The Dutch
Security Cluster
 
 
The Dutch
Security Cluster

Gratis seminar - Reliable infiltration detection by packet tagging

25
Jan
Date:
25 January 2018
Time:
14:00 - 16:00 hrs
Location:
Maanplein 55, Den Haag
Organised by:
KPN

Het maandelijkse gratis te bezoeken Guest Hacker Program van KPN komt terug in 2018! Met als eerst spreker op 25 januari Ben Gras, PhD student aan de Vrije Universiteit. Ben zal spreken over 'Betrouwbare infiltratiedetectie door packet tagging'. Zorg dat je je aanmeldt via guesthackerprogram@kpn.com

Bio spreker:
Ben is a PhD student in the systems security research group of prof. Herbert Bos of the VU University in Amsterdam, working on software reliability, defensive research projects, and most recently, offensive research, most noticeably publishing on making cross-VM Rowhammer exploitation reliable and a microarchitectural MMU cache side channel attack. He is pursuing a PhD in mischief there. This work was developed during a 6 months internship with Cisco in Knoxville, TN, with their security research, evaluation and forensics group.

Samenvatting:
Reliable router malware detection. Infrastructure compromise (i.e. hacking into routers and switches) is the purview of very advanced attackers, commonly assumed to be Advanced Persistent Threat (APT) groups. These are frequently cyber-capability units of military or intelligence branches of nation states governments. As recently leaked documents show, NSA spends a significant amount of resources to be able to intercept traffic, and implanting switches and routers is one of the strategies.

We propose a cryptographic tagging based system that can reliably detect malware packets originating from a router (after router compromise), without any cooperation (i.e. trust) from the possibly-compromised devices themselves. We evaluate the classification reliability and performance overhead in the lab.

As a side effect of doing the lab evaluation of this talk at Cisco, I was able to access real malware collected in the field from customers' routers memory, and we did significant binary analysis on one of the samples. This work also includes deep technical details of cryptographic properties and packet processing mechanics and capabilities of one of the malware samples. I'm not allowed to speculate which threat actor this was, but from context we can infer this is a "Very advanced adversary" - some of the fingerprints one of them is known to leave are public knowledge, so that adds some excitement to this talk - this malware was not supposed to be discovered yet we can talk about a lot of the details.

HSD Partners involved

More events

01-31
Jul-Aug

JSCU Summerschool

location:
Online
organised by:
AIVD en MIVD
HSD event
14
Jul

Kick-off Werkgroep Veiligheid, Vrede en Recht van NL AI Coalitie

location:
Webinar
organised by:
NL AI Coalitie
HSD event
16
Jul

Cryptocurrency Investigations - Welcome to the jungle!

location:
Online
organised by:
IFFC, Young Financial Crime & DataExpert
HSD event
23
Jul

Jaarrekeninglezen voor non-financials & Red Flags herkennen

location:
Online
organised by:
IFFC, Young Financial Crime & DataExpert
HSD event
30
Jul

Follow the Money – De kracht van visualisatie

location:
Online
organised by:
IFFC, Young Financial Crime & DataExpert
HSD event
01-31
Jul-Aug

JSCU Summerschool

location:
Online
organised by:
AIVD en MIVD
HSD event
06
Aug

Modellen maken tegen FEC

location:
Online
organised by:
IFFC, Young Financial Crime & DataExpert
HSD event
13
Aug

NULLCON Online Training 2020

location:
Online
organised by:
NULLCON, Payatu
HSD event
03-04
Sep

Riscure Hybrid Workshop 2020

location:
Netherlands
organised by:
Riscure B.V.
HSD event
21-09
Sep-Oct

Digital Cyber Security Innovation Mission Taiwan

location:
Online mission
organised by:
Netherlands Enterprise Agency Netherlands Office Taipei Hague Security Delta Innovation Quarter
HSD event
23-24
Sep

CyberTech Europe, Rome

location:
organised by:
CyberTech
HSD event
28
Sep

Dcypher Mini Symposium 2020

location:
Online
organised by:
Dcypher
HSD event
29-30
Sep

One Conference 2020

location:
organised by:
Ministry of Economic Affairs and Climate Policy, Ministry of Justice and Security, National Cyber Security Centre
HSD event
21-09
Sep-Oct

Digital Cyber Security Innovation Mission Taiwan

location:
Online mission
organised by:
Netherlands Enterprise Agency Netherlands Office Taipei Hague Security Delta Innovation Quarter
HSD event
01-26
Oct

Virtuele Overheidsbrede Cyberoefening en Webinars

location:
Virtueel
organised by:
Ministerie van BZK i.s.m. VNG, IBD, NCTV, Ministerie van EZK en CIO-Rijk, IPO, Unie van Waterschappen, CIP, UWV en Logius. De organisatie van de Overheidsbrede Cyberwebinars wordt verzorgd door ICTU en VNG Connect.
HSD event
02
Oct

Quantum Industry Day in Switzerland

location:
Technoparkstrasse 1 8005 Zurich, Switzerland
organised by:
Enterprise Europe Network, EUresearch & Qsit
HSD event
06-08
Oct

IT-SA 2020

location:
Exhibition Centre Nuremberg
organised by:
HSD event
06-08
Oct

Safety & Security Asia (SSA) 2020

location:
Singapore
organised by:
CEMS - Conference & Exhibition Management Services Ptr Ltd
HSD event
07-08
Oct

Digital Experience 2020 (NL)

location:
Van der Valk Hotel Utrecht
organised by:
DataExpert
HSD event
07-08
Oct

i-LEAD Industry & Research Days with Law Enforcement

location:
HSD Campus
organised by:
Polish Platform for Homeland Security
HSD event
15-16
Oct

CES Unveiled Amsterdam

location:
Beurs van Berlage, Amsterdam, Netherlands
organised by:
Consumer Technology Association
HSD event
20-22
Oct

WorldPensionSummit 2020

location:
Louwman Museum, The Hague
organised by:
Pensions & Investments
HSD event
27
Oct

Impactfest 2020

location:
Fokker Terminal Den Haag
organised by:
HSD event
18
Nov

Jaarcongres 2020: Maak Haaglanden de innovatiefste regio

location:
World Horti Center Naaldwijk
organised by:
Innovatief Haaglanden
HSD event
22-24
Nov

CyberTech Africa

location:
organised by:
CyberTech
HSD event
24-26
Mar

Call for proposal: EIT Digital 2021 Brokerage Events

location:
Brussels
organised by:
EIT Digitial
HSD event
27
Mar

Operatie Volt

location:
DeFabrique Westkanaaldijk 7 3542 DA Utrecht
organised by:
Politie en het Ministery van Defentie
HSD event
27
Sep

Hâck The Hague 2021

location:
City Hall The Hague
organised by:
Gemeente Den Haag & Cybersprint
HSD event