Mobile possibilities in 2000 vs 2016/17. Point being that your phone is more like a computer so we should protect it like one.
i. According to a CYREN’s Security Report an average of 5,768 malware attacks occurred daily on Android devices in 2013. This portion will articulate in tangible terms the Threat Landscape of Mobile Devices both from a personal and organisational perspective.
i. Phishing scams done in 2000 vs 2016/17 shows major increase. People are using their phones more often than their computers in when reading emails. Unbeknownst to the average user the threats that accompany emails (phishing, ransomware, trojans) are vast in nature. This portion of the training will articulate these threats and demonstrate the safeguards and best practices that align with international data privacy laws.
i. The same device people use for their personal activities they use for their professional activities. In a BYOD environment this could have brand damaging effects if not measured appropriately. This phase of the training will illuminate these threats from organisational brand management perspective and personal identity perspective.
i. Mobile devices need security standards even if they are BYOD. By creating an enforced AUP that articulates that privilege to your device is a privilege rather than a right. This phase of training will give the participants a real world view of the legal ramifications associated with defining AUP verbiage in tangible terms.
During the workshop attendees will learn from my experience in the PLC-Scada security research and penetration test technics. From basics to take over the PLC with vulnerabilities discovered recently in several models from the very well know vendors in the industry. Nowadays we see very often attacks to our critical and sensitive systems, the main goal of the workshop is to keep the knowledge up to date regarding the current state of insecurity in the PLC-ICS industry, thus enabling us to help us to keep our systems safe and protected.
1. Understanding the basics of PLC SCADA
2. Understanding the PLCs.
4. Advance takeover
What are the key take aways or benefits of attending this workshop?
This talk will discuss the main challenges in implementing, testing and preserving security for modern Smart Cities. Modern Smart Cities’ technologies will be introduced describing the most relevant threats, their impact on the physical world and a high-level methodology to secure different city’s environments. Real-world case studies will be presented on Smart Mobility security.
The workshop will cover the advanced techniques of identifying flaws and exploiting web applications. It will be based on a Capture the flag scenario, where attendees will be to experience how attackers think when finding out flaws and exploiting them in web applications. The workshop takes mainly the perspective of an attacker since this is the most effective way to understand how and what enabled an attack. Possible countermeasures will be discussed in order to mitigate the risks.
The key points covered in the workshop will be
Participants will gain an in-depth understanding of the most prevalent security vulnerabilities found in web applications and be able to tackle them with effective countermeasures. Participants will also be able to exploit those security flaws by themselves through a series of hands-on exercises
The biggest and most elaborately plotted cyber warfare and hacks were primarily built upon the simplest of conning techniques. The techniques that has the highest success ration and targets the weakest link of the security ecosystem – The Human. In this workshop, we will focus on how a mix of tech knowledge and understanding human behavior can help one crack toughest of the security protocols.
• Introduction to conning. – The art of leveraging human emotions.
• Information Gathering. – A corporate network might be highly secure. But that might not be same for the home network of their security head. Social Media and Search engines are a terrific way to find out a key target (human) whom you can piggy back on, to gain access to a secure infrastructure. Here we will discuss some of the techniques a hacker could use to do so.
• Phishing – We will create an end to end, fully operational phishing website with visibly authentic SSL certificate. We will then see various techniques by which a user can be lured to hit that website. Some of the techniques that would be discussed here are DNS Poisoning, Punycode, Spear phishing, etc
• Remaining invisible – To perform a successful phishing attack, one is supposed to acquire a lot of resources such as Domain names, SSL Certificates, etc. where he or she might leave their digital footprints. Here we will try to identify certain tricks which are used by hackers to keep them completely invisible while setting up or performing a phishing attack.
• Countermeasures – The only way to survive social engineering is by training your people to be excessively vigilant. As Andrew Grove said, “Only the paranoid survives” in this section we will identify some traits and signs everyone should be always cautious about both offline and online.
CTOs, CIOs, IT Managers, Security Policy Makers. Security enthusiasts.
Only once we know the various modi operandi of a social engineering attack, we can be vigilant enough to protect ourselves from it. This workshop will help you build a basic online hygiene level that will keep you safe from at least the know ways of SE attacks.
Wireless communications are crucial in today’s business operations and in everyone’s lifestyle starting from enterprise wireless networks, connected automobiles to entertainment and smart-home systems. You’ll learn in this session about key advancements in Wi-Fi & Bluetooth technologies and the TTPs to break and audit them.