talk – Security BSides Ljubljana

Talk: Invisible packets (Milan Gabor & Danijel Grah)

lowk3y — Wed, 18 Feb 2015 00:10:43 +0000

Abstract:
This talk will be about packets that are constantly flying around us. Main focus will be on Wi-Fi. We will look into the coverage of wireless signal in the area of Ljubljana, show some statistic about access points and what is visible with simple equipment for few dollars. Techniques will be discussed on how to attack access points and clients and how to defend them. We will demonstrate how to be online for free in the area of Ljubljana all the time. Additionally we will touch state of the art of data exfiltration techniques and secret channels.

Bio:
Milan Gabor is a Founder and CEO of Viris, Slovenian company specialized in information security. He is security professional, pen-tester and researcher. Milan is a distinguished and popular speaker on information security. He has previously been invited to speak at various events at different IT conferences in Slovenia and loves to talk to IT students at different Universities. He also does trainings regarding ethical hacking. He is always on a hunt for new and uncovered things and he really loves and enjoys his job.

Danijel Grah has a Bachelor degree in Computer Science at the University of Ljubljana, Slovenia. He is a Security Consultant at Viris for some time and is involved in penetration testing, security reviews, programming, consulting and research. He has deep understanding into threats, vulnerabilities and trends. He likes to practice Information Security in everyday life. Danijel is devoted to his work, open minded, enjoys new challenges and he never stops studying.

Talk: Low-Tech High-Intensity Phishing Attacks on Slovenian Banks (Gorazd Božič)

lowk3y — Wed, 18 Feb 2015 00:07:30 +0000

Abstract:
Last weeks of January 2015 a wave of phishing attacks was directed towards several Slovenian banks. In my presentation I will describe how we tracked the incident, the information we have gathered in that time and lessons we have learned. How did we at SI-CERT percieve different actors responding to our calls for phishing site takedowns?

Bio:
Gorazd Božič is the Head of the Slovenian national CERT (SI-CERT) which was established in 1995. Between 2000 and 2008 Gorazd was the Chairman of the European CERT group TF-CSIRT, which brings together all known CERTs in the wider European region and provides the accreditation and certification programme for CERTS – the Trusted Introducer. Gorazd has been the Slovenian representative to the the Management Board of ENISA, the European Network and Information Security Agency, since its formation in 2004.

Talk: Deep and dark web – demystifying differences and explaining key 2014 events (Jurica Čular)

lowk3y — Wed, 18 Feb 2015 00:05:19 +0000

Abstract:
Terms dark and deep web are very often confused even among the experts in information security. Although most of us are aware of their existence, methods used for researching these areas are not very well known. First part of the talk will bring insight in early mentioned differences and methods for researching. The second part of the talk will bring key events that occurred during the last year concentrating on law enforcement actions within the dark web. Talk will try to give some thoughts on potential future actions and responses from the dark side.

Bio:
Jurica Čular is working as an IT Security Advisor at Croatian Government’s CERT, part of Information Systems Security Bureau (ZSIS). Previously worked as IT security consultant for banking sector and Deloitte. He finished MBA in finance and marketing at Kelley School of Business, IU

Slides [PDF]

Talk: 2014 – Year of Broken Name Generator(s) (Miroslav Štampar)

lowk3y — Wed, 18 Feb 2015 00:01:45 +0000

Abstract:
This talk will give a retrospective overview of big vulnerabilities disclosed in 2014: goto fail, Heartbleed, Rosetta Flash, Shellshock, POODLE, Sandworm. Every vulnerability will be accompanied by basic information, brief technical description and associated exploitation methods.

Bio:
Miroslav Štampar is working as an IT Security Advisor at Croatian Government’s CERT, part of Information Systems Security Bureau (ZSIS). He is one of sqlmap authors, open source project for automated detection and exploitation of SQL injection vulnerabilities.

Talk: Fully deterministic & verifiable linux distro (Jaka Hudoklin)

lowk3y — Tue, 17 Feb 2015 23:58:06 +0000

Abstract:
We live in society, where we know can’t trust each other. After Snowden disclosures about NSA, we know it’s hard to build systems we can trust. Jaka will show how can you build secure, source-code verifiable and fully deterministic linux system based on nixos. Later he will show how this can be used to deploy secure voting systems.

Bio:
Jaka Hudoklin is fullstack hacker and software developer in javascript, python, go, c, nix and more, with experiences in web technologies, system provisioning, embedded devices and security. In his free time he hacks stuff, like GSM networks.