facebook vector icon twitter vector icon
 
Security BSides Athens 2017
 
   bsidesath.gr > CFP > Speakers Monday, 26 June 2017  
   
 
 
Keynote Speaker: Dave Lewis

We are very excited to announce that Dave Lewis (@gattaca) will be opening the conference as the keynote speaker. Dave will fly over all the way from the United States of America to support this community-based Information Security conference in Greece, and share his knowledge and views on Cybersecurity from a global perspective.

Talk Title: Falling on Swords
Dave Lewis has two decades of industry experience. He has extensive experience in IT operations and management. Currently, Lewis is a Global Security Advocate for Akamai Technologies. He is the Founder of the security site Liquidmatrix Security Digest and Co-Host of the Liquidmatrix podcast. Lewis writes a column for CSO Online and Forbes.

(Talk Abstract: TBA).





 
 
Speaker: Yiannis Koukouras

Security in Continuous Integration and Continuous Development:
From Twitter to a small software house, application development is shifting towards Continuous Development and Continuous Integration lifecycles, combined with Agile development methodologies. The above practices leave little to no room for traditional security tasks within the SDLC. How can you fit Threat Modeling, Source Code Review and Penetration Testing in a two-week Sprint? TwelveSec would like to contribute to the Information Security community by presenting, based on our experience and hard lessons learned, the procedure and the actual actions that should be performed in order to achieve a high degree of security within a CI/CD application development lifecycle. This process starts early on the application development lifecycle and follows the project to its deployment and through Continuous Integration. Specifically, the talk will include:
● Secure Architecture and Design
● Participation in the SCRUM meetings
● Moving from “3 amigos” to “4 amigos” meetings
● Outline of Source Code Review
● Outline of Threat Modelling
● Outline of Penetration Testing
● Automating Security Testing with BDD scenarios.

Yiannis has more than 12 years of experience in the ICT domain, specialising in the Information Security sector. He has partnered with some of the leading Information Security companies in the MENA region and has accrued experience in working across different regions and industries, both on the field of security management and information security assurance.
His special expertise includes Web / Mobile Applications Security, Network and Systems Security, Information Risk Management and Security Architecture Design. In parallel, he is an active member of the International Standard for Information Security Consortium (ISC)2, OWASP and the ISACA. Yiannis has served, also, as the coach for the Greek Cyber-Security Team 2016. (@twelvesec)



 
 
Speaker: James Spiteri

Security Operations Center (SOC) - All hands on deck:
SIEM solutions are a dime a dozen. There are many different vendors, all of them offering various solutions. That being said, do they tick all the boxes for every organisation or can they adapt to the importance of the data being monitored? The ability to adapt within the security industry is not only crucial but the key element for solving today’s and tomorrow’s challenges. This talk will discuss these overwhelming challenges, and what are the key elements a modern SOC should have in order to tackle these challenges, such as (not limited to):
- Real time incident response and detection
- Trend Anomalies using machine learning
- Compliance Monitoring
- Vulnerability assessments
- File and Registry Integrity Monitoring
- Malware detection and analysis
- Digital Chain of Custody
- Cloud based
- End to End encryption
- Rapid Deployment
- User friendly, even for non-technical executives.

This presentation attempts to share valuable information and set the barrier on what anyone looking into a SOC solution should expect to see. A modern SOC needs to be flexible, dynamic and scalable, capable of addressing the gaps in the user experience, incorporate the necessary functionality, have a straightforward setup process (without months of deployment and endless configurations), and use the latest in cryptographic technologies. Last but not least, from the IT and security staff all the way to the CFO, the end results need to be a meaningful representation of information, processes and generated in real-time.

James is a Security Professional and data guru specialising in SIEM solutions and Security Operations Centres, with several years of experience under his belt setting up and running SOC’s for organisations of all shapes and sizes. He is currently managing the security architecture team at DeepRecce.



