🇬🇧 Session in English.
Speakers: Fabio Viggiani and Mattias Wåhlén
Understanding the cyberthreats we are facing allows us to make better decisions in strengthening our cyber resilience. We can use threat intelligence to predict cyberthreats and improve our ability to detect, prevent, and respond to attacks.
In this opening session, Mattias and Fabio present the latest findings from Truesec Threat Intelligence to give an overview of the current threat landscape.
They will talk about how cyberattacks look like today, what techniques are used, the latest trends among cybercriminals, and what the future may have in store.
🇸🇪Session in Swedish.
Speakers: Markus Lassfolk and Mats Hultgren
Learn from the mistakes of others!
Markus and Mats will walk you through the most common causes of todays’ cyberattacks that our team has investigated during the year of 2021.
By learning from others, we can ensure that we don’t become a figure in the statistics.
🇸🇪Session in Swedish.
Speakers: Hasain Alshakarti and Pontus Grönlund
A deep dive into samples from recent ransomware attacks investigated by Truesec CSIRT (Cybersecurity Incident Response Team).
What is the most common entry point and how do the threat actors escalate to Domain Admin?
We share our insights, so you can avoid ending up in a similar situation.
🇬🇧 Session in English.
Speakers: Carlo Alberto Scola and Max Kardos
One fundamental step of a Red Team engagement, is avoiding getting caught and throwing away months of work. That’s why playing around with EDRs is so rewarding, sometimes they’re great at detecting your antics and sometimes not!
During this session, we will present methods to extract credentials and move laterally within environments running modern, up-to-date EDR solutions – all without the Blue Team being any wiser.
🇸🇪 Session in Swedish
Speakers: David Lilja and Hasain Alshakarti
How to detect and disarm an on-going cyberattack. How to distinguish and isolate the attackers’ activities in a busy environment. What is the right balance between automated detection and manual threat hunting.
Using selected real-life examples, Hasain and David will share when and what is suitable to do to enhance your detection capability and increase the value of your tooling.
🇬🇧 Session in English.
Speakers: Alexander Andersson and Fabio Viggiani
Persistence is a threat actor tactic with the objective of retaining access in a compromised environment, even after rebooting or changing passwords. A typical persistence technique could be adding a startup program that will run once the computer starts, but what does advanced persistence look like in 2021?
In this session we will look into the persistence techniques used by sophisticated attackers, including nation state-backed APT groups. We will explain how the techniques work, how we discovered them in our incident response, and finally how you can detect and respond to these threats to ensure no one is hiding in your environment.
🇸🇪 Session in Swedish.
Speaker: Rasmus Grönlund
If you have been the victim of a cyberattack, what do you do to regain control, and deal with the situation as quickly as possible? Change Password? Restore from backup? How do you know that your actions are sufficient to prevent further damage?
The answer is – forensic investigation.
Let Rasmus show you how it is done.
🇸🇪 Session in Swedish.
Speakers: Mikael Nyström and Peter Löfgren
So, you have been hit by ransomware?
In this session Mikael and Peter will walk you through some of the processes and tools used during ransomware recovery.
Learn about how to deploy a new server OS before there is infrastructure in place, deploy workstations over the internet, how to recover your domain controller from a threat actor, and why you cannot use backups.
🇸🇪 Session in Swedish
Speaker: Mikael Nyström and Peter Löfgren
Windows 11 and Windows Server 2022 are here!
In this session, Peter and Mikael will explain how you need to prepare for new releases of Windows.
You will learn about the new features, important security updates, hardware requirements, new release cycle, and how to transition to the new versions of Windows.
🇸🇪 Session in Swedish
Speakers: Anders Axhake and Viktor Hedberg
Azure Active Directory has become an attack vector which is being used in many of incidents to gain persistence in an environment.
This session will guide you through some of the default settings present in Azure AD that can allow a threat actor to initiate attacks rather easily, and how to secure your Azure AD by mitigating these default settings.
🇸🇪 Session in Swedish
Speakers: Mikael Nyström and Ted Molin
When a threat actor has access to the Domain Admin Account it is also known as “Game Over”. If you can protect your administrative credentials, you are in good shape, don’t give them away. The far most important item to protect is access to Domain Controllers.
In this session Ted and Mikael will show you how to protect your domain by using Tiering, Authentication Silos, Fabric Isolation, and PAW/SAW.
🇸🇪 Session in Swedish
Speakers: Asmae Bni and Johan Lindfors
Behind the modern agile process of DevSecOps, there are several key components that enables both productivity and security. One of these components is the concept of Infrastructure As Code. This enables long term management of the IT infrastructure by applying the common best practices in the development lifecycle. As a result, security best practices can be built in the infrastructure management using for example static analysis methods, integration tests, and monitoring capabilities.
🇸🇪 Session in Swedish
Speakers: Björn Andersson
I have been working the last 20 years with IT Operations and IT outsourcing.
This session I will talk about some of the biggest learnings I’ve had the first 100 days at Truesec, and also what things you can do to make the biggest impact if you are in operations today.
🇸🇪 Session in Swedish
Speakers: Marcus Murray and Hasain Alshakarti
Ransomware attacks, destroyed backups, phishing, complex old systems, attacks via suppliers and non-existent surveillance – we see this often in the latest incidents we have investigated and handled.
The development of cybercrime-as-a-service in combination with insufficient cybersecurity capabilities has contributed to a record increase in attacks. It is simply not enough to have backups, you have to detect and stop the attacks in time!
How do we restore balance and win this battle? What tools can we use and how?
Marcus and Hasain share their experiences and insights for a better and more secure digital future.
To sum up the day and hang out with attendees, speakers, and exhibitors.
Exclusive for live participants.