ABU DHABI 4 APRIL 2019

SANS Cyber Security Middle East Summit

#CyberSecurityME

Wednesday 3rd April 2019

18:00 – 20:00 Pre-Summit Meet and Greet

This optional session offers the opportunity to meet and network with your fellow attendees the night before the Summit kicks off. We highly recommend you attend if possible.

Thursday 4th April 2019

08:00 – 09:00 Registration and Coffee

This is another great opportunity to meet, greet and interact with your peers so come down early.

09:00 - 09:20 Welcome and Introduction by Summit Chair

Bojan Zdrnja, CTO, INFIGO IS

09:20 - 09:55 Car Hacking | Exploring Security Risks of Autonomous Vehicles As autonomous systems become more ubiquitous and sophisticated, there could be even more potential security risks. This talk will discuss what goes on behind the scenes when one drives the car and numerous entry points where a hack can occur. It will also be beneficial to those who want to find the ways and means to protect the vehicle’s network, wireless connections, on-board computers and/or other electronics from cyber-attack. Aatif Khan, Cyber Security Researcher

09:55 - 10:30 Attacking & Defending AWS S3 Bucket

In the recent years, we have seen various well-known organizations encountered S3 bucket data leak exposing millions of customer records and confidential corporate information. Hackers enumerate and try to find out publicly accessible s3 buckets because it’s like public share with juicy information. In most of the cases, it was seen that excessive permissions and misconfiguration were the main reasons for data exposure. In the run to get the most benefit of cloud, security considerations are avoided or ignored leaving S3 bucket exposed. In this talk the audience will learn to enumerate public buckets and gain access to them through open sources tools. Further, they will also learn how use security settings, various AWS tools to secure and restrict S3 bucket to avoid information disclosure. Sapna Singh, Senior Consultant, Deloitte & Touche (M.E.)

Agenda We strive to present the most relevant, timely and valuable content. As a result, this

Agenda is subject to change. Please check back frequently for changes and updates.

10:30 - 11:00 Networking Break: Drinks and snacks will be served

11:00 - 11:35 The Case for Building Your Own SOC Automations

Security Orchestration, Automation and Response platforms are promising easy automation of Security Operations Centre tasks, but can it be as easy as the product vendors say it is? Is there still a case to be made to learn how to automate SOC processes for yourself? Is all hope lost for those that do not have the latest SOAR products? What can be done when you ask your product vendor if they have compatibility with an existing network device and they respond with “We have an API”? Attendees will be given examples of how to automate security operations and intelligence gathering that they can use to mature their security operations. Nathanael Kenyon, Business Systems Analyst II, Saudi Aramco

11:35 - 12:10 Emerging threats by SANS Internet Storm Centre

In the last couple of years, we have witnessed some sophisticated and also simplistic attacks that have severely impacted businesses around the world resulting in of in damages costing them millions. SANS Internet Storm Centre has been following and analysing various attacks for over 2 decades. In this presentation, Bojan will introduce the SANS Internet Storm Centre and will talk about several new emerging threats that are slowly becoming prevalent. We will also discuss some incidents that Bojan and other SANS ISC handlers have worked on in last year. Bojan Zdrnja, CTO, INFIGO IS

12:10 - 13:10 Networking Luncheon Lunch is served onsite to maximize interaction and networking among attendees.

13:10 – 13:45 Mobile Radio Access Network Exploitation As a ninja pen tester and professional, you must know the critical infrastructures and related attack techniques. In this presentation, I will demonstrate mobile radio access network concepts and talk about weaknesses, vulnerabilities, risks and practical hacking scenarios. Ali Abdollahi, Cyber Security Division Manager, FWUTech

13:45 – 14:20 A Knack for NAC: Locking Down Network Access Across a Global Enterprise

The proposed talk is to share our experience deploying and enforcing Network Access Control, including: organizational and security goals, policy and implementation decisions, high-level architecture and design, including scalability, performance, and high-availability considerations, challenges, failures, successes, and lessons-learned, and integration with other related security functionality such as logging, guest network access, and network segmentation. Maged Elmenshawy, Global Network Services Manager, Schlumberger

14:20 – 14:55 Exploiting relationship between Active Directory Objects

Gone are the days when Penetration testing was just running a vulnerability scanner and exploiting the system to gain remote code execution. Organizations are making sure patches are applied consistently across their IT Infrastructure making the life harder for attackers. Penetration testers have to adopt new techniques to gain foothold inside the organization and Active Directory Domain plays a major role in it. This talk explores how as an attacker you could exploit misconfigured permissions between different Active Directory objects to main persistence and escalate privilege across the Domain environment. For the Defenders this talk will highlight critical mistakes that your Domain Admins make. Juned Ahmed Ansari, Senior Security Consultant, DarkMatter

14:55 - 15:25 Networking Break: Drinks and snacks will be served

15:25 - 16:00 Raising the Bar for the Attacker

You're responsible for network security, and network security is heavily dependent on network architecture. Unfortunately, you probably don't control network architecture or might have inherited a somewhat non-defensible network. If that sounds familiar, then you should attend this talk! We'll briefly discuss strategies for working collaboratively with your network architect colleagues and then dive headfirst into wildcard masks, router ACLs, and PVLAN design and configuration - techniques that can stop cold an attacker's lateral movement. Greg Scheidel, Chief Cybersecurity Officer, Iron Vine Security