 


 
Speaker: Andreas Ntakas - Emmanouil Gavriil

Detecting and Deceiving the Unknown with Illicium:
In today's security designs the security detection mechanisms are able to identify only specific breaches from specific threats and attacking strategies. Instead of trying to detect the attacker with signatures, patterns or behavioral analysis solutions, deception technology provides the ability to detect unknown threats and attacking methods, decreasing the false positives and increasing the incident response time. Additionally it provides the potential to analyze attacking methods and 0-day attacks, allowing the design of effective mitigation measures. Illicium offers security through deception; by deploying a number of seemingly fake systems in active parts of a network, Illicium is able to identify, monitor and isolate the attacker in a way that he is unable to distinguish the isolation environment from his initial target. This presentation describes deception technologies in general, current deception techniques and solutions, and the innovative architecture that puts Illicium in top of competitive products. It will introduce the attendants to deception techniques used from the defending side to detect attackers, compare those techniques and describe the differences between them, and finally describe the architecture and key features of Illicium deception platform.

Andreas Ntakas: With a long experience in both Information Technology and Information Security, Andreas combines two areas of Informatics that are known to be hard to merge. He is the person behind Illicium's idea, and works on the project as it's Architect, Lead Designer and Project Manager. His domains of experience include Security Design and Architecture, SIEM systems, Security Awareness and Training, Security Services Design and Architecture, and Security Policies development. He has also designed and developed numerous offensive and defensive software tools for corporate use.

Emmanouil Gavriil: Manos has more than 12 years of information systems security, auditing and technology experience, with hundreds of different assessments on multiple customers. He is Head of Cyber Security Operations Department at Neurosoft S.A.. His areas of expertise include Red Teaming, Web / Application / Infrastructure Penetration Testing, Information Security and Secure Architecture Design. He also holds C|EH, OSCP, OSWP, eWAPT and eMAPT Certifications.



 
 
Speaker: Anna Stylianou

Car hacking – a real security threat or a media hype?:
During the last few years, we have seen several security researchers demonstrating how to hack a car. Every story is followed with many media articles that emphasise the hacking threats of connected and highly autonomous cars. In this presentation, the current threat landscape of modern cars is analysed and an action plan for the industry is outlined. Connected cars are often described as high-performing computers on wheels since they are composed of many ECUs and thousands of lines of programming code. The increasing technology that is used in cars has introduced several attack points. SBD has identified more than 50 attack vectors throughout the connected car ecosystem domains. In addition, an autonomous car includes many sensors and AI (Artificial Intelligence) processing that could represent additional attack points. The criminals that could perform attacks on cars very in population, capabilities and motivation and they have several tools available to mount such attacks. As vehicles become increasingly connected and autonomous, it becomes essential for automotive OEMs and suppliers to invest in cybersecurity and consider adopting a multi-layered security approach. It is important to stay updated with the latest security developments and follow best practices and legislation from the authorities to minimise the risk of an incident that would potentially put in danger human lives. I have presented a similar talk called “Assessing attack vectors on autonomous cars and how to manage them” in Connected Cars 2016 conference in London, UK.
www.gsa.europa.eu/newsroom/news/satellite-navigation-core-future-connected-car-systems.

Anna Stylianou is a Secure Car Specialist at SBD and she provides analytical research and consultancy to automotive manufacturers and suppliers in EU, US and Japan. She graduated with a bachelor degree in Computer Science from the University of Bath and she then pursued and completed a master degree in Cybersecurity and Management from the University of Warwick in UK. Anna develops a quarterly Automotive Cyber Guide and works on consultancy projects focused on cybersecurity assessments of the entire vehicle ecosystem: in-vehicle systems and architecture, MNO (Mobile Network Operations) and backend applications. She has a broad knowledge of security vulnerabilities, attacks, countermeasures and standards for connected and highly autonomous cars. Anna’s specialisation is to perform Threat Modelling and Risk Assessment for automotive systems and applications.



