Program Presentations

Presentations – IT-DEFENSE 2018

Psychometric Computing and the Brighter Future of AI – Vesselin Popov

Click. Tap. Share. Swipe. Every day, each of us leaves behind millions of digital signals that reveal our innermost desires. For the most part, these traces are harmless and are considered part of the natural debris of the internet. However, when it becomes possible to automatically predict our personality or political views using this data, and to use it for profiling or targeting purposes, it becomes a different story.
Some computer models know more about us than our friends and families, and digital footprint prediction – in one form or another – is becoming increasingly prevalent, from marketing and HR to finance and politics. There are also clear opportunities to augment security and law enforcement capabilities, for example through early warning systems, predictive policing or more accurate threat detection. Yet this area is still fraught with legal, ethical and operational challenges that must be debated in greater depth and better informed by multidisciplinary perspectives.
Notably, there remain issues around online profiling, algorithmic bias and interpretability of the black box, whose resolution is fundamental to securing a bright future for artificial intelligence – one from which all citizens can benefit, and where democratic institutions are strengthened rather than undermined. Vesselin will discuss the risks and rewards of technology that can psychometrically assess an individual in milliseconds, and put forward guidelines on how business can safely leverage these methods for innovation and personalisation.

It's Not About the Cloud – Marcus Ranum

Security practitioners have been grappling fairly successfully with the problem of managing cloud systems integrated with private data infrastructures. That has resulted in a lot of complexity and management headaches, but - if you think that was bad - the movement toward application-based management and liquid networking is going to have an ongoing impact that may demolish a lot of security organizations.  In this talk, I will try to predict the forces that are going to move security for the next decade. Hint: it's not what you think.

You won’t be rewarded for beginning but for hanging on – Marc Gassert

What gets a son of German parents with Bavarian roots and blonde hair to devote himself to the Shaolin Monastery, learn martial arts and develop the desire to transfer knowledge from the Far East to the Western world?

Shaolin monks have an almost superhuman strength. They have an incredible body control and hardly feel any pain. Not even physical laws seem to apply to them. Nothing and nobody can offer resistance to their power, their body control and their mental strength. There are no obstacles for a Shaolin. He just clears them. All that matters is the objective. And yet: A company is not a monastery, and its employees are not monks. So what can thousands of years of ancient wisdom of the Shaolin monks accomplish in a company? How can it support people in acting permanently successfully in modern, highly complex daily life?

Marc Gassert will give you the answer in his talk. He explains: The main difference between the Shaolin monks and normal people is discipline.

Whoever has seen and heard Marc Gassert once will remember him as “the blonde Shaolin”, even though he is actually a Bavarian rascal. Truly refreshing with irresistible charm and unmistakably funny.

Attacking SDN infrastructures: Are we ready for the next-generation networking? – Changhoon Yon

Recent technology innovations have dramatically changed today’s network environments. The traffic volume across today’s networks has tremendously risen, and the service providers are striving to deal with frequently changing service demands. Legacy networking infrastructures and technologies, which are no longer suitable nor effective networking solutions, are now reaching their limit, and the industry is eager to adopt the next generation networking technologies, such as software-defined networking (SDN).
SDN, in particular, is already being adopted by many companies at a rapid pace; however, is this technology secure enough to be deployed? In this talk, we will examine the current state of SDN security by analyzing various cutting-edge SDN components available today.

Hacked? Pray that the attacker used PowerShell – Nikhil Mittal

PowerShell is probably the most widely used Windows tool by attackers in recent years. It has been used for client-side attacks, enumeration, privilege escalation, bypassing various defenses, backdoor machines, lateral movement and more. There have been two phases of post exploitation and lateral movement: one before PowerShell and one after it. Does this mean that PowerShell is a tool meant for attackers? Why would Microsoft provide attackers with such a tool?

PowerShell has come a long way when it comes to detecting attacks. For the past couple of years, it has enhanced logging and detection capabilities, which makes it really hard for an attacker to use PowerShell and not leave a trace on a target system. Other scripting options, on Windows or other operating systems, may not provide such capabilities.

In this talk, we discuss PowerShell attacks, their detection, bypasses for the detection and detection of the bypasses. The talk will be full of live demonstrations.