Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Summary of Swiss Cyber Storm 2016

Nick Galbreath
October 25, 2016
Technology
0
310

Summary of Swiss Cyber Storm 2016

I went to Lucerne for Swiss Cyber Storm. Here are my notes.

Nick Galbreath

October 25, 2016
Tweet

More Decks by Nick Galbreath

See All by Nick Galbreath
signalsciences2014.pdf
ngalbreath
0
22
Positive Outcomes from Zero Days
ngalbreath
0
320
Resilient Software Engineering
ngalbreath
0
450
Web App Security in an Agile World
ngalbreath
0
120
Rugged Software Engineering 2015-10-22
ngalbreath
1
51
BYOD DevOpsDays 2015
ngalbreath
0
380
Secure Application Development with Golang
ngalbreath
1
630
Bringing Your Own Dependencies
ngalbreath
0
150
Continuous Deployment 2007
ngalbreath
1
150

Other Decks in Technology

See All in Technology
Building Dashboards as a Hobby
egmc
0
220
生成AIの変革の時代に、 直近1年で直面した課題とその解決策
ktc_wada
0
290
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1k
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
1
270
データベース02: データベースの概念
trycycle
0
160
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.8k
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
Cracking the KubeCon CfP
inductor
2
250
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
1
240
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
300
ChatGPT for IT Service Management (IT Pro)
dahatake
7
1.6k
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
160

Featured

See All Featured
From Idea to $5000 a Month in 5 Months
shpigford
377
45k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
Optimizing for Happiness
mojombo
370
69k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
Web Components: a chance to create the future
zenorocha
305
41k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
How to name files
jennybc
65
93k
Debugging Ruby Performance
tmm1
70
11k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
648
58k

Transcript

  1. A wildly incomplete summary of Swiss Cyber Storm Lucerne Switzerland

    2016 Nick Galbreath @ngalbreath

  2. The Breadmakers Union, with a Golden Pretzel

  3. facts • https://www.swisscyberstorm.com • Slides and video will be posted

    • This is a wildly incomplete summary. • I missed an entire track • I’m biased since I was a speaker • Lucerne is lovely. • See you next year

  4. Lessons from Billions of Breached Records

  5. Who is doing all these data dumps? • Bored “kids”

    (under 25, often under 18) • Lots of examples of simple SQLMap attacks

  6. Time to login depending if you have an account or

    not. Who cares if the DB got dumped!

  7. Exploiting Software without Bugs

  8. Rowhammer Attacks • With high-velocity read/access to memory locations, may

    be able to flip a single bit of DRAM memory • OS-level memory reduplication crosses process boundaries • Lots of clever hackery to leverage this to complete machine takeover

  9. “Is Physics Part of your Threat Model” • “And if

    not, it should be!” was actually said. • Sure if you are an OS vendor • Absolutely not for everyone else. • But illustrated the growing divide of ◦ Advanced attacks ◦ Incompetent defense but the attack is really interesting and otherwise a great talk
  10. None
  11. None
  12. None

  13. And here’s 10,000 mongo databases online • Exposed databases are

    mostly on public clouds, not colos • “Is Devops is sloppy?” • General sense we are failing at easy stuff • and if you thought web stuff was bad just wait till you ICS So many interesting insights based on facts. I could post every slide here. They were all good. Definitely check him out when he speaks next
  14. None

  15. Owww, my eyes!

  16. None
  17. None

  18. I might be biased • Attempting to get engineering interested

    in security • Or is it security interested in engineering? • Equating safety with security • https://speakerdeck.com/ngalbreath/resilient-software-engineering
  19. None

  20. Details https://twitter.com/mazen160 is from Sudan! Pays for school with bug

    bounties Slide: http://blog.mazinahmed.net/2016/10/bug-bounty-hunting-swiss-cyber-storm.html Wow, just found out he also wrote: http://blog.mazinahmed.net/2015/09/evading-all-web-application-firewalls.html Which is also a great read!
  21. None
  22. None
  23. None
  24. None

  25. “This is more databases than in my entire country!”

  26. None
  27. None
  28. None
  29. None
  30. None
  31. None
  32. None
  33. None

  34. DarkNet Investigations

  35. None
  36. None
  37. None
  38. None
  39. None
  40. None
  41. None

  42. Cyber Threats: What Vendors are Not Telling You

  43. None
  44. None
  45. None

  46. My apologies to everyone and everything I missed Nick Galbreath

    @ngalbreath