Welcome to Zoom in for PROMIS Industry Breakfast Seminar in Information Security

The Professional Masters in Information Security project (PROMIS -promisedu.se) presents online inspiration seminars on cutting edge topics and areas! At the end of the seminars we will shortly also discuss and show our new educational initiative, and courses specifically adapted towards the security area FOR industry/working active people looking to further their knowledge in the area. The courses are full university courses but given in a manner so that you can take them on distance without disturbing your work!

Join in via Zoom:  https://bth.zoom.us/j/66653906023 or via Zoom Meeting ID: 666 5390 6023

Welcome!

The modern web application developers very often believe that using popular frameworks will allow their systems to be completely secure, but it is a mistake. Yes, the use of ready-made and proven frameworks and libraries avoids the presence of commonplace vulnerabilities, however, there are few higher-level risks, which exploitation can lead to the compromise of user accounts, sensitive data and even cause a financial impact. Also, it is very important to consider the rapid evolution of technologies and levels of developing abstraction, which lead to the emergence of new vulnerabilities and exploitation technologies.

During the seminar, we will demonstrate several logical and technical vulnerabilities of real Web applications that have or could lead to serious consequences for resource owners.

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

Even skilled programmers can unintentionally create bugs. Most are caught and fixed during development, others escape into the wild. Many bugs are just an annoyance that interfere with the workflow of the users and lowers their productivity. However, there are some bugs that are far more dangerous because they can be exploited for malicious purposes, such as hijacking systems, destroying data and exfiltrating information. The effects can go beyond annoyance and lost productivity, extending to reputation damage, financial losses, harm to IPRs and unintended engagement in unlawful online activities. This seminar focuses on exploitable bugs. It dives into the causes for their appearance and provides a glimpse into how far they can be exploited. Furthermore, a demo will be given to exemplify an approach for exploiting a specific type of bugs referred to as buffer overflow.

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

The volume of information that we work with today is overwhelming. And it’s getting worse: we apply new approaches, install new monitoring systems, create more new hardware, software, increase Internet bandwidth etc. And we have to process all this data and extract critical usefulness out of it. On other hand, in the modern world of online, we often suppose our customers come via the Internet. But as well known, hackers come the same way. And basically, we need malicious user to be recognized and stopped before it’s too late. The detection and early warning of potential cyber-threat implementations is perhaps the most urgent task for today.

So, during the seminar we will find an answer to “how to recognize malicious user?” and will figure out how to use modern tools to detect and predict anomalous user behavior.

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

A modern cybersecurity solution cannot be imagined without using Artificial Intelligence and Machine Learning for detecting cyberattacks. In this regard, two main approaches are typically used: finding patterns of known cyberattacks and anomaly detection for unknown ones. 

Therefore, to bypass anti-malware protection, attackers invest their efforts into changing the behavior to break the existing detection pattern. Moreover, they try to mimic benign application form and behavior to not being discovered as an anomaly. For example, we’ll consider tactics and techniques used in the well-known targeted ransomware attacks happened last year in LockerGoga, MegaCortex, Buran, and Ryuk ransomware to reduce the footprint in a victim’s system that includes the usage of digital signature, multiprocess encryption, and replacing Microsoft CryptoAPI with hardcoded open-source crypto code.

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

APT3, APT10, APT28, APT41, Sandworm, Energeticbear, Equation Group, Unit 99650 ++  is the name connected to the last year’s trend change, from Anonymus attack to APT’s that use specially composed malware against selected spear pointed targets.

They had developed a calculated CKC, Cyber Kill Chain.

Who is behind those and the Infrastructure attacks we notice in both Europa and the US? Is it organized crime, is it state-funded or both?

The presentation includes an overview starting from 2014 and the attacks in Ukraine when Russia invaded Crimea, describing True Postnord ransomware attack that targets Sweden. Also Wanacry, NotPetya, Medoc to Shadow Brokers leak of “Vault 7 from NSA to 2019’s  trend of ransomware attacks targeting companies and the US government. Only in 2019, ransomware in the US hit 103 federal, state and municipal agencies, 759 healthcare providers, and 86 schools and universities. The incidents were not merely expensive inconveniences; the disruption they caused put people’s health, safety, and lives at risk. Atalanta spend 2.6 million to restore the system rather than pay  €52000 in ransom, many officials have now decided that it is cheaper to pay the hackers, now the price got higher. 
Are Swedish organization prepared?

