Overview:

Cyber, cyber-war, cyber-extortion, cyber-threats and cyber-bullying, zero-days, botnets, trojans and APTs. The digital universe, vulnerability databases… the world is changing. Threats to our information systems can go undetected though our current set of security tools and cause great damage. This “roundtable” session explains the current threat landscape and the anatomy of recent enterprise breaches.

Topics:

  • Agenda etc.
  • What is cyber and the digital universe
  • Denying service
    • Flooding
    • Spoofing
    • Protocol malformations
    • Reflections and amplifications
  • Information gathering
    • Scanning, fingerprinting and enumeration
    • Manual vs. Automated spidering
    • Credential harvesting
    • Resource mapping
    • Error based information disclosure
  • Gaining privileges
    • Brute-force logins and passwords
    • Password hashes and password dictionaries
    • Custom dictionaries and password complexity
    • Bypass authentication mechanisms
    • Bypass session management
    • Bypass OS user and fs permissions
    • Bypass security software
  • Injecting code
    • cmd OS injections
    • data-store injections
    • file injections (XML, json, etc)
    • remote file and resource inclusion
    • injecting web clients (browsers)
    • injecting client applications (office, pdf, etc)
  • Bbinary exploitation
    • Buffer, stack and heap overflows
    • Memory corruptions
    • Code execution

Info

Main Speaker

Gil Rozenberg
Gil Rozenberg RedPill