Budapest
Congress Center

3 Competitions
From Policy to Cyber-Range

30+ Performers
Skilled professionals

3000+ seating-room
Sign up and be a part of it!

Overview

Shortest way to explore what will happen on SecOps Europe 2018.

We would like to invite you to our IT Security professional days.


SecOps Europe 2018’s concept is to develop and enhance cyber security awareness with both offensive and defensive presentations and workshops by sharing stories and experience with real cyber warriors from both sides while following a scenario-driven, strategic decision making simulation and CERT championship.


Visitors can earn CPE points!

Book accomodation here with special discount!

DAY 1: INTERNATIONAL CYBER COMPETITION

“HOW DO YOU REACT TO AN EVER ESCALATING CYBER ATTACK?”

The International Cyber Competition is a scenario-driven, strategic decision making and communication simulation TTX (Tabletop Excercise). During the excercise, the competing teams will encounter a major cyber incident to which they will have to respond on-the-fly and then communicate the incident properly. The cyber incident will escalate a few times during the course of the competition and each escalation will require further action and official communication of steps taken. The student teams of various participating universities will compete in the morning.

The afternoon features a TTX for industry professionals. Teams will be drawn on the spot during lunchtime so that each team will consist of members of different national policy experts and CERT staff members. The jury consists of industry experts and journalists that will assess the professionalism of the actions taken and the proficiency in communicating the mitigation of the ever-escalating incident.

This is an offical European Cyber 9/12 Student Challenge Qualifying Event. The winners will get full financial support and a reserved spot to Cyber 9/12 competition.


Call for participation

DAY 2: TECHNICAL CYBER SECURITY EXERCISE FOR NATIONAL CERTS

The national CERTs from Europe will be given identical environments that operate critical infrastructure. Their role is to defend the infrastructure from the attacking red team.

Visual effects and scoreboards will be placed all around the venue so visitors can keep an eye on the developments of the attacks and the defences while they are visiting the conference.


Blue Teams:


8:00
Gate Opening

9:00
Karoly Dan

Opening

09:40
Prof. Dr. Zoltan Rajnai

Keynote

10:20
Rainer Fahs - EICAR

Trustworthiness Strategy for IT Security products

EICAR Trustworthiness Strategy The EICAR Trustworthiness Strategy is to enhance transparency in the contemporary IT Security environment and its ever evolving threats and vulnerabilities scenario and to enable trust into IT Security products that help creating a safer environment. The strategy encompasses first steps to enhance trust and transparency into IT security products by developing minimum standards for the trustworthiness of IT security products, starting by developing minimum standards for Anti Malware-products and the development of minimum requirements for testing organizations. Subsequent steps encompass testing, verification and certification schemes and community building. The minimum standards will be implemented first in a �voluntary self-control� approach that is controlled/approved by EICAR. The "self-declaration" process will later be complemented by a formal EICAR Certification process. The start into the scheme about two years ago was quite promising and EICAR successfully certified AV and other IT security products and, with AV Comparatives in Austria, the first "Trusted Lab" and with Veszprog in Hungary the second one. Part of our strategy is the research initiative together with the Technical University in Mannheim to investigate options for the verifiability of trustworthiness. The status of this initiative will be presented as second part of our briefing. Currently the strategy has been reviewed and we have decided to go one step back, putting the product certification on hold and rather put emphasis on the strategy seeking partners in industry to put the strategy on a broader platform to be able to discuss with partners our next steps towards formal certification and possibly verification of trusted functionality.

11:00
Milan Pikula

From zero to working SOC and CERT, the open-source way

11:40
András Veres-Szentkirályi

High-performance web application fingerprinting based on SCM repositories

Network security assessments often reveal web servers running variou outdated versions of FLOSS web applications such as RoundCube, phpMyAdmin or SquirrelMail. Narrowing the set of vulnerabilities that could affect such a setup is easier if we know the version installed, however in many cases, obvious clues such as READMEs and changelogs are removed on purpose. When the source code along with its history is available online, it is possible to correlate static file contents with specific commit ranges, and we had done so in the past manually. However, much of this could be automated, so we developed a tool that can identify a Git commit range based on static file contents. It can be used either as a standalone tool or as a Burp Suite plugin. The talk describes and demonstrates our tool from source code to everyday usage, along with an intro to git internals to understand how this can be done fast on repositories with hundreds of thousands of commits. Source code is already up on GitHub, pull requests are welcome: https://github.com/silentsignal/burp-git-version

Lunch break

13:30
Gabor Munk

The importance of Threat Intelligence

14:10
Timur 'x' Khrotko

Tell me stories about your appsec, let's skip the pentest.

