunteer, InformNapalm
InformNapalm
Since times of studying at physico-mathematical lyceum Anton has been loving mathematical Olympics and programming.
Later he studied at Institute of Applied Systems Analysis at National Technical University KPI and was continuing to love Olympics however not so successfully like before. Being a student of 5th year at National Technical University KPI (Kyiv, Ukraine) Anton unexpectedly moved to Germany to continue his education where he simultaneously worked as a programmer.
OSINT as a tool of information war
Since 2014 Ukrainian volunteers from InformNapalm have been waging information war-fare against Russia. How they started with small website which had informing on Russian intrusion into Crimea and later became one of leading international OSINT-project. How they grew, were mistaken and made amends, learnt and have learned to find information from open sources.
-
Alex Semenyaka
RIPE NCC
external relations officer - technical advisor (Eastern Europe and Central Asia), RIPE NCC
RIPE NCC
Oleksiy is an External Relations Officer for the RIPE NCC (Eastern Europe and Central Asia) and is based in Moscow.
As part of the External Relations team, he helps lead the RIPE NCC's engagement with membership, the RIPE community, technical bodies, academia, law enforcement and other Internet stakeholders. As Technical Advisor, Alex also follows Internet industry and government developments related to ICT, particularly in the former Soviet countries, monitors and attends industry conferences and meetings, representing the RIPE NCC there, and works with internal stakeholders to enhance the RIPE NCC's training activities.
He is currently the Vice Chair of ENOG Programming Committee and a member of RIPE Programming Committee.
Prior to his role at the RIPE NCC, Alex worked in engineering and management positions in the telecom industry, content and service providers, enterprises.
Alex has spoken and presented at many local and international events as an expert in the design and security of data networks and data centres.
Alex studied Chemistry at the Moscow State University, graduating in 1994 with honours.
Must regulations be implemented by a Government?
Thoughts on non-public regulations
-
Alex Starov
Stony Brook University
Ph.D. candidate in Computer Science at Stony Brook University, New York.
Stony Brook
His research focuses on web privacy and security, and most of his projects are about investigating online threats, from privacy intrusions and censorship to all other cybercrimes.
Alex has been presenting at many of top tier academic conferences in security and has published many successful papers, some of which were highlighted in such media as WIRED or The Hacker News.
In 2013 he got his M.S. degree in Software Engineering from East Carolina University, USA, and M.S. in Computer Engineering from National Aerospace University ‘KhAI’, Kharkiv, Ukraine.
Both with university honors. Alex also has industrial experience, like being a CTO of a mobile startup company back in Ukraine, or doing research internships in such security companies like Palo Alto Networks.
From malicious browser extensions to UI vulnerabilities in mobile browsers
Scam campaigns are prevalent examples of modern malicious web pages. The particular type of scam may vary, whether it is a fake antivirus page, a fake reward message or a rogue online survey, etc. In the first part of the talk, Alex will discuss the trending nowa-days type of scam that tricks users to install malicious, shady or simply unwanted browser extensions. Attackers desire to distribute own extensions because of their privileged posi-tion inside a victim's browser, as extensions have access to content and functionality that is not available to webpages, such as, the ability to send and read cross-origin requests, inject custom scripts on other pages, as well as get access to a browser's history and cookie jar. It will be investigated what privacy-intrusive extensions are there in the Chrome store, and more. And in the second part, Alex will show you how any malicious web page can benefit from UI vulnerabilities among mobile browsers, e.g. for successful phishing campaigns. Mobile browser security has not received much of attention from researchers yet but their results show that 98.6% of the tested popular browsers are vulnerable to at least one of 27 UI-related attack building blocks.
Download PDF
-
Mykola Koval
CyS Centrum
co-founder of Ukrainian cybersecurity firm CyS Centrum, which deals with monitoring and prevention of cyberthreats, incident response and forensic investigation
CyS Centrum
Representative of CyS-CERT. Speaker at multiple local and international events (FIRST, TEISS, DCC, UISGCON, CERT-EE Symposium, OSCE CBM, SECURE, EMA etc.). Mykola believes that threat intelligence, as a part of risk assessment, should be considered as an essential InfoSec ingredient.
Ukrainian threatscape. 2017
During this presentation Mykola would propose to sum up what we (Ukraine) have been through in 2017 (in terms of cyber threats). Mykola plans to demonstrate technical details of investigated malware/botnets/threats/TTPs. Outline reasons of why attacks always suc-cessful (why we all always f*cked up) and deduce what should be done in order to mitigate badness.
-
Olexandra Gladyshevska
Insurance Broker «Insart»
director and co-founder of Insart Insurance Broker
Insart
In 2011 graduated from the "Eastern World" University as a specialist in Japanese and English languages. In 2012 received diploma of the International University of Finance, specializing in Finance and Credit. Started to work in insurance business since 2011. In 2014, trained in one of the largest reinsurance companies in the world "SCOR P&C" (Paris, France). In 2015, founded Insurance Broker INSART, where now holds the position of CEO. Taking into account the experience of cooperation with international companies, chose cyber insurance as the main line of business and has attracted world insurance players to become partners and to cover losses of Ukrainian companies caused by cyber-attacks. Constantly published in periodicals such as Delo.ua, Forbes and NV.Business.
