Welcoming of the Guests
Matt Suiche, (Founder at Comae & OPCDE)
Keynote: How information sharing is saving us - The MISP project perspective
MISP Project is an open source project to efficiently share information. The project started as a threat intelligence platform but significantly evolved into a versatile open source project to support information sharing communities. Information sharing can be difficult but we will share our experience from the past 8 years on how to build sharing communities.
Alexandre Dulaunoy, (Core Team Member @ MISP, Researcher @ CIRCL)
Alexandre is a security researcher at CIRCL. He is also the lead developer of various open source tools and member of the MISP project core team. He love to break stuff and but also to do stuff.
It’s Goin’ Down: Finding New Threat Actors in Old Scriptures
Territorial Dispute continues to be an excellent resource for avid researchers undaunted by the thought of taking pointers from misplaced classified materials. For those blissfully unaware of TeDi, among the ShadowBrokers leaks we find two files far more noteworthy for threat intelligencers than the exploits and tools. Dr. Boldizar Bencsath and his team at CrySyS lab were the first to notice the value of ‘sigs.py’ and ‘drv_list.txt’. The former includes filenames and registry keys associated umbrellaed under a moniker ‘SIG[1-45]’. The CrySyS lab report is an excellent starting point to understand the contents of TeDi.
J. A. Guerrero-Saade, (Co-Founder and Head of Research @ Stealth Security Startup)
Juan Andrés is Co-Founder and Head of Research @ Stealth Security Startup. He was Staff Security Researcher at Chronicle Security tracking cyberespionage groups. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky's GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. Juan Andrés comes from a background of specialized research in Philosophical Logic. His publications include ‘The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage’, ‘Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks’, and ‘Walking in your Enemy's Shadow: When Fourth-Party Collection Becomes Attribution Hell’.
Panel: Vulnerability Disclosure
Casey Ellis, (Founder/Chairman/CTO @ BugCrowd);
Costin Raiu, (Director of Global Research and Analysis Team at Kaspersky);
The Grugq, (Moderator)
Casey is the Founder, Chairman, and CTO of Bugcrowd. He is an 18 year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2016. A proud ex-pat of Sydney Australia, Casey lives with his wife and two kids in the San Francisco Bay Area. He is happy as long as he’s passionately pursuing potential.
Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He is leading the Global Research & Analysis Team (GReAT) at Kaspersky that researched the inner workings of Stuxnet, Duqu, Carbanak and more recently, Lazarus, BlueNoroff, Moonlight Maze and the Equation group. Costin’s work includes analyzing malicious websites, exploits and online banking malware. Costin has over 24 years of experience in anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board, a member of the Computer AntiVirus Researchers’ Organization (CARO) and a reporter for the Wildlist Organization International. Before joining Kaspersky, Costin worked for GeCad as Chief Researcher and as a Data Security Expert with the RAV antivirus developers group. Costin joined Kaspersky Lab in 2000 and became the Director of the Global Research & Analysis Team in 2010.
grugq has been analyzing and authoring content about applied security, cyber, operational, and otherwise for around 25 years. His writings range from in-depth papers on forensics and anti-forensics, to detailed analysis of events that skirt both international espionage and cyber security. grugq has been cited in The New York Times, The Washington Post, Wired (magazine), and Vice (magazine) as well as referenced at security conferences. grugq has grown a large following online and as of April 2019 had over 102k followers on Twitter and over 30k followers on Medium.
Search & Delete: eDiscovery using EWS & Graph APIs
During this presentation I’ll give an overview of both EWS (Exchange Web Services) & Microsoft Graph APIs that can be used to search & delete email messages. Additionally I’ll show two python packages I’ve written called py-ews & graphish. https://github.com/swimlane/graphish / https://github.com/swimlane/pyews
Josh Rickard, (Swimlane)
Josh’s primary focus is in Windows security, PowerShell and Python automation. He is a GIAC Certified Windows Security Administrator (GCWN) and GIAC Certified Forensic Analyst (GCFA). You can reach Josh at letsautomate.it or on Twitter at @MSAdministrator.
Closing Remarks
Matt Suiche, (Founder at Comae & OPCDE)
