Difference between revisions of "AFSecurity Seminar"

From mn/ifi/AFSecurity
Jump to: navigation, search
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Read Teaming in Cyber Exercises ==
+
== Embedded-Device Forensics ==
  
 
{| border="0" cellpadding="1" cellspacing="1" width="100%"
 
{| border="0" cellpadding="1" cellspacing="1" width="100%"
 
|-
 
|-
| '''DATE:'''&nbsp; 6 June 2019<br />
+
| '''TIME:'''&nbsp; 10:00h, Friday 4 October 2019<br />'''PLACE:'''&nbsp;  Kristan Nygaards Hall (Room 5370), IFI, UiO - OJD House<br /><br />'''AGENDA:'''<br />
'''PLACE:'''&nbsp;  Kristan Nygaards Hall (Room 5370), IFI, UiO - OJD House . <br /><br />
+
10:00h Welcom at UiO<br />10:15h Invited Talk:
'''AGENDA:'''<br />
+
| [[File:Logo-Tulsa.jpg|102px|link=https://utulsa.edu/]]
15:00h Welcom at UiO<br /><br />15:15h Invited Talk:
 
| [[File:logo-CCDCOE.jpg|300px|link=https://ccdcoe.org/]]
 
 
|}
 
|}
* '''TALK:''' &nbsp;''Frankenstack: Building a detection and feedback system for Red-Teaming exercise''<br />'''SPEAKER:''' ''Markus Kont'' (NATO CCDCOE) &nbsp; <br />'''ABSTRACT:''' Cyber Defense Exercises have received much attention in recent years. Crossed Swords is an exercise directed at training Red Team members for responsive cyber defense. However, these Red Teamers may not be aware how their actions are visible from the detection side, as they often lack expertise from defensive side. Yellow team role is to provide this feedback. However, this can be a delicate balancing act, as feedback should be given near real time without overwhelming the players who are already under intense time pressure. Furthermore, this system should not spoil the gameplay nor give unfair insights into the network topology of target systems. This presentation is about the tools and techniques used, as well as challenges encountered, while building Frankenstack, an open source toolbox for providing this feedback. Current iteration is a data pipeline and correlation stack build around Kafka message queue and SEC event correlation rules. Events were collected from network via Suricata, Zeek, Moloch and Mendel. Host logs were enhanced with Snoopy on Linux and Sysmon on Windows targets to generate a full audit trail, and collected via Syslog. A custom data normalization engine was written in Golang to enhance each message with meta information needed to correlate event fragments from multiple sources, and to anonymize targets. And to replay events post-mortem with correct temporal intervals, to enable offline correlation rule development. Correlated alerts were displayed on central screens using various custom and existing front-end dashboards.
+
* '''TALK:''' &nbsp;''Case Studies in Invasive Embedded Device Forensics: Evidence Extraction and Firmware Verification''<br />'''SPEAKER:''' ''Sujeet Shenoi'' (University of Tulsa, USA) &nbsp; <br />'''ABSTRACT:''' This presentation describes various electronic, physical and chemical techniques for extracting data and firmware from embedded devices. The techniques range from basic non-invasive techniques to sophisticated invasive techniques using chip desoldering and chemical etching or laser ablation to expose bond wires inside chip packages and extract data.   Several case studies related to evidence extraction from embedded devices are presented. Also, case studies dealing with the extraction and verification of firmware in suspected supply chain compromises are presented.
 +
 
 +
11:00h Discussion<br />
 +
 
 +
== Threat of Open-Source Intelligence ==
 +
{| border="0" cellpadding="1" cellspacing="1" width="100%"
 +
|-
 +
| '''TIME:'''&nbsp; 14:00h, Friday 4 October 2019<br />'''PLACE:'''&nbsp;  Kristan Nygaards Hall (Room 5370), IFI, UiO - OJD House<br /><br />'''AGENDA:'''<br />
 +
14:00h Welcom at UiO<br />
 +
14:15h Invited Talk:
 +
| [[File:Logo-Tulsa.jpg|102px|link=https://utulsa.edu/]]
 +
|}
 +
* '''TALK:''' &nbsp;''How Open-Source Intelligence is Used to Attack Critical Infrastructure Assets''<br />'''SPEAKER:''' ''Sujeet Shenoi'' (University of Tulsa, USA) &nbsp; <br />'''ABSTRACT:'''  This case-study-based presentation demonstrates how open-source information can be collected and leveraged to attack critical infrastructure assets. The case studies include the Stuxnet malware, information operations on an offshore oil and gas platform and a cyber and physical penetration of a financial entity.
 +
 
 +
15:00h Discussion<br />
  
16:00h Discussion<br />
 
  
  
