Recap Black Hat Sessions 2019

Wrap-up report Black Hat Sessions 2019 - Part XVII Protecting your Critical Systems - 31 July 2019

Proudly we look back at the seventeenth edition of Secura's annual security conference the Black Hat Sessions.The theme for this year’s BHS was: Protecting your Critical Systems. Cyber hacks are in the news every day. We all know about the relevance of digital security. But how to protect ourselves?

Over 300 participants (decision makers, managers, CISOs, technical security experts and other interested visitors) came together on June 13th, 2019 to network and to be informed about security issues in critical sectors. Did you miss it? You can read the wrap-up reports now.

black hat sessions annual security conference secura

Thanks to all our participants, speakers, partners and sponsors for making BHS 2019 such a great success! We hope you have all enjoyed the conference. We look forward to organize next year's edition on 11 June 2020. Hopefully you will be there (again)! Subscribe to the periodical Secura newsletter and stay updated with the latest news.

black hat sessions annual security conference secura

We would like to thank all the speakers of Black Hat Sessions Part XVII: Chris van ‘t Hof (Host), Victor Gevers (Founder of GDI Foundation & Chairman of Global CERT), Jos Wetzels (Principal Security Consultant at Secura), Elsine van Os (Clinical Psychologist and Intelligence and Security Expert), Geert Pater (RDW), Max Geerling (Dutch Payments Association), Ben Kokx (Phillips), Anderson Domingues (LyondellBasell), Paul Wijninga (Agentschap Telecom), Wouter Wissink (Chubb), Liesbeth Holterman (Cyberveilig Nederland), Carlo Meijer (Radboud University Nijmegen), Ali Abbasi (Ruhr University), Jeroen van der Ham (NCSC - University of Twente - EEMCS/DACS), Robin Massink (Alliander) and Marina Krotofil (BASF).

And of course all our sponsors Venafi, Checkmarx, ISOC24, Rapid7, SCOS, TSTC, Schippers IT and our partners PviB, NLUUG, ISACA, NOREA and media partners InfosecurityMagazine, ProcessControl, AG Connect.

Black Hat Sessions 2019 Wrap-up reports

Below you will find some highlights and relevant lessons learned from the presentations. See also the links to the full reports. Note: not all talks are covered here.

Responsobile Disclosure by Victor Gevers

Victor found vulnerabilities in complex databases, servers, NAS devices and prevented valuable data from getting leaked. During the BHS he provided more news and insights into the techniques he uses to identify and alert on such huge data leaks. He gave the following message to the adience: "Stop putting thing on the internet if it is not needed" as connecting objects to the internet could lead to huge security risks with new incidents as consequence.

Click here to read the full report of Victor's keynote.

A Dangerous Game: Anatomy of a Cyber-Physical Attack by Jos Wetzels

It's clear that various actors are highly interested in attacking industrial control systems and are rapidly developing sophisticated capabilities to achieve a real-world physical impact. Yet at the same time the ins and outs of such cyber-physical attacks are little understood, hindering defender efforts like hardening and detection. The pro’s don’t bother with vulnerabilities; they use features to compromise the ICS: Insecure by design, legacy and lifespan, porous boundaries and visibility and control. This holds for most cyber-physical systems, not just ICS.

Furthermore Jos discussed the cyber-physical attack lifecycle illustrated by real-world case studies, and how to leverage insights into that lifecycle in order to inform effective critical infrastructure defense strategies. Two import defensive takeaways: Lesson #1: Protect the mission. To this you need to know what that mission is. “If everything is important, then nothing is.” A Cyber Mission Impact Assessment (CMIA) can be performed in order to accomplish a certain goal. Lesson #2: Double Bow tie & Defending ‘Left of Boom’. Download the slides

jos wetzels keynote black hat sessions 2019 annual security conference secura

Chinese espionage by Elsine van Os

In her speech ‘Blended threats: espionage from a human tradecraft perspective’, she talked about  economic espionage and technology theft specifically focused on Chinese intelligence market. There were several lessons that Elsine wanted to share with us:

  • Chinese espionage is not new. It is a continuation of a long-term concentrated effort, although growing exponentially, as she emphasized before;
  • Growing awareness of blended threats is crucial - behavioural, physical and technical; thinking broader – what is inside of the organization, how to notice signals on a behavioural level and how to manage this within an organization;
  • There is a need to join forces and integrate expertise and skills in battling not only espionage, but people who derail, commit acts of sabotage, fraud, corruption and the behavioral signals that are present way before the technical display.

Read more and click to read the full report of Elsine's keynote.

Monitoring, a matter of balance by Robin Massink (Alliander)

Robin has provided an in-depth approach to security monitoring and intrusion detection for SCADA systems within utilities. The SIEM used by Alliander is an OT focused system, it supports blacklisting, anomaly detection and custom scripting. On the other hand, the SIEM that is used is a common product largely fed by a syslog infrastructure, managing and preventing unauthorized communication and access attempts to networks and systems. The risks that are not correctly managed are those coming from the network itself, or the introduction of malware locally, or the management of unwanted and insufficient protected services ( FTP, Telnet, etc.).

Read the full report to gain all insights and lessons learned.

An Industrial Control System Protection Approach by Ali Abbasi

In order to protect critical infrastructures such as Industrial Control Systems, we have to understand the attacks against them, according to Ali Abbasi. A basic attack in an unprotected Industrial Control Systems network would require getting network access, understanding the process, manipulating the controller and exploiting the process. There are, however, different protection mechanisms in place that the attacker has to overcome.

Click here to read the full report of this technical deep dive.

Self-encrypting deception given by Carlo Meijer

Is hardware encryption really as secure as proclaimed by a majority of the manufacturers?  In answering this question, three scenarios can be distinguished and it is beneficial to do so from an attacker’s point of view. In the first scenario, the computer has not been turned off, the encryption key is stored in such a way that an attacker can still retrieve it by performing (for example) a cold boot attack which can be performed for both hardware and software encryption. This can be done for both hardware- as well as software encryption.

Read the full report for the two other scenarios.

Inssurance sector by Wouter Wissink and Liesbeth Holterman Challenges in Type approval of Modern vehicles Routeplan Cyber security risk model and certification

How to increase the security maturity level within the most critical sectors?

How to increase the security maturity level within sectors like automotive, payments and insurance? Every sector is challenged in a different way, but we also see a lot of commonalities. During the managerial track of the Black Hat Sessions various speakers addressed how they deal with security and how to increase cyber resilience within their business. The sessions were closed with a panel discussion. Get inspired by our speakers Geert Pater (RDW), Max Geerling (Dutch Payments Association), Wouter Wissink (Chubb) and Liesbeth Holterman (Cyberveilig Nederland) on how they deal with their challenges.

Click here to read the full report of the sector case studies: Automotive, Payments and Insurance

Secura Grand Slam Capture the Flag

This seventeenth edition of BHS contained also a Capture the Flag (CTF) competition aimed at student teams from University or Higher Education. The winners have been announced at the end of the day.

ctf secura black hat sessions 2019

During the Black Hat Sessions Martin Hols made some amazing photos. Please visit for the photos and all presentation slides.

We look forward to next year! Hopefully you will be there (again)!

SAVE THE DATE: Black Hat Sessions 2020 - 11 June 2020

Are you interested? Keep up to date with the latest news about the event, receive exclusive (early bird) discounts and secure your seat for interactive workshops. Sign up for our periodical newsletter and we will keep your informed.

 Keep me informed

More information about the event: 

@ Secura 2020
Webdesign Studio HB / webdevelopment Medusa