xorl %eax, %eax

Archive for the ‘conferences/trainings’ Category

Fox IT Crisis Management training

leave a comment »

A couple of months ago I uploaded the following photo on my Twitter and I got a few questions about it. Short answer: No, I don’t work for Fox IT! That was a trophy for the winning team of a crisis management training delivered by Fox IT that I had attended.



I have no good experience with Fox IT’s technical services (forensics, incident response, etc.), but that might be just me so I don’t want to bias your decisions. In any case, this training was quite fun and useful. It was a full day event where you were split to teams with diverse backgrounds and you were given pieces of information about a security incident which was large enough to require crisis management procedures. The idea was that you had certain amount of time to provide your actions for each stage and then there was an overview of all the teams’ actions along with the recommended ones by Fox IT.

That kind of training can be useful for an organization for a few different reasons. Apart from the apparent knowledge sharing, it acts as a team building event, but more importantly, you can see how aligned your organization’s employees (or colleagues) are on the actions required during a crisis. Obviously, each team will have slightly different results. However, if you see a huge deviation between teams it means that you probably have serious internal issues as your employees (or colleagues) do not have he same mindset for prioritization when dealing with crisis or serious security incidents.

To conclude, although I had no good prior experiences with Fox IT’s technical departments, that training was fun and useful so… Well done guys!

Written by xorl

March 21, 2018 at 22:18

OffensiveCon 2018 conference

leave a comment »

This was the first ever OffensiveCon and it took place last week in Berlin, Germany. Really nice conference which I definitely recommend to anyone interested in offensive security. Here is a very quick overview of the event from my point of view. Note that I did not attend any of the training sessions, so my opinion is based solely on the conference.



The event was dedicated to exploitation, I want to clarify this since offensive security is not just the exploitation, it is also the reconnaissance, building the Command & Control infrastructure, data exfiltration, lateral movement, etc. So, just to be clear, OffensiveCon is about exploitation. To get a better understanding of the content, here is a list of all of the talks of the event.

  • Day 1 keynote by Rodrigo Branco
  • Advancing the State of UEFI Bootkits: Persistence in the Age of PatchGuard and Windows 10 by Alex Ionescu
  • Field Report on a Zero-Day Machine by Niko Schmidt, Marco Bartoli and Fabian Yamaguchi
  • The Smarts Behind Hacking Dumb Devices by Maddie Stone
  • Linux ASLR and GNU Libc: Address Space Layout Computing and Defence, and ‘Stack Canary’ Protection Bypass by Ilya Smith
  • Oh No, Where’s FIDO? – A Journey into Novel Web-Technology and U2F Exploitation by Markus Vervier and Michele Orru
  • L’art de l’évasion: Modern VMWare Exploitation Techniques by Brian Gorenc, Abdul-Aziz Hariri and Jasiel Spelman
  • Robin Hood vs Cisco ASA AnyConnect- Discovering and Exploiting a Vulnerability in your Firewall by Cedric Halbronn
  • Windows 10 RS2/RS3 GDI Data-Only Exploitation Tales by Nick Sampanis
  •  

  • Day 2 keynote by Jörn Schneeweisz // joernchen
  • From Assembly to Javascript and back: Turning Memory Corruption Errors into Code Execution with Client-Side Compilers by Robert Gawlik
  • Concolic Testing for Kernel Fuzzing and Vulnerability Discovery by Vitaly Nikolenko
  • New and Improved UMCI, Same Old Bugs by James Forshaw
  • Betraying the BIOS: Going Deeper into BIOS Guard Implementations by Alex Matrosov
  • The Evolution of CFI Attacks and Defenses by Joe Bialek
  • Dissecting QNX – Analyzing & Breaking QNX Exploit Mitigations and Secure Random Number Generators by Jos Wetzels and Ali Abbasi



I attended all of them and the quality was excellent. As you can easily guess the presentations were scheduled in a single track. This is great because you don’t have to worry about what to attend and what to miss. It wasn’t a huge event in terms of people but everyone seemed really interested in exploitation. So, overall a very nice atmosphere.



