#RomHack2020 Agenda

Attack and Defense

10:30 - 10:45 CEST
Conference opening

10:45 - 11:35 CEST
Windows Privilege Escalations: Still abusing local service accounts to get SYSTEM privilege
[ Local | Tags: attack, windows, privilege escalation | Language: ]

Privilege escalation is a required step for an attacker in order to get full control of a system starting from a lower privileged access.
In windows there are many ways to reach this goal. This talk will be focused on showing all the recent techniques used to do privilege escalation starting from a service account.

11:35 - 12:25 CEST
BYOI (Bring Your Own Interpreter) payloads: Fusing the powah of .NET with a scripting language of your choosing
[ Remote | Tags: attack, windows, scripting | Language: ]

Offensive PowerShell tradecraft is in “Zombie Mode”: it’s sort of dead, but not entirely.
With all of the defenses Microsoft has implemented in the PowerShell runtime over the past few years Red Teamers / Pentesters & APT groups have started too shy away from using PowerShell based payloads/delivery mechanisms and migrate over to C#. However, C# is a compiled language. Operationally this has a few major downsides: we can’t be as “flexible” as setting up a proper development environment has an overhead and can be time consuming and you have to compile all the things all the time etc..

12:25 - 13:15 CEST
Falco: runtime security analysis through syscalls
[ Local | Tags: defense, cloud, kernel | Language: ]

Our daily job as Software Engineers is commonly to build software, a.k.a. abstractions. While doing so, we hide some complexity, but at the same time, we also increase the entropy and often the attack surface too. This is even more true in today's complex cloud-native environments.

13:15 - 14:45 CEST

14:45 - 15:35 CEST
Serverless security: attack & defense
[ Remote | Tags: attack, defense, cloud, serverless | Language: ]

In this talk I'm going to show you various attack vectors against the serverless applications built from AWS Lambda functions.

15:35 - 16:25 CEST
From 0 to Hero - Actionable Threat Intelligence
[ Local | Tags: defense, threat intel | Language: ]

What is it and why we need it in a Security Operation Center?
Threat Intel is a service that any SOC must have in order to analyze, identify and correlate emerging cyber threats. The service is helpful for managing budget and monitoring evolving cyber scenarios, improve the correlation capabilities and manage indicators of compromise (IoCs) that can be used to prevent and detect malicious Threat Actors and CyberCrime that scampers on your own network.

16:25 - 16:30 CEST

Cyber Saiyan

RomHack is made with ❤ by Cyber Saiyan
Follow us, make a donation or become a member

Privacy policy