2021 was once a difficult yr to mention the least. The sector persisted maximum of its actions totally on-line which left a variety of open doorways to cybercriminals around the globe. Cyberattacks stored the headlines busy during 2021 as huge disruptions affected govt businesses, primary firms or even provide chains for very important items like gasoline and meat.
In those unsure occasions, we want to stay the neighborhood in combination, robust and targeted to stand all threats and stay alongside of the attackers around the globe. We have been desperate to reconnect with the DefCamp neighborhood after a 12 months wreck and we was hoping to host the convention in a hybrid layout.
With all of the newest nationwide restrictions, we have been pressured to transport totally on-line. Then again, we did our easiest to provide a treasured and insightful revel in with over 40 audio system and over 10 hacking actions that happened on CyberEDU.
How was once DefCamp 2021?
DefCamp has been a neighborhood tournament from the very starting. It began again in 2011 as a meetup between buddies that shared a commonplace pastime for cybersecurity and in a few years turned into the biggest cyber safety convention from CEE. Our project was once all the time to nurture and develop a wholesome neighborhood of execs and to inspire younger scholars to sign up for this superb trade.
DefCamp 2021 was once other from some other version up to now. We’re robust believers within the energy of the neighborhood, we all the time admire high quality networking and our major function is to provide our neighborhood a mythical revel in.
This yr, as a result of we needed to transfer totally on-line, we adjusted the time table in order that we will deal with the whole thing the most efficient we will, given the instances. And from the comments won from the individuals, we’re glad to look that we’ve achieved this project.
We’re neatly mindful that complete on-line can not change the normal DefCamp and even the hybrid model however we all the time put protection first. Like we hold forth in cybersecurity, preventive measures are higher than reacting to incidents/problems. So, all in all, we’re happy with how the whole thing grew to become out.
Over 40 audio system authorized our invitation or carried out at Name for Papers to be a part of DefCamp and reconnect with the neighborhood. We welcomed each new audio system and standard ones that come again yearly at DefCamp with recent and thrilling analysis.
To make the revel in extra attractive, we had 4 panel discussions on other subjects as offered underneath:
|Threats and classes discovered right through the pandemic||Women in Cyber Safety|
|Cybersecurity – the high-quality line between era and the human part||Entrepreneurship in cybersecurity – must I am going there?|
The subjects have been various as we needed to be informed from every visitor speaker’s revel in and uncover their view at the topic.
You’ll cross in the course of the DefCamp 2021 brochure right here.
What was once the newness this yr?
2021 has been very intense. As you understand us, we all the time love to deliver one thing new with each DefCamp version. That’s why we ask in your comments and we strive up to we will to include it in what we do.
So in regards to the novelties of DefCamp 2021 – neatly to begin with, DefCamp grew to become a decade in age this yr. 11 editions however 10 superb years the place we’ve grown, discovered, skilled, cried, laughed and – an important – we’ve constructed a fantastic neighborhood of execs with the give a boost to of our companions who imagine in us and lend a hand us yearly to damage the boundaries and transfer the additional mile.
Additionally, what’s related to say is the truth that we had 9 new competitions within the DefCamp Hacking Village that demanded the neighborhood to place their talents to the check whilst fixing the demanding situations to be had at once at the CyberEDU platform.
What subjects did the audio system provide on level?
The 2 digital phases welcomed over 40 audio system from all over the international. From penetration checking out control – issues in huge companies to responding to the ever evolving risk panorama, we discovered at once from trade leaders what are the commonest demanding situations and the way to higher take on them in our day by day job.
Some other attention-grabbing presentation was once about Coaching SecOps: Schooling thru Gamification the place Ioan Constantin, Cyber Safety Skilled at Orange tackled probably the most greatest hurdles in finding out cybersecurity – the “no amusing” portions. He shared insights about how they’re gamifying cyber-range-as-a-service applied sciences and the way they’re providing a novel and robust toolset to firms and academia to coach, assess and permit steady finding out in cybersecurity for his or her workforce and scholars. Ioan highlighted how schooling thru gamification can pave the best way for next-generation Safety Operations Facilities and we’ll see how all of this interprets to efficiency in UNbreakable Romania, a first-of-its-kind Nationwide ongoing Cyber Safety Pageant.
