Events

BerlinSides …electrifying!

It was the last weekend of May and just like every year, hackers, forensic experts and pentesters met at the Universal Hall in Berlin for the BerlinSides conference. ‘A con from hacker for hacker’. This years motto is ‘electrifying’ and the badges and shirts show the picture of Nikola Tesla.

BerlinSides is the successor of the PH-Neutral conference held by FX, who once said he’s going to host his conference for ten years. After that, Aluc stepped in and now runs the BerlinSides conference since 2010.

Start was right after the PXE conference ends on Friday 27th of May and it lasts for four days. As usual, the last day got labeled “OpSec 4 Nerds” and held in a Dojo. It’s about “hand to hand combat” and optional to all attendees who have a good health insurance. Today is the last day of the conference and the exercises in the Dojo are going on right now.

The schedule of the conference can be found here: http://berlinsides.org/?page_id=1911

In contrast to the Chaos Computer Congress, this conference is by invitation only and just like in Las Vegas, what’s happening inside of BerlinSides stays inside. No journalists, cameras or any recording devices are allowed. Speakers can go into details and give some unique insights in projects, incidents and new vulnerabilities.

0x100 people attended the conference this year and beside the talks I also enjoyed the networking, music and party. I met people I haven’t seen for a while, some I never met before and we had some good discussions.

Kaspersky Lab is the premium sponsor of this years’ conference and we are happy to see such great events and to support the community.

My colleague Stefan Ortloff held the opening talk titled”Cross-Platform Malware To Attack The Bitcoin-Sphere” and gave some insights in an ongoing investigation conducted by himself.

2016BSides
(Host Aluc on the right, me on the left side)

Due to the nature of this conference, there aren’t any further details I can add to this blog, but I’d like to thank Aluc for his commitment and I look forward attending next year again!

BerlinSides …electrifying!

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox