(registration will be closed November 8th, 2023)
Official Event Sponsor
Meet with and be inspired by like-minded peers who face a similar set of challenges. Share strategies for mitigating the most current information security threats. A friendly, relaxed and professional atmosphere will ensure that you leave this event with a new wealth of trust-based contacts and tangible takeaways.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.
This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.
This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
Location
Hilton Zürich Airport
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
DATE & TIME
November 9th, 2023, 1:30 pm - open end incl. dinner
Airport Transfer & Parking
There's a shuttle bus from and to the airport, but only at specific times.
Parking lots at the hotel are available for free.
Parking lots at the hotel are available for free.
Participation Fee
EUR 60.--
Schedule
1:30 pm
Registration
2:00 PM
Welcome & short introduction from Mark Beerends, Contributor at SIGS
2:00 PM
Sebastian Möbius, Consulting Director Proactive Services Unit 42 at Palo Alto Networks
Incident Stories from the trenches and lessons learned
As many IR companies we experience Incidents on a daily basis. Some of these cases were different from others, as it always is.
We want to use that opportunity to share some of the stories and insights we gained. But mostly we want to focus on the lessons learned and maybe help to increase the options available to you.
Some topics we will cover:
- Detection Use Cases and Options to monitor if the EDR is tampered with!
- Out Of Office hours! Every Ransomware case we had showed that behavior.
- Canary Token to monitor if admin accounts are tempered with.
- Remote Tools leveraged as "legit" BackDoor
- How to hunt an actor through an enterprise? Especially without Cloud Connection and Firewalls etc.
Incident Stories from the trenches and lessons learned
As many IR companies we experience Incidents on a daily basis. Some of these cases were different from others, as it always is.
We want to use that opportunity to share some of the stories and insights we gained. But mostly we want to focus on the lessons learned and maybe help to increase the options available to you.
Some topics we will cover:
- Detection Use Cases and Options to monitor if the EDR is tampered with!
- Out Of Office hours! Every Ransomware case we had showed that behavior.
- Canary Token to monitor if admin accounts are tempered with.
- Remote Tools leveraged as "legit" BackDoor
- How to hunt an actor through an enterprise? Especially without Cloud Connection and Firewalls etc.
2:30 PM
Alain Mowat, Head of Research and Development at SCRT
Purple teaming our way to SOC efficiency
Most companies have now implemented some kind of Security Operations Center whose role is to detect and respond to security incidents. They often leverage Endpoint Detection & Response telemetry for this task. Despite these tools and processes, we have performed many pentesting engagements where the SOC was either unable to detect the attacks we take out or responded too late to have any kind of impact. This has also been shown in certain real-life incident response scenarios, where despite having one or even multiple EDR solutions, clients have had their information systems fully encrypted.
This is generally due to the following issues:
Purple team exercises come in to improve these aspects by having one or several red team operators work with the blue team by simulating the latest attacks to ensure that the SOC receives the appropriate information and telemetry to detect them and respond appropriately. This helps the blue team recognize and prioritize important alerts as well as generally improve the security posture of the company by updating the insecure configurations.
Purple teaming our way to SOC efficiency
Most companies have now implemented some kind of Security Operations Center whose role is to detect and respond to security incidents. They often leverage Endpoint Detection & Response telemetry for this task. Despite these tools and processes, we have performed many pentesting engagements where the SOC was either unable to detect the attacks we take out or responded too late to have any kind of impact. This has also been shown in certain real-life incident response scenarios, where despite having one or even multiple EDR solutions, clients have had their information systems fully encrypted.
This is generally due to the following issues:
- Current attacks rarely exploit vulnerabilities but tend to target insecure (often default) configurations, typically in Windows and Active Directory. This is a lot harder to detect than a malicious executable file communicating with a C2.
- Even if there is some telemetry returned for the attacks, the defense teams are unable to respond due to not knowing what the attacks are of even how to properly use the tools at their disposal.
Purple team exercises come in to improve these aspects by having one or several red team operators work with the blue team by simulating the latest attacks to ensure that the SOC receives the appropriate information and telemetry to detect them and respond appropriately. This helps the blue team recognize and prioritize important alerts as well as generally improve the security posture of the company by updating the insecure configurations.
3:00 PM
Lee Mössner, experienced CISO & Cybersecurity Expert
The OpenCanary Experience
A personal research project running honeypots in the Internet with some obvious and some not-so-obvious discoveries...
