Speakers
Adam Jordan - "Case Study on Supply Chain Attack: How an RCE in Jenkins leads to Data Breaches and Whole Company Compromise".
Adam Jordan (@_adamyordan), Head of Group Security R&D at Sea, Singapore. CS Alumni from Universitas Indonesia. I played and participated in national and international CTFs in the past, but now focused more on bug bounty and work responsibilities (automating security for the enterprise, while also in charge of red team operations). Fun fact, I won the IDSECCONF CTF in 2016.
"In DevSecOps, securing every component in the software development life cycle (SDLC) is very important. However, many companies are often found investing only in the security of their customer-facing products, while not paying enough attention to their internal components. When in fact, securing these internal components are also important, and when compromised, may result in a huge financial and reputation loss for the company.
For example, Jenkins, a popular platform to automate the pipeline in SDLC, has several cases of being compromised in the past that result in a supply chain attack. In this presentation, we will discuss a case study of how an attacker can discover and exploit a remote code execution (RCE) bug in Jenkins, and using various post-exploitation techniques, may spread the collateral damage resulting in data breaches and the compromises of various components in the company. Technical analysis of the attack will be provided from the attacker's perspective. Then, we will discuss how the attack impacts an enterprise company, and provide some recommendations to mitigate this kind of attack. "
B.Noviansyah - "The Achilles Heel of NSICCS Implementation".
B. Noviansyah (@tintinnya), an Independent Researcher and Security Practitioner who enjoys the flexibility of working hours during the WFH era, sometimes burns his midnight oils just to see what is lurking inside things. Interested in IT Security in Payment Systems, Digital Forensics, and Malware Analy-sis.
"Indonesia has more than 100 ATM/Debit Cards (“ATM/D”) Issuers that are licensed by Central Bank of Indonesia (“BI”) with a total of more than 150 million issued and active ATM/D. Most cards still use magstripe, which still prone to be attacked by card skimmer.
In 2015, BI issued a Circular Letter to all ATM/D Issuers to migrate all mag-stripe cards to EMV-based NSICCS cards by the end of year 2021. NSICCS or National Standard of Indonesia Chip Card Specification was developed and approved by BI to become a national standard and has been adopted by al-most 50% of active cards nowadays with branding of GPN Card (Kartu Gerbang Pembayaran Nasional). By January 1st, 2022 all terminals (EDC, ATM) and cards issued in Indonesia are ready to process all transactions using information written on chip only. This standard is believed can reduce the number of cards skimming incidents significantly.
Before January 1st, 2022 both magstripe and EMV-chip are available to be processed by any terminals in Indonesia. All Card Issuers should manage the risk while handling swiped or dipped cards. This presentation will discuss how secure is this national standard and under what circumstance this standard can protect customer data while doing a transaction. "
Claudia Dwi Amanda & Andi Yusuf - "Deteksi Serangan Siber berbasis Mobile Honeypot".
Claudia Dwi Amanda is currently working at the National Cyber and Crypto Agency. She has interests in Detection Systems, Malware Analysis, Intelligence Analysis, and OSINT. Amanda is involved in the Indonesia Honeynet Project community, and active in developing the BSSN-IHP Honeynet Project. Amanda has written 28 papers related to the cyber security so that it could increase cyber situational awareness for the public.
"Peningkatan serangan siber memerlukan upaya untuk melakukan deteksi dini terhadap serangan siber yang berpotensi terjadi. Salah satu upaya yang dapat dilakukan dengan penggunaan Honeypot sebagai perangkap (decoy) sehingga aktivitas serangan siber dapat direkam oleh sistem. Saat ini, dengan peningkatan jumlah penggunaan mobile phone khususnya Android, honeypot juga telah dikembangkan untuk mobile phone yaitu mobile honeypot dengan tujuan untuk memantau serangan siber yang terjadi di lingkungan sekitar mobile phone berada. Adapun peningkatan serangan siber yang terjadi juga dipengaruhi oleh kebutuhan pengguna dalam mengakses Internet melalui akses point (Wifi) khususnya yang berada dalam area publik yang berpotensi dimanfaatkan oleh penyerang dalam melakukan serangan siber."
Digit Oktavianto - " A Tale Story of Building and Maturing Threat Hunting Program".
Digit Oktavianto (@digitoktav), saat ini bekerja di sebuah perusahaan Security Consulting di Jakarta. Saat ini ia memiliki fokus di beberapa area berikut : DFIR, Threat Hunting, Threat Intelligence, Threat Attribution, Malware Analysis, dan Security Operation Center Development. Digit aktif di beberapa komunitas Cyber Security di Indonesia seperti CDEF, Indonesia Honeynet Project, dll. Digit memiliki pengalaman di bidang cyber security kurang lebih 10 tahun. Saat ini dia memiliki beberapa sertifikasi seperti GCIH, GMON, GCFE, GICSP, CEH, ECIH, CTIA, dan CHFI. Pada waktu senggangnya Digit hobi bermain CS-GO dan juga memiliki beberapa koleksi Tamiya.
