Delfina Chain, lawyer graduated from Universidad de San Andres, works as a Senior Analyst of Business Risk Intelligence for Latin America in Flashpoint. As a senior analyst and based on her previous experience, Delfina helps clients in the region to identify and mitigate risks understanding the challenges they present and transforming analysis into actionable intelligence for different organizations. Delfina has worked in the Argentine Government on issues related to cybersecurity, technology, and risk management. In her free time she enjoys practicing triathlon.
The use of Machine Learning by Cybercriminals
Machine learning is undoubtedly a trending topic. But before we begin its important to clarify the differences between Artificial Intelligence and Machine Learning. The use of ML in cybersecurity is something security experts are starting to talk about, but are they the only ones trying to implement ML techniques? What about cybercriminals? How can cybercriminals utilize machine learning for more efficient attacks?
Fabio Martins (a.k.a. Fosforo) trabalha na área de Segurança da Informação, programação e administração de sistemas há pelo menos 15 anos. Já prestou serviços e trabalhou em empresas como: Linux Solutions, Clávis Segurança da Informação, IBM, Nokia Siemens Networks, DBA Engenharia, Intercase, GENTE/COPPE/UFRJ, FACC/UFRJ
Nas áreas de Programação, Administração de servidores Unix, Windows e BSD, Integração de Sistemas, Segurança da Informação, E-commerce, Telecomunicação.
Um hobbysta das áreas de exploits, engenharia reversa em sistemas x86/x64, virtualização, TCP/IP, assembly, artefatos maliciosos.
Atualmente presta consultoria e faz trabalhos freelancer nas áreas acima.
Having Fun with ATMs - The Brazilian Way
Brazilians are well know to be creative people. When it comes to hacking and Jackpotting, it is no different. Being it online or offline attacks, if it comes to ATMs, there is a high chance Brazilians already had done it - and if it comes to techniques used, European hackers are miles far-away into the business. Ater interviewing, anonymously, some dark figures from the underground, we are going to show some techniques used by them in the past, the recommendations from Europol, and what we can expect in the future.
We are going to analyze some techniques used in the past, but not disclosed, by Brazilian Hackers from the underground to Jackpot ATMs, and look into (probable) new directions in this subject.
Filipe Balestra é hoje diretor da empresa PRIDE Security. Trabalha há mais de 15 anos na área de segurança da informação, com foco na parte ofensiva. É um dos organizadores da conferência Hackers to Hackers Conference (H2HC), bem como co-autor de artigos referenciados em diversas conferências e livros ao redor do mundo. Publicou diversas vulnerabilidades de segurança em softwares importantes, como FreeBSD, NetBSD, QNX RTOS, Sun Solaris, dentre outros. Uma das vulnerabilidades foi utilizada como referencia no livro "A Guide to Kernel Exploitation - Attacking the Core", publicado pela Syngress.
Pacote loko é um pacote de origem underground-brasileira que detectamos nas salas de IRC do século passado. Desde o inicio de seu aparecimento ele sempre foi low profile. Possui larga experiência em diversos tipos de hacking, mas sabe que tem muito para aprender.
Filipe Balestra & Pacote Loko
Red Team: From Zero 2 Domain Admin
Durante esta apresentação vamos descrever nossa experiência com Red Team e compartilhar
detalhes da nossa metodologia, lições aprendidas sobre o que realmente funciona na prática e algumas histórias reais, pois acreditamos que é uma forma menos maçante de aprender.
Exemplos de sucesso serão dissecados do início ao fim, envolvendo muita engenharia social e principalmente cara de pau.
Claro, teremos uma pitada técnica para quem gosta de bits e bytes. Isso me lembra do projeto de Red Team que o cliente tinha criptografia de disco e desenvolvemos um bootkit do zero para poder infectar, manter persistência e ter acesso remoto não autorizado nos laptops.
