Cyber Security Training & Workshop In Dubai 2017

Speakers

Muhammad Shahmeer

Bertin Borvis

Matteo Beccaro

Abdulla Alagha

Anindya Roy

J. Tate

20 Nov | 09:30 – 16:30
Repeat
21 Nov | 09:30 – 16:30

MOBILE SECURITY – PROJECT BLACK CAT

A. Introduction to Mobile Security

Mobile possibilities in 2000 vs 2016/17. Point being that your phone is more like a computer so we should protect it like one.

B. Mobile Device Threats (Enterprise/Government)

i. According to a CYREN’s Security Report an average of 5,768 malware attacks occurred daily on Android devices in 2013. This portion will articulate in tangible terms the Threat Landscape of Mobile Devices both from a personal and organisational perspective.

C. Email Threats (Intellectual Property Threat)

i. Phishing scams done in 2000 vs 2016/17 shows major increase. People are using their phones more often than their computers in when reading emails. Unbeknownst to the average user the threats that accompany emails (phishing, ransomware, trojans) are vast in nature. This portion of the training will articulate these threats and demonstrate the safeguards and best practices that align with international data privacy laws.

D. Social Media Threats

i. The same device people use for their personal activities they use for their professional activities. In a BYOD environment this could have brand damaging effects if not measured appropriately. This phase of the training will illuminate these threats from organisational brand management perspective and personal identity perspective.

E. Policy Mobile Device AUP Fundamentals

i. Mobile devices need security standards even if they are BYOD. By creating an enforced AUP that articulates that privilege to your device is a privilege rather than a right. This phase of training will give the participants a real world view of the legal ramifications associated with defining AUP verbiage in tangible terms.

F. Closure Q&A

20 Nov | 09:30 – 16:30
Repeat
21 Nov | 09:30 – 16:30

PLC-SCADA SECURITY RESEARCH AND PENETRATION TEST TECHNICS.

During the workshop attendees will learn from my experience in the PLC-Scada security research and penetration test technics. From basics to take over the PLC with vulnerabilities discovered recently in several models from the very well know vendors in the industry. Nowadays we see very often attacks to our critical and sensitive systems, the main goal of the workshop is to keep the knowledge up to date regarding the current state of insecurity in the PLC-ICS industry, thus enabling us to help us to keep our systems safe and protected.

Course Outline

1. Understanding the basics of PLC SCADA

  • • Introduction / History
  • • Implementation
  • • Security
  • • Vulnerability research

2. Understanding the PLCs.

  • • Overview over the actual state of PLC insecurity
  • • How to recognize PLC-SCADA in the internet
  • • Tools
  • • Lab

3. OSINT

  • • Search engines as massive destructions weapons
  • • Dorking

4. Advance takeover

  • • Exploiting the PLC web interface
  • • Firmware analysis technics
  • • Abusing from other protocols available in the PLC
  • • 0-days
  • • Conquer the planet

Who Should Attend?

What are the key take aways or benefits of attending this workshop?

20 Nov | 09:30 – 16:30
Repeat
21 Nov | 09:30 – 16:30

THE RISE AND FALL OF SMART CITIES

This talk will discuss the main challenges in implementing, testing and preserving security for modern Smart Cities. Modern Smart Cities’ technologies will be introduced describing the most relevant threats, their impact on the physical world and a high-level methodology to secure different city’s environments. Real-world case studies will be presented on Smart Mobility security.

Take away:

  • • Clear understanding of Smart Cities technologies and related threats
  • • Main challenges in securing Smart Cities
  • • Attacking Smart Mobility: a real world case study
20 Nov | 09:30 – 16:30
Repeat
21 Nov | 09:30 – 16:30

OWASP – MITIGATING TOP 10 VULNERABILITIES

The workshop will cover the advanced techniques of identifying flaws and exploiting web applications. It will be based on a Capture the flag scenario, where attendees will be to experience how attackers think when finding out flaws and exploiting them in web applications. The workshop takes mainly the perspective of an attacker since this is the most effective way to understand how and what enabled an attack. Possible countermeasures will be discussed in order to mitigate the risks.