14:50
Muhammad Faisel - OWASP

OWASP

15:30
MySec Talk

ROUNDTABLE

Incident handling
8:00
Gate Opening

09:00
Zuk Avraham

Schrödinger's Crash, Part I

9:40
Mukund Hirani

Destructive Malware

This session will provide insight into highly disruptive APT breaches that MANDIANT investigated over the past year. It describes how threat actors have destroyed system infrastructure and taken companies offline for weeks. The threat actors are split into two categories for this talk and focused on the SHAMOON cases. I will also talk about highlights from Incident Response cases of 2017. * Financially motivated vs Non Financially motivated. I will talk about how recent attacks with SHAMOON differ - their motives compared to financially motivated threat actors. * Highlights from a couple of Shamoon cases - Overview of TTPs of the important State Sponsored Attacks seen in 2017.

10:20
Omer Sen, Federico Vailati

Container Security

11:00
Balazs Csendes

Threat Hunting with IBM i2

11:40
Zoltan Balazs

How to PWN Windows domain?

Windows domain is used in 99% of the Fortune 500 companies. It is the foundation of all enterprise IT system. The domain is a central database with all the users, workstations and servers in the enterprise. The IT staff uses domain administrator credentials to do the daily admin tasks, like resetting user passwords, troubleshooting issues on the workstations, installing new services on the servers, etc. Whenever an attacker gains domain admin credential, only the imagination is the limit what the attacker can do with this. I will detail the common steps attackers use to gain user credentials on the network and how this user credential can be escalated to local admin credentials. And last but not least, how a local admin user can elevate to domain admin. I will talk about pass the hash, GPP, MS14-068, and other tricks. I will close the presentation with tips and tricks to protect against such attacks.

Lunch break

13:30
Michael T. Rowland, IAEA

Computer Security for I&C Systems At Nuclear Facilities

14:10
Daniel Eszteri, PhD

GDPR and the incident reporting system

14:50
John Sickle

Vulnerabilities in modern cryptography

Cryptography is hard to properly implement, and when it is flawed, it can be disastrous. We have seen a rise over the past couple of years in new vulnerabilities found within encryption schemes, and even cryptographic ciphers themselves. From the CBC encryption scheme flaw to flaws in TLS, I will cover the modern day vulnerabilities and associated attack methods us as penetration testers often utilize break encryption schemes and recover a plethora of sensitive information.

15:30
Awards ceremony

The main prize is an Apple TV.

In the prize draws, every registered and checked-in participants are involved.

09:00
Jakub Orkiszewsi

Data Centric Auditing and Protection ֠security and compliance challenges of today

09:40
Michal Ciemiega

Privileged accounts - wide and easy path to the heart of the Enterprise

10:20
Ian Wills

Use cases covered by PKI and Auth solution relative to the Government organizations.

Ian has been with Entrust for over 20 years covering the technical and the sales roles at the organization. He is highly knowledgeable on the Entrust solutions, in particularly PKI, and overall IT security market trends.

11:00
Hans Freitag

Filetransfer with Connect:Direct

Connect:Direct ist a plattform independed filetransfer application manufactured by IBM. It is mainly used by Banks and mobile phone providers, but there are other companys using it, too, because a customer requires Connect:Direct. There are millions of cash transfered via Connect:Direct on a daily basis. But the awareness about Connect:Direct security is dangerously rare, even amongst IBM consultants. In my speech I will explain to you a few of the very dangerous default settings and misses that I discovered through my work with Connect:Direct systems of a few customers. On most Setups, an attacker don't even have to write an exploid for Connect:Direct to execute code on a Victims System, he can just upload and start a job.

