CRESTCon Asia is a unique event that brings together leading technical and business information
security
professionals to share about recent cybersecurity research and methodologies in areas such as
penetration testing and incident response.
Click here to view the photos of CRESTCon Asia
2019.
Click here to view the videos of CRESTCon Asia
2019.
See you in 2020!
AGENDA |
---|
Opening SpeechVice-President, AiSP |
Welcome SpeechDirector, CREST International |
Smashing SMS Phishing CampaignsF-Secure |
eBPF - Android Reverse Engineering SuperpowersCenturion Information Security |
Tea Break & Showcase |
Delegate or Escalate? The Dangers of Kerberos DelegationMOH Holdings Pte Ltd |
Hunting Quality: Applying CI principles to offensive and defensive workflowsF-Secure |
Sponsored Networking Lunch & Talk by Booz Allen Hamilton |
Thinking Like a HunterBooz Allen Hamilton |
Red Teaming – Seizing the Initiative BackNettitude |
Who turned off the lights! The State of OT Security ImplementationsKPMG India |
Network Evasion – Now you see me, now you don’tFireEye |
Tea Break & Showcase |
EmpireMonkey: Evolution of a cybercriminal group targeting European financial institutionsDeloitte |
There are only 1 slot left for sponsorship. If you are interested in sponsoring CRESTCon Asia 2019,
please contact Vincent at Vincent.Toh at AiSP.sg or call
6247
9552 for a non-obligatory
discussion.
Why Sponsor?
Vice-President, Association of Information Security Professionals (AiSP)
Director, Crest International
F-Secure
This talk will explore scenarios and situations where SMS Phishing (SMiShing), a communication
method that is largely unmonitored and trusted, can be successfully utilised by adversaries at
multiple stages of the kill chain.
In addition, TapIt will be demonstrated - an internally developed SMiShing framework used to manage
phishing campaigns in achieving these nefarious goals. The framework assists in the customization,
automation and monitoring of large-scale campaigns.
Samuel is a Security Consultant at MWR InfoSecurity. Samuel’s ability to understand and decompose
technical hurdles, and then rapidly prototype solutions, has made him invaluable to the fast-paced
of world of adversarial simulations.
Centurion Information Security
Well protected mobile applications employ anti-debugging measures that make traditional dynamic
analysis techniques difficult to use or infeasible. In this talk, we take a look at eBPF, a “new”
Linux tracing framework, and how reverse engineers can use eBPF to analyze and bypass common
anti-debugging techniques
MOH Holdings Pte Ltd
Kerberos delegation enables services to impersonate users to access resources throughout the
network, and has been a feature since the era of Windows 2000. This presentation will review the
confusing and often misunderstood mechanisms of Kerberos authentication with its various types of
delegation, while simultaneously illustrating possible misconfigurations which could result in
privilege escalation opportunities. The risks associated with various types of Kerberos delegation
will also be detailed, complete with mitigating and detective controls.
F-Secure
Anyone who has operated at scale is aware of the difficulties of transforming a research tool into a
reliable production-ready utility they can deploy on their estate, especially given the time
pressures our industry frequently finds itself under. In this talk, I will explore how Countercept
address this task, showing how we can quickly validate an otherwise difficult-to-validate detection
technique before deploying it. I will also go into detail on how we QA a wide variety of tooling –
ranging from IR-style forensic tools, persistence techniques used by redteamers, to detection
methods used by our Detection and Response team.
Nettitude
The last few years have seen the pendulum swing back slightly toward the Blue Team, as organisations
are now employing technologies, previously out of reach because of price and complexity. Whilst
technology needs combining with well worked processes and skilled people, this talk will showcase
how some of the leading technologies in the industry can be rendered less effective.
It will detail the improvements the Blue Team have benefited from, before demonstrating how higher
tier attackers and professional Red Teams have adapted their TTPs to render them almost irrelevant
in today’s high value target organisations.