16:00 - 16:35 Actionable CTI Not a Pipedream

Structured threat intelligence is great – but few practitioners are at a stage to make it truly actionable. When achieved, it is often in an academic ‘vacuum’ under specific conditions and for stand-alone use cases. We can do so much more with just the tools we have. Modern approaches to this problem set resemble the creation of a cyber threat landscape ‘knowledge base’ and accompanying analytics to answer ‘canned queries’, but building those capabilities to be truly scalable requires a foundation that includes a robust (yet flexible) data model with the ability to interact with non-cyber related data such as risk management and HR.

In this talk we will explore the scalability challenges of threat intelligence analysis for cyber security and how to best use structured languages such as STIX to achieve this in a standardised, repeatable way. Such a design can be used to make your cyber threat intelligence automated, scalable and truly ‘actionable’ – commoditizing the most basic functions of analysis, emphasizing the skillsets of a truly gifted analyst skillset and producing output that is understandable to audiences ranging from machine and C-Suite.

Javier Velazquez, Cyber Threat Intelligence Analyst, EclecticIQ

16:35 - 17:10 Closing Remarks by Summit Chair

Bojan Zdrnja, CTO, INFIGO IS

Social events and informal networking activities are hosted after the Summit.

Bios

Aatif Khan Cyber Security Researcher

Aatif Khan has over a decade of experience in information security and has spent most of his time in assessing security risks at secure environments. He has worked extensively on penetration testing, malware analysis, security audits, developing cyber defence strategies, building cybersecurity roadmaps and exploit research. He has also delivered infosec trainings to corporate, defence personnel and cyber-crime police officials. He has authored and published various white papers covering different areas of information security. He has spoken/trained at numerous information security conferences across Europe and Asia. He has been interviewed by the Associated Press, Voice of America, Hakin9 and numerous other media channels for his expertise on the emerging cybersecurity threats.

Ali Abdollahi Cyber Security Division Manager

Ali Abdollahi a Network and Information security consultant with over 7 years of experience working in a variety of security fields. Currently the cyber security division manager at FWUTech, Board of review at Hackin9, Pentest & eForensic magazine and also a instructor at eForensic magazine and Hackin9. Ali is a self-confessed bug hunter and publisher of many vulnerabilities and CVEs.

Bojan Zdrnja CTO

Bojan graduated in 1998 at the University of Zagreb, Croatia. In 2005 he became one of the handlers of SANS Internet Storm Center (ISC), a voluntary organization with a goal to detect security problems, analyse risks and distribute technical information. He is teaching the SANS SEC542 course, and currently leads the penetration testing team in INFIGO IS.

Greg Scheidel Chief Cybersecurity Officer

Greg Scheidel has over 25 years of hands-on experience in IT including desktop and server support, network design and implementation, application development and programming, IT service management, IT security, and information assurance. He currently leads a security program providing a full range of IT security services including SOC, incident management, risk management, penetration testing, forensic and malware analysis, cyber threat intelligence, security engineering, audit and policy SMEs. Greg firmly believes IT and security must serve business needs rather than exist for their own sake, and is passionate about teaching others while expanding and honing his own skills.

Juned Ahmed Ansari Senior Security Consultant

Juned is working in DarkMatter as Senior Security Consultant. He holds a post graduate degree in Business Administration and a Bachelors in Computer Science. GXPN, GREM and GCFA are some of the technical certifications he has acquired over his prof. career. He is a Microsoft alumnus. Primary area of expertise is Red Team exercises and has authored two books on Penetration Testing.

Maged Elmenshawy Global Network Services Manager

Maged Elmenshawy is Global Network Services Manager for Schlumberger, where he has worked for 25 years. He is responsible for a global network of 1,000 sites, data centres, field, & cloud connectivity, & UC. He has held positions in Network Engineering, Information Security, and IT Operations Management. He has a B.S. in Eng from MIT and a Master’s in Eng & Eng Management from Stanford University.

Javier Velazquez Cyber Threat Intelligence Analyst

Javier is a CTI professional witha strong interest in structured intelligence. He structures and analyzes intelligence in a daily basis and is working in a very interesting initiative to make actionable CTI.

Javier holds a Bachelor’s Degree in Telecommunications and a Master’s degree in Cybersecurity from the University Carlos III of Madrid in Spain.

Nathanael Kenyon Business Systems Analyst II

Nathanael Kenyon works as a SOC Team Lead at King Abdulaziz Center for World Culture in Dhahran Saudi Arabia. His previous experience includes information security positions in the private sector and the defence industry.

Sapna Singh Senior Consultant for Deloitte & Touche (M.E.)

Sapna is Cyber Security Professional with 8+ years of experience in Incident handling, investigations, Cloud Security, Web, Infrastructure Security and mobile application security. She is passionate about learning various aspects of cyber security. She is member of Women in Cyber Security Middle East Community working to empower and mentor women in Cyber Security.