Landgangen 1, 0252 Oslo, Norway, Thief Hotel
Vulnerabilities in Critical Infrstructures
In today’s industry, too many people continue to make the same mistakes with their network security over and over again, and it seems like we just aren’t learning our lesson. It was Einstein who once said, “You cannot solve problems by using the same kind of thinking that we used when we created them,” meaning, if a dilemma arises, you can’t hope to fix it and keep it fixed without changing your methods. We all seem to fall into one or more of these habits over time, so to help remind us all of what we need to look out for, let's talk about some common network security issues and solutions.
Points to be learned
- Common security conceptions & mistakes that lead to major security incidents.
- Weaknesses of third party security appliances.
- How 0 Day vulnerabilities are discovered & used as attacking tools.
REGISTRATION AND COFFEE
Per ThorsheimIndependent Security Advisor
BROWSER SECURITY & ZERO DAY EXPLOITS HOW CAN A CRIMINAL GAIN CONTROL OF YOUR NETWORK?
- Zero day IE11 exploit demonstration.
- How are vulnerabilities in the most audited software such as Windows or the most popular and widely used browsers discovered?
- What are the methods of acquiring / researching for zero day exploits as well as life scenarios of previous attacks conducted on banks?
MEETING ZONES & REFRESHMENTS
PENETRATION TESTING OF UNIQUE PROPRIETARY PROTOCOLS
In many instances industry sectors build their own systems and protocols which are then adopted and implemented by companies within these sectors. Since these protocols and systems are not standard, many penetration testers would not know how to test these systems effectively, as there are no publicly available tools that support testing of these protocols.
- Analysis of proprietary protocols.
- Custom tool development.
- Real-world examples from the banking sector.
- Effective testing of proprietary protocols.
ENTERPRISE NETWORKS - COMMON SECURITY CHALLENGES
- Common challenges that are the culprits behind security incidents in many cases.
- Server-side security logic & Agile security.
- Network segregation misconfigurations & Outdated software.
THE THREAT OF THIRD PARTY SECURITY APPLIANCES
Most people feel more protected when they add another security appliance to their network. They spend a large part of their security budget to buy these solutions. In most cases they are increasing the attack surface by a big factor.
- What exactly are the risks of installing third party security software or hardware in your network?
- Our case study of a vulnerability found during a routine penetration test in a FireEye appliance,. which was exploited to gain full access to the customer’s network.
- Examples of similar findings in other various security products.
SUMMARY OF THE DAY
|attendees||sessions||best rated speaker||best rated session|
|35||4||Per Thorsheim||The Threat of Third Party Security Appliances|
It was more of a meeting that we, technical people, appreciate plus me business peers found if of general interest.
Events only news: