DarkMatter Business Track

DarkMatter Group, headquartered in the UAE, enables businesses and governments to become smart, safe and cyber-resilient. As a full-service provider of smart and safe digital transformation, we’re uniquely positioned to provide organisations with the strategy, technology, and operating model to achieve business continuity amidst adverse and constantly evolving cyber threats.

In parallel to Hack in the Box Security Conference Dubai, DarkMatter Group is hosting an annual business conference targeting key industries in the United Arab Emirates. The conference, Beyond Cyber, is taking place on the 27th of November 2018 at Grand Hyatt Dubai and will focus on the theme of a Smart & Safe Digital World.

For more information and queries, email us at hitb@darkmatter.ae

As the local partner of HITB2018DXB, DarkMatter is offering complimentary tickets to cyber geniuses in the UAE. The contest is being run on Twitter where you have to DM them your biggest cyber achievement till date and stand a chance to get a complimentary ticket. Hurry follow @GuardedbyGenius on Twitter and watch out for the contest information.


27th November


10:45 – 11:10 – WELCOME ADDRESS – Karim Sabbagh (CEO, DarkMatter)

11:10 – 11:15 VIDEO: Tech Tension is Real

11:15 – 11:45 – Running Cyber Resilient Mega Events – Eman Al Awadhi (Director of Cyber Security & Resilience – Expo 2020)

11:45 – 12:00 – Crowd Poll: Assessing audience feedback around safe digital transformation in everyday life – readiness for the panel

12:00 – 12:45 – Panel Discussion: Safe Digital Transformation – Karim Sabbagh (CEO – DarkMatter Group), Eman Al Awadhi (Director of Cyber Security & Resilience – Expo 2020)

12:45 – 14:00 – LUNCH BREAK

14:00 – 14:20 – KEYNOTE: TBA

14:20 – 14:45 – Panel Discussion: Cyber transformation in an already heavily regulated banking & finance industry

14:45 – 14:55 – Crowd polling: Assessing audience feedback around breaches & threat intelligence / Video – Threat Intelligence & Voice of Cyber

14:55 – 15:20 – KEYNOTE: Cyber Threats and Vulnerabilities in the UAE for 2018 – Key Findings – Eddie Schwartz (EVP – Cyber Services, DarkMatter) &  Alan White (VP – Cyber Network Defence, DarkMatter)

15:20 – 15:50 – Panel Discussion: Building Future Skills to Manage Cyber Resilience of the Future – Ronald Hale (Vice President – Cyber Training, Development and Policy, Education Services, DarkMatter Group), Joni Cholwich (Chief Operating Officer – Ajyal Talent Management), Jamal N. Al-Karaki (Department Head, Information Security Engineering – ADPoly) & Fahem Al Nuaimi (CEO – Ankabut)

15:50 – 16:00 – CLOSING COMMENTS

16:00 – 16:30 – END OF DAY 1 / COFFEE BREAK


28th November – LABS


10:00 – 11:00 – Darkmatter Quarterly Cyber Security Report Results for the UAE – Bernice McCallum (Threat Intelligence Center Director, DarkMatter)

The Darkmatter Cyber Security Report is the first of its kind in the region, bringing together in-house data and analytics from the company’s specialised services and platforms techniques as well as open source information specifically relevant to the UAE. DarkMatter Group’s aim is to raise awareness, give insights and offer recommendations to remediate the risks identified.

10:00 – 11:00 – Microcontrollers, Edge Computing, and Cloud Service Security – Milosch Meriac, Principal Security Researcher, Hardware Lab, xen1thLabs, DarkMatter

What can possibly go wrong? Although security is quite well-understood on higher-end embedded systems like routers and mobile phones, microcontroller security is still stuck in the dark ages of computing. The security of most contemporary connected microcontroller-based devices is on par with security models of early networked MS-DOS systems from the80’s. This talk presents an overview of microcontroller system security and the peculiarities of microcontroller targets to show how these can be exploited – we will further discuss security of higher end system as used in smartphones and edge/fog computing devices/gateways and will dive into security concepts behind these, threat modelling and exploitation of such devices. We will close by briefly talking about cloud level security concepts.

10:00 – 11:00 – Practical Quantum-safe Implementations in Industry – Victor Mateu (Cryptography Team, DarkMatter)

We are fast approaching a quantum future – the rise of quantum computers means that specific complex calculations are solved much faster than by today’s computers – threatening even the best security encryption algorithms. In this workshop, we focus in the field of cryptography which assumes that quantum computers are going to be a reality.  We will showcase examples of solutions which can be used already today to prevent quantum-computers from breaking privacy and integrity in our present communications. We will focus on the impact of new cryptosystems in IoT devices where the computational and storage resources are lower. Eventually, we will showcase already implemented solutions to tackle these challenges and talk about proper practices in such environments.

10:00 – 11:00 – Auditing Source Code for Vulnerabilities – Eldar Marcussen (Lead Security Researcher, DarkMatter)

Code auditing is the process of reviewing source code with the intent of discovering security bugs. This workshop will teach the principals of code review and illustrate some of the techniques that can be used to quickly identify vulnerabilities. The theory is then followed with practical audits for some bug classes of popular open source applications written in C and PHP which may result in some 0day vulnerabilities. Bring a laptop with basic Linux commands and follow along as we audit a web server and some web application for various flaws, including:

11:00 – 12:00 – An overview of the UAE Threat Landscape – Rocky De Wiest (Senior Security Consultant, DarkMatter) & Maxim Deweerdt (Lead Consultant, DarkMatter)

The threat landscape is a forever-evolving environment, which makes it so complex, especially when facing Advanced Persistent Threats; it can become a very tedious cat-and-mouse game. The United Arab Emirates specifically has significant wealth and excels at innovating, making it a particularly attractive target for threats. As such, it is important for organisations to understand and manage security threats and risk. During this talk, Maxim and Rocky will expose some of the more interesting cases they have identified throughout 2018, and will give the audience an overview of the UAE threat landscape as they see it and provide ample methods to detect and respond to these threats.

