Cork|Sec 143

Running since June 2013, every month we have 1-2 talks focused on Security or Technology - followed by socialising with like minded people – and you can find out exactly what to expect about the night and the venue on the What We're About section of our Meetup page. Past talk details are on our wiki on http://corksec.com/. All people with any sort of an interest or level of knowledge in Security, Hacking and Emerging Technology are more than welcome to attend and feel free to bring like minded colleagues and friends.

CorkSec is made possible through generous sponsorship from our Platinum Sponsor Trend Micro, Gold Sponsor CyberSkills , as well as our Silver and Bronze Sponsors featured prominently on the night.

Doors open at 19:00 with talks starting at 19:15. Talks below

TALK 1: How we are cutting the branch we are sitting on - Adam Filipczyk
Since the beginning of the Information Age humanity has invented countless new things. The rapid development of technology has brought enormous progress and increased the speed in terms of solving problems, but it also brought more headaches and associated cost. Since the technology exploded this also brought life to Information Security Professionals and increased demand for even more advanced technology, better security tools and higher skills. In this talk we want to take all our progress, all our never-ending battles, our passion and hunger for breaking things, analyse it and see where it is going, what our potential future is and what could be potentially best use of the AI to make sure that humanity will survive

TALK 2: Ghoulish Tactics – How Water Scylla enables initial access for Ransomhub - Ian Kenefick
In this talk, we’ll delve into the intrusion set which Trend Micro calls ‘Water Scylla’. Water Scylla is prevalent group leveraging compromised websites and commercial Traffic Distribution Systems to deliver the SocGholish loader, enabling initial access for Ransomhub affiliates. This presentation will highlight the scale of the campaigns and outline the real-world implications of their activities.
The talk will include the following:

1. A walk-through of the attack flow
2. Our analysis of SocGholish loader and the Python backdoor deployed by the group to provide Ransomhub affiliates with initial access
3. An examination of malicious tasks sent by the Command & Control Server to conduct data theft, reconnaissance, and deploy backdoors
4. A description of the network of rogue commercial Traffic Distribution System instances used to evade sandboxes, researchers, and crawlers
5. An overview of SocGholish’s Command & Control infrastructure characteristics
6. A discussion of countermeasures to defend against the Tactics, Techniques, and Procedures (TTPs) observed in these attacks