Welcome my first blog post about Cyber Thursday! This is an "event" that was temporarily put on hold because of Covid.

Each Thursday of the month a company will come and speak about what they do and give some more information.

Hopefully this blog post will serve as the start of a series of several Cyber Thursday blog posts.

Blog Header Image

Howest Security & Privacy Research Group

To start we had a presentation of the work that is done by the Howest Security & Privacy Research Group.

After that we got a introduction in a ICS4 project, that is made by the Research Group. The project consists of a mock setup created using real PLC and controllers to simulate the effects of malware or virus, etc. on a industrial network.

This network gives the option to test out mitigation and show to companies what the damage could be made without proper mitigations.


Spotit

They started of talking about how the company started.

Also how long it generally takes a company to detect a hacker and how long it takes before they are removed form the network.

They have clients in Belgium and have now also expanded to the United States so that they can offer 24 hour service to their clients.

In the use of working with clients they primarily use the NIST framework, which is defence focused.

They also several other frameworks to facilitate the implementation of proper security in the companies they work with.

From Russia With Love

The most interesting part of the talk and the reason I really wanted to go to the event was the talk about Russia Hackers.

The speaker started with explaining Bianco's pyramid of pain, he explained in short each step of the pyramid and what the most important part of this pyramid going with the context was TTP or also know as Technique, Tactics & Procedures.

This is mostly used to identify several threat actors and how they proceed in compromising a company.

APT29 - Cozy Bear

The APT29 group, is a state sponsored group that is linked to the Russian government and has been around since 2008.

Attributed Attacks

Some of the attack that are attributed to the group are as followed

  • Pentagon
  • US Democratic National Committee
  • Dutch Police (MH17)
  • Covid 19 research labs
  • SolarWinds Orion.
Simulating APT29

He than gave us a small example of how these attacks can be simulated using a platform called Caldera developed by MITRE.

The simulation of this is done by creating so called playbooks.

NOC

For the last section they talked about the creation of their own NOC (Network Operations Center).

They showed us a slides of the structure of their NOC, what technologies they used and what the reasonings are for picking each one.


Conclusion

Seeing as this was the first event after the Covid period and my first attendance. I can say it was a informative presentation.

I noticed some topics resurfacing that I have seen in the lessons and how a company such as Spotit applies it to their clients.

The mentioning of Caldera was definitely interesting and is something I would definitely would want to experiment with in the further.