DTS Solution's very own Shah Sheikh (Sr. Security Consultant) and Mohamed Bedewi (Sr. Penetration Testing Consultant) independently presented at DefCamp 2015. DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal this time round was to bring hands-on talks about latest research and practices from the information security field, all gathered under the same roof security specialists, entrepreneurs, academic, private and public sectors.
Already at the 7th edition, the event continued to emphasize through sparkling debates about sensitive topics regarding cyber security but also through the famous international competition – DefCamp Capture the Flag. At the event, Romanian and foreign speakers presented fresh news about cyber security, cyber warfare, IoT, identification and prevention mechanisms but also 0-days and new vulnerabilities doubled by the night sessions when specific case studies were presented.
Mohamed Bedewi - Building a Weaponized Honeypot
Mohamed Bedewi (Sr. Penetration Testing Consultant) presented "Building a Weaponized Honeypot".
Honeypots are a sophisticated security control which can be used as a stress reliever in case of persistent targeted attacks, to analyze and understand attack patterns to implement proper security controls and sometimes it can be used to put cyber-criminals behind bars.
Honeypots are not widely used because their deployment can be complex and time-consuming also their coverage for web applications is very limited and not sufficient specially when most of the online attacks are targeting web applications and services.
In this presentation I will discuss the process of building a fully weaponized honeypot which can function on both application and network levels, I will also highlight with a live demonstration how it can effectively and robustly decoy, deanonymize, identify, attack and profile malicious users even if they’re behind TOR, VPN or Proxies automatically with zero human interaction.
Shah Sheikh - Building a Cyber SOC
Modern day cyber threats are ever increasing and organizations face a challenge to proactively and continuously monitor security posture across their entire infrastructure whilst keep attackers and threat actors at bay. In this presentation we will cover the fundamental building blocks of building a security operations center that is proactive and act as the line of authority for all your other security entities like incident management, forensics, vulnerability management etc. A reference case study will be presented along with proven implementation methodology.
- SIEM 2.0 – log collection, aggregation, analytics and correlation
- Contextual Threat Cases and Situational Awareness
- SOC 2.0 and its components to form an eco-system.
- Building Threat Intelligence and Early warning detection system within your command center.
- Some new concepts – OSINT and SOCMINT and how it helps.
- SOC Processes, Procedures and Workflows.