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

The area of security is critical for any company or agency. It is critical for individuals using-, and companies and organizations developing products, services, and infrastructure. This is most obviously seen through failures and news of breaches and revenue loss due to vulnerabilities utilized.

Traditionally security has been seen as large an operational effort.

Protecting, monitoring, fixing vulnerabilities as they are found, tracing, and so on. Albeit operational security being important and critical there are other ways to look at security. This seminar focuses on the potential of “engineering security” as a complement to operational security – where the knowledge and engineering practices and principles of products and services can be enhanced from a security perspective. This has the potential of working in a more pro-active manner by “engineering-in” security from the inception of a product/service. We will go over different views on security and the future potential of developing new ways of thinking and working. This is especially important as new products and services become more interconnected and accessible, and emergent behavior can also present new challenges.

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

“Ransomware vs. AI. Part 2 – Bypassing Ransomware Protection with Reinforcement Learning”

Reinforcement learning is a well-known concept used in the gaming industry, mostly in real-time strategies, to support computer players with AI. It is also known that AlphaGo, a computer program designed by DeepMind, has been recognized as the best Go and chess player in the world. The algorithm was trained by playing with human players as well as with other instances of itself to improve its play.

So, what if we use RL in Security Testing to discover vulnerabilities in products and weaknesses in defense? To prove that hypothesis, we applied RL to run ransomware simulation that can learn how to bypass anti-ransomware protection. We’ll present our results in the presentation.

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

“Sudden artifacts during the forensic”

The computer forensics is a standardized and sometimes boring process when scrupulousness is very important because every little thing needs to be taken into account as digital evidence. Mostly, it takes a long time. However, sometimes findings during investigations become not only unexpected but also frightening. On the other hand, sometimes the investigation is stopped due to the lack of hypotheses, and only a happy case allows to get off the ground and find a way to continue the investigation. During this session, we will present to you artifacts from different forensic investigations which were very unexpected and changed the course of the entire investigation or were so significant that they caused an ambiguous reaction of responsible persons. Sometimes it was fun, but sometimes it was a marker of the critical situation with the necessity of emergency reaction.

Join in via Zoom:  https://bth.zoom.us/j/66653906023

Zoom Meeting ID: 666 5390 6023

"Engineering (in) security in Software-Intensive Products and Services"
Tony Gorschek
10th August 9-10 & 17th August 9-10
Join via Zoom

“Engineering (in) security in Software-Intensive Products and Services”

Abstract: The area of security is critical for any company or agency. It is critical for individuals using-, and companies and organizations developing products, services, and infrastructure. This is most obviously seen through failures and news of breaches and revenue loss due to vulnerabilities utilized.

Traditionally security has been seen as large an operational effort.

Protecting, monitoring, fixing vulnerabilities as they are found, tracing, and so on. Albeit operational security being important and critical there are other ways to look at security. This seminar focuses on the potential of “engineering security” as a complement to operational security – where the knowledge and engineering practices and principles of products and services can be enhanced from a security perspective. This has the potential of working in a more pro-active manner by “engineering-in” security from the inception of a product/service. We will go over different views on security and the future potential of developing new ways of thinking and working. This is especially important as new products and services become more interconnected and accessible, and emergent behavior can also present new challenges.

Join in via Zoom link: https://bth.zoom.us/j/66653906023

Or via Zoom Meeting ID: 666 5390 6023

Prof. Dr. Tony Gorschek is a Professor of Software Engineering at Blekinge Institute of Technology – where he works as a research leader and scientist in close collaboration with industrial partners. Dr. Gorschek has over fifteen years industrial experience as a CTO, senior executive consultant and engineer. In addition he is a serial entrepreneur – with five startups in fields ranging from logistics to internet based services and database register optimisation. At present he works as a research leader and in several research projects developing scalable, efficient and effective solutions in the areas of Requirements Engineering, Product Management, Value based product development, and Real Agile™ and Lean product development and evolution. Dr. Gorschek leads the SERT profile (Software Engineering ReThought) – Swedens largest software engineering research initiative, developing the next generation of applied empirical research movements to meet the challenges of the next generation of software-intensive products and services.

