cybercrime security forum

Build Your defence now!

Ben jij voorbereid op de volgende golf van cybercrime? Kom naar het Cybercrime Security Forum 2017 en zorg ervoor dat je in staat bent jezelf en de organisatie te verdedigen.

De vraag is niet óf, maar wanneer je organisatie wordt getroffen door een cybercrime-aanval. Hoe kun je internetcriminelen te slim af zijn? Kom naar het 9e Cybercrime Security Forum op 20 en 21 maart 2017 dat we organiseren bij Fort Voordorp in Groenekan, vlak naast Utrecht.

Op het Cybercrime Security Forum 2017 leer je hoe jouw organisatie zich kan wapenen tegen cybercrime. Zoals je van Global Knowledge gewend bent krijg je niet alleen actuele achtergrondkennis, tips en do’s and dont’s om uw ICT-infrastructuur, bedrijfsdata en applicaties te beveiligen tegen online gevaren, maar ook de kans om zelf te ervaren hoe het is om te hacken tijdens de hands-on Deep Dive hacking sessies.

Welke security specialisten komen er?

Keynotes en deep dive-sessies van internationale security-specialisten informeren je over social engineering, the dark side of Meta data, het gebruik van NMAP als een wapen tegen cybercrime en nog veel meer. Tijdens de hacking deep dives krijg je sessies zoals Hacking like Mr Robot, Exploit Writing, CSI Windows en de Top 10 Infrastructure security fouten.

Andy Malone

Andy Malone is een gepassioneerde security consultant en spreker met ruim twintig jaar internationale ervaring, onder andere op Microsoft TechEd. Op het Cybercrime Security Forum behandelt hij onderwerpen als de kern van metadata, geheime netwerken, voice recognition en social engineering.

John Craddock

John Craddock is een vermaard IT en security spreker en adviseert de grootste bedrijven ter wereld. Hij heeft een staat van dienst als expert op het gebied van Microsoft technologie: Microsoft Active Directory, Direct Access en IPv6. Daarnaast heeft hij expertise op het gebied van disaster prevention en recovery. Zijn motto: Get It Right By Design.

Sasa Kranjac

Sasa Kranjec is een technisch trainer met een sterke focus op alles wat met security te maken heeft. Hij houdt ervan operating systemen uit elkaar te pluizen. Hij heeft meer dan 30 IT certificeringen op zijn naam staan, zoals Microsoft Certified Trainer, Certified EC-Council Instructor en Certified Ethical hacker.

Michael Jankowski-Lorek

Michael Jankowski-Lorek is een database en cloud solutions expert met een diepgaande kennis van machine learning. Hij werkt vooral met complexe database systemen van Microsoft en Oracle, maar ontwerpt ook IT infrastucturen op basis van Microsoft en Cisco technologie. Vanuit zijn big data focus laat hij je zien wat er kan gebeuren als een hacker je netwerk overneemt.

Edwin van Andel

Geboren in het goede wijnjaar 1970, drukte hij al op de knoppen vanuit de wieg. In zijn jeugdjaren was geen apparaat veilig voor hem, en zijn pubertijd werd door het ontdekken van computers, modems en de hack-tic door zijn naasten omschreven als een “zeer desastreuze periode”. Edwin is verkozen tot winnaar van de Lightning talks op Brucon 2013 en organisator van het alternatieve NCSC-congres.

Lovisa Bonnevier

Lovisa Bonnevier heeft al 20 jaar ervaring in cybersecurity. Na een start als IT Auditor heeft ze inmiddels gewerkt op het gebied van managed security services, security consultancy en verschillende strategische adviesfuncties bekleed. Ze snapt de uitdagingen die de technologie met zich meebrengt en spreekt de taal van het management die bezig zijn met prioriteiten en risico’s. Lovisa is een expert in haar vakgebied en spreekt veel op events in de Nordics.

Programma Cybercrime Security Forum 2017

We hebben het programma in twee tracks opgedeeld. Je kunt na aanmelding aangeven uit welke track je welke sessie bij wilt wonen. Zo bepaal je zelf waar je je kennis vergroot!