 
 
Speaker: Dimitrios Margaritis

Detect the Undetectable with Sysmon and PowerShell Logs:
Governmental organizations are usually target of sophisticated adversaries and traditional prevention and detection techniques haven't been very effective. This presentation will give an overview of free tools and techniques that have been implemented in high risk environments that are constantly under attacks. It will give details on the use of Microsoft Sysmon and Powershell log data for detection - hunting possibilities from host-based data. It will propose a step-by-step approach on how to deploy Sysmon on an enterprise network and how to deal with the main challenge which is the filtering of the ""noise"" in the log data. The main goal is to share the experiences and give practical examples that the attendees can take away and use for improving the detection capabilities in their organizations without the need of big investments. In this context a playbook of detections based on Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework from Mitre Coorporation will be presented.

Dimitrios Margaritis is the IT Security Officer at European Economic and Social Committee. He has a degree in Computer Science from University of Piraeus and a Diploma in Management from Henley Management College. During 20 years of experience in Cyber Security both in private and public sector he has been certified as CISSP,CISA,MCP for Windows and currently holds 2 certifications from SANS Certified Windows Security Administrator & GIAC Continuous Monitoring Certification. His main interests include Hunting, Incident Response and Forensics. (@dmargaritis )



 
 
Speaker: Thanassis Diogos

Operation Grand Mars, defending against Carbanak:
Let’s explore together how modern cybercrime has evolved to a stage where they are successfully utilizing public and legitimate services such Google Docs & Forms to track victims and spread even further. Also, the fact that attackers nowadays actually “investing” into valid digital certificates and several hosts within Europe proves their strong motivation. During this talk, we will go through the eyes of the Digital Forensics investigator and explain how the attacker started by using social engineering vectors and then moved into gaining high privileged domain by means of techniques such as pass-the-hash to gain full administrative access.

Mr. Diogos holds a bachelor in Electrical Engineering and an MSc in Information Security while he has been in the industry as a security professional for the last 15+ years. Thanassis is currently leading the Trustwave team providing Incident Response and Digital Forensics within EMEA. Previously he was with Microsoft acting as CEE Security Lead and delivering security services within Europe. He is also a big fan of network forensics thus he has participated into the book “Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide” and he is also a CISSP official instructor for EMEA. His main research interests are focused on the field of cyber-security and malicious activities deployed by cybercriminals such exploit kits, botnets, etc.



 
 
Speaker: Konstantinos Kosmidis

Machine Learning and Images for Malware Detection and Classification:
Neural networks are becoming increasingly popular recently and are both the most discussed and least well-understood branch of machine learning. Aside from popularized applications to context awareness, they have shown good experimental results in malware/anomaly detection, APT protection, and spam/phishing detection. Detecting malicious code with exact match on collected datasets is becoming a large-scale identification problem, made harder by the day by new malware variants.

Aim
The aim was three-fold: (1) reimplement, evaluate and benchmark the existing literature, (2) design and implement a comparison framework capturing the diffentiating criteria, (3) report on the outcomes of the testing process. More precisely is to build a classifier tool that can classify malware samples automatically and has something like a memory and can organize labels-classes that the classifier has not yet processed or learned. First, it is necessary to know the right classes (called labels) in the training set. There is a need for algorithms that can learn and can remember previous testing and experiments. Testing and comparing algorithms are done using a test set, for which the labels are known. Many algorithms also use a validation set (mainly part of the labeled training set) to manage its learning process. Expected outcomes are the malware images being classified as the first dataset and arranged within the same subfolders with the same labels or at least be as near as possible to the first that is the main reason this dataset were being chosen in this dissertation to know the best-classified outcome. The goal of clustering algorithms is to test and examine if the same clusters as the original dataset can be recreated and achieved. So, the experiments try to reform the same groups from malware samples after the data is shuffled by the current that time algorithm.
The goal in general is to extend and improve the system by:
1. Performing malware detection.
2. Performing classification of malware families.
3. Finding new and improving old features.
4. Applying a feature selection algorithm, that will select the most discriminative features.
5. Building an extensive database of malware by collecting more samples.
6. Retrieving a uniform sample set among the malware classes.