"Semakin berkembangnya metode dan teknik serangan yang digunakan oleh adversaries, organisasi perlu melakukan upaya yang lebih mature dalam melakukan detection dan response. Salah satu yang menjadi program adalah membangun kapabilitas organisasi dalam melakukan threat hunting. Pendekatan threat hunting cukup berbeda dengan traditional security monitoring, dimana pada traditional security monitoring aktivitas yang dilakukan cenderung lebih reactive, sedangkan pada threat hunting aktivitas yang dilakukan cenderung lebih proactive dengan pendekatan presumption of compromise atau assumed breach. "
Rama Tri Nanda - "IoT Hacking, Smartlockpick".
Rama Tri Nanda (@smrx86), an Independent researcher and also security consultant at Xynexis int’l since 2015. Have been talks at Idsecconf 2013, 2014, 2015 & 2019. My research mostly focuses about radio frequency such as WIFI, Bluetooth-LE, RFID, SDR and also covers some technique in openwrt hacking.
"IoT is not new things anymore. In 2020 predicted about more than 31 million were using all over the world. Each manufacture competed to produces inovative IoT product. But not all of them create secure product. Many of vulnerability were found cause the developer obey how important to implement secure authentification and code hygine. This paper will tells you howto hack unsecured smartlock on Bluetooth-LE protocol."
Randi Mulki - "StreamCrime : Leveraging modern apps platform for old crimes".
Randi is an Independent Security Consultant with 13 years experience in the IT Security Industry. He is focusing on IT Security for the Financial Industry. He is now working as IT Security Engineering Lead at LinkAja.
"Live streaming applications have become a trend since 2016, from the Bigo Live application which became the predecessor to the application of its followers. Today, many people use live streaming applications to find entertainment, partners and even make money easily. This talk will discuss real cases of illegal activities or crimes committed by using applications, especially live streaming applications. From ordinary crimes to financial crimes. What kind of illegal activities occur. Anyone who is involved in such illegal activity. Why did this crime happen. And of course how that activity happened.
Do you know that the daily turnover of money on live streaming applications is very large?
Do you know if there are syndicates who launder money on live streaming application?
Do you know there are online gambling under the guise of live streaming applications?
Do you know that some drug dealers use live streaming applications to recruit drug couriers?"
Redho Maland - "Reconnaissance just not always about resources".
Edo Maland (@screetsec) adalah seseorang mahasiswa yang lahir di tahun 99’s, kurang lebih selama 4 tahun terakhir dia menekuni bidang keamanan informasi dengan fokus Penetration Testing (Web/Mobile/Infrastructure security testing), Red Teaming, Active Directory Security dan juga mengerjakan proyek konsultasi keamanan untuk lembaga pemerintah, lembaga pendidikan, bank, perusahaan rintisan, dll. Dia telah telah diundang untuk menjadi trainer dan pembicara tentang keamanan informasi di sejumlah konferensi dan seminar nasional di berbagai kota. Edo maland juga berkontribusi mengembangkan distro dracOs Linux dan alat otomisasi yang digunakan untuk mendukung kegiatan penetration testing dan bug hunting , yang dirilis sebagai proyek open source di GitHub (https://github.com/screetsec) seperti TheFatRat, Sudomy, Brutal dan Vegile. Dia juga telah memegang beberapa sertifikasi professional di industri keamanan informasi seperti OSCP, OSWP, CRTP dan CEH (Master).
"Reconnaissance merupakan bagian terpenting dalam kegiatan penilaian keamanan informasi (Security Assesment) terutama pada kegiatan Black-Box Penetration Testing dan Bug Hunting. Pengumpulan informasi tersebut dapat dijadikan sebagai target dalam pengujian untuk mencari kemungkinan bahwa salah satu subdomain memiliki informasi yang berkaitan dengan domain utama, sehingga dapat meningkatkan peluang dalam menemukan kerentanan.
Dalam mengumpulkan informasi, kita tidak hanya bergantung dengan resources yang banyak. Disini, kita juga memerlukan sebuah kreatifitas (resourcefulness) dalam menyelesaikan sesuatu rintangan dan memikirkan cara bagaimana resource tersebut dapat diolah menjdi sesuatu yang lebih baik."
Rizal Rasmalian - "MIPS Router targeted Worm Botnet With OpenWrt SDK Toolchain".
Rizal Rasmalian (github.com/rasmalian), IT enthusiast, sysadmin, self-taught programmers, for hobby , work & fun. A lot of fun. Any serious idea? Contact me!
"Mirai botnet di klaim menginfeksi 2,5 juta peralatan, karena masih kurangnya aware terhadap peralatan IOT, dan membiarkannya menggunakan password default. Botnet – botnet versi baru yang muncul kemudian dan sampai sekarang mulai memakai Teknik – Teknik lain di samping bruteforce login telnet.
Seperti penggunaan exploit 0-day pada device tertentu, juga bruteforce pada service lain seperti SSH. Openwrt adalah salah satu system operasi berbasis GNU/Linux yang banyak di gunakan pada router dengan architecture salah satunya MIPS. Secara default OpenWrt akan menggunakan Telnet dan/atau web based untuk kemudian mengaktifkan service SSH.
Materi ini akan membahas kemungkinan untuk membuat Botnet worm Mips dengan Openwrt SDK yang mampu melakukan serangan ke (service telnet) openwrt, dan jika sudah di matikan, secara otomatis akan mencoba brute force pada service SSH Openwrt tersebut, Botnet worm juga menggunakan beberapa exploit untuk menyerang device tertentu dengan system operasi selain openwrt yang memiliki bug,untuk melakukan infeksi lebih jauh. "
(TBA)
