Hacking The 0day Marketplace
Andrea Zapparoli Manzoni (Director, Crowdfense)
The 0day vulnerability market developed over the years in a way that is unsafe, chaotic and rather inefficient. Today bad business practices, lack of professionalism and low levels of trust are still spread in this market and can seriously hamper the ability of law enforcement and intelligence agencies to acquire and maintain strategic cyber capabilities in order to fight organized crime, terrorism and hostile geopolitical actors.
Having a deep understanding of these issues and of their solutions, Crowdfense is “hacking the 0day market” in order to improve it for all the parties involved (researchers, brokers, integrators and end-users), by introducing new quality standards and best practices related to products, services and to the sustainability of the underlying business processes.
Youtube / Facebook / LinkedIn / Twitch
The Work of Cyber in the Age of Mechanical Reproduction
Juan Andres Guerrero-Saade (Adjunct Professor of Strategic Studies
Johns Hopkins SAIS)
As we marvel at the true apex predators in the threat actor menagerie, part of their charm lies in the ability to productionize the development of exemplary operations. Their operations are systematic: relying on layers of abstraction meant to simultaneously scale to accommodate untold numbers of targets while also ‘idiotproofing’ for future generations of government-paid operators of every ilk. Codifying a culture of malware development and deployment a cut above more ‘artisanal’ malware ops presents interesting opportunities for malware paleontologists looking to understand the relationships between campaigns, malware families, and sometimes even between standalone threat actors.
This talk will focus on how particular threat actors have approached this mass production of high-end malware and what analysts can determine (at a technical level) when threat actors collaborate towards a common goal via a previously undisclosed missing link.
Your First Hardware Device and Firmware: Adventures in Building a CAN Bus Sniffer
Andrey Voloshin (Head of Embedded Dept Thea Auto), Sasha Olenyev (Embedded Developer, Thea Auto) & Illia Tolokonnikov (Embedded Pentester)
Getting your first hardware device ready can be tough. There are many small details that need a lot of attention. We have developed many boards and want to share our experience with beginners to make this process easier.
We’ll cover step by step instructions on how to simplify hardware development, prepare all needed documentation, and order a small batch of their first devices.
The continuous journey for manufacturers to develop cyber resilient IoT devices.
Chen, Ku-Chieh (IoT cyber security Analyst, Panasonic Cyber Security Lab)
Whether at home or at the workplace, we are increasingly becoming reliant on various devices that have the ability to connect to the internet or more commonly referred to as the Internet of Things (IoT).
As a product manufacturer, Panasonic strives to place secure products on the market for our users. As IoT has become more and more popular, Panasonic has devoted time into understanding the threats against IoT and its associated risk. One such project aimed at this is a threat intelligence system, made from a physical honeypot, software honeypot and a sandbox.
Software honeypots are commonly used by security teams, but at Panasonic, we have been able to take advantage of the devices we manufacture and are using not only real appliances in the market but also unreleased products as physical honeypot.
We have been able to collect information on attacks targeting our devices. To date, our system has detected over 179 million attacks and collected over 25,000 malware samples. Of the collected malware samples, about 4,800 targeted IoT devices of which over 20% were not in VirusTotal at the time of collection.
In this session, we will talk about the architecture of our honeypot, and then go on to discuss the types of malware that we have seen through our physical honeypot as well as sharing some data on our analysis of the attacks. With our ultimate goal being able to manufacture cyber resilient IoT devices, we will discuss ideas on how our findings can be utilized by product development teams and any other findings through this project.
Bit Leaker: Subverting Bit Locker With One Vulnerability
Seunghun Han (The Affiliated Institute of ETRI)
Trusted Platform Module (TPM) is a tamper-resistant security module. It has been widely deployed in commercial devices to protect secret data and ensure a system’s trustworthiness. There are two typical TPMs, hardware-based discrete TPM (dTPM) and firmware-based TPM (fTPM). Microsoft Windows has used both types of TPMs to protect the Volume Master Key (VMK) of their disk encryption software, BitLocker.