The location, snacks, lunch, and all of the organizing components were amazing. Very high quality and everything worked exactly as planned (apart from the_grugq’s keynote that didn’t happen but that wasn’t organizers’ fault). So, congrats to everyone involved in this because it made the entire event a very pleasant experience where you didn’t have to care about anything apart from learning and sharing knowledge. Well done guys!

For the people that were not there, the organizers said that all the videos will be published on YouTube unless the speakers don’t want to, so keep an eye for them because all of them were very interesting.

See you next year! :)

Written by xorl

February 23, 2018 at 00:11

SharkFest’17 Europe

leave a comment »

This was my first time in SharkFest Europe, a conference that aims in knowledge and experience sharing among Wireshark developers and power users. The event took place in the second week of November 2017 in Estoril, Portugal. An truly beautiful location with interesting history.



The event was split in three simultaneous sessions but unfortunately, only one of the three conference rooms were recording the talks. You can find those recordings as well as some of the slides from other presentations here and here. Below is a list of the ones that I attended.

  • Keynote: Wireshark: Past, Preent & Future – Gerald Combs & Friends
  • Using Wireshark to Solve Real Problems for Real People: Step-by-Step Case Studies in Packet Analysis – Kary Rogers
  • Troubleshooting WLANs (Part 1): Layer 1 & 2 Analysis Using AirPcap, Wi-Spy & Other Tools – Rolf Leutert
  • Troubleshooting WLANs (Part 2): Using 802.11 Management & Control Frames – Rolf Leutert
  • SMB Handshake: The Devil Lies in the Detail – Eduard Blenkers
  • SSL/TLS Decryption: uncovering secrets – Peter Wu
  • extcap – Packet Capture beyond libpcap/winpcap: Bluetooth sniffing, Android dumping & other fun stuff – Ronald Knall
  • Turning Wireshark into a Traffic Monitoring Tool: Moving from packet details to the big picture – Luca Deri
  • The Network is Slow! Finding the Root Cause of Slow Application Performance – Lorna Robertshaw
  • How Did They Do That? Network Forensic Case Studies – Phill Shade
  • Developer Bytes Lightning Talks-Usage Track – Wireshark Core Developers
  • Real World Troubleshooting Tales – Graeme Bailey
  • Sneaking in by the Back Door – Hacking the Non-Standard Layers with Wireshark – Phill Shade



Both the location and the event were great. Some of the attendees were network analysts with decades of experience. If you are interested in network analysis (including security as the exact same principles apply there too), SharkFest is a very nice conference to attend (hint: it is taking place on different place every year).

Written by xorl

November 19, 2017 at 17:42

Cyber Security Week 2017

leave a comment »

From 25 until 29 September 2017 the Netherlands had its second international Cyber Security Week (abbreviated as CSW2017). It was a huge event that took place in multiple locations within the Hague and included over 80 security related presentations, trainings, and workshops. Unfortunately, I was able to be there just for the last day. So, here is what I attended in that last day and how it went… Note that all of the events I attended where in the HSD (Hague Security Delta).



As expected, the audience was more business and less technical oriented. For this reason the talks were also adjusted accordingly. So, here is a quick summary of the events I attended at CSW2017.

