Allow national and international experts to inform you on Thursday the 29th of June during the Black Hat Sessions. Madison
Gurkha organises this unique event for the fifteenth time: a special anniversary edition not to be missed.
The day-long event consists of a management track and a technical track. Additionally, there will be an opportunity to get some practical
experience during the Hands-on hacking workshop and PGP Key Signing Party
We will kick off at 09:30 with an opening speech by the day's chairman, Dirk Jan van den Heuvel, Managing Director at Madison Gurkha. The programme will be wrapped
up with a drink around 17:00. Download the leaflet.
Rogier Besemer, Program manager TIBER (Threat Intelligence Based Ethical Red teaming) at De Nederlandsche Bank & Ralph Moonen, Technical Director at Madison Gurkha will give a duo presentation: Hack for Safety - TIBER & MGs RED teaming Approach.
Programme Black Hat Sessions 2017
|| Opening speech by Dirk Jan van den Heuvel
|| KEYNOTE by Bill Cheswick
|| Management Track
|| Technical Track
|| The ethics of privacy - Rachel Marbus, Privacy Officer KPN
|| Losing Yourself in a Cloud of Things - Michael Kubiaczyk, Principal Security Consultant Madison Gurkha
|| Coffee break / Information market
|| Management Track
|| Technical Track
|| Physical Pentesting - Walter Belgers, Principal Security Consultant Madison Gurkha
|| Plan to Throw the First One Away - Meredith L. Patterson, polymath technologist and science fiction author
|| Lunch / Information market / PGP Key Signing Party
|| Management Track
|| Technical Track
|| New Sheriffs in town - John Fokker, Digital Team Coordinator NHTCU
|| A century of data stealing - Duncan Campbell, investigative journalist, author and TV-producer
|| The Future is False Positive - Hans de Zwart, Executive Director Bits of Freedom
|| Hack for Safety - TIBER & MGs RED teaming Approach - Rogier Besemer, Program manager TIBER at De Nederlandsche Bank & Ralph Moonen, Technical Director Madison Gurkha
|| Coffee break / Information market
|| KEYNOTE: Brigadier General Hans Folmer, Commandant General of
the Dutch Cyber Command (DCC)
|| Closing ceremony by Dirk Jan van den Heuvel
|| Drinks / Information market
KEYNOTE by Bill Cheswick
Bill Cheswick (Ches) will join us from the U.S. to provide a keynote for this special edition. Ches is known for his early work in Internet security, including firewalls, proxies, and as co-author on the first full book on firewalls.
He is also noted for his work in visualizations, especially Internet maps, which have been (re)published widely.
"I am throwing together lots of thoughts, experiences, and predictions into a new talk." Topics may include ancient data, old data, data analysis, leaky data, vast data, fake data, tagged data, public data, lucrative data,
personal data, protecting data, long term data, and anonymous data.
About Bill Cheswick
KEYNOTE by Brigadier General Hans Folmer
Brigadier General Hans Folmer, Commandant General of
the Dutch Armed Forces Cyber Command (DCC) will give
a keynote speech at the end of the program on June 29th.
The DCC contributes to military operations with cyber
capabilities in order to realise freedom of manoeuvre in
the information environment.
During his keynote he will explain what this means.
"The Future is False Positive" by Hans de Zwart, Executive Director Bits of Freedom
About Hans de Zwart
The future will indeed be false positive. In this talk we will do three things:
1. Look at some worrying (and occasionally wryly funny) recent examples of false positives: a person with Parkinson's disease suspected of being a bus bomber,
a police officer identified as a burglar and a black person classified as a gorilla. Examples like these can be interpreted as "weak signals" of a
future that will likely be riddled with wrong judgments and spurious accusations.
2. Identify some of the causes of this problem: fear as a motivator for policy making, our changing attitude towards risk and, most importantly,
a drastic increase in the number of decisions made by machine learning algorithms.
3. Explore a few of the practical strategies that we could implement in trying to decrease the number of false positives
and minimise their damage.
Madison Gurkha had an extensive interview with Hans de Zwart in anticipation of his presentation. Click here to read it! (in Dutch only)
"New Sheriffs in town…" by John Fokker, Digital Team Coordinator at the Dutch National High Tech Crime Unit (NHTCU)
About John Fokker
John Fokker works as a Digital Team Coordinator at the National High Tech Crime Unit (NHTCU), the Dutch federal police unit dedicated to investigating advanced forms of national and international cybercrime. He is a project leader for the NoMoreRansom initiative, a public-private project founded by the NHTCU, Europol’s European
Cybercrime Center, Kaspersky Lab and Intel Security, to disrupt cybercriminals spreading ransomware and to aid victims of ransomware.
In this talk John will give you some interesting details about this project.
How did the No More Ransom initiative start and grew from a one-hit wonder to a global movement to fight Ransomware. Check out www.nomoreransom.org.
"Plan to Throw the First One Away" by Meredith L. Patterson
About Meredith L. Patterson
In The Mythical Man-Month, Fred Brooks famously advised, "The management question, therefore, is not whether to build a
pilot system and throw it away. You will do that. Hence, plan to throw one away; you will, anyhow." His advice
sparked the evolution of rapid prototyping and agile development. Even so, especially in the web era, companies still find themselves taking
hacked-together prototypes into production -- and having to re-engineer at great cost later, especially once security flaws rear their heads.