BitLocker’s TPM feature has not been analyzed in detail. It has hidden behind the TPMs because the TPM protected the VMK of BitLocker with sealing and unsealing functions. Most security researchers concluded the VMK sealed by the TPM was safe. Recent works also showed the only way to extract the VMK from the TPM was physical access like probing the Low Pin Count (LPC) bus or TPM pins. However, we found a novel way that can subvert BitLocker with only the software. So, free lunch for BitLocker is over.
In this talk, we introduce a sleep mode vulnerability of the dTPM and fTPM that can subvert BitLocker. We also present our new tool, BitLeaker, that can extract the VMK from the TPMs and decrypt a BitLocker-locked partition without physical access. Last year, we already introduced a dTPM vulnerability, CVE-2018-6622. However, we found another new vulnerability, CVE-2020-0526, related to the fTPM this year, especially Intel Platform Trust Technology (PTT). The sleep mode vulnerability can subvert the fTPM and the dTPM with system sleep mode, and it can forge Platform Configuration Registers (PCRs). PCRs are core parts of the sealing and unsealing functions to protect the VMK of BitLocker. By exploiting the vulnerability, we extracted the VMK from TPMs and decrypted a BitLocker-locked partition with our custom tool, BitLeaker. Additionally, we present detailed information on BitLocker’s VMK protection process related to the TPM and countermeasures.
Hunting the Hunters: Detection and Efficiency Testing of Endpoint Security Sensors
Filipi Pires (Researcher and CyberSecurity Manager, Zup Security Labs at Zup Innovation)
During this presentation we’ll show our tests performed in three different endpoint security solutions (CrowdStrike, Sophos, and Cybereason) where we simulate targeted attacks using many strategies of attacks to obtain a panoramic view of the resilience presented by the solutions, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running scripts, such as: Download many malwares within the victim machine, moving all those malware to other folders (expectation of detection without execution), and as well as, an idea in to download these artifacts directly on the victim’s machine using malware from The Zoo Repository while also running scripts with powershell downloading daily malwares batches, provide by MalwaresBazaar using API access.
The Art of Exploiting Logical Flaws in Web Applications
SaifAllah BenMassaoud (Security Resarcher, Intel)
You cannot perform tests to detect logic flaws if you do not know how the application works, also it is never possible for a known vulnerability scanning tools to detect logic flaws because they are designed to work in a (automatic) way that does not know the logic in which the application works and for this there is a very wide difference. Between technical vulnerabilities and logic vulnerabilities, therefore logic flaws remain a complex problem unknown to many developers and researchers in information security because it depends on a very exciting and philosophical way of thinking ( outside the box ) and it is a weapon for some professional hackers …
This presentation is divided into two parts:
– Part 1: Contains classic logic flaws : ( Parameter Tampering & Manipulation- AccountTakeover & 2FA Bypass – Privilege Escalation ) we will conduct manual experimental tests in labs to begin creating a philosophy through which you can detect and study such flaws from scratch.
Part 2: It contains the unknown real-world logic flaws that we have already discovered on bounty programs with interesting clues to the concept of exploiting them.
The logic flaws are related to the logic in which the service operates, and it is in fact wrong logic, meaning that the service works in a wrong way, and from here we can exploit the wrong way in which the service operates to achieve malicious goals
Jonathan Tse (Community Leader, DIYRobocar Hong Kong / Co-Founder at Hong Kong Society of Autonomous Model Vehicles) & Dhillon ‘l33tdawg’ Kannabhiran (Founder / CEO, Hack In The Box)
Donkey Car is an open source hobbyist project powered by volunteers with a shared interest to build their own self driving car and is currently one of the most popular self-driving car repositories on Github.
Utilizing high-level self driving libraries written in Python, Donkey was developed with a focus on enabling fast experimentation and easy contribution. Built on Raspberry Pi and powered by a simple convolutional neural network (CNN), Donkey Car is the standard hardware car that most people build first. The parts cost about USD250 to USD300 and take 2 hours to assemble however you can do everything you’d normally do in The Donkey Gym! An OpenAI virtual environment for you to build, test and deploy your AI networks.