  • Cyber Threat Intelligence – Innovating Towards a Mature CTI Capability (TNO)
  • Cyber Threat Intelligence in practice: insights from a community-driven approach (EclecticIQ)
  • I Stopped Being Surprised, and Started Being Prepared (RedSocks Security)
  • SOC maturity as a weapon in fighting cyber crime (De Volksbank)
  • Multinational Cyber Defence Capability Development: NATO Communications and Information Agency: Introduction to MNCD2 program (NATO Communications and Information Agency)
  • Introduction to Dynamic Network Enumeration (DyNE) (NATO Communications and Information Agency)
  • Introduction to Semi-automatic response (SAR) (NATO Communications and Information Agency)
  • Learn How to Eliminate Insider Threats (Dtex)



The HSD was really nice and I got to meet a few very interesting people. The events themselves had some promotion parts, but nothing extreme. It was not really technical but definitely had useful information, especially if you are a security professional. Also, considering that this was a free event, the organization and content was very good. So, if you wanted some in-depth technical content or advanced attack/defense techniques, then don’t go to CSW. If you want to get an idea of where the security industry is moving towards, what’s going on in the enterprise, military, and government security sectors, then you should go.

Written by xorl

November 16, 2017 at 20:47

Security BSides Amsterdam 2017

leave a comment »

The first ever Security BSides event in Amsterdam took place in September 2017. The location of the event was the “Zalen Pakhuis de Zwijger B.V.” conference center which is located right next to Amsterdam central station.



There were two simultaneous sessions/tracks. One was secure programming and WebGoat workshops by BSides team together with OWASP. The second was a series of security related presentations. Below is a list of the presentations, and you can watch the recordings in the official YouTube channel of the event here.

  • What if we really assumed breach? – Kevin Jonkers
  • Requiem For An Admin – Walter Legowski
  • Demystifying the Ransomware and IoT Threat – Christopher Elisan
  • To click or not to click, or how to build awareness about behavior online – Jelena Milosevic
  • To pin or not to pin: an introduction into SSL pinning for Android & iOS – Jeroen Willemsen
  • V!4GR4: Cyber-Crime, Enlarged – Ben Herzberg
  • I Thought I Saw a |-|4><0.- – Thomas V. Fischer
  • Bots Combine! : Behind the Modern Botnet – Andrea Scarfo
  • The hidden horrors that 3 years of global red-teaming have revealed to me – Jos van der Peet
  • I Boot when U-Boot – Bernardo Maia Rodrigues & Vincent Ruijter
  • Automating security with PowerShell – Jaap Brasser
  • Behavioral Analysis using DNS, Network Traffic and Logs – Josh Pyorre

Very nice event. Relatively small but it was the first time so it was expected. Congratulations to the organizers for the perfect flow and to the presenters for sharing their research, knowledge, and experience. Hope to be there again next year.

Written by xorl

November 12, 2017 at 11:06

BruCON 0x09

leave a comment »

Although for the last couple of years I live close by (in the Netherlands), this was my first time attending BruCON in Belgium. BruCON takes place in the beautiful city of Ghent, a city with amazing medieval architecture. The event itself took place in the Aula Academica of the Ghent University.



Wonderful event and everything went as scheduled apart from a small issue with a change of a talk. I was expecting a larger audience as BruCON is well known in Europe but maybe that was the expected attendance (don’t forget, it was my first time there). In any case, if you are close by it is definitely worth attending. Here you can find the videos archives of the talks.

If I had to choose just one talk from BruCON 0x09 that everyone must watch, it would certainly be the “How hackers changed the security industry” by Chris Wysopal. It is a very inspirational talk that gives a glimpse of the bigger picture in the security industry developments of the past years, and how people can assist in getting it to the next level in the future.



Hope to be there next year too for the 10 year anniversary edition that will also have some special events. :)

Written by xorl

November 7, 2017 at 10:24

News: Back from BerlinSides

leave a comment »

I’m finally back having a pretty bad flu. Nevertheless, I had some great time at Berlin this year and aluc was an awesome dude! Thanks for everything.

Awesome time meeting more and more cool people. Finally, I want to apologize to our Swedish friends for my attitude during the last two days of our stay in Berlin but I was having that flu and I was really stuck with something sin was coding during that period. This resulted in spending the New Year’s Eve coding instead of partying.

So, I’m sorry about this and I’m looking forward for our next meeting.

Written by xorl

January 2, 2011 at 04:31