IT-Defense 2023Presentations

Presentations – IT-DEFENSE 2023

Scorched Earth - Mikko Hypponen

Companies are facing new kinds of online risks. Headlines are full of examples of data breaches, data leaks and malware outbreaks. Ransomware seems to be everywhere. Fighting online attacks requires us to understand the attackers. Who are the online criminals? Where do they come from and why do they do what they do? How fast can you detect a breach? How quickly can you recover from a breach? As connectivity opens new opportunities for imagination, it also opens new opportunities for online attackers. What will the next arms race look like? And what does the future hold for us?

This talk will be held in English.

Consequences of Trust in Azure Active Directory – Dr. Nestori Syynimaa

Trust is accepting the dependency of other(s) to achieve an otherwise unavailable outcome. This dependency is the cost of trust, and the (expected) outcome is the reason to trust. At the time trust is given, the future actions of trustee(s) are unknown, making trust decisions irrational. The resulting consequences of trust are often unknown, making proper risk assessment impossible.

Azure Active Directory (Azure AD) is Microsoft's cloud-based Identity and Access Management (IAM) service used by Microsoft 365, Azure, and thousands of third-party services. To make consuming and managing cloud services easier, organizations have integrated their on-premises services to Azure AD. Microsoft has also recently announced new Azure AD features making cross-tenant collaboration easier. These integrations and cross-tenant collaboration features are based on trust between Azure AD and other parties. Trusting these parties expands the trust boundary beyond the control of the trustor, making it prone to attacks originating from the trustee(s).

This talk aims to understand the risks of various forms of trust related to Azure AD. The technical details and best practices of identity federation, directory synchronization, cross-tenant access settings, delegated administrative privileges, and similar Azure AD features are covered. These details help understand the consequences of trust of each feature and how to use them safely. Finally, the implications and best practices of chains-of-trust resulting from any cross-tenant trust are covered.

This talk will be held in English.

Strong Story to Tell: Top 10 Mistakes by Administrators about Remote Work – Paula Januszkiewicz

The sudden shift to remote working has left businesses at a far higher risk of cyber-attacks, largely due to their corporate infrastructure being exposed to new external attack vectors and threats. However, although cybercriminals worldwide used the global crisis to spread their wings on an unprecedented earlier scale, there are possibilities and ideas that also administrators and regular users can come up within 10 minutes! This is the time that allows a hacker to attack your infrastructure. Effectively! With a chance for a coffee…

During the session, you will learn the top 10 mistakes related to remote work security, the hackers’ perspective on the home office, different situations hackers can create to be able to access the company’s information by overusing the situation, and solutions and approaches companies can implement to make the home office a safe workplace. You will also become familiar with attacks on the company's resources through users connected through VPN, demonstration of how hackers can attack the user's workstation, and many more related with technical challenges of remote work, also on mobile devices.

The presentation includes the demonstration of the vulnerabilities found by Paula and the relevant mitigation. This topic is crucial for all cloud/identity admins, as it will showcase problems with an identity that can be found in almost every organization. And, most probably, these problems will be a part of the IT reality for many upcoming years. Paula would like to present the most up-to-date security solutions and share the whole experience gathered through the last years, which helps to avoid being a part of a hacker’s paradise!

This talk will be held in English.

SAP as a Cyber Weapon – Andreas Wiegenstein

SAP security talks have a lot in common with Gin. They are quite dry and quickly get you dizzy. And once they are finished, you're having difficulties remembering that last hour or so. That's because SAP security is considered to be quite meaningless by 99% of the infosec community. But what 99% of infosec community don't know: if I break into your SAP system, I may not be after your SAP data, but after the rest of your network.

This talk illustrates the attack potential of a hacked SAP installation against your company's network. Watch common defense mechanisms get bypassed and fail. And maybe have a Gin afterwards.

This talk will be held in German.

Vulnerability management with fuzzing using Mozilla as an example - Christian Holler

The last years have seen tremendous progress in the area of fuzzing, up to the point where it has become a vital part of the overall security strategy in serious software development - thanks to open source tools and continuous progress in research. At Mozilla, we have been utilizing fuzz testing for over 15 years to test various parts of the Firefox browser. In this talk, I will give an overview about the past and present, the various techniques we use and where we are heading with our strategy.

This talk will be held in German.

eBPF – A Double-Edged Sword – Carsten Strotmann

The “extended Berkeley Packet Filter/Framework” (eBPF) allows users and applications to run programs directly in the core of the operating system. These programs then become part of the operating system kernel. This technology has huge advantages for administration, but also for securing computers and networks. eBPF makes possible new types of firewalls and intrusion detection, preventing DDoS attacks, and auditing of applications and operating system features.

However, eBPF programs can also be used by malware or an attacker to nestle in the operating system’s core. eBPF malware “flies under the radar”: it is invisible for traditional endpoint protection.

