Registration & Coffee
9:30 - 10:00
Scan your code and grab a coffee!
Real world detection engineering in a multi-cloud environment
10:00 - 11:00 , Presenter: Aaron Jewitt
This talk focuses on Elastic's experience as a cloud-first company with a remote workforce, showcasing their Infosec Threat, Detections, and Response team that monitors and protects their global remote workers and cloud environment. The speaker provides an overview of their SIEM architecture, including the use of Cross Cluster Search to create a central cluster for observability and SIEM, and discusses real-world attack scenarios, custom detections, and the automation they rely on for efficient alert enrichment, investigation, and response.
Zero-Touch-Pwn: Abusing Zoom's Zero Touch Provisioning for remote attacks on desk phones
11:00 - 12:00 , Presenter: Moritz Abrell
Cloud communication platforms like Zoom are widely used in daily work, but traditional endpoints like desk phones or analog gateways are still necessary in certain scenarios. This session discusses the security analysis of Zoom's "Zero Touch Provisioning" method in conjunction with certified hardware, revealing vulnerabilities that can allow attackers to compromise devices and potentially eavesdrop on conversations, remotely control devices, or launch attacks on corporate networks.
Detecting the Human: An Introduction to User-Interaction Detection in Malware
13:30 - 14:00 , Presenter: Kyle Cucci (@d4rksystem)
This talk provides an introduction to user-interaction detection in malware, explaining how modern malware employs various techniques to identify automated analysis sandboxes and virtual machines in order to avoid being analyzed and reverse-engineered. The speaker explores the intriguing and occasionally amusing aspects of this field.
"All your files are belong to us!" - Investigating BianLian Extortion-Group Intrusion
14:00 - 14:30 Presenter: Evgen Blohm & Marius Genheimer
Earlier this year we responded to an Intrusion attributed to the BianLian Data Exfiltration & Extortion Group. We will give a rundown of our findings and BianLian TTPs. It will also contain highlights from our Threat Intelligence investigation, e.g. the TA’s switch from Ransomware to Exfiltration-only and their infrastructure.
Setting up an OT SOC
14:30 - 14:45 Presenter: Michael Thibodeaux
Coffee & Snack break!
Introducing CS2BR - Teaching Badgers new Tricks
15:30 - 16:30 , Presenter: Moritz Thomas & Patrick Eisenschmidt
This talk focuses on the importance of staying undetected during Red Teaming assessments and introduces a technique called beacon object files (BOFs). The speaker explains that while BOFs have been around for a few years and have become a standard in many C2 frameworks, there are situations where a C2 framework may not support them. The speaker shares their experience working with Brute Ratel C4, which lacks support for Cobalt Strike's de-facto BOF standard API, and discusses how they established full compatibility between the two. They also mention the release of a tool and a blog post series that automate this task.
Living with ADHD in InfoSec
16:30 - 17:00 Presenter: Klaus Agnoletti
Farewell to the Security Sandwich
17:00 - 17:30 Presenter: Felix Hammerl
17:30 - 18:00