11:00               11:30

COFFEE BREAK

11:30               12:15

How the largest botnets were been taken down – the case studies

Robert KOŚLA
Microsoft

12:15               12:50

“The activity of the APT28 threat group – the case study”

Michał OSTROWSKI,  Tomasz PIETRZYK
FireEye

The so-called „state-sponsored” (government-supported) attacks have become mostly known as a result of the Madiant APT1 report. That report presented the cyber-espionage related activities run by a group located in China. The newest, most significant cyberspying ectivities, described in the APT28 group report, will be presented. This group is linked to the Russian cyberspying activities.

12:50               13:50

LUNCH

13:50               14:25

DRAGONFLY ATTACKS ENERGY COMPANIES AND AIRLINES

The presentation led by a member of the group that published materials relating to the hacker group “Dragonfly”.
http://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat
It will be presented a lot of details yet unpublished.

Marcin SIEDLARZ
Symantec Security Response

The presentation by one of the member of the group which investigated the case and published materials relating to the hacker group “Dragonfly” There will be presented many details unpublished yet.

14:25               15:00

Data leakage DETECTION AND PREVENTION  IN THE APT AGE

Zbigniew SZMIGIERO
IBM

15:00               15:35

LEARN FROM THE EXERTS: CYBERARK PRIVILEGED ACCOUNT SECURITY

Valery MILMAN
CyberArk

15:35               16:05

COFFEE BREAK

16:05               16:40

I cannot sleep, secure my routers

Przemysław DĘBA
Orange Polska

Piotr KONIECZNY
Niebezpiecznik.pl

Widely known is the case of attack on Polish Internet users: it took place at the beginning of 2014 and was assiciated with unsecured WiFi routers. Piotr Konieczny of Nibezpiecznik.pl and Przemysław Dęba from Orange Polska will present the background of this attack and how the defence was organised. We will learn how the attack acted, who was the target, what were the reasons, and in what conditions it might fail. The considerations will be presented on the organisation of the warning system and how the Internet community reacted to such massive threat, and what own steps to defend itself were undertaken.

16:40               17:15

OPSEC in the activities of criminal groups – SUCCESSES AND mishaps.

Adam HAERTLE
ISACA

Cybercriminals for obvious reasons take care of their anonymity. for this purpose they use such tools as Tor, VPN, BTC, TrueCrypt or PGP. Even so, it happens that the law enforcement agencies are successful in battle against them. During the presentation we will show the errors which lead to cybercriminals recognition and allow investigations against them to be successfull.

17:15               18:30

 „KLANCYK” Improvising theatre presentation

“LOTS DRAWING MACHINE’S CHAMBER IS EMPTY”

Klancyk, the improvising theatre is a pioneer of a Warsaw theatrical form based on a collective performance’s creation without any screenplay, relaying only on the spectators’ suggestions. Its common attribute is at least two actors’ interaction and an improvised plot creation. It can adopt different forms. It is a widely popular form of theatrical jazz, and it was the first symptom of the club performance culture in Poland. It evinces in the improvising groups and workshops. It is direct, heavily relying on a close interaction with the audience, defusing and funny.

od 18:30               .

SOCIAL CASE STUDY NETWORKING

9:00               9:15

OPENING ADRESS

Mirosław MAJ
Cybersecurity Foundation

9:15               10:00

Son of SpyEye – a Crimeware Soap Opera

SpyEye evolved from buggy crimeware to the weapon of choice for many, when ZeuS retreated and left the market to the SpyEye group. A year later SpyEye mysteriously disappeared. They had something on the side though. We have strong evidence that Tilon, the malware-for-rent (thought to be based on Silon) was actually developed by the SpyEye authors and based largely on the SpyEye source code.

