08:30 - 08:35
Attila Marosi-Bauer - Opening Ceremony
08:35 - 09:15
09:20 - 10:15
Filipi Pires - Dissecting and Comparing Different Binaries to Malware Analysis
Demonstrate different kind of structures in the binaries as a PE (header and your sessions), ELF (header and your sessions), PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary and where it would be possible to “include” a malicious code.
10:20 - 10:40
Ali Abdollahi - New Era of Telecom Hacking
This talk focus on the implementation of new security hardening in mobile networks as well as detecting techniques and bypassing methods. The scope of the illustration include both radio and signalling core network.
10:45 - 11:30
Zénó Amtmann - The Art of CISO
While corporations historically tended to outsource their IT operations, companies were reorganized and established to fulfill this demand by creating shared service centers, centralized and specialized teams focusing on specific segments of the computing environment, the amount of individuals who retained the ability to appropriately oversight a corporations' information systems environment had significantly dropped. As the business relied more and more on the IT infrastructure and this foundation was targeted by cyber criminals at an increasing rate, C-level executives had to realize that financial threats no longer occur only as a result of a financial mis-statement or fraud, it can be the result of an ineffectively or inadequately managed IT infrastructure. In addition, governmental and regulatory scrutiny mandated and mandates these corporations to ensure that the outsourced service provider(s) is(are) acting based on the corporation's best interest and that the corporation has control over the activities that they had outsourced. Consequently, the companies are facing these requirements at times when the amount of individuals who have an accurate knowledge of the topology and the infrastructure of the company is very limited.
That is why the role of a CI(S)O is an art - to understand the big picture, and to communicate the risks and needs of the company to all stakeholders at their level.
11:35 - 12:15
Alexander Polyakov - AI Security Challenges in 2020
AI is steadily flooding our world sipping into various verticals from Autonomous cars, Robots to Defense, Media and Smart homes. Hundreds of new startups are implementing Ai solutions worldwide and we are getting closer to the point where machine learning-based solutions will eat traditional algorithms. While we more and less understand how to deal with software vulnerabilities we have no clue what’s happening in ML-based solutions and how it's possible to hack them except probably adversarial examples which recently attracted media attention after 5 years from the initial invention. But this area is rapidly growing and we are getting to the point when there will be over 2000 research papers presented on this topic and some of them will hit media only in 5 years or so.
In this presentation I will show what is happening in AI security industry, the most closed cybersecurity area. We will discuss the most critical AI applications such as face recognition, self-driving cars, voice assistants and their latest attacks. Then we will discuss ML algorithms such as classification, regression, reinforcement learning, clustering, etc… and how to attack them. An finally we will look at the particular attack methods such as adversarial, privacy, poisoning, backdoor, reprogramming, and how they evolving.
12:20 - 13:10
Csaba Fitzl - Exploiting Directory Permissions on macOS
In this talk I will talk about how can we exploit applications on macOS (including macOS), where some of the directory / file permissions are incorrectly set. The incorrectness of these settings it’s not trivial at first sight because understanding these permissions are not intuitive. We see bugs from simple arbitrary overwrites, to file disclosures and privilege escalation. The concepts applicable to *nix based system as well, however this talk focuses on macOS bugs only.
13:15 - 14:00
Tamás Kocsis & László Kőszegi - "Elmentem Én a Vásárba Schneider Fánival" - Avagy a Hazai ICS/OT Biztonság Testközelből (HUN)