A Night of Honeypots and Information flow security

Can we outsmart the adversaries? (Effective) Cyber Deception with Honeypots
In today's ever-evolving cyber threat landscape, traditional defence mechanisms often struggle to keep pace with attacker ingenuity. Cyber deception offers a proactive approach, utilizing traps and deceiving tactics to lure attackers into controlled environments. Honeypots are one of the prominent techniques of cyber deception that act as decoy systems for capturing attacks and analyzing the adversary strategy. They provide an early detection mechanism as well as a method for learning how adversaries work and think. However, over the past years, several researchers have shown methods for fingerprinting honeypots. This significantly decreases the value of a honeypot; if an attacker can recognize the existence of such a system, they can evade it. This talk delves into the world of cyber deception, focusing on honeypots, their efficacy, and some fingerprinting techniques from my research. We'll explore how honeypots function and the contributions from The Honeynet Project, a non-profit, open-source community.
Speaker: Shreyas Srinivasa is Cyber Security Specialist at TERMA Group, Co-founder of Selene CTI and previously Security Researcher at Aalborg University. He is contributor to the Honeynet project, a non-profit dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.

Information-Flow Security for the Working Software Engineer
How does information flow through your software? Awareness of this gives you a new perspective when writing software with security requirements; it helps you avoid introducing information leaks into software, and gives you a conceptual framework for reasoning about software security in general.
In this talk, you will meet concepts like information leak, sources & sinks, dependencies, side–channels, and flow policies. You will learn to identify information flows in software, to express application–specific security requirements as flow policies, and to implement software that adheres to said flow policies.
Want to try this out? Then bring a laptop; right after the talks, I will organize a little activity where you can tinker with `ifc-ts` - my TypeScript library for expressing flow policies. In `ifc-ts`, flow policy checks are reduced to checks performed by TypeScript's type checker. Thus, if your code type-checks, then your code is guaranteed to adhere to the flow policies expressed therein.

Speaker: Willard Rafnsson is Associate Professor at the IT University of Copenhagen (ITU). I am a member of the Center for Information Security and Trust (CISAT), as well as the Programming, Logic and Semantics (PLS) and Software Quality Research (SQUARE) groups.

Location: IT University, Copenhagen