For a few years now, eBPF has been part of almost every Linux distribution, and Microsoft is currently porting it to Windows.

This presentation introduces the eBPF technology, provides examples of eBPF applications and malware, and shows how to minimize the risks posed by eBPF malware.

This talk will be held in German.

Car Hacking using Tesla as an example – Martin Herfurt

In the last few months and years, the security of Tesla vehicles has been a much-debated topic. Tesla is always keen on being especially innovative when it comes to technical challenges. For instance, since 2018 it has been possible to control some Tesla vehicles on the smartphone using the official Tesla app. This so-called “phone-as-a-key” feature is being integrated in Tesla models more and more often.

This presentation deals with the protocol used for communication between vehicle and smartphone. On the one hand, the underlying functionality will be explained, and errors hidden in the protocol, which might allow to steal such a vehicle, will be uncovered on the other.

This talk will be held in German.

3rd-Party JavaScript, the Unknown Being – Martin Johns

JavaScript and security are two terms that are often at loggerheads with each other. Thanks to the wild evolution of the World Wide Web and the enormous growth of the technical possibilities of web browsers, the world of web security has not been boring in the last couple of decades. This presentation focuses on a particularly problematic aspect of this ecosystem: the JavaScript executed on our websites that we have not written ourselves and have only very little control of – 3rd-party JavaScript. We will look at the current practice of this code, the security flaws it might entail, and we will give practical advice on how website operators can protect themselves from potential issues.

This talk will be held in German.

From Voice to Movement – Modern Forensic Methods – Dirk Labudde

Forensics today describes different fields of work that aim to systematically identify, analyze and reconstruct criminal acts. The term comes from Latin “forensis”, meaning “of or before the forum” (forum originally being a marketplace). In ancient times, legal proceedings, investigations, pronouncements of judgment and the execution of a sentence were carried out in public at the marketplace.

Nowadays a wide range of scientific aids are being used, whether it is fingerprints or DNA analyses. Systematic methods to identify offenders, however, have only started to arise at the end of the 19th century. Someone who played a major role was Alphonse Bertillon, a police officer from Paris, who developed a system to identify criminals based on their physical measurements. One of Bertillon’s most important contributions to forensics was the systematic use of photography for documenting crime scenes and pieces of evidence. The history of forensics is closely linked to new procedures and methods to clear up crimes. There has been a race between criminals and investigators for centuries.

This race is speeding up in the era of digitalization and the mass introduction of digital devices. Investigator’s everyday life is filled with new specialist fields such as storage media forensics, IoT forensics, cloud forensics, malware forensics or mobile forensics. New crimes require new methods and developing these methods further. Intelligent systems are to be taken as an example to demonstrate how crimes are committed and how they can be used to solve crimes. Approaches, methods and concepts are available to efficiently analyze digital texts, detect persons in videos and to detect voices based on AI systems.

This talk will be held in German.

How to Enjoy Making Decisions – Knut Kircher

You’ve been under pressure the whole day, everyone is looking at you, waiting for your decision – and you seem to be calm and confident. Impossible? Why don’t we look at how others do it, on an emotionally charged playing field or in very deadline-driven vehicle development? And still take pleasure in making decisions in successful interaction between people.

Let’s find out!

This talk will be held in German.

Securing the JavaScript Engine inside Google Chrome - Samuel Groß

JavaScript code powers the majority of websites and so it needs to run fast. Over the past decade or so, web browser developers have therefore come up with increasingly clever optimizations to speed up the processing of web pages, and in particular the execution of JavaScript code. As a result, modern web browsers are among the most complex pieces of software in the world. And typically, high complexity leads to software bugs.

This talk will explore the unique world of JavaScript engine vulnerabilities and discuss new approaches, such as in-process sandboxing, for tackling these issues without hurting performance (too much).

Transient Execution Attacks - Daniel Gruss, Moritz Lipp, Michael Schwarz

Transient execution attacks, such as Meltdown and Spectre, have garnered significant attention in recent years due to their ability to leak sensitive information from a computer's memory. These attacks exploit a fundamental design feature of modern CPUs, allowing attackers to gain access to sensitive data that would normally be protected by the CPU's hardware-enforced isolation between different programs and privilege levels. Despite efforts to mitigate these attacks, they continue to pose a significant threat to the security of modern computing systems.

In the future, it is likely that transient execution attacks will continue to be a major concern for security researchers and system designers. As awareness of these attacks increases, vendors will likely continue to invest in research and development aimed at preventing these types of attacks. However, the complex nature of transient execution means that it may be difficult to completely eliminate the threat of these attacks. Like buffer overflows, transient execution vulnerabilities may continue to appear from time to time, but they are likely to become increasingly rare as vendors become more aware of the risks and take steps to mitigate them.