Talks in NJ2022 toegevoegd

content/evenementen/nluug/najaarsconferentie-2022/_index.md

@@ -110,7 +110,7 @@ event_schedule:
       talk:
         speaker: Rob Hulsebos
         title: OT Cybersecurity Challenges
-        link: rob-hulsebos-ot-cybersecurity-challenges
+        link: talks/rob-hulsebos-ot-cybersecurity-challenges/
     - column:
       talk:
         speaker: Michiel Leenaars
@@ -120,6 +120,7 @@ event_schedule:
       talk:
         speaker: Sake Blok
         title: "LOG4SHELL: Getting to know your adversary"
+        link: talks/sake-blok-log4shell-getting-to-know-your-adversary/
   - row:
     columns:
     - column:
@@ -137,6 +138,7 @@ event_schedule:
       talk:
         speaker: Francisco Dominguez and Zawadi Done
         title: Automating incindent response should be the default
+        link: talks/francisco-dominguez-en-zawadi-done-automating-incident-response-should-be-the-default/
     - column:
       talk:
         speaker: Andreas Hülsing

content/evenementen/nluug/najaarsconferentie-2022/talks/francisco-dominguez-en-zawadi-done-automating-incident-response-should-be-the-default.md

@@ -0,0 +1,31 @@
+---
+categories:
+date: 2022-11-29T20:31:43+02:00
+description:
+layout: event-talk
+slug:
+tags:
+title: "Francisco Dominguez & Zawadi Done - Automating incident response should be the default"
+speakers:
+- francisco-dominguez
+- zawadi-done
+presentation:
+  filename: 2022-11-29-francisco-dominguez-en-zawadi-done-automating-incident-response-should-be-the-default.pdf
+recording:
+  platform: youtube
+  url: https://www.youtube.com/watch?v=CH2ntnZxZks
+---
+
+## Abstract
+
+We are going to present the role of open source software during a typical incident response process, whereby we will focus on the main phases that are usually applicable: Acquiring data, Processing data & Analyzing information. Most of these phases lean heavily on open source tools that are widely used by analysts in their daily operation. This talk will guide you from using these tools manually to using these tools automatically and magically. Well not really magically, but we will emphasize the application of a DevOps mindset to the process that most incident response analysts execute on daily basis, including ourselves.
+
+## Biography Francisco
+
+Bouncing between technical deep dives and board room chatter Francisco Dominguez has been involved with security (nowadays Cybersecurity) for the last 20 years and has kept track of some of it on his personal blog. Hacking and breaking different environments by combining technical knowledge and understanding of the surrounding process has always been his main passion. For example, he was involved in the investigation of the software and processes used to support the Dutch national elections. Unfortunately, those pesky commercial NDAs don’t allow the naming of other fun jobs that involved social engineering people, jumping airgaps, fences or listening to hard disks to know if they are encrypted. Most of his offensive career he worked at Fox-IT and Securify, nowadays he is viewing security from the defense side while working at Hunt & Hackett.
+
+## Biography Zawadi
+
+Zawadi Done is 22 years old and works as an Incident Responder at Hunt and Hackett and is also pursuing a bachelor's degree in Cyber Security and Cloud.
+
+The profile picture by Dennis van Zuijlekom is licensed under [CC BY SA 2.0](https://creativecommons.org/licenses/by-sa/2.0/).

content/evenementen/nluug/najaarsconferentie-2022/talks/sake-blok-log4shell-getting-to-know-your-adversary.md

@@ -0,0 +1,28 @@
+---
+categories:
+date: 2022-11-29T20:31:43+02:00
+description:
+layout: event-talk
+slug:
+tags:
+title: "Sake Blok - LOG4SHELL: Getting to know your adversary"
+speakers:
+- sake-blok
+presentation:
+  filename: 2022-11-29-sake-blok-log4shell-getting-to-know-your-adversary.pdf
+recording:
+  platform: youtube
+  url: https://youtu.be/99dGW1Ou0Dk
+---
+
+## Abstract
+
+What does a LOG4SHELL attack look like on the network and how to analyze the LOG4SHELL attack (including some of its deployed exploits) with Wireshark.
+
+In December 2021, the IT world was shaken up by a CVE with score 10. A vulnerability in the widely used log4j logging library allowed an attacker to run arbitrary code on the system by making it log a specific string. As a lot of elements in the logging comes from user controlled data, the exploit was very easy use.
+
+In order to understand the attack and it's impact, I reproduced an attack in my LAB. And after that, I set up a honeypot to collect attack samples. I went one step further and set up an isolated system and deliberately infected it with some of the exploits to see what it would do. In this talk I will walk through the process of (safely) setting up the LAB systems, the honeypot and the infected victim. The captured traffic will be analyzed with Wireshark and some hints and tips on how to use Wireshark in a security context will be given.
+
+## Biography
+
+Sake Blok calls himself "Relational Therapist for Computer Systems", as he solves problems by looking closely at the communication between computer systems. He has been using Wireshark/Ethereal for almost 20 years. In 2009, Sake started the company SYN-bit to provide network analysis and training services to enterprises across Europe. During his work, Sake started developing functionality for Wireshark that he missed while working with the analyser in his day-to-day job. He also enhanced multiple protocol dissectors to suit his analysis needs. In 2007, Sake joined the Wireshark Core Development team.