 
'''SPEAKER BIO''' <br/>
 
'''SPEAKER BIO''' <br/>
Markus Kont is a Researcher at the Technology branch of the NATO Cooperative Cyber Defence Centre of Excellence since 2015. His area of expertise is packet capture and log processing, DevOps tools and techniques, and data science. His current work involves researching stream processing techniques, and he is responsible for teaching network security monitoring tools in CCDCOE. In his prior life, he was server administrator in a hosting and software development company for over 5 years, focusing mostly on Linux systems and back-end infrastructure development. He holds a Master degree in Cyber Security from Tallinn University of Technology where he wrote a thesis on syslog and event correlation.  
+
Sujeet Shenoi is the F.P. Walter Professor of Computer Science and a Professor of Chemical Engineering at the University of Tulsa, Tulsa, Oklahoma; and a member of the technical staff at Johns Hopkins University Applied Physics Laboratory, Laurel, Maryland. An active researcher with specialties in cyber security, cyber operations, critical infrastructure protection and digital forensics, Dr. Shenoi works on exciting “problems” ranging from helping solve homicides to penetrating telecommunications systems, oil and gas pipelines, wind farms and voting machines. Dr. Shenoi is the Editor-in-Chief of the International Journal of Critical Infrastructure Protection (Elsevier); and Editor of the Advances in Digital Forensics and Critical Infrastructure Protection (Springer) series, now in their thirteenth and eleventh volumes, respectively. He spearheads the University of Tulsa's elite Cyber Corps Program that trains “MacGyvers” for U.S. government agencies, and is the Director of the Cyber Security Education Consortium, a National Science Foundation ATE Center that is building a high-tech workforce in the Southwestern United States. For his innovative strategies integrating academics, research and service, Dr. Shenoi was named the 1998-1999 U.S. Professor of the Year by the Carnegie Foundation.
 
{| border="0" cellpadding="1" cellspacing="1" width="90%"
 
{| border="0" cellpadding="1" cellspacing="1" width="90%"
 
|-
 
|-

Revision as of 16:42, 27 September 2019

Embedded-Device Forensics

TIME:  10:00h, Friday 4 October 2019
PLACE:  Kristan Nygaards Hall (Room 5370), IFI, UiO - OJD House

AGENDA:

10:00h Welcom at UiO
10:15h Invited Talk:

Logo-Tulsa.jpg
  • TALK:  Case Studies in Invasive Embedded Device Forensics: Evidence Extraction and Firmware Verification
    SPEAKER: Sujeet Shenoi (University of Tulsa, USA)  
    ABSTRACT: This presentation describes various electronic, physical and chemical techniques for extracting data and firmware from embedded devices. The techniques range from basic non-invasive techniques to sophisticated invasive techniques using chip desoldering and chemical etching or laser ablation to expose bond wires inside chip packages and extract data. Several case studies related to evidence extraction from embedded devices are presented. Also, case studies dealing with the extraction and verification of firmware in suspected supply chain compromises are presented.

11:00h Discussion

Threat of Open-Source Intelligence

TIME:  14:00h, Friday 4 October 2019
PLACE:  Kristan Nygaards Hall (Room 5370), IFI, UiO - OJD House

AGENDA:

14:00h Welcom at UiO
14:15h Invited Talk:

Logo-Tulsa.jpg
  • TALK:  How Open-Source Intelligence is Used to Attack Critical Infrastructure Assets
    SPEAKER: Sujeet Shenoi (University of Tulsa, USA)  
    ABSTRACT: This case-study-based presentation demonstrates how open-source information can be collected and leveraged to attack critical infrastructure assets. The case studies include the Stuxnet malware, information operations on an offshore oil and gas platform and a cyber and physical penetration of a financial entity.

15:00h Discussion


SPEAKER BIO
Sujeet Shenoi is the F.P. Walter Professor of Computer Science and a Professor of Chemical Engineering at the University of Tulsa, Tulsa, Oklahoma; and a member of the technical staff at Johns Hopkins University Applied Physics Laboratory, Laurel, Maryland. An active researcher with specialties in cyber security, cyber operations, critical infrastructure protection and digital forensics, Dr. Shenoi works on exciting “problems” ranging from helping solve homicides to penetrating telecommunications systems, oil and gas pipelines, wind farms and voting machines. Dr. Shenoi is the Editor-in-Chief of the International Journal of Critical Infrastructure Protection (Elsevier); and Editor of the Advances in Digital Forensics and Critical Infrastructure Protection (Springer) series, now in their thirteenth and eleventh volumes, respectively. He spearheads the University of Tulsa's elite Cyber Corps Program that trains “MacGyvers” for U.S. government agencies, and is the Director of the Cyber Security Education Consortium, a National Science Foundation ATE Center that is building a high-tech workforce in the Southwestern United States. For his innovative strategies integrating academics, research and service, Dr. Shenoi was named the 1998-1999 U.S. Professor of the Year by the Carnegie Foundation.

AFSecurity-small.png AFSecurity is organised by the UiO Research Group on Information & Cyber Security Sec-uio-light-1000.png