7
0
Fork 0

Talks in NJ2022 toegevoegd

This commit is contained in:
Patrick Reijnen 2023-06-17 21:35:55 +02:00
parent efc83f7cc6
commit 8d3ba01f7f
3 changed files with 62 additions and 1 deletions

View file

@ -110,7 +110,7 @@ event_schedule:
talk:
speaker: Rob Hulsebos
title: OT Cybersecurity Challenges
link: rob-hulsebos-ot-cybersecurity-challenges
link: talks/rob-hulsebos-ot-cybersecurity-challenges/
- column:
talk:
speaker: Michiel Leenaars
@ -120,6 +120,7 @@ event_schedule:
talk:
speaker: Sake Blok
title: "LOG4SHELL: Getting to know your adversary"
link: talks/sake-blok-log4shell-getting-to-know-your-adversary/
- row:
columns:
- column:
@ -137,6 +138,7 @@ event_schedule:
talk:
speaker: Francisco Dominguez and Zawadi Done
title: Automating incindent response should be the default
link: talks/francisco-dominguez-en-zawadi-done-automating-incident-response-should-be-the-default/
- column:
talk:
speaker: Andreas Hülsing

View file

@ -0,0 +1,31 @@
---
categories:
date: 2022-11-29T20:31:43+02:00
description:
layout: event-talk
slug:
tags:
title: "Francisco Dominguez & Zawadi Done - Automating incident response should be the default"
speakers:
- francisco-dominguez
- zawadi-done
presentation:
filename: 2022-11-29-francisco-dominguez-en-zawadi-done-automating-incident-response-should-be-the-default.pdf
recording:
platform: youtube
url: https://www.youtube.com/watch?v=CH2ntnZxZks
---
## Abstract
We are going to present the role of open source software during a typical incident response process, whereby we will focus on the main phases that are usually applicable: Acquiring data, Processing data & Analyzing information. Most of these phases lean heavily on open source tools that are widely used by analysts in their daily operation. This talk will guide you from using these tools manually to using these tools automatically and magically. Well not really magically, but we will emphasize the application of a DevOps mindset to the process that most incident response analysts execute on daily basis, including ourselves.
## Biography Francisco
Bouncing between technical deep dives and board room chatter Francisco Dominguez has been involved with security (nowadays Cybersecurity) for the last 20 years and has kept track of some of it on his personal blog. Hacking and breaking different environments by combining technical knowledge and understanding of the surrounding process has always been his main passion. For example, he was involved in the investigation of the software and processes used to support the Dutch national elections. Unfortunately, those pesky commercial NDAs dont allow the naming of other fun jobs that involved social engineering people, jumping airgaps, fences or listening to hard disks to know if they are encrypted. Most of his offensive career he worked at Fox-IT and Securify, nowadays he is viewing security from the defense side while working at Hunt & Hackett.
## Biography Zawadi
Zawadi Done is 22 years old and works as an Incident Responder at Hunt and Hackett and is also pursuing a bachelor's degree in Cyber Security and Cloud.
The profile picture by Dennis van Zuijlekom is licensed under [CC BY SA 2.0](https://creativecommons.org/licenses/by-sa/2.0/).

View file

@ -0,0 +1,28 @@
---
categories:
date: 2022-11-29T20:31:43+02:00
description:
layout: event-talk
slug:
tags:
title: "Sake Blok - LOG4SHELL: Getting to know your adversary"
speakers:
- sake-blok
presentation:
filename: 2022-11-29-sake-blok-log4shell-getting-to-know-your-adversary.pdf
recording:
platform: youtube
url: https://youtu.be/99dGW1Ou0Dk
---
## Abstract
What does a LOG4SHELL attack look like on the network and how to analyze the LOG4SHELL attack (including some of its deployed exploits) with Wireshark.
In December 2021, the IT world was shaken up by a CVE with score 10. A vulnerability in the widely used log4j logging library allowed an attacker to run arbitrary code on the system by making it log a specific string. As a lot of elements in the logging comes from user controlled data, the exploit was very easy use.
In order to understand the attack and it's impact, I reproduced an attack in my LAB. And after that, I set up a honeypot to collect attack samples. I went one step further and set up an isolated system and deliberately infected it with some of the exploits to see what it would do. In this talk I will walk through the process of (safely) setting up the LAB systems, the honeypot and the infected victim. The captured traffic will be analyzed with Wireshark and some hints and tips on how to use Wireshark in a security context will be given.
## Biography
Sake Blok calls himself "Relational Therapist for Computer Systems", as he solves problems by looking closely at the communication between computer systems. He has been using Wireshark/Ethereal for almost 20 years. In 2009, Sake started the company SYN-bit to provide network analysis and training services to enterprises across Europe. During his work, Sake started developing functionality for Wireshark that he missed while working with the analyser in his day-to-day job. He also enhanced multiple protocol dissectors to suit his analysis needs. In 2007, Sake joined the Wireshark Core Development team.