Midnight Sun Archive

Midnight Sun 2024

Attendees
300
CTF Qual Teams
243
CTF Qual Rating
35,74/100
CTF Finals Rating
100/100
Talks

Take the Offensive Against Ransomware: Harnessing Threat Intelligence for Proactive Protection

Friday - 09:10

In today's ever-evolving threat landscape, ransomware attacks have become increasingly intricate. To effectively prevent these malicious incidents, it is imperative to grasp their origins, evolving tactics, and emerging trends. This presentation will delve into the depths of the ransomware market, explore what is changing, evaluate potential impacts, and provide proactive strategies for staying ahead of these attacks. Key topics include:

  • Unveiling the current state of ransomware markets and recent ransomware trends
  • Strategies and methodologies to prevent ransomware
  • Real-world insights: how to use threat intelligence to mitigate ransomware risks to your organization
Julius Nicklasson
Sales engineer - Recorded Future

Julius is currently the Sales Engineer for the Nordics region at Recorded Future. He has been at the company for over five years and spent the majority of his time within the Intelligence Advisory Services team enabling some of the largest companies in the Nordics to develop their security strategy through the effective use of intelligence data and automation.

Keynote address: Cyber Conflict; The Tools and Techniques of Tomorrow

Friday - 10:10
Carl-Oskar Bohlin
Minister of Civil Defence - Swedish Government

Carl-Oskar Bohlin has been a member of the Riksdag (Parliament) since 2010 and has served in the Moderate Party cabinet as the Minister of Civil Defence since 2022, making him the first Minister of Civil Defence as Sweden joined NATO.

Lightning talk: Perspectives from Swedish (Civilian) Armed Forces

Friday - 10:30
Charlotta Ridderstråle
Strategic PM, Cyber Command - Swedish Armed Forces (Civilian)

Charlotta Ridderstråle has spent the last 10 years working for Swedish (Civilian) Armed Forces on various projects:

  • Coordinated the establishment of the conscripted cyber soldier and specialist officer education for the SwAF.
  • Member of the group that established the Center of CDIS, Center of Cyber defense and Information Security.

Background in space industry 22 years, working for the Swedish Space corporation and SES ASTRA as a project manager.

Cybersecurity - Panel

Friday - 11:00
Presented by the CSO of SEB (Kristoffer Sjöström), the CSO of Vattenfall (Fredrik Torp), Head of Emerging Tech for Telia (Mats Mägiste) and the Head of NCSC (Thérèse Naess).

How and why to build your own emulator for kernel snapshot fuzzing

Friday - 12:00

In this talk we will justify building an system emulator from scratch to fuzz hard-to-reach areas of the linux kernel. We will discuss design choices and tricky implementation details.

Joel Engelcrona
Security researcher - ACNR

Joel is a security researcher focusing on low level kernel stuff. He has a lot of experience developing fuzzers and emulators from scratch and specializes in harnessing systems to facilitate testing and introspection.

Russia's Cyber Power Base: From Cybercriminals to Private Contractors

Friday - 13:20

The Russia-Ukraine War has significantly impacted Russia's cyber ecosystem and the strategy, policy, and operations affecting and carried out by a web of criminal hackers, military and intelligence officers, and private-sector cybersecurity firms and state contractors. These cyber activities and evolutions impact Russian citizens, the Russian state's ability to launch offensive operations against Western powers, and the future of Moscow's technology ecosystem. Justin Sherman will present new findings from Margin Research's data and OSINT analysis of Russian cyber power during the Russia-Ukraine War and specific Russian cyber actors supporting the Kremlin.

Justin Sherman
CEO - Global Cyber Strategies

Justin Sherman is the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm, as well as a nonresident fellow at the Atlantic Council and an adjunct professor at Duke University. He works with New York-based cybersecurity company Margin Research on open-source software security, malicious code, and Chinese and Russian cyber threat actors and operations. He has written and consulted extensively on Russia's internet, information, technology, and cyber strategy, policy, and operations.

