Program

  • BSidesBUD 2024 // 1ST PART
    08:30 - 08:35
    Opening Ceremony

    Ingrid Donenwirth
    8:35 - 09:15
    Scaling Runtime Application Security
    How eBPF is Solving Decade-Long Challenges
    Avi Lumelsky
    Guy Kaplan
    Runtime Application Self Protection (RASP) , while historically had a lot of potential, fell flat in execution. This is because the solution largely added friction, had intensive maintenance requirements, and unpredictable impacts on performance and stability– just a few deficiencies formerly introduced.
    09:20 - 10:00
    HEAP HEAP HOORAY
    Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246)
    José López Martínez
    In January, Qualys team found a heap overflow in one of the most used library in Linux, GLIBC. This issue allows attackers to escalate privileges by just changing the program name. However, it is not that easy or… is it? In this talk, we are going to be talking about heap overflows, how they work and how you can exploit CVE-2023–6246 to escalate privileges.
    10:00 - 10:15
    Break
    10:15 - 10:55
    Batch & Breaches in OT

    Bojan Alikavazovic
    Throughout my extensive experience and active involvement in cyber incidents, I've encountered numerous challenges in incident scoping, especially in heterogeneous environments with various Windows versions, a scenario specific to OT Ethernet networks. I aim to share tricks and tools I've developed to quickly detect attacker traces in situations where installing EDR solutions, exploiting PowerShell capabilities, or violate CPU load on SCADA/HMI devices is not an option. Everything is scripted in a batch, utilizing familiar Windows binaries in an unconventional yet effective way, compatible from Windows XP to Windows 11.
    11:00 - 11:40
    Sweet Deceptions
    The Art of Customizing Honeypots!
    Kat Fitzgerald
    This talk is a rollercoaster ride through the world of honeypots, those sneaky traps masquerading as irresistible server bait. Sure, honeypots aren’t new, but how they’re used is what makes this talk different. Presented for your viewing pleasure: examples of attackers caught with their hands in the cookie jar, as I reveal the secret sauce to crafting the most enticing honeypots, and debate the moral gymnastics of digital entrapment. Expect a mix of facepalm moments, clever strategies, and a peek into some of the fun I have with honeypots installed around the world. Buckle up for a fun and insightful ride that proves sometimes the best defense is a good, deceptive offense.
    11:45 - 12:25
    The Adversary Mindset
    Practical examples from the field
    Yossi Sassi
    A successful cyber attack (or an unsuccessful one, depends who you ask) can be attributed to several elements in design & execution. Yet what REALLY makes an attack stealthy, in an uninterrupted window of adversary opportunity or, vice versa, a solid, high-fidelity, early detection & containment?
    12:25 - 13:15
  • BSIDESBUD 2024 // 2ND PART
    13:15 - 13:45
    You look like a terrorist

    Tobias Schrödel
    In Germany a "most wanted" terrorist was caught by the police after hiding for over 30 years. How ever, it was not the police who found her. It was a journalist, using a free face recognition software in the web. In this talk, Tobias will explain, how the tool works. And - as always in talks from Tobias aka Comedyhacker - we will try it out LIVE. Let's identify a person behind a famous meme or a real criminal on the run.
    13:50 - 14:10
    Digital parenting
    from sandboxes to passwords
    Óbuda University
    Our research deals with the digital and generation gap between children and parents. To bridge the "gap", we develop cyber security games that are AI assisted. The topics are constantly tested and developed. The development of cybersecurity and information security awareness plays a pioneering role in our research, and we place great emphasis on modern education, gamification, and motivational elements.
    14:15 - 14:55
    Linux Under Siege
    Analyzing the Latest Cyber Espionage Tactics and Malware Trends
    Marc Rivero Lopez
    In 2023, cybersecurity research sheds light on the increasing targeting of Linux systems. The AppleJeus campaign by the Lazarus Group, highlighted by Volexity and Microsoft, marks a tactical evolution with new malware impacting Linux and macOS, focusing on cryptocurrency theft. The DTrack campaign, a branch of Lazarus, represents a significant development in diverse attacks including ransomware and espionage malware. This campaign has evolved over nearly a decade, expanding knowledge about attacker commands and associated post-exploitation tools.
    14:55 - 15:20
    Break
    15:20 - 16:00
    Local Admin in less than 60 seconds
    My guilty pleasure
    Nikos Vourdas
    Local Privilege Escalation, also known as LPE, refers to the process of elevating user privileges on a computing system or network beyond what is intended, granting unauthorized access to resources or capabilities typically restricted to higher privilege levels. Gaining local admin privileges during red teaming significantly enhances the potential for lateral movement and access to additional resources. Modern environments offer unprecedented opportunities to gain local admin privileges more easily than one might imagine. The days of relying solely on traditional techniques such as exploiting unquoted service paths, weak service permissions, misconfigured AlwaysInstallElevated policies etc. are long gone (still possible but rare). Thus, in this presentation, we will explore together some alternative and realistic methods for escalating privileges and moving laterally within an internal network, inspired by my recent engagements.
    16:05 - 16:45
    Open by Default
    The Hidden Cost of Convenience in Network Security
    Aurelio Picon Lopez
    This presentation will discuss the almost obvious realization I had after a year of reviewing anonymized network security event logs for more than 2 billion devices spread across north America and Europe, tracking malware, trending TTP, IOT software updates, targeted devices, botnet compositions and behaviors, etc, All that is good but ultimately the only reason the majority of current botnet spreading and behaviour is happening because the routers on households have "auto port forwarding" enabled by default.
    16:50 - 17:20
    Context-Based Security
    What Your Cloud Native Apps Really Need
    Ben Hirschberg
    17:20 - 17:25
    Closing notes

