BSides Ukraine

Speakers

Encryption without magic, risk management without pain

Anastasiia Vixentael

Product Engineer at Cossack Labs

ANASTASIIA VIXENTAEL

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN

In-depth technical inquiry about cryptography in a wider context: how it helps to narrow larger risks to controlled attack surfaces, enables managing the risk efficiently and elegantly, how tools and algorithms sit in a larger context of managing infrastructure-wide risks associated with handling sensitive data.
Apart from discussing general technical approaches, we will focus on what do we need to do after we’ve implemented some kind of encryption in our system: monitoring, intrusion detection, key management, key and code trust.

Anastasia is Product Engineer at Cossack Labs
- 6 years experience in developing mobile apps;
- 3 years experience in making them more secure :)
- maintaining open-source security library Themis, that allows developers to easily integrate encryption into their apps and infrastructures;
- conducting workshops and consulting teams about data protection design;
- found a formulae mistake in the first edition of Serious Cryptography :D
- never tried coding on F#.

Guarding the Internet from Botnets

Helen Tabunshchyk

Systems engineer at Cloudflare

HELEN TABUNSHCHYK

GUARDING THE INTERNET FROM BOTNETS

1/3 of all downtime incidents are attributed to DDoS attacks, $150 is enough to make a small organisation unavailable for a week, right now your smart fridge might be flooding the network leading to your favourite website. Yesterday, today and tomorrow! In all data centres of the world! Modern networks introduce new opportunities to deliver more content in a point in time, but also bring new security flaws and performance issues. This talk will cover the theory behind performing a DDoS attack and L3/L7 mitigation.

Helen is a systems engineer at Cloudflare, London, helping to speed up and protect more than 7 millions of websites, APIs, SaaS services, and other properties connected to the Internet against denial-of-service attacks, customer data compromise, and abusive bots. She is fascinated by secure high performance programming, and actively shares her passion about IT through mentoring and public speaking.

The phantom menace of route leaks

Alex Semenyaka

external relations officer, RIPE NCC

ALEX SEMENYAKA

THE PHANTOM MENACE OF ROUTE LEAKS

Route leaks are usually out of scope of the cybersecurity specialists. Why are they important? what could be done today and what to expect tomorrow?

Oleksiy is an External Relations Officer for the RIPE NCC (Eastern Europe and Central Asia) and is based in Moscow.
As part of the External Relations team, he helps lead the RIPE NCC's engagement with membership, the RIPE community, technical bodies, academia, law enforcement and other Internet stakeholders. As Technical Advisor, Alex also follows Internet industry and government developments related to ICT, particularly in the former Soviet countries, monitors and attends industry conferences and meetings, representing the RIPE NCC there, and works with internal stakeholders to enhance the RIPE NCC's training activities.
He is currently the Vice Chair of ENOG Programming Committee and a member of RIPE Programming Committee.
Prior to his role at the RIPE NCC, Alex worked in engineering and management positions in the telecom industry, content and service providers, enterprises.
Alex has spoken and presented at many local and international events as an expert in the design and security of data networks and data centres.
Alex studied Chemistry at the Moscow State University, graduating in 1994 with honours.

Revisiting Supply Chain Attack Abusing 3rd party in real world

Stanislav Breslavskyi

Security Engineer at UnderDefense

STANISLAV BRESLAVSKYI

REVISITING SUPPLY CHAIN ATTACK. ABUSINT THIRD PARTY IN THE REAL WORD

Examples of real cases of Supply Chain Attack from last Penetration Testing engagements.

Stanislav is Security Engineer at UnderDefense. Mobile, web, IoT apps penetration testing. Social engineering services. Security awareness training services.

"Who needs my mail?" The first steps to personal cybersecurity

Kostiantyn Korsun

CHAIRMAN OF THE NGO UISG

KOSTIANTYN KORSUN

"WHO NEEDS MY MAIL?" THE FIRST STEPS TO PERSONAL CYBERSECURITY

There is no unnecessary information, the intruders are interested in any information, including private data of ordinary users.
It's easy to improve your own cyber safety in dozens of times, but it's important to do it in correct way.
The speech is addressed to those cyber security enthusiasts who really want to protect themselves, but do not know where to start and which proven tools (often free) apply.

As former deputy head of Cybercrime Division at Security Service of Ukraine, Kostyantyn was one of the founders and the first head of CERT-UA. After resigning from the service, Kostiantyn acted as Regional Director for Ukrainian Research Office of iSIGHT Partners, international cyber threat intelligence company.
Currently, Kos combines numerous roles in Ukrainian cyber security community, including his Chairmanship for NGO Ukrainian Information Security Group and strategic leadership for cybersec company Berezha Security.

JS - securing the hipster stack

Alex Reshetnyk

Web App Security Engineer at SoftSeq

ALEX RESHETNYK

JS - SECURING THE HIPSTER STACK

Figuring out if the common security problems remain relevant for new technologies

Alex is Web Application Security Engineer at SoftSeq. He started his career as a programmer - first as a C ++ Developer at Luxoft, then as a Backend Engineer at Do It Programming Solutions.
At first, when he was a programmer, security was more like a hobby for him. He looked for vulnerabilities and shortcomings in his projects and tried to point out to colleagues unsafe places in their projects.

Car hacking: today and tomorrow

Alexander Olenyev

embedded developer at Thea Auto

ALEXANDER OLENYEV

CAR HACKING: TODAY AND TOMORROW

Overview of modern car electronics systems. CAN bus operation theory. Security vulnerabilities and various attack vectors. Basic principles behind CAN bus reverse engineering and use of hacking tools. Connected cars attack surface. The outlook for the near future

Alexander Olenyev, embedded developer at Thea Auto, a connected cars company, developing systems and software for car telemetry. Additionally teaching firmware development at TechMaker (https://techmaker.ua) - an embedded programming course featuring STM32 ARM-based development boards.

