Slide background

Programme

print page

Allow national and international experts to inform you on Thursday the 29th of June during the Black Hat Sessions. Madison Gurkha organises this unique event for the fifteenth time: a special anniversary edition not to be missed.

The day-long event consists of a management track and a technical track. Additionally, there will be an opportunity to get some practical experience during the Hands-on hacking workshop and PGP Key Signing Party


We will kick off at 09:30 with an opening speech by the day's chairman, Dirk Jan van den Heuvel, Managing Director at Madison Gurkha. The programme will be wrapped up with a drink around 17:00. Download the leaflet.


UPDATE

Rogier Besemer, Program manager TIBER (Threat Intelligence Based Ethical Red teaming) at De Nederlandsche Bank & Ralph Moonen, Technical Director at Madison Gurkha will give a duo presentation: Hack for Safety - TIBER & MGs RED teaming Approach.


Schrijf u nu in


Time

Programme Black Hat Sessions 2017

08:30  Registration
09:30  Opening speech by Dirk Jan van den Heuvel
09:35  KEYNOTE by Bill Cheswick
 Management Track  Technical Track
10:30  The ethics of privacy - Rachel Marbus, Privacy Officer KPN  Losing Yourself in a Cloud of Things - Michael Kubiaczyk, Principal Security Consultant Madison Gurkha
11:15  Coffee break / Information market
 Management Track  Technical Track
11:45  Physical Pentesting - Walter Belgers, Principal Security Consultant Madison Gurkha  Plan to Throw the First One Away - Meredith L. Patterson, polymath technologist and science fiction author
12:30  Lunch / Information market / PGP Key Signing Party
 Management Track  Technical Track
13:45  New Sheriffs in town - John Fokker, Digital Team Coordinator NHTCU  A century of data stealing - Duncan Campbell, investigative journalist, author and TV-producer
14:30  The Future is False Positive - Hans de Zwart, Executive Director Bits of Freedom  Hack for Safety - TIBER & MGs RED teaming Approach - Rogier Besemer, Program manager TIBER at De Nederlandsche Bank & Ralph Moonen, Technical Director Madison Gurkha
15:15  Coffee break / Information market
15:45  KEYNOTE: Brigadier General Hans Folmer, Commandant General of the Dutch Cyber Command (DCC)
16:40  Closing ceremony by Dirk Jan van den Heuvel
16:45  Drinks / Information market


KEYNOTE by Bill Cheswick


Bill Cheswick (Ches) will join us from the U.S. to provide a keynote for this special edition. Ches is known for his early work in Internet security, including firewalls, proxies, and as co-author on the first full book on firewalls. He is also noted for his work in visualizations, especially Internet maps, which have been (re)published widely.

"I am throwing together lots of thoughts, experiences, and predictions into a new talk." Topics may include ancient data, old data, data analysis, leaky data, vast data, fake data, tagged data, public data, lucrative data, personal data, protecting data, long term data, and anonymous data.

About Bill Cheswick


KEYNOTE by Brigadier General Hans Folmer


Brigadier General Hans Folmer, Commandant General of the Dutch Armed Forces Cyber Command (DCC) will give a keynote speech at the end of the program on June 29th. The DCC contributes to military operations with cyber capabilities in order to realise freedom of manoeuvre in the information environment. During his keynote he will explain what this means.


"The Future is False Positive" by Hans de Zwart, Executive Director Bits of Freedom

About Hans de Zwart


The future will indeed be false positive. In this talk we will do three things:

  • 1. Look at some worrying (and occasionally wryly funny) recent examples of false positives: a person with Parkinson's disease suspected of being a bus bomber, a police officer identified as a burglar and a black person classified as a gorilla. Examples like these can be interpreted as "weak signals" of a future that will likely be riddled with wrong judgments and spurious accusations.


  • 2. Identify some of the causes of this problem: fear as a motivator for policy making, our changing attitude towards risk and, most importantly, a drastic increase in the number of decisions made by machine learning algorithms.


  • 3. Explore a few of the practical strategies that we could implement in trying to decrease the number of false positives and minimise their damage.


Madison Gurkha had an extensive interview with Hans de Zwart in anticipation of his presentation. Click here to read it! (in Dutch only)


"New Sheriffs in town…" by John Fokker, Digital Team Coordinator at the Dutch National High Tech Crime Unit (NHTCU)

About John Fokker


John Fokker works as a Digital Team Coordinator at the National High Tech Crime Unit (NHTCU), the Dutch federal police unit dedicated to investigating advanced forms of national and international cybercrime. He is a project leader for the NoMoreRansom initiative, a public-private project founded by the NHTCU, Europol’s European Cybercrime Center, Kaspersky Lab and Intel Security, to disrupt cybercriminals spreading ransomware and to aid victims of ransomware.

In this talk John will give you some interesting details about this project. How did the No More Ransom initiative start and grew from a one-hit wonder to a global movement to fight Ransomware. Check out www.nomoreransom.org.