    Ingrid Donenwirth
  • BSIDESBUD 2024 // WORKSHOP SESSIONS
    09:00 - 11:00
    Exploring Windows Kernel Drivers with 5 Practical Security Experiments

    Bálint Szabó
    11:00 - 11:15
    Break
    11:15 - 13:15
    Practical Smart Contract Analysis and Exploitation

    Attila Marosi-Bauer
    Welcome to an exciting dive into the world of Web3 security! In this workshop, we'll explore the intriguing challenges in the blockchain ecosystem, focusing on two main issues: scams and exploits. We'll kick things off with a fun warm-up session to get everyone on the same page. Don't worry if you're not a cryptography or math whiz—this workshop is all about practical, real-world applications. We'll focus on infrastructure, use cases, and essential knowledge about how blockchain works. Although we can't cover all the basics in just two hours, I'll highlight how fascinating this world is and hopefully inspire you to start your own journey in this space. Key Highlights of the Workshop: Real Case Studies: Discover how typical scams operate on the EVM blockchain. On-Chain Investigation: Use multiple tools to unveil the actions of malicious actors. Interactive Learning: Interact with contracts and see how they work. Time Travel: Use forks to explore different states of the blockchain. Impersonation Techniques: Test contract behaviors by impersonating others. Develop an Exploit: Create an exploit code and virtually earn over $40 million. No Wallet Apps Needed: We won't be using any wallet apps like MetaMask! Join us for a hands-on, practical session that promises to be both educational and fun. Get ready to dive deep into the fascinating world of blockchain security!
    13:15 - 13:30
    Break
    13:30 - 15:30
    Testing LLM Networks

    Gergely Jakab Karz
    Péter Zsíros
    Join us for an eye-opening journey into the realm of Large Language Models (LLMs) at our upcoming workshop! Discover how these powerful tools bring new challenges to the landscape of cybersecurity and learn essential strategies for harnessing their potential while safeguarding against potential vulnerabilities. Our workshop begins with a comprehensive exploration of environment and model setup, providing you with the foundational knowledge needed to deploy LLMs effectively. In this workshop, we present MeetKai's functionary model, which can not only be used as a chat assistant but is also equipped with the ability to interact with external API functions. We introduce practical usage examples, showcasing the incredible capabilities of these models in action. But that's not all – we'll also shine a light on the darker side of LLMs, exploring potentially real-world exploits where these models can be manipulated through indirect prompt injection. By uncovering these security flaws and understanding how they can impact your systems, you'll be better equipped to deploy LLMs with confidence and resilience. Don't miss this opportunity to stay ahead of the curve in cybersecurity. Join us at the BSidesBUD International IT Security Conference for an enlightening workshop that combines cutting-edge technology with essential security insights
    15:30 - 15:45
    15:45 - 17:45
    Benchmarking and hardening in the scope of NIS2 and DORA
    Péter Zsíros