In this 3-hour hands-on interactive lab, you’ll learn how to build your own car, deploy a simulator for testing, capture data for your neural network, train and then deploy your model – oh and there will also be a virtual race!
Sol Ozzan (Security Researcher, Dreamlab Technologies)
Containers are a big revolution in the software industry. They bring production to the local environment without thinking about compatibilities: with a few commands anyone can have containers running on their machines. When using containers locally, they seem to be neither complex nor complicated to secure and developers have the power of packaging applications that will behave exactly as tested. Enterprises can then split them into scalable microservices.
However, this changes when the ecosystem grows dramatically and thousands of containers with a variety of roles and flavours are orchestrated to maintain availability. While these huge environments have great benefits, their complexity enlarges the attack surface exponentially. Just through a single misconfiguration of some of the infinite customization features they offer, chaos can arise. So what can be done to protect these containerized realms?
This workshop will explain how to implement advanced security features to secure the Docker daemon, its core components, container execution and Kubernetes orchestrated environments.
Ateet Kumar (Senior Security Researcher, Xen1thLabs)
The world of signals fascinates many in the Security domain. The reason being it is neither visible nor tangible and the techniques of Signal Processing are highly mathematical. Signal Processing is an important part when it comes to security assessment and evaluation of modern communication systems.
GNURadio is such a powerful tool for Signal Processing and implementing software defined radios. It is open source and one can develop signal processing modules in Python or on GUI Interface easily to either simulate or work with Radio hardwares. This workshop provides a step-by-step hands-on tutorial for Signal Processing using GNUradio with hardware like RTL-SDR, HackRF and Ettus USRP.
Develop your enterprise security strategy leveraging on Zero Trust approach
Aloysius Cheang (Chief Security Officer, Huawei UAE)
Gone are the days where a firewall-based perimeter is sufficient to protect your enterprise’s virtual assets. Having a strong outer shell and a weak inner belly has always been a security design flaw steeped in the tradition of castles and moots from the medieval ages where the city of Troy was taken by the Greek using a Trojan Horse in just 1 night after a futile year-long siege of the city. The Jericho Forum in 2003 advocated a new security concept to de-parameterized defense and build an architecture emphasizing on role-based security with defense-in-depth. Subsequently Cloud Security Alliance inherited this where we drove software defined perimeter in the cloud to what we shall talking today, Zero Trust.
In this presentation, I shall talk about Zero Trust and the premise behind this initiative and how we can help you inspire your Zero Trust plan.
Youtube / Facebook / LinkedIn / Twitch
Machine Learning Security Evasion Competition 2020
Zoltan Balazs (Head of Vulnerability Labs, CUJO AI) & Hyrum Anderson (Principal Architect , Microsoft)
Research attacking ML-based image classifiers is common, but it is less frequent to see a study on how someone can bypass ML-based malware detection.
In 2019, we organized a contest where participants had to modify Windows malware in a way where the provided three ML engines do not detect it. However, the modified sample is still functionally equivalent to the original binary. As it turned out, it is not that hard to come up with a generic solution which can bypass all three engine. In this presentation, we will discuss the details of the contests from 2020 and 2019, some of the techniques used by the participants (packing, overlays, adding sections), and information on the defensive tracks.
Blue team visibility
Ibrahim Mohammed Alshmranie (Chief Security Officer, Huawei Saudi Arabia)
The escalating sophistication of threats requires organizations to use multiple sources of data for threat detection. It is race between the attacker and defender. This session will be on how can the Blue team have a better chance to detect attacks in his network?
So you have a blacklist: Optimizing the Protection of IoT devices by a Scored-Prioritized Aging BlackList of Attackers
Thomas O’Hara, B.L.A (Czech Technical University in Prague), Maria Jose Erquiaga (Czech Technical University in Prague) & Ing. Sebastian Garcia, Ph.D (Czech Technical University in Prague)
IP address blacklists are an integral part of firewall and security systems for any kind of Internet-connected device. Even modern Threat Intelligence feeds are based on IP addresses, domains and URLs. Therefore, the majority of our protection systems, such as in DNS and Browsers depend on blacklists. However, there has not been yet a good evaluation about how effective these blacklists are, or how they can be optimized for different environments.