Method
Malware is characterized based on image feature descriptor and malware executables are converted to images. Performance proposed and presented for malware classification and clustering is promising. The dataset used for demonstration is the Malimg Dataset, from the paper Nataraj et al., 2011 Malware Images: Visualization and Automatic Classification. This dataset comprises 25 malware families with varying number of variants per family.
Classification Algorithms developed were Support Vector Machine, Decision Tree, Random Forest, Perceptron, Multilayer Perceptron, Stochastic Gradient, Multinomial Naive Bayes, BernoulliRBM, Nearest Centroid and the Clustering Algorithms developed, were DBScan, Meanshift, Kmeans-MiniBatchKmeans.

Konstantinos Kosmidis is a post graduate student at the International Hellenic University of Thessaloniki, in Greece. I recently completed my M.Sc. Communications and Cybersecurity focusing my dissertation on “Machine learning and Images for Malware Detection and Classification”.



 
 
Speaker: Professor Andrew Blyth

The Role of Professionalism and Standards in Penitration Testing:
Regulations and standards such as the GDPR and PCI DSS, continue to drive the growth in penetration testing. However, this demand leads the growth in unskilled and unprofessional individuals engaging in penetration testing. In this presentation, I will explore various international standards and the role that they can play in professional certification.

Professor Andrew Blyth completed his PhD in 1995 from the Computing Laboratory at Newcastle University, UK. Since then, he is the director of the Information Security Research Group (I.S.R.G.) at the University of South Wales, UK (Formerly known as University of Glamorgan) that has delivered ground-breaking work in the area of computer network defence over the years. He has published numerous conference/journal papers in the areas of computer network defence and computer forensics, while being responsible for the independent assessments from an academic body, for the TigerScheme certifications. He is the author of the "Information Assurance: Surviving in the Information Environment" book that has become the cornerstone of knowledge for every Information Security professional in the past 15 years. Most well-known security professionals and cybersecurity experts across different industries worldwide, have been taught and trained under his watch, over the past 20 years by undertaking the only technical and practical MSc in Computer Systems Security (and Computer Crime) at the time available in the UK. (@ajcblyth)



 
 
Speaker: Thomas V. Fischer

I Thought I Saw a |-|4><0.- :
Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. But what does that really mean? And what real impact does it have on the security team?
Threat hunting looks at a mountain of security data already being produced daily by the traditional monitoring solutions such as netflow data, firewall events and logs. Now include end point data and the events to review explode exponentially. The claim, from various vendors, is that the additional data provides greater visibility but for whom. Traditional incident detection doesn't necessarily take into consideration the endpoint events. Building a threat hunting activity scoped to start with end point data can significantly change the game.
This talk is a journey of my experience diving into threat hunting and will cover the principals of threat hunting as a foundation, examine the challenges of working with large datasets that can be generated by end point data and analyse some of the tools claiming to ease this burden.

With over 25+ years experience, I have a unique view on security in the enterprise with experience in multi domains from risk management, secure development to incident response and forensics. In my career, I've held varying roles from incident responder to security architect for fortune 500 company as well as industry vendors and consulting organizations. Currently I play a lead role in advising customers while investigating malicious activity and analyzing threats for Digital Guardian. I am also a strong advocate of knowledge sharing and mentoring through an active participant in the infosec community not only as a member but also as director of Security BSides London and ISSA UK chapter board member. (@fvt)



 
 
Speaker: Thomas V. Fischer

Don't Ignore GDPR, it impacts is wider than InfoSec:
In April 2016, the EU adopted regulation 2016/679 or more commonly known as General Data Protection Regulation (GDPR). The regulation's primary objective is to improve the data protection activities around the handling of EU citizens' personal data. 25 May 2018 is the key data when the regulation is put into application. From that time, companies will need to comply and be able to prove they have the means in place to protect personal information. The regulation will impact companies that have business holdings or do business in the EU but also has an impact on service providers and suppliers. Let's explore what is covered by GDPR and how it may impact your organisation answering questions such as do I need to have a DPO; I don't do business directly in the EU when does GDPR affect me; what data is affected? Via an audience polling, this interactive sessions intends to provide insight on the potential impact GDPR will have on not just InfoSec but infrastructure in general.

