xorl %eax, %eax

Archive for the ‘conferences/trainings’ Category

2022 CTI-EU Talk: Threat Landscape and Defences Against Mobile Surveillance Implants

leave a comment »

In December 2022 I had a very pleasant surprise, I was given an opportunity to give a lightning talk at the European Union Agency for Cybersecurity (ENISA) Cyber Threat Intelligence (CTI) conference of 2022, known as CTI-EU 2022. I had attended previous editions of this event and it was an amazing experience, so having that opportunity was a great honour.

I had a few different topics that I was researching around that time and after a small discussion with the organisers we agreed that the best option would be the “Threat Landscape and Defences Against Mobile Surveillance Implants”.

If you’d like to see what other presentations took place during the CTI-EU 2022, check out the published agenda for the event. There were some very valuable presentations, but of course, being an on-site event, the most important part was the face-to-face interactions. With this event ENISA manages to bring public and private sector CTI experts together and we had numerous fruitful conversations ranging from CTI topics, to public/private sector collaborations, challenges, and more.

I’m not sure if/when ENISA will publish the slides from the TLP:WHITE talks, but if you’d like to see mine you can get them here. Apparently, being a lightning talk I couldn’t go in-depth in almost anything, but if you are interested in something mentioned in my slides (but with more depth), please contact me. Additionally, if you are researching this space and would like a second pair of eyes, I’d be more than happy to help.

Written by xorl

January 1, 2023 at 15:00

BSides Cyprus: Cloud… Just somebody else’s computer

leave a comment »

Just noticed that I haven’t published much for the last few talks I’ve been giving and this is one of them…

That was my 8th, and last, talk for 2021. It was a research more on the cloud security architect/engineering side. That was my second time participating in BSides Cyprus, and as always, it was an amazing event with amazing people. The organizers of BSides Cyprus did a remarkable job. From the set up of the remote event, to the CTF, the prizes for the CTF participants, and the overall atmosphere, it was an excellent event.

Now specifically on my talk, that was a subject that I was preparing for around a year and I’m glad I got to talk about it in BSides Cyprus. For various reasons, public cloud providers are intentionally abstracting lots of the plumbing on how everything is put together and how does this affect security.

So, in this talk I picked up a few services from AWS, GCP, and Azure and dissected them to demonstrate that:

  • It’s just computers and software under the hood
  • How having this “inner” architectural understanding helps you uncover vulnerabilities (using some publicly available ones in the examples, no 0days or embargoed issues revealed)

My goal with this talk wasn’t to uncover some significant design flaw or claim that public cloud is bad. Just to raise awareness and change the mindset of security engineers when working with public cloud to think beyond what the vendor’s documentation says. If you’d like to have a look, you can find my slides here.

Written by xorl

December 22, 2022 at 13:32

Predict 21: Tradecraft Tips for Unusual Recorded Future Uses

leave a comment »

Since it’s first instance (known as RFUN back then), the Recorded Future’s intelligence summits have been one of my favourite industry events. That’s not only due to the content which is always incredible and covers multiple aspects of the intelligence world, but also for the overall atmosphere of the event. The attention to detail and passion of the organizers is apparent if you ever had the opportunity to attend either RFUN or its successor, called Predict.

In 2019, together with an amazing colleague, we had the honour to do a podcast for RFUN while attending the event. But this year, I was even more excited since a talk I had submitted was accepted and that marked my first speaking event at Predict. My talk was titled “Tradecraft Tips for Unusual Recorded Future Uses” and was about, more or less, what the title says.

That is, tradecraft tips on how you can use Recorded Future’s platform for things that aren’t so common knowledge. For example, taking advantage of the platform’s OCR capabilities, crisis monitoring, how you can take advantage (“exploit” in intelligence lingo) of “noisy” sources, threat actor tracking and alerting, enriching the platform by onboarding new sources, etc.

Now on the event itself, there were some great talks and people presenting (which makes it even more humbling to be part of it). To give you an idea talks included people like Sir Alex Younger, Former Chief of MI6, multiple CISOs of big U.S. cities like Los Angeles and New York, representatives of the Dutch High-Tech Crime Unit, and of course, lots and lots of experienced intelligence experts from both Recorded Future’s intelligence teams, and other private companies. You can check the agenda here on your own.