Many blacklists in the community are created by adding the IP addresses of attackers into a general feed, with the IP addresses usually coming from the data collected from one or many honeypots.
This idea is assumed to work well, but it has two main drawbacks. First, although systems with greater storage and large computational resources may afford to store and parse an ever growing blacklist, small Internet of Things (IoT) devices have limited computational resources and may not hold large blacklists in memory. This is even true for home routers. This limitation is not even well explained in some TI feeds, since they delete ‘old’ IP addresses but without explaining why.
Second, IP addresses attacking today can be associated with normal services in the future, especially in cloud environments. Moreover, the nature of IoT malware shows that attacking IP addresses mostly attack for a short amount of time (a few hours or days), questioning the value of blocking IP addresses for extended periods without verification. During our experiments very few cases of persistent attackers IP were observed.
In this talk, we propose an algorithm and an evaluation method in order to help understand these issues. First, we present a new algorithm for creating blacklists that is optimized for the protection of IoT devices, called the Attacker IP Prioritizer (AIP). Second, we present a standardized methodology for evaluating the efficacy of blacklists.
Inside the Mind of a Threat Actor: Beyond Pentesting
Philip Wylie (Lead Curriculum Developer, Point3 Federal)
Red team is a commonly misunderstood offensive security discipline. Red team has been used as a general term for all areas of offensive security just as blue team for defensive security. True red teaming goes Beyond Pentesting and into more adversarial emulation. While there are overlapping skills, there are differences that will be discussed as Phillip shares his experience of going from a pentester to a red teamer.
In this talk, you will learn the differences between pentesting and red teaming. The tools used by pentesters and red teamers, and ones specific to red teaming. You’ll also learn what it takes to become a red team operator, as well as learning materials, and certifications that are helpful for a career as a red teamer.
Spoofing Your Location on iOS without Jailbreaking
Kelvin Wong (Researcher, Hardware Ninja)
Spoofing GPS to play Pokemon is not a novel topic but this talk is not about spoofing apps or web-based programs. Instead we will introduce a physical hardware device that takes over the GPS on your iPhone up to iOS13 without it being jailbroken. It is much more flexible, accurate and effective solution.
Trustworthy Shield – A Cheap TPM Module for Older Systems
Heyi Wu (Security Researcher, Stealth Startup)
Trusted computing, as an active defense technology, can be automatically immune to new security threats such as ransomware without relying on virus database upgrades. However, trusted computing generally requires a trusted computing module (the TPM chip) attached to the motherboard using the unpluggable LPC or SPI interfaces.
On the other hand, older computer systems are facing severe security threats: they often run industry software that has been running stably in the past years, and the basic operating system (such as Windows XP, etc.) that runs these industry software is no longer maintained by the manufacturer, and more and more system vulnerabilities are constantly discovered by attackers or researchers. Most of the existing old computers do not have hardware-level trusted computing supporting.
Hence, we developed Trustworthy Shield – an easy way to introduce trusted computing hardware (as well as the corresponding trusted-computing-enabled security software) without changing the original hardware of old computers.
We offer two new hardware forms of TPM-based hardware: a form of USB key and a form of PCIE card which have the following features:
We want to open source this project, hoping that more people can participate in the field of trusted computing.
Fuzzing: Finding Your Own Bugs and 0days!
In the presentation I’ll explain how to create a fuzzer and use it to find bugs and subsequently write your own exploit to get a shell! PoC demos included of course!
Andrey Voloshin (Head of Embedded Dept Thea Auto), Sasha Olenyev (Embedded Developer, Thea Auto) & Illia Tolokonnikov (Embedded Pentester)
Learn about approaches to general quality assurance and security testing on real hardware in an automated way. We share our story about going from zero to full automation for multiple device families on a scale using FOSS and commercial tools blended with homebrew solutions and a pinch of creative thinking.
