Positive Hack Days 11 will begin in a matter of weeks. This international forum on practical security will be held on May 18–19 in Moscow. The red and blue teams for The Standoff have already been formed, and we are putting the finishing touches to the cyberrange infrastructure and the conference program.
As per tradition, PHDays will have three big tracks dedicated to countering attacks (defensive), protection through attack (offensive), and the impact of cybersecurity on business. It is our pleasure to present the first talks.
How to detect 95% of attacks covering 5% of threat actors' techniques
Oleg Skulkin, Head of Digital Forensics and Incident Response Team, Group-IB, will analyze a short list of techniques (used by almost all threat actors, no matter their sophistication) based on real-world attack scenarios. This provides detection opportunities even if there is very little data.
IoC scoring
When dealing with indicators of compromise, analysts need to quickly understand the danger posed by the object in question. For this purpose, a special threat intelligence score is used. How exactly the vendor calculates it is often a commercial secret. Nikolay Arefiev, co-founder of RST Cloud, will explain how scoring works using the example of open indicators.
If you have bootkits
When a computer is infected with viruses at the user level, you can use known methods of counteraction that rely on the kernel API. And what if the OS kernel itself or the firmware is compromised? Anton Belousov, Senior Specialist at Malware Detection, Positive Technologies, will talk about potential vectors of infecting BIOS- and UEFI-based systems with bootkits, and explain how to use the Xen–LibVMI–Drakvuf bundle to monitor malware behavior and what events or signs are indicative of an attempt to introduce a bootkit.