Schedule – Oct 25th, 2022

Digital identities and how to secure them

Download the schedule as a pdf.
To see the abstract of a talk click on its title. 

Talks with a gray background are marked as “Digital Identity”-talks.
Expand All +

  • Arena


  • Estonia is a small country in the Baltics; however, it has been on the forefront of technology for many years. This keynote provides a story from Estonia’s independence in 1991 to its current use of digital identities for the systems that allow the citizens to vote, check online banking, e-residency, tax returns and the lessons learned from the various incidents that happened along the way. What does the future hold and the impact of when you add a bit of AI into the digital society. Learning Objectives: * Discover the needs and values for government identity management * What to do when things go wrong * Key Take aways from CyberWar lessons * What can AI do for you and your digital identity
    e-ID

  • This talk examines the evolution of how Russia leverages the digital domain to disrupt, spy, and degrade the adversary. Cyber operations remain a potent modern manifestation of political warfare expanding competition short of war. Yet, during Russo-Ukrainian war (2022- ), we witness rather limited cyber operations that did not demonstrate severe or significant attacks directed at an adversary during what might be characterized by total war. There is also very limited evidence for coordination between the military and cyber operators while Russia’s vaunted information operations have had little effect on the conflict. Despite a dramatic uptick in cyber operations during the war, there remains little evidence that cyber capabilities change the course of war and rather remain an adjacent capability that can be used to shape but not defeat the opposition.

  • This talk will cover some of the publicly disclosed vulnerabilities by Sven and his team. Common mistakes and vulnerabilities will be discussed and ways to avoid them are shown. Furthermore, we will dive into the lighthouse project digital COVID-Certificate Switzerland that has been assessed by the National Test Institute for Cybersecurity (NTC) and discuss some challenges and the learnings of this project.

  • There is a general consensus around the financial motivation behind ransomware campaigns. While this holds true, by analyzing a series of unusual ransomware campaigns, Ippolito Forni, EclecticIQ's Threat Intelligence Consultant & Senior CTI Analyst, will demonstrate that nation-states have jumped on the ransomware bandwagon and are increasingly using it as a smokescreen for purposes other than financial gain, such as espionage and sabotage. In these ransomware campaigns, nation-states can plausibly deny their involvement by hiding their identity and true goals behind a financially motivated ransomware threat actor.

    Takeaways:
    * Being able to spot indicators of anomalous ransomware activity
    * Impact and consequences to organizations
    * Diplomatic and LEO challenges
    * Anti-Ransomware best practices
    e-ID

  • Passkeys are an exciting new technology, built on top of FIDO2, which promises to replace passwords, this time for good. In this talk we will present passkeys and what they bring to the table, for moving to a passwordless future.
    e-ID

  • Designing for privacy is seen many times as designing to minimize the collection of users' data. In this talk we will discuss that designing for privacy goes beyond minimization and in most cases it means to limit the ways in which the collected data can be used. We will also discuss what this design philosophy means for the use of (digital) identities when engineering privacy-preserving systems.
    e-ID

  • Artificial intelligence has found its way into our everyday lives in a more or less conspicuous way, whether through smart speakers, facial recognition, or the TV program and music selection, all promising the maximum potential for us humans. But in addition to the complex technical and legal challenges associated with developing and deploying AI systems, there is another challenge: humans. Humans have a remarkable tendency to humanize non-human entities from deities to chatbots, that is why we cannot help but treat these digital entities as social actors. This comes with a plethora of opportunities, like more efficient user interaction but also challenges, like manipulating users by humanized design. This is one reason, why "trustworthy AI" is on a rise and debated across the globe. Despite the plethora of expert guidance on the development and implementation of "trustworthy AI," there is still a surprising amount of disagreement about what constitutes user trust in AI - is it the same as trust in a human? Can we, do we or should we trust AI, just like we place our trust in humans? Moreover, the topic of overtrust is also widely neglected. Since the level of trust influences how users interact with technology, overtrust and over-reliance as subsequent behavior - leads to a faulty human-automation relationship: like the Tesla Driver Walter, who unfortunately died as he trusted the “auto-pilot” so much, eventually hitting a barrier, crashing with two other vehicles. It is long overdue that we talk about how to develop an "appropriate" level of trust for better and safer interactions with non-human agents, which are after all - just man-made machines.
    e-ID

  • Attackers are increasingly abusing popular cloud applications for command and control (C2). C2 over cloud apps is less likely to be detected since abusing a popular cloud application has the advantage of blending in with everyday traffic and evading traditional C2 defenses. Techniques like domain and URL blocklists that detect attacker controlled servers aren’t effective because there is no attacker controlled infrastructure to identify. Then how do you defend against cloud C2? In this talk, we will explore this new threat landscape and outline a set of detections that use behavioral patterns and anomalies to identify malicious C2 communication from otherwise benign servers. The approach uses novel strategies like unusual cloud entity detection as well as established approaches like JA3 to identify unusual and malicious communication to a cloud application. We will ground all of these concepts in a demo of a Python-based application that uses these signals to identify cloud C2 communication from compromised machines, and thus, equip the listener with the information to spot these attacks.

