• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Files spread between Dropbox, Google Drive, Gmail, Slack, and more? Dokkio, a new product from the PBworks team, integrates and organizes them for you. Try it for free today.

View
 

BSidesBerlin2020

 

Event details

 

When: Saturday, 22/02/2020

Where: c-base, Berlin

Cost: Free 

 

Follow us on Twitter!

And invite your friends by posting this on Twitter: "#BSidesBerlin 22/02/2020: Discover the next big thing!"

 

 

Code of Conduct

 

The Berlin chapter of BSides is following the Berlin CoC.

 

 

Tickets 

 

are available for free here.

Please only get a ticket if you are sure you're planning to attend, and in case of change of plans - please cancel your ticket.

The seating is limited.

 

 

Schedule

 

 

[Saturday] - [22/02] Main Hall
10:00 - 10:05 Welcome Words
10:05 - 10:30 

Talk 1 - Opening Keynote - Chaos Engineering for Cloud Native Security

 

Human errors and misconfiguration-based vulnerabilities have become a major cause of data breaches in cloud native infrastructure. We tackle these security challenges via Risk-driven Fault Injection (RDFI), a novel application of cyber security to chaos engineering.

 

Human errors and misconfiguration-based vulnerabilities have become a major cause of data breaches and other forms of security attacks in cloud-native infrastructure (CNI). The dynamic and complex nature of CNI and the underlying distributed systems further complicate these challenges. Hence, novel security mechanisms are imperative to overcome these challenges. Such mechanisms must be customer-centric, continuous, not focused on traditional security paradigms like intrusion detection. We tackle these security challenges via Risk-driven Fault Injection (RDFI), a novel application of cyber security to chaos engineering. Chaos engineering concepts (e.g. Netflix’s Chaos Monkey) have become popular since they increase confidence in distributed systems by injecting non-malicious faults (essentially addressing availability concerns) via experimentation techniques. RDFI goes further by adopting security-focused approaches by injecting security faults that trigger security failures which impact on integrity, confidentiality, and availability. Safety measures are also employed such that impacted environments can be reversed to secure states. Therefore, RDFI improves security and resilience drastically, in a continuous and efficient manner and extends the benefts of chaos engineering to cyber security. We have researched and implemented a proof-of-concept for RDFI that targets multi-cloud enterprise environments deployed on AWS and Google cloud platform.

 

Speaker: Kennedy A Torkura

 

I am currently working as an Information Security Engineer at Data4Life gGmbH, Berlin. I am also rounding up my doctoral research in cyber security at the Hasso Platter Institute, Germany

 

http://ktorkura.me/portfolio

https://medium.com/@run2obtain

http://twitter.com/run2obtain 

 

10:35 - 11:00 

Open Discussions Session

11:00 - 11:25

Talk 2 - WebThings: A Secure Gateway to Connect Your Things to the Internet

 

With the advent of the IoT, are we really making our lives simpler or drowning ourselves in a vast ocean by uploading our lives to the internet? WebThings is an open platform by Mozilla for monitoring and controlling devices over the web without any middleman

 

Mozilla is working to create a Web of Things framework of software and services that can bridge the communication gap between connected devices. By providing these devices with web URLs and a standardized data model and API, we are moving toward a more decentralized Internet of Things that is safe, open and interoperable. Using the Internet of Things today is a lot like sharing information on the Internet before the World Wide Web existed. There were competing hypertext systems and proprietary GUIs, but the Internet lacked a unifying application layer protocol for sharing and linking information. The “Web of Things” (WoT) is an effort to take the lessons learned from the World Wide Web and apply them to IoT.Mozilla joined the W3C Web of Things Interest Group, with a goal of giving Things URLs on the web to make them linkable and discoverable, and to collaborate around standard data models and APIs to make them interoperable. Mozilla’s open-source implementation will help broaden IoT products and services to a vast number of vendors and enable horizontal interoperability. The key to enabling a large, low-cost, and diverse product ecosystem in IoT is to emulate the success of the Internet, which is a decentralized web of services.

 

From this talk audience will take away an understanding of the privacy concerns related to IoT, and how they may be putting their personal information at risk by connecting my physical entities to the internet and how Webthings come to the rescue. The goal is for visitors to leave with a better understanding of some of the issues surrounding the Internet of Things today, and how Mozilla is working to build a decentralised IoT with the Web of Things, to improve interoperability, privacy and security through standardization. Visitors

WebThings initially focuses on developing three components:

  1. Things Gateway — An open source implementation of a Web of Things gateway which helps bridge existing IoT devices to the web
  2. Things Cloud — A collection of Mozilla-hosted cloud services to help manage a large number of IoT devices over a wide geographic area
  3. Things Framework — Reusable software components to help create IoT devices which directly connect to the Web of Things