With over 25+ years experience, I have a unique view on security in the enterprise with experience in multi domains from risk management, secure development to incident response and forensics. In my career, I've held varying roles from incident responder to security architect for fortune 500 company as well as industry vendors and consulting organizations. Currently I play a lead role in advising customers while investigating malicious activity and analyzing threats for Digital Guardian. I am also a strong advocate of knowledge sharing and mentoring through an active participant in the infosec community not only as a member but also as director of Security BSides London and ISSA UK chapter board member. (@fvt)



 
 
Speaker: Ioannis Stais

LightBulb Framework: Shedding Light on the Dark Side of WAFs and Filters:
LightBulb [1] is an open source python framework for black-box auditing of web applications firewalls and filters, using automata learning algorithms. The tool provides pentesters and information security professionals the ability to formalize existing knowledge in code injection attacks variations using context free grammars or regular expressions, and to expand this knowledge by inferring filters’ engine using automata learning, all with the goal of evaluating the effectiveness of these filters against complex payloads. The framework consists of two main inferring algorithms: GOFA, an active learning algorithm that permits the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program and observe the output, and SFADiff, a differential testing algorithm that can be used for discovering filters’ differences and WAFs fingerprinting.
In this presentation, we introduce a new and efficient graphical interface for the lightbulb framework, directly integrated to the Burp Proxy Suite. The extension is designed to assist the penetration tester throughout the step of information gathering and black box penetration testing of unknown WAFs and complex filters. The new automata learning backed payload processor is a game changer that obsoletes the existing Intruder payloads and increases the overall chances of a successful evasion attack. The graphical interface allows easily access to an extendable library of WAF filters and injection attacks, and offers support for advanced rule based fingerprinting of popular open source WAFs.
[1] https://github.com/lightbulb-framework/lightbulb-framework.

Ioannis Stais is an IT security researcher at CENSUS S.A., a company that builds on strong research foundations to offer specialized IT security services to customers worldwide. Ioannis has participated in more than 50 security assessment projects, including the assessment of communication protocols, web and mobile banking services, NFC payment systems, ATMs/POS, critical medical appliances and MDM solutions. He holds a Master's degree in Computer Systems Technology from the University of Athens. His research currently focuses on the development of machine learning algorithms for improving vulnerability research, the enhancement of fuzzing frameworks and exploration of the current threats in mobile and web applications.



 



 
Speaker: Xavier Mertens

Unity Makes Strength:
Unity Makes Strength” is the Belgian motto. With the growing number of applications and tools that we must deploy to protect our assets, we often increase the complexity to manage them. Some vendors are pushing to buy new boxes when we already have the same feature provided by another solution. During this talk, I’ll present you some ideas and tips to share security feeds between different solutions (some commercial - some free) with a unique goal: increase the visibility on your infrastructure and better detect attacks. Starting from how and where to collect interesting data up to sharing them with all your security tools. The idea of the presentation is to give you some ideas and quick fixes to bring back to home.

Xavier Mertens is a freelance security consultant based in Belgium. His daily job focuses on protecting his customer’s assets by applying “offensive” (pentesting) as well as “defensive” security (incident handling, log management, SIEM, security visualisation, OSINT). Besides his daily job, Xavier is also a security blogger (https://blog.rootshell.be), a ISC SANS handler (https://isc.sans.org) and co-organizer of the BruCON (http://www.brucon.org) security conference. (@xme)



 
 
Speaker: Eirini Anthi

Intercepting sensitive data in smartphone app network connections:
Mobile internet access recently surpassed traditional desktop/laptop access. As the number of people that depend on smartphones and their apps for critical tasks keeps increasing exponentially, app developers are required to pay more attention to security. To evaluate app security when transmitting and handling user data, we examine free mobile applications across 10 categories, in both the Apple App Store and Google Play Store. For each application, we perform wireless packet sniffing and a series of ManIn-The-Middle (MITM) attack looking for personal or identifying information (usernames, passwords, search terms, and location/geo-coordinates data). We find that, although all tested applications establish a secure SSL/TLS connection with the server, 85% of them support weak ciphers. Additionally, 60% of iOS and 25% of Android applications transmit unencrypted user data over the Wi-Fi network. By performing a simple MITM attack we are able to capture the username, password, and email for Instagram, Blackboard, Ebay, and Spotify. Even when certificate pinning is employed in order to prevent MITM attacks, we manage to bypass it in 75% of the iOS applications, including Facebook, and capture usernames and passwords. Finally, we observe that data is being forwarded to third party domains (mostly to domains that belong to Google and Apple).