20 maart, track 1: Hot topics in Cybercrime (Low to medium technical)

8.30 – 9.00 uur Ontvangst en koffie

9.00 – 9.15 uur Welkom en introductie door Global Knowledge

9.15 – 10.30 uur Through a Mirror Darkly: A Journey to the Dark Side of Metadata – Andy Malone

In the world of Cyberspace exists a secret currency of information that is being traded without your knowledge. In his latest thought provoking session, join Andy Malone as he takes you on a journey into the heart of metadata. To understand what is it and how it works. You’ll be amazed at how information can be peeled away to reveal your deepest secrets. Most importantly we will learn how to protect yourself and your data from potential misuse. By adopting simple best practices you’ll ensure that your secrets truly remain secure.

10.30 – 10.45 uur Pauze

10.45 – 12.00 uur Yin and Yang of Network Forensics and Traffic Analysis – Wireshark and NMAP – Sasa Kranjac

These two very popular and useful tools work hand by hand in assisting you gathering network information and identifying malicious activity. Victims usually find out about the attack only AFTER the damage is done. But can you detect an attack and respond while it is in progress? We will serve Wireshark as a main course with NMAP as a side dish and give you a pleasure to see, feel and taste scanning, discovery and analysis of suspect traffic that might be going on your network.

12.00 – 13.00 uur Guest Speaker

13.00 uur – 14.00 uur Lunch

14.00 – 15.15 uur Thanks for lending me your password – John Craddock

I’m sitting on a tropical beach sipping a Pina Colada and it’s all thanks to you. “Yes I like Pina Coladas and getting caught in the rain” – Thanks again. Of course, giving away your password is something you would never do, but there are ways of extracting just that information whether it be through social engineering or technical trickery that ranges from the primitive to erudite. Come to this session and John Craddock will take you through the attack paths, mitigations and methods of staying safe.

15.15 – 15.30 uur Pauze

15.30 – 16.45 uur Going Underground: Discovering & Exploiting Covert Network Channels – Andy Malone

There’s a hidden world that you never knew existed. In this fascinating deep dive, join Andy Malone as he takes you inside the murky world of covert network channels. Beyond the well-known ports, hackers and bad guys lurk waiting to deploy viruses, Trojans or worse. Join Andy Malone in this fascinating session to discover what lies beneath. Packed with demos, trick and tips to ensure that your network is properly monitored and secured.

16.45 -17.15 uur Cybercrime Security Panel Discussion (All Speakers)

21 maart, track 1: Hot topics in Cybercrime (Low to medium technical)

8.30 uur – 9.00 uur Ontvangst en koffie

9.00 – 10.15 uur For your ear’s only: Voice Recognition Security Secrets Unleashed! – Andy Malone

Voice recognition is hot and appears to be everywhere. From Cortana in Windows 10 devices to TV’s, smartphones and even web browsers. But just how this amazing technology works remains a mystery for many. Join Andy Malone as he uncovers the secrets behind voice recognition technology and how it’s changing our world. Whilst this fascinating technology may be a godsend for many, it’s also uncovered some alarming security flaws and IT and as such Security professionals need to fully understand this amazing technology. Join Andy Malone as he investigates the rise of Voice recognition and asks if it’s a technological wonder or a security nightmare. Packed with topical debate, demos and tips and tricks, this is a 75min security session you won’t forget.

10.15-10.30 uur Pauze

10.30 uur – 11.45 uur In a world beyond passwords – John Craddock

Come to this session and discover how federated identity can eliminate the need for passwords and provide Single-Sign-On (SSO) for access to all web resources. You will learn: how to build federated identity solutions, how to manage different devices and the requirements for authentication and authorization. Although the proposed solution will be primarily built around Microsoft technologies and cloud services, the concepts apply to any platform solution. You also learn about the risks and mitigations.

11.45 – 13.00 uur Dr. Jekyll and Mr. Hyde – NMAP for Good and NMAP for Evil – Sasa Kranjac

So, you are responsible for your network. Do you know what is going on with your network? Are unnecessary ports on network computers closed? You have shut down port 80 but how do you know a web server is not running on a port other than the standard one? Is there a game server coming alive in the middle of the night or are there any bots hiding? Vulnerable applications, rouge devices such as laptops, tablets and wireless access points – all pose a significant threat if undetected. Misconfigured firewalls add wound to the insult. You will use NMAP as the weapon to do some good and dive deep into its command line on the journey to secure the network. After that, you will put your Black Hat on and dive deeper with NMAP to the dark side…

13.00 – 14.00 Lunch

14.00 – 15.15 uur Opening Pandora’s Box: Social Networks & How to Exploit Their Dirty Secrets – Andy Malone

These two very popular and useful tools work hand by hand in assisting you gathering network information and identifying malicious activity. Victims usually find out about the attack only AFTER the damage is done. But can you detect an attack and respond while it is in progress? We will serve Wireshark as a main course with NMAP as a side dish and give you a pleasure to see, feel and taste scanning, discovery and analysis of suspect traffic that might be going on your network.