Shifting ahead we’ve tackled automobile safety. As a result of automobiles are getting more and more complicated, attached, and automatic. The dynamic digitalization and an evolving regulatory setting deliver upper automobile cybersecurity necessities. Jan Glos, Set of rules Building Engineer Garrett – Advancing Movement, targeted his presentation at the cybersecurity wishes passenger and business car makers have, how the ones necessities are fulfilled, and the way the devoted gear are advanced and tuned.
And since there isn’t an afternoon with none cyber assault or incident, we loved the presentation that Danny Henderson Jr., Senior Data Safety Consultant Secureworks named “Curse of the Mirage Woodland: An Incident Responder’s Story”. As a result of risk actors regularly make stronger on their ingenuity on staging ambushes, like bandits inside a dense wooded area. While the everyday access of breaches get started with phishing, the extra suave tricksters cloak their lure thru a Mirage spell inside a easy clearing, attractive unsuspecting industry that failed their Perception take a look at to assert a trojanized program. The story incorporated a close-call come across with the adversary in an incident reaction name, how they tracked the bandit’s path, and shared the ways in which different adventurers can follow-suit in the usage of to be had unfastened services and products for risk intelligence to help crafting their very own stories.
Additionally, we’ve observed how a lot floor ransomware assaults won previously years so it was once an absolute excitement to have at the digital level Radu-Emanuel Chiscariu, Senior Safety Analysis Engineer Keysight Applied sciences sharing A Deep-Studying Technique to Phishing Detection. A commonplace tactic for adversaries to reap credentials and private data is thru phishing web pages. To extend the likelihood of a a success assault, the attackers attempt to carefully replicate the glance of a valid web page, hoping to trick their goal. There are quite a lot of approaches to detecting phishing pages that target extracting supply code options of the web page. Radu targeted his presentation on growing an summary of ways such an means can be carried out the usage of a deep neural community and its accuracy in figuring out phishing pages.
We’ve observed that many firms and publications discuss threats however what about the way to locate them with the intention to be secure prior to they aim your corporate? Smartly, we had at the DefCamp 2021 digital level Raphaël Lheureux, CSIRT & Pentesting Group Chief CEGEKA who defined the way to leverage risk intelligence within the variety and prioritization of detection assets. Raphael shared his tackle how cybersecurity pros typically know which detection assets are required to hide many of the threats that a company may just face. In fact, there are a number of the explanation why no longer all of those may also be onboarded inside an inexpensive time frame, and even in any respect: restricted price range, sluggish and/or complicated alternate control, issues round manageability and so on. So he targeted his communicate on presenting an method to cope with this problem the usage of MITRE ATT&CK and different risk intelligence assets.
Certainly the time would by no means be sufficient to take on all of the topics we want to have on level at DefCamp however we imagine the variety of audio system and subjects controlled to hide necessary facets from the infosec trade.
What in regards to the Hacking Village?
Smartly, you understand how it really works. The Hacking Village has been the DefCamp playground for all hacking actions since 2016. Since then, we hosted greater than 50 cybersecurity competitions to stay the neighborhood engaged.
2021 was once the yr of alternate so for the DefCamp Hacking Village this intended new & other competitions in conjunction with the normal ones to stay the neighborhood engaged. You’ll see right here an summary of what the Hacking Village had to provide this yr.
What’s necessary to say is the truth that the competitions to be had have been very various and lined many cybersecurity talents: from penetration checking out to virtual forensics, opposite engineering and cryptography. For one week, all DefCamp attendees will have enrolled within the contests and examined their talents in probably the most lively a part of DefCamp.
The most well liked one was once CVE Adventures the place attendees have been challenged to check their vulnerability scanning talents, exploitation talents and skill to search out exploits printed via the protection analysis neighborhood, all in a secure setting.
IoT Village was once additionally at the favourite record because it was once the one hybrid pageant to be had this yr. With the give a boost to of Siemens we controlled to deliver nearer to the DefCamp neighborhood the IoT units hacking.
Our plans for 2021 undoubtedly seemed other. However this yr’s DefCamp version will perpetually stay particular to us in its personal approach – and we are hoping you’re feeling the similar. It’s been nice to have your digital avatars round and we promise to do the whole thing we will so we will see every different head to head, like excellent previous occasions, quickly.
We stay up for 2022 with the similar pastime for cybersecurity, with the ambition to develop and nurture cybersecurity talents and a powerful neighborhood in a position to stay alongside of the attackers around the globe.
Till 2022, keep secure, hacker circle of relatives!