 

In this talk we will:

  • General Discussion on What Is IoT and its future.
  • The pros and cons of connecting things to the internet.
  • How exploiters can breach the security and know our lifestyles.
  • Introduction to WebThings
  • Details about the WebThings framework.
  • How WebThings is secure and solve the problem of privacy and security

 

Speaker: Dipesh Monga

 

Dipesh is a techspeaker at Mozilla and working at Aalto University,Finland as a Research Assistant where he works on the development of the Internet of things based system on chips (SoCs). He loves to tinkle with emerging technologies with his main focus of his research on the system on chip-based platforms for IoT and technologies of the future.He has published research papers on technologies like Li-Fi, SoCs for IoT application, mobile technologies, and automation. He loves to speak about open source hardware, web literacy and the future of upcoming technologies.

 

http://twitter.com/diipeshmonga

https://wiki.mozilla.org/User:Dimonga 

 

11:30 - 12:00

Open Discussions Session

12:00 - 14:00

Lunch

Note: Lunch is not served in this event, you are welcome to bring food with you or eat at a nearby restaurant

14:00-14:25

Talk 3 - Keep Your Bins in the Cage. Falco is Watching

 

GTFOBins (Get the f*** out of binaries) project collects functions of Linux binaries that can be abused and exploited in different ways. Let’s analyze some interesting patterns and concrete examples, then learn how we can detect and respond to these threats using the Falco Runtime Security engine.

 

The GTFOBins repository is a very interesting collaborative project that collects legitimate functions of Unix binaries that can be abused for malicious usage like: * Getting out restricted shells * Escalate or maintain elevated privileges * Transfer files * Spawn bind and reverse shells * Facilitate the other post-exploitation tasks …

Although the usage is very well documented, the explanation and details are often not straightforward. We will go one step further by analyzing some of these examples, grouped by similar function patterns, and explaining how they work.

Then, we will talk about Falco Cloud-Native Runtime Security, its features, and learn how to create some Falco rules to detect these kinds of threats. 

 

Speaker: Vicente Herrera García

 

Vicente Herrera is a Cloud Native Security Advocate at Sysdig, where he develops security tools and integrations, and helps to raise awareness about them. Author of the book “Building intelligent cloud applications” for O’Reilly about Azure serverless and cognitive services, he has deep knowledge about developing serverless projects with complex requirements.

 

https://twitter.com/vicen_herrera

 

14:30-14:55

Open Discussions Session

15:00-15:30

Talk 4 - Kubernetes Security Logging with Falco and Elastic SIEM

 

What are your Kubernetes pods doing at runtime? Detect any kind of abnormal activity in real time using CNCF Falco and visualize it with user friendly dashboards in Elastic SIEM to improve incident response with the peace of mind of being backed by officially recognized standards like PCI and NIST.

 

Cloud Native platforms such as Kubernetes help developers to easily get started deploying and running their applications at scale. But as access to computing resources starts to become ubiquitous, how you secure and maintain modern compliance standards in these environments becomes extremely important.

Logs offer a lot of information but we can lose track of what’s happening in our environments. How can we track security events if our current logging applications are not fully aware of what’s happening in the environment?

Falco is able to detect any kind of security event in your system in real time and trigger events that you can track and analyze.

Also, using a SIEM is mandatory in a real world environment to correlate events from different sources and act quickly when the red alerts are on. Using Elastic SIEM, your teams will understand much more quickly what’s happening with their workloads.

Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools to follow NIST and PCI standards as part of their security strategy.

 

Speaker: Fede Barcelona

 

Fede is a college student and cloud-native integrations engineer, sitting between the container infrastructure and programming worlds, he uses Go, Python and C++ to integrate the neverending stream of new awesome DevOps / Container technologies.

Currently, he is part of the Sysdig team while he’s finishing his studies at the university.

Always willing to learn new things in this hectic technology space, he also loves watching horror films with his girlfriend and his kitten and traveling to discover new places.

 

http://twitter.com/tembleking

 

 

15:30-16:30 Discussions
16:30-17:00

Lightning Talks

 

 

 

Topics I would like to hear about

 

  • add a topic...

 

 

Planners

 

 

Volunteers

 

  •  add yourself...

 

Participants

 

  • add yourself...

 

Name  Twitter/Email 
     

 

 

 

Task List

(please -cross out- when it's done)

 

Tech

 

Wifi

Projector, White Boards

Audio

 

Non-tech

 

Breakfast Lunch: self purchased

Coffee/Tea: a bar is available throughout the event

Tables and chairs

 

 

Tags for flickr, twitter, blog, etc.

 

Please use the tag #BsidesBerlin for content related to this event

 

 

Who's blogging?

 

  •  

Comments (0)

You don't have permission to comment on this page.