Josh Stroschien (Security Researcher)
Malicious office documents continue to be an effective tool for threat actors to compromise their victims and gain access to an organization’s network. While these documents have been around for a while, malware authors continue to find effective ways of abusing functionality to minimize their detection. This year alone we have seen a resurgence of such techniques through the use of Excel 4 Macros and other creative ways to bypass detection.
In this workshop, we will get hands-on with the latest Office-based threats to understand how they work, how to detect them and identify indicators of compromise. You will learn the tools and techniques to extract macros, tackle obfuscation and debug the code. This workshop will take you deep into malicious office documents and the tools required to analyze them so that you can better defend your organization and it’s users.
Andrea Zapparoli Manzoni manages Crowdfense Limited, which he designed in 2017 with a multidisciplinary team of ethical hackers, lawyers and vulnerability researchers.
The company’s main goal is to develop and apply new standards and processes to the vulnerability trading industry, which has become too strategic and complex to be managed with the old “crafts of the trade” methods. After more than two decades working in, studying in and consulting in the industry, Manzoni realized that there had to be a smarter and safer way to buy and sell active cyber-defense capabilities and decided to launch the Crowdfense Vulnerability Research Hub.
Since 2012, he has served as a board member of Clusit (Italian ICT Security Association). In 2011, he started an in-depth analysis of the most severe national and international cyber-attacks (researching and classifying more than 7,700 attacks over 84 months). This work is published in Clusit’s yearly “Report on ICT Security.” To his great surprise, over the last seven years, this research has become a reference for private and public organizations in Italy and abroad.
Security Researcher, Dreamlab Technologies
Drop out Computer Science student working as a Security Researcher at Dreamlab Technologies. She worked as a Developer, Ops Engineer, Software Architect and Security Analyst. Sol have participated of Black Hat, Hack In The Box, Ekoparty and other conferences teaching about Docker & Kubernetes security.
When Sol is not hacking for food she is competing on CTFs, organizing free pass security conferences and helping empower projects to bring diversity to the InfoSec community and to make grow the open-source projects on InfoSec.
Adjunct Professor Strategic Studies, Johns Hopkins SAIS
Juan Andrés is a security researcher focused on tracking cyberespionage groups. He’s an adjunct professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS) and private consultant. Juan Andrés was Chronicle Security’s Research Tsar and founding researcher of the Uppercase team. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. Juan Andrés comes from a background of interdisciplinary research in Philosophical Logic. His publications include ‘The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage’, ‘Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks’, and ‘Walking in your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell’. His joint work on Moonlight Maze is featured in the International Spy Museum’s permanent exhibit in Washington, DC.
Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues.
Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, He is also the Director of Training for OISF, an author on Pluralsight, and a threat researcher for Bromium/HP.
Head of Embedded Dept Thea Auto
Andrey Voloshin, Head of Embedded dept at Thea Auto, a connected cars company, developing systems & software for car telemetry.
Additionally teaching application security at TechMaker (https://techmaker.ua) – a special appsec course for software developers explaining every aspect of the backend, frontend, mobile applications security, hardware security, including side-channel attacks and RF-signals hacking.
Embedded Developer, Thea Auto
Sasha Olenyev, embedded developer at Thea Auto, a connected cars company, developing systems & software for car telemetry.
Additionally teaching firmware development at TechMaker (https://techmaker.ua) – an embedded programming course featuring STM32 ARM-based development boards.
Illia is an embedded pentester. He also teaches about cryptography and binary exploitation as a part of application security course at TechMaker (https://techmaker.ua)
Community Leader, DIYRobocar Hong Kong / Co-Founder at Hong Kong Society of Autonomous Model Vehicles
Jonathan Tse is the project maintainer of the open source Donkey Car project. He is also the founder of robocarstore.com, the official store selling Donkey Car Starter Kit for people who want to build their own self-driving car. He believes that AI education should be for everyone and AI should be made easier to learn for students. He is actively promoting Donkey Car to K12 schools and designed a curriculum suitable for K12 students.