"Advanced Web Application Vulnerabilities"
Oleksii Baranovskyi
27th May 9:00 - 9:45
Join via Zoom

“Advanced Web Application Vulnerabilities”

The modern web application developers very often believe that using popular frameworks will allow their systems to be completely secure, but it is a mistake. Yes, the use of ready-made and proven frameworks and libraries avoids the presence of commonplace vulnerabilities, however, there are few higher-level risks, which exploitation can lead to the compromise of user accounts, sensitive data and even cause a financial impact. Also, it is very important to consider the rapid evolution of technologies and levels of developing abstraction, which lead to the emergence of new vulnerabilities and exploitation technologies.

 

During the seminar, we will demonstrate several logical and technical vulnerabilities of real Web applications that have or could lead to serious consequences for resource owners.

Join in via Zoom link: https://bth.zoom.us/j/66653906023

Or via Zoom Meeting ID: 666 5390 6023

Dr. Oleksii Baranovskyi is a Senior Lecturer at the Blekinge Institute of Technology. He is an experienced cybersecurity expert with a demonstrated history of working in the academic as well as enterprise. He starts his career almost fifteen years ago in a software development company as a security analyst, proceeds with banking and financial industry as CISO, continued in a professional cybersecurity services company and academic institutions. Oleksii specializes in penetration tests, computer forensic, incident response, and technical audits. Dr. Baranovskyi took part in forensic investigations of nation-level APT attacks during several years as a subject matter expert. He obtained a Ph.D. degree in Information Technology and different recognized international cybersecurity certifications: CISSP, CISM, CEH, CHFI, etc.

"Small bugs and big security problems"
Dragos Ilie
4th June 9:00 - 9:45
Join via Zoom

“Small bugs and big security problems”

Even skilled programmers can unintentionally create bugs. Most are caught and fixed during development, others escape into the wild. Many bugs are just an annoyance that interfere with the workflow of the users and lowers their productivity. However, there are some bugs that are far more dangerous because they can be exploited for malicious purposes, such as hijacking systems, destroying data and exfiltrating information. The effects can go beyond annoyance and lost productivity, extending to reputation damage, financial losses, harm to IPRs and unintended engagement in unlawful online activities. This seminar focuses on exploitable bugs. It dives into the causes for their appearance and provides a glimpse into how far they can be exploited. Furthermore, a demo will be given to exemplify an approach for exploiting a specific type of bugs referred to as buffer overflow.

Join in via Zoom link: https://bth.zoom.us/j/66653906023

Or via Zoom Meeting ID: 666 5390 6023

 

Dr. Dragos Ilie is an Assistant Professor in Telecommunication Systems at Blekinge Institute of Technology. His work involves research and teaching in security, computer networks and cloud-based systems. Dragos has seven years of experience from the telecommunications and software industry. He has taken on various roles such as software developer, tester, researcher and team leader for projects in Sweden, USA and India. Some highlighs of work done in these projects include development of firmware software for VPN systems certified for high-level security at national and EU level, design and development of appliances for automatic networking monitoring and data analysis for security and performance, as well as staff training. Dragos thrives when working with research, development and teaching at the intersection between security, software development, and networking.

“Anomalous User Behavior Detection and Prediction”
Volodymyr Tkach
5th June 12:00 - 13:00

 “Anomalous User Behavior Detection and Prediction”

Abstract: The volume of information that we work with today is overwhelming. And it’s getting worse: we apply new approaches, install new monitoring systems, create more new hardware, software, increase Internet bandwidth etc. And we have to process all this data and extract critical usefulness out of it. On other hand, in the modern world of online, we often suppose our customers come via the Internet. But as well known, hackers come the same way. And basically, we need malicious user to be recognized and stopped before it’s too late. The detection and early warning of potential cyber-threat implementations is perhaps the most urgent task for today.

So, during the seminar we will find an answer to “how to recognize malicious user?” and will figure out how to use modern tools to detect and predict anomalous user behavior.