  • We are on the cusp of the next quantum revolution, where advances in our understanding of quantum mechanics paves the way for new technologies that promise an era of scientific breakthroughs. However, these same technologies could potentially lead to upheaval in the way that we deploy secure communications across the internet. As a result of which we need to think of appropriate mitigation and build in the necessary transition time to afford everyone a post quantum secure future. We will examine both the opportunity as well as the threats in this arena and suggest pragmatic ways forward.

  • Our standing dinner allows everybody to mingle, meet friends and talk about the many interesting talks of the day. Naturally, most of the speakers will still be around, so don't rush off after the last talk.

  • Scenario


  • Every decade or so there’s a new technology that entrenches itself in our everyday lives – almost with no discernible effects to the public. If the previous decade was “the cloud”, this decade could certainly go to AI and Machine Learning. Seemingly every week, a new state of the art model is released that allows life-like recreations of synthetic content. However, these systems are ripe for abuse - attackers have incredible new tools at their disposal no matter what their preferred social engineering vector. In this talk we will explore what arbitrary creation of synthetic content means for systems of trust. From logging into your computer (Windows Hello for Business) to getting help from customer service, machine learning models are already being used to make decisions that have implications for trust. We will discuss some of the risks to be considered when implementing or using these systems, what detections might look like, and how we might be better prepared to defend than it seems.
    e-ID

  • Healthcare is a critical societal service but it is also one of the most cyberattacked today. In this domain, digital identities are very diverse and there are many challenges pertaining to the appropriate measures to protect them. From the high value of a health record, to the low budget and low expertise in the area of cybersecurity, together with the stress caused by the pandemic, the healthcare domain is facing now, a cyberattack pandemic. Digital identities in healthcare need to be more adaptable, dynamic, resilient and, most importantly, Risk-Aware. From identification, to authorization and access control, creating and managing digital identities need to be performed according to the characteristics and requirements of a specific healthcare ecosystem, and the risk it encompasses, at a specific moment. Moreover, can we make digital identities in healthcare Risk-Aware, as well as Trust-Centered?
    e-ID

  • Memory forensics allows first responders to extract relevant information from RAM. Interesting information, like the URL of an attackers command & control server is often obfuscated while the program is stored on disk. The information is decoded, while the program is running. A thorough analysis of the computers RAM will not reveal an IOC like command servers URL, but also other artefacts of an attackers activity. This presentation shows how Volatility can be used for an analysis. Results include, but are not limited to artefacts of DLL injection, network connections, API hooks.

  • According to European legislation 80% of the electricity meters rolled out to consumers by 2024 are required to be smart meters, as a part of the ‘smart grid’ concept. While the deployment of the electrical ‘smart grid’ infrastructure increases its functionality, at the same time the risk associated with its operation increases i.e. through substantial extension of potential cyberattack surface. Hence the security testing of such solutions as Advanced Metering Infrastructure (AMI) and Smart Meters as well as their security controls must be of the highest standards. The presentation goes through cybersecurity control mechanisms that act as a countermeasure for most common and critical misconfigurations and vulnerabilities in Advanced Metering Infrastructure. Based on recent engagements’ results security research team prioritized, designed and verified efficiency of security capabilities that when introduced to Advanced Metering Infrastructure and Smart Metering project scope and architecture design are able to mitigate risks stemming from overall solution complexity and fragmentation.

  • Can we avoid blaming the user by stopping a phishing campaign before it is even launched? Well, this talk will discuss multiple techniques to detect and block the attack before the mail lands in the inbox of your employee. By first analyzing how Red Teams and adversaries set up phishing campaigns, we zoom in on what OPSEC mistakes can be used to the advantage of Blue teams. We define techniques to detect malicious domains that are targeting your organization and further use NetLoc intelligence to correlate these to related threat infrastructure. Based on the defense in depth principles Blue Teams can implement additional security controls to prevent mails from reaching the inbox of their organization. Through practical demos and real-life examples, attendees will learn how to block adversaries during multiple stages of a phishing campaign.

  • The INSIEME project of the Federal Tax Administration (ESTV) was stopped in 2012 after 12 years and an investment of 116 million CHF. Studying the news coverage and the official reports leads to a déjà-vu: All the problems listed in the report are familiar to somebody who has worked on IT projects for many years: INSIEME was not a unique desaster, it was just a manifestation of known problems that are cross-sector and systemic in nature.

    Security projects are at least as complex as "normal" IT projects. The challenges include project and people management, strategic governance as well as framework conditions. Security projects are therefore subject to similar or even identical mechanisms and difficulties as other IT projects. Working out typical mistakes and omissions of failed Swiss IT projects can help your work as CISO, security officer or tech lead in IT security projects.

