IT-Defense 2023Presentations

Presentations – IT-DEFENSE 2023

Scorched Earth - Mikko Hypponen

Companies are facing new kinds of online risks. Headlines are full of examples of data breaches, data leaks and malware outbreaks. Ransomware seems to be everywhere. Fighting online attacks requires us to understand the attackers. Who are the online criminals? Where do they come from and why do they do what they do? How fast can you detect a breach? How quickly can you recover from a breach? As connectivity opens new opportunities for imagination, it also opens new opportunities for online attackers. What will the next arms race look like? And what does the future hold for us?

This talk will be held in English.

Consequences of Trust in Azure Active Directory – Dr. Nestori Syynimaa

Trust is accepting the dependency of other(s) to achieve an otherwise unavailable outcome. This dependency is the cost of trust, and the (expected) outcome is the reason to trust. At the time trust is given, the future actions of trustee(s) are unknown, making trust decisions irrational. The resulting consequences of trust are often unknown, making proper risk assessment impossible.

Azure Active Directory (Azure AD) is Microsoft's cloud-based Identity and Access Management (IAM) service used by Microsoft 365, Azure, and thousands of third-party services. To make consuming and managing cloud services easier, organizations have integrated their on-premises services to Azure AD. Microsoft has also recently announced new Azure AD features making cross-tenant collaboration easier. These integrations and cross-tenant collaboration features are based on trust between Azure AD and other parties. Trusting these parties expands the trust boundary beyond the control of the trustor, making it prone to attacks originating from the trustee(s).

This talk aims to understand the risks of various forms of trust related to Azure AD. The technical details and best practices of identity federation, directory synchronization, cross-tenant access settings, delegated administrative privileges, and similar Azure AD features are covered. These details help understand the consequences of trust of each feature and how to use them safely. Finally, the implications and best practices of chains-of-trust resulting from any cross-tenant trust are covered.

This talk will be held in English.

Strong Story to Tell: Top 10 Mistakes by Administrators about Remote Work – Paula Januszkiewicz

The sudden shift to remote working has left businesses at a far higher risk of cyber-attacks, largely due to their corporate infrastructure being exposed to new external attack vectors and threats. However, although cybercriminals worldwide used the global crisis to spread their wings on an unprecedented earlier scale, there are possibilities and ideas that also administrators and regular users can come up within 10 minutes! This is the time that allows a hacker to attack your infrastructure. Effectively! With a chance for a coffee…

During the session, you will learn the top 10 mistakes related to remote work security, the hackers’ perspective on the home office, different situations hackers can create to be able to access the company’s information by overusing the situation, and solutions and approaches companies can implement to make the home office a safe workplace. You will also become familiar with attacks on the company's resources through users connected through VPN, demonstration of how hackers can attack the user's workstation, and many more related with technical challenges of remote work, also on mobile devices.

The presentation includes the demonstration of the vulnerabilities found by Paula and the relevant mitigation. This topic is crucial for all cloud/identity admins, as it will showcase problems with an identity that can be found in almost every organization. And, most probably, these problems will be a part of the IT reality for many upcoming years. Paula would like to present the most up-to-date security solutions and share the whole experience gathered through the last years, which helps to avoid being a part of a hacker’s paradise!

This talk will be held in English.

SAP as a Cyber Weapon – Andreas Wiegenstein

SAP security talks have a lot in common with Gin. They are quite dry and quickly get you dizzy. And once they are finished, you're having difficulties remembering that last hour or so. That's because SAP security is considered to be quite meaningless by 99% of the infosec community. But what 99% of infosec community don't know: if I break into your SAP system, I may not be after your SAP data, but after the rest of your network.

This talk illustrates the attack potential of a hacked SAP installation against your company's network. Watch common defense mechanisms get bypassed and fail. And maybe have a Gin afterwards.

This talk will be held in German.

Vulnerability management with fuzzing using Mozilla as an example - Christian Holler

The last years have seen tremendous progress in the area of fuzzing, up to the point where it has become a vital part of the overall security strategy in serious software development - thanks to open source tools and continuous progress in research. At Mozilla, we have been utilizing fuzz testing for over 15 years to test various parts of the Firefox browser. In this talk, I will give an overview about the past and present, the various techniques we use and where we are heading with our strategy.

This talk will be held in German.

eBPF – A Double-Edged Sword – Carsten Strotmann

The “extended Berkeley Packet Filter/Framework” (eBPF) allows users and applications to run programs directly in the core of the operating system. These programs then become part of the operating system kernel. This technology has huge advantages for administration, but also for securing computers and networks. eBPF makes possible new types of firewalls and intrusion detection, preventing DDoS attacks, and auditing of applications and operating system features.

However, eBPF programs can also be used by malware or an attacker to nestle in the operating system’s core. eBPF malware “flies under the radar”: it is invisible for traditional endpoint protection.

For a few years now, eBPF has been part of almost every Linux distribution, and Microsoft is currently porting it to Windows.

This presentation introduces the eBPF technology, provides examples of eBPF applications and malware, and shows how to minimize the risks posed by eBPF malware.

This talk will be held in German.

Car Hacking using Tesla as an example – Martin Herfurt

In the last few months and years, the security of Tesla vehicles has been a much-debated topic. Tesla is always keen on being especially innovative when it comes to technical challenges. For instance, since 2018 it has been possible to control some Tesla vehicles on the smartphone using the official Tesla app. This so-called “phone-as-a-key” feature is being integrated in Tesla models more and more often.

This presentation deals with the protocol used for communication between vehicle and smartphone. On the one hand, the underlying functionality will be explained, and errors hidden in the protocol, which might allow to steal such a vehicle, will be uncovered on the other.

This talk will be held in German.