Eirini Anthi received a First Class Honours B. Sc. degree in computer science from Cardiff University, UK, in 2016 and is currently working towards the Ph.D. degree in the field of Cyber Security at the same University. Her research revolves around the security and privacy of Internet of Things devices (IoT). Specifically, her work examines the security issues that come along with these devices and tries to identify methods to make them more secure.



 


 
Speaker: Christina Skouloudi & Alexandros Zacharis

NO DRONE ZONE:
This talk first presents the current efforts on drone detection while it also highlights the issues on physical security and other possible attack surfaces of drones. Moreover, it depicts the impact of such attacks in critical domains though giving some real-life examples. As a result of the aforementioned concerns, we investigate on cost-effective RF-based detection techniques of Drones, focusing on the recreational ones. In this context, a simple cross-platform application was developed in order to fulfil this need. This application demonstrates a way to detect recreational flying drones in a specific perimeter with no use of special equipment but with the only use of a laptop or a mobile phone. More specifically, the application analyses the protocols used for communication of the Drone with the Controller to achieve this detection. It is known that the connection between the aircraft and the controller is communicated via Wi-Fi 5.725GHz – 5.825GHz, while the connection between controller and mobile device is operating at 2.400GHz-2.483GHz, and also the controller is acting like an access point (AP). In many cases, the MAC addresses of the vendors are publicly available and a list of many brands of Drones facilitates the filtering of the Drones that are active in a perimeter of the wifi range of the device used for detection. Calculation of the distance of the Drone is the achieved by signal strength of specific AP that their MAC address belongs to a predefined list.
During our presentation we will demo the functionality of an open-source tool that will:
● Scan the perimeter for flying Drones
● Detect and alert for recreational drones flying in the vicinity (model & distance approx.)
● Logging of past events
Finally, a private repository is held on github and will be made available after the first demonstration on BsidesAth to open call more people to contribute to this project.

Ms Christina Skouloudi (speaker) has a background on computer science and holds a master’s degree on Digital Systems Security. At the early stage of her career, she worked for several years as a Full stack developer and moved to the Information Security area working as a Network and Information Officer at ENISA. Combining the two things she is passionate about, namely Software development and Information security, she likes to offer smart and innovative solutions through her work. A maker and breaker, who loves to contribute to both development and security community. Her main research interests focus on WSN, Internet of Things, Cloud Security, Incident Reporting and technical development of Cyber Security Exercises and has published various papers on these topics. (@miss_narbi)

Mr Alexandros Zacharis (CISSP) holds a Bachelor (2007) in Computer Engineering and Telecommunications and a Msc.(2010), with honours, in Computer Science degrees from the Computer Engineering, Telecommunication and Networks Department, University of Thessaly (UTH), Greece. In the previous years he worked as a Security Officer for GRNET, Greece dealing with Compliance, Development & Maintenance of Security Policies.
He has also served as the GRNET-CERT Representative dealing with:
● Cyber Attack Analysis, Corporate Forensics, Malware Analysis.
● Incident Handling/ Incident Response / Penetration Testing.
He currently holds a position as an Officer in Network and Information Security for ENISA, dealing with the Design and Technical Implementation of Cyber Security Exercises. (CYBER EUROPE SERIES). His research interests include: Computer Security, Computer Forensics and has published his research on the aforementioned topics in various academic papers and journal. He has also presented his work in major IT SEC conferences like DEFCON and BSIDES.