What would happen if people really did plan to throw the first one away?
We decided to find out, and built our development budget, hiring plans, schedule, and architecture around Brooks' advice. Does prototyping by any means necessary, then reimplementing from scratch in
functional languages according to language-theoretic security principles reduce technical debt and lead to more reliable software? Find out!
"Physical Pentesting" by Walter Belgers, Principal Security Consultant Madison Gurkha
About Walter Belgers
In this lecture, Walter Belgers, will explain to you some techniques and tricks to get past doors and locks with the ultimate
goals of getting physical access to your IT infrastructure. If an attacker can just walk in to your computer room, access to the data that is on
your systems becomes dead easy. IT people normally do not have to deal with physical security as that is another departments' responsibility. After
this talk, you will hopefully be able to detect physical flaws to get them fixed.
"The ethics of privacy" by Rachel Marbus, Privacy Officer KPN N.V.
About Rachel Marbus
In working with data, we want to comply with the law. We consider the processing of personal information. This is supposed to be done
in accordance with the rules in the Personal Data Protection Act (and soon, with the General Data Protection Regulation). In doing this, we are really
only considering the micro level of privacy; data protection. The macro level is the constitutional right - "Everyone has the right to protection of his/her private life" - which also provides protection for values like autonomy and freedom. These values become more important as we process more data, from more
sources, with more resources. It becomes truly big.
Are we still seeing The Bigger Picture? Rachel Marbus will take a close look at the ethics of privacy. What if an application of big data is permitted
by law, but not really right?
"A century of data stealing" by Duncan Campbell
About Duncan Campbell
25 years before the Edward Snowden revelations, in 1988, Scottish investigative
journalist Duncan Campbell uncovered and reported the world's first mass
surveillance system targetting international communications - covername ECHELON.
At every step of technical change in data transmission and processing, from
the long secret invention of the world's first computer, and even soon after
Marconi deployed his invention, government intruders into privatecommunications
have been in to help themselves - deeper, wider, and faster than historians have
ever recorded, or than most people could have believed.
Technologists have hoped that technical solutions, especially cryptography,
might by now have become the means to normalise previous experiences of security
and privacy.But is it now "game over"? Can better understanding, transparency,
and regulation help?
"Losing Yourself in a Cloud of Things" by Michael Kubiaczyk, Principal Security Consultant Madison Gurkha
About Michael Kubiaczyk
The "Internet of Things" is growing and we can't stop it. We've barely seen the tip of the iceberg
when it comes to Internet-enabled devices which make us ask: "What is this ridiculous nonsense?" As the security-unconscious
masses buy into the promise of personalized everything, everywhere, identity management will become even more important - for devices as
well as their attached human peripherals. We look at a few future use-cases and draw parallels with existing technological solutions.
"Hack for Safety - TIBER & MGs RED teaming Approach" by Rogier Besemer, Program manager TIBER at De Nederlandsche Bank & Ralph Moonen, Technical Director Madison Gurkha
About Rogier Besemer About Ralph Moonen
TIBER (Threat Intelligence Based Ethical Red teaming) tests the cyber resilience of the Dutch
core financial institutions against advanced attackers. It aims to improve the cyber resilience of the participants.
TIBER builds on previous experiences by the Bank of England (CBEST). Key to the program are: Threat intelligence,
emulate the best attackers and collaboratively learn from the findings. Rogier will present the TIBER background, goal and the expected results.
What makes a Red Teaming exercise truly worthwhile? Ralph will present his point of view and share his experiences in recent projects.
Several topics will be highlighted, including social engineering, threat intel uses and pitfalls.
Hands-on hacking workshop Raspberry Pi
Always wanted to gain insight in the approaches a hacker will use to retrieve your passwords?
Even from a locked computer? During this workshop we will show you how a Raspberry Pi can be used to receive passwords,
install backdoors, siphon data and monitor network traffic. In various scenario's we will guide you through the setup and possibilities of a
Raspberry Pi as an attack platform.
Time: morning session 10.30 – 12:30 and afternoon session 13:30 – 15:30
Please note! As you probably know, hands-on hacking workshops are very popular and the number of participants is limited.
Unfortunately, the workshops for this year are fully booked.
However, we can put you on the waiting list. If we receive a cancellation, we will inform you. We also look at possibilities for organizing the workshop later this year.
PGP Key Signing Party
During this year's BHS edition we will also organise a PGP Key Signing Party.
PGP is a popular method to provide end-to-end encryption for email communication. The PGP public key infrastructure relies on a web-of-trust where
users are validated by other users. A key signing party is a get-together of people who use the PGP encryption
system with the purpose of allowing those people to sign each other's keys, thereby strengthening the web of trust.
This session is intended for experienced PGP users and will not be an introduction on how to use or configure PGP.
In fact, computers are not even used during a PGP Key Signing. In order to participate, you must make sure that your public
key is available on public key servers and submit your PGP fingerprint to firstname.lastname@example.org before 20 June 2017.
More information about the PGP Key Signing will be sent to the participants after the 20th of June.