The Dutch
Security Cluster
 
 
The Dutch
Security Cluster

Gratis seminar - Reliable infiltration detection by packet tagging

25
Jan
Date:
25 January 2018
Time:
14:00 - 16:00 hrs
Location:
Maanplein 55, Den Haag
Organised by:
KPN

Het maandelijkse gratis te bezoeken Guest Hacker Program van KPN komt terug in 2018! Met als eerst spreker op 25 januari Ben Gras, PhD student aan de Vrije Universiteit. Ben zal spreken over 'Betrouwbare infiltratiedetectie door packet tagging'. Zorg dat je je aanmeldt via guesthackerprogram@kpn.com

Bio spreker:
Ben is a PhD student in the systems security research group of prof. Herbert Bos of the VU University in Amsterdam, working on software reliability, defensive research projects, and most recently, offensive research, most noticeably publishing on making cross-VM Rowhammer exploitation reliable and a microarchitectural MMU cache side channel attack. He is pursuing a PhD in mischief there. This work was developed during a 6 months internship with Cisco in Knoxville, TN, with their security research, evaluation and forensics group.

Samenvatting:
Reliable router malware detection. Infrastructure compromise (i.e. hacking into routers and switches) is the purview of very advanced attackers, commonly assumed to be Advanced Persistent Threat (APT) groups. These are frequently cyber-capability units of military or intelligence branches of nation states governments. As recently leaked documents show, NSA spends a significant amount of resources to be able to intercept traffic, and implanting switches and routers is one of the strategies.

We propose a cryptographic tagging based system that can reliably detect malware packets originating from a router (after router compromise), without any cooperation (i.e. trust) from the possibly-compromised devices themselves. We evaluate the classification reliability and performance overhead in the lab.

As a side effect of doing the lab evaluation of this talk at Cisco, I was able to access real malware collected in the field from customers' routers memory, and we did significant binary analysis on one of the samples. This work also includes deep technical details of cryptographic properties and packet processing mechanics and capabilities of one of the malware samples. I'm not allowed to speculate which threat actor this was, but from context we can infer this is a "Very advanced adversary" - some of the fingerprints one of them is known to leave are public knowledge, so that adds some excitement to this talk - this malware was not supposed to be discovered yet we can talk about a lot of the details.

HSD Partners involved

More events

26-28
Jan

NLSecure[ID]: hét securityevent van Nederland!

location:
Online
organised by:
KPN
HSD event
27-30
Jan

Hardwear.io Security Trainings Berlin 2021

location:
Online
organised by:
Hardwear.io
HSD event
28
Jan

Livestream Verbond van Verzekeraars over Cyberrisico's

location:
Online
organised by:
Cyberveilig Nederland
HSD event
28
Jan

CEO CHAT: REFLECTIONS & PREDICTIONS

location:
Online
organised by:
Cybersprint
HSD event
29
Jan

CIVILnEXt Webinar on Innovation Potential

location:
Online
organised by:
KEMEA
HSD event
02-04
Feb

Techleap Summit 2021

location:
Online
organised by:
Techleap
HSD event
03-05
Feb

Virtuele handelsmissie digitale economie Japan met staatssecretaris Keijzer

location:
Online
organised by:
RVO, Ministry of Economic Affairs and Climate Policy, Dutch embassy in Tokyo
HSD event
04
Feb

HSD Café: Subsidiewijzer 2021

location:
online
organised by:
HSD event
08-10
Feb

Conferentie Nederland Digitaal 2021

location:
Online
organised by:
Ministry of Justice and Security, Ministry of Economic Affairs and Climate Policy, Ministry of the Interior and Kingdom Relations, ECP & Noorden Digitaal
HSD event
11
Feb

Webinar: Shifting Left: How to Develop Software Securely? S-SDLC Explained

location:
GoToWebinar
organised by:
Secura B.V.
HSD event
18
Feb

HSD Café: Trendmonitor

location:
Online
organised by:
HSD event
04
Mar

CISO bijeenkomst: Crisismanagement en Resilience

location:
Online
organised by:
HSD
HSD event
04
Mar

Webinar: "Common Criteria for Embedded/Software products: The Ultimate Security Recognition"

location:
Online
organised by:
Secura B.V.
HSD event
10
Mar

Orange Cyberdefense Live 2021!

location:
Online
organised by:
Orange Cyberdefense
HSD event
24-26
Mar

Call for proposal: EIT Digital 2021 Brokerage Events

location:
Brussels
organised by:
EIT Digitial
HSD event
27
Mar

Operatie Volt

location:
DeFabrique Westkanaaldijk 7 3542 DA Utrecht
organised by:
Politie en het Ministery van Defentie
HSD event
27
Sep

Hâck The Hague 2021

location:
City Hall The Hague
organised by:
Gemeente Den Haag & Cybersprint
HSD event
28-29
Sep

CyberTech Europe, Rome

location:
organised by:
CyberTech
HSD event