José Selvi. NCC Group
In this talk we will see how a penetration tester began using Machine Learning techniques to solve certain problems he faced. We will cover two examples of defensive situation such as false positive reduction in Intrusion Detection Systems by using a One-Class classifier, and a random forest approach to detect hostnames used my malware, in particular, generated by a DGA. For each of these examples, we will cover the path from the first approach we took to the final solution, describing all the mistakes and lessons learned.
Lórien Doménech Ruiz (Indra) y Carlos Caballero García (Prosegur Ciberseguridad)
An introduction to Threat Hunting will be made, referring to good practices, methodologies and framworks that are used on a daily basis by "threat hunters".
Tomás García-Merás Capote. atSistemas
We’ll discuss different ways for cracking the security hardware devices found on embedded systems, like MCUs or PICs.
Marc Rivero López. McAfee
In recent incidents in the sector it has been observed that ransomware was the cause of the attack and common elements (TTP) have been extracted with which they have attributed (sometimes incorrectly) the attribution of some of these families.
In the talk, we will talk about how ransomware in the crimeware ecosystem has decreased and how the company-centered approach has grown. It will also detail the operation of these families, in addition to unique characteristics that were not observed before.
Europe has to be able to prevent, react and protect its citizens against the different existing and future cyber threats, however there is currently a great need for professionals specialized in security in all its domains.
With the aim of promoting, retaining and attracting talent, the ECSC, tries to focus attention on young cybersecurity talents and at the same time encourage young students to choose studies in this area that allows In the near future, creating solid cybersecurity structures in education, business and industry.
Pablo González Pérez. Telefónica.
The emulation of adversaries is a scenario in which not only tools are thrown as can happen in an ethical hacking, but also an emulation of how an attacker operates, that is to say, since a threat materializes, all the steps are tried to be emulated. In the talk the ATT&CK matrix will be shown and everything that composes it will be explained.
The observation of the history of the threats is something fundamental to know techniques and tactics used by the threats, since in the immense majority of the occasions one can learn from this to combat future threats and already existing threats. In the talk you can see the use of tools such as Caldera or Infection Monkey, but it may be necessary to create your own tool in which you can easily incorporate knowledge of the community, the organization itself and team members. It shows how to create your own basic tool.
José Ángel Álvarez Pérez. Madrid City Council
How a child who started breaking things ended up defending the Public Administration systems.
Julio Martínez Martínez-Checa and Alejandro Espinosa Álvarez
Learn how a domestic PLC network works: the protocol, existing attacks, and how to mitigate them. We will explain the HomePlug AV protocol, what attacks exist and how to mitigate them through a live demo.