Now for this blog post here, I’d like to close it with something that is common knowledge but frequently forgotten… No matter how “smart” your technology is, it’s how the people use it that matters.

Think about it from the public sector side too… You might have some super impressive spy satellites with SAR CCD, dozens of sensors… And yet, what if all your analysts just use the optoelectronic and FLIR sensors? Does it matter?

So… Regardless of what technologies you have available, ensure that you make the most of what they offer. Whether this is your SIEM, your XDR, or even your spy satellites! :)

Written by xorl

October 27, 2021 at 13:17

x33fcon: In nation-state actor’s shoes

leave a comment »

x33fcon is a cybersecurity conference that I had the opportunity to attend a couple of times the previous years. This year I decided to submit a topic, and eventually it was accepted. This meant that in 2021 I also had the honour to present at x33fcon. My talk was titled “In nation-state actor’s shoes” and its goal was to give a different perspective, mainly to blue teamers, about nation-state actors.

So, I regularly use the following quote when talking about security:

If you know the enemy and know yourself, you need not fear the result of a hundred battles

Sun Tzu, The Art of War

I like it because it summarizes perfectly the challenge any security organization faces. No matter how well you know your environment, and how well you think you’re protecting it, unless you know equally well your adversaries you’ll fail. So, my talk was about this. What can we learn about nation-state actors by studying leaked material, and how can we use this to protect our organizations more effectively.

I really enjoyed researching this subject and making this talk possible since it combined multiple areas that I regularly find myself involved with. Espionage history, threat research, cryptology, security engineering, training people, etc. If you want to watch it, the x33fcon team has published it (along with all the other talks, check them out too!) in the conference’s channel on YouTube.

On a final note, I’d like to thank the amazing x33fcon team for making this event possible in this flawless manner, and for giving me the opportunity to present this research to that audience. Also, I have done a few virtual conference talks the past couple of years but this was the first time that in the speaker package there was a framed certificate of appreciation together with a beautiful hoodie. Thanks a lot x33fcon team and hope to see you again next year!

Written by xorl

August 15, 2021 at 20:32

My ICCH talk on DE-59 cipher machine

leave a comment »

On July 10, 2021 I had the great honor to present a talk at the International Conference on Cryptologic History (also known as ICCH). Espionage and secure communications history is one of my hobbies for quite some time, and I had even started a Youtube channel last year to share artefacts from my collection, but that talk was a whole new level for me.

In this case I did a far more thorough, multi-month long, research on an OTT-based (One Time Tape) cipher machine used by the Greek government during the Cold War, the DE-59. The device was recently declassified but still there are very few details about it online.

The event was amazing and, as always, the participants included some of the most key people of the cryptologic history space. I would have never even dreamed of meeting those people, not even talking about presenting some cryptologic history content to them and receiving positive feedback about it.

So, excluding the introduction, the talk was revolving about the DE-59. Specifically, I talked about:

  • biographical information of the people behind it
  • situation in Greece at that time
  • its invention
  • how it worked and where it was used
  • pros/cons (based on information from actual users of the device)
  • its (known) cryptanalytic history (AKA foreign intelligence attempts to break it)
  • its decommissioning
  • the important role its inventor played to secure communications in Greece

Before closing, I’d like to thank the following since without them this talk would never have been possible.

  • Association of Retired Signal Corps Officers (ΣΑΑΔΒ)
    • The only DE-59s in display are in this association’s museum, and all the people there were extremely helpful in providing me with all sorts of help and support while doing my research for this talk. If you ever consider donating your radio or crypto equipment, please consider giving it to the museum of this association. If you’re unsure on how to do this, reach out to me and I’ll be happy to help.
  • Tom Perera, Ph. D.
    • Now, if you are into cryptologic history you definitely know who Dr. Tom Perera is. So, this extremely experienced, dedicated, and influential cryptology expert helped me overcome my fear of presenting in front of such an audience of world leaders in cryptology. Thank you for all the support!

Written by xorl

July 19, 2021 at 11:09