6G networks - yet another critical infrastructure: opportunities, threats and new security features

Friday - 14:10

With the upcoming shift from 5G to 6G networks, trustworthiness will be an important cornerstone delivering trusted communication and computing for industry and society relying on critical information. This transition from secure communication to trustworthy platforms—expanding the scope from protecting data to ensuring the end-to-end service delivery in a wide range of relevant scenarios - will pave the way for wireless networks increasingly becoming critical components of society. Resilience and security capabilities are crucial as networks must be able to provide service when part of the infrastructure is disabled due to natural disasters, local disturbances, or societal breakdowns, and they must offer robust resistance against deliberate malicious attacks. 6G networks will be able to leverage new confidential computing technologies, improve service availability, and provide enhanced security identities and protocols with end-to-end assurance.

Karl Andersson
Professor, Dean CompSci - LTU (Luleå University of Technology)

After receiving his master degree in Computer Science and Technology from the Royal Institute of Technology, Stockholm, Sweden, Karl Andersson started his professional career as a consultant, project manager, business developer, and branch manager within the Capgemini Group. Returning to academia as a PhD Student he obtained his PhD degree after defending his thesis "On Access Network Selection Models and Mobility Support in Heterogeneous Wireless Networks". After visiting Columbia University in the City of New York as a postdoctoral researcher and National Institute of Information and Communications Technology, Tokyo, Japan as a JSPS Fellow, Karl is today Professor and Head of Subject, Cyber Security at Luleå University of Technology (LTU), Skellefteå, Sweden. During 2017-2023, Karl was leading Centre for Distance-spanning Technology at LTU specialising in research centred around fifth generation mobile networks (5G), Internet of Things (IoT), and datacenters. Moreover, since 1 January 2022, Karl is Dean for Faculty of Science and Technology at Luleå University of Technology.

Karl is a senior member of the IEEE and a senior member of ACM. He has served as reviewer for a number of journals including IEEE Transactions on Mobile Computing, IEEE Transactions on Computers, IEEE Vehicular Technology Magazine, Computer Networks, Wireless Personal Communications, Wireless Networks, Wireless Communications and Mobile Computing, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, International Journal of Ad Hoc and Ubiquitous Computing, and ETRI Journal. Furthermore, he has served as reviewer for many conferences including ICC, Globecom, VTC, WCNC, WiMob, IWCMC, and NTMS. Also, he is serving on a number of TPCs and the editorial boards of Journal of Internet Services and Information Security and Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. During 2020 and 2021, Karl was general chair for IEEE Conference on Local Computer Networks (LCN).

CTI of Sweden

Friday - 14:25

To enhance national security measures, we aim to systematically assess the cyber threat landscape facing our country, Sweden. Our approach entails the comprehensive collection and automated processing of intelligence data to map vulnerabilities within our national infrastructure visible from the internet. Subsequently, we endeavor to predict the likelihood of these systems being compromised by malicious actors and to identify any attacker infrastructures operating within our borders. Initially utilizing open-source intelligence (OSINT) tools for preliminary analyses, we will evaluate their efficacy in bolstering national-scale efforts and determine the most suitable solutions for our needs. This research aims to provide actionable insights and proactive measures to safeguard Sweden's cyber resilience against evolving threats.

Emre Süren
Vulnerability Researcher - NCRC

Emre is a faculty member at Cybercampus Sweden and manager of the Hacking Lab, where he leads a research team working on memory forensics and IoT hacking. He teaches digital forensics at the KTH Royal Institute of Technology.

Key insights from Deputy Minister of Defense for Digital Development, Digital Transformations, and Digitization for Ukraine

Friday - 15:00
Kateryna Chernohorenko
Deputy Minister of Defence - Ministry of Defence of Ukraine for Digital

Kateryna Chernohorenko is the Deputy Minister of Defense for Digital Development, Digital Transformations, and Digitization. Since the inception of the Ministry of Digital Transformation of Ukraine, she has become part of the reform team. She launched next-generation electronic services: eMalyatko, electronic sick leave, and the COVID certificate in the Diia mobile application. When the full-scale war began, Kateryna worked on strengthening the technological component of the Security and Defense Forces, initiating the launch and leading the Army of Drones project.

