Login

BSides Ume 2024

4–5 Jun 2024
Umeå University
Europe/Copenhagen timezone

Session

Talks and presentations

4 Jun 2024, 10:00
Aula Biologica (Umeå University)

Aula Biologica

Umeå University

Johan Bures väg, Umeå, Sweden

Presentation materials

There are no materials yet.

  1. 1. Welcome and pratical matters
    Mattias Wadenstein (NeIC)
    04/06/2024, 10:00
    Talks and presentations

    Welcome and practical matters for BSides 2024

    Go to contribution page
  2. 2. Graph Theory: Unveiling the Microsoft Entra ID Post-Exploitation Landscape
    Beau Bullock (Black Hills Information Security)
    04/06/2024, 10:15
    Talks and presentations

    In today's cloud-driven landscape, Microsoft Azure and 365 (M365) have become essential tools for businesses worldwide. However, beneath their user-friendly facades lie a landscape rife with potential threats stemming from default configurations. Through years of attacking Microsoft cloud environments during red team engagements I have found commonalities across many companies where...

    Go to contribution page
  3. 3. Delete your password manager
    Mr Linus Lagerhjelm (Omegapoint)
    04/06/2024, 11:00
    Talks and presentations

    Passwords are out! So of course you do not need to manage them anymore. Passkeys, on the other hand, are the talk of the town as well as the topic of this talk.

    If you have heard about passkeys before and are curious to know more about them then this talk has got you covered. If you haven’t heard about them before but want to stay a jour, then this talk is a must.

    This talk will be a...

    Go to contribution page
  4. 20. Security challenges in development and operation of EISCAT 3D
    Dr Carl-Fredrik Enell (EISCAT Scientific Association)
    04/06/2024, 11:45
    Talks and presentations

    EISCAT Scientific Association are currently building EISCAT 3D, the next generation research radar on the Northern European mainland.
    This is a research infrastructure that will significantly enhance the capabilities of ionosphere and near Earth space research. The design and complexity of the system rise challenges that are new to our research communities but more commonly encountered in...

    Go to contribution page
  5. 12. Securing legacy services - Jailing with systemd
    Anton Lundin
    04/06/2024, 13:30
    Talks and presentations

    Ever since the introduction of chroot() in the late 70s the concept of jailing locking down services have been a choice for the security minded to introduce damage prevention to their services. It's always better to write secure services rather than just locking them down, but it's not always possible, and the addition of jailing can be a good second line of defence against unknown...

    Go to contribution page
  6. 11. django-ca, HSM and open source contribution
    Kushal Das (Sunet)
    04/06/2024, 14:15
    Talks and presentations

    django-ca is a feature rich certificate authority written in Python and maintained for around 10 years. As I write this talk submission, I am working with the maintainer to add HSM support to the application, so that it can be used inside of Sunet and various other security sensitive installations.

    A related blog post:...

    Go to contribution page
  7. 10. Weathering Mirai, a 10 year retrospective
    Mattias Wadenstein (NeIC)
    04/06/2024, 14:45
    Talks and presentations

    A decade ago, the Mirai DDoS botnet was the biggest seen with a capacity of roughly 600 Gbit/s packet floods. The week after the high-profile attack on krebsonsecurity, they pointed the direction at a Libera Chat (at the time known as "Freenode") IRC server hosted by Academic Computer Club at Umeå University.

    This talk gives a brief overview on how the network providers SUNET and NORDUNet...

    Go to contribution page
  8. 18. An In-Depth Analysis of Android’s Java Class Library: its Evolution and Security Impact
    Timothée Riom (Umeå Universitet)
    04/06/2024, 15:30
    Talks and presentations

    THIS WORK HAS BEEN ACCEPTED AND PRESENTED AT IEEE SECDEV 2023

    Android is an operating system widely deployed
    especially on devices such as smartphones. In this paper, we study
    the evolution of OpenJDK Java Class Library (JCL) versions
    used as the basis of the Dalvik Virtual Machine (DVM) and
    the Android Runtime (ART). We also identify vulnerabilities
    impacting OpenJDK JCL versions...

    Go to contribution page
  9. 7. Verifiable credentials solves all problems
    Mikael Frykholm (Sunet)
    04/06/2024, 15:45
    Talks and presentations

    and creates many new ones. The federation team at SUNET manages the Swedish identity federation for higher education (SWAMID). We are also involved with the eduGAIN inter federation and in some new EU projects looking into [Verifiable credentials][1] as basis for a digital wallet. Another area of development is OpenID Federation, an extension to OIDC to allow federation. This will allow us to...

    Go to contribution page
  10. 19. Cyber Clash: Hot Takes and Disruptive Discourse
    04/06/2024, 16:15
    Talks and presentations

    Should law enforcement use hacking tools? Is XSS dead? And which one is the greatest threat to security: AI or the EU?

    In this session our panelists will tackle controversial topics with their wit and wisdom, from hacking ethics to encryption, privacy and those lazy programmers.

    Go to contribution page
  11. 17. Analyzing Prerequistes of known Deserializtion Vulnerabilities on Java Applications
    Bruno Kreyssig (Umeå University)
    05/06/2024, 09:30
    Talks and presentations

    Insecure deserialization is regarded as one of the OWASP Top 10 software vulnerabilities. While requiring somewhat complex exploitation prerequisites, the impact of exposing this type of vulnerability is severe, often leading directly to remote code execution. The attack model is based on self-executing methods, invoked during the native deserialiaztion process - so-called gadget chains....

    Go to contribution page
  12. 25. Can you trust it?
    Tomas Forsman
    05/06/2024, 09:45
  13. 21. All code is POLITICAL
    Kushal Das (Sunet)
    05/06/2024, 10:15
    Talks and presentations

    This lighting talk will showcase some dangers of technology on human society, from history to modern time.

    Go to contribution page
  14. 16. Twenty years later: Evaluating the Adoption of Control Flow Integrity
    Sabine Houy (Umeå University)
    05/06/2024, 10:50
    Talks and presentations

    Memory corruption vulnerabilities still allow compromising computers through software written in a memory- unsafe language such as C/C++. This highlights that mitigation techniques to prevent such exploitations are not all widely deployed. In this paper, we introduce SeeCFI, a tool to detect the presence of a memory corruption mitigation technique called control flow integrity (CFI). We...

    Go to contribution page
  15. 4. Dungeons & Dragons: The security tool you didn’t know you needed
    Klaus Agnoletti
    05/06/2024, 11:05
    Talks and presentations

    In my talk, I'll dive into the world of game-based learning in cybersecurity, showcasing HackBack - a unique framework that blends role-playing game elements with security training. I'll explain how HackBack revolutionises traditional methods by providing immersive, risk-free simulations of security situations, both offensive and defensive, making it ideal for teaching concepts like Zero Trust...

    Go to contribution page
  16. 26. Wrapup and looking towards BSides Ume 2025
    Mattias Wadenstein (NeIC)
    05/06/2024, 11:35
  17. 14. Cheating at Video Games for Fun and Profit
    Melanie Bobowski Wadenstein
    Talks and presentations

    Globally, videogame cheats are a multimillion dollar industry. In this talk I will briefly discuss types of game cheats and how they work, and some techniques to detect and prevent them.

    Go to contribution page
Building timetable...