Maurits LUCAS
InTELL Business Director, Fox-IT

10:00               10:35

KEY BREAK-INS SIMMULATION IN EXPLAINING OF TODAY’S SECURITY INCIDENTS

Mariusz STAWOWSKI
CLICO

How to explain the security incident, when we do not know its source, nor do we know how it came about? Technology development Botnet and APT and a universal access to the exploit kit tools and crime-as-a-service services has caused that the incidents of this type occur more often. The company learns that its important business data have been compromised. It does not know, however, how this occurred – the IT system using employees might be the culprit, but maybe IT team administrators, or auditors, or external Internet intruders. The key to the incident explanation and the proper remedial actions development is building of the potential incident scenario in a controlled breach simulation, from the point of view of effectiveness assessment of existing protection measures for each of these scenarios Practical effectiveness evaluation of such security solutions like next generation firewall, data leakage prevention or web application firewall requires the use of appropriate methodology and tools. The real case of a security incident case, which took place in a Polish enterprise and the ways of explanation, will be discussed during the presentation.

10:35               11:00

CYBER-EXE™ POLSKA 2014.

Maciej PYZNAR
Rządowe Centrum Bezpieczeństwa

Mirosław MAJ
Cybersecurity Foundation

11:00               11:45

PANEL DISCUSSION – HOW TO USE THE CASE STUDY IN YOUR OWN ORGANIZATION?

PANELIŚCI:

Mariusz STAWOWSKI / CLICO
Paweł WEŻGOWIEC / ComCERT
Grzegorz SZMIGIEL / Veracomp
Mariusz SZCZĘSNY / Asseco

Keeping the panel discussion: Cezary PIEKARSKI / Deloitte Polska 

11:45               12:15

COFFEE BREAK

12:15              12:50

DDOS ATTACK – HOW NOT TO LOSE YOUR HEAD ON THE FRONT-LINE?

Borys ŁĄCKI
Bothunters.pl

A direct, own experience taken out the network attack mitigation is one of the best information sources for everybody, who prepare to this kind of work. This presentation author has a lot of such experiences, and, based on the case of the mitigation of one of the most serious attacks he was involved in, he will present a series of best practices, both technical as well as of organisational nature. related to the protection against the Distributed Denial of Service (DDoS) type attacks. Most common errors will be presented, as well as the proven solutions which proved effective when dealing with during the cooperation with the companies under the attack.

12:50               13:25

Real Life DoS/DDOS Threats and Benefits Deep DDOS Inspection.

Oğuz YILMAZ
Labris Networks

Three different actual customer case cases will eb explained to show important practices in mitigating DoS/DDOS attacks.

In the first case study, we will explore e-commerce new generation active HTTP communication technologies widely used together  mobile clients of e-commerce domain.   It is very  is easy to see false positives and how they can be  identified as legitimate connections between the attacks by looking at L7.

Second case study is about a DDOS hell domain, or as we researchers say: paradise, gaming customer example  will be studied. Also this study show how the attacks can become advanced and how the attackers getting persistent in a way we call APT for DoS/DDoS.

In the third case study, under radar or leak type attacks that are passing through backbone protections we observed in very critical customers.  These type of under radar attacks will  be studied and importance of detailed inspection and services will be explained.

13:25               14:25

LUNCH

14:25               15:00

Filip NOWAK
IBM

15:00               15:35

Elżbieta RZESZUTKO
WARSAW UNIVERSITY OF TECHNOLOGY
Presently used security defences in telecommunication networks have proven insufficient. It is currently estimated that modern antivirus software is capable of detecting a maximum of 45% of potential cyber-attacks. The solution to this challenge lies in the emerging field of bio-inspired security. Interactions between predators and prey closely resemble network attack scenarios, thus by looking into offensive and defensive techniques present in nature we should be able to provide some guidelines for bio-inpired security.

15:35               15:50

Presentation of SkyDE application
Bartosz Lipiński, Piotr Śmietanka
Politechnika Warszawska
WARSAW UNIVERSITY OF TECHNOLOGY

15:50               16:05

Presentation of SecureWALLET application
Paweł AUGUSTYNOWICZ
MILITARY UNIVERSITY OF TECHNOLOGY

16:05               16:20

Presentation of UEP application
Dariusz RUMIŃSKI, Michał GÓRAL
UNIVERSITY OF ECONOMICS IN POZNAN

16:20            16:45

16:45                 .