 
 
Speaker: Alexandros Zacharis

“The Browser Within”, Local exploitation of internal browsers in software :
It is nowadays a common design practice for software developers to include portable browsers in their software ecosystem. The internal browsers are usually used for authentication or web navigations purposes, mainly to bridge the gap between the stand alone client and the web (cloud) implementation of the solution. Of course this easy way of solving the interconnection problem between the client and the web service can create some important security risks. In this presentation we will discuss some of the major security risks that can be introduced by choosing to embed a portable internal browser in your software build and through hands on paradigms we will try to exploit them. The full attack scope and methodology will be presented along with realistic examples. The examples will include a popular antivirus software, a password safe tool and a very popular chatting app which will all be tampered in a way to perform various attacks form simple social engineering and phishing to covert communication and local privilege escalation attacks. Furthermore we are going to present concrete ways of properly testing software, should you choose to implement an architecture that includes an internal browser.

Mr Alexandros Zacharis (CISSP) holds a Bachelor (2007) in Computer Engineering and Telecommunications and a Msc.(2010), with honours, in Computer Science degrees from the Computer Engineering, Telecommunication and Networks Department, University of Thessaly (UTH), Greece. In the previous years he worked as a Security Officer for GRNET, Greece dealing with Compliance, Development & Maintenance of Security Policies.
He has also served as the GRNET-CERT Representative dealing with:
● Cyber Attack Analysis, Corporate Forensics, Malware Analysis.
● Incident Handling/ Incident Response / Penetration Testing.
He currently holds a position as an Officer in Network and Information Security for ENISA, dealing with the Design and Technical Implementation of Cyber Security Exercises. (CYBER EUROPE SERIES). His research interests include: Computer Security, Computer Forensics and has published his research on the aforementioned topics in various academic papers and journal. He has also presented his work in major IT SEC conferences like DEFCON and BSIDES.



 



 
Speaker: Theo Papadopoulos

A "Shortcut" to Red Teaming:
In the ferocious digital battle between sophisticated attackers and ethical incident response teams, there is a continual need, from the attacker's perspective, to craft new weapons and techniques to bypass the evolving defences. Objective based red team exercises have rapidly become a preferred assurance option, particularly for financial services enterprises, testing both external perimeters and internal controls. This presentation will examine both old and newly developed tricks involving the weaponisation of windows shortcut files and how these can be used in the various phases of a red team engagement. Based on realistic and practical examples from the everyday life of a red teamer, we will cover topics such as:
1. Examination of the LNK file format and its limitations
2. Craft staged / stageless payloads with LNK files
3. Phishing payloads using windows shortcuts
4. Credential harvesting with LNK files
5. Abusing writeable file shares for lateral movement
6. Fun persistence with shortcuts.

Theo is a security consultant/penetration tester for Gotham Digital Science based in London. His day to day work involves researching and executing red team operations and network / infrastructure security assessments in critical infrastructure, such as banks and the payment card industry, providing value from the perspective of an internal or external malicious adversary. His interest in the field of offensive security dates from early 2001-2002 in the Greek hacking scene. Restless since then he continuous this great journey with a lot of passion and dedication.



 



 
Speaker: Dimitris Grigoriou & Dimitris Karakostas

Attacking IPv6 - A MitM IPv6 patch for Bettercap:
The number of Internet-connected users, devices and applications is growing at a rapid rate. IPv6 solves a large number of IPv4 issues, such as addressing, efficiency and packet processing. However, regarding security, IPv6 is still struggling to solve its predecessor's inadequacy. Man-in-the-Middle attacks against IPv4 networks are very common these days, as evident by a wide variety of frameworks that implement them. Bettercap is one of the most commonly used frameworks and offers a vast range of tools and modules, such as packet sniffing and code injection. However, there has still not been developed a framework that offers this type of attacks against IPv6 networks. In this talk, we cover the basic IPv6 infrastructure along with common security threats. We extend Bettercap in order to make it a complete solution for MitM attacks against both IPv4 and IPv6 networks. In order to achieve this, we exploit the Neighbor Discovery Protocol (NDP). NDP uses Neighbor Solicitation and Neighbor Advertisment messages in order to discover new nodes and ultimately configure the network layers on a LAN. By crafting specific packets and sending them on the LAN, an adversary can force all traffic to be redirected to his computer. This enables him to perform different kinds of attacks (sniffing, package manipulation, code injection). In this talk, we release an Open Source patch for Bettercap to attack IPv6 networks. We also demonstrate an attack against IPv6 endpoints, including packet sniffing and code injection.