15.15 -15.30 uur Pauze

15.30 – 16.45 uur Guest Speaker

16.45 uur – 17.15 uur Afsluiting

20 maart, track 2: Hacking Deep Dives (highly technical sessions)

8.30 – 9.00 uur Ontvangst en koffie

9.00 – 9.15 uur Welkom en introductie door Global Knowledge

9.15 – 10.30 uur Hacking Like Mr. Robot – Edwin van Andel

The last few months, many of us have enjoyed the new TV-series around Cyber hacking, called Mr. ROBOT! In this TV-series many of the hacks on show where based on real life hacks. This in contrary with other series and movies around Cyber hacking. For many of you who would like to experience how these hacks work, this session is for you! During this hacking deep dive we will show you and give you the experience on how some of these great hacks, performed on Mr. ROBOT will work and can be executed! Hacks performed during this session are among others, How Elliot Fsociety destroyed Evil Corp’s data (De HVAC attack), Ultra-secure emails, de MagSpoof dooropener device, Hacking Raspberry Pi device, hiding data in audio files, Spy on anyone’s Smartphone activity, Hacking Bluetooth, Sending Spoofed SMS messages.

10.30 – 10.45 uur Pauze

10.45 – 12.00 uur Top 10 Infrastructure Security Mistakes that Bring Administrators to Their Knees – Cqure

Let’s face it! Do you maintain the IT environment where there are solutions that you want to raze to the ground? Have you ever got the project documentation with the suggestions like: “Turn off UAC” or “Add the user’s account to the Administrators group”? If yes, you know exactly what this session is about! These are just a few simple examples, what about the less obvious ones that seriously affect the security of your organization? Sometimes they are within the requirements of big solutions that have been accepted on the management level. At the end nobody but Administrators need to solve the problems that have just popped-up with already made decision. During the session Paula will show the real-live examples about what are the biggest infrastructure configuration mistakes made during the implementations and what Administrators can do about systems that they prefer not to touch. Very technical session!

12.00 – 13.00 uur Build your own USB Rubber Ducky – Edwin van Andel

A USB rubber ducky is an USB stick which can emulate a keyboard. This device looks like an ordinary USB memory stick but will be recognized by a PC as a standard Keyboard! With this little piece of program code, you will be able to make the memory stick perform a number of handy and sneaky actions on a high speed without even touching the keyboard! The official USB Rubber Ducky will cost you around 45 Euro. However, during this session we will create your own and of course show you many fun hacks you can perform with your own Rubber Ducky!

13.00 uur – 14.00 uur Lunch

14.00 – 15.15 uur The Ultimate Hardening Guide: What To Do To Make Hackers Pick Someone Else – Cqure

It is pretty clear that we have a smart new generation who understand how to get around computer systems — some are doing it just for fun, while others are doing it with a slightly more sinister intent! Then we read in newspapers about these impressive findings done by a young hacker. Let’s stop there and think for a while! Are these really targeted attacks or it was just for a good time and by accident he discovered something that had some usefulness. Did you see all these breaking news stories about destroying another botnet containing millions of computers? Why are they targeting these computers and not others? Usually the young hacker’s goal is very simple: let’s do whatever is possible. Our response should be, ‘Do whatever you want but somewhere else!’ During Paula’s session you will learn how to strengthen systems and stop the data breaches that litter the news sites today. Come and enjoy the live-experience presentation with engaging stories and demos! Let’s deter hackers together— whether they’re 7 or 70 years old!

15.15 – 15.30 uur Pauze

15.30 – 16.45 uur Exploit Writing – Edwin van Andel

A real Deep Dive! We will look at how in the basics an Exploit works. Next to this we will try to create our own Exploit for a vulnerable application. This is relatively easy to do with the help of a so called ‘debugger’ and a piece of Phyton code! Some familiarity with assembly for the i386 platform and PC architecture is needed. Other than this all necessary steps are shown in this great hacking session!