  • Digital identities have evolved from the proverbial audible challenge that was called from the castle gates, “Who goes there?” There was little to be able to discern the validity of the identities provided. Jumping through time to 1962 we saw the advent of the password protected system. We were still in a state of being unable to verify the user identity of the password. Moving to biometrics, multi-factor authentication and passwordless technology has demonstrated that tools to authenticate digital identities are improving. When we factor nefarious technologies such as deep fakes and conversely future looking technology such as DNA data storage, we see that the need for governments to take the lead on digital identities is of paramount importance.
    e-ID

  • Our standing dinner allows everybody to mingle, meet friends and talk about the many interesting talks of the day. Naturally, most of the speakers will still be around, so don't rush off after the last talk.

  • Sponsoring - Panorama


  • Stephan Berger, Head of Investigations at InfoGuard, will share insights from recent InfoGuard CSIRT security incidents and present the seven biggest security failures of companies that still open the door to attackers far too often.

  • We have grown used to reading about cyberattacks on a daily basis: stolen data sets, encrypted files and backups, business interruptions and payment of ransoms. Companies have been made aware that they must continuously develop their protective measures and nonetheless prepare for the worst-case scenario. Establishing incident response plans and recovery plans and practicing them in tabletop exercises is becoming the norm. Now is exactly the time to engage with the topic of resilience in the context of cyber incidents. Do we really have to switch everything off in an emergency? Doing so will certainly lead to the disruption of all business processes if this is not yet the effect of the attack. Isn't there a way to think in advance about how (limited) operations can continue despite a compromise to make sure that you don't have to send all your employees home? This would at least reduce the extent of the damage. In this presentation, I'll show you what we've learned from several cyber incidents we've assisted with to help you improve your resilience and preparedness.

  • In the cybersecurity space we see more and more automation tools that promises to identify and prevent malicious threats. They do a great job at automatising repetitive and boring tasks but most of the time they fail to give a complete picture of the threat and some criminals leverage this for their gain.

    In this talk we will have a look at how we can combine automated analysis tool and manual analysis to have more insight on the actual threat. It will include some techniques used by criminals to bypass automated defence mechanism and the steps an analysts can follow to fully eradicated the threat.

    Automated analysis tools are not a silver bullet, just one more weapon in the defence arsenal of your company that needs to be yielded by trained soldiers.

  • Most Security Operation Center work with use-cases to manage their detection and response capabilities. When it comes to the use-case development many organizations turn to the MITRE ATT&CK Framework as a starting point. Even though ATT&CK is not a use-case framework, as it was originally developed as a taxonomy tool for threat intelligence. But it has a valuable information we can use to identify and prioritize potential detection use-cases. Identifying the use-cases is an important first step. But how are we ensure the use-cases are implemented in a timely fashion. We then need to prioritize and ensure that we adapt our prioritization to changes in the threat landscape and the business environment. This is where methods and principles of the agile software development can help us. In this talk I will show you how to combine a data-based method to prioritize ATT&CK techniques with ideas from the agile software development for their implementation. With this approach you can ensure an efficient use of your resources and focus on the right use-cases at the right time. The agile methods will allow you to constantly grow and evolve your detection capabilities.

  • Attacker perspectives, as well as the methods used by hackers, will be discussed. The possible execution paths and results of phishing campaigns, physical intrusions, compromises of applications and infrastructure are presented with real-life examples. All these different options are reconciled within the different stages of hacking large organizations.

  • The number and complexity of cyberattacks have increased rapidly in recent years. Cybercriminals are always finding ways to penetrate corporate networks, whether through malware, third-party applications, legacy systems, or phishing emails to employees. In order to uncover security vulnerabilities and stop cyberattacks before the organisation is harmed, enterprises require reliable detection solutions. In this regard, Network Detection and Response (NDR) is a holistic approach to monitor network traffic and detect anomalies that indicate potential cyberattacks. Exeon's NDR solution uses AI-driven metadata analytics to monitor the entire IT/IoT/OT network, automatically detect cyber threats, and provide an early response to incidents in on-premises or cloud environments – completely hardware-free, deployable in hours, and proven in global enterprise networks.

  • Zero days, vulnerabilities, threat actors and APT groups - day by day new threat actors and sophisticated attack procedures evolve. Depending on the motivation and high-level goals, threat actors might target their attacks to specific or as many targets as possible. Easy access to the required tools makes it even feasible for non- professional threat actors to get into the business. Proactive hunting for threats and patterns is crucial to the initial detection of ongoing attacks. In this session, we will outline the main aspects of threat hunting and identify post-detection steps to pursue a Security professional's main goal; to turn the table and become the hunter instead of the hunted.

  • Our standing dinner allows everybody to mingle, meet friends and talk about the many interesting talks of the day. Naturally, most of the speakers will still be around, so don't rush off after the last talk.