How to stop the harvester: massive data loss in UA companies

Yehor Papyshev

CYBERSECURITY LEAD AT DATAS

YEHOR PAPYSHEV

HOW TO STOP THE HARVESTER: MASSIVE DATA LOSS IN UA COMPANIES

Data breaches in big Ukrainian companies, why was it so easy and how to handle it? Millions spent on IT security just f*cked up by an anonymous legion of... script kiddies.

CYBERSECURITY LEAD AT DATAS
Primarily, my activities are aimed at analyzing and predicting cyber threats, searching for vulnerabilities in information systems and conducting exploratory analysis of large volumes of data. Now I'm investigating the risks of compromising personal user data in known services like online stores, different state organizations, etc. Hacking for fun is my main principle. Just do the same.

Understanding critical infrastructure in real world

Taras Nizhnik

Ph.D. in water treatment technology

TARAS NIZHNIK

UNDERSTANDING CRITICAL INFRASTRUCTURE IN REAL WORLD

Very little about IT. Mostly about technology and engineering.

From the students days he worked part-time in IT (system administration, deployment, networks, IT security).
Now he is a lectuer at Igor Sikorsky Kyiv Polytechnic Institute. Courses are leaded at the chemical-technological and engineering-chemical faculties.
In parallel, work in a private company in chemical technology and engineering, R&D, practical implementation at enterprises.
Co-host at "Securit13 Podcast".
Interests: The history of computer technology, technical aspects of security (not just computer).
A convinced IT-skeptic.

Delivering security products without shooting in a foot

Dmytro Shapovalov

Infrastructure engineer
at Cossack Labs

DMYTRO SHAPOVALOV

DELIVERING SECURITY PRODUCTS WITHOUT SHOOTING IN A FOOT

We will talk about improving the infrastructure for developing, testing and delivering security tools. Our experience of smoothing the difference between security idealism and engineering friendliness.

Dmytro Shapovalov began his career in 1996, as a software developer. Spent over 13 years working as the Senior Network Administrator in a large Ukrainian Internet service provider. For a long period of time he architected and supported high availability projects, commercial virtualization platforms.
Currently, he is an Infrastructure engineer at Cossack Labs, British-Ukrainian company that creates cryptographic tools for software developers. He turns the inventions of security engineers’ into convenient useable products.

50 Shades of Ransomware

Alexander Adamov

CEO at NioGuard Security Lab

ALEXANDER ADAMOV

50 SHADES OF RANSOMWARE

Overview of the recent ransomware attacks that have taken advantage of the Ransomware-as-a-Service model. The latest ransomware self-protection techniques and challenges of ransomware analysis to be discussed.

Alexander is the founder and CEO of NioGuard Security Lab with 10+ years experience in malware analysis. As a teacher, he gives the Advanced Malware Analysis course in Ukrainian and EU universities. Alexander has worked for Kaspersky Lab, Lavasoft, Samsung, and Mirantis and spoken at various security conferences such as Virus Bulletin, Virus Analysts Summit, OpenStack Summit, OWASP, HackIT, and BSides.

Web appsec 101

Andrii Kudiurov

Security Team Lead at SoftSeq

ANDRII KUDIUROV

WEB APPSEC 101

The topic is about typical web application security flaws. We'll talk through different classes of vulnerabilities, their cause, potential impact, mitigation and prevention. This is a beginner's guide, which will be relevant for programmers without strong security background.

Security Team Lead/Project manager at SoftSeq

09:00 - 10:00 REGISTRATION, MORNING COFFEE
10:00 - 10:30 WELCOMES
BEGINNER		ADVANCED
Andrii Kudiurov Web appsec 101	10:30 – 11:20	Dmytro Shapovalov Delivering security products without shooting in a foot.
Alex Reshetnyk JS - securing the hipster stack	11:20 – 12:10	Roman Radare2. Is it able to destroy the market's monopoly?
Stanislav Breslavskyi Revisiting Supply Chain Attack. Abusing third party in the real world.	12:10 – 13:00	Anastasiia Vixentael Encryption without magic, risk management without pain
13:00 - 14:00 BREAK
Yehor Papyshev How to stop the harvester: massive data loss in UA companies	14:00 – 14:50	Helen Tabunshchyk Guarding the Internet from Botnets
Kostiantyn Korsun "Who needs my mail?" The 1st steps to personal cybersecurity	14:50 – 15:40	Alexander Adamov 50 Shades of Ransomware
15:40 - 16:00 BREAK
Oleksiy Semenyaka The phantom menace of route leaks	16:00 – 16:50	Alexander Olenyev Car hacking: today and tomorrow
Taras Nyzhnyk Understanding critical infrastructure. In real world.	16:50 – 17:40	Sergei Smitienko Evil inside: what do you want to know about Meltdown?
17:40 - 18:00 CONCLUSION

About BSIDES

What is Our Goal?

2018April 21

KyivUkraine

350Tickets

FamousSpeakers

Event Schedule

09:00 - 10:00 REGISTRATION, MORNING COFFEE

10:00 - 10:30 WELCOMES

BEGINNER

ADVANCED

10:30 – 11:20

11:20 – 12:10

12:10 – 13:00

13:00 - 14:00 BREAK

14:00 – 14:50

14:50 – 15:40

15:40 - 16:00 BREAK

16:00 – 16:50

16:50 – 17:40

SERGEI SMITIENKO

EVIL INSIDE: WHAT DO YOU WNT TO KNOW ABOUT MELTDOWN?

17:40 - 18:00 CONCLUSION