Financial risks Protection in Cyberspace
Business uses many tools to manage the risks of cyberspace, among which cyber insur-ance also plays a significant role in recent times – an insurance coverage of material and non-material (reputational, third party liability, etc.) losses due to cyber-attacks and net-work interruption.
Download PDF
-
David Maynor
Cisco Talos
technical lead, Cisco Talos
Talos
David Maynor is the lead for the Talos Threat Intelligence group for the Middle East and Europe. In this role he develops intelligence sharing partnerships, analyzes new attacks and malware, and helps craft protection in Cisco products. Mr. Maynor specializes in reverse engineering, exploit discovery, and development of new penetration testing techniques.
Before Cisco Mr. Maynor has worked in a variety of roles from startups to consulting as well as operations. Mr. Maynor is a regular public speaker at information security conferences such as Blackhat and Defcon. Mr Maynor also provides commentary and expert analysis for media outlets on the topic of information security.
Learning from MeDoc: Supply Chain Security
After MeDoc a new way to identify supply chain software is needed. This talk will outline how to find and classify supply chain software in order to minimize its risk.
Download PDF
10 System Hardening Steps
This workshop is aimed towards entry level and intermediate IT administrators. The workshop is broken into 10 steps an administrator can do to make their system more secure or gather logs/evidence in post compromise. The workshop covers Linux and Windows. The steps are tool agnostic and primarily focus on configuration and vulnerability discovery.
Please take your laptops.
-
Ibrahim Halil Saruhan
DigiSecure
computer forensics consultant, DigiSecure, Istanbul, Turkey.
DigiSecure
He holds a BS Degree from the Computer Engineering Department at Marmara University and a MS Degree in Computer Science from The University of Delaware. His current daily activities include Information Security Software Development, Computer Forensics Investigations and Information Security Consulting. Ibrahim started his career as a Software Developer 15 years ago and worked in his career mostly for Telecom companies. Ibrahim holds several certifications 11 of them being GIAC namely GWAPT, GCIH, GPEN, GCFA, GSEC, GCIA-Gold, GCFW, GSNA, GWAS, GPCI and SSP-GHD. His paper “Detecting and Preventing Rogue Devices on the Network” for his GCIA Certification was one of the top25 papers and can be accessed from the SANS Reading Room.
Challenges on large scale mobile device investigations with Real life examples.
Mobile device forensic investigations becomes a challenging task if scope of the investiga-tions gets from a few devices to thousands of devices. It gets more difficult when mobile applications store data with strong encryption and even more difficult when mobile applica-tions are developed for a specific purpose and have inherent anti-forensics features. Criminals use new ways of communication in today's world and the number of mobile in-stant messaging applications are continuously increasing. Digital forensic investigators should come up with solutions for the challenges of today's mobile device investigations.
-
Kostiantyn Pedan
SRC Security Research & Consulting
penetration tester, SRC Security Research and Consulting GmbH
SRC Security Research & Consulting
Kostiantyn will talk on web application fazzing features and how to work through effecting testing strategy.
Konstantin Pedan is a security and penetration testing expert. Works as a consultant at SRC Security Research & Consulting GmbH. He participates in a variety of projects within the requirements of the PCI DSS and Visa HCE standards. Konstantin has gained his first professional experience working as a freelancer since 2011.
Starting in 2013 he acts in a team of professionals who work against cyber threats by contract from various commercial and public financial institutions in Germany. He specializes in testing of web applications, analysis of the security level of mobile solutions for payment cards emulation, in collaboration with a team of experts from Visa Inc. Konstantin provides certified security vulnerabilities scans within PCI DSS.
Web Application fuzzing
Kostiantyn will talk on web application fazzing features and how to work through effecting testing strategy.
What will be discussed: differences in approaches to classic network applications’ fazzing, related main problems and existing solutions.
Download PDF
-
Jeff Hamm
Mandiant, a FireEye company
technical director, Mandiant, a FireEye company
Mandiant
Jeff Hamm has been employed with Mandiant since 2010 and is a Technical Director assigned to the Europe region, where he manages a team that conducts forensic examinations and incident response. Response and examinations range from a single host to over 100,000 hosts on a network. He also works part-time as an adjunct lecturer at NTNU (Norwegian Science and Technology University) in Gjøvik, Norway since 2011. There he provides intense practical labs based on real world computer forensic incidents using both Windows and Linux servers and attacker systems. He has co-authored “Digital Forensics” edited by Andre Arnes in 2017. The book is designed for academia and practitioners.
He was a Deputy with the Oakland County Sheriff’s Office in the State of Michigan, USA for over 11 years. He worked four years with the Sheriff’s Office as a Computer Crimes Detective and Forensic Examiner and three years as a first-line supervisor (Sergeant).
