Conferences

Attending MISP Threat Intelligence Summit 0x04 and presenting at Hack.lu

Dennis Rand will be attending the MISP Threat Intelligence Summit 0x04 at hack.lu 2018 the upcoming week, and will at hack.lu be presenting the latest updates around the DDoS research project, where research around an MaxPain attack will be presented.

The MaxPain attack is where an attacker is using amongst other data mining in order to prepare for the best possible attack scenario. By using this it can be possible to bypassing ISP based and enterprise anti-DDoS solutions.

https://2018.hack.lu/talks/#So+you+think+IoT+DDoS+botnets+are+dangerous+-+Bypassing+ISP+and+Enterprise+Anti-DDoS+with+90%27s+technology

If you are in Luxembourg the upcomming week and want to meet up, please feel free to reach out.

Update from the conference:

Video’s from the conference as well as the slides

https://github.com/eCrimeLabs/Hack.lu-2018

RVASec 2018 -So you think IoT DDoS botnets are dangerous - Bypassing ISP and Enterprise Anti-DDoS with 90’s technology

On the 7. of June 2018 Dennis Rand presented on the RVASec conference in Richmond, Virginia on the topic of how we in the future will see attacks that are not easily or even possible to mitigate. 

The need to do digital hygiene if we want to protect our networks.

The videos from the conference has now been released.


Presenting DDoS research at RVASEC 2018

eCrimeLabs is proud to announce Dennis Rand will be attending as speaker at RVAsec 2018 in Richmond Virginia.

"RVAsec is the first Richmond, Virginia, security convention to bring top speakers to the mid-atlantic region.  The conference will be held on Thursday, June 7th and Friday June 8th 2018 at the Commonwealth Ballroom at VCU’s University Commons."
https://rvasec.com/

The research presented started originally back in 2016 with analysis of DDoS attacks.

As the research and analysis of data evolved, I discovered that there is a large gap in the Anti-DDoS defenses that are existing today allowing attackers with a minimal of effort and some data mining to bypass the enterprise and ISP based DDoS solutions out there.

Also during the research I was looking through alternate UDP service that could in the future pose a problem and here came upon an IoT protocol, introducing the same possibilities as services designed over 20 years ago.

The problem exists in the still large and growing amount of vulnerable services exposed to the internet. The numbers from April 2018 was close to 19.000.000 IP's that has a potential of being abused.

worldmap_udp.jpg