KPMG India
Bio
Harsha Bhat is a security expert with a keen interest in destruction and chaos through offensive security. Harsha has been involved in OT security testing, remediation and implementation and runs the OT security lab in Bangalore. Harsha has been involved in projects across the spectrum from oil and natural gas clients to investment banks (conducting application security testing), banks (ATM Security) and red team assessments in India and abroad. He also loves playing around with frequency radios and vishing people using his own infrastructure. In his free time Harsha loves playing PS4 and riding bikes.
KPMG India
Bio
Anish Mitra is an ardent security researcher by heart and security tester by profession at KPMG India. Anish has been involved in OT security testing from his college days, when he first encountered SCADA systems as a part of his college curriculum. Since then Anish has been playing around with PLCs, RTUs, SCADA and DCS systems. In the recent times, Anish has conducted security tests on ATM machines, red team assessments on banks and security assessments on ships. In his free time Anish loves reading Indian mythology-based fiction and watching football (even playing).
Booz Allen Hamilton
Synopsis
Threat hunting continues to be a growing focus in the cyber security industry. “Top tier threat hunters” are in high demand, but there is no real consensus over what threat hunting even is, much less the skills and techniques that make someone an effective threat hunter. People speak of threat hunting as more of an art than a science, which makes finding a starting point even harder. This talk will provide an approachable, process-oriented view of hunting, and lay out how skills in other areas such as penetration testing and incident response can be leveraged in different ways to start your journey to becoming an effective threat hunter.
Booz Allen Hamilton
Bio
Nathan Hartzell is a Senior Lead Technologist for Booz Allen Singapore with over 15 years of
experience in intelligence, analysis, and cyber operations. He is a lead developer of Booz Allen’s
Advanced Threat Hunting (ATH) platform and leads Booz Allen’s ATH capability in Singapore.
Prior to working for Booz Allen, Nathan worked in intelligence analysis and cyber operations for the
U.S. Army and Department of Defense. During this time, Nathan served as an operator, trainer,
analyst, capability lead, and developer for a variety of intelligence and cyber-specific programs.
FireEye
Domain fronting gave red-teams the best tool they needed to conduct operations and maintain stealth.
But with cloud providers removing this access and SSL fingerprinting becoming more prevalent the
landscape has changed. This coupled with modern IPS/IDS utilizing network pattern signatures through
metadata and machine learning without the need for decryption are starting to have an
impact.
We look at novel techniques beyond domain fronting to hide traffic in plain sight and evade network
detection from a red-team perspective. The focus on methods to hide and redirect traffic, packet
encapsulation and how these techniques can be integrated into existing frameworks.
F-Secure
There has never been a better time to steal money, and at scale! How? Through ATMs of course! The
technological security of ATMs is still in the 90s and it is surprising there isn't cash just
raining in the streets.
From Jackpotting to ATM skimming, this talk will start with a quick exploration of the various
threats to ATMs and as the key control for ATM environments is still security through obscurity,
this talk will then attempt to give the audience a peek into a typical ATM environment, thus
demystifying and shedding light on what is otherwise, a black box.
We’ll walkthrough an overview by mapping out the various systems that make up an ATM environment and
then investigate what an ATM is made up of by breaking down its various components.
We’ll then see how ATM security has not kept up with security controls in the enterprise or even on
personal computers by covering the various failures and vulnerabilities that have been identified in
production ATM systems due to a lack of, or in some cases, non-existent, controls.
Deloitte
The EmpireMonkey campaign employed malicious Microsoft Word documents in spearphishing emails and
the PowerShell Empire toolset to target the financial services sector in Europe between October 2018
and March 2019. Evidence uncovered suggest that this cyber criminal campaign is behind the
compromise of a Maltese bank that resulted in the reported theft of €15 million.
This talk will run through the malware analysis of the malicious documents employed in the campaign,
showing the evolution of threat actors over several months, the increasing sophistication of their
anti-sandboxing techniques and command and control infrastructure.