Jeff has significant experience in the computer forensic field and obtained his CFCE (Certified Computer Forensic Examiner) in 2003. He obtained his ACE (AccessData Certified Examiner) in 2008, his EnCE (EnCase Certified Examiner) in 2010, and his GCFA (GIAC Computer Forensic Analyst) in 2010. He has been instructing in the field of computer forensics since 2004 at IACIS (The International Association of Computer Investigative Specialists).
How Was that Breach Detected?
Mandiant has done thousands of IR investigations across multiple industry types and net-works. In each case, the customer was either altered by a third party about the breach or discovered something “not quite right” in the network. In several cases the alerts the cus-tomer discovered led to discovery of a targeted attacker in the environment - and a subse-quent incident response investigation.
In this presentation, we will use international case examples Mandiant investigated to take a closer look at how the breach was discovered and what security lessons can be learned from the alerts - for example how a performance monitor on a domain controller spiked which led to discovery of credential harvesting. The take away will include actionable items in many environments.
Download PDF
-
Andriy Brukhovetskyy
FireEye
senior researcher, FireEye
FireEye
Andriy Brukhovetskyy, started at the age of 19 with Spanish S21Sec in eCrime Unit doing cybercrime related research. Currently working at FireEye iSIGHT Intelligence as Senior Security Researcher. Active open source collaborator.
Malware distribution insight – it’s not so cool.
A blind spot in your daily malware distribution feed.
This talk would try to give some more insight on what we normally don’t see in malware distribution campaigns, as what software/botnets are used for delivery, actor(s)/groups at-tribution and some more goodies.
Download PDF
-
Max Tulyev
NetAssist
CEO, NetAssist
NetAssist
TBD
BGP: attack against Core of Internet
IP highjacking attack and defence
-
Tim Karpinsky
VX HEAVEN
VX HEAVEN
VX HEAVEN
Meet him in the bar.
Gov, booze and cyberwars: preaching on cyber testament
Gov, booze and cyberwars: preaching on cyber testament
-
Alex Smirnoff
Glanc
CEO, Glanc, Bulgaria
Glanc
Alex is a seasoned information security professional with 25+ years practical experience, which includes offensive security, design and implementation of products and services, consulting, leading information security department in a system integrator company, and CISO job in a multinational holding; now Alex works to help others to make sense of information security in business context, which often is not what it seems to be. Alex’s particular areas of expertise are vulnerability management, risk management beyond typical GRC requirements, and metrics of information security effectiveness.
Why people get information security wrong (and how to fix it)
Download PDF
-
Vlad Styran
Berezha Security
Chief Pwner, Berezha Security
Berezha Security
Security professional with the main focus on Application Security and Social Engineering. Building offensive security teams for almost 10 years, currently in my own company. Security awareness enthusiast, amateur psychologist, occasional bug bounty hunter. Blogger, podcast producer, endurance runner. Co-founder and organizer of UISGCON. Co-founder of OWASP Kyiv chapter. Previously spoke at BruCON, BSidesKyiv, UISGCON, IDC Security, IT Weekend, PHDays and others. MS in Applied Math, OSCP, CISSP, CISA.
How to Build Security Awareness Programs That Don’t Suck
As many infosec practitioners, early in my career I tended to disregard security awareness. People can't change, I thought, and the evidence was there. No matter what we, as security community, did to make our less savvy colleagues avoid social engineering threats, it seemed that it didn't work. But it turned out that we just did the wrong things.
Much later, when I've become more familiar with the industry as a whole and the agendas that drive its players, I've realized that information security is simply not the field where the answers to the questions of human nature could be found. All infosec industry could offer, was moving "the user" as far as possible from the responsibility of their actions, normally by placing a bunch of intrusive software on their devices and some blinking boxed between them and the Internet.
But wait, I pondered, if the human being is so unreliable and irresponsible, how happened that the humanity survived the natural threats and developed into the species that dominates planet Earth? Could we draw analogies between the threats in the real, kinetic world and the "cyber space"? Could we then use the strategies that helped us fight (or rather flight) a bear… or a tiger… to survive this new jungle out there? It turns out we could.
During the last two years I've developed an efficient program that leads to significant increase in user resilience to modern cyber threats that employ social engineering principles and techniques. The approach it takes is backed by social psychology and behavioral science research results, as well as the track record of its successful application to the high-profile companies here in Ukraine, that face threats that are slightly unusual to most businesses abroad.
During the talk I will let you know how it works, why it works, and how you can make it work for your own or any other company.
Download PDF
Ukrainian Information Security Group
Berezha Security
Main Partner: FireEye
Golden Partner: Cisco
Registration Partner: Pentest
Vendor Partner: NetWave
Vendor Partner:
Vendor Partner: IBM
Vendor Partner: MUK
Vendor Partner: Check Point
Vendor Partner: Infosafe
Vendor Partner: COLOCALL
![UISGCON[13]](/.uisg/uisgcon13-white.svg)
![UISGCON[13]](/.uisg/uisgcon13.svg)