Join in via Zoom link: https://bth.zoom.us/j/66653906023

Or via Zoom Meeting ID: 666 5390 6023

Dr. Volodymyr Tkach is a Senior Lecturer at the Blekinge Institute of Technology. He is also an Associate Professor of Igor Sikorsky Kyiv Polytechnic Institute (Kyiv, Ukraine), Department of Information security. He’s an experienced lecturer and scientist in cybersecurity passionate in anomalous user behavior analysis and prediction using machine learning tools and methods. I am also passionate about Big Data processing to gain new knowledge and unveil what was hidden! His work experience includes the Foundation for Support of Reforms in Ukraine Project office involvement as a Senior Project Manager in cybersecurity to perform the methodological support of the National Bank of Ukraine, Department of Security. He has a Ph.D. degree in a field of applied mathematics.

"Ransomware vs. AI. Part 1 - Overview of AV Bypassing Techniques Used in Targeted Ransomware Attacks"
Alexander Adamov
10th June 9:00 - 9:45

“Ransomware vs. AI. Part 1 – Overview of AV Bypassing Techniques Used in Targeted Ransomware Attacks.”

A modern cybersecurity solution cannot be imagined without using Artificial Intelligence and Machine Learning for detecting cyberattacks. In this regard, two main approaches are typically used: finding patterns of known cyberattacks and anomaly detection for unknown ones. 

Therefore, to bypass anti-malware protection, attackers invest their efforts into changing the behavior to break the existing detection pattern. Moreover, they try to mimic benign application form and behavior to not being discovered as an anomaly. For example, we’ll consider tactics and techniques used in the well-known targeted ransomware attacks happened last year in LockerGoga, MegaCortex, Buran, and Ryuk ransomware to reduce the footprint in a victim’s system that includes the usage of digital signature, multiprocess encryption, and replacing Microsoft CryptoAPI with hardcoded open-source crypto code.

Join in via Zoom link: https://bth.zoom.us/j/66653906023

Or via Zoom Meeting ID: 666 5390 6023

Dr. Alexander Adamov – is a Researcher at BTH with 15-year experience in the analysis of cyberattacks obtained during his work in the antivirus industry. Currently, he teaches cybersecurity at Kharkiv National University of Radio Electronics in Ukraine and conducts scientific research in the areas of malware analysis and cyber threats detection leveraging AI/ML. In 2014, he founded the research laboratory called NioGuard Security Lab. Alexander is a co-author of the EU Master’s Program in Cyber Security developed within the ENGENSEC project guided by BTH. In cooperation with OSCE, he has given the training in Reverse Engineering of Cyberattacks to the Cyberpolice of Ukraine and cooperated with Europol in ransomware counteraction. Alexander has spoken at various security conferences and workshops such as Virus Bulletin Conference, Virus Analyst Summit, OpenStack Summit, OWASP, BSides, and UISGCON.

"Digital warfare or organized crime"
Anders Carlsson
16th June 9:00 - 9:45

“Digital warfare or organized crime”

APT3, APT10, APT28, APT41, Sandworm, Energeticbear, Equation Group, Unit 99650 ++  is the name connected to the last year’s trend change, from Anonymus attack to APT’s that use specially composed malware against selected spear pointed targets.

They had developed a calculated CKC, Cyber Kill Chain.

Who is behind those and the Infrastructure attacks we notice in both Europa and the US? Is it organized crime, is it state-funded or both?

The presentation includes an overview starting from 2014 and the attacks in Ukraine when Russia invaded Crimea, describing True Postnord ransomware attack that targets Sweden. Also Wanacry, NotPetya, Medoc to Shadow Brokers leak of “Vault 7 from NSA to 2019’s  trend of ransomware attacks targeting companies and the US government. Only in 2019, ransomware in the US hit 103 federal, state and municipal agencies, 759 healthcare providers, and 86 schools and universities. The incidents were not merely expensive inconveniences; the disruption they caused put people’s health, safety, and lives at risk. Atalanta spend 2.6 million to restore the system rather than pay  €52000 in ransom, many officials have now decided that it is cheaper to pay the hackers, now the price got higher. 
Are Swedish organization prepared?

