BSides Tallinn 2021

It was a dark day in October in Finland when psychotherapy clinic Vastaamo’s data breach became public. For the first time in history, a ransomer had turned his attention from blackmailing a company to private individuals, with a threat of publishing their sensitive information online unless a ransom was paid.

Laura Kankaala is an ethical hacker and Security Consultant at F-Secure and is widely recognised as an authority in the ethical hacker community with a deep knowledge across the security landscape. She was one of the people aiding victims of Vastaamo case together with her fellow security professionals at KyberVPK. Laura’s mission in life is to build trust in technology through security and make the internet a better place for all of us.

This talk will cover the basic knowledge needed to start researching vulnerabilities in Windows drivers and author will also make publicly available a new tool that can easily be used for such ends.

Jaanus Kääp has worked in Clarified Security as a penetration tester and security researcher for the last 10 years. He has been in MSRC top security researchers list in 2015-2020; has published over 100 CVE-s, mostly by Microsoft and Adobe; found web vulnerabilities from Facebook, Google, Apple, Adobe, Spotify, etc. Kääp holds a Masters degree in Cybersecurity.

In the midst of battling red teamers and attackers, the blue team at Wise has been busy building out our endpoint monitoring. Now we want to tell you about all the wins, screw-ups, revelations and tips we’ve learned along the way.

Andres Elliku Andres is a member of the Security Operations team in Wise, where he is responsible for incident response, tooling development, threat hunting, and helping other teams in implementing best practices. His focus areas are Windows endpoint hardening, detection, and response.

Previously while working at CERT-EE, Andres was responsible for CERT-EE’s infrastructure, toolkit development, and threat hunting. His daily tasks included handling of advanced malware analysis, supporting institutions and internet service providers, and providing IOCs for ongoing threats. Andres was also running CERT-EE’s malware analysis sandbox and various other toolsets. Before joining the CERT-EE team, he worked in the public sector as a systems engineer and security advisor.

He is also an active member of the Estonian Defence League Cyber Defence Unit since 2015 and has represented Estonia in Cyber Coalition and other defensive exercises as a Blue Team member. Andres is also part of the largest live fire exercise’s Locked Shields Red Team since 2018 and has been a Client-Side subteam tech leader for the past years.

Andres has also given talks and trainings on incident response and threat hunting topics both in his home country and abroad.

Andres has a MSc in Cyber Security from Tallinn Technical University and Tartu University and an applied higher education from IT system administration from Estonian Information Technology College.

Alexandru Ciobanu is a security engineer in Wise Security Operation Center. He specialized in security and monitoring of UNIX-like systems, creating automation pipelines, threat detection and incident response.

He previously worked in CERT-EU on automating detection, defence, malware analysis, and information gathering for European Institutions.

Before joining CERT-EU he worked as a software engineer, focusing on backend development to create business logic for software applications and information systems.

He enjoys implementing botnets for cyber defence exercises and following the sermons of Pastor Manul Laphroig and his merry band of reverse engineers.

For more than 18 years, the Estonian electronic identity card (ID card) has provided a secure electronic identity for Estonian residents. In this talk we will look into some of the security challenges the Estonian ID card has experienced over the years.

Arnis Paršovs is a researcher at the University of Tartu who leads the Applied Cyber Security research group (https://acs.cs.ut.ee/). He has been successful in discovering various security issues in the Estonian eID infrastructure and will give an overview of some of them in his talk.

This talk will look at what happened when I made a responsible disclosure to a UK NHS tech org in March 2021. I will look at recent reports of cyber-law gone wrong from the UK/US/DE. I will talk about the need for cyber security researchers to be protected in law.

Rob Dyke is a long time open source hacker. A decade of his career was in NHSland where he co-founded open eObs and made NHoS / NHSbuntu - an OS for the NHS. These days Rob researches the security and privacy of apps listed in the NHS Apps Library.

This talk features a story from the trenches during an incident of Egregor infection, presenting the TTPs and problems faced during the analysis. The key takeaways are to provide recommendations for ransomware prevention and recovery, analysis insights and caveats during incident response, to better understand the threat and create effective response plans.

Nikos Mantas is an Incident Response Expert with experience in digital forensics, threat hunting and enterprise incident recovery. His research areas focus on APT groups and cybercrime threat intelligence. His mission is to inspire the new generation of undergraduate students to pursue a career in cyber security, serving as a peer-mentor in the team.