11:00 – 12:00 – Security of Messaging: the Past, the Present, and the Future – Alexander Sherkin (Software Architect, DarkMatter)

 Secure communication has evolved in the past several years. While confidentiality, authenticity, and data integrity was everything secure messaging ever needed in the past, modern messaging systems are expected to come with future secrecy, post-compromise security, deniability, and side-channel attack resistance to comply with the current de facto secure messaging standard. Moving forward, post-quantum resistance, identity privacy, and stealth are being added to the list of the expected features. The talk explores various secure messaging properties, and discusses the expected level of security in the past, present, and the future.

11:00 – 12:00 – SOC-CMM: How to Measure the Maturity of Your Security Operation Center – Eric Eifert (Senior Vice President, DarkMatter)

In this workshop we will explore the SOC-CMM framework and discuss how to measure the maturity of your SOC across 5 domains (Business, People, Process, Technology, and Service). We will discuss how this framework can be utilized to prioritize enhancements, identify gaps, develop a strategy, justify investments, and provide a visual representation of your maturity.

11:00 – 12:00 – Lateral Movement in Windows Domain in 2018 – Juned Ansari (Senior Cyber Security Consultant, DarkMatter)

Microsoft Windows is the predominant operating system today and Microsoft has been constantly working on improving the authentication mechanism used in Windows to thwart attackers. In a typical attack scenario, the attacker gains an initial control over a system that may not contain any interesting data, and then he will try to laterally move across different machines in the network in search of that elusive target. LMHash, NTHash, NTLMv1, and NTLMv2 are the hashing and authentication protocols that are actively targeted by attackers. This talk is all about where we stand today when it comes to using Windows Authentication based attacks. We will answer the following questions:

Adversary attacks have always been a cat and mouse game, if as a red teamer you have several ways to breach the network then as a blue teamer we have several ways to defend against such attacks. Over the past few years Microsoft has introduced several features to either break some of these attacks or minimize their effect and we shall walk through several of these defenses that can be deployed just by using default Microsoft tools.

12:00 – 13:00 – SOC Use Case Development and Mapping to the ATT&CK Model – Srivatsa Venkatesh (SOC Ops Manager, DarkMatter)

12:00 – 13:00 – Unconventional Vulnerabilities in Google Cloud Platform – Venkatesh Sivakumar (Security Consultant, DarkMatter LLC)

The presentation “Unconventional vulnerabilities in Google Cloud Platform” will showcase my path to how I discovered two interesting vulnerabilities in Google cloud platform. Via my approach, I was able to discover Cloudshell Command Injection and Code Editor Clickjacking. Cloudshell command injection started as an attack against my own GCP resources. In my presentation, I will walk the audience members through how I was able to escalate it and impact other GCP users by crashing vm, deleting app engine files, compute engine instances, cloud storage buckets, exfiltrating GCP data and getting a reverse shell on other users GCP instance. Similarly, clickjacking started as a un-exploitable one. But the focus of the presentation will be to share how I was able to escalate it and impact other users. In addition, I will share some thoughts on the Google VRP and cover some high level thoughts on “Google Cloud Hardening”.

12:00 – 13:00 – Efficient Solution for Identifying, Monitoring and Selecting SSL/TLS Deployment Configurations – Lamya Al Qaydi (Security Researcher, xen1thLabs, DarkMatter)

SSL/TLS seem simple to deploy but there are many potential pitfalls and vulnerabilities as they are frequently discovered. Selecting the optimal configuration and testing it against known vulnerabilities is outside the expertise of many developers and web administrators unfamiliar with the security domain. Creating a solution to ease the verification of the configuration of SSL/TLS is highly recommended for people unfamiliar with security vulnerabilities or having a lack of information about new flaws. The purpose of a tool maintained by the security community to abstract the configuration review could lead to an increase of the security of servers across the world. During this talk, a first proof-of-concept will be presented showing how this overcome the stated challenge.

13:00 – 14:00 – LUNCH BREAK

14:00  – 17:00 – Hands-on-Hacking and Deep-dive into the world of Low-Frequency RFID – Milosch Meriac (Principal Security Researcher, Hardware Lab, xen1thLabs, DarkMatter) &
Chaouki Kasmi (Director Mobile and Telecommunication Lab, xen1thLabs, DarkMatter)

Learn how to perform security assessments on RFID systems and how to exploit the discovered weaknesses!
Attendees will explore the weaknesses of existing low frequency (LF) RFID systems while learning building and using RFID hardware tools for reading and emulating RFID cards. Attendees will build and keep a hardware kit for reading and emulating LF RFID cards.

Workshop agenda:

Workshop pre-requirements:

We expect people to bring a laptop (4GB RAM or more) that can boot from a Linux USB live system (provided by us) – or a native Linux system with full admin rights (Audacity and Docker installed, full root privileges required – Fedora Linux Version 29 (64 bit) is preferred, Ubuntu supported, too – for other distributions, people are on their own or must be able to boot our live system over USB). Please download and run the Fedora 29 life system at https://getfedora.org/en/workstation/download/ – or install Fedora on your laptop in case you want to be on the safe side and have the same system as the instructor.

17:00 – END OF DAY 2

Day 1 Speakers

Day 2 Lab Trainers