tldr - powered by Generative AI

• Office 365 is becoming a popular target for threat actors due to the large volume of data stored in it
• Attackers use both unsophisticated and sophisticated techniques to gain access to Office 365
• Forensic artifacts and best practices can help defend against these attacks
• Organizations need to invest time and effort into understanding and defending against Office 365 attacks

tldr - powered by Generative AI

• Puzzles and riddles can develop problem-solving skills that can be applied to larger and day-to-day problems.
• Designing puzzles and riddles requires thought and consideration of the audience.
• Measuring engagement and statistics is important to improve puzzles and riddles.
• Encouraging inclusivity and teamwork can improve engagement and problem-solving skills.
• There is a gap in research on the psychology of security-related problem-solving.
• The speaker plans to create a repository of workplace puzzles and hopes others will contribute.
• The speaker encourages attendees to participate in a crossword puzzle.

tldr - powered by Generative AI

• Side-channel attacks target the implementation of an algorithm rather than the algorithm itself, making it a very efficient way to attack secure hardware.
• Debugging hardware is harder than debugging software because it requires looking at both the software and hardware to find the source of the leakages.
• The presentation showcases a concrete step-by-step example of how to use a software called COLD (Charge Side-Channel Attack Leak Detector) to find where a tiny implementation running on an SMT32F4 is leaking.
• The approach involves using deep learning and dynamic analysis to quickly and efficiently find the origin of the leakage.
• The presentation also discusses the benefits of using AI explainability to map the code and pinpoint the part of the code that is interacting with the hardware in a way that makes it vulnerable to side-channel attacks.
• The ultimate goal is to create a debugger that will help reduce the cost of finding and pinpointing attacks accurately, freeing up more time to focus on developing stronger cryptography.

tldr - powered by Generative AI

• The VPN should prevent sniffing and protect against DNS meddling attacks
• It should protect against spoofed websites and responder attacks
• The interaction with the captive portal should not introduce the opportunity for an attacker to inject malicious javascript into the browser
• IPv6 susceptibility should be the same for hosts on a Wi-Fi network and those on the corporate network
• Standard equivalent configurations were created to compare vendors in the context of the identified threat scenarios
• The research question is how much protection enterprise VPN technologies provide against common and realistic threats

tldr - powered by Generative AI

• Human risk is one of the largest unsolved problems in security, with human errors being the top reason for successful breaches.
• Traditional one-size-fits-all annual security training is ineffective in changing behaviors.
• Techniques such as personal relevance, social proof, leveraging intrinsic motivation, and tight-feedback loops are key factors to reduce human risk.
• Motivation needs to be applied in addition to training to get employees to want to take the training and adjust their knowledge levels.
• Elevate Security is a leading human risk management platform constantly keeping on top of the latest research in the space.

tldr - powered by Generative AI

• Cybersecurity professionals in their early career are enthusiastic and eager to learn, but tend to lack experience and context
• One of the biggest challenges they face is the tendency to focus on skills without understanding when to use them
• Picking the wrong role models, such as burnt out and cynical professionals, can also be dangerous
• To overcome these challenges, cybersecurity professionals should focus on knowing the job, using checklists, zooming out to see the bigger picture, and embracing anti-fragility
• In the ego phase, cybersecurity professionals may experience burnout and need to actively manage and prevent it by focusing on mental health fundamentals and relying on peer support

tldr - powered by Generative AI

• Malign actors are exploiting divisions in society using vulnerabilities in the information ecosystem, overwhelming individuals and manipulating communities.
• Nation states leverage social networks and network infiltration to influence, distract, and manipulate large communities of people.
• There is a lack of rigorous academic research to inform policy makers on how to address the threat of misinformation.
• Companies in various industries may also be targeted with reputational attacks online.
• The talk concludes with a call-to-action for the audience to deploy their skills in the defense of democracy.

tldr - powered by Generative AI

• Lamphone uses electro-optical sensors to detect sound waves that cause vibrations in light bulbs
• The technology is still in development but has the potential to be a practical method of eavesdropping
• Advanced filtering techniques can be used to filter noise from the signal
• The use of deep learning to train a model for filtering noise comes with a cost
• The development of Lamphone is similar to the development of Gyrophone, which took six years to become a practical method of eavesdropping
• Scientists are likely to continue improving Lamphone in the coming years

tldr - powered by Generative AI

• Plunder Vault is a new type of attack that breaks the integrity of SGX
• It induces memory corruption in bug-free code
• Sensitive information can be leaked through this attack
• Examples of leaked information include RSA keys and SQS

tldr - powered by Generative AI

• Sub-Saharan Africa lacks specific data on the cybersecurity industry
• Effective policies must be implemented to address the distinct operating environment of the region
• Local cybersecurity practitioners should develop open source or affordable tools for the local market
• A more sophisticated and organized cybersecurity system is required to curb existing and emerging threats
• Encouraging more professionals to join the industry and work together to build it