20 Free Ways to Improve Your Defenses Today
Adaptive Security in an Oracle Database
We help customers design audit trails for many years in the Oracle database and we created a simple toolkit to encapsulate this process. We can turn decide on what we audit based on simple policies and the customer can choose to enable or disable groups of audit settings.
Because we can enable and disable different levels of audit trails we can also use this to easily create adaptive security and adaptive audit.
Think defcon levels from movies. We can have limited security and at the first sniff of an attack raise the level of security automatically. Pete will discuss these ideas and how they might be implemented in an Oracle database.
Azure AD incident response - life cycle, process and tools
Azure AD incident reponse explores how Azure AD investigates, manages and responds cybersecurity incidents. It involves skills, knowlwdge and experience with best practices to protect Azure Active Directory on day to day IR operations and describes Azure AD incident reponse - life cycle, proces and tools.
Broadcast Signal Intrusion - Hacking Radio Stations
A short story of owning 107 national radio stations around the globe.
Cyberconflict in Ukraine
The conflict in the UKR has its conventional as well as very strong, dominant and still ongoing cyber component.
The official view of many, that Cyber did not play a role, that it was used and first of all, had no impact, or that the efforts stopped in the meantime, was, and is, wrong. Cyber effects are still in use, cyber is still a very present, dangerous and can affect many participants, inside the UKR and outside the country.
With the support of western countries and industries, many lessons have been identified, effects show their potential, targets show the interests of RUS and we can dare to draw conclusions already. It is time, more than time, to turn the lessons identified into lessons learned and to address related issues inside the companies and countries that we live and work in.
Join us in a talk to understand what happened, what is happening and what should we make out of the events, what needs to be done, what consequences did we see and do we have to deal with?
European Covert Methods of Entry
A look at how physical security and covert methods of entry are essential as part of red team engagements and an examination of the differences between the US and Europe in performing such engagements.
Fast track incident detection with UEBA (User and Entity Behavior Analytics)
In the current enterprise ecosystem, security teams are overwhelmed by a plethora of logs and events originating from large number of cloud and application technologies. This creates a major challenge for security analysts as logs and events indicating malicious activities often get lost in the ocean of false positive/operational alerts. Usually, this causes delayed response in incident detection and investigation, which can lead to loss of assets and business.
Our UEBA project enhances visibility of high fidelity and correlated alerts and reduces false positive/operational alerts by employing data science and machine learning algorithms. Our project encompasses different enterprise segments such as cloud, network, authentication, etc., this allows us to look broadly into related suspect activities. We will discuss why inbuilt UEBA capabilities are essential and how our UEBA solution (partly open sourced) differs from commercial ones. We will also discuss UEBA implementation and deployment to generate alerts with higher accuracy and fast track detection.
Hacking Companies through BadUSB
During this presentation, we will discuss BadUSB, why it is dangerous, how to program it, offensive tricks of delivering it, and prevention mechanisms and best practices against it.
Implementing AppSec using common sense
Implementing AppSec can be a daunting task; especially if you don't know exactly what it is and how do it. Join me as I give you an introduction to AppSec and share my long experience in infosec by giving you practical advice on how to go about doing just that.
Large Language Models - Current and Future Implications for Security
Ready for a wild ride into the future of information security? Hold on tight as we explore how Large Language Models (LLMs) and other Generative AI technologies are shaking things up! This quick presentation will give you a sneak peek into the world of LLMs, from understanding what they are to uncovering the latest trends and technologies. We'll dive into the defensive and offensive capabilities of LLMs and you'll hear about some creative use cases but also get key takeaways so you can be ready for the disruption ahead.
Machine learning for detecting sensitive documents on Sharepoint
We define “sensitive documents” as files that contain any information that should not be shared across the company broadly, such as personally identifiable information (PII) and a company’s private data. If permissions are set incorrectly on these documents, this sensitive information could be accessible by others outside of the authorized audience. Sensitive documents can pose an insider threat data exfiltration risk. Even if there are only a small number of files, these documents, if fallen into unintended hands, could cause a large-scale data breach.
Our project uses machine learning (ML) models to help us detect various categories of sensitive documents. We will discuss the challenges we faced while building an automated alerting pipeline for real-time detection of these documents. We will also emphasize unique challenges when building these ML models in the security domain, such as minimizing false positive rates and establishing a reliable feedback loop.
Microsoft 365 Exchange Online Security tips
We'll try to cover some key points that you need to know to secure your Exchange Online environment. Main topics are disabling legacy authentication, identifying risky email overrides, enabling audit logging, blocking outbound forwarding, helping users quickly identify external emails, and enabling an easy way for your users to report phishing attacks.
NIS2 Directive has come into force in December 2022. This talk will bring you through the major changes, improvements and new obligations put in front of Member States and the entities covered by NIS2.
Rage Against the Software Machine - A critical look at the state of supply chain security
Supply Chain Security is a critical aspect of software security and attacks become increasingly common. However, securing your supply chain is a challenging task that can require tremendous resources which take away from other infosec initiative. Matthias will provide a pragmatic overview to challenges, quick wins, and open problems for your supply chain security posture to help you prioritize your software security strategy.
Ready for (nearly) anything: Five things to prepare for a cyber security incident
Retaliation within the Scope of Cybersecurity
The war in Ukraine and various cyber-related incidents (like Stuxnet, cyber-attack against Estonian governmental, industrial and economic infrastructure, etc.) during the past years, proved the fact that it is possible to use cyber-attacks as an alternate form of warfare. Cyber-attacks can be used either as a substitute of or in conjunction with kinetic attacks, against a variety of targets and critical infrastructure(s).
Today it is clear that cyber-attacks can be viewed as the “weapon of choice” to prevent or retaliate against kinetic or cyber-attacks, without the need of launching conventional military operations of any scale. In that view cyber-attacks can be tailored in such a way as to eliminate potential loss of life and collateral damage, and to extend the desired damage, up to a specific level (e.g., only disruptive events).
In the view of the above events, an examination of whether retaliation, which is defined as “to return like for like” or “get revenge”, in conjunction with reprisal, which can be defined as “the act or practice in international law of resorting to force short of war in retaliation for damage or loss suffered”, could be formally be used as means for both military agencies and corporations/enterprises to prevent or actively respond to cyberattacks.
In this presentation we will examine whether retaliatory cyber operations can ultimately promote world peace and cybersecurity, from both the military and corporate aspect. Further, we will examine whether current international (and EU) law frameworks are addressing cybersecurity-related issues and attacks, and how retaliatory actions can be tailored in such a way, as to maintain international norms and regulations.
When registering for the HEK.SI 2023, you get FREE TICKET for the INFOSEK 2023!
Prices do not include VATREGISTER NOW