“Using SIEM for Anomaly Detection” – Volodymyr Tkach

In this seminar we considered using Security Information and Event Management (SIEM) systems for collecting and processing data from your security perimeter in order to detect anomalies. We looked at Machine Learning Toolkits and its possible ways to detect anomalies to turn your SIEM into some kind of IDS/IPS.

Download slides

“Indicator of compromise lifecycle and evaluation during threat hunting” by Oleksii Baranovskyi

The steady increase in the volume of indicators of compromise (IoC) as well as their volatile nature makes their processing challenging. Once compromised infrastructures are cleaned up, threat actors are moving on to other target infrastructures or simply change attack strategies.

In this presentation, we discussed the approaches for scoring models for decaying IoCs shared within different platforms to match their heterogeneous objectives. We described the using meta-information shared along with indicators of compromise, facilitating the decision-making process for machines in regards to the validity of the shared indicator of compromise.

Download slides

“Vulnerability of modern society exemplified with large cyber-attack against Ukraine” by Alexander Adamov

As the second seminar in the series: “Vulnerability of modern society exemplified with large cyber-attack against Ukraine”, Dr. Alexander Adamov will devote this webinar to an analysis of WhisperGate threats. We will get under the hood of three malicious components of this malware family, namely MBR Writer, Trojan-Downloader, and File Corrupter that were used in the #attack13 to destroy target servers supposedly running the websites of the Ukrainian government agencies.


The background for the seminar series is the destructive cyber-attack on several Ukrainian government agencies on January 13th, 2022. This was the largest such attack on Ukraine in four years and about 70 government websites were temporarily down.

“Finding the patterns behind hybrid wardare against Ukraine” by A. Carlsson, O. Baranovskyi, A Adamov

This seminar will focus on the events of 13 January  2022, when several Ukrainian government networks were subject to a destructive cyber-attack. With help of information from sources proximity to the investigation we will provide a hypothetic scenario of this attack known as #attack13. This was the largest such attack on Ukraine in four years and about 70 government websites were temporarily down. 

During the seminar we will try to reconstruct the timeline of the attack and demonstrate those key points which can be useful to prevent such attacks in the future.

This seminar is given by Dr. Anders Carlsson and Dr. Oleksii Baranovskyi.

“Anomalous Behaviour Detection” by Volodymyr Tkach

Download slides

Link to recorded presentation

“Forensic readiness in the cloud environments” by Oleksii Baranovskyi

Download slides

Link to Recorded Presentation

“Defense evasions techniques used in ransomware attacks” by  Alexander Adamov 

“Ransomware vs. AI. Part 2 – Bypassing Ransomware Protection with Reinforcement Learning” by Alexander Adamov

Download slides

Link to Recorded Presentation

“Engineering (in) security in Software-Intensive Products and Services” by Tony Gorschek

Download Slides

Link to Recorded Presentation


“On the design and performance of Chinese OSCCA-Approved Cryptographic Algorithms” by Dragos Ilie

Download Slides

Link to recorded Presentation


“Advanced Web Application Vulnerabilities” by Oleksii Baranovskyi​

Download Slides

Link to recorded presentation


“Small Bugs and Big Security Problems” by Dragos Ilie

Download Slides

Link to recorded presentation

 

“Ransomware vs. AI. Part 1 – Overview of AV Bypassing Techniques Used in Targeted Ransomware Attacks”

by Alexander Adamov

Download slides

Link to recorded presentation


“Anomalous User Behavior Detection” by Volodymyr Tkach

Download Slides

Link to recorded participation

 

“Digital Warfare or Organized Crime” by Anders Carlsson

Download Slides

Link to presentation