| 08:30 |
Registration, Morning coffee |
| 09:00-09:30 |
Conference opening |
| 09:30-10:20 |
 |
Kostiantyn Korsun, Berezha Security, CEO & Co-founder
"Fear and Loathing of Cybersecurity Reform"
As former deputy head of Cybercrime Department at Security Service of Ukraine (colonel ret.), Kostiantyn was one of the founders and the first head of CERT-UA. After resigning from the service, Kostiantyn acted as Regional Director for Ukraine Research Office of iSIGHT Partners, international cyber threat intelligence company (now is a part of FireEye). Then he cooperated with Symantec Corp. as an official vendor of Threat Intelligence services.
Currently Kostiantyn is a CEO and Co-Founder of Berezha Security LLC., a company that provides services in Penetration Testing, Security Awareness Programs, Software Security Assessment, Bug Bounty Program, Social Engineering Assessment, Application Security Programs.
Mr. Korsun is an active member of the local cyber community in Ukraine promoting cybersecurity ideas within Ukrainian society. |
| 10:30-11:10 |
 |
Mykola Koval, Cybersecurity expert
"Cyberthreats investigation and prevention. Based on a true story"
Talk will traditionally cover existing and emerging trends in cyber-security as well as analysis of several incidents. Audience is suggested to get acquainted with practical aspects of detection, investigation and prevention of cyber-threats. It's planned to discuss cyber-espionage cases, which is most relevant for goverment agencies, and targeted activity directed at financial gain, which is potentially interested for broader audience in the context of corporate information security.
Mykola Koval has been dealing with with cyber-threats for almost 10 years, used to work with both government and private sectors. |
| 11:20-12:00 |
 |
Yuri Rozhansky, FireEye
Intel From The Frontlines - Case study from the Middle East
Building a modern integrated cyber defense is difficult job. We believe that in today’s threat environment, when the threat actors are getting better, more aggressive and cooperating with each other, there is no one magic solution for defense.
To win, a joint effort is required to paint a full picture of an attack, from initial compromise to full understanding and thwarting of the attack.
In this presentation, I would like to show a case study in Middle East when combing different expertise and tools, joining forces across different teams, allowed us to stop a nation-state actors’ attack in a very sensitive time period.
Yuri is a senior security researcher with expertise in reverse engineering. He owns a computer engineering BSc from Technion Institute of Technology. Yuri is an experienced advisor and analyst, who reverse engineered complex system across different OS platforms.
Yuri joined FireEye during 2018 to focus on hunting and analyzing nation-state sponsored threats. |
| 12:00-13:00 |
Lunch |
| 13:00-13:40 |
 |
Maksym Litvinov, Andrii Okaievych
|
| 13:50-14:30 |
 |
Viktor Kirchev
"Game of Threats: A peak under the hood of Threat Intelligence"
The plan is to keep the presentation product neutral, while explain how our Cisco’s Threat Intelligence teams works, along with some recent examples of threats we have detected and investigated.
Viktor Kirchev is a Software Developer by education and a Cybersecurity Engineer by profession and heart. Having went through and worked with the traditional old-school identity, network and endpoint security solutions, Viktor turned to the "clouds" and is now part of Cisco's Umbrella Security team. When not fighting threats in the said "clouds" you can find him either backpacking around the world or stuck in between pages of a good book. Whether it is cyber security, programming, traveling or reading, all of his hobbies and interests go well with his love for quality beer.. or more likely his obsession for it, since he is also very enthusiastic home brewer. |
| 14:40-15:30 |
 |
Oleksandr Adamov, Ph.D., the head of the research laboratory NioGuard Security Lab
"Ransomware vs. AI"
A modern cybersecurity solution cannot be imagined without using Artificial Intelligence and Machine Learning for detecting cyberattacks. In this regard, two main approaches are typically used: finding patterns of known cyberattacks and anomaly detection for unknown ones.
Therefore, to bypass anti-malware protection, attackers invest their efforts into changing the behavior to break the existing detection pattern. Moreover, they try to mimic benign application form and behavior to not being discovered as an anomaly. For example, we’ll consider tactics and techniques used in the targeted ransomware attacks this year such as LockerGoga, MegaCortex, Buran, and Ryuk ransomware to reduce the footprint in a victim’s system that includes the usage of digital signature, multiprocess encryption, and the hardcoded open source crypto code instead of Microsoft CryptoAPI.
Alexander Adamov - Ph.D., the head of the research laboratory NioGuard Security Lab with 15-year experience in the analysis of cyberattacks. He teaches cybersecurity at NURE and Blekinge Institute of Technology in Sweden and conducts scientific activities in the areas of malware analysis and development of methods for cyber threats detection using AI. He is a co-author of the EU Master's Program in Cyber Security within ENGENSEC project. In cooperation with OSCE, he provided Reverse Engineering training to the Cyberpolice of Ukraine. |
| 15:30-16:00 |
Coffee |
| 16:00-16:50 |
 |
Vlad Kucher, Security Engineer, Betta Security
"Almost Silver Bullet" or Ideal automated security system
Have you ever had a fantasy about having unlimited budget and resources on your security, so you can implement everything you just say or wish? Sounds like a heaven-dream, right?
And even if we can't face ideal option, let's see what we can do right now to improve our security. We'll speak about the ideal security system, built on solution classes, considering saving usability of all components.
Blue team is fun! Staying secure, staying tuned.
Certified engineer of: Tufin, Qualys, FireEye. DC8044 Core member.
Speaker at Bsides Kharkiv 2019 Summer, OWASP Kharkiv vol.2, CyberEducationDay. |
| 17:00-17:30 |
 |
Paul Alderson, FireEye Intelligence team, Senior Manager
Magecart Plumbing, TTPs and Insights
Breaches related to Magento and “Magecart” have been in the news for the past several years. Large public breaches such as British Airways and TicketMaster have all been associated with this activity/group with the number of victims rising above 500K as of this writing. The attackers have been credited with using and potentially developing zero-day vulnerability against several Magento plugins. What hasn’t publicly reported is the plumbing behind the scenes and where all of that data goes. This talk will focus on the network of proxies setup used to collect the data and push that data back to a centralized database. We’ll examine and present the automation they use for deployment of their toolset as well as the manual setup pieces and the pitfalls (typos, etc.) observed from those efforts. We’ll see that their knowledge and obsession of PHP doesn’t at the E-commerce level but extends into their toolsets for deployment. And they aren’t just planning for today – we’ll take a look at the orchestration they’ve setup for backup VPN connections to the mother-ship.
Paul Alderson joined FireEye (previously iSIGHT Partners) in 2011 where he currently serves as a Senior Manager on the FireEye Intelligence team. His fifteen years of experience in technology spans computer security, network design, and application development all starting with a Bachelor of Computer Science from Boise State University in the US. Before working at FireEye he owned his own consulting business and was a commissioned officer in the United States Army, working in Aviation and Network Defense. |
| 17:30 |
Closing ceremony (Hall А) |