Who can attend

  • • Chief Information Officers
  • • Chief Innovation Officers
  • • Chief Data Officers
  • • Chief Compliance Officers
  • • VPs of Technology
  • • Developers
  • • Programmers
  • • Engineering Staff
  • • System Analystsli
  • • Software Testers
  • • Technical Support

Key points to be covered

The key points covered in the workshop will be

  • 1. OWASP top 10 Vulnerabilities
  • 2. Web application API exploitation
  • 3. Business Logic vulnerabilities
  • 4. Chaining vulnerabilities
  • 5. Hands-on experiences

Key Takeaways:

Participants will gain an in-depth understanding of the most prevalent security vulnerabilities found in web applications and be able to tackle them with effective countermeasures. Participants will also be able to exploit those security flaws by themselves through a series of hands-on exercises

20 Nov | 09:30 – 16:30
Repeat
21 Nov | 09:30 – 16:30

THE WEAKEST LINK IN THE CHAIN – CONNING THE USER

The biggest and most elaborately plotted cyber warfare and hacks were primarily built upon the simplest of conning techniques. The techniques that has the highest success ration and targets the weakest link of the security ecosystem – The Human. In this workshop, we will focus on how a mix of tech knowledge and understanding human behavior can help one crack toughest of the security protocols.

Topics:

• Introduction to conning. – The art of leveraging human emotions.

• Information Gathering. – A corporate network might be highly secure. But that might not be same for the home network of their security head. Social Media and Search engines are a terrific way to find out a key target (human) whom you can piggy back on, to gain access to a secure infrastructure. Here we will discuss some of the techniques a hacker could use to do so.

• Phishing – We will create an end to end, fully operational phishing website with visibly authentic SSL certificate. We will then see various techniques by which a user can be lured to hit that website. Some of the techniques that would be discussed here are DNS Poisoning, Punycode, Spear phishing, etc

• Remaining invisible – To perform a successful phishing attack, one is supposed to acquire a lot of resources such as Domain names, SSL Certificates, etc. where he or she might leave their digital footprints. Here we will try to identify certain tricks which are used by hackers to keep them completely invisible while setting up or performing a phishing attack.

• Countermeasures – The only way to survive social engineering is by training your people to be excessively vigilant. As Andrew Grove said, “Only the paranoid survives” in this section we will identify some traits and signs everyone should be always cautious about both offline and online.

Who Should Attend?

CTOs, CIOs, IT Managers, Security Policy Makers. Security enthusiasts.

How would you benefit.

Only once we know the various modi operandi of a social engineering attack, we can be vigilant enough to protect ourselves from it. This workshop will help you build a basic online hygiene level that will keep you safe from at least the know ways of SE attacks.

20 Nov | 09:30 – 16:30
Repeat
21 Nov | 09:30 – 16:30

BREAKING AND AUDITING WIFI AND BLUE TOOTH TECHNOLOGIES

Wireless communications are crucial in today’s business operations and in everyone’s lifestyle starting from enterprise wireless networks, connected automobiles to entertainment and smart-home systems. You’ll learn in this session about key advancements in Wi-Fi & Bluetooth technologies and the TTPs to break and audit them.

Key points covered:

  • • Quick Review of WiFi & Bluetooth Anatomy: Components and foundations of WiFi & Bluetooth Networking (Controllers, Bluetooth 4 & 5, Radio Frequencies, Adapters, APs, .etc)
  • • Latest Changes and Advancements
  • • Proliferation of Bluetooth Communications (Locks, IoT Systems, Cars, Lifestyle Gadgets) & Associated threats
  • • Wi-Fi Break-testing:
    • • Mapping the site (taking advantage of the so many antennas) & Identifying Rogue APs in the process.
    • • How can NAC stop you? (Captive Portals, 802.1x, etc)
    • • Packet Capture & Analysis
    • • Auditing WPAx
    • • Standing in the Middle
  • • Bluetooth Break-testing:
    • • Getting to know your neighbors & peers.
    • • Learning the details and discovering vulnerabilities
    • • Staging and executing an exploit

Key takeaways:

    • • Have essential know-how about the security of today’s Wi-Fi networks and Bluetooth communications.
    • • Know how much information your organization or personal device is wirelessly leaking and what you can do about it.
    • • Get to know practical offensive/audit procedures to audit bluetooth and Wi-Fi
    • • Understand key defense mechanisms you need to adopt in the organization and at home.

Who should attend:

  • • Cyber Security Analysts
  • • Wireless Communications Engineers
  • • Network Administrators
  • • Security Researchers
  • • SOC Engineers in Charge of Perimeter Security
Endorsement, Support & Speaking Opportunity

Biju Saith,
Project Director
+971 4 554 1434
biju@cyph3rsec.com

Sponsorship Enquiry

Adnan Turabi,
Commercial Manager
+971 56 342 69 50 / +971 4 554 1434
adnan@cyph3rsec.com

Media Partnership & PR

Hassan Salah El-Din,
Project Manager
+971 50 961 5361 / +971 4 554 1434
hassan@cyph3rsec.com

Organised By

ejtemaat_logos