Founder / CEO, Hack In The Box
Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder and Chief Executive Officer of Hack in The Box (http://www.hitb.org), organiser of the HITBSecConf series of network security conferences which has been held annually for over a decade in various countries including Malaysia, The Netherlands and the UAE.
Prior to quitting his day job to lead the HITB team on crazy adventures around the world, Dhillon started off at the height of the dotcom craze as a technology journalist with PC World, ZDnet, MIS Asia and CNet. When the bubble burst, he moved on to a Malaysian telco as Chief IT Officer to spend his days in the world of Cisco AS5300s, in a land of packet switched networks at a time when Asterisk did not just mean ‘*’
IoT cyber security Analyst, Panasonic Cyber Security Lab
• IoT cyber security Analyst in Panasonic Cyber Security Laboratory (2020-now)
• Cyber incident response course lecturer for Criminal Investigation Bureau R.O.C. (2018-2019)
• Cyber researcher in NSGURAD (2017-2020)
• Cyber attack training course lecturer for Ministry of Defense R.O.C. (2013-2015)
• Cyber war project team leader in National Chung-Shan Institute of Science & Technology (2013-2017)
Lead Curriculum Developer, Point3 Federal
Phillip Wylie is a Lead Curriculum Developer at Point3 Federal, Adjunct Instructor at Dallas College (formerly Richland College), and The Pwn School Project founder. Phillip has 23 years of experience with the last 8.5 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project. The Pwn School Project is a monthly educational meetup focusing on ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Dallas College in Dallas, TX. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.
Chief Security Officer, Huawei UAE
Aloysius is currently the Chief Security Officer of Huawei UAE responsible for driving the Company’s cybersecurity vision of building a safe and secure intelligent connected digital world in the UAE and the region. He is currently a Board Director for US-based (ISC)2, as well as UK-based cyber leadership think tank, the Centre for Strategic Cyberspace + International Studies (CSCIS). In his career spanning 20 years, Aloysius was a Co-Founder / Managing Director for Cloud Security Alliance Asia Pacific (CSA) and Chief Standards Officer for CSA globally. Prior the CSA, he was the Worldwide Head of Security for Vodafone Global Enterprise and a Security Practice Leader with PricewaterhouseCoopers Singapore, having started his career with DSO National Laboratories in Singapore focusing on Defence R&D.
Chief Security Officer, Huawei Saudi Arabia
Ibrahim Alshmranie is the chief security officer in Huawei Saudi Arabia. Her server previously as General Manager in Mobily- leading telecom provider in Saudi Arabia- where was responsible of overseeing the company cyber security protection. Before that he served as Deputy General Manager of the National Cyber Security Center (NCSC) Saudi Arabia. He was responsible for overseeing information security efforts in support of the nation’s critical infrastructure. His responsibilities include Cyber Security Strategy; Cyber Center Operations; Cyber Risk Management and Analysis; Cyber Engineering and Integration; and Systems Security Policies and Instruction. He was selected in 2018 as the Best cyber security executive in Middle East by ISC2 & CISOCONNECT. Al-Shamrani holds a master’s degree in information security from Georgia tech, USA. A master’s degree in Business Administration from King Abdul-Aziz University, Saudi Arabia.
Information Security Consultant, BugCrowd
Brazilian, certified C|EH, having begun his studies about Information Security 13 years ago, and passed 10 years has realized projects of Application/Infrastructure Penetration Test, Security Analysis, Code Review and Hardening for industries such as: Telecommunications, Aviation, Financial Institutions, Information Technology and Mining. In his free time like of research and practice news techniques of Attack and something of Reverse Engineering.
Security Researcher, Stealth Startup
I am a security researcher in China and I focus on the trust computing. I work in a start-up company, which is promoting the application of cheap TPM modules in the embedded field.
Head of Vulnerability Labs, CUJO AI
Zoltan (@zh4ck) is the Head of Vulnerability Research at CUJO AI, a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes. He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras.