Talk

Friday - 15:50
Erik Mickols
Research Engineer - RISE

Erik, a recent graduate from the KTH (Royal Institute of Technology) Cybersecurity Master program, works as a research engineer at the Cybersecurity unit at RISE.

His primary research interests lie in fundamental computing problems and language security. In practice, he enjoys looking at resource-constrained embedded devices and IoT devices.

His passion for work in cybersecurity got kickstarted with a university course in Ethical Hacking and was further amplified by joining and participating in numerous CTF competitions with the team RoyalRoppers where he specializes in reverse engineering and pwn. A fun challenge that he often undertakes is attempting to distill hard-earned insights and experiences into educational material that make hard problems more approachable.

Some insights from serial founder and bug bounty MVP

Saturday - 11:00
Frans Rosen
Co-Founder - Detectify

Rosen has expertise in offensive security, penetration testing, and vulnerability research. With years of experience in the field, Rosen has established himself as a leading figure in cybersecurity.

Throughout his career, Rosen has worked on numerous high-profile projects, helping organizations identify and address vulnerabilities in their systems and networks. His work in offensive security has earned him recognition for his technical proficiency and innovative approach to cybersecurity challenges.

In addition to his practical experience, Rosen is actively involved in the cybersecurity community, sharing his knowledge through conferences, workshops, and publications. He is passionate about educating others and promoting best practices in cybersecurity.

Rosen's dedication to the field and his commitment to staying at the forefront of cybersecurity trends make him a respected authority in the industry. He continues to make significant contributions to the field, helping organizations stay ahead of cyber threats in an ever-evolving landscape.

Decrypting NordVPN

Saturday - 13:30

VPN systems should help protect your communication from network attackers. However, in this talk we will show how we decrypted NordVPN client applications' communication. Not only to intercept your VPN traffic, but also to get access to other devices in your private network.

As we send increasingly sensitive data over untrusted networks, our communication is constantly under attack. Especially while communicating from foreign or hostile jurisdictions, network interception attacks are more a rule than an exception.

Even while browsers and applications try their best to encrypt their communication, they leak metadata and are susceptible to n-day or 0-day vulnerabilities. Encrypting all the communication with a VPN can help mitigate these risks.

Numerous consumer grade VPN providers have been popping up over the years with promises of ease of use while providing military grade protection.

In this talk, we will show how NordVPN failed to deliver on this promise. While being easy to use, it unfortunately was also easy to hack. We will decrypt NordVPNs communication through a network interception attack and hack into other devices in your private network.

Aapo Oksman
Founder - Juurin Oy

Aapo Oksman is an entrepreneur and the Founder of Juurin Oy, a cybersecurity company focusing on technical IoT cybersecurity. His background is in electrical engineering, embedded devices, and test automation. Combining his background with a hacking hobby led to a cybersecurity career focusing on industrial IoT.

Bug Bounties and security research keep Aapo motivated and learning. His work in cryptography has resulted in multiple CVEs from vendors like Microsoft, Apple, and Samsung. Outside work and research, Aapo's passion is in the community. He organizes local security meetups and coaches the Finnish national youth CTF team in the yearly European Cybersecurity Challenge competition.

One smali step for a man: a case for taking the middle ground.

Saturday - 14:30

I will lament recent frustrations with decompiling APKs:

  • decompilers that crash
  • decompilers that hide control flow information

And propose that we search for simpler and more robust solutions that still get the job done. I will share my experience with building a Dalvik disassembler and building a graphview on top of it

Evan Richter
Security Engineer - Margin Research

About the Pwnie Awards

Saturday - 14:50
Ian Roos
Organiser - Pwnie Awards
Organiser at Pwnie Awards, recognizing excellence and failures in information security.

Applying "Bartle taxonomy of player types" to CTF challenges.