Dr. Anders Carlsson has over 30 years of experience in computer-, network-security and digital forensics. He was educated and earned a degree as a Computer Engineer/Lieutenant-Commander specialist in the Submarines of the Royal Swedish Navy, where he worked for 25 years. Since 1999 he has been employed as a senior researcher by BTH, Blekinge Institute of Technology, where he is responsible for networks, network security, computer security and digital forensic at B.Sc. and M.Sc. levels. He has also been involved in the EU project ISEC-I and ISEC-II during 2007–2013 to develop courses and to train law enforcement officers within EUROPOL and BKA (the Federal Police in Germany) in forensics. He was a project manager in BAITSE (Baltic Academic IT-Security Exchange) 2010–2013, a project aimed at exchanging knowledge and harmonizing IT security in academic institutions within Sweden, Latvia, Poland and Ukraine. He continued this work as General Manager for the EU-TEMPUS IV funded project ENGENSEC (Educating Next Generation IT Security Experts) that ended in November 2017. author of two books Educating The Next Generation Msc In Cyber Security” ISBN: 978-91-7295-963-7 “Cyber Security for Next Generations Experts” ISBN 9 789172 959620

"Ransomware vs. AI. Part 2 - Bypassing Ransomware Protection with Reinforcement Learning"
Alexander Adamov
19th August 9:00 - 9:45

 “Ransomware vs. AI. Part 2 – Bypassing Ransomware Protection with Reinforcement Learning”

Reinforcement learning is a well-known concept used in the gaming industry, mostly in real-time strategies, to support computer players with AI. It is also known that AlphaGo, a computer program designed by DeepMind, has been recognized as the best Go and chess player in the world. The algorithm was trained by playing with human players as well as with other instances of itself to improve its play.

So, what if we use RL in Security Testing to discover vulnerabilities in products and weaknesses in defense? To prove that hypothesis, we applied RL to run ransomware simulation that can learn how to bypass anti-ransomware protection. We’ll present our results in the presentation.

Join in via Zoom link: https://bth.zoom.us/j/66653906023

Or via Zoom Meeting ID: 666 5390 6023

 

Dr. Alexander Adamov – is a Researcher at BTH with 15-year experience in the analysis of cyberattacks obtained during his work in the antivirus industry. Currently, he teaches cybersecurity at Kharkiv National University of Radio Electronics in Ukraine and conducts scientific research in the areas of malware analysis and cyber threats detection leveraging AI/ML. In 2014, he founded the research laboratory called NioGuard Security Lab. Alexander is a co-author of the EU Master’s Program in Cyber Security developed within the ENGENSEC project guided by BTH. In cooperation with OSCE, he has given the training in Reverse Engineering of Cyberattacks to the Cyberpolice of Ukraine and cooperated with Europol in ransomware counteraction. Alexander has spoken at various security conferences and workshops such as Virus Bulletin Conference, Virus Analyst Summit, OpenStack Summit, OWASP, BSides, and UISGCON.

"Sudden artifacts during the forensic"
Oleksii Baranovskyi
25th August 9:00 - 9:45

“Sudden artifacts during the forensic”

The computer forensics is a standardized and sometimes boring process when scrupulousness is very important because every little thing needs to be taken into account as digital evidence. Mostly, it takes a long time. However, sometimes findings during investigations become not only unexpected but also frightening. On the other hand, sometimes the investigation is stopped due to the lack of hypotheses, and only a happy case allows to get off the ground and find a way to continue the investigation. During this session, we will present to you artifacts from different forensic investigations which were very unexpected and changed the course of the entire investigation or were so significant that they caused an ambiguous reaction of responsible persons. Sometimes it was fun, but sometimes it was a marker of the critical situation with the necessity of emergency reaction.

Join in via Zoom link: https://bth.zoom.us/j/66653906023

Or via Zoom Meeting ID: 666 5390 6023

Dr. Oleksii Baranovskyi is a Senior Lecturer at the Blekinge Institute of Technology. He is an experienced cybersecurity expert with a demonstrated history of working in the academic as well as enterprise. He starts his career almost fifteen years ago in a software development company as a security analyst, proceeds with banking and financial industry as CISO, continued in a professional cybersecurity services company and academic institutions. Oleksii specializes in penetration tests, computer forensic, incident response, and technical audits. Dr. Baranovskyi took part in forensic investigations of nation-level APT attacks during several years as a subject matter expert. He obtained a Ph.D. degree in Information Technology and different recognized international cybersecurity certifications: CISSP, CISM, CEH, CHFI, etc.