Chris Covert, based in Tokyo, has been working in both theoretical and practical applications of Cyber Security research since 2003. At Tenable, Chris is a Principal Product Manager in the Research group, responsible for strategizing, planning, and scheduling the major projects that Research deliver. Prior to joining Tenable, he was a long-time user of Tenable products as a consultant, and a voracious reader of all things vulnerability related.
Coping with Vulnerabilities -- What have we learned?
This talk will combine and review learnings from the last year of research at Tenable into Vulnerability Management practices -- what is working for us, what is working for attackers, how organizations are maturing (or not), and what Vulnerability Management program operators can look forward to next year.
* Talk sponsored by Tenable
Dmitry Bestuzhev - @dimitribest
2 meters down and back: hunting for most persistent implants
This presentation is about hunting UEFI implants and another undocumented "features" running on the Ring -2, gaining an eternal persistence in all machines over the globe.
What do Sofacy and Hacking Team threat actors have in common? Both successfully developed and used ITW low level Ring -2 implants targeting victims over the globe. Are they the only one players using such techniques gaining an eternal persistence on the machines? How to deal with the situation when your machine is an UEFI malicious implanted one? Will some secure OS help? Unfortunately the answer is no. In my presentation I will practically show how to hunt for malicious implants in UEFI, what have we found so far and what are the weirdest things we see right now.
Ian Gray is the Director of Americas Research and Analysis at Flashpoint, where he focuses on Deep & Dark Web intelligence. Ian actively researches cybercriminal usage of new and emerging technologies for malicious purposes in English and Portuguese language communities.
Prior to working at Flashpoint, Ian served on a number of warships in the United States Navy as a Surface Warfare Officer. He holds a Master's degree from Columbia University's School of International and Public Affairs, where he studied cyber policy. Ian is also an adjunct professor at Fordham University's Cybersecurity Program, where he teaches a course on technology and policy.
Ian W. Gray
The Life and Crimes of Brazilian Dark Marketplaces
This presentation will focus on the life of Brazilian dark web markets, Trishula and Mercado Negro, and analyze their impact on the Brazilian cybercrime landscape after their shutdown.
Mercado Negro launched onto the dark web as a Portuguese-language forum and marketplace, shortly after the database leak and eventual shut down of their predecessor, Trishula. Alternative dark web forums and marketplaces necessitated that Brazilians have an understanding of English, or reserve conversations for Portuguese language threads. The Mercado Negro administrator considered the forum as a “social project,” with the objective of ending physical attacks, like looting, and replacing them with the sale of credit cards, or virtual carding. Mercado Negro shut down after a year, claiming that law enforcement was targeting their servers. However, users speculated that the administrator performed an exit scam, leaving threat actors to find new venues for cybercrime discussions. This presentation will principally focus on the factors that lead to the creation of Trishula and Mercado Negro, and the external circumstances leading to their shuttering. As a post-mortem, the presentation will also feature some discussions and ideologies of the prominent threat actors from the forum, the vendors and popular goods on the marketplace, and projections about the future of Brazilian cybercrime.
André Piva é responsável pela pesquisa às ameaças digitais para América Latina e subsequente implementação de proteções através da Trusteer. Antes disso atuou por muitos anos no SOC Global da IBM Security, ajudando vários clientes de diferentes indústrias a entender as ameaças que os atinge e como se proteger delas.
Se beber, Não Transacione: Um Estudo do Crime Cibernético no Brasil
Até onde o fator humano pode impactar as empresas? Quão frágil é um relacionamento de confiança? O que os fraudadores cibernéticos do Brasil tem em comum? Estas perguntas são feitas e, possivelmente respondidas, por André Piva... Com foco no cenário de fraude atual, tanto o fator humano quanto os relacionamentos de confiança são postos a prova — o “elo mais fraco da corrente” terá uma novo significado.
Venha ver André Piva compartilhar alguns "insights" de como os fraudadores cibernéticos atuam nesse mercado, assim como conhecer alguns dos malwares financeiros mais comuns e discutir maneiras de detectar algumas dessas ameaças.