Saturday - 15:30
Kibo Schaffer
CTF Player - RPISEC

macOS user privacy protections

Saturday - 15:50

In this brief talk we'll discuss macOS user privacy protections and a logic bug in the PackageKit framework which leads to a complete SIP/TCC bypass ( CVE-2023-38609 ) on macOS Ventura. The talk will cover initial discovery, automating variant discovery and chaining with a patched privilege escalation to achieve unrestricted access from a regular user context.

Michael Cowell
Cybersecurity Engineer - Independent

Michael Cowell is a cybersecurity engineer and researcher specialising in the iOS and macOS ecosystems with experience in the public and private sector.

Integrating program runtime information with LLMs

Saturday - 16:10

This lightning talk will discuss the opportunities and limitations of integrating program runtime information with large language models (LLM) and how this relates more generally to LLMl reasoning capabilities. Additionally, we will explore a new method that combines LLMs with reinforcement learning to pragmatically and efficiently fine-tune models with the most salient runtime information relative to the programmer's existing beliefs of the code they are seeking to understand or generate. Attendees will leave with the ability to - in a matter of hours - add runtime information (both in the form of fine-tuning and prompt engineering) to their hosted models for code generation or analysis.

Lauren Moos
Principal ML Engineer - Independent

Lauren Moos is a Principal Scientist with experience in machine learning research and enterprise software development. At AWS, she worked on core algorithms for Kinesis and Sagemaker Ground Truth, including Amazon's general anomaly detection algorithm. She led a team funded by DARPA at Special Circumstances on the AIMEE, REMATH, and HARDEN programs, which focused on modeling and assuring computer programs with machine learning. She has published work on LLM reasoning and particle accelerator diagnostics and is currently developing FPGA synthesis tools.

Reagent: Catalyzing Bad Actor Discovery in Open Source

Saturday - 16:30

As the open source software (OSS) landscape continues to expand, it becomes a larger playground for cyber adversaries, posing a remarkable challenge for maintaining national cybersecurity. In this enlightening and (hopefully) occasionally humorous talk, we delve into Reagent, Margin Research's trailblazing open source analysis platform, and how it leverages socio-technical analytics to unveil suspicious activities within OSS projects.

Reagent represents a significant evolution in analyzing the complex social dynamics of software development. By integrating graph databases with specialized algorithms with Python heuristics, Reagent transforms how organizations detect and avert threats lurking within vast volumes of OSS contributions. Illustrating its cutting-edge functionalities, we share captivating case studies, such as the infamous "XZ Hack", revealing how Reagent pinpointed bad actors amidst tens of thousands of contributors through adversarial correlation techniques, natural language processing, and anomaly detection.

Guided by an automated approach that analyzes cross-repository metadata using the latest and greatest algorithmic technologies, Reagent not only detects low-profile, yet high-risk users, identifies how palatable a threat is to adversaries, and discovers one-off commits made by aliased git users, but also shines the spotlight on suspicious code contributions and maintainers. From in-depth timezone analysis, to drive-by commit discovery, to sentiment analysis in messages to high-level maintainers, we prove that having the right toolbox can expose even the most sophisticated false users behind supply chain intrusions.

Through the lens of technical storytelling, you'll see not just the software's prowess, but also how the human touch remains indispensable to bad actor discovery. Reagent's versatile queries unearth potential concerns within email domains, timezone spoofing, and coding behavior purity, allowing the integration of humor, such as the bewildering choices of developers to commit code in the future and maintain widely used packages under the moniker "meow", without losing its grip on critical analytics. Additionally, we aim to highlight the ongoing research in vulnerability and bad actor discovery within the open source community by showing that we're continually modifying our approach in response to new threats, as we either discover them in our database, or read about them on the news.

In our concluding reflections, the talk emphasizes the vital role of platforms like Reagent in safeguarding OSS integrity. With real-world applications and a dash of wit, we affirm that combating cyber threats in the digital age requires not just powerful algorithms, but creative and strategic thinking.

Alice Bibaud
Cybersecurity Engineer - Margin Research

Alice Bibaud is a Cybersecurity Engineer at Margin Research, specializing in backend engineering and data science. She works with her colleagues every day to catch bad actors in open source, a space she hopes to spread awareness about through her work at Margin.

Sponsors