Understanding and Dealing with Zero Days

Liam Smit will be talking about how to understand and deal with Zero Days.

Context:

Unpatched vulnerabilities are subject to exploitation e.g. Equifax and Apache Struts. While this is due to a lack of patching, what happens when no patch is available?

Over the last few years there have been numerous releases of methods and tools that exploit unknown vulnerabilities for which no patches exist e.g. Hacking Team, the NSA and the CIA.

The Talk:

Starting with what is a zero day compared to a non-zero day. How quickly patches are reverse engineered to discover the original exploit.

To get you thinking before the talk the following will form part of the discussion:

Attack surface:

Servers:

• Services
• Protocols

Desktops / laptops:

• Browsers
• Email
• Operating System

Android and Apple Smart Phones.

• App stores
• Hardware / Firmware hacking
• Biometrics
• OS Flaws

Internet facing servers:

• Extremely fast patch application
• Automated patching
• Hardening

Architectural:

• Web Application Firewalls
• Compartmentalization i.e. split the data off from the presentation layer.
• Defense in depth, deploying firewalls on all servers.
• Deploying IDS / IPS.

Parking:

There are two parking levels, each with a separate entrance. There are VOSS marked bays each with an A4 size sign in both parking levels. Which level to park in basically comes down to which one has more free bays, which is hard to predict.

One entrance (to the upper parking) is up the ramp past the fountain. Turn right once you go through the boom. Just keep turning right.

The other entrance (to the lower parking) is down the ramp (opposite Discovery entrance). Go through the boom, drive straight for a little bit and then turn right (there is no other option). Drive all the way to the end. Then just keep turning right.

At the boom you should buzz security and tell them that you're coming to see VOSS.

Refreshments:

VOSS (http://www.voss-solutions.com)