Awwwards

Vulnerabilities in Critical Infrstructures

In today’s industry, too many people continue to make the same mistakes with their network security over and over again, and it seems like we just aren’t learning our lesson. It was Einstein who once said, “You cannot solve problems by using the same kind of thinking that we used when we created them,” meaning, if a dilemma arises, you can’t hope to fix it and keep it fixed without changing your methods. We all seem to fall into one or more of these habits over time, so to help remind us all of what we need to look out for, let's talk about  some common network security issues and solutions.

Points to be learned

  1. Common security conceptions &  mistakes that lead to major security incidents.
  2. Weaknesses of third party security appliances. 
  3. How 0 Day vulnerabilities are discovered &  used as attacking tools.
  • 4

    topics

  • 5

    hours

  • 7

    discussions

  • 30

    key participants

Participants

Program

Print out
program icon
08:45 - 09:00

REGISTRATION AND COFFEE

program icon
09:00 - 09:15

OPENING REMARKS

Per Thorsheim

Per Thorsheim

Independent Security Advisor
program icon
09:15- 09:45

BROWSER SECURITY & ZERO DAY EXPLOITS HOW CAN A CRIMINAL GAIN CONTROL OF YOUR NETWORK?

This talk presents the threats of zero day exploits to the internal/external IT infrastructure of a network. Be part of a demonstration and hear the results of theR&D labs’ zero-day research on the latest version of Internet Explorer.
  1. Zero day IE11 exploit demonstration.
  2. How are vulnerabilities in the most audited software such as Windows or the most popular and widely used browsers discovered?
  3. What are the methods of acquiring / researching for zero day exploits as well as life scenarios of previous attacks conducted on banks?
program icon
09:45-10:15

MEETING ZONES & REFRESHMENTS

program icon
10:15 - 10:45

PENETRATION TESTING OF UNIQUE PROPRIETARY PROTOCOLS

In many instances industry sectors build their own systems and protocols which are then adopted and implemented by companies within these sectors. Since these protocols and systems are not standard, many penetration testers would not know how to test these systems effectively, as there are no publicly available tools that support testing of these protocols.

  1. Analysis of proprietary protocols.
  2. Custom tool development.
  3. Real-world examples from the banking sector.
  4. Effective testing of proprietary protocols.
program icon
10:45 - 11:30

ENTERPRISE NETWORKS - COMMON SECURITY CHALLENGES

Interactive round-table discussion around common security challenges in complex enterprise networks. Hear about vast experiences from previous penetration tests and discuss your approaches.
  1. Common challenges that are the culprits behind security incidents in many cases.
  2. Server-side security logic & Agile security.
  3. Network segregation misconfigurations & Outdated software.
program icon
11:30-12:30

NETWORKING LUNCH

program icon
12:30-13.00

THE THREAT OF THIRD PARTY SECURITY APPLIANCES

Most people feel more protected when they add another security appliance to their network. They spend a large part of their security budget to buy these solutions. In most cases they are increasing the attack surface by a big factor.

  1. What exactly are the risks of installing third party security software or hardware in your network?
  2. Our case study of a vulnerability found during a routine penetration test in a FireEye appliance,. which was exploited to gain full access to the customer’s network.
  3. Examples of similar findings in other various security products.
program icon
13:30-14.00

SUMMARY OF THE DAY

program icon
13:30-14:00

OPEN NETWORKING

Post event

attendeessessionsbest rated speakerbest rated session
354Per ThorsheimThe Threat of Third Party Security Appliances

It was more of a meeting that we, technical people, appreciate plus me business peers found if of general interest.

A security guy

CTO