Events

A Hot Security Conference On Cold Iceland

When I think about Iceland I do not immediately think about a place where top IT-security researchers from all over the world meet once a year to present and discuss some of the most recent and relevant security topics, but this is actually the case. It is the second year that the Nordic Security Conference has taken place here on Iceland. It is quite funny because when I’m in Las Vegas for DEFCON and BLACKHAT I always complain about the insane heat, and during the Nordic Security Conference the weather is terrible. When can someone arrange a conference at a location where it’s not insanely warm or cold?

I’ve had the great opportunity to present at both events. This year I gave a presentation about one of the weakest links in IT-security; the human factor. For over 6 months I have done several research projects, some of them on my own, and some together with other security researchers such as Martin Jartelius from Outpost24. We tried to answer the question: “How easy is it to hack a country?” by performing various social engineering experiments, with great success.

Syndis, an Icelandic security firm is the brain behind the security conference, and they have done a great job inviting amazing researchers from all over the world, such as: Chris Valasak, Don Bailey, Katie Moussouris, Stephen Watt, Chris Eng, Allison Miller and many more. If you are interested in the agenda, check it out here: http://nsc.is/schedule/

208214047

Parallel to the Nordic Security Conference the University of Reykjavik also arranged a hacking/CTF competition, which was extremely entertaining. While the contestants were going crazy and hacking they had provocative and entertaining interviews with the security researchers.

208214048

What makes this event such a great success is the size of the event. This year there were about 200 participants. This gives everyone the opportunity to network and talk to each other. After a long day of presentations and discussions the organizers arranged very good social events, which allowed everyone to show off their other skills. This year one of the speakers, who call himself Dr. Raid, did some crazy freestyle rapping!

208214049

This is a Conference I can highly recommend to anyone who likes awesome research and terrible weather 🙂

A Hot Security Conference On Cold Iceland

Your email address will not be published. Required fields are marked *

 

Reports

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

What did DeathStalker hide between two ferns?

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Subscribe to our weekly e-mails

The hottest research right in your inbox