“Using SIEM for Anomaly Detection” – Volodymyr Tkach
In this seminar we considered using Security Information and Event Management (SIEM) systems for collecting and processing data from your security perimeter in order to detect anomalies. We looked at Machine Learning Toolkits and its possible ways to detect anomalies to turn your SIEM into some kind of IDS/IPS.
Download slides
“Indicator of compromise lifecycle and evaluation during threat hunting” by Oleksii Baranovskyi
The steady increase in the volume of indicators of compromise (IoC) as well as their volatile nature makes their processing challenging. Once compromised infrastructures are cleaned up, threat actors are moving on to other target infrastructures or simply change attack strategies.
In this presentation, we discussed the approaches for scoring models for decaying IoCs shared within different platforms to match their heterogeneous objectives. We described the using meta-information shared along with indicators of compromise, facilitating the decision-making process for machines in regards to the validity of the shared indicator of compromise.
Download slides
“Vulnerability of modern society exemplified with large cyber-attack against Ukraine” by Alexander Adamov
As the second seminar in the series: “Vulnerability of modern society exemplified with large cyber-attack against Ukraine”, Dr. Alexander Adamov will devote this webinar to an analysis of WhisperGate threats. We will get under the hood of three malicious components of this malware family, namely MBR Writer, Trojan-Downloader, and File Corrupter that were used in the #attack13 to destroy target servers supposedly running the websites of the Ukrainian government agencies.
The background for the seminar series is the destructive cyber-attack on several Ukrainian government agencies on January 13th, 2022. This was the largest such attack on Ukraine in four years and about 70 government websites were temporarily down.
“Finding the patterns behind hybrid wardare against Ukraine” by A. Carlsson, O. Baranovskyi, A Adamov
This seminar will focus on the events of 13 January 2022, when several Ukrainian government networks were subject to a destructive cyber-attack. With help of information from sources proximity to the investigation we will provide a hypothetic scenario of this attack known as #attack13. This was the largest such attack on Ukraine in four years and about 70 government websites were temporarily down.
During the seminar we will try to reconstruct the timeline of the attack and demonstrate those key points which can be useful to prevent such attacks in the future.
This seminar is given by Dr. Anders Carlsson and Dr. Oleksii Baranovskyi.