Dimitris Grigoriou is an undergraduate student in University of Athens, Department of Informatics and Telecommunications. He is currently working on his bachelor thesis in Computer Security, based on compression side channel attacks. His interests involve Security, Cryptography, Anonymity and Android Development. In his free time he likes watch sports and follow the latest trends in gaming.

Dimitris Karakostas is a graduate Electrical & Computer Engineer from the National Technical University of Athens. He has worked as a Software Engineer intern at Nokia and as a Security Researcher at the Cryptography & Security lab at the University of Athens, where he investigated compression-based web attacks and developed open-source tools for both deploying and defending against such attacks. He has also given presentations in major security conferences like Black Hat Asia 2016, Black Hat Europe 2016 and Security BSides Athens 2016. In his free time he likes to consume coffee and pop culture. (@dimitKarakostas)



 


 
Workshop Speakers: Spiros Fraganastasis & Dimitri Fousekis

Password Cracking & Hardware Workshop:
The workshop is designed to help people understand how password cracking works. This solves a number of problems that many people face, such as:
How can I effectively test my own password hashes? What techniques do professionals use to crack passwords?
Why should I crack passwords in my own company?
Can I crack passwords without an expensive piece of hardware?

The workshop will provide hands-on training on how to properly and efficiently crack passwords. We will cover easy and difficult password hashing algorithms and identify the different approaches needed to be successful in each case. Using real-world freely available leaked data from real hacks, we will demonstrate different techniques, tips and tricks. Further, we will provide practical assistance in building a password cracking rig. What are the pitfalls? What should I know before going out and buying hardware?

The workshop will also cover the importance of wordlists, and what the available tools are to crack passwords including how they work, how to use them - and their pros and cons.

Password cracking can be very helpful in red teaming assignments when dealing with windows hashes in active directory environments.

Spiros: (@m3g9tr0n)
Spiros is an Electronics Engineer with a passion for networking, linux and security. Currently working as a security consultant for Dell Secureworks. He is also a member of Team Hashcat.

Dimitris: (@RuraPenthe0)
Dimitri has been in information security for over 15 years, and is currently the Chief Technology Officer at Bitcrack Cyber Security. He is actively involved in security research, training, pentesting and speaking at security events such as BSides and PasswordsCon. He also loves cracking passwords, and is a member of Team Hashcat.

PLEASE NOTE: A laptop is optional, if the attendees want to try their own attacks while we demonstrate during the workshop



 
 
Speaker: Stefanos Alevizos (Honoured Guest)

ODYSSEAS. Mobile Lab of Information, Education & Technology:
"The Smile of the Child" taking into consideration the needs of children in Greece and following the new trend that constitutes technology a main “tool” of education created “ODYSSEAS”, the 1st Mobile Lab of Information, Education & Technology. The main actions that are implemented in “ODYSSEAS” are:
● Informative sessions to students, parents and teachers
● Social Support
● YouSmile
● Blood Donation in cooperation with local Hospitals/Health Centers
● Mobile Center of Crisis Management
The action of “ODYSSEAS” is implemented under the auspices of the Ministry of Education & Religious Affairs.

Stefanos ALEVIZOS (MALE) works as a psychologist at the NGO “The Smile of the Child” since 2006 and is the coordinator of the Interactive & Preventive Sessions department . He has graduated from the department of Psychology of the Aristoteleion University of Thessaloniki and holds Master of Arts in “New Forms of Education and Learning” from the University of the Aegean. He has published several articles in collective publications about Child Abuse and school bullying.



 
 
 
 
  www.bsidesath.gr  
google vector icon ©2015-2017 bsidesath.gr, designed by @drgfragkos      bsides athens vector icon