16.45 -17.15 uur Cybercrime Security Panel Discussion (All Speakers)

17.15 – Afsluiting en borrel

21 maart, track 2: Hacking Deep Dives (highly technical sessions)

8.30 uur – 9.00 uur Ontvangst en koffie

9.00 – 10.15 uur CSI: Windows – Techniques for Finding the Cause of the Unexpected System Takeovers – Cqure

Ok, so this is what has happened: An attacker got into your infrastructure, used server’s misconfiguration, created themselves an account and… Exactly! And what? Or maybe let’s stay on the ground: you would like to know where to gather information about activities in an operating system. In both cases this session is for you! This is the moment that we wonder what else could happen except for what we see and if it is possible to trace back hacker’s activities in our systems. Yes it is! By performing several analysis we are able to get enough evidence of performed malicious actions. This type of monitoring can be also useful when performing the regular investigation of what happened in the system, not only from the attacker’s perspective. Come and see what it mean to be hacked and that nothing can be completely hidden! During this session you will become familiar on how to trace system related situations and how to establish informative monitoring that can alarm you if something goes wrong in your environment. This session is a real deep-dive into the monitoring world so be prepared for a hard-core technical ride!

10.15-10.30 uur Pauze

10.30 uur – 11.45 uur Capture the Flag! – Edwin van Andel

Within the Cybercrime world it is very common to use Capture the Flag assignments to test how great security specialists or hackers are in their profession! There are a number of great annual contest around the globe such as Pwn2Own and Cyberlympics. For this session we have created a number of systems with CTF assignments for you. Your job is simple…. Conquer as many flags as you can!

11.45 – 13.00 uur Hidden Talents: Things Administrators Never Expect From Their Users regarding Security – Cqure

You have just finished building your new shiny server room in the hopes of achieving infrastructure nirvana with both improved security and availability. The ability to keep your infrastructure ‘up and running’ makes you smile. All problems are gone, right? Think again. 10 minutes! This is the time that allows a regular user to attack your infrastructure. Effectively! With a chance for a coffee… These crypto-attackers, when with bad intentions, quickly discover that the weakest link in any environment is end users and with the multitude of applications they run. Evil users are in the situation that puts them in direct contact with end-user data and credentials with minimal digging, and without the worry of a professional IT security department looking over the attacker’s shoulder. On the other hand, even innocent users are as dangerous as administrator’s level of ignorance for the implementation of security settings in the infrastructure! The typical rich and poorly managed software ecosystem on users’ workstations provides great attack surface for malicious… users! To take advantage of this sorry state of security, administrators need to be aware how their infrastructure looks from the users’ perspective and how far users can go or sometimes they just do not have a choice! During this session Paula will show you the possibilities and ideas that users can come up with and the effects of their tasks. Come and learn from someone else’s mistakes!

13.00 – 14.00 Lunch

14.00 – 15.15 uur Forensics Case – Edwin van Andel

Where hackers will try to get in to your IT systems, with the means of the ultimate full control, with forensics cases the goal to research how hackers did get in to your systems and create enough evidence to proof it! During this hacking deep dive you will do forensic investigation on a hacked system image, with the help of the open source tool Autopsy. Your goal is to reproduce exactly what has happened and to point out the guilty hackers!

15.15 -15.30 uur Pauze

15.30 – 16.45 uur Hacker’s Perspective on your Windows Infrastructure: Mandatory Check List – Cqure

If there is a weakness in your IT security system, wouldn’t it be better to find it before someone else does? The worst thing is that even a small scale security breach could leave your business in poor condition and in the end information security is not an IT department’s problem, it is a business issue! As long as we are aware about the value of the resources to be protected, why don’t we put ourselves into the hacker’s role and perform all the activities they would do as well? Of course it requires some very specific knowledge that may be hard to learn when our work focuses more on creating than destroying, but the results will give us a perspective on what other people with bad intentions can see. Sometimes it is really surprising how often you can use the same paths to enter to the system! During this intensive session you will become familiar with the mandatory tasks that are performed by hackers or penetration testers in order to check for misconfigurations and vulnerabilities. Come and join Paula in the journey to the darker side of IT security and use this knowledge for making good decisions in your system. Do not forget to keep the mandatory security check list in your pocket!

16.45 uur – 17.15 uur Afsluiting

Kom naar het Cybercrime Security Forum 2017!

Slechts €995,-