* Palestra patrocinada pela IBM
Vishal Chauhan is a Security Engineering Lead in Microsoft Security Response Center (MSRC) team. All his time at Microsoft, he has dribbled into everything security from Systems to Web and anything in between. Lately he has taken liking to various facets of cloud and web security.
Identity crisis: war stories from authentication failures
We will look at the complex identity protocols through the lenses of vulnerabilities that has been reported to Microsoft. We will use multiple case studies to articulate various facets of Identity and what kind of threats it exposes.
Your online identity has become one of your most valuable assets. Identity vulnerabilities can let attackers completely masquerade as you online: access your personal information, your social media, online banking, and more. In this talk, we will explore some of the vulnerabilities that Microsoft has observed related to online identity compromise and the approaches we’ve taken to address these issues. These examples will demonstrate how you might approach searching for other vulnerabilities in the identity space and the bug bounty programs that exist to support these efforts.
Bruno Oliveira is MSc, computer engineer and senior security consultant at Trustwave’s SpiderLabs. During his career, always kept focus in offensive security, nowadays works full-time in penetration testing at Trustwave and still spends some extra (good) hours on RE and exploit development. Spoken previously in many conferences around the globe as H2HC, YSTS, BlackHat, SOURCE, HackInTheBox, Ekoparty, THOTCON, AppSec USA, etc.
Under The Hood: Evolution of Windows Attacks
Windows is a very popular OS in Workstations and Servers. Its security evolved a lot since attacks became as popular as they are now. From Windows XP to Windows 10 several changes to its structure were done to become safer and more reliable. On this preso, it will be presented how was the evolution and how the attackers did to overcome the exploit mitigations. And in the end, we will see how everything worked out on real life.
Cyber Defense Technology Specialist, Graduada em Engenharia de Telecomunicações e pós Graduada em Engenharia de Redes e Sistemas de Telecomunicações ambos pelo Instituto Nacional de Telecomunicações – INATEL, Laís é Especialista em Defesa Cibernética, Machine Learning e Inteligência Artificial pela Darktrace e acumula mais de 8 anos de experiência nos mercados de Tecnologia, Segurança da Informação e Telecomunicações. Ao longo de sua carreira também atuou como Analista de Pré-Vendas de Segurança, Engenheiro de Vendas de Segurança e Consultor de Segurança da Informação até se tornar Especialista em Cyber Segurança.
Adapting to Fight Back: How Cyber AI Neutralizes Never-Before-Seen Threats
In a world that is increasingly digital, cyber-attack has become the most significant risk confronting today’s businesses, smart cities, and critical infrastructure. Online crime cost the world more than half a trillion dollars last year, while recent attacks have managed to influence the U.S. presidential election and disrupt the Ukrainian power supply. This troubling state of affairs is the product of several fundamental weaknesses with the traditional approach to cyber defense, which relies on predefining what threats look like at a time when criminals launch never-before-seen attacks on a daily basis. Moreover, these attacks increasingly strike at machine-speed, preventing security professionals from responding before their damage is done.
As a fundamentally unique approach to security, cyber AI systems need not predict tomorrow’s attacks based on yesterday’s threats. Powered by recent advances in artificial intelligence, the latest cyber AI security systems instead continuously refine their defenses by learning ‘on the job’ to differentiate between normal and abnormal behavior in an enterprise, enabling them to flag even subtly malicious activity. Thus, whereas traditional cyber security technologies are blind to unknown threats, self-learning cyber AI systems detect such novel attacks by spontaneously drawing connections that human programmers can’t see. And as ready-to-deploy exploit kits and advanced malware packages spawn new cyber-threats around the world, the challenge of securing the digital realm can only be met with AI security systems that can learn, evolve, and fight back.
In this session, you will learn:
•Where cyber-criminals have found weaknesses in legacy approaches to security
•Why only self-learning security tools can stop never-before-seen attacks
•How to protect your network from machine-speed attacks with Darktrace Antigena
•What gaining 100% network visibility of your entire digital estate — including cloud environments and IoT devices — can reveal about the latent vulnerabilities that advanced attackers are targeting today