Introduction
At the second edition of the Swiss Cyber Security Days our researcher Maria Jose Erquiaga presented the work of the Aposemat laboratory in the talk: “The Truth is out there: Hunting malware from an IoT laboratory”.
About SCSD
The Swiss Cyber Security Days are a two-day event in Fribourg, Switzerland. This event brought together Cyber security researchers, consultants from technology, business, politics and the general public interested in cybersecurity from all over the world.
The event consisted of Keynotes and Forum, Technical Talks, Best Practice talks, an exhibitors’ area and other activities like CtF.
All keynotes and TechTracks were offered in simultaneous translation in the three languages German, French and English.
Technical Track
The technical track included up to eight talks per day from industry leaders and researchers from different countries. The topics for the talks were diverse.
Our researcher, Maria Jose Erquiaga showed her malware analysis work of the last few years. In her talk, “The Truth is out there: Hunting malware from an IoT laboratory”, she showed all the steps we follow to analyze malware. The first step is the creation of a malware laboratory to execute malware samples and capture the resulting network traffic to generate a dataset for capture analysis. In Aposemat, we execute malware for long periods of times to analyze its behavior. We also generate datasets from the malware executions in our laboratory and from our honeypots. Recently, the IoT23 dataset was released: this a selected malware dataset that contains 23 labeled scenarios with 20 malware captures and 3 normal traffic captures. In Aposemat, we analyze malware and the network traffic captures are one of the main components of the analysis (along with Reversing and executing malware in sandboxes). Finally, in this talk two examples of malware analysis were presented. Those were the case of an IRC based botnet and Geost botnet (a banking trojan first discovered in our laboratory).
María José Erquiaga presenting “The Truth is out there: Hunting malware from an IoT laboratory”
Yamila Levalle presented her talk “Bypassing biometric security controls with 3D printing”. She showed the different kinds of biometric authentication, where the basic premise is that every person is unique and each individual can be identified by their intrinsic or behavioral traits. Biometric technology is able to recognize a person based on the unique features such as their face, fingerprint, signature and/or iris pattern and then impart a convenient authentication method. During her talk, she demonstrated the different ways in which 3D printing technology could be used to bypass biometric authentication systems, including optical and ultrasonic fingerprint scanners and facial recognition systems.
Yamila Levalle presenting “Bypassing biometric security controls with 3D printing”
One of the topics covered in the technical track was payment systems. Here, Salvador Mendoza presented his talk “Payment Systems: Detecting NFC and Mag-Stripe Skimming”, in which he showed one of the most prevalent attacks against such systems: skimmer devices. Skimmer devices are specifically designed to sniff customer banking information when they use an ATM, card reader or a bank money dispenser. The main problem is that the users have to completely rely on banking devices or financial institutions, which is dangerous. In this talk, Salvador showed us how to design some tools to detect this type of attacks in different technologies such as NFC or mag-stripe.
Salvador Mendoza talking about Payment Systems
Nahuel Grisolia told us about his journey finding failures in authentication systems in his talk “A journey to the problems on federated authentication and secrets sharing”. Authentication has become complex, involving more (but not new) cryptography concepts, a new secure token service party, secret management (between poorly-segregated environments) and token use. He presented real examples of poor programming related to Federated Authentication and an incorrect secret sharing between Production and Non-Production Environments.
Nahuel Grisolia presenting “A journey to the problems on federated authentication and secrets sharing”
The technical track took a twist during the talk of The Wizz (The Wizard of BotZ), when he presented his talk “The Look on the BOTing side of life”. In this talk he presented the steps, tools and challenges to build a botnet. He showed the possibilities that arise when owning a botnet, some of them included distortion of competition, social engineering, manipulation of opinion or direct intervention in political discourse.
The Wizz presenting the BOTing side of life
Other speakers covered diverse and interesting topics. Ange Albertini showed how vulnerable MD5 can be. Paola Rodriguez talked about security in cloud environments. Marchello Salvati showed us the tools he developed for his work in a red team.
Overall, this conference had great content and offered a variety of topics covered in the technical track, forum and Best Practice Space. The environment was friendly and the organization was exceptional. The activities proposed by the organizers helped the interaction between the participants.
The next edition will take place in March 2021 and we look forward to attending again.