Falco is a CNCF open-source container security tool designed to detect anomalous activity in your local machine, containers and Kubernetes clusters. It taps into the Linux kernel system calls and Kubernetes Audit logs to generate an event stream of all system activity. One of the benefits of Falco is leveraging its powerful and flexible rules language. As a result, Falco will generate security events when it finds abnormal behaviors as defined by a customizable set of rules. Meanwhile, Falco comes with a handful of out-of-the-box detection rules. The Falco community is strong and active, contributing largely to the project and methods to integrate it. Falcosidekick was born providing an easy to use UI to Falco and infinite ways to integrate it with external ecosystems. One of those is using serverless (lambda, knative, kubeless, openfaas) functions to create a response engine capable of performing an specific action or a playbook of actions in case abnormal behaviours happen in your environment. Falco + Falcosidekick along with a serverless function can be used together to create a powerful K8s response engine to automatically respond and mitigate attacks. By implementing different playbooks of actions it is also possible to create a specific response for each attack category or attack severity, based on the alert triggered in the environment.
Fine prevista per le 11:30
Hardware security is going more and more deeper. Hardware as root of trust is the heart of every secure operation. There are several devices and integrated components, made for security reasons, and among these we find the Trusted Platform Module. Unfortunately, using secure hardware by itself is not enough. The manufacturers must use these components appropriately by designing security measurements into each step of the firmware execution. In this presentation we would like to highlight the security weaknesses of the Bitlocker and Trusted Platform Module, focusing on how they can be exploited to gain access to personal data and the operating system. These weaknesses could on the one hand lead a malicious user to access sensitive information and on other could help the Red Teaming assessment or Digital Forensics analysis. Finally will be present a tool made by our team to exploit these security flaws.
Fine prevista per le 12:15
The interference of the Russian government in the 2016 US elections has now been established, also by spreading disinformation through social networks, including Twitter. Five years later, disinformation spreading on social networks has not stopped, it has grown. Over the years, other actors - both pro-government and non-governmental - have begun to exploit similar techniques previously used by the Russian government, for one simple reason: they work. In this talk, we will see how the Russian government and the Chinese government have spread propaganda and disinformation on Twitter in recent years, and what lessons we can learn from the datasets shared by Twitter.
Fine prevista per le 13:00
Ci rivediamo presto!
Fine prevista per le 13:45
Buona parte dei problemi odierni di cybersecurity derivano dal fatto che Internet è intrinsecamente insicura, perché ad esempio si basa su protocolli che funzionano "in buona fede", non usano autenticazione forte e inviano dati in chiaro. Ma la Rete è stata progettata deliberatamente così da chi l'ha concepita e costruita, fra la fine degli anni '60 e la fine degli anni '70 del secolo scorso: nasce infatti per condividere informazioni e mettere a fattor comune risorse per il bene di tutti, riflettendo ed applicando in pieno l'ottimistica e un po' utopistica filosofia hippie che proprio in quegli anni imperava anche e soprattutto nella comunità tecnico-scientifica.
Fine prevista per le 14:00
LoRaWAN is a widespread technology used in Industrial Internet of Things (IIoT) applications to cover long-range communications, focusing to low power consumption. The technology is ideal for distributed infrastructures like Oil Pipelines, Smart Cities, and Healthcare monitoring where the collection and analysis of information is challenging. In this presentation, we are going demonstrate how a motivated threat actor can disrupt an industrial process by interfering with the LoRaWAN sensors. Unmanned Aerial Vehicles (UAVs) equipped with dedicated sensors are used to discover, track and attack the LoRa infrastructure by using modulated signal information. Once the targets are located, the attack will continue guiding the drones closer to the target in order to disrupt the communications, making the sensors unable to keep communicating their data. The main research goal is to explore and demonstrate how novel approaches can be used to disrupt LoRaWAN in real-world, distributing industrial control systems. In this session, security researchers from Nozomi Networks Labs will present a demonstration on how attackers can challenge the LoRaWAN infrastructure.
Fine prevista per le 14:45
Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster. While Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls, legacy security solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times. This means that the security teams struggle to keep up with the speed of development and the security is left behind. Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if done properly. In this talk, we will discuss common risks in serverless environments. We will then cover existing testing methodologies and why they do not work well for serverless. Finally, we will present a new, completely frictionless way of testing serverless applications automatically—with no scripts, no tests, and no delays.
Fine prevista per le 15:30
Alla fine di Agosto 2021 un utente attivo in un forum di lingua russa condivide un manuale di 63 pagine progettato per educare e fare "training" a coloro i quali siano desiderosi di acquisire competenze utili a condurre attacchi ransomware. Il manuale è stato scritto in collaborazione con un altro utente che da successive analisi interne e' risultato membro del sindacato ransomware noto con il nome di "Babuk". Il tutorial, limitato nella diffusione, include l'elenco degli strumenti necessari ad eseguire intrusioni e movimentazioni laterali, spiegazioni passo per passo su come sfruttare varie vulnerabilità (tra le quali BlueKeep, Zerologon ed Eternal Blue), come evadere gli strumenti di sicurezza av/edr e cenni sull'anonimato in rete comprensivi di strumenti di messaggistica. Il testo, oltre a consentire una visione piuttosto dettagliata sulle tattiche e procedure utilizzate, consente anche la creazione di una strategia di rilevamento ad esse dedicata.
Fine prevista per le 16:15