ABU DHABI 4 APRIL 2019

SANS Cyber Security Middle East Summit

#CyberSecurityME

2

Thursday 4th April 2019

08:00 – 09:00 Registration and Coffee

09:00 – 09:20

Welcome and Introduction by Summit Chair

09:20 – 09:55

The Case for Building Your Own SOC Automations Security Orchestration, Automation and Response platforms are promising easy automation of Security Operations Centre tasks, but can it be as easy as the product vendors say it is? Is there still a case to be made to learn how to automate SOC processes for yourself? Is all hope lost for those that do not have the latest SOAR products? What can be done when you ask your product vendor if they have compatibility with an existing network device and they respond with “We have an API”? Attendees will be given examples of how to automate security operations and intelligence gathering that they can use to mature their security operations. Nathanael Kenyon, Business Systems Analyst II, Saudi Aramco

09:55 – 10:30

Car Hacking | Exploring Security Risks of Autonomous Vehicles As autonomous systems become more ubiquitous and sophisticated, there could be even more potential security risks. This talk will discuss what goes on behind the scenes when one drives the car and numerous entry points where a hack can occur. It will also be beneficial to those who want to find the ways and means to protect the vehicle’s network, wireless connections, on-board computers and/or other electronics from cyber-attack. Aatif Khan, Cyber Security Researcher

Agenda We strive to present the most relevant, timely and valuable content. As a result, this

Agenda is subject to change. Please check back frequently for changes and updates.

Wednesday 3rd April 2019

18:00 – 20:00

Pre-Summit Meet and Greet This optional session offers the opportunity to meet and network with your fellow attendees the night before the Summit kicks off. We highly recommend you attend if possible.

3

11:00 – 11:35

Attacking & Defending AWS S3 Bucket In the recent years, we have seen various well-known organizations encountered S3 bucket data leak exposing millions of customer records and confidential corporate information. Hackers enumerate and try to find out publicly accessible s3 buckets because it’s like public share with juicy information. In most of the cases, it was seen that excessive permissions and misconfiguration were the main reasons for data exposure. In the run to get the most benefit of cloud, security considerations are avoided or ignored leaving S3 bucket exposed. In this talk the audience will learn to enumerate public buckets and gain access to them through open sources tools. Further, they will also learn how use security settings, various AWS tools to secure and restrict S3 bucket to avoid information disclosure. Sapna Singh, Senior Consultant, Deloitte & Touche (M.E.)

11:35 – 12:10

Emerging threats by SANS Internet Storm Center In the last couple of years, we have witnessed some sophisticated and also simplistic attacks that have severely impacted businesses around the world resulting in of in damages costing them millions. SANS Internet Storm Centre has been following and analysing various attacks for over 2 decades. In this presentation, Bojan will introduce the SANS Internet Storm Centre and will talk about several new emerging threats that are slowly becoming prevalent. We will also discuss some incidents that Bojan and other SANS ISC handlers have worked on in last year. Bojan Zdrnja, CTO, INFIGO IS

12:10 - 13:10

Networking Luncheon Lunch is served onsite to maximize interaction and networking among attendees.

13:10 – 13:45

Mobile Radio Access Network Exploitation As a ninja pen tester and professional, you must know the critical infrastructures and related attack techniques. In this presentation, I will demonstrate mobile radio access network concepts and talk about weaknesses, vulnerabilities, risks and practical hacking scenarios. Ali Abdollahi, Cyber Security Division Manager, FWUTech

10:30 - 11:00

Networking Break: Drinks and snacks will be served

4

13:45 – 14:20

A Knack for NAC: Locking Down Network Access Across a Global Enterprise The proposed talk is to share our experience deploying and enforcing Network Access Control, including: organizational and security goals, policy and implementation decisions, high-level architecture and design, including scalability, performance, and high-availability considerations, challenges, failures, successes, and lessons-learned, and integration with other related security functionality such as logging, guest network access, and network segmentation. Maged Elmenshawy, Global Network Services Manager, Schlumberger

14:20 – 14:55

Exploiting relationship between Active Directory Objects Gone are the days when Penetration testing was just running a vulnerability scanner and exploiting the system to gain remote code execution. Organizations are making sure patches are applied consistently across their IT Infrastructure making the life harder for attackers. Penetration testers have to adopt new techniques to gain foothold inside the organization and Active Directory Domain plays a major role in it. This talk explores how as an attacker you could exploit misconfigured permissions between different Active Directory objects to main persistence and escalate privilege across the Domain environment. For the Defenders this talk will highlight critical mistakes that your Domain Admins make. Juned Ahmed Ansari, Senior Security Consultant, DarkMatter

14:55 - 15:25

Networking Break Drinks and snacks will be served

15:25 – 16:00

Closing Remarks by Summit Chair

Social events and informal networking activities are hosted after the Summit

5

Bios

Aatif Khan

Cyber Security Researcher Aatif Khan has over a decade of experience in information security and has spent most of his time in assessing security risks at secure environments. He has worked extensively on penetration testing, malware analysis, security audits, developing cyber defence strategies, building cybersecurity roadmaps and exploit research. He has also delivered infosec trainings to corporate, defence personnel and cyber-crime police officials. He has authored and published various white papers covering different areas of information security. He has spoken/trained at numerous information security conferences across Europe and Asia. He has been interviewed by the Associated Press, Voice of America, Hakin9 and numerous other media channels for his expertise on the emerging cybersecurity threats.

Ali Abdollahi Cyber Security Division Manager

Ali Abdollahi a Network and Information security consultant with over 7 years of experience working in a variety of security fields. Currently the cyber security division manager at FWUTech, Board of review at Hackin9, Pentest & eForensic magazine and also a instructor at eForensic magazine and Hackin9. Ali is a self-confessed bug hunter and publisher of many vulnerabilities and CVEs.

Bojan Zdrnja CTO

Bojan graduated in 1998 at the University of Zagreb, Croatia. In 2005 he became one of the handlers of SANS Internet Storm Center (ISC), a voluntary organization with a goal to detect security problems, analyse risks and distribute technical information. He is teaching the SANS SEC542 course, and currently leads the penetration testing team in INFIGO IS.

6

Juned Ahmed Ansari Senior Security Consultant

Juned is working in DarkMatter as Senior Security Consultant. He holds a post graduate degree in Business Administration and a Bachelors in Computer Science. GXPN, GREM and GCFA are some of the technical certifications he has acquired over his prof. career. He is a Microsoft alumnus. Primary area of expertise is Red Team exercises and has authored two books on Penetration Testing.

Maged Elmenshawy Global Network Services Manager

Maged Elmenshawy is Global Network Services Manager for Schlumberger, where he has worked for 25 years. He is responsible for a global network of 1,000 sites, data centres, field, & cloud connectivity, & UC. He has held positions in Network Engineering, Information Security, and IT Operations Management. He has a B.S. in Eng from MIT and a Master’s in Eng & Eng Management from Stanford University.

Nathanael Kenyon Business Systems Analyst II

Nathanael Kenyon works as a SOC Team Lead at King Abdulaziz Center for World Culture in Dhahran Saudi Arabia. His previous experience includes information security positions in the private sector and the defence industry.

Sapna Singh Senior Consultant for Deloitte & Touche (M.E.)

Sapna is Cyber Security Professional with 8+ years of experience in Incident handling, investigations, Cloud Security, Web, Infrastructure Security and mobile application security. She is passionate about learning various aspects of cyber security. She is member of Women in Cyber Security Middle East Community working to empower and mentor women in Cyber Security.