[Cyber] CiderSecurityCon Conference Wrap Up

The CiderSecurityCon conference was scheduled to take place on March 14-15, 2020. Due to the COVID pandemic however, the on-site event was cancelled [1]. The organizing crew however, decided to re-organize a virtual version of the conference. Using Zoom with the speakers, and streaming via YouTube, they managed to pull off a very friendly and nice virtual event.

What is CiderSecurityCon?

As explained in the conference website, CiderSecurityCon “is a BSides style event” that was meant to happen before the well known TROOPERS conference in Mannheim, Germany. Visit their website (https://cidersecuritycon.de/) for more information, or follow them on Twitter (@CiderSecCon).

The agenda of the virtual event, different from the original one, was composed by a variety of speakers. Many of them were already scheduled to speak on the on-site CiderSecCon, others volunteered to speak at the last minute.

Day I

The first talk was by Sebastién Dudek who presented “Smart grid (in)security”, specifically how insecure HomePlug technologies are.

Right next, Jens Heinrich gave a very interesting lighting talk “ CI/CD/CDon't? - Deliberations on the threat model of continuous delivery systems”. You can find his slides here [2].

The next lighting talk was by Matthias who presented “Rosenmontag: Attacking users through third party docker containers” or how docker containers could be compromised using a type of supply chain attack. You can find details about his presentation here [3].

Next up was our own researcher, Veronica Valeros who presented “Machete Cyber Espionage Operations in Latin America”. You can read the full paper full paper here [4].

Veronica presenting about Machete APT malware and how it operated since 2010.

Veronica presenting about Machete APT malware and how it operated since 2010.

The next talk was presented by @Sh4d0w_DE, “IoT Security and alarm systems”, followed by King Kévin who presented “I just want a USB cable!”.

Day II

Stefan showing a physical security bypassing technique.

Stefan showing a physical security bypassing technique.

The second day kicked off at 16:00, with Stefan Hager presenting “The attacker’s point of view”. A nice talk that discussed several myths in cyber security, like ‘our company is unhackable’ or ‘nobody is interested in our organization’. Reality is that if your company is connected to the internet.. it will be attacked. He also included an interesting selection of OSINT tools that are definitely worth checking.

The next talk was by Jiska, who presented “Bluetooth debugging on all platforms”. If you are into bluetooth, go watch this talk!

This was a great experience, and we are very thankful for the organizers for creating such a nice event all things considered! Follow the conference on Twitter to know when the recording of the talks will be published online!

References

[1] https://cidersecuritycon.de/posts/2020/03/13/cancelled.html

[2] https://github.com/ubffm/cicdcdont-lightning

[3] https://github.com/ramshazar/rosenmontag

[4] https://www.stratosphereips.org/s/Day3-1130-Green-A-study-of-Machete-cyber-espionage-operations-in-Latin-America.pdf