Participation in conferences and webinars as a speaker:
CyberGOV
An event dedicated to raising the level of cybersecurity in public sector institutions
Is the public sector fighting a fair fight?
The problems and challenges faced by the public sector in the field of cybersecurity were discussed. The speaker compares the potential of state institutions with well-organized cybercriminal groups, highlighting limitations in staffing, budget, and the lack of tools and procedures. The presentation includes real examples of attacks, such as the use of unusual protocols, the masking of popular RDP attacks, and abuses resulting from incorrect DNS configuration, emphasizing the importance of deep packet inspection and security reconfiguration. The presentation also draws attention to the key role of the chain of custody in the proper handling of digital evidence. Issues related to false alarms, the practical limitations of AI/ML/SOAR tools, and other factors affecting the operational effectiveness of teams responsible for fighting cybercrime are also discussed.
EC-Council University’s CyberTalk
How Web Protocol Weaknesses Enable Layer 7 DoS Attacks
This presentation delves into the inherent vulnerabilities within the design of web protocols which indirectly expose web pages to Layer 7 Denial-of-Service (DoS) attacks – regardless of the use of modern transport encryption mechanisms (e.g., WTLS, DTLS, TLS 1.2/1.3, or (G)QUIC). We’ll meticulously dissect the specific weaknesses of the Internet Cache Protocol (ICP) and explore how it can be weaponized to circumvent security measures. Our analysis will further delve into the vulnerabilities residing within the handshake processes of DTLS, (G)QUIC, TLS 1.2/1.3, and WTLS. This session will provide valuable insights for security professionals and web developers, highlighting the importance of layered security strategies beyond encryption protocols to defend against DoS attacks.
EC-Council University’s CyberTalk
Deep Packet Inspection Analysis: Examining One Packet Killers
Security Operations Center (SOC) teams monitor network traffic using SIEM and IPS solutions, along with other security tools. However, these tools can sometimes fall short in their capability, particularly when faced with complex attacks that exploit legitimate network protocols, such as a single, crafted packet. To combat these threats, SOC teams must adopt advanced techniques such as Deep Packet Inspection (DPI). The webinar explores DPI analysis techniques to detect and mitigate "One Packet Killers", using real-world examples from DHCP, H.225.0, Modbus over TCP, WTP, and BAT_GW protocols. Furthermore, it examines the intricacies of each protocol and highlights how specific message manipulations within these protocols can activate Denial-of-Service (DoS) attacks or disrupt communication flows. By mastering DPI techniques and addressing these protocol security weaknesses, SOC teams can enhance their ability to maintain a robust network security posture.
ISSA Academy
Computer Forensics and Ethical Hacking Association
Deep packet inspection analyses: A multi-faceted view from the SOC perspective
There is an unquestionable need to perform regular deep packet inspection analysis for a variety of reasons. Providing standard SOC-type services that use tools, such as SIEM, SOAR, IPS, WAF, EDR and others leads to a partial waste of human resources due to the constant dealing with the so-called "false positives" – DPI analysis, among others, will eliminate this problem. Performing such analysis will also help when performing activities typical of SOC teams i.e. malware analysis, phishing messages and digital forensics, or addressing alerts from SIEM, IPS, WAF, EDR or XDR systems. In addition, network edge profiling is recommended to determine what malicious traffic is present at the network edge in a given infrastructure in order to identify and mitigate it – whether or not it is traffic related to 0-day threats.
The Hack Summit
Biggest conference on cybersecurity in Poland
Deep packet inspection analyses: why the typical approach is not enough
There is an unquestionable need to perform regular deep packet inspection analyses, i.e. network edge profiling. Providing standard SOC-type services that use tools, such as SIEM, SOAR, IPS, WAF, EDR and others leads to a partial waste of human resources due to the constant dealing with the so-called "false positives". The cybersecurity industry is currently characterized by superficiality, insufficient competence and low cyber awareness. Cybercriminals are in possession of hundreds of mechanisms that they regularly take advantage of to break through firewalls. In this lecture, I will present an advanced view of the realities that teams such as SOC are unable to deal with, and explain why this is the case. I will use extensive knowledge of a variety of threats, based on analysis of 252 different network protocols from the areas of IT, OT and IoT.