Principal Architect , Microsoft
Hyrum Anderson is Principal Architect in the Azure Trustworthy Machine Learning Group at Microsoft. Prior to joining Microsoft, he was Chief Scientist at Endgame, and conducted research in information security and situational awareness at FireEye, Mandiant, Sandia National Laboratories, and MIT Lincoln Laboratory. He received his Ph.D. in electrical engineering (signal processing + machine learning) from the University of Washington and B.S. and M.S. degrees from Brigham Young University.
Hyrum is cofounder and co-chair of the Conference on Applied Machine Learning in Information Security and has spoken at numerous signal processing, machine learning and security conferences, including RSA, DEFCON and BlackHat.
Assistant Professor, Czech Technical University
Security Researcher and assistant professor. Director of Stratosphere Lab, director of joint AIC/Avast Lab and holder of the Avast Chair position. I believe in Free Software as the basis of a free Internet society. Machine learning for behavioral models from network traffic of botnet, malware and normal traffic. Malware execution, dataset creation, malware for IoT, ML detection models, networks patterns analysis, keystroke dynamics, web anomaly detection, data analysis, machine learning algorithms, hackspaces and amateur robotics.
As a teacher I believe in an education where students decide what, where and when to learn and teach themselves. The only difference between the teacher and the student is that the teacher knows how to learn better. I also believe that a high motivation and strong connection with the students is the best way to reach their hearts.
M.E, StratospherIPS Lab, Czech Technical University of Prague
I am a team player with a positive and friendly approach. Methodical and organised in my work, I like to take initiative with a problem solving and cooperative attitude. I am passionate about technology and telecommunications, and posses a strong interest in ICT research and development projects.
I am a bachelor student researcher at StratosphereIPS Lab of the Department of Cybernetics, Faculty of Electrical Engineering, Czech Technical University of Prague. I working on my bachelor thesis on algorithmically optimising blacklists. I have been working for the last year and a half in an IoT lab, studying traffic, implementing honeypots and developing software.
I am part of the Aposemat Project, a IoT honeypot lab, which is a sub-project of StratosphereIPS in conjunction with Avast Antivirus
The Affiliated Institute of ETRI
Seunghun Han is a senior security researcher at the Affiliated Institute of ETRI. He focuses on the root of trust, firmware, hypervisor, and kernel security, so he has made his own hypervisor and contributed various patches to the Linux kernel and TPM-based security software. Seunghun was a speaker and an author at USENIX Security, Black Hat Asia/Europe, HITBSecConf, BlueHat Shanghai, TyphoonCon, beVX, Becks Japan, and KimchiCon. He also authored two books about building 64bit OS from scratch, “64-bit multi-core OS principles and structure, volume 1 and volume 2”. He is also a member of the Black Hat Asia Review Board and KIMCHICON Review Board.
Researcher and CyberSecurity Manager, Zup Security Labs at Zup Innovation
I’ve been working Researcher and Cyber Security Manager in ZUP Security Labs at Zup Innovation and Global Research Manager at Hacker Security, I have talked in Security events in US, Germany, Poland, Hungary, Czech Republic, Brazil and others countries, served as University Professor in Undergraduate / MBA courses at colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I’m Founder and Instructor of the Course – Malware Analysis – Fundamentals (HackerSec Company – Online Course – Portuguese Language).
Researcher, Hardware Ninja
Captain is an independent security researcher. He focus on hardware analysis and forensics researches. He was the first and the only one Asian who was leading a group of white-hat hackers to held an in-depth and hands-on hardware hacking village in Defcon. He was also a frequent speaker and trainer in different top-level security conference likes HITB, CodeBlue and HITCON.
Senior Security Researcher, Xen1thLabs
Ateet Kumar is an Electronics and Communication Engineer having more than 4 years of experience in InfoSec field with expertise in Electromagnetics Security, RF and Signals domain.
Ateet currently works as Senior Security Researcher in Xen1thLabs where he conducts research in these domains. He has worked for 3 years in Defence Research and Development Organization, India in the areas of Side Channel Analysis and Mobile Security and also published articles in the DRDO internal journals on several topics. Having sound knowledge and experience of Electromagnetics, Antennas and Microwaves he also has interest in Astronomy, Spiritual Sciences and reading books.