11:40
Gabor Sagi

Incident management in terms of a governmental infocommunication service provider

The recent attacks on governmental infocommunication systems have clearly revealed that an increasing number of cyber attacks target them. The attackers are typically hackers with serious professional skills, in many cases allegedly with state support. What can be done in this situation? What are the basics of effective incident management?

Lunch break

13:30
Laszlo Hargitai

Cyber security of critical infrastructure operators - From challenges to actions in cyberspace

14:10
Palo Alto Networks

TBA

14:50
Anthony Arrott

DVA - Distributed Vulnerability Assessment - a tool for helping SecOps focus on avoiding bad consequences

Distributed vulnerability assessment (DVA) provides a LAN-by-LAN measurement of cyber-attack vulnerability. The vulnerability of both the specific LAN users and LAN IT infrastructure are assessed for individual known threats and aggregated across the current threat landscape relevant to the particular LAN. The integrated cyber-attack vulnerability of a particular LAN is evaluated based on the prevalence and effectiveness of current known threats; the current susceptibility of LAN users; and the current penetrability of LAN IT infrastructure. Using evidence theory techniques, the integrated vulnerability is decomposed and distributed to the contributing elements of individual user susceptibility, individual IT infrastructure elements, and the individual protecting cybersecurity services and applications. >From the DVA results, vulnerability is quantitatively attributed to the various internal contributing components (e.g., user identities, ports, protocols, protection layers). This allows different contributing components to be assessed using comparable metrics (e.g., user security awareness vs. infrastructure patch condition vs. efficacy of anti-malware). DVA allows information security managers to pose and compare the results of "what if" queries to see the vulnerability reduction of various available options that might not otherwise be quantitatively comparable (e.g., investment in employee security awareness programs vs. hardening IT infrastructure vs. adding additional cybersecurity applications and services.

15:30
Peter Ronaszeki

Resilience in the Cyber era

9:00
Lockpick

Workshop

Lock picking is the art of unlocking a lock by manipulating the components of the lock device without the original key.

Performers

Well known professionals will give a panoramic view to the audience about the latest developments, products, solutions and technologies in the field of IT security

Zoltan Rajnai

Professor Zoltan Rajnai PhDCybercoordinator of Hungary

Zuk Avraham

Zuk AvrahamFounder, CEO at ZecOps
Founder, Chairman at Zimperium

Karoly Dan

Karoly DanAmbassador at Permanent Mission of Hungary to the OSCE, the UN and Other International Organisations in Vienna

Timur Khrotko

Timur 'x' KhrotkoOWASP

Kim Zetter

Kim ZetterWired

Mukund Hirani

Mukund HiraniIncident Response Function Lead in Mandiant

Balazs Csendes

Balazs CsendesSecurity Operations & Response Leader at IBM CEE

Michal Ciemiega

Michal CiemiegaCyberArk

Gergo Gyebnar

Gergo GyebnarCEO at Black Cell Ltd.

Andras Veres-Szetntkiralyi

András Veres-SzentkirályiSilent Signal

Milan Pikula

Milan PikulaNational Security Authority SK

Laszlo Hargitai

Laszlo HargitaiKPMG

Keleti Arthur

Arthur KeletiCyber-Secret Futurist, Book Author - Speaker

Laszlo Kovacs

Professor Laszlo Kovacs PhDNational University of Public Service Faculty of Military Science and Officer Training Department of Electronic Warfare

Rainer Fahs

Rainer FahsEICAR - Chairman of the Board

Krasznay Csaba

Csaba KrasznaySecurity Evangelist at Balabit

Zoltan Balazs

Zoltan BalazsChief Technology Officer at MRG Effitas

Ian Wills

Ian WillsEntrust Datacard Sales Director, Europe

Arrott

Anthony ArrottDirector of Security Analytics at CheckVir

Arrott

Jakub OrkiszewskiAccount Executive Eastern Europe at Imperva

Daniel Eszteri

Dainel Eszteri, PhDHungarian National Authority for Data Protection and Freedom of Information

TBA

To be announced

Sponsors

Partners

Media Partners

Contact