In an increasingly connected world, cybersecurity is paramount. This personal project explores the deployment and utilization of OpenCanary, an open-source honeypot framework, on the Internet. OpenCanary serves as a digital decoy, emulating vulnerable services and capturing potential threats, providing valuable insights into emerging cyber threats and attacker techniques.
This project not only serves as an educational endeavour but also as a practical approach to bolstering cybersecurity defences. By running OpenCanary on the Internet, we aim to gain a deeper understanding of the digital threatscape and implement proactive measures to safeguard against potential risks.
The project also discovered some unexpected consequences of having certain ports and protocols open to the Internet and the OpenCanary developers have also accepted some feature requests to further improve how OpenCanary can support security researchers.
The OpenCanary Experience
A personal research project running honeypots in the Internet with some obvious and some not-so-obvious discoveries...
In an increasingly connected world, cybersecurity is paramount. This personal project explores the deployment and utilization of OpenCanary, an open-source honeypot framework, on the Internet. OpenCanary serves as a digital decoy, emulating vulnerable services and capturing potential threats, providing valuable insights into emerging cyber threats and attacker techniques.
This project not only serves as an educational endeavour but also as a practical approach to bolstering cybersecurity defences. By running OpenCanary on the Internet, we aim to gain a deeper understanding of the digital threatscape and implement proactive measures to safeguard against potential risks.
The project also discovered some unexpected consequences of having certain ports and protocols open to the Internet and the OpenCanary developers have also accepted some feature requests to further improve how OpenCanary can support security researchers.
3:30 PM
Break
4:10 PM
Roundtable 1: Sebastian Möbius, Consulting Director Proactive Services Unit 42 at Palo Alto Networks
(Details will follow)
Roundtable 2: Anderson Dedario, Founder of DevOps.Security
Threat Modeling: From Basics to Actionable Insights
This roundtable delves into the core of threat modeling, covering its essential concepts and highlighting its importance. We'll discuss the practical steps for its effective implementation. Through shared experiences and best practices, participants will not only gain a deeper understanding but will also leave with actionable insights that can be directly applied to bolster their security strategies.
Roundtable 3: Fabian Gasser, Head of Cyber Advisory at Ontinue
Detection & Response Engineering: Toward modern practices for effective SecOps
(details will follow)
Roundtable 4: Konstantinos Giakoumelos, IT Security Operations Senior Analyst at Amcor
Unmasking the Cyber Security Chessboard: Who Holds the Upper Hand? Defenders vs Attackers
In this roundtable, we will delve into the ongoing race faced by SOC (Security Operations Center) professionals, as well as security experts in a broader context, to outpace potential attackers. Are we maintaining a lead over them? How can we equip ourselves for their next move? What are the numerous obstacles in winning this race, and what kind of commitment is required both individually and collectively as a group or community?
(Details will follow)
Roundtable 2: Anderson Dedario, Founder of DevOps.Security
Threat Modeling: From Basics to Actionable Insights
This roundtable delves into the core of threat modeling, covering its essential concepts and highlighting its importance. We'll discuss the practical steps for its effective implementation. Through shared experiences and best practices, participants will not only gain a deeper understanding but will also leave with actionable insights that can be directly applied to bolster their security strategies.
Roundtable 3: Fabian Gasser, Head of Cyber Advisory at Ontinue
Detection & Response Engineering: Toward modern practices for effective SecOps
(details will follow)
Roundtable 4: Konstantinos Giakoumelos, IT Security Operations Senior Analyst at Amcor
Unmasking the Cyber Security Chessboard: Who Holds the Upper Hand? Defenders vs Attackers
In this roundtable, we will delve into the ongoing race faced by SOC (Security Operations Center) professionals, as well as security experts in a broader context, to outpace potential attackers. Are we maintaining a lead over them? How can we equip ourselves for their next move? What are the numerous obstacles in winning this race, and what kind of commitment is required both individually and collectively as a group or community?
5:00 PM
Change the table for the second round of discussions
6:00 PM
Apéro riche incl. networking and know how sharing till open end
Contributors & Speakers
Below you will find our contributors and speakers to whom we say a big thank you !
Mark Beerends
Executive Security Consultant, Prusec
Mark is an active contributor for SIGS. Further information at Mark Beerends | LinkedIn
Anderson Dadario
Founder of DevOps.Security and Threat Modeling Specialist
Further information at Anderson Dadario | LinkedIn
Konstantinos Giakoumelos
IT Security Operations Senior Analyst at Amcor
Further information at Konstantinos Giakoumelos | LinkedIn
Sebastian Möbius
Consulting Director Proactive Services Unit 42 at Palo Alto Networks
Further information at Sebastian Möbius | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!