"Plan to Throw the First One Away" by Meredith L. Patterson

About Meredith L. Patterson


In The Mythical Man-Month, Fred Brooks famously advised, "The management question, therefore, is not whether to build a pilot system and throw it away. You will do that. Hence, plan to throw one away; you will, anyhow." His advice sparked the evolution of rapid prototyping and agile development. Even so, especially in the web era, companies still find themselves taking hacked-together prototypes into production -- and having to re-engineer at great cost later, especially once security flaws rear their heads. What would happen if people really did plan to throw the first one away? We decided to find out, and built our development budget, hiring plans, schedule, and architecture around Brooks' advice. Does prototyping by any means necessary, then reimplementing from scratch in functional languages according to language-theoretic security principles reduce technical debt and lead to more reliable software? Find out!


"Physical Pentesting" by Walter Belgers, Principal Security Consultant Madison Gurkha

About Walter Belgers


In this lecture, Walter Belgers, will explain to you some techniques and tricks to get past doors and locks with the ultimate goals of getting physical access to your IT infrastructure. If an attacker can just walk in to your computer room, access to the data that is on your systems becomes dead easy. IT people normally do not have to deal with physical security as that is another departments' responsibility. After this talk, you will hopefully be able to detect physical flaws to get them fixed.


"The ethics of privacy" by Rachel Marbus, Privacy Officer KPN N.V.

About Rachel Marbus


In working with data, we want to comply with the law. We consider the processing of personal information. This is supposed to be done in accordance with the rules in the Personal Data Protection Act (and soon, with the General Data Protection Regulation). In doing this, we are really only considering the micro level of privacy; data protection. The macro level is the constitutional right - "Everyone has the right to protection of his/her private life" - which also provides protection for values like autonomy and freedom. These values become more important as we process more data, from more sources, with more resources. It becomes truly big.

Are we still seeing The Bigger Picture? Rachel Marbus will take a close look at the ethics of privacy. What if an application of big data is permitted by law, but not really right?


"A century of data stealing" by Duncan Campbell

About Duncan Campbell


25 years before the Edward Snowden revelations, in 1988, Scottish investigative journalist Duncan Campbell uncovered and reported the world's first mass surveillance system targetting international communications - covername ECHELON.

At every step of technical change in data transmission and processing, from the long secret invention of the world's first computer, and even soon after Marconi deployed his invention, government intruders into privatecommunications have been in to help themselves - deeper, wider, and faster than historians have ever recorded, or than most people could have believed.
Technologists have hoped that technical solutions, especially cryptography, might by now have become the means to normalise previous experiences of security and privacy.But is it now "game over"? Can better understanding, transparency, and regulation help?


"Losing Yourself in a Cloud of Things" by Michael Kubiaczyk, Principal Security Consultant Madison Gurkha

About Michael Kubiaczyk


The "Internet of Things" is growing and we can't stop it. We've barely seen the tip of the iceberg when it comes to Internet-enabled devices which make us ask: "What is this ridiculous nonsense?" As the security-unconscious masses buy into the promise of personalized everything, everywhere, identity management will become even more important - for devices as well as their attached human peripherals. We look at a few future use-cases and draw parallels with existing technological solutions.


"Hack for Safety - TIBER & MGs RED teaming Approach" by Rogier Besemer, Program manager TIBER at De Nederlandsche Bank & Ralph Moonen, Technical Director Madison Gurkha

About Rogier Besemer About Ralph Moonen


TIBER (Threat Intelligence Based Ethical Red teaming) tests the cyber resilience of the Dutch core financial institutions against advanced attackers. It aims to improve the cyber resilience of the participants. TIBER builds on previous experiences by the Bank of England (CBEST). Key to the program are: Threat intelligence, emulate the best attackers and collaboratively learn from the findings. Rogier will present the TIBER background, goal and the expected results.

What makes a Red Teaming exercise truly worthwhile? Ralph will present his point of view and share his experiences in recent projects. Several topics will be highlighted, including social engineering, threat intel uses and pitfalls.


Hands-on hacking workshop Raspberry Pi


Always wanted to gain insight in the approaches a hacker will use to retrieve your passwords? Even from a locked computer? During this workshop we will show you how a Raspberry Pi can be used to receive passwords, install backdoors, siphon data and monitor network traffic. In various scenario's we will guide you through the setup and possibilities of a Raspberry Pi as an attack platform.


Time: morning session 10.30 – 12:30 and afternoon session 13:30 – 15:30


Please note! As you probably know, hands-on hacking workshops are very popular and the number of participants is limited. Unfortunately, the workshops for this year are fully booked. However, we can put you on the waiting list. If we receive a cancellation, we will inform you. We also look at possibilities for organizing the workshop later this year.


PGP Key Signing Party


During this year's BHS edition we will also organise a PGP Key Signing Party. PGP is a popular method to provide end-to-end encryption for email communication. The PGP public key infrastructure relies on a web-of-trust where users are validated by other users. A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each other's keys, thereby strengthening the web of trust.

This session is intended for experienced PGP users and will not be an introduction on how to use or configure PGP. In fact, computers are not even used during a PGP Key Signing. In order to participate, you must make sure that your public key is available on public key servers and submit your PGP fingerprint to keysigning@madison-gurkha.com before 20 June 2017.

More information about the PGP Key Signing will be sent to the participants after the 20th of June.




ORGANISER




SPONSORS BHS PART XV


SIG





isoc24




SIG





TSTC







SCOS





NLUUG





(MEDIA)PARTNERS BHS PART XV


Computable


Marqit



AG





CertifiedSecure







processcontrol





WinmagPro



Louwers


DutchCloud





Infosecuritymagazine

PvIB





KNVI



Isaca





Norea